CN108495309B - Information processing method, electronic device, and storage medium - Google Patents

Information processing method, electronic device, and storage medium Download PDF

Info

Publication number
CN108495309B
CN108495309B CN201810117435.2A CN201810117435A CN108495309B CN 108495309 B CN108495309 B CN 108495309B CN 201810117435 A CN201810117435 A CN 201810117435A CN 108495309 B CN108495309 B CN 108495309B
Authority
CN
China
Prior art keywords
client
key information
information
fixed key
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810117435.2A
Other languages
Chinese (zh)
Other versions
CN108495309A (en
Inventor
罗生
蒲天豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, MIGU Culture Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810117435.2A priority Critical patent/CN108495309B/en
Publication of CN108495309A publication Critical patent/CN108495309A/en
Application granted granted Critical
Publication of CN108495309B publication Critical patent/CN108495309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Abstract

The invention discloses an information processing method, which comprises the following steps: acquiring first key information for calculating a dynamic key; generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different; and encrypting or decrypting the information for interaction by using the dynamic key. The invention also discloses an electronic device and a storage medium.

Description

Information processing method, electronic device, and storage medium
Technical Field
The present invention relates to information processing technology in the field of mobile terminals, and in particular, to a method, an electronic device, and a storage medium for information processing.
Background
At present, people carry out various activities in the network era, various information is disclosed and easily obtained in the network transmission process, and the information can be accepted by anyone for some public information, but for some information with confidential property, corresponding protection is needed, and at the moment, the encryption technology is an effective way for solving the problem.
Common encryption methods currently used in network transmission include: an HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) encryption technique and a client encryption technique that aim at security. However, none of these encryption schemes guarantees secure transmission of information.
Disclosure of Invention
In order to solve the existing technical problem, embodiments of the present invention mainly provide an information processing method, an information processing apparatus, and a storage medium, which can solve the problem that information cannot be transmitted safely.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides an information processing method, which comprises the following steps:
acquiring first key information for calculating a dynamic key;
generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and encrypting or decrypting the information for interaction by using the dynamic key.
In the above technical solution, the method further includes:
and receiving fixed key information periodically sent by the client management platform.
In the above technical solution, the generating the dynamic key according to the first key information and the fixed key information of the client includes:
performing confusion operation on the first key information and the fixed key information to obtain a confused character string;
and carrying out hash processing on the character string to generate the dynamic key.
In the above technical solution, the obfuscating the first key information and the fixed key information to obtain an obfuscated character string includes:
and performing bitwise AND operation on the first key information and the fixed key information to generate a confused character string.
In the technical proposal, the device comprises a base,
the client is formed according to the service type of the application, wherein different service types correspond to different clients.
In the technical proposal, the device comprises a base,
if the method is applied to a terminal provided with the client, the acquiring first key information for calculating the dynamic key comprises the following steps:
the first key information for calculating a dynamic key is received from a server.
In the technical proposal, the device comprises a base,
if the method is applied to a server providing services to the client, the obtaining first key information for calculating a dynamic key includes:
and locally reading the first key information for calculating the dynamic key.
The embodiment of the invention also provides an information processing method, which comprises the following steps:
generating a client corresponding to the service type of the application according to the service type of the application;
distributing fixed key information to the clients, wherein the fixed key information of each client is different;
sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
In the above technical solution, the method further includes:
and periodically distributing fixed key information to the client.
In the above technical solution, the method further includes:
receiving a risk report sent by a risk control system;
when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior;
and sending the new fixed key information to an abnormal client and server.
An embodiment of the present invention further provides an electronic device, where the electronic device is a terminal or a server, and the electronic device includes:
the acquisition module is used for acquiring first key information used for calculating a dynamic key;
the generating module is used for generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and the encryption and decryption module is used for encrypting or decrypting the interactive information by using the dynamic key.
An embodiment of the present invention further provides an electronic device, where the device includes:
the client generation module is used for generating a client corresponding to the service type of the application according to the service type of the application;
the distribution module is used for distributing fixed key information for the clients, wherein the fixed key information of each client is different;
the sending module is used for sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
An embodiment of the present invention further provides an electronic device, including: a processor and a memory for storing a computer program capable of running on the processor,
the processor is adapted to perform the steps of the above method when running the computer program.
Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the above-mentioned method.
The information processing method provided by the embodiment of the invention can distribute different fixed key information to the client through the client management platform, thereby ensuring that the content operation of the same service type of the application corresponds to one client. In the information encryption or decryption, first key information for calculating a dynamic key may be acquired, and the dynamic key may be generated using the first key information and the fixed key information. When the client side and the server transmit information, the dynamic key can be used for encrypting or decrypting the interactive information.
