CN107181739B - Data security interaction method and device - Google Patents

Data security interaction method and device Download PDF

Info

Publication number
CN107181739B
CN107181739B CN201710299311.6A CN201710299311A CN107181739B CN 107181739 B CN107181739 B CN 107181739B CN 201710299311 A CN201710299311 A CN 201710299311A CN 107181739 B CN107181739 B CN 107181739B
Authority
CN
China
Prior art keywords
key
server
secret key
symmetric encryption
encryption method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710299311.6A
Other languages
Chinese (zh)
Other versions
CN107181739A (en
Inventor
罗建平
元光七
李宏雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Castel Wireless Telecommunication Co ltd
Original Assignee
Shenzhen Castel Wireless Telecommunication Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Castel Wireless Telecommunication Co ltd filed Critical Shenzhen Castel Wireless Telecommunication Co ltd
Priority to CN201710299311.6A priority Critical patent/CN107181739B/en
Publication of CN107181739A publication Critical patent/CN107181739A/en
Application granted granted Critical
Publication of CN107181739B publication Critical patent/CN107181739B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a data security interaction method, which comprises the following steps: sending request information of an RSA public key to a server, wherein the request information is encrypted by a preset secret key and issued by the server; acquiring an RSA public key which is sent by the server and encrypted by a preset secret key; sending a symmetric encryption algorithm secret key encrypted by the RSA public key to the server so as to perform synchronous operation of the symmetric encryption algorithm secret key and the server; and after the server is successfully synchronized with the symmetric encryption algorithm key, performing data interaction with the server through the symmetric encryption algorithm key. The invention also provides a data security interaction device. The invention effectively solves the problems that the embedded equipment is greatly burdened by singly using RSA encryption and decryption, the server end is required to separately use the symmetric encryption algorithm and the password with the same configuration is troublesome to use, the risk of losing the password is increased by repeatedly transmitting the password, and the like, and the data interaction safety is improved.

