CN107786507A - A kind of method for ensuring http data transmission securities - Google Patents

A kind of method for ensuring http data transmission securities Download PDF

Info

Publication number
CN107786507A
CN107786507A CN201610739059.1A CN201610739059A CN107786507A CN 107786507 A CN107786507 A CN 107786507A CN 201610739059 A CN201610739059 A CN 201610739059A CN 107786507 A CN107786507 A CN 107786507A
Authority
CN
China
Prior art keywords
client
data
des
key
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610739059.1A
Other languages
Chinese (zh)
Inventor
肖磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU FUTE TECHNOLOGY CO LTD
Original Assignee
CHENGDU FUTE TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU FUTE TECHNOLOGY CO LTD filed Critical CHENGDU FUTE TECHNOLOGY CO LTD
Priority to CN201610739059.1A priority Critical patent/CN107786507A/en
Publication of CN107786507A publication Critical patent/CN107786507A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of method for ensuring http data transmission securities of the present invention using generation DESKey at random can effectively ensure that the security for the data transmitted between client and server end by the way of DES symmetric cryptographies are combined with RSA asymmetric encryption, solve simultaneously and the decryption of data is transmitted between client and server take, the problem of efficiency is low.

Description

A kind of method for ensuring http data transmission securities
Technical field
The present invention relates to a kind of network data exchange technology, more particularly to a kind of anti-abduction technology based on Web, and protect The method of interaction data transmission safety.
Background technology
With the development of internet, the system based on B/S framework is largely used to finance using more and more extensive, individual's branch Pay etc. industry, and at present web system have two kinds of agreements of http, https, though https can ensure data transfer safety property Can be more many slowly than http performance, in order to lift Consumer's Experience, a large number of users still uses http agreements.Because http is dangerous Communications protocol, data transfer be clear-text way transmission, so attacker be easy to by network kidnap obtain confidential information.
The scheme that transmission information has comparative maturity at present that obtains is kidnapped for http, utilizes DES or AES symmetric cryptographies Sensitive information, but because http sheets are as clear-text way, attacker can be easy to get the Key of encryption from client, So as to which the data of transmission be decrypted, reach the purpose for obtaining confidential information.
Meanwhile for utilizing RSA asymmetric encryption modes, because rsa encryption characteristic is directed to Key limited bits system, Key It will be reported an error more than corresponding digit, and Key digits are more, and decryption is more time-consuming, and efficiency is lower.
The content of the invention
The purpose of the present invention is the defects of presence for above-mentioned background technology, there is provided a kind of anti-abduction technology based on Web The method that can ensure that http data transmission securities.
To achieve the above object, a kind of method for ensuring http data transmission securities of the present invention, including:In client http During the request server page, server binds client IP and binds current Session features for the first time, and client accesses every time Equal dynamic generation RSA public keys and RSA private keys, are stored in current Session indexes during server, and bind client with accessing IP Location, RSA public keys are returned into client Cookie;Obtained when data transfer is encrypted in client from client Cookie RSA public keys, a DES Key is generated at random, and des encryption is carried out to data using the DES Key generated at random, and utilize RSA public keys carry out asymmetric encryption to the DES Key generated at random, after the completion of, submit to server;Server receives encryption After data, client ip is verified first, IP is proved to be successful, and data are decrypted, and failure then requires client again Log in, after logging in successfully, server binds client ip again;Data are decrypted server after the completion of IP checkings, After i.e. client ip is proved to be successful, Key is decrypted by RSA private keys, obtains original Key, using original Key to encrypting number According to DES decryption is carried out, ciphertext data, start to process service logic are obtained, response service logic needs content and the transmission shown To client, RSA public keys are regenerated according to generation agreement and RSA private keys are stored in current Ssession, respond RSA public keys Cookie is to client;Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
Further, the DES Key generated at random are 8 character DES Key.
Further, data content and DES Key should at least be included by submitting to the content of server, and wherein data content is For DES according to the data after random 8 character DES Key encryptions of generation, Key is to pass through the knot after RSA public key encryption DES Key Fruit.
Further, RSA refers to all algorithms using asymmetric encryption, and DES refers to all algorithms using symmetric cryptography.
Further, client is that any server that can request that http contents, browser, communication equipment or third party are soft Part.
Further, the time T if n times are exceeded to client ip progress authentication failed number to current IP after the failure Inside carry out limitation access.
