CN108833449A - Web communication encrypted transmission method, apparatus and system based on RAS algorithm - Google Patents
Web communication encrypted transmission method, apparatus and system based on RAS algorithm Download PDFInfo
- Publication number
- CN108833449A CN108833449A CN201810952373.7A CN201810952373A CN108833449A CN 108833449 A CN108833449 A CN 108833449A CN 201810952373 A CN201810952373 A CN 201810952373A CN 108833449 A CN108833449 A CN 108833449A
- Authority
- CN
- China
- Prior art keywords
- ras
- public key
- client
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
This application provides a kind of web communication encrypted transmission method, apparatus and systems based on RAS algorithm, wherein the method includes:The landing request information of client is received, the landing request information includes at least:Original code;According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;The RAS public key is sent to the client;The client is obtained according to the Crypted password after the RAS public key encryption;According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;The solution confidential information is verified, and sends status code to the client.Encrypted transmission method provided herein, apparatus and system can be based on RAS algorithm, significantly more efficient method provided, to solve the problems, such as that existing Web encryption method encryption intensity is low.
Description
Technical field
This application involves technical field of network security more particularly to a kind of web communication encrypted transmission sides based on RAS algorithm
Method, apparatus and system.
Background technique
Currently, network has become the not departing a part of life.With days such as shopping, online payment, acquisition of information
" the interconnection networking " often lived, personal secrets abuse occurrence frequency increasingly increases.Perfect the letter of citizen, company or even country
It is very urgent to cease safety precautions.
The acquisition of Internet era, account information are ubiquitous, and account information is leaked, is abused and has become and can not avoid
Problem, fingerprint recognition, recognition of face these biological identification technologies also do not escape death by sheer luck.For example, Barcelona, ESP is lifted
In the World Mobile Communications conference done, Wall Street Journal reporter has copied a fingerprint film with plasticine, only with simple method
The unlocked by fingerprint of iPhone is just cracked;Stanford University has also developed a face tracking software, is captured and is used by camera
The movement and facial expression at family, then can be reached using 3D modeling and its effect true to nature, to crack recognition of face.By
In the limitation of people's epistemic logic, the infull defect of logic not can avoid, and be eternal theme safely therefore.It is with high safety
The framework of trusted system, it is ensured that data transmission, data storage, management strategy etc. are credible could more preferably to accomplish Initiative Defense, promoted
The safety coefficient of network system.
In general, Web application requires user and carries out login use, account and password when login exist in transmission process
Great security risk.In network transmission, any network packet can be intercepted, and therefore, plaintext transmission account can be led with password
The leakage of breath is write, in order to ensure the safety in transmission process, generally uses https format, https can fight sniff playback
The means such as attack, but https is relied solely on still far from the safety problem in the transmission of enough guarding networks.Therefore, present people
Take the mode of symmetric cryptography to encrypt transmission data, but if encryption code key deposits in Web client, also
It is equivalent to reveal and how encrypt, protecting effect can not be played.
Summary of the invention
This application provides a kind of web communication encrypted transmission method, apparatus and systems based on RAS algorithm, existing to solve
The problem for having Web encryption method encryption intensity low.
In a first aspect, this application provides a kind of web communication encrypted transmission method based on RAS algorithm, the method packet
It includes:
The landing request information of client is received, the landing request information includes at least:Original code;
According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;
The RAS public key is sent to the client;
The client is obtained according to the Crypted password after the RAS public key encryption;
According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;
The solution confidential information is verified, and sends status code to the client.
With reference to first aspect, the first in first aspect according to landing request information, can generate RAS in realization mode
Public key, including:
Randomly select the first prime number p1 and the second prime number p2;
Determine the first public key n, and n=p1*p2;
Determine the second public key e, and e is a random integers relatively prime with φ (n).
With reference to first aspect, in second of achievable mode of first aspect, it is private to generate RAS for the corresponding RAS public key
Key, including:
Extract the encryption information in the landing request information;
According to the encryption information, the RAS public key and the original code, RAS private key is generated.
With reference to first aspect, first aspect the third can in realization mode, the method includes:
The RAS private key is stored into server.
With reference to first aspect, in the 4th kind of achievable mode of first aspect, client is obtained according to the RAS public key
Before encrypted Crypted password,
The client generates Crypted password according to the original code, predetermined encryption information and the RAS public key.
With reference to first aspect, in the 5th kind of achievable mode of first aspect, the solution confidential information is verified, and send shape
State code to the client, including:
Compare the solution confidential information and the original code;
If matching degree meets preset range, login successfully, and sets 1 for status code;
If matching degree is unsatisfactory for preset range, login failure, and sets 0 for status code.