On one hand, different clients have different dynamic keys, so that the different clients can be ensured to correspond to different dynamic keys when the server is communicated with the clients, and even if the dynamic key of one client is cracked, the keys of the clients corresponding to other service types are safe, and further, the safe transmission of information can be ensured to the maximum extent.
On the other hand, since the dynamic key is generated based on the fixed key information and the first key information, even if one of the fixed key information or the first key information is cracked, the final dynamic key is not cracked. The first key information can be dynamically generated by the server, and even if the dynamic key is cracked in the current session process, the dynamic key of the next session can be changed, so that the safety of the information in the next session is ensured.
Drawings
FIG. 1 is a schematic diagram of a basic flow chart of an information processing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a basic flow chart of an information processing method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of an information processing method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a client generation method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
FIG. 8 is a block diagram of an information handling system according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an information processing method, which encrypts or decrypts information transmitted by a client and a server by using a fixed key and a dynamic key, so that the information transmitted in a network is a ciphertext, and the information can be ensured not to be directly identified even if the information is acquired in the network transmission process. If only the information transmitted between the browser and the network service is encrypted, the security of the information before transmission cannot be guaranteed, and once the information is obtained and tampered before transmission, the information is not safe any more. If the transmitted information is encrypted in the data processing stage, the data acquired in any transmission stage is ciphertext data. However, since the key encrypted by the client is fixed, once the encrypted data is decrypted, the encrypted key is leaked, and then other data encrypted by the client also has a security problem, thereby causing a large amount of information leakage. In the embodiment of the invention, the client management platform can set one client aiming at the content operation of the same service of the application according to the service type of the application, and then different clients can correspond to different service types of the application. The client management platform can distribute corresponding fixed key information for each client, and further can ensure that the fixed key information of each client is different. After the client is started, the first key information can be obtained from the server, and then the dynamic key is generated by using the first key information and the fixed key information of the client. Meanwhile, the server can acquire the fixed key information of the client from the client management platform, and generate a dynamic key by using the first key information of the client and the fixed key information of the client. When the client and server communicate information, the client and server encrypt and decrypt the communicated information using the dynamic key.
The service types may be divided according to the function, attribute, or object of the application, for example, the game characters of a certain application or the operation contents of an equipment mall may be divided into different service types of the application.
The basic flow of the information processing method provided in the embodiment of the present invention is shown in fig. 1, and may include the following steps:
step 101, acquiring first key information for calculating a dynamic key;
102, generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and 103, encrypting or decrypting the information for interaction by using the dynamic key.
The information processing method may be applied to a terminal in which the client is installed, or to a server that provides a service to the client.
The client in the embodiment of the invention is a client corresponding to the service type of the application, and the operation contents of different service types correspond to different clients. For example, when a certain application adds a service type of an equipment mall, the client management platform may set a corresponding web client for the equipment mall. In this way, all operable contents in the application can be prevented from corresponding to one client, and therefore the privacy of the operable contents can be increased.
When the method is applied to a terminal installed with the client, before the step 101, the method further includes: and when the client is started, sending a session request to a server. Specifically, after a client is loaded, the client sends a session request to the server to establish a session connection with the server.
In step 101, when the method is applied to a terminal installed with the client, the obtaining first key information for calculating a dynamic key includes: the first key information for calculating a dynamic key is received from a server. The first key information may be key information that the server allocates to each client.
When the method is applied to a server providing services for the client, the obtaining first key information for calculating a dynamic key comprises: and locally reading the first key information for calculating the dynamic key. Here, the first key information may be key information locally generated by the server.
Specifically, when a client is loaded, the client sends a session request to the server. And after receiving the session request, the server locally reads the first key information distributed to the client and sends the first key information to the client. The KEY information here may be a KEY (KEY) value, and the server may randomly generate the KEY value locally. After the server distributes the first key information to the corresponding client, the corresponding relation between the distributed first key information and the client is recorded.
In step 102, the dynamic key is generated according to the first key information and the fixed key information of the client, and the first key information and the fixed key information may be processed by using a preset rule for the client or the server to generate the dynamic key information. The preset rule can be a preset algorithm and other data processing modes.
The generating the dynamic key according to the first key information and the fixed key information of the client may include: performing confusion operation on the first key information and the fixed key information to obtain a confused character string; and carrying out hash processing on the character string to generate the dynamic key. For example, the first key information and the fixed key information may be obfuscated using a bit operation, which may be a bitwise and operation, a bitwise or operation, an exclusive or operation, or the like. The hashing process on the character string may be a salt hashing process on the character string, and the salt hashing algorithm may be HMAC-SHA 1.