A kind of method for ensuring http data transmission securities of the present invention uses DES symmetric cryptographies and RSA asymmetric encryption phases With reference to mode can effectively ensure that the security for the data transmitted between client and server end, while solve client The problem of decryption that data are transmitted between end and server takes, and efficiency is low.
Embodiment
To describe technology contents, construction feature, institute's reached purpose and the effect of the present invention in detail, embodiment is hereby enumerated below And accompanying drawing is coordinated to be explained in detail.
Referring to Fig. 1, a kind of method for ensuring http data transmission securities of the present invention encrypts Key as core using random generation The heart, in the client http request server page, server binds client IP and binds current Session features for the first time, and And client accesses equal dynamic generation RSA public keys and RSA private keys during server every time, is stored in current Session indexes, and tie up Determine client (browser) and access IP address, return to RSA public keys into client Cookie;
RSA public keys are obtained when data transfer is encrypted in client from client Cookie, generate a DES at random Key, and data are carried out with des encryption using the DES Key generated at random, and using RSA public keys to the DES Key that generate at random It is encrypted, after the completion of, server is submitted to, submits to the data content and Key of server, wherein data content is DES roots According to the data after random 8 character encryptions of generation, Key is to pass through the result after RSA public key encryption DES Key;
After server receives encryption data, client ip is verified first, IP is proved to be successful then to be carried out to data Decryption, failure then represent that client may be kidnapped by http, it is desirable to which client logs in again, and binds client ip;
After IP is proved to be successful, data are decrypted, i.e., Key are decrypted by RSA private keys, obtain original Key, profit DES decryption is carried out to encryption data with original Key, obtains ciphertext data, response service logic needs content and the transmission shown To client, RSA public keys are regenerated according to generation agreement and RSA private keys are stored in current Ssession, respond RSA public keys Cookie is to client;
Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
A kind of method for ensuring http data transmission securities of the invention comprises the following steps that:
Step S 1, i.e. client the request server page (when not logging in) first, server according to client ip address, Bind current sessions feature;
Step S2, i.e. server generate RSA public keys and RSA private keys, bind in its SessionID index, and export RSA public affairs Key facilitates client to read into client Cookie;
During step S3, the i.e. client request server page, for the data for needing to encrypt, 8 words are generated at random DES Key are accorded with, des encryption is carried out to data using the Key generated at random, it is non-to the DES Key generated at random using RSA public keys Symmetric cryptography, for convenience of describing and understanding, the DES Key after DES and rsa encryption are named as Key by spy, interior after encryption Appearance is named as data content, after completing encryption, sends Key, data content to server, wherein, data content for DES according to Machine generates the data after 8 character DES Key encryptions, and Key is to pass through the result after RSA public key encryption DES Key.
Step S4, i.e. server verify that consistent perform of IP address matching solves to data to client ip first Close and ciphertext data is transferred into client step, the inconsistent explanation client of IP address matching is abnormal, causes client abnormal It is probably to be held as a hostage or other reasonses cause IP address to match inconsistent other situations, in order to ensure safety, server is forced Client is logged in again, and records current information, facilitates client directly to handle the information after logging in again;
Key is decrypted according to RSA private keys by step S5, i.e. server, obtains original DES Key, and utilize DES Key Data content is decrypted, ciphertext data is obtained, start to process service logic, responds service logic client request, if solution The close data for unsuccessfully illustrating transmission are tampered, or other reasonses remind user to be re-operated;
Step S6, i.e., after the completion of normal processing, repeat step S2, still each request dynamic generation RSA public keys and RSA are private Key, and then ensure also be obtained a segment information after unexpected crack even if RSA, ensure to transmit number between client and server According to safety.
In summary, a kind of method for ensuring http data transmission securities of the present invention is carried out using random generation DES Key Symmetric cryptography can effectively ensure that with the mode that dynamic RSA asymmetric encryption is combined and be transmitted between client and server end Data security, while solve and the decryption of data is transmitted between client and server take, the problem of efficiency is low.
Techniques discussed above scheme is only a kind of preferred embodiment for the method for ensuring http data transmission securities, any The equivalent transformation or replacement made on the basis of a kind of method for ensuring http data transmission securities of the present invention are included in this hair Within bright protection domain.