Second aspect, this application provides a kind of web communication encrypted transmission device based on RAS algorithm, described device packet
It includes:
Landing request information receiving unit, for receiving the landing request information of client, the landing request information is extremely
Include less:Original code;
First code key generation unit, for generating RAS public key according to the landing request information;Second code key generates single
Member generates RAS private key for corresponding to the RAS public key;
Transmission unit, for sending the RAS public key to the client;
Crypted password acquiring unit, for obtaining the client according to the Crypted password after the RAS public key encryption;
Information acquisition unit is decrypted, for decrypting the Crypted password according to the RAS private key, obtains solution confidential information;
Authentication unit for verifying the solution confidential information, and sends status code to the client.
In conjunction with second aspect, the first in second aspect can be in realization mode, and the first code key generation unit includes:
Selection unit, for randomly selecting the first prime number p1 and the second prime number p2;
First determination unit, for determining the first public key n, and n=p1*p2;
Second determination unit, for determining the second public key e, and e is a random integers relatively prime with φ (n).
In conjunction with second aspect, in second of achievable mode of second aspect, the second code key generation unit includes:
Extraction unit, for extracting the encryption information in the landing request information;
Private key generation unit, for it is private to generate RAS according to the encryption information, the RAS public key and the original code
Key.
In conjunction with second aspect, the third in second aspect can be in realization mode, and described device further includes:
Storage unit, for storing the RAS private key into server.
In conjunction with second aspect, in the 4th kind of achievable mode of second aspect, described device further includes:
Crypted password generation unit, it is public according to the original code, predetermined encryption information and the RAS for the client
Key generates Crypted password.
In conjunction with second aspect, in the 5th kind of achievable mode of second aspect, the authentication unit includes:
Comparison unit, for comparing the solution confidential information and the original code;
First setting unit logins successfully if meeting preset range for matching degree, and sets 1 for status code;
Second setting unit if being unsatisfactory for preset range, login failure for matching degree, and sets status code to
0。
The third aspect, this application provides a kind of web communication encryption transmission system based on RAS algorithm, the system packets
It includes:
Client and server;
Wherein, the client is configurable for sending the landing request information of user to the server;
The RAS public key that the server is sent is received, and Crypted password is generated according to the RAS public key;
The Crypted password is sent to the server;
Reception state code, and judge to log in and whether succeed;
The server is configurable for receiving the landing request information of client, and the landing request information is at least wrapped
It includes:Original code;
According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;
The RAS public key is sent to the client;
The client is obtained according to the Crypted password after the RAS public key encryption;
According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;
The solution confidential information is verified, and sends status code to the client.
By the above technology it is found that this application provides a kind of web communication encrypted transmission method, devices based on RAS algorithm
And system, wherein the method includes:The landing request information of client is received, the landing request information includes at least:It is former
Password;According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;Described in transmission
RAS public key is to the client;The client is obtained according to the Crypted password after the RAS public key encryption;According to the RAS
Private key decrypts the Crypted password, obtains solution confidential information;The solution confidential information is verified, and sends status code to the client.
In use, server receives the landing request information of client sending, and at least extracted from landing request information former close
Code information;Server generates corresponding RAS public key according to landing request information, and the corresponding RAS public key generated simultaneously, generates
RAS private key, wherein the RAS private key can carry out corresponding decryption to the password after RAS public key encryption.Server is by the RAS
Public key sends back client, enables client be encrypted according to RAS public key for original code, and encrypted Crypted password is sent
To server, to play the role of encrypted transmission.Server carries out Crypted password according to the corresponding RAS private key of RAS public key
Decryption, and then complete encrypted transmission process.Solution confidential information after server authentication decryption, is judged whether by analytic solution confidential information
It logins successfully, and indicates logging state in the form of status code, client is back to by server.As it can be seen that the application is by mentioning
For a kind of web communication encrypted transmission method based on RAS algorithm, the login original code of user is encrypted, is added to effectively improve
Close intensity improves the safety of information transmission.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of the application, letter will be made to attached drawing needed in the embodiment below
Singly introduce, it should be apparent that, for those of ordinary skills, without any creative labor,
It is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the web communication encrypted transmission method based on RAS algorithm provided by the embodiments of the present application;
Fig. 2 is a kind of flow chart of method for generating RAS public key provided by the embodiments of the present application;
Fig. 3 is a kind of flow chart of method for generating RAS private key provided by the embodiments of the present application;
Fig. 4 is a kind of prioritization scheme of the web communication encrypted transmission method based on RAS algorithm provided by the embodiments of the present application
Flow chart;
Fig. 5 is the flow chart for the method that a kind of client provided by the embodiments of the present application generates Crypted password;
Fig. 6 is a kind of flow chart of the method for verifying solution confidential information provided by the embodiments of the present application;
Fig. 7 is a kind of structural representation of the web communication encrypted transmission device based on RAS algorithm provided by the embodiments of the present application
Figure;
Fig. 8 is a kind of structural schematic diagram of first code key generation unit provided by the embodiments of the present application;
Fig. 9 is a kind of structural schematic diagram of second code key generation unit provided by the embodiments of the present application;
Figure 10 is a kind of optimization device of the web communication encrypted transmission based on RAS algorithm provided by the embodiments of the present application;
Figure 11 is a kind of web communication encrypted transmission device based on RAS algorithm provided by the embodiments of the present application;
Figure 12 is a kind of structural schematic diagram of authentication unit provided by the embodiments of the present application;
Figure 13 is a kind of web communication encryption transmission system based on RAS algorithm provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
The technical scheme in the embodiment of the application is clearly and completely described for corresponding attached drawing.Obviously, described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
Member's every other embodiment obtained without making creative work, shall fall in the protection scope of this application.With
Technical solution provided by each embodiment of the application is described in detail in lower combination attached drawing.