Description

Data security interaction method and device
Technical Field
The invention relates to the technical field of data encryption processing, in particular to a data security interaction method and device.
Background
With the rapid development of the internet, the information security problem is increasingly prominent, the information security technology taking the data encryption technology as the core is also greatly developed, the communication security of more and more embedded terminals is concerned, and the current data encryption technology can be divided into a symmetric encryption algorithm (private key encryption) and an asymmetric encryption algorithm (public key encryption) according to the encryption key type.
The symmetric encryption algorithm is a more traditional encryption system, and is earlier in application and mature in technology. In the symmetric encryption algorithm, a data sender processes a plaintext (original data) and an encryption key together through a special encryption algorithm, and then the plaintext and the encryption key are changed into a complex encryption ciphertext to be sent out. After receiving the ciphertext, the recipient needs to decrypt the ciphertext by using the key used for encryption and the inverse algorithm of the same algorithm to recover the ciphertext into a readable plaintext if the recipient wants to decode the original text. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver use the key to encrypt and decrypt data, so that the secret party needs to know the encryption key in advance. The symmetric encryption algorithm is a single secret key shared by two communication parties in the encryption/decryption process, and is still one of mainstream cryptosystems at present in view of the advantages of simple algorithm and high encryption speed, the most common symmetric encryption algorithm is a Data Encryption Standard (DES) algorithm, but the DES secret key is short in length and is not suitable for the requirement of a current distributed open network on data encryption security, so that a novel Rijndael algorithm-based symmetric advanced data encryption standard AES replaces the data encryption standard DES.
The asymmetric encryption algorithm requires two keys: public keys (publickeys) and private keys (privatekeys). The public key and the private key are a pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data; if data is encrypted with a private key, it can only be decrypted with the corresponding public key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. Because the encryption/decryption keys are different (public key encryption and private key decryption), the key management is simple and widely applied, and the RSA is the most famous public key cryptographic algorithm of the asymmetric encryption system. The embedded terminal has low cost and low operation speed.
The existing communication encryption technology is generally used for an AES encryption system or an RSA encryption system separately. The single use of RSA encryption and decryption can cause huge burden on the embedded equipment, the single use of symmetric encryption algorithms such as AES and the like requires the same password at the server side and configuration, the use is troublesome, and the password increases the risk of loss through multiple transmission.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a data security interaction method and a data security interaction device, and aims to solve the problems that the great burden is caused to a system due to the fact that AES encryption or RSA encryption is used independently at present, the use is troublesome, the risk of losing is increased due to the fact that passwords are transmitted for multiple times, and the like.
In order to achieve the above object, the present invention provides a data security interaction method, which comprises the steps of:
sending request information of an RSA public key to a server, wherein the request information is encrypted by a preset secret key and issued by the server;
acquiring an RSA public key which is sent by the server and encrypted by a preset secret key;
sending a secret key of a symmetric encryption method encrypted by the RSA public key to the server so as to perform synchronous operation of the secret key of the symmetric encryption method with the server;
and after the synchronization with the key of the symmetric encryption method of the server is successful, performing data interaction with the server through the key of the symmetric encryption method.
Preferably, before sending the request information of the RSA public key to the server encrypted with the preset key, the method further includes:
sending connection information encrypted by the preset secret key to the server;
and acquiring response data which is sent by the server and encrypted by a preset secret key and is successfully connected, and after the response data is successfully connected, executing a step of sending request information of an RSA public key to a request server encrypted by the preset secret key.
Preferably, the method further comprises:
after the server is disconnected, whether the secret key of the symmetric encryption method is synchronized successfully is judged;
after the synchronization is successful, sending connection information encrypted by the preset secret key to the server;
acquiring response data which is sent by the server and encrypted by the preset secret key and is successfully connected;
after the connection is successful, performing data interaction with the server through the secret key of the symmetric encryption method;
and when the key of the symmetric encryption method is not synchronized successfully, reconnecting and synchronizing the key of the new symmetric encryption method.
Preferably, the method further comprises:
receiving a key change instruction of a symmetric encryption method, and acquiring a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
and after judging that the secret key of the new symmetric encryption method is correct, disconnecting the server, reconnecting and synchronizing the secret key of the symmetric encryption method.
Preferably, the method further comprises:
after the secret key of the symmetric encryption method is lost or damaged, disconnecting the server;
sending a request message of an encryption key of a symmetric encryption method to the server by using a preset encryption key to request the server to issue the encryption key;
and acquiring a secret key of a symmetric encryption method which is sent by the server and encrypted by a preset secret key.
Preferably, the method further comprises:
after the secret key of the symmetric encryption method and the RSA public key are lost or damaged, the connection with the server is disconnected;
sending a request encrypted by a preset secret key to the server to issue request information of an AES secret key;
acquiring an AES secret key which is sent by the server and encrypted by a preset secret key;
sending a request encrypted by a preset secret key to the server to issue request information of an RSA public key;
and acquiring an RSA public key which is sent by the server and encrypted by a preset secret key.
In addition, to achieve the above object, the present invention further provides a data security interaction device, including:
the sending module is used for sending request information of an RSA public key issued by a request server encrypted by a preset secret key to the server;
the acquisition module is used for acquiring an RSA public key which is sent by the server and encrypted by a preset secret key;
the sending module is further configured to send, to the server, a key of a symmetric encryption method encrypted by the RSA public key to perform synchronous operation with the key of the symmetric encryption method performed by the server;
and the interaction module is used for carrying out data interaction with the server through the secret key of the symmetric encryption method after the synchronization with the secret key of the symmetric encryption method of the server is successful.
Preferably, the sending module is further configured to send, to the server, connection information encrypted with the preset key;
the obtaining module is further configured to obtain response data which is sent by the server and encrypted by a preset secret key and is successfully connected.
Preferably, the apparatus further comprises:
the judging module is used for judging whether the secret keys of the symmetric encryption method are synchronized successfully or not after the server is disconnected;
the sending module is further configured to send, to the server, connection information encrypted with the preset secret key after the synchronization is successful;
the obtaining module is further configured to obtain response data which is sent by the server and encrypted by the preset secret key and is successfully connected;
the interaction module is further used for performing data interaction with the server through the secret key of the symmetric encryption method after the connection is successful; the interaction module is also used for
And when the key of the symmetric encryption method is not synchronized successfully, reconnecting and synchronizing the key of the new symmetric encryption method.
Preferably, the apparatus further comprises: the receiving module is used for receiving a key change instruction of a symmetric encryption method;
the obtaining module is further configured to obtain a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
the interaction module is further used for disconnecting the server after judging that the secret key of the new symmetric encryption method is correct, reconnecting the server, and synchronizing the secret key of the new symmetric encryption method;
the interaction module is also used for disconnecting the connection with the server after the secret key of the symmetric encryption method is lost or damaged;
the sending module is further configured to send, to the server, request information for issuing a key of a symmetric encryption method with a request for encryption by a preset key;
