CN108989325A - Encryption communication method, apparatus and system - Google Patents

Encryption communication method, apparatus and system Download PDF

Info

Publication number
CN108989325A
CN108989325A CN201810881880.6A CN201810881880A CN108989325A CN 108989325 A CN108989325 A CN 108989325A CN 201810881880 A CN201810881880 A CN 201810881880A CN 108989325 A CN108989325 A CN 108989325A
Authority
CN
China
Prior art keywords
terminal device
packet
encrypted
communication
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810881880.6A
Other languages
Chinese (zh)
Inventor
蔡方伟
朱航明
黄璐
张弋丞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wasu Media & Network Co Ltd
Original Assignee
Wasu Media & Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wasu Media & Network Co Ltd filed Critical Wasu Media & Network Co Ltd
Priority to CN201810881880.6A priority Critical patent/CN108989325A/en
Publication of CN108989325A publication Critical patent/CN108989325A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of encryption communication method, apparatus and system, the method applied to server-side includes: that the facility information of terminal device is obtained according to the Terminal Equipment Identifier in communication request when receiving the communication request of terminal device transmission;According to facility information, proof of identity is carried out to terminal device, to determine whether terminal device is authenticating device;If so, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA key is to including public key and private key;The corresponding device numbering of terminal device, public key and encryption version number are sent to terminal device, so that terminal device generates encrypted packet;When receiving the encrypted packet of terminal device transmission, private key corresponding with encrypted packet is searched according to the header packet information of encrypted packet;It is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.The safety of data communication is effectively promoted in the present invention.

Description

Encryption communication method, apparatus and system
Technical field
The present invention relates to Internet communication technology fields, more particularly, to a kind of encryption communication method, apparatus and system.
Background technique
With the rapid development of internet technology, problem of data safety is increasingly severe, and user data is in communication transmission process In be easy to be stolen, and such as SQL injection, cross-site scripting attack (XSS), across station request forgery attack (CSRF), Http The various attacks such as Heads attack emerge one after another.Web server meets with increasingly severe security challenge.
Currently, the communication mode being applied between client and server-side is resisted and is blocked for rogue attacks request The scarce capacity cut, causes user data to be easily stolen in communication transmission process, safety is poor.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of encryption communication method, apparatus and system, it is logical to promote data The safety of letter.
In a first aspect, method is applied to server-side the embodiment of the invention provides a kind of encryption communication method, comprising: when When receiving the communication request of terminal device transmission, according to the Terminal Equipment Identifier in communication request, setting for terminal device is obtained Standby information;Wherein, Terminal Equipment Identifier is carried in communication request;According to facility information, proof of identity is carried out to terminal device, To determine whether terminal device is authenticating device;If so, generate the corresponding device numbering of terminal device, RSA key to add Close version number;Wherein, RSA key is to including public key and private key;By the corresponding device numbering of terminal device, public key and encryption version Number it is sent to terminal device, so that terminal device is based on its corresponding device numbering, public key and encryption version number and generates encryption number According to packet;When receiving the encrypted packet of terminal device transmission, according to the header packet information of encrypted packet, search and encryption number According to the corresponding private key of packet;Wherein, header packet information includes the corresponding device numbering of terminal device and encryption version number;By encrypting number It is decrypted according to corresponding private key pair encryption data packet is wrapped, obtains communication data packet.
With reference to first aspect, the embodiment of the invention provides the first possible embodiment of first aspect, above-mentioned According to facility information, proof of identity is carried out to terminal device, the step of whether terminal device is authenticating device determined, comprising: look into The facility information that terminal device whether is recorded in pre-stored authenticating device information table looked for;Wherein, authenticating device information table In be stored with the facility information of authenticating device;If so, determining that terminal device is authenticating device.
With reference to first aspect, the embodiment of the invention provides second of possible embodiment of first aspect, above-mentioned sides Method further include: be based on communication data packet, the communication request sent to terminal device is responded.
One of second of the possible embodiment for arriving first aspect with reference to first aspect, the embodiment of the invention provides The third possible mode of one side, wherein above-mentioned communication data packet includes HTTP request data packet.
Second aspect, the embodiment of the invention provides a kind of encryption communication method, this method is applied to terminal device, packet It includes: sending communication request to server-side;Wherein, communication request carries Terminal Equipment Identifier;Server-side is received to ask for communication Seek the device numbering, public key and encryption version number issued;According to device numbering, public key and encryption version number, to preset communication Data packet is encrypted, and encrypted packet is obtained;Encrypted packet is sent to server-side, so that server-side is to encrypted packet It is decrypted, obtains communication data packet.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein right The step of preset communication data packet is encrypted, obtains encrypted packet, comprising: device numbering and encryption version number are written In the packet header of preset communication data packet, be-encrypted data packet is obtained;Added by the backpack body that public key treats encrypted packet It is close, obtain encrypted packet.
In conjunction with the possible embodiment of the first of second aspect or second aspect, wherein above-mentioned communication data packet includes HTTP request data packet.
The third aspect, the embodiment of the invention provides a kind of encrypted communication device, which is set to server-side, comprising: Communication request receiving module, for being set according to the terminal in communication request when receiving the communication request of terminal device transmission Standby mark, obtains the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;Equipment identities verification Module carries out proof of identity to terminal device, to determine whether terminal device is authenticating device according to facility information;Generate mould Block, for when determining terminal device is authenticating device, generate the corresponding device numbering of terminal device, RSA key to and encryption Version number;Wherein, RSA key is to including public key and private key;Sending module is used for the corresponding device numbering of terminal device, public affairs Key and encryption version number are sent to terminal device, so that terminal device is based on its corresponding device numbering, public key and encryption version Number generate encrypted packet;Encrypted packet receiving module, for when receive terminal device transmission encrypted packet when, root According to the header packet information of encrypted packet, private key corresponding with encrypted packet is searched;Wherein, header packet information includes terminal device pair The device numbering and encryption version number answered;Encrypted packet deciphering module, for by the corresponding private key of encrypted packet to adding Ciphertext data packet is decrypted, and obtains communication data packet.
Fourth aspect, the embodiment of the invention provides a kind of encrypted communication device, which is set to terminal device, packet Include: communication request sending module is used for server-side communication request;Wherein, communication request carries Terminal Equipment Identifier;It receives Module is directed to device numbering, public key and the encryption version number that communication request issues for receiving server-side;Data packet encrypts mould Block, for being encrypted to preset communication data packet, obtaining encryption data according to device numbering, public key and encryption version number Packet;Encrypted packet sending module, for encrypted packet to be sent to server-side, so that server-side carries out encrypted packet Decryption, obtains communication data packet.
5th aspect, the embodiment of the invention provides a kind of cryptographic communication systems, including server-side and terminal device;Its In, server-side is connected with terminal equipment in communication;The encrypted communication device provided just like the third aspect, terminal device is arranged in server-side The encrypted communication device provided just like fourth aspect is set.
The embodiment of the present invention bring it is following the utility model has the advantages that
The embodiment of the invention provides a kind of encryption communication method, apparatus and system, this method is applied to server-side, when connecing When receiving the communication request of terminal device transmission, server-side can verify terminal according to the Terminal Equipment Identifier in communication request and set Whether standby be authenticating device;When determining terminal device is authenticating device, it is close to generate the corresponding device numbering of terminal device, RSA Key to and encryption version number;Wherein, RSA key is to including public key and private key;And by the corresponding device numbering of terminal device, public key It is sent to terminal device with encryption version number, so that terminal device generates encrypted packet;When receive terminal device transmission When encrypted packet, it is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.This hair The aforesaid way that bright embodiment provides generates RSA key pair in server-side, by public key be sent to by the terminal device of verifying with So that it is generated encrypted packet, encrypted packet is decrypted by corresponding private key when receiving encrypted packet.In this way Mode, the safety of data communication is effectively promoted.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of encryption communication method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of another encryption communication method provided in an embodiment of the present invention;
Fig. 3 is a kind of coded communication interaction schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of coded communication schematic diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of structural block diagram of encrypted communication device provided in an embodiment of the present invention;
Fig. 6 is the structural block diagram of another encrypted communication device provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of cryptographic communication system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Currently, the communication mode being applied between client and server-side is resisted and is blocked for rogue attacks request The scarce capacity cut, causes user data to be easily stolen in communication transmission process, safety is poor.It is of the invention based on this A kind of encryption communication method, the apparatus and system of embodiment offer, can effectively promote the safety of data communication.
For convenient for understanding the present embodiment, first to a kind of encryption communication method disclosed in the embodiment of the present invention into Row is discussed in detail.
A kind of flow chart of encryption communication method shown in Figure 1, this method are applied to server-side, and this method includes such as Lower step:
Step S102, when receiving the communication request of terminal device transmission, according to the terminal device mark in communication request Know, obtains the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;The terminal device can be The intelligent terminals such as television terminal or computer.Facility information may include device identification, equipment NIC address, device chip number And apk version number of equipment etc.;Specifically, device identification can be by producer's number of production equipment, production batch number, terminal One group of serial number composed by device type and multidigit random number is using the identification information as equipment;When practical application, it can adopt With three random numbers.
Step S104 carries out proof of identity to terminal device, to determine whether terminal device is certification according to facility information Equipment;If so, executing step S106;If not, terminating.Through verification aforementioned terminals equipment in server side authentication mistake, confirmation is logical Letter requests legal the step of just carrying out subsequent data communications, effectively can resist and intercept illegal request.
Step S106, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA is close Key is to being generated, including public key and private key based on RSA cryptographic algorithms;RSA cryptographic algorithms are a kind of rivest, shamir, adelmans, Using public-key encryptosystem, namely different encryption key and decruption key are used, encryption key (i.e. public key) PK is public Information is opened, and decruption key (i.e. code key) SK is secrecy.Encryption and decryption processing is carried out to data using RSA, effectively avoids asking The exposure of data is asked, privacy of user data can be protected.And when practical application, in this way, server-side can be difference Terminal device be randomly assigned public key, be effectively prevented a certain terminal device public key leakage when, influence the whole network data transmission And interaction.
The corresponding device numbering of terminal device, public key and encryption version number are sent to terminal device by step S108, so that Terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Step S110, when receiving the encrypted packet of terminal device transmission, according to the header packet information of encrypted packet, Search private key corresponding with encrypted packet;Wherein, header packet information includes the corresponding device numbering of terminal device and encryption version Number;
Step S112 is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet; Wherein, communication data packet includes the actual data information that terminal device is sent to server-side.
Above-mentioned a kind of encryption communication method provided in an embodiment of the present invention is applied to server-side, when receiving terminal device When the communication request of transmission, server-side can verify whether terminal device is certification according to the Terminal Equipment Identifier in communication request Equipment;When determining terminal device is authenticating device, generate the corresponding device numbering of terminal device, RSA key to and encrypted version This number;Wherein, RSA key is to including public key and private key;And by the corresponding device numbering of terminal device, public key and encryption version number It is sent to terminal device, so that terminal device generates encrypted packet;When receiving the encrypted packet of terminal device transmission, It is decrypted by the corresponding private key pair encryption data packet of encrypted packet, obtains communication data packet.The embodiment of the present invention provides Aforesaid way server-side generate RSA key pair, public key is sent to the terminal device by verifying so that its generate encryption Data packet decrypts encrypted packet by corresponding private key when receiving encrypted packet.In this way, effectively Improve the safety of data communication.
For ease of understanding, above-mentioned steps S104, namely according to facility information, proof of identity is carried out to terminal device, with true Determine whether terminal device is authenticating device, comprising: search and whether recorded terminal in pre-stored authenticating device information table and set Standby facility information;Wherein, the facility information of authenticating device is stored in authenticating device information table;If so, determining that terminal is set Standby is authenticating device.
Further, the above method further include: be based on communication data packet, the communication request sent to terminal device is returned It answers.Specifically, can be found in server-side at corresponding business by the actual data information in parsing communication data packet Interface is managed, the communication request sent to terminal device is responded.
Specifically, the communication data packet that a kind of above-mentioned encryption communication method is previously mentioned includes HTTP request data packet, namely Based on data packet constructed by http protocol rule.
Further, the embodiment of the invention also provides another encryption communication method, this method is applied to terminal device, In, which can be the intelligent terminals such as television terminal or computer.Specifically, another encryption shown in Figure 2 The flow chart of communication means, this method comprises the following steps:
Step S202 sends communication request to server-side;Wherein, communication request carries Terminal Equipment Identifier;
Step S204 receives server-side and is directed to device numbering, public key and encryption version number that communication request issues;
Step S206 encrypts preset communication data packet, obtains according to device numbering, public key and encryption version number To encrypted packet;Wherein, preset communication data packet can be leads to according to what data between server-side and terminal device were transmitted Believe data packet corresponding with agreement set by agreement.
Encrypted packet is sent to server-side by step S208, so that encrypted packet is decrypted in server-side, is obtained Communication data packet.
Above-mentioned another encryption communication method provided in an embodiment of the present invention, is applied to terminal device, by with server-side Interaction, sending communication request to server-side and by being directed to communication request institute according to server-side after server-side proof of identity Device numbering, public key and the encryption version number issued encrypts to obtain encryption data communication data packet preset in equipment Packet, and then encrypted packet is sent to server-side, encrypted transmission is carried out to data through the above way, number is effectively promoted According to the safety of communication.
Further, for ease of understanding, above-mentioned steps S206, namely preset communication data packet is encrypted, added The step of ciphertext data packet, comprising: device numbering and encryption version number are written in the packet header of preset communication data packet, obtain to Encrypted packet;It is encrypted by the backpack body that public key treats encrypted packet, obtains encrypted packet.
Specifically, the communication data packet mentioned in above-mentioned another kind encryption communication method includes HTTP request data packet, I.e. based on data packet constructed by http protocol rule.To be convenient to carry out, the embodiment of the invention also provides a kind of server-side with Terminal equipment in communication interactive mode, a kind of coded communication interaction schematic diagram as shown in Figure 3, wherein the above-mentioned communication shown in Fig. 3 Data packet is HTTP request data packet, and the header packet information of the data packet further includes request interface coding, is added to the data packet It is close when obtaining encrypted packet and encrypted packet being sent to server-side, but the server-side request interface encodes, matching and should Request interface encodes corresponding business processing interface, to respond to terminal device.Illustrated in detail in Fig. 3 server-side with Interactive process between terminal device;Specifically, including:
Step 1, terminal device generating device information;Wherein, facility information includes device identification, device gateway address, sets Standby chip number;
Step 2.1, terminal device sends communication request to server-side;Wherein, communication request carries aforementioned device information;
Step 2.2, server-side is verified according to identity of the facility information to terminal device, judge terminal device whether be Authenticating device;
Step 2.3, after server-side confirmation terminal device is authenticating device, corresponding device numbering is generated;
Step 2.4, server-side generate corresponding with aforementioned device number RSA key to and encryption version number;Wherein, RSA Key pair includes public key and private key;
Step 2.5, server-side is to terminal device sending device authentication result;Wherein, device authentication result carries aforementioned Device numbering, public key and encryption version number;
Step 3.1, the packet of HTTP request data packet is written in the device numbering received, encryption version number by terminal device Head obtains be-encrypted data packet;Wherein, the packet header of HTTP request data packet further includes request interface coding;
Step 3.2, the backpack body content of be-encrypted data packet is carried out binary system transcoding by terminal device, obtains binary data Code;
Step 3.3, terminal device is encrypted by public key to by the binary code data in be-encrypted data packet, is obtained Encrypted packet;
Step 4.1, encrypted packet is sent to server-side by terminal device;
Step 4.2, server-side verifies the identity of terminal device according to the header packet information of encrypted packet;
Step 4.3, the matched private key of the header packet information of server side searches and encrypted packet;
Step 4.4, server-side is decrypted the encrypted packet from terminal device received by private key, with To HTTP request data packet;
Step 4.5, server-side passes through the request interface coding in HTTP data packet, the communication request of matching and terminal device Corresponding business processing interface, to make corresponding processing to communication request;
Step 4.6, processing result is returned to terminal device by server-side, namely is returned to the communication request of terminal device It answers.
Further, on the basis of Fig. 3, when communication data packet is HTTP request data packet, server-side and terminal device Between communication interaction follow http protocol, encrypted above by the backpack body that public key treats encrypted packet, obtain encryption number Include: according to the step of packet
(1) the backpack body information for treating encrypted packet carries out binary system transcoding, obtains binary data string;Practical application When, java request bo object need to be converted into json string, then json string is converted into binary data string.
(2) binary data string is encrypted by public key, obtains binary system encryption string;Wherein, binary system encryption string For the backpack body of encrypted packet.For the encrypted packet, encrypted packet is decrypted in above-mentioned server-side, obtains communication number The step of according to packet, comprising: corresponding device numbering, public key and encryption version number are obtained from the packet header of the encrypted packet, With corresponding private key, above-mentioned binary system encryption string is decrypted by private key, and be json string by Binary Conversion.By looking into Json string is reconverted into the practical communication data of device end by the business processing interface corresponding with above-mentioned interface coding found Java request bo object, to make related return to the communication request of device end based on java request bo object It answers.Specifically, for ease of understanding, a kind of coded communication schematic diagram shown in Figure 4 shows HTTP request coding in Fig. 4 The application of device, HTTP request decoder in server-side and terminal device;Wherein, HTTP request encoder is used for HTTP request Data packet is encrypted;HTTP request decoder is for being decrypted encrypted packet;Terminal device is used to send out to server-side Send communication request and transmitting encrypted data packet;The encrypted packet and after decrypted that server-side is sent for receiving terminal apparatus, Aforementioned communication request is directed to respond to terminal device.
A kind of corresponding above-mentioned encryption communication method shown in FIG. 1, referring to Fig. 5, the embodiment of the invention provides a kind of encryptions Communication device, the device are set to server-side, comprising:
Communication request receiving module 502, for when receive terminal device transmission communication request when, according to communication request In Terminal Equipment Identifier, obtain the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in communication request;
Equipment identities correction verification module 504 carries out proof of identity to terminal device, to determine that terminal is set according to facility information Whether standby be authenticating device;
Generation module 506 is compiled for when determining terminal device is authenticating device, generating the corresponding equipment of terminal device Number, RSA key to and encryption version number;Wherein, RSA key is to including public key and private key;
Sending module 508 is set for the corresponding device numbering of terminal device, public key and encryption version number to be sent to terminal It is standby, so that terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Encrypted packet receiving module 510, for when receive terminal device transmission encrypted packet when, according to encryption The header packet information of data packet searches private key corresponding with encrypted packet;Wherein, to include that terminal device is corresponding set header packet information Standby number and encryption version number;
Encrypted packet deciphering module 512, for being solved by the corresponding private key pair encryption data packet of encrypted packet It is close, obtain communication data packet.
The embodiment of the invention provides a kind of encrypted communication device, which is set to server-side, is primarily based on communication and asks Receiving module is asked to obtain the facility information of terminal device;By equipment identities correction verification module according to facility information, to terminal device Proof of identity is carried out to judge whether it is authenticating device;And then when determining terminal device is authenticating device, by generating mould Block, generate the corresponding device numbering of terminal device, RSA key to and encryption version number;Wherein, RSA key to include public key and Private key;And the corresponding device numbering of terminal device, public key and encryption version number are sent to by terminal device by sending module, with Terminal device is set to generate encrypted packet;Then aforementioned encrypted packet is received by encrypted packet receiving module;And pass through Encrypted packet is decrypted in encrypted packet deciphering module, obtains communication data packet.It is provided in an embodiment of the present invention above-mentioned Device server-side generate RSA key pair, public key is sent to the terminal device by verifying so that its generate encrypted packet, Encrypted packet is decrypted by corresponding private key when receiving encrypted packet.In this way, it is effectively promoted The safety of data communication.
Corresponding above-mentioned another encryption communication method shown in Fig. 2, referring to Fig. 6, the embodiment of the invention provides another kinds Encrypted communication device, the device are set to terminal device, comprising:
Communication request sending module 602, for sending communication request to server-side;Wherein, communication request carries terminal Device identification;
Receiving module 604 is directed to device numbering, public key and the encryption version that communication request issues for receiving server-side Number;
Data packet encrypting module 606 is used for according to device numbering, public key and encryption version number, to preset communication data Packet is encrypted, and encrypted packet is obtained;
Encrypted packet sending module 608, for encrypted packet to be sent to server-side, so that server-side is to encryption number It is decrypted according to packet, obtains communication data packet.
Above-mentioned another encrypted communication device provided in an embodiment of the present invention, is set to terminal device, by with server-side Interaction, sending communication request to server-side and by being directed to communication request institute according to server-side after server-side proof of identity Device numbering, public key and the encryption version number issued encrypts to obtain encryption data communication data packet preset in equipment Packet, and then encrypted packet is sent to server-side, encrypted transmission is carried out to data through the above way, number is effectively promoted According to the safety of communication.
The technical effect of device provided by the present embodiment, realization principle and generation is identical with previous embodiment, for letter It describes, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
Further, correspond to the above method and device, the embodiment of the invention also provides a kind of encrypted communication device, referring to Fig. 7, the system include server-side 702 and terminal device 704;It is logical that a kind of above-mentioned encryption shown in fig. 5 is provided in server-side 702 T unit is provided with above-mentioned another encrypted communication device shown in fig. 6 in terminal device 704.Server-side in the system and The function that terminal device has is similar with above embodiments, and I will not elaborate.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, section or code of table, a part of the module, section or code include one or more use The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of encryption communication method, which is characterized in that the method is applied to server-side, comprising:
When receiving the communication request of terminal device transmission, according to the Terminal Equipment Identifier in the communication request, institute is obtained State the facility information of terminal device;Wherein, Terminal Equipment Identifier is carried in the communication request;
According to the facility information, proof of identity is carried out to the terminal device, whether is certification with the determination terminal device Equipment;
If so, generate the corresponding device numbering of the terminal device, RSA key to and encryption version number;Wherein, the RSA Key pair includes public key and private key;
The corresponding device numbering of the terminal device, public key and encryption version number are sent to the terminal device, so that described Terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
When receiving the encrypted packet that the terminal device is sent, according to the header packet information of the encrypted packet, Search private key corresponding with the encrypted packet;Wherein, the header packet information includes that the corresponding equipment of the terminal device is compiled Number and encryption version number;
The encrypted packet is decrypted by the encrypted packet corresponding private key, obtains communication data packet.
2. the method according to claim 1, wherein described according to the facility information, to the terminal device The step of carrying out proof of identity, with the determination terminal device whether being authenticating device, comprising:
The facility information that the terminal device whether is recorded in pre-stored authenticating device information table searched;Wherein, described The facility information of authenticating device is stored in authenticating device information table;
If so, determining that the terminal device is authenticating device.
3. the method according to claim 1, wherein the method also includes:
Based on the communication data packet, the communication request sent to the terminal device is responded.
4. method according to any one of claims 1 to 3, which is characterized in that the communication data packet includes HTTP request Data packet.
5. a kind of encryption communication method, which is characterized in that the method is applied to terminal device, comprising:
Communication request is sent to server-side;Wherein, the communication request carries Terminal Equipment Identifier;
It receives the server-side and is directed to device numbering, public key and encryption version number that the communication request issues;
According to the device numbering, the public key and the encryption version number, preset communication data packet is encrypted, is obtained Encrypted packet;
The encrypted packet is sent to the server-side, so that the encrypted packet is decrypted in the server-side, Obtain the communication data packet.
6. according to the method described in claim 5, obtaining it is characterized in that, described encrypt preset communication data packet The step of encrypted packet, comprising:
The device numbering and the encryption version number are written in the packet header of preset communication data packet, be-encrypted data is obtained Packet;
It is encrypted by backpack body of the public key to the be-encrypted data packet, obtains encrypted packet.
7. method according to claim 5 or 6, which is characterized in that the communication data packet includes HTTP request data packet.
8. a kind of encrypted communication device, which is characterized in that described device is set to server-side, comprising:
Communication request receiving module, for when receive terminal device transmission communication request when, according in the communication request Terminal Equipment Identifier, obtain the facility information of the terminal device;Wherein, terminal device mark is carried in the communication request Know;
Equipment identities correction verification module carries out proof of identity to the terminal device, with the determination end according to the facility information Whether end equipment is authenticating device;
Generation module is compiled for when determining the terminal device is authenticating device, generating the corresponding equipment of the terminal device Number, RSA key to and encryption version number;Wherein, the RSA key is to including public key and private key;
Sending module, for the corresponding device numbering of the terminal device, public key and encryption version number to be sent to the terminal Equipment, so that the terminal device is based on its corresponding device numbering, public key and encryption version number and generates encrypted packet;
Encrypted packet receiving module, for when receiving the encrypted packet that the terminal device is sent, according to institute The header packet information of encrypted packet is stated, private key corresponding with the encrypted packet is searched;Wherein, the header packet information includes institute State the corresponding device numbering of terminal device and encryption version number;
Encrypted packet deciphering module, for being solved by the corresponding private key of the encrypted packet to the encrypted packet It is close, obtain communication data packet.
9. a kind of encrypted communication device, which is characterized in that described device is set to terminal device, comprising:
Communication request sending module, for sending communication request to server-side;Wherein, the communication request carries terminal device Mark;
Receiving module is directed to device numbering, public key and the encryption version that the communication request issues for receiving the server-side Number;
Data packet encrypting module is used for according to the device numbering, the public key and the encryption version number, to preset communication Data packet is encrypted, and encrypted packet is obtained;
Encrypted packet sending module, for the encrypted packet to be sent to the server-side, so that the server-side pair The encrypted packet is decrypted, and obtains the communication data packet.
10. a kind of cryptographic communication system, which is characterized in that including server-side and terminal device;Wherein, the server-side and described Terminal equipment in communication connection;
The server-side is provided with encrypted communication device as claimed in claim 8, and the terminal device setting is wanted just like right Encrypted communication device described in asking 9.
CN201810881880.6A 2018-08-03 2018-08-03 Encryption communication method, apparatus and system Pending CN108989325A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810881880.6A CN108989325A (en) 2018-08-03 2018-08-03 Encryption communication method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810881880.6A CN108989325A (en) 2018-08-03 2018-08-03 Encryption communication method, apparatus and system

Publications (1)

Publication Number Publication Date
CN108989325A true CN108989325A (en) 2018-12-11

Family

ID=64555422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810881880.6A Pending CN108989325A (en) 2018-08-03 2018-08-03 Encryption communication method, apparatus and system

Country Status (1)

Country Link
CN (1) CN108989325A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110225046A (en) * 2019-06-18 2019-09-10 北京大豪科技股份有限公司 Data transmission method, device, electronic equipment and storage medium
CN110912680A (en) * 2019-11-26 2020-03-24 福建汉特云智能科技有限公司 Data transmission method for improving safety of vehicle condition data and storage medium
CN111049897A (en) * 2019-12-10 2020-04-21 北京百度网讯科技有限公司 Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package
CN111343156A (en) * 2020-02-11 2020-06-26 中国联合网络通信集团有限公司 Registration authentication method, server, terminal device and readable storage medium
CN111464486A (en) * 2019-01-22 2020-07-28 阿里巴巴集团控股有限公司 Information interaction method and device and computing equipment
CN112468544A (en) * 2020-11-12 2021-03-09 上海东普信息科技有限公司 Express delivery data transmission method based on middleware and middleware
CN113591138A (en) * 2021-09-30 2021-11-02 连连(杭州)信息技术有限公司 Service data processing method, device, equipment and medium
WO2022062980A1 (en) * 2020-09-23 2022-03-31 歌尔股份有限公司 Communication method and apparatus, and electronic device and storage medium
CN114338167A (en) * 2021-12-29 2022-04-12 无锡沐创集成电路设计有限公司 Communication encryption system, method, storage medium and electronic device
CN114915462A (en) * 2022-04-29 2022-08-16 中国电信股份有限公司 Cross-site request forgery attack defense method and device, electronic device and medium
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN114338167B (en) * 2021-12-29 2024-04-30 无锡沐创集成电路设计有限公司 Communication encryption system, method, storage medium and electronic device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101473675A (en) * 2006-06-23 2009-07-01 微软公司 Virtualization of mobile device user experience
CN101977193A (en) * 2010-10-28 2011-02-16 北京飞天诚信科技有限公司 Method and system for safely downloading certificate
CN105119891A (en) * 2015-07-15 2015-12-02 华数传媒网络有限公司 Data interaction method, set top box and server
CN105721892A (en) * 2016-02-04 2016-06-29 北京广慧科技有限公司 Digital television content monitoring method and system of digital terrestrial television single frequency network
CN106557707A (en) * 2015-09-29 2017-04-05 苏宁云商集团股份有限公司 A kind of method and system for processing document data
CN106878009A (en) * 2017-02-21 2017-06-20 蔚来汽车有限公司 Key updating method and system
CN107145790A (en) * 2017-04-05 2017-09-08 深圳市金立通信设备有限公司 A kind of method and terminal for managing application permission
CN107148788A (en) * 2014-11-12 2017-09-08 高通股份有限公司 Method for the peer-to-peer in certification foundation-free facility peer-to-peer network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101473675A (en) * 2006-06-23 2009-07-01 微软公司 Virtualization of mobile device user experience
CN101977193A (en) * 2010-10-28 2011-02-16 北京飞天诚信科技有限公司 Method and system for safely downloading certificate
CN107148788A (en) * 2014-11-12 2017-09-08 高通股份有限公司 Method for the peer-to-peer in certification foundation-free facility peer-to-peer network
CN105119891A (en) * 2015-07-15 2015-12-02 华数传媒网络有限公司 Data interaction method, set top box and server
CN106557707A (en) * 2015-09-29 2017-04-05 苏宁云商集团股份有限公司 A kind of method and system for processing document data
CN105721892A (en) * 2016-02-04 2016-06-29 北京广慧科技有限公司 Digital television content monitoring method and system of digital terrestrial television single frequency network
CN106878009A (en) * 2017-02-21 2017-06-20 蔚来汽车有限公司 Key updating method and system
CN107145790A (en) * 2017-04-05 2017-09-08 深圳市金立通信设备有限公司 A kind of method and terminal for managing application permission

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464486A (en) * 2019-01-22 2020-07-28 阿里巴巴集团控股有限公司 Information interaction method and device and computing equipment
CN110225046A (en) * 2019-06-18 2019-09-10 北京大豪科技股份有限公司 Data transmission method, device, electronic equipment and storage medium
CN110912680B (en) * 2019-11-26 2023-06-27 福建汉特云智能科技有限公司 Data transmission method and storage medium for improving safety of vehicle condition data
CN110912680A (en) * 2019-11-26 2020-03-24 福建汉特云智能科技有限公司 Data transmission method for improving safety of vehicle condition data and storage medium
CN111049897A (en) * 2019-12-10 2020-04-21 北京百度网讯科技有限公司 Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package
CN111343156B (en) * 2020-02-11 2022-07-08 中国联合网络通信集团有限公司 Registration authentication method, server, terminal device and readable storage medium
CN111343156A (en) * 2020-02-11 2020-06-26 中国联合网络通信集团有限公司 Registration authentication method, server, terminal device and readable storage medium
WO2022062980A1 (en) * 2020-09-23 2022-03-31 歌尔股份有限公司 Communication method and apparatus, and electronic device and storage medium
CN112468544A (en) * 2020-11-12 2021-03-09 上海东普信息科技有限公司 Express delivery data transmission method based on middleware and middleware
CN112468544B (en) * 2020-11-12 2024-02-27 上海东普信息科技有限公司 Express data transmission method based on middleware and middleware
CN113591138A (en) * 2021-09-30 2021-11-02 连连(杭州)信息技术有限公司 Service data processing method, device, equipment and medium
CN114338167A (en) * 2021-12-29 2022-04-12 无锡沐创集成电路设计有限公司 Communication encryption system, method, storage medium and electronic device
CN114338167B (en) * 2021-12-29 2024-04-30 无锡沐创集成电路设计有限公司 Communication encryption system, method, storage medium and electronic device
CN114915462A (en) * 2022-04-29 2022-08-16 中国电信股份有限公司 Cross-site request forgery attack defense method and device, electronic device and medium
CN114915462B (en) * 2022-04-29 2023-09-08 中国电信股份有限公司 Cross-station request forgery attack defense method and device, electronic equipment and medium
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Similar Documents

Publication Publication Date Title
CN108989325A (en) Encryption communication method, apparatus and system
JP7119040B2 (en) Data transmission method, device and system
CN109922077B (en) Identity authentication method and system based on block chain
CN109218825B (en) Video encryption system
WO2018040758A1 (en) Authentication method, authentication apparatus and authentication system
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN108347419A (en) Data transmission method and device
CN110855671A (en) Trusted computing method and system
CN109151508B (en) Video encryption method
CN105553951A (en) Data transmission method and data transmission device
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
CN105721153B (en) Key exchange system and method based on authentication information
CN108809633B (en) Identity authentication method, device and system
CN106658093B (en) The exchange method and system of set-top box and server
CN112351037B (en) Information processing method and device for secure communication
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN104243439A (en) File transfer processing method and system and terminals
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN102404337A (en) Data encryption method and device
CN111756528A (en) Quantum session key distribution method and device and communication architecture
CN106792669A (en) Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm
CN115967941A (en) Power 5G terminal authentication method and authentication system
CN115225672A (en) End-to-end data transmission method, device and medium
CN110730071A (en) Power distribution communication equipment safety access authentication method, device and equipment
CN102281303A (en) Data exchange method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181211