Referring to Fig. 1, being a kind of web communication encrypted transmission method based on RAS algorithm provided by the embodiments of the present application
Flow chart, the method includes:
Step 100, the landing request information for receiving client, the landing request information include at least:Original code.
Server receives the landing request information from client, which can be computer, smart phone, PC etc.
Various movements or the non-mobile device for having connection server-capabilities.Usual user accesses a certain Web (World using client
Wild Web, global wide area network) webpage when, such as:Shopping page, the payment page, information query page, in order to guarantee that user believes
The safety of breath, user need to send logging request, only after solicited message is verified, ability by user end to server
The corresponding Web page of enough normal logins.Client-side information, such as client type, visitor are generally comprised in landing request information
Network environment etc. where family end system, client;User information, such as corresponding to user account, user's original code, user account
Historical viewings record etc.;It is directed toward Web page, such as search key, search conjunctive word etc..As it can be seen that transmitted by client
Landing request information transmits numerous information, in particular, wherein including the personal information of numerous users, once leakage, the external world will be light
Easily learn the privacy of user.Obviously, the original code of user is the important documents for obtaining Web page logon rights.
Step 200, according to the landing request information, generate RAS public key, and the corresponding RAS public key, it is private to generate RAS
Key.
RAS Encryption Algorithm is a kind of rivest, shamir, adelman, is widely used in public key encryption and e-business.
RAS Encryption Algorithm be 1977 by Peter Lonard Lee Vista (Ron Rivest), A Di Shamir (Adi Shamir) and
Leonard A Deman (Leonard Adleman) is proposed together, and taking three people's surnames beginning letter to be stitched together name should
Encryption Algorithm.
The reliability of RAS algorithm is determined to the difficulty that very big integer does Factorization, and in other words, a very big integer is done
Factorization is more difficult, and RAS algorithm is more reliable.If someone have found it is a kind of can quickly if the algorithm of Factorization,
So it is certain to be greatly reduced with the reliability of the information after RAS algorithm for encryption.However in actual life, it can find such
A possibility that algorithm of Factorization be it is very small, also only have short RAS key that can be cracked by brute force approach at this stage.
Therefore, up to the present, in the world there are no any powerful way that can reliably attack RAS algorithm, as long as RAS key
Length long enough is encrypted, is virtually impossible to be cracked by force with the information of RAS algorithm for encryption, be merely able to by corresponding
Key can be decrypted, and therefore, the information to be transmitted provides high-intensitive safety.
Server landing request information according to transmitted by client carries out information encryption using RAS algorithm, to generate
RAS public key.Server according to the RAS public key of generation, generates corresponding RAS private key simultaneously.Wherein RAS private key can be set as one
Denier client requirements log in different servers, i.e., must regenerate new RAS private key, so that effectively protection user is in difference
Safe information transmission between server.It, can be in advance by numerous servers but in order to improve the efficiency of whole verification process
It is divided into different server groups, as long as the server in this way at same group will be defaulted as associated server, the login of user is asked
It asks information to no longer need to correspond to the different RAS private key of generation again between same group of server, uses same RAS private key
Decrypted rights in shared server group.For the different Web pages in same server, equally can be set as, user is every
Different Web pages is logged in, server needs to regenerate different RAS public key and corresponding RAS private key, so that it is guaranteed that user
The safety of information promotes the use feeling of user to improve the login speed of user, can be by the Web net in same server
Page divides in groups, such as it is that a group or user often use Web that same server, which is the Web page of a group perhaps same type,
Webpage is group etc., in same group of Web page, can enjoy the same RAS public key and corresponding RAS private key.In system
A large amount of generation RAS public keys and RAS private key, and the process constantly sent and received and time can be omitted, to effectively mitigate
System running pressure improves whole efficiency.
Step 300 sends the RAS public key to the client.
Server extracts the RAS public key of generation, and RAS public key is sent to corresponding client.In order to ensure RAS public affairs
RAS public key can be sent the path backtracking of landing request information to server by the transmission accuracy of key according to client.