When the bit operation is a bitwise and operation, the obfuscating the first key information and the fixed key information to obtain an obfuscated character string may include: and performing bitwise AND operation on the first key information and the fixed key information to generate a confused character string.
It should be noted that this is merely an example of a method for generating a dynamic key, and an appropriate dynamic key generation method may be selected according to the requirements of a specific encryption scenario in actual operation.
The fixed key information may be key information distributed by the client management platform when the client is generated. The fixed key information of different clients is different. The client management platform may manage the clients according to the service types of the applications, for example, add clients, subtract clients, or allocate fixed key information to the clients. And after receiving the fixed key information distributed by the client management platform, the client stores the fixed key information.
Optionally, the client receives fixed key information periodically sent by the client management platform. The client management platform can set a period for updating the fixed key information, and redistribute the fixed key information for the client to re-strengthen the client; the similarity between the information delivered by the re-hardened client may be lower than a certain threshold, for example, the similarity is lower than 30%. And further, different dynamic keys used by different clients can be ensured, and the safety in the information interaction process is improved.
Correspondingly, when receiving a session request of a client, the server acquires the fixed key information of the client from the client management platform. The dynamic key may then be generated using the fixed key information and the first key information of the client.
In step 103, the client or the server encrypts or decrypts the interactive information by using the dynamic key. When the client side and the server carry out information interaction, the generated dynamic key information can be used for encrypting or decrypting the interactive information. Therefore, when information interaction is carried out, each client can encrypt or decrypt the information interacted with the server by using a dynamic key different from other clients, and even if the dynamic key of one client is cracked, the information safety of other clients cannot be influenced; and the fixed key information for generating the dynamic key can be periodically updated, so that the security of the next session of the client cannot be influenced, and the security of information transmission can be improved.
An embodiment of the present invention further provides an information processing method, a basic flow of the information processing method is shown in fig. 2, and the method includes the following steps:
step 201, generating a client corresponding to the service type of the application according to the service type of the application;
step 202, distributing fixed key information to the clients, wherein the fixed key information of each client is different;
step 203, sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
The information processing method provided by the embodiment of the present invention may be applied to a client management platform, and step 201 may be that the client management platform generates a client corresponding to an application service type according to the application service type.
The service types can be divided according to the function, attribute or object of the application, such as the game characters of a certain application or the operation contents of an equipment mall, and can be divided into different service types of the application. For example, when the client management platform detects that a new service is added to a certain application, such as a service of an equipment mall, the client management platform may set a corresponding web client for the equipment mall. In this way, all operable contents in the application can be prevented from corresponding to one client, and therefore the privacy of the operable contents can be increased.
In step 202, the client management platform allocates fixed key information to the client. Here, the client management platform may randomly allocate the fixed key information, and the fixed key information of each client is different. When distributing the fixed key information, the client management platform can also record the corresponding relation between the fixed key information and each client, so that when the server obtains the fixed key information of a certain client from the client management platform, the client management platform can send the fixed key information corresponding to the client to the server according to the corresponding relation between the fixed key information and the client.
Optionally, the client management platform may periodically distribute fixed key information to the client. The client management platform can set a period for updating the fixed key information, and redistribute the fixed key information for the client to re-strengthen the client; the similarity between the information delivered by the re-hardened client may be lower than a certain threshold, for example, the similarity is lower than 30%. And further, different dynamic keys used by different clients can be ensured, and the safety in the information interaction process is improved.
Correspondingly, after the client management platform updates the fixed key information, the updated fixed key information is sent to the server, so that the server can generate a dynamic key by using the updated fixed key information, and further the server encrypts or decrypts the information interacted with the client by using a correct dynamic key.
Optionally, the client management platform may further receive a risk report sent by a risk control system; when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior; and sending the new fixed key information to an abnormal client and server. The client management platform can also update the client with the abnormal behavior when the risk report indicates that the client with the abnormal behavior exists.
In order to better ensure the safety of information in the transmission process, a risk control system can be established to monitor the behavior of the client. When the risk control system detects that a certain client has abnormal behaviors, a risk report can be sent to the client management platform. The abnormal behavior may include: discovering that there is tampered data without permission; or, some operation of the client is too frequent; or the client's functionality cannot be used, etc. When the client management platform receives the client indicating that the abnormal behavior exists, the client management platform can redistribute the fixed key information to the abnormal client so that the abnormal client and the server update the dynamic key and the information safety is ensured.
In step 203, the client management platform may send the fixed key information of the client to a server and a terminal installed with the client. The fixed key information can be used for generating a dynamic key with first key information provided by a server; the dynamic key may be used to encrypt or decrypt information interacting between the server and the client.