the obtaining module is further configured to obtain a secret key of a symmetric encryption method, which is sent by the server and encrypted with a preset secret key.
The terminal delivers the data with the server by the preset secret key, the RSA public key is obtained from the server, the server synchronizes with the secret key of the symmetric encryption method under the encryption of the RSA public key, and the data communication between the terminal and the server is carried out by the encryption of the secret key of the symmetric encryption method. The invention carries out data encryption by combining an asymmetric algorithm and a symmetric algorithm, synchronously encrypts a secret key of the symmetric encryption method by an RSA public key, and then carries out data interaction under the encryption of a further symmetric encryption method, thereby greatly improving the safety between data interaction, and effectively solving the problems that the embedded equipment is greatly burdened by singly using RSA encryption and decryption, the server end and the configured password of the equisymmetric encryption algorithm of the symmetric encryption method are required, the use is troublesome, and the password increases the risk of loss by repeatedly transmitting the password, and the like.
Drawings
FIG. 1 is a flowchart illustrating a data security interaction method according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating a process of connecting a terminal to a server according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a data security interaction method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a data security interaction method according to a third embodiment of the present invention;
FIG. 5 is a flowchart illustrating a fourth embodiment of a data security interaction method according to the present invention;
FIG. 6 is a flowchart illustrating a fifth embodiment of a data security interaction method according to the present invention;
FIG. 7 is a functional block diagram of a data security interaction device according to a first embodiment of the present invention;
FIG. 8 is a functional block diagram of a data security interaction device according to a second embodiment of the present invention;
fig. 9 is a functional block diagram of a data security interaction device according to a third embodiment of the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a data security interaction method.
Referring to fig. 1, fig. 1 is a flowchart illustrating a data security interaction method according to a first embodiment of the present invention.
In a first embodiment, the data security interaction method includes:
step S10, sending a request message of an RSA public key to the server, the request message being encrypted with a preset key and being issued by the server;
in this embodiment, communication is established between the terminal and the server, and after the terminal needs to be connected to the server, information interaction between the terminal and the server can be realized. Referring to fig. 2, the specific process of the terminal connecting to the server is as follows:
step S11, sending connection information encrypted with the preset key to the server;
step S12, acquiring the response data sent by the server and encrypted with the preset secret key, and after the connection is successful, executing a step of sending the request information of the RSA public key to the server, which is encrypted with the preset secret key.
In this embodiment, the preset key is a pre-defined key, the key agreed by each terminal and the server is different, the preset key carries time information, the preset key different at each time point is different, and the preset key may be a symmetric key or an asymmetric key. When the terminal is connected with the server, connection information is firstly sent, the connection information includes some basic information of the terminal, such as a terminal unique identifier, the information is encrypted by using an AES fixed key (a preset key), the connection with the terminal includes login or handshake, and after the connection is established, data interaction can be performed between the terminal and the server, which is equivalent to establishing an interaction channel/communication channel. And after receiving the terminal connection information, the server verifies the information content and replies connection success information, wherein the information is encrypted by using an AES fixed secret key. And the server sends response information encrypted in an AES fixed encryption mode to the terminal, wherein the response information comprises connection success information. And after the connection is successful, the terminal sends request information of an RSA public key issued by the request server encrypted by the AES fixed secret key to the server. After the connection is successful for the first time, the terminal needs to request the server to issue the RSA public key, the request is encrypted through the AES fixed secret key, after the server receives the sent RSA public key request data, the RSA public key and the private key are generated according to the unique identification transformation of the terminal, and the RSA public key and the private key are encrypted and issued to the terminal in the AES fixed secret key mode.
Step S20, acquiring an RSA public key encrypted with a preset key and issued by the server;
and the terminal stores the RSA public key sent by the server after receiving the RSA public key, encrypts the RSA public key sent by the server by using the AES fixed secret key, and decrypts the RSA public key by using the AES fixed secret key to obtain the RSA public key.
Step S30, sending the key of the symmetric encryption method encrypted by the RSA public key to the server, so as to perform a key synchronization operation of the symmetric encryption method with the server;
the key of the symmetric encryption method is, for example, an AES key. After receiving the RSA public key, the terminal encrypts and sends an AES secret key of the terminal to the server by using the RSA public key, AES secret key synchronization operation is carried out, the server stores the AES secret key sent by the terminal after receiving AES secret key synchronization information, encrypts corresponding answer data by using the AES secret key, and sends the encrypted answer data to the terminal, wherein the answer data comprises AES secret key synchronization success information or failure information.
In step S40, after the synchronization with the key of the symmetric encryption method of the server is successful, data interaction with the server is performed through the key of the symmetric encryption method.
And the terminal receives AES synchronous operation response data issued by the server, and after the AES synchronous operation response data is successfully synchronized with the AES secret key of the server, the terminal performs data interaction with the server through the AES secret key. Namely, after the AES key is successfully synchronized, all the communication between the terminal and the server is encrypted by adopting the synchronized AES key, so that the security of the communication data between the terminal and the server is ensured.
The requested RAS public key and the key of the synchronous symmetric encryption method may be a fixed key or a random key, and are configured and issued according to the user requirements. For example, the scenario used is different, and the required key is also different:
key mode one: the user can set a fixed password, and the equipment communicates with the platform by using the fixed password.
And a second key mode: the device communicates with the platform using a random password.
Key mode an application scenario:
the client uses the private device to connect with the service platform. The user does not want others to change the product configuration and data privacy.
For example: the client A is a private owner, and the client A signs a service agreement with the platform side, uploads the vehicle state by using the equipment and monitors the driving behavior of a hired driver.
Key mode two application scenarios:
the equipment belongs to a service provider, and the equipment is leased or delivered to a customer for the purpose of acquiring service charge or monitoring customer behavior and the like, so that the customer is not expected to change the product configuration.
For example: the vehicle insurance company uses its own platform to send to the customer device to monitor the customer's driving habits, and is well adapted to analyze the driver's driving safety level for assessing premium credits.
In an embodiment of the present invention, when data interaction is required between a terminal and a server, a manner combining symmetric encryption and asymmetric encryption may be obtained according to the manner, and encryption interaction is performed according to the manner each time data interaction is performed, that is, RAS key acquisition and symmetric encryption key synchronization are required for data interaction each time; or in the stage of successful connection and disconnection, after the secret key is obtained according to the above mode, encryption interaction is performed without replacing the secret key, continuous repeated requests for the RAS secret key and the symmetrically encrypted secret key are avoided, and data interaction is performed without replacing the secret key when the connection is not disconnected or an instruction for re-obtaining the secret key is not received.
The invention provides a data security interaction method, which comprises the steps of acquiring an RSA public key of a server through a terminal, synchronizing the RSA public key with the server under the encryption of the RSA public key by a symmetric encryption method, and carrying out data communication between the terminal and the server through the encryption of the symmetric encryption method. The invention carries out data encryption by combining an asymmetric algorithm and a symmetric algorithm, synchronously encrypts a secret key of the symmetric encryption method by an RSA public key, and then carries out data interaction under the encryption of a further symmetric encryption method, thereby greatly improving the safety between data interaction, and effectively solving the problems that the embedded equipment is greatly burdened by singly using the RSA encryption and decryption, a server end is required to singly use the symmetric encryption algorithm and the password with the same configuration is troublesome to use, the password increases the risk of loss through repeated transmission, and the like.