But in general, same client can send a large amount of solicited message to server in a short time, there are path occupation problems;
Meanwhile different clients can send a large amount of solicited message to same server within same time or short time, if service
Device generates RAS public key and returns to it to client, can greatly increase the work load of server.In order to prevent due to transmission path
Time delay problem caused by occupancy, and mitigate the work load of server.Between the sending time that RAS public key can be set
Every when reaching sending time point, then server uniformly sends the RAS public key saved bit by bit in the time interval to each client.Alternatively,
The accumulation threshold value for setting RAS public key is then sent when server senses that the quantity of current RAS public key reaches the accumulation threshold value
The RAS public key currently saved bit by bit is to each client.Specific transmission process is that server obtains corresponding to each RAS public key to be sent
Client-side information, open dedicated transmission link, the corresponding RAS public key that sends is to each client.RAS provided by the embodiments of the present application
Public key sending mode can not only enable client and the normal information of server transmit and work independently with the transmission of RAS public key, and
The work load of server can effectively be mitigated.Wherein, transmission time interval and accumulation threshold value, can according to real work amount and
Demand dynamic adjusts.
Step 400 obtains the client according to the Crypted password after the RAS public key encryption;
Server receive client return according to the Crypted password after RAS public key encryption.In order to improve whole efficiency, and
Mitigate the work load of server.Whole Crypted passwords are stored in specifically by server first after receiving Crypted password
In buffer, and the time interval of setting processing or the Crypted password amount threshold of setting processing, when the time for reaching setting
Behind interval or after the quantity arriving amt threshold value of Crypted password, the same subsequent processing work for carrying out Crypted password.
Step 500, according to the RAS private key, decrypt the Crypted password, obtain solution confidential information.
Specifically, the Crypted password and RAS private key that server matches are received from client, when Crypted password and RAS are private
It after key matches, is decrypted using RAS private key pair encryption password, obtains the user information carried in Crypted password, such as:
User's original code, encryption information, essential information of user etc..
Step 600, the verifying solution confidential information, and status code is sent to the client.
Server verifies work according to preset verification information, to resulting solution confidential information expansion is decrypted.It can first really
Surely the keyword in solution confidential information and verification information, represents Global Information using keyword and is compared, can effectively subtract in this way
The workload gently compared.The calculating of matching degree is carried out according to keyword, and then is verified result.And it is generated according to verification result
Corresponding status code.
As it can be seen that a kind of login of the application by providing web communication encrypted transmission method based on RAS algorithm, to user
Original code encryption improves the safety of information transmission to effectively improve encryption intensity.
Referring to Fig. 2, for a kind of flow chart for the method for generating RAS public key provided by the embodiments of the present application.In the application
In embodiment, according to landing request information, RAS public key is generated, is specifically included:
Step 201 randomly selects the first prime number p1 and the second prime number p2;
Step 202 determines the first public key n, and n=p1*p2;
Step 203 determines the second public key e, and e is a random integers relatively prime with φ (n).
Random number is extremely important in cryptography, and the code key largely used in secret communication generates the ginseng for needing random number
With.The difficulty that code key is cracked can be increased by randomly selecting, to effectively improve the safety of information.Random number is needed in system
When, prime number is randomly selected using randomizer.Specifically, randomly selecting the first prime number p1 is 3, randomly selects the
Two prime number p2 are 7, then can determine that the first public key n, n is the product of the first prime number p1 and the second prime number p2, i.e. n is 3*7=21;
A relation formula is set, φ (n), when n is 21, i.e. φ (n)=φ (21) then finally randomly selects the second public key e, enables e can
With relatively prime with φ (3*7).
Server generates corresponding RAS private key simultaneously according to RAS public key n and e.Later, server is public by the RAS of generation
Key n and e, are sent to client, are obtaining client according to the encrypted Crypted password of n and e, and private according to corresponding RAS
Key, decryption obtain solution confidential information by the Crypted password after RAS public key encryption.Finally, the resulting solution confidential information of server authentication,
And status code is sent to client.
Referring to Fig. 3, for a kind of flow chart for the method for generating RAS private key provided by the embodiments of the present application.In the application
In embodiment, the corresponding RAS public key generates RAS private key, specifically includes:
Encryption information in step 204, the extraction landing request information;
Step 205, according to the encryption information, the RAS public key and the original code, generate RAS private key.
Specifically, landing request information generally comprises client-side information, such as client type, FTP client FTP, client
Network environment etc. where end;User information, such as the note of historical viewings corresponding to user account, user's original code, user account
Record etc.;It is directed toward Web page, such as search key, search conjunctive word etc.;Encryption information etc..Server is needed according to various letters
It ceases and extracts the character string with encryption information mark in character string.According to encryption information, RAS public key n and e generated, and
Original code information generates corresponding RAS private key.