Fig. 3 is a schematic flowchart of an information processing method according to an embodiment of the present invention. The information processing method may include the steps of:
and step 310, the client management platform generates a plurality of clients according to the service types of the applications, and distributes fixed key information to each client.
The process of the client generation method may be as shown in fig. 4, and may include the following steps:
step 311, when the application adds new operable content, adding new operable content to the client management platform;
step 312, the client management platform randomly generates a fixed key message;
in step 313, the client management uses the generated fixed key information to generate a client that can only be used for the new operation content in combination with the new operation content.
For example, when a certain function is added to an application, or one or more articles are added to a shopping mall, a corresponding web client may be added to the operable content according to the newly added operable content. Therefore, the same client side can be prevented from being adopted by all the operable contents, and the privacy of the operating contents is improved.
Step 314, synchronize the generated client to the application for the user to use.
In order to improve information security, the client management platform can periodically send fixed key information to the client.
Step 320, after the client is loaded, the client sends a session request to the server, and acquires the first key information from the server.
Here, the first KEY information may be KEY information, such as a KEY value, randomly generated by the server according to the session request.
And step 330, the client generates a dynamic key according to the first key information and the fixed key information of the client.
The client performs confusion operation on self fixed KEY information and a KEY value acquired from the server, then performs salt hash operation on the confused character string, and takes the obtained hash value as a dynamic KEY.
Step 340, the server obtains the fixed key of the client from the client management platform, and generates a dynamic key by using the first key information and the fixed key information.
Here, the manner in which the server generates the dynamic key may be the same as the manner in which the client generates the dynamic key, and details are not described here.
And step 350, the client and the server use the dynamic key to perform information interaction.
When the client and the server carry out information transfer, the generated dynamic key can be used for encrypting or decrypting the transferred information.
In the embodiment of the invention, different clients can correspond to different service types of the application, and have different fixed key information. Therefore, the dynamic key generated based on the fixed key information has higher security and is not easy to be cracked, and even if the dynamic key of a certain client is cracked, the communication security of other clients cannot be influenced.
In the embodiment of the invention, when the preset time period is reached or an abnormal client is found, the client and the fixed key information can be updated in time. Even if the dynamic secret key of the client is cracked, the communication safety of other users of the same client and the communication safety of the next session of the user cannot be influenced.
An embodiment of the present invention further provides a terminal, where a structure of the terminal is shown in fig. 5, and the terminal includes:
an obtaining module 501, configured to obtain first key information used for calculating a dynamic key;
a generating module 502, configured to generate the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and an encryption and decryption module 503, configured to encrypt or decrypt the interactive information with the dynamic key.
The client is formed according to the service type of the application, wherein different service types correspond to different clients.
The client management platform can set a client for content operation of the same service of the application according to the service type of the application, and then different clients can correspond to different service types of the application. The client management platform can distribute corresponding fixed key information for each client, and further can ensure that the fixed key information of each client is different. The obtaining module 501 receives the first key information for calculating the dynamic key from the server; the generating module 502 may further generate a dynamic key by using the first key information and its own fixed key information. When the client and the server transmit information, the encryption and decryption module 503 uses the dynamic key to encrypt or decrypt the transmitted information.
The encryption and decryption module 503 is specifically configured to perform an obfuscation operation on the first key information and the fixed key information to obtain an obfuscated character string; and carrying out hash processing on the character string to generate the dynamic key. The hashing process on the character string may be a salt hashing process on the character string, and the salt hashing algorithm may be HMAC-SHA 1.
The encryption and decryption module 503 is specifically configured to perform bitwise and operation on the first key information and the fixed key information to generate an obfuscated character string. The bitwise and operation may be replaced by a bitwise or operation or an exclusive or operation.
Further, the obtaining module 501 is further configured to receive fixed key information periodically sent by the client management platform. In this way, the generating module 502 may periodically generate the dynamic key, so that the encryption and decryption module 503 may use different dynamic keys to encrypt or decrypt information at regular time. Therefore, even if the dynamic key of one client is cracked, the information safety of other clients is not influenced, and the information safety is improved.
An embodiment of the present invention further provides a server, where a composition structure of the server is shown in fig. 6, and the server includes:
an obtaining module 601, configured to obtain first key information used for calculating a dynamic key;
a generating module 602, configured to generate the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and an encryption and decryption module 603, configured to encrypt or decrypt the interactive information with the dynamic key.
The client is formed according to the service type of the application, wherein different service types correspond to different clients.
The client management platform can set a client for content operation of the same service of the application according to the service type of the application, and then different clients can correspond to different service types of the application. The client management platform can distribute corresponding fixed key information for each client, and further can ensure that the fixed key information of each client is different. The obtaining module 601 locally reads the first key information for calculating the dynamic key; the generating module 602 may further generate a dynamic key by using the first key information and its own fixed key information. When the client and the server transmit information, the encryption and decryption module 603 encrypts or decrypts the transmitted information using the dynamic key.