Referring to fig. 3, fig. 3 is a flowchart illustrating a data security interaction method according to a second embodiment of the present invention. The method further comprises the following steps:
step S50, after disconnecting with the server, judging whether the secret key of the symmetric encryption method is synchronized successfully;
step S60, after the synchronization is successful, sending connection information encrypted by using the preset key to the server;
step S70, acquiring response data sent by the server and encrypted with the preset key and successfully connected;
step S80, after the connection is successful, performing data interaction with the server through the key of the symmetric encryption method;
in step S90, when the key synchronization of the symmetric encryption method is not successful, the connection is reconnected and the key of the new symmetric encryption method is synchronized.
After an AES secret key (secret key of a symmetric encryption method) is synchronized between a terminal and a server, the RSA public key and the AES secret key synchronization process is not needed when the terminal and the server are disconnected and then are connected again, the operation process is saved, and the data interaction efficiency between the terminal and the server is improved. In another embodiment of the present invention, after the AES key synchronization between the terminal and the server is successful, timing is started, and after the terminal and the server are disconnected within a preset time (set as required, for example, 10 minutes or 20 minutes, etc.), the RSA public key and the AES key synchronization process need not to be performed again; after the preset time is exceeded, the RSA public key and the AES secret key synchronization process needs to be carried out again; or the data interaction quantity is judged according to the data interaction quantity, and the RSA public key and the AES secret key synchronous process does not need to be carried out again when the data interaction quantity is within the preset quantity (1G, 2G and the like); after the preset amount is exceeded, the RSA public key and AES secret key synchronization process needs to be performed again. In other embodiments of the present invention, after the terminal is disconnected from the server, the AES key may be synchronized according to the processes from step S10 to step S40, so as to implement data interaction between the terminal and the server by using AES key encryption.
Referring to fig. 4, fig. 4 is a flowchart illustrating a data security interaction method according to a third embodiment of the present invention. The method further comprises the following steps:
step S100, receiving a key change instruction of a symmetric encryption method, and acquiring a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
step S110, after determining that the key of the new symmetric encryption method is correct, disconnecting the server, and reconnecting and synchronizing the new symmetric encryption method with the key of the new symmetric encryption method.
In this embodiment, when a user needs to change an AES key (key of a symmetric encryption method) through a terminal, the user needs to provide a current key and a new AES key that needs to be modified to the terminal, and after the terminal acquires the current key, the current key is verified, whether the current AES key is a stored AES key is verified, and if the current key is consistent with the stored AES key, the next operation of changing the AES key can be performed; and if the verification result is inconsistent, the terminal refuses to change the secret key. For example, when a user needs to change an AES password, a password change option on the mobile device is selected, current connection information including a current old AES password and a new password to be changed is input, the terminal compares and verifies the stored AES password with the old AES password input by the user, and when the comparison and verification result is consistent, the verification is passed, and the new password provided by the user is stored to cover the old password.
When a user needs to change the AES key, the AES key stored in the terminal is changed after the current AES key provided by the user is verified, and meanwhile, the terminal is disconnected from the server, so that the original connection based on the old AES key is disconnected, and the synchronization process of a new AES key is carried out again. The synchronization process of the AES key is similar to that in the first embodiment, and those skilled in the art can know a new way of synchronizing the AES key. In the embodiment, the AES key is changed, and the inconsistency is along with the old AES key, so that the randomness of the data interaction key is improved, and the safety of data interaction is further improved.
Referring to fig. 5, fig. 5 is a flowchart illustrating a fourth embodiment of the data security interaction method of the present invention, where the method further includes:
step S120, after the secret key of the symmetric encryption method is lost or damaged, the connection with the server is disconnected;
step S130, sending a request message for issuing a secret key of a symmetric encryption method to the server, where the request is encrypted by using a preset secret key;
step S140, obtaining a secret key of a symmetric encryption method encrypted with a preset secret key issued by the server.
In this embodiment, the loss or corruption of the AES key (key of the symmetric encryption method) may include two aspects: loss of the AES key on the one hand and corruption of the AES key on the other hand. The loss can be the forgetting of the user to the AES key, so that the operation is carried out at the terminal, the loss of the AES key is selected, and the loss or damage of the key can also occur through the judgment of the system in the process of data interaction or other problems. And when the user judges that the active selection is carried out or the terminal automatically judges that the AES secret key is lost or damaged, carrying out the next process of losing or damaging the AES secret key.
When the terminal judges that the AES secret key is lost or damaged, the connection between the terminal and the server is immediately disconnected, so that the connection performed according to the current AES secret key is not continued, and the data security is ensured.
In the process of solving loss or damage of the AES key, due to the fact that the AES key is lost or damaged, after the terminal is successfully connected, data issued by a request for the AES key is sent to the server again, the AES key is reapplied, the AES key stored by the server can be further sent to the terminal again, synchronization of the terminal and the AES key of the server is achieved, and a user at the side of the terminal can also take the AES key used for data interaction.
After the request of the terminal for the AES key is obtained, the server firstly verifies the connection information of the terminal, whether the connection information is matched with the stored AES key or not is judged, if the connection information is matched, the AES key is issued to the terminal according to the connection information, and if the connection information is not matched, the AES key can be directly terminated or circulated to the connection step.
In this embodiment, after the terminal determines that the AES key is lost or damaged, the server performs a process of reissuing the AES key of the terminal, determines that the AES key is damaged, immediately disconnects the server, and simultaneously prompts the user to re-log in and re-acquire information of the AES key through the mobile device, and after the user re-logs in through the mobile device, the mobile device requests the AES key from the server. By disconnecting the connection, the data interaction is stopped under the condition that the safety of the AES secret key cannot be ensured, and the safety of the data interaction between the terminal and the server is ensured.
Referring to fig. 6, fig. 6 is a flowchart illustrating a fifth embodiment of a data security interaction method according to the present invention. The method further comprises the following steps:
step S150, after the RAS public key is lost or damaged, disconnecting the RAS public key from the server;
step S160, sending a request message for issuing an RSA public key to the server, the request being encrypted with a preset secret key;
step S170, an RSA public key encrypted with a preset secret key issued by the server is obtained.
In this embodiment, when the RSA public key is lost or damaged, the terminal may determine itself first, or the user may determine that the RSA public key is lost or damaged by performing a selection operation through the terminal. For example, after the user confirms that the RSA public key is lost, the mobile device is selected to start the relevant flow of the RSA public key loss process.
After the terminal determines that the RSA public key is lost or damaged, the terminal immediately starts a process of RSA public key loss processing, that is, immediately disconnects the connection with the server. By disconnecting the connection with the server, the connection information of the terminal re-login can be verified again, and the safety during data transmission is improved.