Specifically, corresponding RAS code key is generated according to following formula (1),
(c^d) (1) mod n=m
Wherein, c represents encryption information, and d represents RAS code key, and n represents the first public key, and m represents original code.
Specifically, RAS code key is calculated according to following processes,
Wherein, c=(m^e) mod n, e represent the second public key, therefore, c^d=((m^e) mod n) ^d;Wherein, (m^e)
Mod n=m^e, therefore, (c^d) mod n=((m^e) ^d) mod n;Wherein, (m^e) ^d=m^ed, therefore, (c^d) mod n
=(m^ed) mod n=m.
By Fermat's theorem it is found that a is coprime with p if p is prime number, then a^ (p-1) ≡ 1 (mod p).Wherein, fixed according to Fermat
(m^ φ (n)) mod n ≡ 1, and 1^k ≡ 1 are managed, so (m^k* φ (n)) mod n ≡ 1 can obtain m* using both sides with multiplied by m
((m^k* φ (n)) mod n) ≡ 1*m, abbreviation can obtain, (m^ (k* φ (n)+1)) mod n ≡ m.
It can obtain from the above analysis, ed=(k* φ (n)+1);It solves, d=(k* φ (n)+1)/e.
According to the above process, it can calculate and obtain RAS private key, and remain the security tool as subsequent decryption Crypted password,
Based on RAS algorithm, and then improve the safety of user information transmission.
Referring to Fig. 4, being a kind of web communication encrypted transmission method based on RAS algorithm provided by the embodiments of the present application
Prioritization scheme flow chart.In the embodiment of the present application, web communication encrypted transmission method further includes:
Step 700, the storage RAS private key are into server.
In general, private key can be stored in the client where user, for decrypting the password of public key encryption, to step on to user
Record solicited message is verified.But user client be easy to happen loss, by hacker attack or client by multiple users
It uses simultaneously, if private key is stored in client, once other users or hacker use the client, that is, can be used should
Private key in client cracks landing request information, so that the logon rights of Web page can not only be obtained, and can obtain former use
The user information at family enables the safety of user information substantially reduce.
The embodiment of the present application preferably scheme, i.e., store RAS private key into server, then RAS private key will not be by user
The loss of place client is attacked or by the infringement of the factors such as other users string use.So no matter user is using any one
A user end to server sends landing request information, as long as at least containing relevant original in the landing request information that user sends
Encrypted message, then the RAS private key in server, which can correspond to, carries out verifying use, without the interference by client.As it can be seen that
RAS private key stores in the server, can not only avoid harm caused by client exception;And it can not be become by client
More, abnormal interference, corresponds only to user itself, as long as that is, user itself sends landing request information, then server can make
Subsequent decryption work is carried out with original RAS private key, it is not necessary to corresponding RAS private key is regenerated, to reduce the work of server
Make the time, mitigate the work load of server, improves whole work efficiency, improve the experience sense of user.
Referring to Fig. 5, for a kind of flow chart of the method for client generation Crypted password provided by the embodiments of the present application.?
In the embodiment of the present application, before obtaining client according to the Crypted password after the RAS public key encryption,
It is close to generate encryption according to the original code, predetermined encryption information and the RAS public key for step 401, the client
Code.
Client receives the RAS public key that server is sent, and close to the original in user logging request information according to RAS public key
Code is encrypted, so that original code be enabled to have the encryption intensity based on RAS algorithm, and then improves the safety of user information, root
Ciphering process is carried out to original code according to formula (2),
(m^e) (2) mod n=c
Wherein, m represents original code, and c represents encryption information, and n represents the first public key, and e represents the second public key, and d represents RAS private
Key.Client extracts original code and encryption information in user logging request information, and calculates resulting RAS according to formula (1)
The corresponding RAS private key of public key encrypts original code.
Referring to Fig. 6, for a kind of flow chart of the method for verifying solution confidential information provided by the embodiments of the present application.In the application
In embodiment, the solution confidential information is verified, and sends status code to the client, including:
Step 601, the comparison solution confidential information and the original code;
If step 602, matching degree meet preset range, login successfully, and sets 1 for status code;
If step 603, matching degree are unsatisfactory for preset range, login failure, and set 0 for status code.
Server cracks client according to the Crypted password of RAS public key encryption according to RAS private key, and obtains solution confidential information.
