CN110430204A - A kind of modified JSON safety communicating method based on third party's password book server - Google Patents
A kind of modified JSON safety communicating method based on third party's password book server Download PDFInfo
- Publication number
- CN110430204A CN110430204A CN201910740066.7A CN201910740066A CN110430204A CN 110430204 A CN110430204 A CN 110430204A CN 201910740066 A CN201910740066 A CN 201910740066A CN 110430204 A CN110430204 A CN 110430204A
- Authority
- CN
- China
- Prior art keywords
- server
- key
- party
- communication
- communication party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of methods of modified JSON secure communication based on third party's password book server, are related to technical field of communication safety and comprising.This method includes third-party server, communication party A server and communication party opposite end server B.Signcode book and public key, private key are generated by third-party server first, communication party A requests signcode book, the communication identifier Code generated at random using third-party public key encryption, then the public key of communication identifier Code and communication party A are sent to third party, third party is using public key A_Key-1 coded communication code dictionary and is sent to communication party's server A.Communication party opposite end server B is communicated with A, own public key B_Key-1 is sent to communication party's server A first, communication party's server A is by local password book using B_Key-1 key encrypting and transmitting to communication party opposite end server B, and last communication party opposite end server B is completed after obtaining code dictionary and the communication of communication party's server A.Realize cipher mode simplification, rapid, safe.
Description
Technical field
The present invention relates to communication security techniques, specifically a kind of modified JSON based on third-party password book server
Safety communicating method.
Background technique
Currently, when background server cross-domain communication, authentication system between server there are some potential safety problems,
In communication process, for server in mutually confirmation identity, there is plaintext and ciphertext two ways, but mesh in the message identifying of transmission
There are two large problems in the ciphertext cipher mode of preceding mainstream: cipher mode is excessively cumbersome to be simplified with cipher mode.Cipher mode
It is cumbersome that communicating pair server is caused to need to expend the process that certain time is encrypted and decrypted in authenticating identity, and part
The business in field is high to time requirement, so secondary cipher mode is unable to satisfy business demand, and cipher mode simplification is then easy
It causes server to be cracked by force in verification process, great threat is caused for the safety of server.
Summary of the invention
In order to overcome the disadvantages of the above prior art, the present invention provides a kind of improvement based on third party's password book server
The method of type JSON secure communication provides code dictionary by third party, and communication party's server is provided to third party using third party
The communication identifier Code that generates at random of public key encryption, ciphertext sends the communication identifier Code and own public key generated, the
Tripartite obtains the communication identifier Code of encryption, is decrypted using own private key, finds out corresponding signcode book, utilize communication party
Public key encryption code dictionary, ciphertext is sent to communication party.The above problem is efficiently solved, cipher mode simplification, fast is realized
Speedization, safe.
The present invention is realized with following technical solution: a kind of modified JSON peace based on third party's password book server
Full communication method, the third-party server including generating public key, private key and signcode book, using own public key and private key to
Third party requests communication party's server A of signcode book, requests signcode book to communication party's server A using own public key
Communication party opposite end server B;
Signcode book and public key, private key are generated by third-party server first, communication party's server A requests signcode
Book, the communication identifier Code generated at random using third-party public key encryption, then by communication identifier Code and communication party
The public key of server A is sent to third-party server, and third-party server is concurrent using public key A_Key-1 coded communication code dictionary
It send to communication party's server A;
Communication party opposite end server B is communicated with communication party's server A, and own public key B_Key-1 is sent to communication party first
Local password book is used B_Key-1 key encrypting and transmitting to communication party opposite end server by server A, communication party's server A
B, last communication party opposite end server B is completed after obtaining signcode book and the communication of communication party's server A.