The encryption and decryption module 603 is specifically configured to perform an obfuscation operation on the first key information and the fixed key information to obtain an obfuscated character string; and carrying out hash processing on the character string to generate the dynamic key. The hashing process on the character string may be a salt hashing process on the character string, and the salt hashing algorithm may be HMAC-SHA 1.
The encryption and decryption module 603 is specifically configured to perform bitwise and operation on the first key information and the fixed key information to generate an obfuscated character string. The bitwise and operation may be replaced by a bitwise or operation or an exclusive or operation.
Further, the obtaining module 601 is further configured to receive fixed key information periodically sent by the client management platform. In this way, the generating module 602 may periodically generate the dynamic key, so that the encryption and decryption module 603 may use different dynamic keys to encrypt or decrypt information at regular time. Therefore, even if the dynamic key of one client is cracked, the information safety of other clients is not influenced, and the information safety is improved.
An embodiment of the present invention further provides an electronic device, where a composition structure of the electronic device is shown in fig. 7, and the electronic device includes:
a client generation module 701, configured to generate a client corresponding to an application service type according to the application service type;
an allocating module 702, configured to allocate fixed key information to the clients, where the fixed key information of each client is different;
a sending module 703, configured to send the fixed key information of the client to a server and a terminal installed with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
The service types can be divided according to the function, attribute or object of the application, such as the game characters of a certain application or the operation contents of an equipment mall, and can be divided into different service types of the application. In this way, all operable contents in the application can be prevented from corresponding to one client, and therefore the privacy of the operable contents can be increased.
The allocating module 702 is further configured to periodically allocate fixed key information to the client. Therefore, even if the dynamic key of one client is cracked, the information safety of other clients is not influenced, and the information safety is improved.
The encryption device further includes: a receiving module 704, configured to receive a risk report sent by a risk control system; the allocating module 702 is further configured to, when the risk report indicates that there is a client with abnormal behavior, allocate new fixed key information to the client with abnormal behavior; the sending module 703 is further configured to send the new fixed key information to an abnormal client and server.
Optionally, the encryption device further includes: a client updating module 705, configured to update the client with the abnormal behavior when the risk report indicates that the client with the abnormal behavior exists. In this way, when the receiving module 704 receives a client that shows that there is an abnormal behavior, the client updating module 705 may also update the client in time. Because the client is loaded when the user uses the client each time, the user can use the safe client in time. Even if the dynamic secret key of the client is cracked, the communication safety of other users of the same client and the communication safety of the next session of the user cannot be influenced.
An embodiment of the present invention further provides an information processing system, where a composition structure of the system is shown in fig. 8, and the system includes: terminal 801, server 802, client management platform 803.
The terminal 801 is provided with a client, and is configured to receive first key information used for calculating a dynamic key from the server 802, generate the dynamic key according to the first key information and fixed key information of the client, and encrypt or decrypt interactive information using the dynamic key.
The server 802 is configured to send first key information used for calculating a dynamic key to the terminal 801, generate the dynamic key according to the first key information and fixed key information of the client, and encrypt or decrypt interactive information using the dynamic key.
The client management platform 803 is configured to generate a client corresponding to an application service type according to the application service type; distributing fixed key information to the clients, wherein the fixed key information of each client is different; and sending the fixed key information of the client to a server and a terminal provided with the client.
Further, the terminal 801 or the server 802 is further configured to receive fixed key information periodically sent by the client management platform.
The terminal 801 or the server 802 is specifically configured to perform an obfuscation operation on the first key information and the fixed key information to obtain an obfuscated character string; and carrying out hash processing on the character string to generate the dynamic key.
The terminal 801 or the server 802 is specifically configured to perform bitwise and operation on the first key information and the fixed key information to generate an obfuscated character string.
The client management platform 803 is further configured to periodically send fixed key information allocated to the client to the terminal and the server.
Optionally, the system further comprises: a risk control system 804, configured to monitor a behavior of the client, and send a risk report to the client management platform 803 when detecting that the client has an abnormal behavior.
The client management platform 803 is further configured to receive a risk report sent by the risk control system; when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior; and sending the new fixed key information to an abnormal client and server.
Specifically, the client management platform 803 generates a plurality of clients according to the service types of the applications, allocates fixed key information to each client, and sends the fixed key information to the terminal and the server on which the client is installed. When the client is loaded, the terminal 801 that mounts the client sends a session request to the server 802, and acquires the first key information from the server 802. Here, the first KEY information may be KEY information, such as a KEY value, randomly generated by the server according to the session request.
The terminal 801 performs an operation of obfuscating the fixed key information of the client and the first key information obtained from the server 801, and then performs a hash operation of adding salt to the obfuscated character string, and uses the obtained hash value as a dynamic key. Accordingly, the server 802 may generate a dynamic key using the first key information and the fixed key information of the client. When the client and the server carry out information transfer, the generated dynamic key can be used for encrypting or decrypting the transferred information.