Server will solve confidential information and be compared with original code, if the matching degree after comparing meets preset range, illustrate client
It is the original code of normal users using the encrypted original code of RAS public key, i.e., the login that landing request information meets server is wanted
It asks, logins successfully, at this point, server sets 1 for status code, for indicating to login successfully state, and by current status code
It is sent to client, later, client can normally log in target Web page, and enforcement of going forward side by side is used;If the matching after comparing
Degree is unsatisfactory for preset range, then illustrates that client is not the original code of normal users using the encrypted original code of RAS public key, when
The problems such as preceding user is it is very likely that there is for other users, hacker, abnormal client network and landing request information are unsatisfactory for taking
The login requirement of business device, the log-on message of user needs to be protected, therefore login failure, at this point, server sets status code
It is set to 0, for indicating login failure state, and current status code is sent to client, later, client will be unable to log in
Target Web page further can be continued to send prompting message to client from server, prompt the current use of client
Correct landing request information, or even the current illegal user of warning are replaced in family, and then improve the safety of user information.
Referring to Fig. 7, being a kind of web communication encrypted transmission device based on RAS algorithm provided by the embodiments of the present application
Structural schematic diagram, in the embodiment of the present application, described device includes:
Landing request information receiving unit 1, for receiving the landing request information of client, the landing request information is extremely
Include less:Original code;
First code key generation unit 2, for generating RAS public key according to the landing request information;Second code key generates single
Member 3 generates RAS private key for corresponding to the RAS public key;
Specifically, the first code key generation unit 2 and the second code key generation unit 3 can also include:Grouped element, being used for will
Numerous servers are divided into server group, or the Web page of same server is divided into Web page group.
Transmission unit 4, for sending the RAS public key to the client;
Specifically, transmission unit 4 can also include:Transmission time interval unit, for when reaching sending time point, then taking
Business device uniformly sends the RAS public key saved bit by bit in the time interval to each client;And threshold decision unit, for when service
Device senses that the quantity of current RAS public key reaches the accumulation threshold value, then sends the RAS public key currently saved bit by bit to each client.
Crypted password acquiring unit 5, for obtaining the client according to the Crypted password after the RAS public key encryption;
Information acquisition unit 6 is decrypted, for decrypting the Crypted password according to the RAS private key, obtains solution confidential information;
Authentication unit 7 for verifying the solution confidential information, and sends status code to the client;
Specifically, authentication unit 7 can also include:Keyword determination unit, for determining solution confidential information and verification information
In keyword;And matching degree computing unit, for carrying out the calculating of matching degree according to keyword, and then it is verified knot
Fruit.
Referring to Fig. 8, being a kind of structural schematic diagram of first code key generation unit provided by the embodiments of the present application, in this Shen
Please be in embodiment, the first code key generation unit 2 includes:
Selection unit 21, for randomly selecting the first prime number p1 and the second prime number p2;
First determination unit 22, for determining the first public key n, and n=p1*p2;
Second determination unit 23, for determining the second public key e, and e is a random integers relatively prime with φ (n).
Referring to Fig. 9, be a kind of structural schematic diagram of second code key generation unit provided by the embodiments of the present application, described the
Two code key generation units 3 include:
Extraction unit 31, for extracting the encryption information in the landing request information;
Private key generation unit 32, for it is private to generate RAS according to the encryption information, the RAS public key and the original code
Key.
Referring to Fig. 10, being a kind of optimization of the web communication encrypted transmission based on RAS algorithm provided by the embodiments of the present application
Device, in the embodiment of the present application, described device further includes:
Storage unit 8, for storing the RAS private key into server.
Figure 11 is please referred to, is a kind of web communication encrypted transmission device based on RAS algorithm provided by the embodiments of the present application.
In the embodiment of the present application, described device further includes:
Crypted password generation unit 9, for the client according to the original code, predetermined encryption information and the RAS
Public key generates Crypted password.
Figure 12 is please referred to, is a kind of structural schematic diagram of authentication unit provided by the embodiments of the present application.Implement in the application
In example, the authentication unit 7 includes:
Comparison unit 71, for comparing the solution confidential information and the original code;
First setting unit 72 logins successfully if meeting preset range for matching degree, and sets status code to
1;
Second setting unit 73 if being unsatisfactory for preset range, login failure for matching degree, and status code is arranged
It is 0.
Figure 13 is please referred to, is a kind of web communication encryption transmission system based on RAS algorithm provided by the embodiments of the present application.
In the embodiment of the present application, the system comprises:Client 10 and server 11;
Wherein, the client 10 is configurable for sending the landing request information of user to the server 11;
The RAS public key that the server is sent is received, and Crypted password is generated according to the RAS public key;
The Crypted password is sent to the server 11;
Reception state code, and judge to log in and whether succeed;
The server 11 is configurable for receiving the landing request information of client 10, and the landing request information is extremely
Include less:Original code;
According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;
The RAS public key is sent to the client 10;
The client 10 is obtained according to the Crypted password after the RAS public key encryption;
According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;
The solution confidential information is verified, and sends status code to the client 10.
It is worth noting that, in the specific implementation, the present invention also provides a kind of computer storage mediums, wherein the computer
Storage medium can be stored with program, which may include the service providing method or use of user identity provided by the invention when executing
Step some or all of in each embodiment of family register method.The storage medium can be magnetic disk, CD, read-only storage note
Recall body (English:Read-only memory, referred to as:ROM) or random access memory is (English:random access
Memory, referred to as:RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software
The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present invention substantially or
Say that the part that contributes to existing technology can be embodied in the form of software products, which can deposit
Storage is in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that computer equipment (can be with
It is personal computer, server or the network equipment etc.) execute certain part institutes of each embodiment of the present invention or embodiment
The method stated.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
Part cross-reference same and similar between each embodiment in this specification.Especially for based on RAS algorithm
Web communication encrypted transmission apparatus and system embodiment for, due to its substantially similar and embodiment of the method, so description
Fairly simple, related place is referring to the explanation in embodiment of the method.
It should be understood that the application is not limited to the exact method and knot for being described above and being shown in the accompanying drawings
Structure, and various modifications and changes may be made without departing from the scope thereof.Scope of the present application only by the attached claims Lai
Limitation.
Claims (13)
1. a kind of web communication encrypted transmission method based on RAS algorithm, which is characterized in that including:
The landing request information of client is received, the landing request information includes at least:Original code;
According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;
The RAS public key is sent to the client;
The client is obtained according to the Crypted password after the RAS public key encryption;
According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;
The solution confidential information is verified, and sends status code to the client.
2. encrypted transmission method according to claim 1, which is characterized in that according to landing request information, it is public to generate RAS
Key, including:
Randomly select the first prime number p1 and the second prime number p2;
Determine the first public key n, and n=p1*p2;
Determine the second public key e, and e is a random integers relatively prime with φ (n).
3. encrypted transmission method according to claim 1, which is characterized in that the corresponding RAS public key generates RAS private key,
Including:
Extract the encryption information in the landing request information;
According to the encryption information, the RAS public key and the original code, RAS private key is generated.
4. encrypted transmission method according to claim 3, which is characterized in that the method includes:
The RAS private key is stored into server.
5. encrypted transmission method according to claim 1, which is characterized in that obtain client and added according to the RAS public key
Before Crypted password after close,
The client generates Crypted password according to the original code, predetermined encryption information and the RAS public key.
6. encrypted transmission method according to claim 1, which is characterized in that verify the solution confidential information, and send state
Code to the client, including:
Compare the solution confidential information and the original code;
If matching degree meets preset range, login successfully, and sets 1 for status code;
If matching degree is unsatisfactory for preset range, login failure, and sets 0 for status code.
7. a kind of web communication encrypted transmission device based on RAS algorithm, which is characterized in that including:
Landing request information receiving unit, for receiving the landing request information of client, the landing request information is at least wrapped
It includes:Original code;
First code key generation unit, for generating RAS public key according to the landing request information;Second code key generation unit is used
In the correspondence RAS public key, RAS private key is generated;
Transmission unit, for sending the RAS public key to the client;
Crypted password acquiring unit, for obtaining the client according to the Crypted password after the RAS public key encryption;
Information acquisition unit is decrypted, for decrypting the Crypted password according to the RAS private key, obtains solution confidential information;
Authentication unit for verifying the solution confidential information, and sends status code to the client.
8. encrypted transmission device according to claim 7, which is characterized in that the first code key generation unit includes:
Selection unit, for randomly selecting the first prime number p1 and the second prime number p2;
First determination unit, for determining the first public key n, and n=p1*p2;
Second determination unit, for determining the second public key e, and e is a random integers relatively prime with φ (n).
9. encrypted transmission device according to claim 7, which is characterized in that the second code key generation unit includes:
Extraction unit, for extracting the encryption information in the landing request information;
Private key generation unit, for generating RAS private key according to the encryption information, the RAS public key and the original code.
10. encrypted transmission device according to claim 9, which is characterized in that described device further includes:
Storage unit, for storing the RAS private key into server.
11. encrypted transmission device according to claim 7, which is characterized in that described device further includes:
Crypted password generation unit, for the client according to the original code, predetermined encryption information and the RAS public key,
Generate Crypted password.
12. encrypted transmission device according to claim 7, which is characterized in that the authentication unit includes:
Comparison unit, for comparing the solution confidential information and the original code;
First setting unit logins successfully if meeting preset range for matching degree, and sets 1 for status code;
Second setting unit if being unsatisfactory for preset range, login failure for matching degree, and sets 0 for status code.
