CN107786507A - A kind of method for ensuring http data transmission securities - Google Patents
A kind of method for ensuring http data transmission securities Download PDFInfo
- Publication number
- CN107786507A CN107786507A CN201610739059.1A CN201610739059A CN107786507A CN 107786507 A CN107786507 A CN 107786507A CN 201610739059 A CN201610739059 A CN 201610739059A CN 107786507 A CN107786507 A CN 107786507A
- Authority
- CN
- China
- Prior art keywords
- client
- data
- des
- key
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of method for ensuring http data transmission securities of the present invention using generation DESKey at random can effectively ensure that the security for the data transmitted between client and server end by the way of DES symmetric cryptographies are combined with RSA asymmetric encryption, solve simultaneously and the decryption of data is transmitted between client and server take, the problem of efficiency is low.
Description
Technical field
The present invention relates to a kind of network data exchange technology, more particularly to a kind of anti-abduction technology based on Web, and protect
The method of interaction data transmission safety.
Background technology
With the development of internet, the system based on B/S framework is largely used to finance using more and more extensive, individual's branch
Pay etc. industry, and at present web system have two kinds of agreements of http, https, though https can ensure data transfer safety property
Can be more many slowly than http performance, in order to lift Consumer's Experience, a large number of users still uses http agreements.Because http is dangerous
Communications protocol, data transfer be clear-text way transmission, so attacker be easy to by network kidnap obtain confidential information.
The scheme that transmission information has comparative maturity at present that obtains is kidnapped for http, utilizes DES or AES symmetric cryptographies
Sensitive information, but because http sheets are as clear-text way, attacker can be easy to get the Key of encryption from client,
So as to which the data of transmission be decrypted, reach the purpose for obtaining confidential information.
Meanwhile for utilizing RSA asymmetric encryption modes, because rsa encryption characteristic is directed to Key limited bits system, Key
It will be reported an error more than corresponding digit, and Key digits are more, and decryption is more time-consuming, and efficiency is lower.
The content of the invention
The purpose of the present invention is the defects of presence for above-mentioned background technology, there is provided a kind of anti-abduction technology based on Web
The method that can ensure that http data transmission securities.
To achieve the above object, a kind of method for ensuring http data transmission securities of the present invention, including:In client http
During the request server page, server binds client IP and binds current Session features for the first time, and client accesses every time
Equal dynamic generation RSA public keys and RSA private keys, are stored in current Session indexes during server, and bind client with accessing IP
Location, RSA public keys are returned into client Cookie;Obtained when data transfer is encrypted in client from client Cookie
RSA public keys, a DES Key is generated at random, and des encryption is carried out to data using the DES Key generated at random, and utilize
RSA public keys carry out asymmetric encryption to the DES Key generated at random, after the completion of, submit to server;Server receives encryption
After data, client ip is verified first, IP is proved to be successful, and data are decrypted, and failure then requires client again
Log in, after logging in successfully, server binds client ip again;Data are decrypted server after the completion of IP checkings,
After i.e. client ip is proved to be successful, Key is decrypted by RSA private keys, obtains original Key, using original Key to encrypting number
According to DES decryption is carried out, ciphertext data, start to process service logic are obtained, response service logic needs content and the transmission shown
To client, RSA public keys are regenerated according to generation agreement and RSA private keys are stored in current Ssession, respond RSA public keys
Cookie is to client;Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
Further, the DES Key generated at random are 8 character DES Key.
Further, data content and DES Key should at least be included by submitting to the content of server, and wherein data content is
For DES according to the data after random 8 character DES Key encryptions of generation, Key is to pass through the knot after RSA public key encryption DES Key
Fruit.
Further, RSA refers to all algorithms using asymmetric encryption, and DES refers to all algorithms using symmetric cryptography.
Further, client is that any server that can request that http contents, browser, communication equipment or third party are soft
Part.
Further, the time T if n times are exceeded to client ip progress authentication failed number to current IP after the failure
Inside carry out limitation access.
A kind of method for ensuring http data transmission securities of the present invention uses DES symmetric cryptographies and RSA asymmetric encryption phases
With reference to mode can effectively ensure that the security for the data transmitted between client and server end, while solve client
The problem of decryption that data are transmitted between end and server takes, and efficiency is low.
Embodiment
To describe technology contents, construction feature, institute's reached purpose and the effect of the present invention in detail, embodiment is hereby enumerated below
And accompanying drawing is coordinated to be explained in detail.
Referring to Fig. 1, a kind of method for ensuring http data transmission securities of the present invention encrypts Key as core using random generation
The heart, in the client http request server page, server binds client IP and binds current Session features for the first time, and
And client accesses equal dynamic generation RSA public keys and RSA private keys during server every time, is stored in current Session indexes, and tie up
Determine client (browser) and access IP address, return to RSA public keys into client Cookie;
RSA public keys are obtained when data transfer is encrypted in client from client Cookie, generate a DES at random
Key, and data are carried out with des encryption using the DES Key generated at random, and using RSA public keys to the DES Key that generate at random
It is encrypted, after the completion of, server is submitted to, submits to the data content and Key of server, wherein data content is DES roots
According to the data after random 8 character encryptions of generation, Key is to pass through the result after RSA public key encryption DES Key;
After server receives encryption data, client ip is verified first, IP is proved to be successful then to be carried out to data
Decryption, failure then represent that client may be kidnapped by http, it is desirable to which client logs in again, and binds client ip;
After IP is proved to be successful, data are decrypted, i.e., Key are decrypted by RSA private keys, obtain original Key, profit
DES decryption is carried out to encryption data with original Key, obtains ciphertext data, response service logic needs content and the transmission shown
To client, RSA public keys are regenerated according to generation agreement and RSA private keys are stored in current Ssession, respond RSA public keys
Cookie is to client;
Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
A kind of method for ensuring http data transmission securities of the invention comprises the following steps that:
Step S 1, i.e. client the request server page (when not logging in) first, server according to client ip address,
Bind current sessions feature;
Step S2, i.e. server generate RSA public keys and RSA private keys, bind in its SessionID index, and export RSA public affairs
Key facilitates client to read into client Cookie;
During step S3, the i.e. client request server page, for the data for needing to encrypt, 8 words are generated at random
DES Key are accorded with, des encryption is carried out to data using the Key generated at random, it is non-to the DES Key generated at random using RSA public keys
Symmetric cryptography, for convenience of describing and understanding, the DES Key after DES and rsa encryption are named as Key by spy, interior after encryption
Appearance is named as data content, after completing encryption, sends Key, data content to server, wherein, data content for DES according to
Machine generates the data after 8 character DES Key encryptions, and Key is to pass through the result after RSA public key encryption DES Key.
Step S4, i.e. server verify that consistent perform of IP address matching solves to data to client ip first
Close and ciphertext data is transferred into client step, the inconsistent explanation client of IP address matching is abnormal, causes client abnormal
It is probably to be held as a hostage or other reasonses cause IP address to match inconsistent other situations, in order to ensure safety, server is forced
Client is logged in again, and records current information, facilitates client directly to handle the information after logging in again;
Key is decrypted according to RSA private keys by step S5, i.e. server, obtains original DES Key, and utilize DES Key
Data content is decrypted, ciphertext data is obtained, start to process service logic, responds service logic client request, if solution
The close data for unsuccessfully illustrating transmission are tampered, or other reasonses remind user to be re-operated;
Step S6, i.e., after the completion of normal processing, repeat step S2, still each request dynamic generation RSA public keys and RSA are private
Key, and then ensure also be obtained a segment information after unexpected crack even if RSA, ensure to transmit number between client and server
According to safety.
In summary, a kind of method for ensuring http data transmission securities of the present invention is carried out using random generation DES Key
Symmetric cryptography can effectively ensure that with the mode that dynamic RSA asymmetric encryption is combined and be transmitted between client and server end
Data security, while solve and the decryption of data is transmitted between client and server take, the problem of efficiency is low.
Techniques discussed above scheme is only a kind of preferred embodiment for the method for ensuring http data transmission securities, any
The equivalent transformation or replacement made on the basis of a kind of method for ensuring http data transmission securities of the present invention are included in this hair
Within bright protection domain.
Claims (6)
1. a kind of method for ensuring http data transmission securities, including:
In the client http request server page, server binds client IP and binds current Session features for the first time, and
And client accesses equal dynamic generation RSA public keys and RSA private keys during server every time, is stored in current Session indexes, and tie up
Determine client and access IP address, return to RSA public keys into client Cookie;
RSA public keys are obtained when data transfer is encrypted in client from client Cookie, generate a DES Key at random,
And des encryption is carried out to data using the DES Key generated at random, the DES Key generated at random are carried out using RSA public keys non-
Symmetric cryptography, after the completion of, submit to server;
After server receives encryption data, client ip is verified first, IP is proved to be successful, and data are decrypted,
Login message again is sent in the case of IP authentication faileds, after logging in successfully again, binds client ip again;
After the completion of IP checkings, data are decrypted server, i.e., Key are decrypted by RSA private keys, obtain original DES
Key, DES decryption is carried out to encryption data using original DES Key, ciphertext data is obtained, start to process service logic, responds industry
Business logic needs the content shown and is sent to client, regenerates RSA public keys according to generation agreement and the deposit of RSA private keys is worked as
In preceding Ssession, RSA public keys Cookie is returned to client;
Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
A kind of 2. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:Generate at random
DES Key are 8 character DES Key.
A kind of 3. method for ensuring http data transmission securities as claimed in claim 2, it is characterised in that:Submit to server
Content should at least include data content and DES Key, wherein data content is DES according to generating 8 character DES Key at random
Data after encryption, Key are to pass through the result after RSA public key encryption DES Key.
A kind of 4. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:RSA refers to all adopt
With the algorithm of asymmetric encryption, DES refers to all algorithms using symmetric cryptography.
A kind of 5. method for ensuring http data transmission securities as described in Claims 1-4 any one, it is characterised in that:
Client is any server that can request that http contents, browser, communication equipment or third party software.
A kind of 6. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:If to client ip
Carry out authentication failed number and exceed n times then to carrying out limitation access in current IP time T after the failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610739059.1A CN107786507A (en) | 2016-08-26 | 2016-08-26 | A kind of method for ensuring http data transmission securities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610739059.1A CN107786507A (en) | 2016-08-26 | 2016-08-26 | A kind of method for ensuring http data transmission securities |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107786507A true CN107786507A (en) | 2018-03-09 |
Family
ID=61439511
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610739059.1A Pending CN107786507A (en) | 2016-08-26 | 2016-08-26 | A kind of method for ensuring http data transmission securities |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107786507A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848091A (en) * | 2018-06-20 | 2018-11-20 | 上海织语网络科技有限公司 | A kind of mixed encryption method for instant messaging |
CN110247762A (en) * | 2019-06-20 | 2019-09-17 | 江西金格科技股份有限公司 | A kind of reliable website building method based on SM9 algorithm |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120128A1 (en) * | 2003-12-02 | 2005-06-02 | Wilife, Inc. | Method and system of bandwidth management for streaming data |
CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
-
2016
- 2016-08-26 CN CN201610739059.1A patent/CN107786507A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120128A1 (en) * | 2003-12-02 | 2005-06-02 | Wilife, Inc. | Method and system of bandwidth management for streaming data |
CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848091A (en) * | 2018-06-20 | 2018-11-20 | 上海织语网络科技有限公司 | A kind of mixed encryption method for instant messaging |
CN110247762A (en) * | 2019-06-20 | 2019-09-17 | 江西金格科技股份有限公司 | A kind of reliable website building method based on SM9 algorithm |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109922077B (en) | Identity authentication method and system based on block chain | |
CN104506534B (en) | Secure communication key agreement interaction schemes | |
TWI543574B (en) | Method for authenticatiing online transactions using a browser | |
US8275984B2 (en) | TLS key and CGI session ID pairing | |
EP2020797B1 (en) | Client-server Opaque token passing apparatus and method | |
CN101938473B (en) | Single-point login system and single-point login method | |
WO2016107320A1 (en) | Website security information loading method, and browser device | |
US8971540B2 (en) | Authentication | |
CN105307165B (en) | Communication means, server-side and client based on mobile application | |
CN107302541A (en) | A kind of data encryption and transmission method based on http protocol | |
US20080022085A1 (en) | Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system | |
CN108347419A (en) | Data transmission method and device | |
CN103763631A (en) | Authentication method, server and television | |
US20100235625A1 (en) | Techniques and architectures for preventing sybil attacks | |
CN107920052B (en) | Encryption method and intelligent device | |
CN104243494B (en) | A kind of data processing method | |
CN101978650A (en) | A system and method of secure network authentication | |
CN112637136A (en) | Encrypted communication method and system | |
CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
CN114513339A (en) | Security authentication method, system and device | |
CN106230840B (en) | A kind of command identifying method of high security | |
Khelifi et al. | Enhancing protection techniques of e-banking security services using open source cryptographic algorithms | |
CN101997835A (en) | Network security communication method, data security processing device and system for finance | |
CN102281303A (en) | Data exchange method | |
CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180309 |
|
WD01 | Invention patent application deemed withdrawn after publication |