In the embodiment of the invention, different clients can correspond to different service types of the application, and have different fixed key information. Therefore, the dynamic key generated based on the fixed key information has higher security and is not easy to be cracked, and even if the dynamic key of a certain client is cracked, the communication security of other clients cannot be influenced.
To better ensure the security of the information during transmission, the risk control system 804 monitors the behavior of the client. When the risk control system 804 detects that a client has abnormal behavior, a risk report may be sent to the client management platform 803. When receiving the client indicating that there is an abnormal behavior, the client management platform 803 may redistribute the fixed key information to the client having the abnormal behavior, so that the client and the server having the abnormal behavior update the dynamic key, thereby ensuring the security of the information. Because the client is loaded when the user uses the client each time, the user can use the safe client in time. Even if the dynamic secret key of the client is cracked, the communication safety of other users of the same client and the communication safety of the next session of the user cannot be influenced.
An embodiment of the present invention further provides an electronic device, where a composition structure of the electronic device is shown in fig. 9, and the electronic device includes: a processor 901 and a memory 902 for storing computer programs capable of running on the processor,
the processor 901 is configured to execute the following method steps when running the computer program:
acquiring first key information for calculating a dynamic key;
generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and encrypting or decrypting the information for interaction by using the dynamic key.
The processor 901, when running the computer program, further performs:
and receiving fixed key information periodically sent by the client management platform.
The processor 901, when running the computer program, further performs:
performing confusion operation on the first key information and the fixed key information to obtain a confused character string; and carrying out hash processing on the character string to generate the dynamic key.
The processor 901, when running the computer program, further performs:
and performing bitwise AND operation on the first key information and the fixed key information to generate a confused character string.
The client is formed according to the service type of the application, wherein different service types correspond to different clients.
When the processor 901 is located in a terminal installed with the client, the processor 901, when running the computer program, further performs:
the first key information for calculating a dynamic key is received from a server.
When the processor 901 is located in a server providing services to the client, the processor 901, when running the computer program, further performs:
and locally reading the first key information for calculating the dynamic key.
An embodiment of the present invention further provides a storage medium, on which a computer program is stored, and the computer program is configured to execute at least the following steps of the method:
acquiring first key information for calculating a dynamic key;
generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by the client management platform, and the fixed key information of different clients is different;
and encrypting or decrypting the information for interaction by using the dynamic key.
The computer program, when executed by the processor, further performs:
and receiving fixed key information periodically sent by the client management platform.
The computer program, when executed by the processor, further performs:
performing confusion operation on the first key information and the fixed key information to obtain a confused character string; and carrying out hash processing on the character string to generate the dynamic key.
The computer program, when executed by the processor, further performs:
and performing bitwise AND operation on the first key information and the fixed key information to generate a confused character string.
The computer program, when executed by the processor, further performs:
the first key information for calculating a dynamic key is received from a server.
The computer program, when executed by the processor, further performs:
and reading the first key information for calculating the dynamic key.
An embodiment of the present invention further provides an electronic device, where a composition structure of the electronic device is shown in fig. 10, and the electronic device includes: a processor 1001 and a memory 1002 for storing computer programs capable of running on the processor,
the processor 1001 is configured to execute the following method steps when running the computer program:
generating a client corresponding to the service type of the application according to the service type of the application;
distributing fixed key information to the clients, wherein the fixed key information of each client is different;
sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
The processor 1001, when running the computer program, further performs:
and periodically distributing fixed key information to the client.
The processor 1001, when running the computer program, further performs:
receiving a risk report sent by a risk control system;
when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior;
and sending the new fixed key information to an abnormal client and server.
An embodiment of the present invention further provides a storage medium, on which a computer program is stored, and the computer program is configured to execute at least the following steps of the method:
generating a client corresponding to the service type of the application according to the service type of the application;
distributing fixed key information to the clients, wherein the fixed key information of each client is different;
sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client.
The computer program, when executed by the processor, further performs:
and periodically distributing fixed key information to the client.
The computer program, when executed by the processor, further performs:
receiving a risk report sent by a risk control system;
when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior;
and sending the new fixed key information to an abnormal client and server.
It is understood that the processor in the embodiments of the present invention may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium having a memory and a processor reading the information in the memory and combining the hardware to perform the steps of the method.
The memory in embodiments of the present invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only (Memory CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced Synchronous DRAM), Direct Memory Access (DRAM), and Direct Memory Access (DRDRU). The described memory for embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (10)