13. the web communication encryption transmission system based on RAS algorithm, which is characterized in that including:Client and server;
Wherein, the client is configurable for sending the landing request information of user to the server;
The RAS public key that the server is sent is received, and Crypted password is generated according to the RAS public key;
The Crypted password is sent to the server;
Reception state code, and judge to log in and whether succeed;
The server is configurable for receiving the landing request information of client, and the landing request information includes at least:
Original code;
According to the landing request information, RAS public key, and the corresponding RAS public key are generated, RAS private key is generated;
The RAS public key is sent to the client;
The client is obtained according to the Crypted password after the RAS public key encryption;
According to the RAS private key, the Crypted password is decrypted, obtains solution confidential information;
The solution confidential information is verified, and sends status code to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810952373.7A CN108833449B (en) | 2018-08-22 | 2018-08-22 | Web communication encryption transmission method, device and system based on RAS algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810952373.7A CN108833449B (en) | 2018-08-22 | 2018-08-22 | Web communication encryption transmission method, device and system based on RAS algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108833449A true CN108833449A (en) | 2018-11-16 |
| CN108833449B CN108833449B (en) | 2021-05-28 |
Family
ID=64151230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810952373.7A Active CN108833449B (en) | 2018-08-22 | 2018-08-22 | Web communication encryption transmission method, device and system based on RAS algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108833449B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN102006306A (en) * | 2010-12-08 | 2011-04-06 | 广东高新兴通信股份有限公司 | Security authentication method for WEB service |
| CN107257349A (en) * | 2017-07-27 | 2017-10-17 | 四川长虹电器股份有限公司 | Cipher encrypting method and system based on unidirectional and public key encryption algorithm |
-
2018
- 2018-08-22 CN CN201810952373.7A patent/CN108833449B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN102006306A (en) * | 2010-12-08 | 2011-04-06 | 广东高新兴通信股份有限公司 | Security authentication method for WEB service |
| CN107257349A (en) * | 2017-07-27 | 2017-10-17 | 四川长虹电器股份有限公司 | Cipher encrypting method and system based on unidirectional and public key encryption algorithm |
Non-Patent Citations (1)
| Title |
|---|
| GUOGANGJ: "用RSA加密实现Web登录密码加密传输", 《HTTPS://WWW.CNBLOGS.COM/GUOGANGJ/ARCHIVE/2012/03/05/2381117.HTML》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
| CN111565107B (en) * | 2020-07-14 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108833449B (en) | 2021-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6625211B2 (en) | Key exchange through partially trusted third parties | |
| RU2589861C2 (en) | System and method of user data encryption | |
| KR102219277B1 (en) | System and method for controlling the delivery of authenticated content | |
| Sumitra et al. | A survey of cloud authentication attacks and solution approaches | |
| US11063941B2 (en) | Authentication system, authentication method, and program | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| Li et al. | Towards smart card based mutual authentication schemes in cloud computing | |
| CN107359998A (en) | A kind of foundation of portable intelligent password management system and operating method | |
| CN113626802B (en) | Login verification system and method for equipment password | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
| JP2018026631A (en) | SSL communication system, client, server, SSL communication method, computer program | |
| Mandlekar et al. | Survey on fog computing mitigating data theft attacks in cloud | |
| CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
| CN106230840B (en) | A kind of command identifying method of high security | |
| CN108833449A (en) | Web communication encrypted transmission method, apparatus and system based on RAS algorithm | |
| Darwish et al. | Privacy and security of cloud computing: a comprehensive review of techniques and challenges | |
| Patel | A survey on security techniques used for confidentiality in cloud computing | |
| Rajani et al. | Multi-factor authentication as a service for cloud data security | |
| He et al. | Cryptanalysis of a smartcard-based user authentication scheme for multi-server environments | |
| KR101605766B1 (en) | Secret key generation method and deduplication method | |
| US11811915B1 (en) | Stateless system to protect data | |
| Das et al. | Mobile security (otp) by cloud computing | |
| US11831759B1 (en) | Optimized authentication system for a multiuser device | |
| Raut | The Concept of Cloud Computing and Its Security Issues |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201222 Address after: 571924 Hainan Ecological Software Park Walker Park 8830, high tech Industrial Demonstration Zone of Laocheng Town, Chengmai County, Haikou City, Hainan Province Applicant after: Hainan fire Chain Technology Co.,Ltd. Address before: 571924 building 8830, Walker Park, Hainan Ecological Software Park, Haikou old town high tech industry demonstration zone, Hainan Province Applicant before: HAINAN XINRUAN SOFTWARE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230720 Address after: Room 17A04-17A06, Floor 17A, Xiangnan Xiangxi Blockchain Industrial Park, Building 5, Xinxing Financial Center, High tech Zone, Hengyang City, Hunan Province, 421099 Patentee after: Hengyang Yancheng Blockchain Research Institute Address before: 571924 Hainan Ecological Software Park Walker Park 8830, high tech Industrial Demonstration Zone of Laocheng Town, Chengmai County, Haikou City, Hainan Province Patentee before: Hainan fire Chain Technology Co.,Ltd. |