CN108989325A - Encryption communication method, apparatus and system - Google Patents
Encryption communication method, apparatus and system Download PDFInfo
- Publication number
- CN108989325A CN108989325A CN201810881880.6A CN201810881880A CN108989325A CN 108989325 A CN108989325 A CN 108989325A CN 201810881880 A CN201810881880 A CN 201810881880A CN 108989325 A CN108989325 A CN 108989325A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- packet
- encrypted
- communication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of encryption communication method, apparatus and system, the method applied to server-side includes: that the facility information of terminal device is obtained according to the Terminal Equipment Identifier in communication request when receiving the communication request of terminal device transmission;According to facility information, proof of identity is carried out to terminal device, to determine whether terminal device is authenticating device;If so, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA key is to including public key and private key;The corresponding device numbering of terminal device, public key and encryption version number are sent to terminal device, so that terminal device generates encrypted packet;When receiving the encrypted packet of terminal device transmission, private key corresponding with encrypted packet is searched according to the header packet information of encrypted packet;It is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.The safety of data communication is effectively promoted in the present invention.
Description
Technical field
The present invention relates to Internet communication technology fields, more particularly, to a kind of encryption communication method, apparatus and system.
Background technique
With the rapid development of internet technology, problem of data safety is increasingly severe, and user data is in communication transmission process
In be easy to be stolen, and such as SQL injection, cross-site scripting attack (XSS), across station request forgery attack (CSRF), Http
The various attacks such as Heads attack emerge one after another.Web server meets with increasingly severe security challenge.
Currently, the communication mode being applied between client and server-side is resisted and is blocked for rogue attacks request
The scarce capacity cut, causes user data to be easily stolen in communication transmission process, safety is poor.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of encryption communication method, apparatus and system, it is logical to promote data
The safety of letter.
In a first aspect, method is applied to server-side the embodiment of the invention provides a kind of encryption communication method, comprising: when
When receiving the communication request of terminal device transmission, according to the Terminal Equipment Identifier in communication request, setting for terminal device is obtained
Standby information;Wherein, Terminal Equipment Identifier is carried in communication request;According to facility information, proof of identity is carried out to terminal device,
To determine whether terminal device is authenticating device;If so, generate the corresponding device numbering of terminal device, RSA key to add
Close version number;Wherein, RSA key is to including public key and private key;By the corresponding device numbering of terminal device, public key and encryption version
Number it is sent to terminal device, so that terminal device is based on its corresponding device numbering, public key and encryption version number and generates encryption number
According to packet;When receiving the encrypted packet of terminal device transmission, according to the header packet information of encrypted packet, search and encryption number
According to the corresponding private key of packet;Wherein, header packet information includes the corresponding device numbering of terminal device and encryption version number;By encrypting number
It is decrypted according to corresponding private key pair encryption data packet is wrapped, obtains communication data packet.
With reference to first aspect, the embodiment of the invention provides the first possible embodiment of first aspect, above-mentioned
According to facility information, proof of identity is carried out to terminal device, the step of whether terminal device is authenticating device determined, comprising: look into
The facility information that terminal device whether is recorded in pre-stored authenticating device information table looked for;Wherein, authenticating device information table
In be stored with the facility information of authenticating device;If so, determining that terminal device is authenticating device.
With reference to first aspect, the embodiment of the invention provides second of possible embodiment of first aspect, above-mentioned sides
Method further include: be based on communication data packet, the communication request sent to terminal device is responded.
One of second of the possible embodiment for arriving first aspect with reference to first aspect, the embodiment of the invention provides
The third possible mode of one side, wherein above-mentioned communication data packet includes HTTP request data packet.
Second aspect, the embodiment of the invention provides a kind of encryption communication method, this method is applied to terminal device, packet
It includes: sending communication request to server-side;Wherein, communication request carries Terminal Equipment Identifier;Server-side is received to ask for communication
Seek the device numbering, public key and encryption version number issued;According to device numbering, public key and encryption version number, to preset communication
Data packet is encrypted, and encrypted packet is obtained;Encrypted packet is sent to server-side, so that server-side is to encrypted packet
It is decrypted, obtains communication data packet.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein right
The step of preset communication data packet is encrypted, obtains encrypted packet, comprising: device numbering and encryption version number are written
In the packet header of preset communication data packet, be-encrypted data packet is obtained;Added by the backpack body that public key treats encrypted packet
It is close, obtain encrypted packet.
In conjunction with the possible embodiment of the first of second aspect or second aspect, wherein above-mentioned communication data packet includes
HTTP request data packet.
The third aspect, the embodiment of the invention provides a kind of encrypted communication device, which is set to server-side, comprising:
Communication request receiving module, for being set according to the terminal in communication request when receiving the communication request of terminal device transmission
Standby mark, obtains the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;Equipment identities verification
Module carries out proof of identity to terminal device, to determine whether terminal device is authenticating device according to facility information;Generate mould
Block, for when determining terminal device is authenticating device, generate the corresponding device numbering of terminal device, RSA key to and encryption
Version number;Wherein, RSA key is to including public key and private key;Sending module is used for the corresponding device numbering of terminal device, public affairs
Key and encryption version number are sent to terminal device, so that terminal device is based on its corresponding device numbering, public key and encryption version
Number generate encrypted packet;Encrypted packet receiving module, for when receive terminal device transmission encrypted packet when, root
According to the header packet information of encrypted packet, private key corresponding with encrypted packet is searched;Wherein, header packet information includes terminal device pair
The device numbering and encryption version number answered;Encrypted packet deciphering module, for by the corresponding private key of encrypted packet to adding
Ciphertext data packet is decrypted, and obtains communication data packet.
Fourth aspect, the embodiment of the invention provides a kind of encrypted communication device, which is set to terminal device, packet
Include: communication request sending module is used for server-side communication request;Wherein, communication request carries Terminal Equipment Identifier;It receives
Module is directed to device numbering, public key and the encryption version number that communication request issues for receiving server-side;Data packet encrypts mould
Block, for being encrypted to preset communication data packet, obtaining encryption data according to device numbering, public key and encryption version number
Packet;Encrypted packet sending module, for encrypted packet to be sent to server-side, so that server-side carries out encrypted packet
Decryption, obtains communication data packet.
5th aspect, the embodiment of the invention provides a kind of cryptographic communication systems, including server-side and terminal device;Its
In, server-side is connected with terminal equipment in communication;The encrypted communication device provided just like the third aspect, terminal device is arranged in server-side
The encrypted communication device provided just like fourth aspect is set.
The embodiment of the present invention bring it is following the utility model has the advantages that
The embodiment of the invention provides a kind of encryption communication method, apparatus and system, this method is applied to server-side, when connecing
When receiving the communication request of terminal device transmission, server-side can verify terminal according to the Terminal Equipment Identifier in communication request and set
Whether standby be authenticating device;When determining terminal device is authenticating device, it is close to generate the corresponding device numbering of terminal device, RSA
Key to and encryption version number;Wherein, RSA key is to including public key and private key;And by the corresponding device numbering of terminal device, public key
It is sent to terminal device with encryption version number, so that terminal device generates encrypted packet;When receive terminal device transmission
When encrypted packet, it is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.This hair
The aforesaid way that bright embodiment provides generates RSA key pair in server-side, by public key be sent to by the terminal device of verifying with
So that it is generated encrypted packet, encrypted packet is decrypted by corresponding private key when receiving encrypted packet.In this way
Mode, the safety of data communication is effectively promoted.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims
And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of encryption communication method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of another encryption communication method provided in an embodiment of the present invention;
Fig. 3 is a kind of coded communication interaction schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of coded communication schematic diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of structural block diagram of encrypted communication device provided in an embodiment of the present invention;
Fig. 6 is the structural block diagram of another encrypted communication device provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of cryptographic communication system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Currently, the communication mode being applied between client and server-side is resisted and is blocked for rogue attacks request
The scarce capacity cut, causes user data to be easily stolen in communication transmission process, safety is poor.It is of the invention based on this
A kind of encryption communication method, the apparatus and system of embodiment offer, can effectively promote the safety of data communication.
For convenient for understanding the present embodiment, first to a kind of encryption communication method disclosed in the embodiment of the present invention into
Row is discussed in detail.
A kind of flow chart of encryption communication method shown in Figure 1, this method are applied to server-side, and this method includes such as
Lower step:
Step S102, when receiving the communication request of terminal device transmission, according to the terminal device mark in communication request
Know, obtains the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;The terminal device can be
The intelligent terminals such as television terminal or computer.Facility information may include device identification, equipment NIC address, device chip number
And apk version number of equipment etc.;Specifically, device identification can be by producer's number of production equipment, production batch number, terminal
One group of serial number composed by device type and multidigit random number is using the identification information as equipment;When practical application, it can adopt
With three random numbers.
Step S104 carries out proof of identity to terminal device, to determine whether terminal device is certification according to facility information
Equipment;If so, executing step S106;If not, terminating.Through verification aforementioned terminals equipment in server side authentication mistake, confirmation is logical
Letter requests legal the step of just carrying out subsequent data communications, effectively can resist and intercept illegal request.
Step S106, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA is close
Key is to being generated, including public key and private key based on RSA cryptographic algorithms;RSA cryptographic algorithms are a kind of rivest, shamir, adelmans,
Using public-key encryptosystem, namely different encryption key and decruption key are used, encryption key (i.e. public key) PK is public
Information is opened, and decruption key (i.e. code key) SK is secrecy.Encryption and decryption processing is carried out to data using RSA, effectively avoids asking
The exposure of data is asked, privacy of user data can be protected.And when practical application, in this way, server-side can be difference
Terminal device be randomly assigned public key, be effectively prevented a certain terminal device public key leakage when, influence the whole network data transmission
And interaction.
The corresponding device numbering of terminal device, public key and encryption version number are sent to terminal device by step S108, so that
Terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Step S110, when receiving the encrypted packet of terminal device transmission, according to the header packet information of encrypted packet,
Search private key corresponding with encrypted packet;Wherein, header packet information includes the corresponding device numbering of terminal device and encryption version
Number;
Step S112 is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet;
Wherein, communication data packet includes the actual data information that terminal device is sent to server-side.
Above-mentioned a kind of encryption communication method provided in an embodiment of the present invention is applied to server-side, when receiving terminal device
When the communication request of transmission, server-side can verify whether terminal device is certification according to the Terminal Equipment Identifier in communication request
Equipment;When determining terminal device is authenticating device, generate the corresponding device numbering of terminal device, RSA key to and encrypted version
This number;Wherein, RSA key is to including public key and private key;And by the corresponding device numbering of terminal device, public key and encryption version number
It is sent to terminal device, so that terminal device generates encrypted packet;When receiving the encrypted packet of terminal device transmission,
It is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.The embodiment of the present invention provides
Aforesaid way server-side generate RSA key pair, public key is sent to the terminal device by verifying so that its generate encryption
Data packet decrypts encrypted packet by corresponding private key when receiving encrypted packet.In this way, effectively
Improve the safety of data communication.
For ease of understanding, above-mentioned steps S104, namely according to facility information, proof of identity is carried out to terminal device, with true
Determine whether terminal device is authenticating device, comprising: search and whether recorded terminal in pre-stored authenticating device information table and set
Standby facility information;Wherein, the facility information of authenticating device is stored in authenticating device information table;If so, determining that terminal is set
Standby is authenticating device.
Further, the above method further include: be based on communication data packet, the communication request sent to terminal device is returned
It answers.Specifically, can be found in server-side at corresponding business by the actual data information in parsing communication data packet
Interface is managed, the communication request sent to terminal device is responded.
Specifically, the communication data packet that a kind of above-mentioned encryption communication method is previously mentioned includes HTTP request data packet, namely
Based on data packet constructed by http protocol rule.
Further, the embodiment of the invention also provides another encryption communication method, this method is applied to terminal device,
In, which can be the intelligent terminals such as television terminal or computer.Specifically, another encryption shown in Figure 2
The flow chart of communication means, this method comprises the following steps:
Step S202 sends communication request to server-side;Wherein, communication request carries Terminal Equipment Identifier;
Step S204 receives server-side and is directed to device numbering, public key and encryption version number that communication request issues;
Step S206 encrypts preset communication data packet, obtains according to device numbering, public key and encryption version number
To encrypted packet;Wherein, preset communication data packet can be leads to according to what data between server-side and terminal device were transmitted
Believe data packet corresponding with agreement set by agreement.
Encrypted packet is sent to server-side by step S208, so that encrypted packet is decrypted in server-side, is obtained
Communication data packet.
Above-mentioned another encryption communication method provided in an embodiment of the present invention, is applied to terminal device, by with server-side
Interaction, sending communication request to server-side and by being directed to communication request institute according to server-side after server-side proof of identity
Device numbering, public key and the encryption version number issued encrypts to obtain encryption data communication data packet preset in equipment
Packet, and then encrypted packet is sent to server-side, encrypted transmission is carried out to data through the above way, number is effectively promoted
According to the safety of communication.
Further, for ease of understanding, above-mentioned steps S206, namely preset communication data packet is encrypted, added
The step of ciphertext data packet, comprising: device numbering and encryption version number are written in the packet header of preset communication data packet, obtain to
Encrypted packet;It is encrypted by the backpack body that public key treats encrypted packet, obtains encrypted packet.
Specifically, the communication data packet mentioned in above-mentioned another kind encryption communication method includes HTTP request data packet,
I.e. based on data packet constructed by http protocol rule.To be convenient to carry out, the embodiment of the invention also provides a kind of server-side with
Terminal equipment in communication interactive mode, a kind of coded communication interaction schematic diagram as shown in Figure 3, wherein the above-mentioned communication shown in Fig. 3
Data packet is HTTP request data packet, and the header packet information of the data packet further includes request interface coding, is added to the data packet
It is close when obtaining encrypted packet and encrypted packet being sent to server-side, but the server-side request interface encodes, matching and should
Request interface encodes corresponding business processing interface, to respond to terminal device.Illustrated in detail in Fig. 3 server-side with
Interactive process between terminal device;Specifically, including:
Step 1, terminal device generating device information;Wherein, facility information includes device identification, device gateway address, sets
Standby chip number;
Step 2.1, terminal device sends communication request to server-side;Wherein, communication request carries aforementioned device information;
Step 2.2, server-side is verified according to identity of the facility information to terminal device, judge terminal device whether be
Authenticating device;
Step 2.3, after server-side confirmation terminal device is authenticating device, corresponding device numbering is generated;
Step 2.4, server-side generate corresponding with aforementioned device number RSA key to and encryption version number;Wherein, RSA
Key pair includes public key and private key;
Step 2.5, server-side is to terminal device sending device authentication result;Wherein, device authentication result carries aforementioned
Device numbering, public key and encryption version number;
Step 3.1, the packet of HTTP request data packet is written in the device numbering received, encryption version number by terminal device
Head obtains be-encrypted data packet;Wherein, the packet header of HTTP request data packet further includes request interface coding;
Step 3.2, the backpack body content of be-encrypted data packet is carried out binary system transcoding by terminal device, obtains binary data
Code;
Step 3.3, terminal device is encrypted by public key to by the binary code data in be-encrypted data packet, is obtained
Encrypted packet;
Step 4.1, encrypted packet is sent to server-side by terminal device;
Step 4.2, server-side verifies the identity of terminal device according to the header packet information of encrypted packet;
Step 4.3, the matched private key of the header packet information of server side searches and encrypted packet;
Step 4.4, server-side is decrypted the encrypted packet from terminal device received by private key, with
To HTTP request data packet;
Step 4.5, server-side passes through the request interface coding in HTTP data packet, the communication request of matching and terminal device
Corresponding business processing interface, to make corresponding processing to communication request;
Step 4.6, processing result is returned to terminal device by server-side, namely is returned to the communication request of terminal device
It answers.
Further, on the basis of Fig. 3, when communication data packet is HTTP request data packet, server-side and terminal device
Between communication interaction follow http protocol, encrypted above by the backpack body that public key treats encrypted packet, obtain encryption number
Include: according to the step of packet
(1) the backpack body information for treating encrypted packet carries out binary system transcoding, obtains binary data string;Practical application
When, java request bo object need to be converted into json string, then json string is converted into binary data string.
(2) binary data string is encrypted by public key, obtains binary system encryption string;Wherein, binary system encryption string
For the backpack body of encrypted packet.For the encrypted packet, encrypted packet is decrypted in above-mentioned server-side, obtains communication number
The step of according to packet, comprising: corresponding device numbering, public key and encryption version number are obtained from the packet header of the encrypted packet,
With corresponding private key, above-mentioned binary system encryption string is decrypted by private key, and be json string by Binary Conversion.By looking into
Json string is reconverted into the practical communication data of device end by the business processing interface corresponding with above-mentioned interface coding found
Java request bo object, to make related return to the communication request of device end based on java request bo object
It answers.Specifically, for ease of understanding, a kind of coded communication schematic diagram shown in Figure 4 shows HTTP request coding in Fig. 4
The application of device, HTTP request decoder in server-side and terminal device;Wherein, HTTP request encoder is used for HTTP request
Data packet is encrypted;HTTP request decoder is for being decrypted encrypted packet;Terminal device is used to send out to server-side
Send communication request and transmitting encrypted data packet;The encrypted packet and after decrypted that server-side is sent for receiving terminal apparatus,
Aforementioned communication request is directed to respond to terminal device.
A kind of corresponding above-mentioned encryption communication method shown in FIG. 1, referring to Fig. 5, the embodiment of the invention provides a kind of encryptions
Communication device, the device are set to server-side, comprising:
Communication request receiving module 502, for when receive terminal device transmission communication request when, according to communication request
In Terminal Equipment Identifier, obtain the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;
Equipment identities correction verification module 504 carries out proof of identity to terminal device, to determine that terminal is set according to facility information
Whether standby be authenticating device;
Generation module 506 is compiled for when determining terminal device is authenticating device, generating the corresponding equipment of terminal device
Number, RSA key to and encryption version number;Wherein, RSA key is to including public key and private key;
Sending module 508 is set for the corresponding device numbering of terminal device, public key and encryption version number to be sent to terminal
It is standby, so that terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Encrypted packet receiving module 510, for when receive terminal device transmission encrypted packet when, according to encryption
The header packet information of data packet searches private key corresponding with encrypted packet;Wherein, to include that terminal device is corresponding set header packet information
Standby number and encryption version number;
Encrypted packet deciphering module 512, for being solved by the corresponding private key pair encryption data packet of encrypted packet
It is close, obtain communication data packet.
The embodiment of the invention provides a kind of encrypted communication device, which is set to server-side, is primarily based on communication and asks
Receiving module is asked to obtain the facility information of terminal device;By equipment identities correction verification module according to facility information, to terminal device
Proof of identity is carried out to judge whether it is authenticating device;And then when determining terminal device is authenticating device, by generating mould
Block, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA key to include public key and
Private key;And the corresponding device numbering of terminal device, public key and encryption version number are sent to by terminal device by sending module, with
Terminal device is set to generate encrypted packet;Then aforementioned encrypted packet is received by encrypted packet receiving module;And pass through
Encrypted packet is decrypted in encrypted packet deciphering module, obtains communication data packet.It is provided in an embodiment of the present invention above-mentioned
Device server-side generate RSA key pair, public key is sent to the terminal device by verifying so that its generate encrypted packet,
Encrypted packet is decrypted by corresponding private key when receiving encrypted packet.In this way, it is effectively promoted
The safety of data communication.
Corresponding above-mentioned another encryption communication method shown in Fig. 2, referring to Fig. 6, the embodiment of the invention provides another kinds
Encrypted communication device, the device are set to terminal device, comprising:
Communication request sending module 602, for sending communication request to server-side;Wherein, communication request carries terminal
Device identification;
Receiving module 604 is directed to device numbering, public key and the encryption version that communication request issues for receiving server-side
Number;
Data packet encrypting module 606 is used for according to device numbering, public key and encryption version number, to preset communication data
Packet is encrypted, and encrypted packet is obtained;
Encrypted packet sending module 608, for encrypted packet to be sent to server-side, so that server-side is to encryption number
It is decrypted according to packet, obtains communication data packet.
Above-mentioned another encrypted communication device provided in an embodiment of the present invention, is set to terminal device, by with server-side
Interaction, sending communication request to server-side and by being directed to communication request institute according to server-side after server-side proof of identity
Device numbering, public key and the encryption version number issued encrypts to obtain encryption data communication data packet preset in equipment
Packet, and then encrypted packet is sent to server-side, encrypted transmission is carried out to data through the above way, number is effectively promoted
According to the safety of communication.
The technical effect of device provided by the present embodiment, realization principle and generation is identical with previous embodiment, for letter
It describes, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
Further, correspond to the above method and device, the embodiment of the invention also provides a kind of encrypted communication device, referring to
Fig. 7, the system include server-side 702 and terminal device 704;It is logical that a kind of above-mentioned encryption shown in fig. 5 is provided in server-side 702
T unit is provided with above-mentioned another encrypted communication device shown in fig. 6 in terminal device 704.Server-side in the system and
The function that terminal device has is similar with above embodiments, and I will not elaborate.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, section or code of table, a part of the module, section or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of encryption communication method, which is characterized in that the method is applied to server-side, comprising:
When receiving the communication request of terminal device transmission, according to the Terminal Equipment Identifier in the communication request, institute is obtained
State the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in the communication request;
According to the facility information, proof of identity is carried out to the terminal device, whether is certification with the determination terminal device
Equipment;
If so, generate the corresponding device numbering of the terminal device, RSA key to and encryption version number;Wherein, the RSA
Key pair includes public key and private key;
The corresponding device numbering of the terminal device, public key and encryption version number are sent to the terminal device, so that described
Terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
When receiving the encrypted packet that the terminal device is sent, according to the header packet information of the encrypted packet,
Search private key corresponding with the encrypted packet;Wherein, the header packet information includes that the corresponding equipment of the terminal device is compiled
Number and encryption version number;
The encrypted packet is decrypted by the encrypted packet corresponding private key, obtains communication data packet.
2. the method according to claim 1, wherein described according to the facility information, to the terminal device
The step of carrying out proof of identity, with the determination terminal device whether being authenticating device, comprising:
The facility information that the terminal device whether is recorded in pre-stored authenticating device information table searched;Wherein, described
The facility information of authenticating device is stored in authenticating device information table;
If so, determining that the terminal device is authenticating device.
3. the method according to claim 1, wherein the method also includes:
Based on the communication data packet, the communication request sent to the terminal device is responded.
4. method according to any one of claims 1 to 3, which is characterized in that the communication data packet includes HTTP request
Data packet.
5. a kind of encryption communication method, which is characterized in that the method is applied to terminal device, comprising:
Communication request is sent to server-side;Wherein, the communication request carries Terminal Equipment Identifier;
It receives the server-side and is directed to device numbering, public key and encryption version number that the communication request issues;
According to the device numbering, the public key and the encryption version number, preset communication data packet is encrypted, is obtained
Encrypted packet;
The encrypted packet is sent to the server-side, so that the encrypted packet is decrypted in the server-side,
Obtain the communication data packet.
6. according to the method described in claim 5, obtaining it is characterized in that, described encrypt preset communication data packet
The step of encrypted packet, comprising:
The device numbering and the encryption version number are written in the packet header of preset communication data packet, be-encrypted data is obtained
Packet;
It is encrypted by backpack body of the public key to the be-encrypted data packet, obtains encrypted packet.
7. method according to claim 5 or 6, which is characterized in that the communication data packet includes HTTP request data packet.
8. a kind of encrypted communication device, which is characterized in that described device is set to server-side, comprising:
Communication request receiving module, for when receive terminal device transmission communication request when, according in the communication request
Terminal Equipment Identifier, obtain the facility information of the terminal device;Wherein, terminal device mark is carried in the communication request
Know;
Equipment identities correction verification module carries out proof of identity to the terminal device, with the determination end according to the facility information
Whether end equipment is authenticating device;
Generation module is compiled for when determining the terminal device is authenticating device, generating the corresponding equipment of the terminal device
Number, RSA key to and encryption version number;Wherein, the RSA key is to including public key and private key;
Sending module, for the corresponding device numbering of the terminal device, public key and encryption version number to be sent to the terminal
Equipment, so that the terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Encrypted packet receiving module, for when receiving the encrypted packet that the terminal device is sent, according to institute
The header packet information of encrypted packet is stated, private key corresponding with the encrypted packet is searched;Wherein, the header packet information includes institute
State the corresponding device numbering of terminal device and encryption version number;
Encrypted packet deciphering module, for being solved by the corresponding private key of the encrypted packet to the encrypted packet
It is close, obtain communication data packet.
9. a kind of encrypted communication device, which is characterized in that described device is set to terminal device, comprising:
Communication request sending module, for sending communication request to server-side;Wherein, the communication request carries terminal device
Mark;
Receiving module is directed to device numbering, public key and the encryption version that the communication request issues for receiving the server-side
Number;
Data packet encrypting module is used for according to the device numbering, the public key and the encryption version number, to preset communication
Data packet is encrypted, and encrypted packet is obtained;
Encrypted packet sending module, for the encrypted packet to be sent to the server-side, so that the server-side pair
The encrypted packet is decrypted, and obtains the communication data packet.
10. a kind of cryptographic communication system, which is characterized in that including server-side and terminal device;Wherein, the server-side and described
Terminal equipment in communication connection;
The server-side is provided with encrypted communication device as claimed in claim 8, and the terminal device setting is wanted just like right
Encrypted communication device described in asking 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810881880.6A CN108989325A (en) | 2018-08-03 | 2018-08-03 | Encryption communication method, apparatus and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810881880.6A CN108989325A (en) | 2018-08-03 | 2018-08-03 | Encryption communication method, apparatus and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108989325A true CN108989325A (en) | 2018-12-11 |
Family
ID=64555422
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810881880.6A Pending CN108989325A (en) | 2018-08-03 | 2018-08-03 | Encryption communication method, apparatus and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989325A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110225046A (en) * | 2019-06-18 | 2019-09-10 | 北京大豪科技股份有限公司 | Data transmission method, device, electronic equipment and storage medium |
CN110912680A (en) * | 2019-11-26 | 2020-03-24 | 福建汉特云智能科技有限公司 | Data transmission method for improving safety of vehicle condition data and storage medium |
CN111049897A (en) * | 2019-12-10 | 2020-04-21 | 北京百度网讯科技有限公司 | Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package |
CN111343156A (en) * | 2020-02-11 | 2020-06-26 | 中国联合网络通信集团有限公司 | Registration authentication method, server, terminal device and readable storage medium |
CN111464486A (en) * | 2019-01-22 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Information interaction method and device and computing equipment |
CN112468544A (en) * | 2020-11-12 | 2021-03-09 | 上海东普信息科技有限公司 | Express delivery data transmission method based on middleware and middleware |
CN113591138A (en) * | 2021-09-30 | 2021-11-02 | 连连(杭州)信息技术有限公司 | Service data processing method, device, equipment and medium |
WO2022062980A1 (en) * | 2020-09-23 | 2022-03-31 | 歌尔股份有限公司 | Communication method and apparatus, and electronic device and storage medium |
CN114338167A (en) * | 2021-12-29 | 2022-04-12 | 无锡沐创集成电路设计有限公司 | Communication encryption system, method, storage medium and electronic device |
CN114915462A (en) * | 2022-04-29 | 2022-08-16 | 中国电信股份有限公司 | Cross-site request forgery attack defense method and device, electronic device and medium |
CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
CN114338167B (en) * | 2021-12-29 | 2024-04-30 | 无锡沐创集成电路设计有限公司 | Communication encryption system, method, storage medium and electronic device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101473675A (en) * | 2006-06-23 | 2009-07-01 | 微软公司 | Virtualization of mobile device user experience |
CN101977193A (en) * | 2010-10-28 | 2011-02-16 | 北京飞天诚信科技有限公司 | Method and system for safely downloading certificate |
CN105119891A (en) * | 2015-07-15 | 2015-12-02 | 华数传媒网络有限公司 | Data interaction method, set top box and server |
CN105721892A (en) * | 2016-02-04 | 2016-06-29 | 北京广慧科技有限公司 | Digital television content monitoring method and system of digital terrestrial television single frequency network |
CN106557707A (en) * | 2015-09-29 | 2017-04-05 | 苏宁云商集团股份有限公司 | A kind of method and system for processing document data |
CN106878009A (en) * | 2017-02-21 | 2017-06-20 | 蔚来汽车有限公司 | Key updating method and system |
CN107145790A (en) * | 2017-04-05 | 2017-09-08 | 深圳市金立通信设备有限公司 | A kind of method and terminal for managing application permission |
CN107148788A (en) * | 2014-11-12 | 2017-09-08 | 高通股份有限公司 | Method for the peer-to-peer in certification foundation-free facility peer-to-peer network |
-
2018
- 2018-08-03 CN CN201810881880.6A patent/CN108989325A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101473675A (en) * | 2006-06-23 | 2009-07-01 | 微软公司 | Virtualization of mobile device user experience |
CN101977193A (en) * | 2010-10-28 | 2011-02-16 | 北京飞天诚信科技有限公司 | Method and system for safely downloading certificate |
CN107148788A (en) * | 2014-11-12 | 2017-09-08 | 高通股份有限公司 | Method for the peer-to-peer in certification foundation-free facility peer-to-peer network |
CN105119891A (en) * | 2015-07-15 | 2015-12-02 | 华数传媒网络有限公司 | Data interaction method, set top box and server |
CN106557707A (en) * | 2015-09-29 | 2017-04-05 | 苏宁云商集团股份有限公司 | A kind of method and system for processing document data |
CN105721892A (en) * | 2016-02-04 | 2016-06-29 | 北京广慧科技有限公司 | Digital television content monitoring method and system of digital terrestrial television single frequency network |
CN106878009A (en) * | 2017-02-21 | 2017-06-20 | 蔚来汽车有限公司 | Key updating method and system |
CN107145790A (en) * | 2017-04-05 | 2017-09-08 | 深圳市金立通信设备有限公司 | A kind of method and terminal for managing application permission |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464486A (en) * | 2019-01-22 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Information interaction method and device and computing equipment |
CN110225046A (en) * | 2019-06-18 | 2019-09-10 | 北京大豪科技股份有限公司 | Data transmission method, device, electronic equipment and storage medium |
CN110912680B (en) * | 2019-11-26 | 2023-06-27 | 福建汉特云智能科技有限公司 | Data transmission method and storage medium for improving safety of vehicle condition data |
CN110912680A (en) * | 2019-11-26 | 2020-03-24 | 福建汉特云智能科技有限公司 | Data transmission method for improving safety of vehicle condition data and storage medium |
CN111049897A (en) * | 2019-12-10 | 2020-04-21 | 北京百度网讯科技有限公司 | Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package |
CN111343156B (en) * | 2020-02-11 | 2022-07-08 | 中国联合网络通信集团有限公司 | Registration authentication method, server, terminal device and readable storage medium |
CN111343156A (en) * | 2020-02-11 | 2020-06-26 | 中国联合网络通信集团有限公司 | Registration authentication method, server, terminal device and readable storage medium |
WO2022062980A1 (en) * | 2020-09-23 | 2022-03-31 | 歌尔股份有限公司 | Communication method and apparatus, and electronic device and storage medium |
CN112468544A (en) * | 2020-11-12 | 2021-03-09 | 上海东普信息科技有限公司 | Express delivery data transmission method based on middleware and middleware |
CN112468544B (en) * | 2020-11-12 | 2024-02-27 | 上海东普信息科技有限公司 | Express data transmission method based on middleware and middleware |
CN113591138A (en) * | 2021-09-30 | 2021-11-02 | 连连(杭州)信息技术有限公司 | Service data processing method, device, equipment and medium |
CN114338167A (en) * | 2021-12-29 | 2022-04-12 | 无锡沐创集成电路设计有限公司 | Communication encryption system, method, storage medium and electronic device |
CN114338167B (en) * | 2021-12-29 | 2024-04-30 | 无锡沐创集成电路设计有限公司 | Communication encryption system, method, storage medium and electronic device |
CN114915462A (en) * | 2022-04-29 | 2022-08-16 | 中国电信股份有限公司 | Cross-site request forgery attack defense method and device, electronic device and medium |
CN114915462B (en) * | 2022-04-29 | 2023-09-08 | 中国电信股份有限公司 | Cross-station request forgery attack defense method and device, electronic equipment and medium |
CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
CN116055207B (en) * | 2023-01-31 | 2023-10-03 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108989325A (en) | Encryption communication method, apparatus and system | |
JP7119040B2 (en) | Data transmission method, device and system | |
CN109922077B (en) | Identity authentication method and system based on block chain | |
CN109218825B (en) | Video encryption system | |
WO2018040758A1 (en) | Authentication method, authentication apparatus and authentication system | |
CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
CN108347419A (en) | Data transmission method and device | |
CN110855671A (en) | Trusted computing method and system | |
CN109151508B (en) | Video encryption method | |
CN105553951A (en) | Data transmission method and data transmission device | |
Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
CN105721153B (en) | Key exchange system and method based on authentication information | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106658093B (en) | The exchange method and system of set-top box and server | |
CN112351037B (en) | Information processing method and device for secure communication | |
CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
CN104243439A (en) | File transfer processing method and system and terminals | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
CN102404337A (en) | Data encryption method and device | |
CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
CN106792669A (en) | Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm | |
CN115967941A (en) | Power 5G terminal authentication method and authentication system | |
CN115225672A (en) | End-to-end data transmission method, device and medium | |
CN110730071A (en) | Power distribution communication equipment safety access authentication method, device and equipment | |
CN102281303A (en) | Data exchange method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181211 |