Claims (6)

1. a kind of method for ensuring http data transmission securities, including:
In the client http request server page, server binds client IP and binds current Session features for the first time, and And client accesses equal dynamic generation RSA public keys and RSA private keys during server every time, is stored in current Session indexes, and tie up Determine client and access IP address, return to RSA public keys into client Cookie;
RSA public keys are obtained when data transfer is encrypted in client from client Cookie, generate a DES Key at random, And des encryption is carried out to data using the DES Key generated at random, the DES Key generated at random are carried out using RSA public keys non- Symmetric cryptography, after the completion of, submit to server;
After server receives encryption data, client ip is verified first, IP is proved to be successful, and data are decrypted, Login message again is sent in the case of IP authentication faileds, after logging in successfully again, binds client ip again;
After the completion of IP checkings, data are decrypted server, i.e., Key are decrypted by RSA private keys, obtain original DES Key, DES decryption is carried out to encryption data using original DES Key, ciphertext data is obtained, start to process service logic, responds industry Business logic needs the content shown and is sent to client, regenerates RSA public keys according to generation agreement and the deposit of RSA private keys is worked as In preceding Ssession, RSA public keys Cookie is returned to client;
Each access for client, every time still dynamic generation RSA public keys and RSA private keys.
A kind of 2. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:Generate at random DES Key are 8 character DES Key.
A kind of 3. method for ensuring http data transmission securities as claimed in claim 2, it is characterised in that:Submit to server Content should at least include data content and DES Key, wherein data content is DES according to generating 8 character DES Key at random Data after encryption, Key are to pass through the result after RSA public key encryption DES Key.
A kind of 4. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:RSA refers to all adopt With the algorithm of asymmetric encryption, DES refers to all algorithms using symmetric cryptography.
A kind of 5. method for ensuring http data transmission securities as described in Claims 1-4 any one, it is characterised in that: Client is any server that can request that http contents, browser, communication equipment or third party software.
A kind of 6. method for ensuring http data transmission securities as claimed in claim 1, it is characterised in that:If to client ip Carry out authentication failed number and exceed n times then to carrying out limitation access in current IP time T after the failure.
CN201610739059.1A 2016-08-26 2016-08-26 A kind of method for ensuring http data transmission securities Pending CN107786507A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610739059.1A CN107786507A (en) 2016-08-26 2016-08-26 A kind of method for ensuring http data transmission securities

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610739059.1A CN107786507A (en) 2016-08-26 2016-08-26 A kind of method for ensuring http data transmission securities

Publications (1)

Publication Number Publication Date
CN107786507A true CN107786507A (en) 2018-03-09

Family

ID=61439511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610739059.1A Pending CN107786507A (en) 2016-08-26 2016-08-26 A kind of method for ensuring http data transmission securities

Country Status (1)

Country Link
CN (1) CN107786507A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848091A (en) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 A kind of mixed encryption method for instant messaging
CN110247762A (en) * 2019-06-20 2019-09-17 江西金格科技股份有限公司 A kind of reliable website building method based on SM9 algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120128A1 (en) * 2003-12-02 2005-06-02 Wilife, Inc. Method and system of bandwidth management for streaming data
CN104219041A (en) * 2014-09-23 2014-12-17 中国南方电网有限责任公司 Data transmission encryption method applicable for mobile internet

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120128A1 (en) * 2003-12-02 2005-06-02 Wilife, Inc. Method and system of bandwidth management for streaming data
CN104219041A (en) * 2014-09-23 2014-12-17 中国南方电网有限责任公司 Data transmission encryption method applicable for mobile internet

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848091A (en) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 A kind of mixed encryption method for instant messaging
CN110247762A (en) * 2019-06-20 2019-09-17 江西金格科技股份有限公司 A kind of reliable website building method based on SM9 algorithm

Similar Documents

Publication Publication Date Title
CN109922077B (en) Identity authentication method and system based on block chain
CN104506534B (en) Secure communication key agreement interaction schemes
TWI543574B (en) Method for authenticatiing online transactions using a browser
US8275984B2 (en) TLS key and CGI session ID pairing
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
CN101938473B (en) Single-point login system and single-point login method
WO2016107320A1 (en) Website security information loading method, and browser device
US8971540B2 (en) Authentication
CN105307165B (en) Communication means, server-side and client based on mobile application
CN107302541A (en) A kind of data encryption and transmission method based on http protocol
US20080022085A1 (en) Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system
CN108347419A (en) Data transmission method and device
CN103763631A (en) Authentication method, server and television
US20100235625A1 (en) Techniques and architectures for preventing sybil attacks
CN107920052B (en) Encryption method and intelligent device
CN104243494B (en) A kind of data processing method
CN101978650A (en) A system and method of secure network authentication
CN112637136A (en) Encrypted communication method and system
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
CN114513339A (en) Security authentication method, system and device
CN106230840B (en) A kind of command identifying method of high security
Khelifi et al. Enhancing protection techniques of e-banking security services using open source cryptographic algorithms
CN101997835A (en) Network security communication method, data security processing device and system for finance
CN102281303A (en) Data exchange method
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180309

WD01 Invention patent application deemed withdrawn after publication