After the process of connecting the terminal to the server is finished, the terminal can re-request the server to send the RSA public key, and after the server receives the request of sending the RSA public key sent by the terminal, the data exchange in the process is finished under the encryption of the AES fixed secret key. The server checks and judges the connection information of the terminal, and when the connection information is judged to be in accordance with the condition of issuing the RSA public key, the stored RSA public key corresponding to the connection information is directly issued to the terminal according to the connection information, and the RSA public key and the RSA private key corresponding to the connection information can be regenerated to further issue and synchronize the terminal.
In this embodiment, when the terminal determines that the RSA public key is lost or damaged, the connection between the terminal and the server is disconnected, so as to ensure that data interaction is suspended under the condition that the security of the RSA public key and the AES secret key cannot be ensured, thereby ensuring the security of data interaction between the terminal and the server.
In other embodiments of the present invention, when the RSA public key and the AES public key are lost or damaged at the same time, the AES public key obtaining process is performed first, and then the RSA public key obtaining process is performed.
The invention also provides a data security interaction device.
Referring to fig. 7, fig. 7 is a functional module diagram of a first embodiment of the secure interaction apparatus according to the present invention.
In a first embodiment, the secure interaction device comprises: a sending module 10, an obtaining module 20 and an interacting module 30,
the sending module 10 is configured to send, to the server, request information of an RSA public key issued by a request server encrypted with a preset secret key;
in this embodiment, communication is established between the terminal and the server, and after the terminal needs to be connected to the server, information interaction between the terminal and the server can be realized. The sending module 10 is further configured to send connection information encrypted by using the preset secret key to the server;
the obtaining module 20 is configured to obtain response data which is sent by the server and encrypted with a preset key and has a successful connection. In this embodiment, the preset key is a pre-defined key, the key agreed by each terminal and the server is different, the preset key carries time information, the preset key different at each time point is different, and the preset key may be a symmetric key or an asymmetric key. When the terminal is connected with the server, connection information is firstly sent, the connection information includes some basic information of the terminal, such as a terminal unique identifier, the information is encrypted by using an AES fixed key (a preset key), the connection with the terminal includes login or handshake, and after the connection is established, data interaction can be performed between the terminal and the server, which is equivalent to establishing an interaction channel/communication channel. And after the connection is successful, the terminal sends request information of an RSA public key issued by the request server encrypted by the AES fixed secret key to the server. After the connection is successful for the first time, the terminal needs to request the server to issue the RSA public key, the request is encrypted through the AES fixed secret key, after the server receives the sent RSA public key request data, the RSA public key and the private key are generated according to the unique identification transformation of the terminal, and the RSA public key and the private key are encrypted and issued to the terminal in the AES fixed secret key mode.
The obtaining module 20 is further configured to obtain an RSA public key that is issued by the server and encrypted with a preset secret key;
and the terminal stores the RSA public key sent by the server after receiving the RSA public key, encrypts the RSA public key sent by the server by using the AES fixed secret key, and decrypts the RSA public key by using the AES fixed secret key to obtain the RSA public key.
The sending module 10 is further configured to send, to the server, a key of a symmetric encryption method encrypted by the RSA public key, so as to perform synchronous operation with the key of the symmetric encryption method performed by the server;
the key of the symmetric encryption method is, for example, an AES key. After receiving the RSA public key, the terminal encrypts and sends an AES secret key of the terminal to the server by using the RSA public key, AES secret key synchronization operation is carried out, the server stores the AES secret key sent by the terminal after receiving AES secret key synchronization information, encrypts corresponding answer data by using the AES secret key, and sends the encrypted answer data to the terminal, wherein the answer data comprises AES secret key synchronization success information or failure information.
The interaction module 30 is further configured to perform data interaction with the server through the key of the symmetric encryption method after the synchronization with the key of the symmetric encryption method of the server is successful.
And the terminal receives AES synchronous operation response data issued by the server, and after the AES synchronous operation response data is successfully synchronized with the AES secret key of the server, the terminal performs data interaction with the server through the AES secret key. Namely, after the AES key is successfully synchronized, all the communication between the terminal and the server is encrypted by adopting the synchronized AES key, so that the security of the communication data between the terminal and the server is ensured.
The requested RAS public key and the key of the synchronous symmetric encryption method may be a fixed key or a random key, and are configured and issued according to the user requirements. For example, the scenario used is different, and the required key is also different:
key mode one: the user can set a fixed password, and the equipment communicates with the platform by using the fixed password.
And a second key mode: the device communicates with the platform using a random password.
Key mode an application scenario:
the client uses the private device to connect with the service platform. The user does not want others to change the product configuration and data privacy.
For example: the client A is a private owner, and the client A signs a service agreement with the platform side, uploads the vehicle state by using the equipment and monitors the driving behavior of a hired driver.
Key mode two application scenarios:
the equipment belongs to a service provider, and the equipment is leased or delivered to a customer for the purpose of acquiring service charge or monitoring customer behavior and the like, so that the customer is not expected to change the product configuration.
For example: the vehicle insurance company uses its own platform to send to the customer device to monitor the customer's driving habits, and is well adapted to analyze the driver's driving safety level for assessing premium credits.
In an embodiment of the present invention, when data interaction is required between a terminal and a server, a manner combining symmetric encryption and asymmetric encryption may be obtained according to the manner, and encryption interaction is performed according to the manner each time data interaction is performed, that is, RAS key acquisition and symmetric encryption key synchronization are required for data interaction each time; or in the stage of successful connection and disconnection, after the secret key is obtained according to the above mode, encryption interaction is performed without replacing the secret key, continuous repeated requests for the RAS secret key and the symmetrically encrypted secret key are avoided, and data interaction is performed without replacing the secret key when the connection is not disconnected or an instruction for re-obtaining the secret key is not received.
The invention provides a data security interaction method, which comprises the steps of acquiring an RSA public key of a server through a terminal, synchronizing an AES secret key with the server under the encryption of the RSA public key, and carrying out data communication between the terminal and the server through the encryption of the AES secret key. The invention carries out data encryption by combining an asymmetric algorithm and a symmetric algorithm, synchronously encrypts an AES secret key by an RSA public key, and then carries out data interaction under further AES encryption, thereby greatly improving the security between data interaction, and effectively solving the problems that the embedded equipment is greatly burdened by singly using RSA encryption and decryption, a server end is required and the same password is configured when singly using the symmetric encryption algorithms such as AES and the like, the use is troublesome, and the risk of loss is increased by repeatedly transmitting the password and the like.
Referring to fig. 8, fig. 8 is a functional module diagram of a data security interaction device according to a second embodiment of the present invention. The device further comprises: the decision block (40) is used to determine,
the judging module 40 is configured to judge whether the key of the symmetric encryption method is successfully synchronized after the server is disconnected;
the sending module 10 is further configured to send, to the server, connection information encrypted with the preset key after the synchronization is successful;
the obtaining module 20 is further configured to send, to the server, connection information encrypted with the preset secret key after the synchronization is successful;
the interaction module 30 is further configured to perform data interaction with the server through a key of the symmetric encryption method after the connection is successful; the interaction module 30 is also used for
And when the key of the symmetric encryption method is not synchronized successfully, reconnecting and synchronizing the key of the new symmetric encryption method.