1. An information processing method, characterized in that the method comprises:
acquiring first key information for calculating a dynamic key; the first key information is dynamically generated by a server;
generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by a client management platform or the clients, the fixed key information of different clients is different, the clients are generated by the client management platform according to the same service of the service type of the application, and the different clients correspond to different service types in the application;
encrypting or decrypting the information for interaction by using the dynamic key;
the method further comprises the following steps: and receiving fixed key information periodically sent by the client management platform, or receiving the fixed key information updated by the client management platform under the condition that the client has abnormal behaviors.
2. The method of claim 1, wherein generating the dynamic key according to the first key information and fixed key information of the client comprises:
performing confusion operation on the first key information and the fixed key information to obtain a confused character string;
and carrying out hash processing on the character string to generate the dynamic key.
3. The method of claim 2, wherein obfuscating the first key information and the fixed key information to obtain an obfuscated character string comprises:
and performing bitwise AND operation on the first key information and the fixed key information to generate a confused character string.
4. The method according to any one of claims 1 to 3,
if the method is applied to a terminal provided with the client, the acquiring first key information for calculating the dynamic key comprises the following steps:
the first key information for calculating a dynamic key is received from a server.
5. The method according to any one of claims 1 to 3,
if the method is applied to a server providing services to the client, the obtaining first key information for calculating a dynamic key includes:
and locally reading the first key information for calculating the dynamic key.
6. An information processing method, characterized in that the method comprises:
generating different clients corresponding to different service types in the same application according to different service types in the same application;
distributing fixed key information to the clients, wherein the fixed key information of each client is different;
sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client;
the method further comprises the following steps: periodically distributing fixed key information for the client, or receiving a risk report sent by a risk control system; when the risk report indicates that the client side with abnormal behavior exists, distributing new fixed key information for the client side with abnormal behavior; and sending the new fixed key information to an abnormal client and server.
7. An electronic device, wherein the electronic device is a terminal or a server, the electronic device comprising:
the acquisition module is used for acquiring first key information used for calculating a dynamic key;
the generating module is used for generating the dynamic key according to the first key information and the fixed key information of the client; the fixed key information is distributed by a client management platform or clients, the fixed key information of different clients is different, the clients are generated by the client management platform according to the same service of the service type of the application, and the different clients correspond to different service types in the application;
the encryption and decryption module is used for encrypting or decrypting interactive information by using the dynamic key;
the obtaining module is further configured to receive fixed key information periodically sent by the client management platform, or the obtaining module is further configured to receive fixed key information updated by the client management platform when the client is abnormal.
8. An electronic device, characterized in that the electronic device comprises:
the client generation module is used for generating different clients corresponding to different service types in the same application according to different service types in the same application;
the distribution module is used for distributing fixed key information for the clients, wherein the fixed key information of each client is different;
the sending module is used for sending the fixed key information of the client to a server and a terminal provided with the client; the fixed key information is used for generating a dynamic key together with first key information provided by a server; the dynamic key is used for encrypting or decrypting information interacted between the server and the client;
the distribution module is further configured to periodically distribute fixed key information to the client, or the electronic device further includes a receiving module, where the receiving module is configured to receive a risk report sent by a risk control system; the allocation module is further configured to allocate new fixed key information to the client having the abnormal behavior when the risk report indicates that the client having the abnormal behavior exists; and the sending module is further configured to send the new fixed key information to the client having the abnormal behavior.
9. An electronic device, comprising: a processor and a memory; wherein the content of the first and second substances,
a memory for storing a computer program capable of running on the processor,
the processor, coupled to the memory, configured to perform the steps of the method of any of claims 1 to 5 or 6 when the computer program is executed.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5 or claim 6.
CN201810117435.2A 2018-02-06 2018-02-06 Information processing method, electronic device, and storage medium Active CN108495309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810117435.2A CN108495309B (en) 2018-02-06 2018-02-06 Information processing method, electronic device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810117435.2A CN108495309B (en) 2018-02-06 2018-02-06 Information processing method, electronic device, and storage medium