Preferably, communication party's server A obtains the communication mechanism of signcode book:
(1) third-party server is run, and generates signcode book and public key Key-1 and private key Key-2, communication party's server
A sends communication request to third-party server;
(2) after third-party server receives the application of communication party's server A, public key Key-1 is sent to communication party's server
After communication party's server A receives public key Key-1, random communication identifier Code is automatically generated according to public key Key-1 by A;
(3) communication party's server A generates own public key A_Key-1 and private key A_Key-2 simultaneously, and communication party's server A makes
The public key Key-1 coded communication identifier Code sent with third party, by encryption traffic carried identifier Code and itself public affairs
Key A_Key-1 is sent to third-party server;
(4) third-party server is decrypted message according to own private key Key-2, obtains communication identifier Code, and
Corresponding signcode book is encrypted using A_Key-1, is sent to communication party's server A;
(5) communication party's server A is decrypted message using own private key A_Key-2, obtains signcode book.
Preferably, communication party opposite end server B obtains the communication mechanism of signcode book:
(1) communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while servicing to communication party
Device A sends communication application and public key B_Key-1;
(2) communication party's server A receives the communication application of communication party's transmission, using public key B_Key-1 to local password book
It is encrypted, encrypted code dictionary and own public key A_Key-1 is sent to communication party opposite end server B;
(3) communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, simultaneously
The communication information is encrypted using A_Key-1, is sent to communication party's server A, completes communication party's server A and communication party couple
Hold the authentication of server B.
Compared with the prior technical scheme, beneficial effects of the present invention:
(1) core design of prior art is utilized, is improved on the basis of original technology;
(2) verifying of identity information, is reduced to the acquisition of signcode book by the symmetry for utilizing public, private key;
(3) accuracy for improving server identity authentication system reduces the process of repetition certification.
Detailed description of the invention
The present invention will be further explained below with reference to the attached drawings.
Fig. 1 is that communication party's server A in the present invention obtains code dictionary structure chart;
Fig. 2 is that communication party opposite end server B obtains code dictionary structure chart in the present invention;
Fig. 3 is actual data transfer flow chart in the present invention;
Fig. 4 is the improvement structure chart of key JSON in the present invention.
Specific embodiment
This system includes the third-party server for generating public key and private key and code dictionary, requests the logical of communication to third party
Letter side's A server, to the communication party opposite end server B three parts composition of communication party's server A request communication.As shown in Figure 1, working as
When server background is run, third-party server generates code dictionary and public key Key-1 and private key Key-2, communication party's clothes first
Device A be engaged in third-party server initiation communication application, third-party server sends public key Key-1 to communication party's server A, communication
Square server A receives automated randomized generation communication identifier Code after public key Key-1, uses Key-1 pairs of third-party public key
Code encryption, while communication party's server A will generate public key A_Key-1 and private key A_Key-2, communication party's server A will encrypt
Communication identifier Code be encapsulated in key A _ Key-1, the public key A_Key-1 of communication party's server A is sent to third party,
Third-party server decrypts message using own private key Key-2, obtains communication identifier Code, inquires corresponding code dictionary, then
Using the public key A_Key-1 Crypted password book of communication party's server A, it is sent to communication party's server A, communication party's server A makes
Message is decrypted with own private key A_Key-2, obtains code dictionary.
After communication party obtains code dictionary, that is, represents and passed through authentication, can be built by the both sides of authentication
Vertical communication link.After communication party's server A obtains code dictionary, authentication process itself is completed, communication party opposite end services at this time
Device B wants to communicate with communication party's server A.
As shown in Fig. 2, communication party opposite end server B acquisition code dictionary process is specific as follows:
Communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while to communication party's server A
Send communication application and public key B_Key-1;Communication party's server A receives the communication application of communication party's transmission, uses public key B_
Key-1 encrypts local password book, and encrypted code dictionary and own public key A_Key-1 are sent to communication party opposite end clothes
Be engaged in device B;Communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, while will lead to
Letter information is encrypted using A_Key-1, is sent to communication party's server A, completes the authentication of communication party's server A and B.
As shown in figure 3, actual data transfer process is specific as follows:
(1) communication party opposite end server B and communication party's server A carry out authentication negotiation, communication party opposite end server B
Generate Random Communication identifier Code and public key B_Key-1 and private key B_key-2;
(2) communication party opposite end server B is encrypted communication identifier Code using public key B_Key-1, and will communication
Identifier is into public key B_Key-1, and as shown in Figure 4: communication identifier Code is added into the key of JSON format, benefit
Communication identifier Code is encrypted with header public key Key;
(3) after communication party's server A obtains communication identifier and public key B_Key-1, using public key B-Key-1 to password
Book is encrypted, while generating own public key A_Key-1 and private key A_Key-2, communication party's server A by the code dictionary of encryption and
Public key A-Key-1 is sent to communication party opposite end server B;
(4) communication party opposite end server B decrypts message using private key B_Key-2, obtains code dictionary, while communication party couple
It holds server B to encrypt communication data using public key A_Key-1, is sent to communication party's server A, complete authentication procedures.
The course of work: background service system run when, third-party server generate public key Key-1 and private key Key-2 and
Privacy of correspondence book, communication party's server A request signcode book to third-party server, and third party receives the application of A server
Afterwards, own public key Key-1 is sent to communication party's server A, and server A generates communication identifier Code at random, uses third party
The public key Key-1 of server encrypts Random Communication identifier Code, by encrypted Random Communication identifier Code and communication party
The own public key A_Key-1 of server A is sent to third-party server, and third party receives to be believed using own private key Key-2 decryption message
The code dictionary of corresponding Random Communication identifier Code is encrypted using A_Key-1, is sent to communication party's A server by breath.Communication party A
Server decrypts message information using the private key A_Key-2 itself generated, obtains signcode book.Communication party opposite end server B
Public key B_Key-1 and private key B_Key-2 are then generated, sends communication request and public key B_Key-1, communication to communication party's server A
Square A encrypts local password book using the public key B_Key-1 of communication party opposite end server B, is sent to communication party opposite end server B,
Communication party opposite end server B is decrypted using private key B_Key-2, obtains signcode book.
Claims (3)
1. a kind of modified JSON safety communicating method based on third party's password book server, it is characterised in that: including generating
The third-party server of public key, private key and signcode book requests signcode to third party using own public key and private key
Communication party's server A of book requests the communication party opposite end server of signcode book using own public key to communication party's server A
B;
Signcode book and public key, private key are generated by third-party server first, communication party's server A requests signcode book,
Then the communication identifier Code generated at random using third-party public key encryption is serviced communication identifier Code and communication party
The public key of device A is sent to third-party server, and third-party server is using public key A_Key-1 coded communication code dictionary and is sent to
Communication party's server A;
Communication party opposite end server B is communicated with communication party's server A, and own public key B_Key-1 is sent to communication party's service first
Device A, communication party's server A by local password book using B_Key-1 key encrypting and transmitting to communication party opposite end server B, most
Communication party opposite end server B obtains the communication of completion and communication party's server A after signcode book afterwards.
2. a kind of modified JSON safety communicating method based on third party's password book server according to claim 1,
It is characterized by: communication party's server A obtains the communication mechanism of signcode book:
(1) third-party server is run, and generates signcode book and public key Key-1 and private key Key-2, communication party's server A to
Third-party server sends communication request;
(2) after third-party server receives the application of communication party's server A, public key Key-1 is sent to communication party's server A, is led to
After letter side's server A receives public key Key-1, random communication identifier Code is automatically generated according to public key Key-1;
(3) communication party's server A generates own public key A_Key-1 and private key A_Key-2 simultaneously, and communication party's server A uses the
The public key Key-1 coded communication identifier Code that tripartite sends, by encryption traffic carried identifier Code and own public key A_
Key-1 is sent to third-party server;
(4) third-party server is decrypted message according to own private key Key-2, obtains communication identifier Code, and will be right
The signcode book answered is encrypted using A_Key-1, is sent to communication party's server A;
(5) communication party's server A is decrypted message using own private key A_Key-2, obtains signcode book.
3. a kind of modified JSON safety communicating method based on third party's password book server according to claim 1,
It is characterized by: communication party opposite end server B obtains the communication mechanism of signcode book:
(1) communication party opposite end server B generates own public key B_Key-1 and private key B_Key-2, while to communication party's server A
Send communication application and public key B_Key-1;
(2) communication party's server A receives the communication application of communication party's transmission, is carried out using public key B_Key-1 to local password book
Encrypted code dictionary and own public key A_Key-1 are sent to communication party opposite end server B by encryption;
(3) communication party opposite end server B decrypts message using own private key B_Key-2, obtains signcode book, while will lead to
Letter information is encrypted using A_Key-1, is sent to communication party's server A, completes communication party's server A and communication party opposite end takes
The authentication of business device B.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910740066.7A CN110430204A (en) | 2019-08-12 | 2019-08-12 | A kind of modified JSON safety communicating method based on third party's password book server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910740066.7A CN110430204A (en) | 2019-08-12 | 2019-08-12 | A kind of modified JSON safety communicating method based on third party's password book server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110430204A true CN110430204A (en) | 2019-11-08 |
Family
ID=68414129
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910740066.7A Pending CN110430204A (en) | 2019-08-12 | 2019-08-12 | A kind of modified JSON safety communicating method based on third party's password book server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110430204A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI779711B (en) * | 2020-10-26 | 2022-10-01 | 美商戴爾產品有限公司 | Distributed secure communication system, information handling system and method for providing distributed secure communications |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101945114A (en) * | 2010-09-20 | 2011-01-12 | 西安电子科技大学 | Identity authentication method based on fuzzy vault and digital certificate |
CN102255732A (en) * | 2011-08-31 | 2011-11-23 | 公安部第三研究所 | Safe certificate issuing method based on USB (Universal Serial Bus) key |
CN104023013A (en) * | 2014-05-30 | 2014-09-03 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
CN105162797A (en) * | 2015-09-24 | 2015-12-16 | 广东工业大学 | Bidirectional authentication method based on video surveillance system |
CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
CN107645378A (en) * | 2017-09-12 | 2018-01-30 | 中国联合网络通信集团有限公司 | Key management platform, communication encrypting method and terminal |
-
2019
- 2019-08-12 CN CN201910740066.7A patent/CN110430204A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101945114A (en) * | 2010-09-20 | 2011-01-12 | 西安电子科技大学 | Identity authentication method based on fuzzy vault and digital certificate |
CN102255732A (en) * | 2011-08-31 | 2011-11-23 | 公安部第三研究所 | Safe certificate issuing method based on USB (Universal Serial Bus) key |
CN104023013A (en) * | 2014-05-30 | 2014-09-03 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
CN105162797A (en) * | 2015-09-24 | 2015-12-16 | 广东工业大学 | Bidirectional authentication method based on video surveillance system |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
CN107645378A (en) * | 2017-09-12 | 2018-01-30 | 中国联合网络通信集团有限公司 | Key management platform, communication encrypting method and terminal |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI779711B (en) * | 2020-10-26 | 2022-10-01 | 美商戴爾產品有限公司 | Distributed secure communication system, information handling system and method for providing distributed secure communications |
US11683172B2 (en) | 2020-10-26 | 2023-06-20 | Dell Products L.P. | Distributed secure communication system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
CN113612605B (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
JP2020005260A5 (en) | Authentication device, authentication system and authentication method | |
CN101286843B (en) | Single-point login method under point-to-point model | |
CN109347809A (en) | A kind of application virtualization safety communicating method towards under autonomous controllable environment | |
CN105162599B (en) | A kind of data transmission system and its transmission method | |
CN101631305B (en) | Encryption method and system | |
CN102394749B (en) | Line protection method, system, information safety equipment and application equipment for data transmission | |
CN104468126B (en) | A kind of safe communication system and method | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN101247407A (en) | Network authentication service system and method | |
CN103634266B (en) | A bidirectional authentication method for a server and a terminal | |
CN106685969A (en) | Hybrid-encrypted information transmission method and transmission system | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
CN113630407A (en) | Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology | |
CN101789863B (en) | Safe data information transmission method | |
CN109104278A (en) | A kind of encrypting and decrypting method | |
CN113726524A (en) | Secure communication method and communication system | |
CN111817846A (en) | Lightweight key negotiation communication protocol | |
CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
CN110430203A (en) | A kind of improved safety JSON transmission method towards sensitive data | |
CN102281303A (en) | Data exchange method | |
CN111901335B (en) | Block chain data transmission management method and system based on middle station |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191108 |