CN111988299A - Method for establishing trusted link between client and server - Google Patents

Method for establishing trusted link between client and server Download PDF

Info

Publication number
CN111988299A
CN111988299A CN202010818245.0A CN202010818245A CN111988299A CN 111988299 A CN111988299 A CN 111988299A CN 202010818245 A CN202010818245 A CN 202010818245A CN 111988299 A CN111988299 A CN 111988299A
Authority
CN
China
Prior art keywords
client
key
public key
server
session key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010818245.0A
Other languages
Chinese (zh)
Inventor
韩芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Shidong Technology Co ltd
Original Assignee
Hangzhou Shidong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Shidong Technology Co ltd filed Critical Hangzhou Shidong Technology Co ltd
Priority to CN202010818245.0A priority Critical patent/CN111988299A/en
Publication of CN111988299A publication Critical patent/CN111988299A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for establishing a trusted link between a client and a server, which comprises the following steps; firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server; secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client; step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client; and step four, after the server receives the public key, reserving the public key, and simultaneously generating a session key used in the symmetric cipher encryption through a pseudo-random number generator. In the data interaction process, the data encryption and decryption speed is increased, the user experience is improved, the safety of user data is ensured, and the malicious attack is less prone to being caused by combining the advantages of multiple encryption schemes.

Description

Method for establishing trusted link between client and server
Technical Field
The invention relates to the technical field of video communication, in particular to a method for establishing a trusted link between a client and a server.
Background
With the rise of the internet of things, remote viewing videos are continuously popularized in various industries, especially in an era with high mobile device utilization rate, more and more scenes are available for viewing remote historical videos by using a mobile terminal, and then the security of personal video data needs to be ensured to a certain extent. The invention discloses a data encryption technical scheme for ensuring the safety of data communication between a client and a server, which comprises the encryption and decryption processing of communication data. In the scheme in the market at present, a scheme of symmetric encryption or public key encryption is adopted to simply ensure the encryption and decryption of data, but in the symmetric encryption, because the encryption key and the decryption key are the same, the symmetric encryption is simply used, the problem of key distribution becomes a great loophole, and in the public key encryption process, the data processing speed is far lower than that of the symmetric encryption, so that the experience is poor.
Disclosure of Invention
The present invention aims to provide a method for establishing a trusted link between a client and a server, so as to solve the problems in the background art.
In order to achieve the purpose, the invention adopts the following technical scheme: designing a method for establishing a trusted link between a client and a server, comprising the following steps;
firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server;
secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client;
step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client;
step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator;
the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client;
the client decrypts the session key by using the private key generated by the client to obtain a real session key;
and step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server.
Preferably, in the sixth step, when the private key generation key is generated, the key is stored by the client.
Preferably, the communication server is used for receiving the authentication information from the client, and generating and sending the related information to the client.
Preferably, in the step five, the specific process of encrypting the session key is as follows: a session key used in symmetric cipher encryption is generated by a pseudo-random number generator, communication data is encrypted by the symmetric cipher, and the session key is encrypted by a public key cipher.
Preferably, in the sixth step, the specific process of decrypting the session key is as follows: the public key is used for decrypting the session key, and the communication data can be decrypted by using the symmetric cipher with the session key.
The invention provides a method for establishing a trusted link between a client and a server, which has the advantages that:
1. in the data interaction process, the speed of data encryption and decryption is increased, and the user experience is improved;
2. the invention ensures the security of user data, combines the advantages of a plurality of encryption schemes and is less likely to be attacked maliciously.
Drawings
FIG. 1 is a diagram of a server-side encryption process of the present invention;
fig. 2 is a diagram of the client decryption process of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, a method for establishing a trusted link between a client and a server includes the following steps; firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server; secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client; step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client; step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator; the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client, wherein the specific process of encrypting the session key is as follows: generating a session key used in symmetric cipher encryption through a pseudo-random number generator, encrypting communication data by using the symmetric cipher, and encrypting the session key by using a public key cipher; step six, the client decrypts the session key by using the private key generated by the client to obtain a real session key, when the private key is generated to generate the key, the key is stored by the client, and the specific process of decrypting the session key is as follows: decrypting the session key by using the public key password, and decrypting the communication data by using the symmetric password with the session key; step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server; the communication server is used for receiving the identity authentication information from the client and generating and sending related information to the client.
The processing speed of data encryption and decryption can be improved by encrypting plaintext data by adopting the symmetric cipher, the key encrypted symmetrically is encrypted by using the public key encryption, the distribution problem of the key in the symmetric encryption is solved, and the advantages of the symmetric encryption and the public key encryption can be combined in the communication between the client and the server;
in order to ensure the security of data, the client and the server need to encrypt the data when communicating the data, so as to ensure that the data is not cracked by people in the transmission process, and establish a reliable link mode; the communication data is encrypted through a symmetric cipher, a secret key used for encrypting the communication data is encrypted through non-pair encryption, and a two-step cipher mechanism is the essence of the scheme; because the symmetric encryption key is generally shorter than the real communication data, the problem of low encryption speed by adopting the public key can be ignored, and the product experience problem can not be influenced.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (5)

1. A method for establishing a trusted link between a client and a server is characterized in that: comprises the following steps;
firstly, opening a client for the first time, and firstly, initiating a request to a server, wherein the request does not transmit any parameter and only aims to obtain a public key generated by the server;
secondly, the server generates a pair of a public key and a private key by utilizing an RSA algorithm, reserves the private key and sends the public key to the client;
step three, after the client receives the public key, the client reserves the public key, and simultaneously generates a pair of public key and private key, and the client reserves the private key and sends the public key to the server, and the request transmits the public key generated by the client;
step four, after the server receives the public key, the public key is reserved, and a session key used in symmetric cipher encryption is generated through a pseudo-random number generator;
the server encrypts the session key by using the public key sent by the client, and finally returns the encrypted session key to the client;
the client decrypts the session key by using the private key generated by the client to obtain a real session key;
and step seven, the session key can be used for encryption and decryption in the subsequent data communication process of the client and the server.
2. The method for establishing the trusted link between the client and the server according to claim 1, wherein in step six, the key is stored by the client when the private key generation key is generated.
3. The method of claim 1, wherein the messaging server is configured to receive authentication information from the client, and generate and send related information to the client.
4. The method for establishing the trusted link between the client and the server according to claim 1, wherein in the fifth step, the specific process of encrypting the session key is as follows: a session key used in symmetric cipher encryption is generated by a pseudo-random number generator, communication data is encrypted by the symmetric cipher, and the session key is encrypted by a public key cipher.
5. The method for establishing the trusted link between the client and the server according to claim 1, wherein in the sixth step, the specific process of decrypting the session key is as follows: the public key is used for decrypting the session key, and the communication data can be decrypted by using the symmetric cipher with the session key.
CN202010818245.0A 2020-08-14 2020-08-14 Method for establishing trusted link between client and server Pending CN111988299A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010818245.0A CN111988299A (en) 2020-08-14 2020-08-14 Method for establishing trusted link between client and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010818245.0A CN111988299A (en) 2020-08-14 2020-08-14 Method for establishing trusted link between client and server

Publications (1)

Publication Number Publication Date
CN111988299A true CN111988299A (en) 2020-11-24

Family

ID=73435195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010818245.0A Pending CN111988299A (en) 2020-08-14 2020-08-14 Method for establishing trusted link between client and server

Country Status (1)

Country Link
CN (1) CN111988299A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702332A (en) * 2020-12-21 2021-04-23 张华� Chain key exchange method, client, server and system
CN112926076A (en) * 2021-03-29 2021-06-08 建信金融科技有限责任公司 Data processing method, device and system
CN113411345A (en) * 2021-06-29 2021-09-17 中国农业银行股份有限公司 Method and device for secure session
CN114338239A (en) * 2022-03-03 2022-04-12 福建天晴数码有限公司 Data encryption transmission method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005361A (en) * 2007-01-22 2007-07-25 北京飞天诚信科技有限公司 Server and software protection method and system
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005361A (en) * 2007-01-22 2007-07-25 北京飞天诚信科技有限公司 Server and software protection method and system
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
CN111464549A (en) * 2020-04-09 2020-07-28 山东水利职业学院 Computer network information security event processing method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702332A (en) * 2020-12-21 2021-04-23 张华� Chain key exchange method, client, server and system
CN112702332B (en) * 2020-12-21 2022-09-16 张华� Chain key exchange method, client, server and system
CN112926076A (en) * 2021-03-29 2021-06-08 建信金融科技有限责任公司 Data processing method, device and system
CN112926076B (en) * 2021-03-29 2023-03-21 中国建设银行股份有限公司 Data processing method, device and system
CN113411345A (en) * 2021-06-29 2021-09-17 中国农业银行股份有限公司 Method and device for secure session
CN113411345B (en) * 2021-06-29 2023-10-10 中国农业银行股份有限公司 Method and device for secure session
CN114338239A (en) * 2022-03-03 2022-04-12 福建天晴数码有限公司 Data encryption transmission method and system
CN114338239B (en) * 2022-03-03 2023-09-01 福建天晴数码有限公司 Method and system for data encryption transmission

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN111130803B (en) Method, system and device for digital signature
CN111988299A (en) Method for establishing trusted link between client and server
CN106878016A (en) Data is activation, method of reseptance and device
CN103763631A (en) Authentication method, server and television
CN111416706B (en) Quantum secret communication system based on secret sharing and communication method thereof
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
US12010216B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN113852460B (en) Implementation method and system for enhancing working key security based on quantum key
CN113079022B (en) Secure transmission method and system based on SM2 key negotiation mechanism
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN101958907A (en) Method, system and device for transmitting key
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN113612797A (en) Kerberos identity authentication protocol improvement method based on state cryptographic algorithm
CN111404664A (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN114338239B (en) Method and system for data encryption transmission
CN110493124A (en) Protect the encryption instantaneous communication system and communication means of data safety
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
KR20060078768A (en) System and method for key recovery using distributed registration of private key
CN112822015B (en) Information transmission method and related device
JP2009065226A (en) Authenticated key exchange system, authenticated key exchange method and program
CN114401102A (en) HTTP request parameter encryption scheme based on cryptographic algorithm
CN118018187A (en) Agent re-encryption method based on SM9 cooperative algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201124