Publications (2)

Publication Number Publication Date
CN108495309A CN108495309A (en) 2018-09-04
CN108495309B true CN108495309B (en) 2022-03-25

Family

ID=63344422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810117435.2A Active CN108495309B (en) 2018-02-06 2018-02-06 Information processing method, electronic device, and storage medium

Country Status (1)

Country Link
CN (1) CN108495309B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110334528A (en) * 2019-06-04 2019-10-15 北京口袋时尚科技有限公司 Digital ID obscures method, obscures digital ID method of calibration and device
CN112564901B (en) * 2020-12-08 2023-08-25 三维通信股份有限公司 Method and system for generating secret key, storage medium and electronic device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1627682A (en) * 2003-12-12 2005-06-15 华为技术有限公司 Method for creating dynamic cipher at time of building connection in network transmission
CN101631305A (en) * 2009-07-28 2010-01-20 交通银行股份有限公司 Encryption method and system
CN102118392A (en) * 2011-01-18 2011-07-06 南京朗睿软件科技有限公司 Encryption/decryption method and system for data transmission
CN104486307A (en) * 2014-12-03 2015-04-01 中国电子科技集团公司第三十研究所 Decentralized key management method based on homomorphic encryption
US9806888B1 (en) * 2016-07-06 2017-10-31 Shimon Gersten System and method for data protection using dynamic tokens

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883108B (en) * 2010-06-29 2014-12-10 中兴通讯股份有限公司 Document transmission method and system of dynamic authentication
US20130290733A1 (en) * 2012-04-26 2013-10-31 Appsense Limited Systems and methods for caching security information
NL2014020B1 (en) * 2014-12-19 2016-10-12 Ivent Mobile B V Voice and text data service for mobile subscribers.
CN104796399B (en) * 2015-01-08 2017-09-19 北京思普崚技术有限公司 A kind of cryptographic key negotiation method of Data Encryption Transmission
CN106850699B (en) * 2017-04-10 2019-11-29 中国工商银行股份有限公司 A kind of mobile terminal login authentication method and system
CN107395581B (en) * 2017-07-11 2020-11-17 上海众人网络安全技术有限公司 Two-dimensional code generation and reading method, device, system, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1627682A (en) * 2003-12-12 2005-06-15 华为技术有限公司 Method for creating dynamic cipher at time of building connection in network transmission
CN101631305A (en) * 2009-07-28 2010-01-20 交通银行股份有限公司 Encryption method and system
CN102118392A (en) * 2011-01-18 2011-07-06 南京朗睿软件科技有限公司 Encryption/decryption method and system for data transmission
CN104486307A (en) * 2014-12-03 2015-04-01 中国电子科技集团公司第三十研究所 Decentralized key management method based on homomorphic encryption
US9806888B1 (en) * 2016-07-06 2017-10-31 Shimon Gersten System and method for data protection using dynamic tokens

Also Published As

Publication number Publication date
CN108495309A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
CN107659829B (en) Video encryption method and system
US9668127B2 (en) Method for allocating communication key based on android intelligent mobile terminal
AU2012241181B2 (en) System and method for asset lease management
US20150074393A1 (en) Method, Apparatus, and System for Implementing Media Data Processing
CN109151507B (en) Video playing system and method
US10148430B1 (en) Revocable stream ciphers for upgrading encryption in a shared resource environment
CN108495309B (en) Information processing method, electronic device, and storage medium
CN112822021B (en) Key management method and related device
CN113312655A (en) File transmission method based on redirection, electronic equipment and readable storage medium
JP2006279269A (en) Information management device, information management system, network system, user terminal, and their programs
CN110020533B (en) Safety protection method for VR resources and terminal
CN105518696A (en) Performing an operation on a data storage
CN116166749A (en) Data sharing method and device, electronic equipment and storage medium
CN111031352A (en) Audio and video encryption method, security processing method, device and storage medium
CN113824713B (en) Key generation method, system and storage medium
CN108256346B (en) Key data protection method, encryption protection device and embedded system device
CN113609522B (en) Data authorization and data access method and device
CN108985109A (en) A kind of date storage method and device
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
CN113779629A (en) Key file sharing method and device, processor chip and server
CA2849174C (en) System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
CN108156112B (en) Data encryption method, electronic equipment and network side equipment
CN111431846B (en) Data transmission method, device and system
KR101609095B1 (en) Apparatus and method for data security in content delivery network
CN115225934B (en) Video playing method, system, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant