CN111988299A - Method for establishing trusted link between client and server - Google Patents
Method for establishing trusted link between client and server Download PDFInfo
- Publication number
- CN111988299A CN111988299A CN202010818245.0A CN202010818245A CN111988299A CN 111988299 A CN111988299 A CN 111988299A CN 202010818245 A CN202010818245 A CN 202010818245A CN 111988299 A CN111988299 A CN 111988299A
- Authority
- CN
- China
- Prior art keywords
- client
- key
- public key
- server
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000000977 initiatory effect Effects 0.000 claims abstract description 4
- 230000006854 communication Effects 0.000 claims description 18
- 230000003993 interaction Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for establishing a trusted link between a client and a server, which comprises the following steps; firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server; secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client; step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client; and step four, after the server receives the public key, reserving the public key, and simultaneously generating a session key used in the symmetric cipher encryption through a pseudo-random number generator. In the data interaction process, the data encryption and decryption speed is increased, the user experience is improved, the safety of user data is ensured, and the malicious attack is less prone to being caused by combining the advantages of multiple encryption schemes.
Description
Technical Field
The invention relates to the technical field of video communication, in particular to a method for establishing a trusted link between a client and a server.
Background
With the rise of the internet of things, remote viewing videos are continuously popularized in various industries, especially in an era with high mobile device utilization rate, more and more scenes are available for viewing remote historical videos by using a mobile terminal, and then the security of personal video data needs to be ensured to a certain extent. The invention discloses a data encryption technical scheme for ensuring the safety of data communication between a client and a server, which comprises the encryption and decryption processing of communication data. In the scheme in the market at present, a scheme of symmetric encryption or public key encryption is adopted to simply ensure the encryption and decryption of data, but in the symmetric encryption, because the encryption key and the decryption key are the same, the symmetric encryption is simply used, the problem of key distribution becomes a great loophole, and in the public key encryption process, the data processing speed is far lower than that of the symmetric encryption, so that the experience is poor.
Disclosure of Invention
The present invention aims to provide a method for establishing a trusted link between a client and a server, so as to solve the problems in the background art.
In order to achieve the purpose, the invention adopts the following technical scheme: designing a method for establishing a trusted link between a client and a server, comprising the following steps;
firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server;
secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client;
step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client;
step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator;
the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client;
the client decrypts the session key by using the private key generated by the client to obtain a real session key;
and step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server.
Preferably, in the sixth step, when the private key generation key is generated, the key is stored by the client.
Preferably, the communication server is used for receiving the authentication information from the client, and generating and sending the related information to the client.
Preferably, in the step five, the specific process of encrypting the session key is as follows: a session key used in symmetric cipher encryption is generated by a pseudo-random number generator, communication data is encrypted by the symmetric cipher, and the session key is encrypted by a public key cipher.
Preferably, in the sixth step, the specific process of decrypting the session key is as follows: the public key is used for decrypting the session key, and the communication data can be decrypted by using the symmetric cipher with the session key.
The invention provides a method for establishing a trusted link between a client and a server, which has the advantages that:
1. in the data interaction process, the speed of data encryption and decryption is increased, and the user experience is improved;
2. the invention ensures the security of user data, combines the advantages of a plurality of encryption schemes and is less likely to be attacked maliciously.
Drawings
FIG. 1 is a diagram of a server-side encryption process of the present invention;
fig. 2 is a diagram of the client decryption process of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, a method for establishing a trusted link between a client and a server includes the following steps; firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server; secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client; step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client; step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator; the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client, wherein the specific process of encrypting the session key is as follows: generating a session key used in symmetric cipher encryption through a pseudo-random number generator, encrypting communication data by using the symmetric cipher, and encrypting the session key by using a public key cipher; step six, the client decrypts the session key by using the private key generated by the client to obtain a real session key, when the private key is generated to generate the key, the key is stored by the client, and the specific process of decrypting the session key is as follows: decrypting the session key by using the public key password, and decrypting the communication data by using the symmetric password with the session key; step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server; the communication server is used for receiving the identity authentication information from the client and generating and sending related information to the client.
The processing speed of data encryption and decryption can be improved by encrypting plaintext data by adopting the symmetric cipher, the key encrypted symmetrically is encrypted by using the public key encryption, the distribution problem of the key in the symmetric encryption is solved, and the advantages of the symmetric encryption and the public key encryption can be combined in the communication between the client and the server;
in order to ensure the security of data, the client and the server need to encrypt the data when communicating the data, so as to ensure that the data is not cracked by people in the transmission process, and establish a reliable link mode; the communication data is encrypted through a symmetric cipher, a secret key used for encrypting the communication data is encrypted through non-pair encryption, and a two-step cipher mechanism is the essence of the scheme; because the symmetric encryption key is generally shorter than the real communication data, the problem of low encryption speed by adopting the public key can be ignored, and the product experience problem can not be influenced.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (5)
1. A method for establishing a trusted link between a client and a server is characterized in that: comprises the following steps;
firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server;
secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client;
step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client;
step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator;
the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client;
the client decrypts the session key by using the private key generated by the client to obtain a real session key;
and step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server.
2. The method for establishing the trusted link between the client and the server according to claim 1, wherein in step six, the key is stored by the client when the private key generation key is generated.
3. The method of claim 1, wherein the messaging server is configured to receive authentication information from the client, and generate and send related information to the client.
4. The method for establishing the trusted link between the client and the server according to claim 1, wherein in the fifth step, the specific process of encrypting the session key is as follows: a session key used in symmetric cipher encryption is generated by a pseudo-random number generator, communication data is encrypted by the symmetric cipher, and the session key is encrypted by a public key cipher.
5. The method for establishing the trusted link between the client and the server according to claim 1, wherein in the sixth step, the specific process of decrypting the session key is as follows: the public key is used for decrypting the session key, and the communication data can be decrypted by using the symmetric cipher with the session key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010818245.0A CN111988299A (en) | 2020-08-14 | 2020-08-14 | Method for establishing trusted link between client and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010818245.0A CN111988299A (en) | 2020-08-14 | 2020-08-14 | Method for establishing trusted link between client and server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111988299A true CN111988299A (en) | 2020-11-24 |
Family
ID=73435195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010818245.0A Pending CN111988299A (en) | 2020-08-14 | 2020-08-14 | Method for establishing trusted link between client and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111988299A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112702332A (en) * | 2020-12-21 | 2021-04-23 | 张华� | Chain key exchange method, client, server and system |
CN112926076A (en) * | 2021-03-29 | 2021-06-08 | 建信金融科技有限责任公司 | Data processing method, device and system |
CN113411345A (en) * | 2021-06-29 | 2021-09-17 | 中国农业银行股份有限公司 | Method and device for secure session |
CN114338239A (en) * | 2022-03-03 | 2022-04-12 | 福建天晴数码有限公司 | Data encryption transmission method and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005361A (en) * | 2007-01-22 | 2007-07-25 | 北京飞天诚信科技有限公司 | Server and software protection method and system |
CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
CN107682141A (en) * | 2017-10-26 | 2018-02-09 | 广州市雷军游乐设备有限公司 | Data ciphering method and system for data transfer |
CN109150923A (en) * | 2018-11-06 | 2019-01-04 | 江苏怡通数码科技有限公司 | Transmitted data on network security processing based on Hybrid Encryption |
CN111464549A (en) * | 2020-04-09 | 2020-07-28 | 山东水利职业学院 | Computer network information security event processing method |
-
2020
- 2020-08-14 CN CN202010818245.0A patent/CN111988299A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005361A (en) * | 2007-01-22 | 2007-07-25 | 北京飞天诚信科技有限公司 | Server and software protection method and system |
CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
CN102833253A (en) * | 2012-08-29 | 2012-12-19 | 五八同城信息技术有限公司 | Method and server for establishing safe connection between client and server |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
CN107682141A (en) * | 2017-10-26 | 2018-02-09 | 广州市雷军游乐设备有限公司 | Data ciphering method and system for data transfer |
CN109150923A (en) * | 2018-11-06 | 2019-01-04 | 江苏怡通数码科技有限公司 | Transmitted data on network security processing based on Hybrid Encryption |
CN111464549A (en) * | 2020-04-09 | 2020-07-28 | 山东水利职业学院 | Computer network information security event processing method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112702332A (en) * | 2020-12-21 | 2021-04-23 | 张华� | Chain key exchange method, client, server and system |
CN112702332B (en) * | 2020-12-21 | 2022-09-16 | 张华� | Chain key exchange method, client, server and system |
CN112926076A (en) * | 2021-03-29 | 2021-06-08 | 建信金融科技有限责任公司 | Data processing method, device and system |
CN112926076B (en) * | 2021-03-29 | 2023-03-21 | 中国建设银行股份有限公司 | Data processing method, device and system |
CN113411345A (en) * | 2021-06-29 | 2021-09-17 | 中国农业银行股份有限公司 | Method and device for secure session |
CN113411345B (en) * | 2021-06-29 | 2023-10-10 | 中国农业银行股份有限公司 | Method and device for secure session |
CN114338239A (en) * | 2022-03-03 | 2022-04-12 | 福建天晴数码有限公司 | Data encryption transmission method and system |
CN114338239B (en) * | 2022-03-03 | 2023-09-01 | 福建天晴数码有限公司 | Method and system for data encryption transmission |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10785019B2 (en) | Data transmission method and apparatus | |
US8670563B2 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
CN111130803B (en) | Method, system and device for digital signature | |
CN111988299A (en) | Method for establishing trusted link between client and server | |
CN106878016A (en) | Data is activation, method of reseptance and device | |
CN103763631A (en) | Authentication method, server and television | |
CN111416706B (en) | Quantum secret communication system based on secret sharing and communication method thereof | |
CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
US12010216B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
CN113852460B (en) | Implementation method and system for enhancing working key security based on quantum key | |
CN113079022B (en) | Secure transmission method and system based on SM2 key negotiation mechanism | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN101958907A (en) | Method, system and device for transmitting key | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN113612797A (en) | Kerberos identity authentication protocol improvement method based on state cryptographic algorithm | |
CN111404664A (en) | Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN114338239B (en) | Method and system for data encryption transmission | |
CN110493124A (en) | Protect the encryption instantaneous communication system and communication means of data safety | |
CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
KR20060078768A (en) | System and method for key recovery using distributed registration of private key | |
CN112822015B (en) | Information transmission method and related device | |
JP2009065226A (en) | Authenticated key exchange system, authenticated key exchange method and program | |
CN114401102A (en) | HTTP request parameter encryption scheme based on cryptographic algorithm | |
CN118018187A (en) | Agent re-encryption method based on SM9 cooperative algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201124 |