CN110430204A - A kind of modified JSON safety communicating method based on third party's password book server - Google Patents

A kind of modified JSON safety communicating method based on third party's password book server Download PDF

Info

Publication number
CN110430204A
CN110430204A CN201910740066.7A CN201910740066A CN110430204A CN 110430204 A CN110430204 A CN 110430204A CN 201910740066 A CN201910740066 A CN 201910740066A CN 110430204 A CN110430204 A CN 110430204A
Authority
CN
China
Prior art keywords
server
key
party
communication
communication party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910740066.7A
Other languages
Chinese (zh)
Inventor
李瑞瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xuzhou Hengjia Electronic Technology Co Ltd
Original Assignee
Xuzhou Hengjia Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xuzhou Hengjia Electronic Technology Co Ltd filed Critical Xuzhou Hengjia Electronic Technology Co Ltd
Priority to CN201910740066.7A priority Critical patent/CN110430204A/en
Publication of CN110430204A publication Critical patent/CN110430204A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of methods of modified JSON secure communication based on third party's password book server, are related to technical field of communication safety and comprising.This method includes third-party server, communication party A server and communication party opposite end server B.Signcode book and public key, private key are generated by third-party server first, communication party A requests signcode book, the communication identifier Code generated at random using third-party public key encryption, then the public key of communication identifier Code and communication party A are sent to third party, third party is using public key A_Key-1 coded communication code dictionary and is sent to communication party's server A.Communication party opposite end server B is communicated with A, own public key B_Key-1 is sent to communication party's server A first, communication party's server A is by local password book using B_Key-1 key encrypting and transmitting to communication party opposite end server B, and last communication party opposite end server B is completed after obtaining code dictionary and the communication of communication party's server A.Realize cipher mode simplification, rapid, safe.

Description

A kind of modified JSON safety communicating method based on third party's password book server
Technical field
The present invention relates to communication security techniques, specifically a kind of modified JSON based on third-party password book server Safety communicating method.
Background technique
Currently, when background server cross-domain communication, authentication system between server there are some potential safety problems, In communication process, for server in mutually confirmation identity, there is plaintext and ciphertext two ways, but mesh in the message identifying of transmission There are two large problems in the ciphertext cipher mode of preceding mainstream: cipher mode is excessively cumbersome to be simplified with cipher mode.Cipher mode It is cumbersome that communicating pair server is caused to need to expend the process that certain time is encrypted and decrypted in authenticating identity, and part The business in field is high to time requirement, so secondary cipher mode is unable to satisfy business demand, and cipher mode simplification is then easy It causes server to be cracked by force in verification process, great threat is caused for the safety of server.
Summary of the invention
In order to overcome the disadvantages of the above prior art, the present invention provides a kind of improvement based on third party's password book server The method of type JSON secure communication provides code dictionary by third party, and communication party's server is provided to third party using third party The communication identifier Code that generates at random of public key encryption, ciphertext sends the communication identifier Code and own public key generated, the Tripartite obtains the communication identifier Code of encryption, is decrypted using own private key, finds out corresponding signcode book, utilize communication party Public key encryption code dictionary, ciphertext is sent to communication party.The above problem is efficiently solved, cipher mode simplification, fast is realized Speedization, safe.
The present invention is realized with following technical solution: a kind of modified JSON peace based on third party's password book server Full communication method, the third-party server including generating public key, private key and signcode book, using own public key and private key to Third party requests communication party's server A of signcode book, requests signcode book to communication party's server A using own public key Communication party opposite end server B;
Signcode book and public key, private key are generated by third-party server first, communication party's server A requests signcode Book, the communication identifier Code generated at random using third-party public key encryption, then by communication identifier Code and communication party The public key of server A is sent to third-party server, and third-party server is concurrent using public key A_Key-1 coded communication code dictionary It send to communication party's server A;
Communication party opposite end server B is communicated with communication party's server A, and own public key B_Key-1 is sent to communication party first Local password book is used B_Key-1 key encrypting and transmitting to communication party opposite end server by server A, communication party's server A B, last communication party opposite end server B is completed after obtaining signcode book and the communication of communication party's server A.
Preferably, communication party's server A obtains the communication mechanism of signcode book:
(1) third-party server is run, and generates signcode book and public key Key-1 and private key Key-2, communication party's server A sends communication request to third-party server;
(2) after third-party server receives the application of communication party's server A, public key Key-1 is sent to communication party's server After communication party's server A receives public key Key-1, random communication identifier Code is automatically generated according to public key Key-1 by A;
(3) communication party's server A generates own public key A_Key-1 and private key A_Key-2 simultaneously, and communication party's server A makes The public key Key-1 coded communication identifier Code sent with third party, by encryption traffic carried identifier Code and itself public affairs Key A_Key-1 is sent to third-party server;
(4) third-party server is decrypted message according to own private key Key-2, obtains communication identifier Code, and Corresponding signcode book is encrypted using A_Key-1, is sent to communication party's server A;
(5) communication party's server A is decrypted message using own private key A_Key-2, obtains signcode book.
Preferably, communication party opposite end server B obtains the communication mechanism of signcode book:
(1) communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while servicing to communication party Device A sends communication application and public key B_Key-1;
(2) communication party's server A receives the communication application of communication party's transmission, using public key B_Key-1 to local password book It is encrypted, encrypted code dictionary and own public key A_Key-1 is sent to communication party opposite end server B;
(3) communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, simultaneously The communication information is encrypted using A_Key-1, is sent to communication party's server A, completes communication party's server A and communication party couple Hold the authentication of server B.
Compared with the prior technical scheme, beneficial effects of the present invention:
(1) core design of prior art is utilized, is improved on the basis of original technology;
(2) verifying of identity information, is reduced to the acquisition of signcode book by the symmetry for utilizing public, private key;
(3) accuracy for improving server identity authentication system reduces the process of repetition certification.
Detailed description of the invention
The present invention will be further explained below with reference to the attached drawings.
Fig. 1 is that communication party's server A in the present invention obtains code dictionary structure chart;
Fig. 2 is that communication party opposite end server B obtains code dictionary structure chart in the present invention;
Fig. 3 is actual data transfer flow chart in the present invention;
Fig. 4 is the improvement structure chart of key JSON in the present invention.
Specific embodiment
This system includes the third-party server for generating public key and private key and code dictionary, requests the logical of communication to third party Letter side's A server, to the communication party opposite end server B three parts composition of communication party's server A request communication.As shown in Figure 1, working as When server background is run, third-party server generates code dictionary and public key Key-1 and private key Key-2, communication party's clothes first Device A be engaged in third-party server initiation communication application, third-party server sends public key Key-1 to communication party's server A, communication Square server A receives automated randomized generation communication identifier Code after public key Key-1, uses Key-1 pairs of third-party public key Code encryption, while communication party's server A will generate public key A_Key-1 and private key A_Key-2, communication party's server A will encrypt Communication identifier Code be encapsulated in key A _ Key-1, the public key A_Key-1 of communication party's server A is sent to third party, Third-party server decrypts message using own private key Key-2, obtains communication identifier Code, inquires corresponding code dictionary, then Using the public key A_Key-1 Crypted password book of communication party's server A, it is sent to communication party's server A, communication party's server A makes Message is decrypted with own private key A_Key-2, obtains code dictionary.
After communication party obtains code dictionary, that is, represents and passed through authentication, can be built by the both sides of authentication Vertical communication link.After communication party's server A obtains code dictionary, authentication process itself is completed, communication party opposite end services at this time Device B wants to communicate with communication party's server A.
As shown in Fig. 2, communication party opposite end server B acquisition code dictionary process is specific as follows:
Communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while to communication party's server A Send communication application and public key B_Key-1;Communication party's server A receives the communication application of communication party's transmission, uses public key B_ Key-1 encrypts local password book, and encrypted code dictionary and own public key A_Key-1 are sent to communication party opposite end clothes Be engaged in device B;Communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, while will lead to Letter information is encrypted using A_Key-1, is sent to communication party's server A, completes the authentication of communication party's server A and B.
As shown in figure 3, actual data transfer process is specific as follows:
(1) communication party opposite end server B and communication party's server A carry out authentication negotiation, communication party opposite end server B Generate Random Communication identifier Code and public key B_Key-1 and private key B_key-2;
(2) communication party opposite end server B is encrypted communication identifier Code using public key B_Key-1, and will communication Identifier is into public key B_Key-1, and as shown in Figure 4: communication identifier Code is added into the key of JSON format, benefit Communication identifier Code is encrypted with header public key Key;
(3) after communication party's server A obtains communication identifier and public key B_Key-1, using public key B-Key-1 to password Book is encrypted, while generating own public key A_Key-1 and private key A_Key-2, communication party's server A by the code dictionary of encryption and Public key A-Key-1 is sent to communication party opposite end server B;
(4) communication party opposite end server B decrypts message using private key B_Key-2, obtains code dictionary, while communication party couple It holds server B to encrypt communication data using public key A_Key-1, is sent to communication party's server A, complete authentication procedures.
The course of work: background service system run when, third-party server generate public key Key-1 and private key Key-2 and Privacy of correspondence book, communication party's server A request signcode book to third-party server, and third party receives the application of A server Afterwards, own public key Key-1 is sent to communication party's server A, and server A generates communication identifier Code at random, uses third party The public key Key-1 of server encrypts Random Communication identifier Code, by encrypted Random Communication identifier Code and communication party The own public key A_Key-1 of server A is sent to third-party server, and third party receives to be believed using own private key Key-2 decryption message The code dictionary of corresponding Random Communication identifier Code is encrypted using A_Key-1, is sent to communication party's A server by breath.Communication party A Server decrypts message information using the private key A_Key-2 itself generated, obtains signcode book.Communication party opposite end server B Public key B_Key-1 and private key B_Key-2 are then generated, sends communication request and public key B_Key-1, communication to communication party's server A Square A encrypts local password book using the public key B_Key-1 of communication party opposite end server B, is sent to communication party opposite end server B, Communication party opposite end server B is decrypted using private key B_Key-2, obtains signcode book.

Claims (3)

1. a kind of modified JSON safety communicating method based on third party's password book server, it is characterised in that: including generating The third-party server of public key, private key and signcode book requests signcode to third party using own public key and private key Communication party's server A of book requests the communication party opposite end server of signcode book using own public key to communication party's server A B;
Signcode book and public key, private key are generated by third-party server first, communication party's server A requests signcode book, Then the communication identifier Code generated at random using third-party public key encryption is serviced communication identifier Code and communication party The public key of device A is sent to third-party server, and third-party server is using public key A_Key-1 coded communication code dictionary and is sent to Communication party's server A;
Communication party opposite end server B is communicated with communication party's server A, and own public key B_Key-1 is sent to communication party's service first Device A, communication party's server A by local password book using B_Key-1 key encrypting and transmitting to communication party opposite end server B, most Communication party opposite end server B obtains the communication of completion and communication party's server A after signcode book afterwards.
2. a kind of modified JSON safety communicating method based on third party's password book server according to claim 1, It is characterized by: communication party's server A obtains the communication mechanism of signcode book:
(1) third-party server is run, and generates signcode book and public key Key-1 and private key Key-2, communication party's server A to Third-party server sends communication request;
(2) after third-party server receives the application of communication party's server A, public key Key-1 is sent to communication party's server A, is led to After letter side's server A receives public key Key-1, random communication identifier Code is automatically generated according to public key Key-1;
(3) communication party's server A generates own public key A_Key-1 and private key A_Key-2 simultaneously, and communication party's server A uses the The public key Key-1 coded communication identifier Code that tripartite sends, by encryption traffic carried identifier Code and own public key A_ Key-1 is sent to third-party server;
(4) third-party server is decrypted message according to own private key Key-2, obtains communication identifier Code, and will be right The signcode book answered is encrypted using A_Key-1, is sent to communication party's server A;
(5) communication party's server A is decrypted message using own private key A_Key-2, obtains signcode book.
3. a kind of modified JSON safety communicating method based on third party's password book server according to claim 1, It is characterized by: communication party opposite end server B obtains the communication mechanism of signcode book:
(1) communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while to communication party's server A Send communication application and public key B_Key-1;
(2) communication party's server A receives the communication application of communication party's transmission, is carried out using public key B_Key-1 to local password book Encrypted code dictionary and own public key A_Key-1 are sent to communication party opposite end server B by encryption;
(3) communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, while will lead to Letter information is encrypted using A_Key-1, is sent to communication party's server A, completes communication party's server A and communication party opposite end takes The authentication of business device B.
CN201910740066.7A 2019-08-12 2019-08-12 A kind of modified JSON safety communicating method based on third party's password book server Pending CN110430204A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910740066.7A CN110430204A (en) 2019-08-12 2019-08-12 A kind of modified JSON safety communicating method based on third party's password book server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910740066.7A CN110430204A (en) 2019-08-12 2019-08-12 A kind of modified JSON safety communicating method based on third party's password book server

Publications (1)

Publication Number Publication Date
CN110430204A true CN110430204A (en) 2019-11-08

Family

ID=68414129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910740066.7A Pending CN110430204A (en) 2019-08-12 2019-08-12 A kind of modified JSON safety communicating method based on third party's password book server

Country Status (1)

Country Link
CN (1) CN110430204A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI779711B (en) * 2020-10-26 2022-10-01 美商戴爾產品有限公司 Distributed secure communication system, information handling system and method for providing distributed secure communications

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN102255732A (en) * 2011-08-31 2011-11-23 公安部第三研究所 Safe certificate issuing method based on USB (Universal Serial Bus) key
CN104023013A (en) * 2014-05-30 2014-09-03 上海帝联信息科技股份有限公司 Data transmission method, server side and client
CN105162797A (en) * 2015-09-24 2015-12-16 广东工业大学 Bidirectional authentication method based on video surveillance system
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN107645378A (en) * 2017-09-12 2018-01-30 中国联合网络通信集团有限公司 Key management platform, communication encrypting method and terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN102255732A (en) * 2011-08-31 2011-11-23 公安部第三研究所 Safe certificate issuing method based on USB (Universal Serial Bus) key
CN104023013A (en) * 2014-05-30 2014-09-03 上海帝联信息科技股份有限公司 Data transmission method, server side and client
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN105162797A (en) * 2015-09-24 2015-12-16 广东工业大学 Bidirectional authentication method based on video surveillance system
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN107645378A (en) * 2017-09-12 2018-01-30 中国联合网络通信集团有限公司 Key management platform, communication encrypting method and terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI779711B (en) * 2020-10-26 2022-10-01 美商戴爾產品有限公司 Distributed secure communication system, information handling system and method for providing distributed secure communications
US11683172B2 (en) 2020-10-26 2023-06-20 Dell Products L.P. Distributed secure communication system

Similar Documents

Publication Publication Date Title
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
CN113612605B (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
JP2020005260A5 (en) Authentication device, authentication system and authentication method
CN101286843B (en) Single-point login method under point-to-point model
CN109347809A (en) A kind of application virtualization safety communicating method towards under autonomous controllable environment
CN105162599B (en) A kind of data transmission system and its transmission method
CN101631305B (en) Encryption method and system
CN102394749B (en) Line protection method, system, information safety equipment and application equipment for data transmission
CN104468126B (en) A kind of safe communication system and method
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN101247407A (en) Network authentication service system and method
CN103634266B (en) A bidirectional authentication method for a server and a terminal
CN106685969A (en) Hybrid-encrypted information transmission method and transmission system
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN113630407A (en) Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN101789863B (en) Safe data information transmission method
CN109104278A (en) A kind of encrypting and decrypting method
CN113726524A (en) Secure communication method and communication system
CN111817846A (en) Lightweight key negotiation communication protocol
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN110430203A (en) A kind of improved safety JSON transmission method towards sensitive data
CN102281303A (en) Data exchange method
CN111901335B (en) Block chain data transmission management method and system based on middle station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20191108