After the AES secret key between the terminal and the server is synchronized, the RSA public key and the AES secret key are not required to be synchronized when the terminal and the server are disconnected and then are connected again, the operation process is saved, and the data interaction efficiency between the terminal and the server is improved. In another embodiment of the present invention, after the AES key synchronization between the terminal and the server is successful, timing is started, and after the terminal and the server are disconnected within a preset time (set as required, for example, 10 minutes or 20 minutes, etc.), the RSA public key and the AES key synchronization process need not to be performed again; after the preset time is exceeded, the RSA public key and the AES secret key synchronization process needs to be carried out again; or the data interaction quantity is judged according to the data interaction quantity, and the RSA public key and the AES secret key synchronous process does not need to be carried out again when the data interaction quantity is within the preset quantity (1G, 2G and the like); after the preset amount is exceeded, the RSA public key and AES secret key synchronization process needs to be performed again. In other embodiments of the present invention, after the terminal and the server are disconnected, the connection, RSA transmission, and the synchronization of the AES key may be completed according to the process of the first embodiment of the apparatus, so as to implement data interaction between the terminal and the server by using AES key encryption.
Referring to fig. 9, fig. 9 is a functional module diagram of a data security interaction device according to a third embodiment of the present invention. The device further comprises: the reception of the signals by the module 50,
the receiving module 50 is configured to receive a key change instruction of a symmetric encryption method;
the obtaining module 20 is further configured to obtain a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
the interaction module 30 is further configured to disconnect the server after determining that the key of the new symmetric encryption method is correct, reconnect the server, and synchronize the key of the new symmetric encryption method.
In this embodiment, when a user needs to change an AES key through a terminal, the user needs to provide a current key and a new AES key that needs to be modified to the terminal, and after the terminal acquires the current key, the terminal checks the current key to check whether the current AES key is a stored AES key, and if the current key is consistent with the stored AES key, the next operation of changing the AES key can be performed; and if the verification result is inconsistent, the terminal refuses to change the secret key. For example, when a user needs to change an AES password, a password change option on the mobile device is selected, current connection information including a current old AES password and a new password to be changed is input, the terminal compares and verifies the stored AES password with the old AES password input by the user, and when the comparison and verification result is consistent, the verification is passed, and the new password provided by the user is stored to cover the old password.
When a user needs to change the AES key, the AES key stored in the terminal is changed after the current AES key provided by the user is verified, and meanwhile, the terminal is disconnected from the server, so that the original connection based on the old AES key is disconnected, and the synchronization process of a new AES key is carried out again. The synchronization process of the AES key is similar to that in the first embodiment, and those skilled in the art can know a new way of synchronizing the AES key. In the embodiment, the AES key is changed, and the inconsistency is along with the old AES key, so that the randomness of the data interaction key is improved, and the safety of data interaction is further improved.
Further, the interaction module 30 is further configured to disconnect the server after the key of the symmetric encryption method is lost or damaged;
the sending module 10 is further configured to send, to the server, request information for issuing a key of a symmetric encryption method with a request of encryption by a preset key;
the obtaining module 20 is further configured to obtain a key of a symmetric encryption method that is sent by the server and encrypted with a preset key.
In this embodiment, the loss or corruption of the AES key (key of the symmetric encryption method) may include two aspects: loss of the AES key on the one hand and corruption of the AES key on the other hand. The loss can be the forgetting of the user to the AES key, so that the operation is carried out at the terminal, the loss of the AES key is selected, and the loss or damage of the key can also occur through the judgment of the system in the process of data interaction or other problems. And when the user judges that the active selection is carried out or the terminal automatically judges that the AES secret key is lost or damaged, carrying out the next process of losing or damaging the AES secret key.
When the terminal judges that the AES secret key is lost or damaged, the connection between the terminal and the server is immediately disconnected, so that the connection performed according to the current AES secret key is not continued, and the data security is ensured.
In the process of solving loss or damage of the AES key, due to the fact that the AES key is lost or damaged, after the terminal is successfully connected, data issued by a request for the AES key is sent to the server again, the AES key is reapplied, the AES key stored by the server can be further sent to the terminal again, synchronization of the terminal and the AES key of the server is achieved, and a user at the side of the terminal can also take the AES key used for data interaction.
After the request of the terminal for the AES key is obtained, the server firstly verifies the connection information of the terminal, whether the connection information is matched with the stored AES key or not is judged, if the connection information is matched, the AES key is issued to the terminal according to the connection information, and if the connection information is not matched, the AES key can be directly terminated or circulated to the connection step.
In this embodiment, after the terminal determines that the AES key is lost or damaged, the server performs a process of reissuing the AES key of the terminal, determines that the AES key is damaged, immediately disconnects the server, and simultaneously prompts the user to re-log in and re-acquire information of the AES key through the mobile device, and after the user re-logs in through the mobile device, the mobile device requests the AES key from the server. By disconnecting the connection, the data interaction is stopped under the condition that the safety of the AES secret key cannot be ensured, and the safety of the data interaction between the terminal and the server is ensured.
Further, the interaction module 30 is further configured to disconnect the server after the key of the symmetric encryption method is lost or damaged;
the sending module 10 is further configured to send, to the server, request information for issuing an RSA public key with a request encrypted by a preset secret key;
the obtaining module 20 is further configured to obtain an RSA public key that is sent by the server and encrypted with a preset key.
In this embodiment, when the RSA public key is lost or damaged, the terminal may determine itself first, or the user may determine that the RSA public key is lost or damaged by performing a selection operation through the terminal. For example, after the user confirms that the RSA public key is lost, the mobile device is selected to start the relevant flow of the RSA public key loss process.
After the terminal determines that the RSA public key is lost or damaged, the terminal immediately starts a process of RSA public key loss processing, that is, immediately disconnects the connection with the server. By disconnecting the connection with the server, the connection information of the terminal re-login can be verified again, and the safety during data transmission is improved.
After the process of connecting the terminal to the server is finished, the terminal can re-request the server to send the RSA public key, and after the server receives the request of sending the RSA public key sent by the terminal, the data exchange in the process is finished under the encryption of the AES fixed secret key. The server checks and judges the connection information of the terminal, and when the connection information is judged to be in accordance with the condition of issuing the RSA public key, the stored RSA public key corresponding to the connection information is directly issued to the terminal according to the connection information, and the RSA public key and the RSA private key corresponding to the connection information can be regenerated to further issue and synchronize the terminal.
In this embodiment, when the terminal determines that the RSA public key is lost or damaged, the connection between the terminal and the server is disconnected, so as to ensure that data interaction is suspended under the condition that the security of the RSA public key and the AES secret key cannot be ensured, thereby ensuring the security of data interaction between the terminal and the server.
In other embodiments of the present invention, when the RSA public key and the AES public key are lost or damaged at the same time, the AES public key obtaining process is performed first, and then the RSA public key obtaining process is performed.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A data security interaction method is characterized by comprising the following steps:
sending request information of an RSA public key issued by a request server encrypted by a preset secret key to a server, wherein the preset secret key is a secret key agreed in advance, each terminal is different from the secret key agreed by the server, the preset secret key carries time information, the preset secret keys corresponding to different time points are different, and the preset secret key comprises a symmetric secret key or an asymmetric secret key;
acquiring an RSA public key which is sent by the server and encrypted by a preset secret key;
sending a secret key of a symmetric encryption method encrypted by the RSA public key to the server so as to perform synchronous operation of the secret key of the symmetric encryption method with the server;
after the synchronization with the secret key of the symmetric encryption method of the server is successful, performing data interaction with the server through the secret key of the symmetric encryption method;
the requested RSA public key and the key of the synchronous symmetric encryption method are different in the used scenarios, and the required key is also different, including key mode one: the user sets up fixed password, and equipment uses fixed password and platform communication, secret key mode two: the equipment uses the random password to communicate with the platform; the key mode is an application scene, a client uses private equipment to connect with a service platform, and a user does not want others to change product configuration and data confidentiality; the key mode II is applied to a scene that equipment is leased or sent to a customer for use so as to obtain service charge or monitor customer behavior, and the customer is not expected to change product configuration;
when the data interaction amount is within the preset amount, the key synchronization of the RSA public key and the symmetric encryption method is not required to be carried out again; after the preset amount is exceeded, the key synchronization of the RSA public key and the symmetric encryption method needs to be performed again.
2. The data security interaction method according to claim 1, before sending the request information of the RSA public key to the server, where the request information is encrypted with a preset key and issued by the server, further comprising:
sending connection information encrypted by the preset secret key to the server;
and acquiring response data which is sent by the server and encrypted by a preset secret key and is successfully connected, and after the response data is successfully connected, executing a step of sending request information of an RSA public key to a request server encrypted by the preset secret key.
3. The method for secure interaction of data as recited in claim 1, the method further comprising:
after the server is disconnected, whether the secret key of the symmetric encryption method is synchronized successfully is judged;
after the synchronization is successful, sending connection information encrypted by the preset secret key to the server;
acquiring response data which is sent by the server and encrypted by the preset secret key and is successfully connected;
after the connection is successful, performing data interaction with the server through the secret key of the symmetric encryption method;
and when the key of the symmetric encryption method is not synchronized successfully, reconnecting and synchronizing the key of the symmetric encryption method.
4. A method for secure interaction of data according to any of claims 1 to 3, the method further comprising:
receiving a key change instruction of a symmetric encryption method, and acquiring a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
and after judging that the secret key of the new symmetric encryption method is correct, disconnecting the server, reconnecting and synchronizing the secret key of the new symmetric encryption method.
5. A method for secure interaction of data according to any of claims 1 to 3, the method further comprising:
after the secret key of the symmetric encryption method is lost or damaged, disconnecting the server;
sending a request message of an encryption key of a symmetric encryption method to the server by using a preset encryption key to request the server to issue the encryption key;
and acquiring a secret key of a symmetric encryption method which is sent by the server and encrypted by a preset secret key.
6. A method for secure interaction of data according to any of claims 1 to 3, the method further comprising:
after the secret key of the symmetric encryption method and the RSA public key are lost or damaged, the connection with the server is disconnected;
sending a request message of an encryption key of a symmetric encryption method to the server by using a preset encryption key to request the server to issue the encryption key;
acquiring a secret key of a symmetric encryption method which is sent by the server and encrypted by a preset secret key;
sending a request encrypted by a preset secret key to the server to issue request information of an RSA public key;
and acquiring an RSA public key which is sent by the server and encrypted by a preset secret key.
7. A data security interaction device, comprising:
the system comprises a sending module, a server and a processing module, wherein the sending module is used for sending request information of an RSA public key issued by a request server encrypted by a preset secret key to the server, the preset secret key is a secret key appointed in advance, each terminal is different from the secret key appointed by the server, the preset secret key carries time information, the preset secret keys corresponding to different time points are different, and the preset secret key comprises a symmetric secret key or an asymmetric secret key;
the acquisition module is used for acquiring an RSA public key which is sent by the server and encrypted by a preset secret key;
the sending module is further configured to send, to the server, a key of a symmetric encryption method encrypted by the RSA public key to perform synchronous operation with the key of the symmetric encryption method performed by the server;
the interaction module is used for carrying out data interaction with the server through the secret key of the symmetric encryption method after the secret key of the symmetric encryption method of the server is successfully synchronized;
the requested RSA public key and the key of the synchronous symmetric encryption method are different in the used scenarios, and the required key is also different, including key mode one: the user sets up fixed password, and equipment uses fixed password and platform communication, secret key mode two: the equipment uses the random password to communicate with the platform; the key mode is an application scene, a client uses private equipment to connect with a service platform, and a user does not want others to change product configuration and data confidentiality; the key mode II is applied to a scene that equipment is leased or sent to a customer for use so as to obtain service charge or monitor customer behavior, and the customer is not expected to change product configuration;
when the data interaction amount is within the preset amount, the key synchronization of the RSA public key and the symmetric encryption method is not required to be carried out again; after the preset amount is exceeded, the key synchronization of the RSA public key and the symmetric encryption method needs to be performed again.
8. The apparatus according to claim 7, wherein the sending module is further configured to send, to the server, connection information encrypted with the preset key;
the obtaining module is further configured to obtain response data which is sent by the server and encrypted by a preset secret key and is successfully connected.
9. The secure interaction device of claim 7, wherein the device further comprises:
the judging module is used for judging whether the secret keys of the symmetric encryption method are synchronized successfully or not after the server is disconnected;
the sending module is further configured to send, to the server, connection information encrypted with the preset secret key after the synchronization is successful;
the obtaining module is further configured to obtain response data which is sent by the server and encrypted by the preset secret key and is successfully connected;
the interaction module is further used for performing data interaction with the server through the secret key of the symmetric encryption method after the connection is successful; the interaction module is also used for
And when the key of the symmetric encryption method is not synchronized successfully, reconnecting and synchronizing the key of the new symmetric encryption method.
10. A secure interaction device as recited in any one of claims 7 to 9, wherein the device further comprises: the receiving module is used for receiving a key change instruction of a symmetric encryption method;
the obtaining module is further configured to obtain a key of the symmetric encryption method corresponding to the key change instruction of the symmetric encryption method as a key of a new symmetric encryption method;
the interaction module is further used for disconnecting the server after judging that the secret key of the new symmetric encryption method is correct, reconnecting the server, and synchronizing the secret key of the symmetric encryption method;
the interaction module is also used for disconnecting the connection with the server after the secret key of the symmetric encryption method is lost or damaged;
the sending module is further configured to send, to the server, request information for issuing a key of a symmetric encryption method with a request for encryption by a preset key;
the obtaining module is further configured to obtain a secret key of a symmetric encryption method, which is sent by the server and encrypted with a preset secret key.
CN201710299311.6A 2017-04-28 2017-04-28 Data security interaction method and device Active CN107181739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710299311.6A CN107181739B (en) 2017-04-28 2017-04-28 Data security interaction method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710299311.6A CN107181739B (en) 2017-04-28 2017-04-28 Data security interaction method and device

Publications (2)

Publication Number Publication Date
CN107181739A CN107181739A (en) 2017-09-19
CN107181739B true CN107181739B (en) 2021-02-26

Family

ID=59830971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710299311.6A Active CN107181739B (en) 2017-04-28 2017-04-28 Data security interaction method and device

Country Status (1)

Country Link
CN (1) CN107181739B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109639702A (en) * 2018-12-25 2019-04-16 歌尔科技有限公司 A kind of data communications method, system and electronic equipment and storage medium
CN113254977B (en) * 2021-06-24 2022-03-18 中电科新型智慧城市研究院有限公司 Sandbox service construction method and device, electronic equipment and storage medium
CN113992383A (en) * 2021-10-22 2022-01-28 上海瓶钵信息科技有限公司 Symmetric key production line method and system based on asymmetric key protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808089A (en) * 2010-03-05 2010-08-18 中国人民解放军国防科学技术大学 Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encryption network data security method and system
CN105812349A (en) * 2016-01-20 2016-07-27 杭州安恒信息技术有限公司 Asymmetric secret key distribution and message encryption method based on identity information
CN106533656A (en) * 2016-11-18 2017-03-22 东莞理工学院 Key multilayer mixed encryption/decryption method based on WSN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9811680B2 (en) * 2015-06-04 2017-11-07 Microsoft Technology Licensing, Llc Secure storage and sharing of data by hybrid encryption using predefined schema

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808089A (en) * 2010-03-05 2010-08-18 中国人民解放军国防科学技术大学 Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encryption network data security method and system
CN105812349A (en) * 2016-01-20 2016-07-27 杭州安恒信息技术有限公司 Asymmetric secret key distribution and message encryption method based on identity information
CN106533656A (en) * 2016-11-18 2017-03-22 东莞理工学院 Key multilayer mixed encryption/decryption method based on WSN

Also Published As

Publication number Publication date
CN107181739A (en) 2017-09-19

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
CN102833253B (en) Set up method and server that client is connected with server security
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
US20150281958A1 (en) Method and Apparatus for Securing a Connection in a Communications Network
CN111935712A (en) Data transmission method, system and medium based on NB-IoT communication
CN110601825B (en) Ciphertext processing method and device, storage medium and electronic device
CN106411926A (en) Data encryption communication method and system
CN107181739B (en) Data security interaction method and device
CN106792700A (en) The method for building up and system of a kind of secure communication environment of wearable device
CN105142134A (en) Parameter obtaining and transmission methods/devices
CN113347010A (en) Mutual authentication method and device based on SSL-TLS protocol
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN114362946B (en) Key agreement method and system
CN108206738B (en) Quantum key output method and system
CN105471896B (en) Proxy Method, apparatus and system based on SSL
CN114826659A (en) Encryption communication method and system
JPH10242957A (en) User authentication method, system therefor and storage medium for user authentication
CN113472792A (en) Long-connection network communication encryption method and system
CN101420687B (en) Identity verification method based on mobile terminal payment
CN112637140A (en) Password transmission method, terminal, server and readable storage medium
CN113660271B (en) Security authentication method and device for Internet of vehicles
CN113452514B (en) Key distribution method, device and system
CN111093169B (en) Communication establishing method and device
CN115396153A (en) Data communication method, computer equipment and storage medium
CN112822015B (en) Information transmission method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant