CN112073369B - Encrypted communication method based on application layer - Google Patents

Encrypted communication method based on application layer Download PDF

Info

Publication number
CN112073369B
CN112073369B CN202010743010.XA CN202010743010A CN112073369B CN 112073369 B CN112073369 B CN 112073369B CN 202010743010 A CN202010743010 A CN 202010743010A CN 112073369 B CN112073369 B CN 112073369B
Authority
CN
China
Prior art keywords
data
head
virtual
user
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010743010.XA
Other languages
Chinese (zh)
Other versions
CN112073369A (en
Inventor
胡遨洋
钱伟
朱重希
花志伟
刘书涵
徐宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202010743010.XA priority Critical patent/CN112073369B/en
Publication of CN112073369A publication Critical patent/CN112073369A/en
Application granted granted Critical
Publication of CN112073369B publication Critical patent/CN112073369B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to an encryption communication method based on an application layer, which comprises a first client information sending encryption method, a second client information receiving decryption method, a second client information reply encryption method and a first client information receiving decryption method, wherein the first client information sending encryption method comprises the following steps: generating a first virtual data head; generating first user data; generating a second virtual data header, and adding the second virtual data header into the first data receiving white list; establishing and storing a first mapping relation table; generating and sending a first ciphertext; generating second user data; and encrypting the data body of the second user data to obtain third user data and transmitting the third user data. The invention has the advantages that: ensuring that the original data header information is not leaked and informing the opposite client of the virtual data header corresponding to the original data header; a hacker can be prevented from intercepting the data header to perform data counterfeiting; the problem that the size of the ciphertext and when to start decryption cannot be determined due to data header encryption is solved.

Description

Encrypted communication method based on application layer
Technical Field
The invention relates to the technical field of communication safety, in particular to an encryption communication method based on an application layer.
Background
With the development of computer technology in the 20 th century, network transmission technology has become an important information transfer means in the fields of industry, agriculture, national defense and the like, and gradually starts to enter other various fields of society. As the network gradually permeates the life, work, entertainment and other aspects of people, the information security problem in the network transmission process is becoming a hot spot of people's attention. In order to improve the security of user information in network transmission, network transmission data encryption technology is becoming a research hotspot of people. The current common data encryption technologies include digital signature authentication, personal identity authentication, electronic seal, and the like. Although a relatively secure network data environment can be realized by the methods, the data is stolen, and the website is hacked.
The prior computer network data transmission encryption method is mostly applied to an end-to-end encryption method, and the end-to-end encryption mode is that a ciphertext form is always transmitted from a transmitting end to a receiving end in the data transmission process. Therefore, the data transmission can be protected in the whole process. In the wireless network data encryption transmission, user data of an application layer is generally encrypted. The user data of the application layer comprises two parts, namely a data header and a data body, wherein the data header contains some important information related to the data body, such as version number, data length, data type and the like. At present, when user data is encrypted, only a data body is encrypted, and a data head containing some important information related to the data is not encrypted. At this time, if a hacking attack or an illegal action such as field tampering occurs, the hacker can intercept or modify some important information related to the user data. For example, in the case that the data header is not encrypted, if a hacker intercepts information in the data header at this time, it may send some spam information having the same data header as a normal data body to the receiving end, and occupy data transmission resources to cause a service failure. If the data header is encrypted, the receiving party cannot determine the data length of the data volume, cannot determine the size of the ciphertext, and cannot determine when to start decryption.
Disclosure of Invention
The invention mainly solves the problem that a hacker can influence service by intercepting a data head and can communicate service if the data head is encrypted by the existing encryption scheme because the data body is only encrypted but not encrypted, and provides an encryption communication method based on an application layer, which can change the virtual data head in real time by setting the virtual data head.
The technical scheme adopted by the invention for solving the technical problem is that the encryption communication method based on the application layer is used for mutual communication between a first client and a second client, and comprises a first client information sending encryption method, a second client information receiving decryption method, a second client information reply encryption method and a first client information receiving decryption method, wherein the first client information sending encryption method comprises the following steps:
s01: generating a first virtual data head;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body, wherein the original data head is an actual data head of the client;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head;
s05: performing packet cutting and filling on the first user data according to a preset fixed data size;
s06: encrypting each data packet to generate a first ciphertext and transmitting the first ciphertext;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: and encrypting the data body of the second user data to obtain third user data and transmitting the third user data.
When communication is established, the original data head and the virtual data head information of the opposite side are informed firstly, then the communication is carried out by the virtual data head, and each virtual data head is used only once, so that a hacker is prevented from intercepting the data head to attack; the first user data is cut and filled with the preset fixed data size, and each data packet is encrypted, so that the receiving end can decrypt the data packet when receiving the data packet with the preset fixed data size, and the problems that the size of a ciphertext cannot be determined and the decryption starts when the ciphertext cannot be determined due to data header encryption are solved.
As a preferable scheme of the above scheme, the first-time information receiving and decrypting method for the second client includes the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s13: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data head according to the data head of the user data and adding the second virtual data head into a second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
As a preferable scheme of the foregoing scheme, the second client information reply encryption method includes the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and taking the input information of the second client user as a data body;
s22: encrypting the data body of the fourth user data to obtain the fifth user data and sending
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
As a preferable scheme of the above scheme, the first-time information receiving and decrypting method of the first client includes the following steps:
s31: screening the received data, and reserving user data with a data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
As a preferable scheme of the foregoing scheme, the dummy data header includes a version number, a data length, and a data type, where the data length is a length of a data body of the user data formed by the dummy data header, and the version number and the data type are changed according to a preset rule.
As a preferable scheme of the above scheme, the first ciphertext is transmitted by a TCP.
As a preferable scheme of the above scheme, during the communication between the first client and the second client, a different data header is used for each user data communication.
The invention has the advantages that: the original data head and the virtual data head form application data, the application data is encrypted integrally and then sent to the opposite side, and therefore a communication relation is established, information of the original data head is guaranteed not to be leaked, and the client side of the opposite side can be informed of the virtual data head corresponding to the original data head; after the communication relation is established, the virtual data head is adopted for communication and changes along with information transmission, so that a hacker can be prevented from intercepting the data head to perform data counterfeiting; the first user data is cut and filled with the preset fixed data size, and each data packet is encrypted, so that the receiving end can decrypt the data packet when receiving the data packet with the preset fixed data size, and the problems that the size of a ciphertext cannot be determined and the decryption starts when the ciphertext cannot be determined due to data header encryption are solved.
Drawings
Fig. 1 is a flowchart illustrating a first-time information sending encryption method of a first client in an embodiment.
Fig. 2 is a flowchart illustrating a first-time information receiving and decrypting method of the second client in the embodiment.
Fig. 3 is a flowchart illustrating a reply encryption method for a second client message according to an embodiment.
Fig. 4 is a flowchart illustrating a first-time information receiving and decrypting method of the first client in the embodiment.
Detailed Description
The technical scheme of the invention is further explained by the embodiments and the accompanying drawings.
Example (b):
an encryption communication method based on an application layer is used for mutual communication between a first client and a second client, and includes a first client first information sending encryption method, a second client first information receiving decryption method, a second client information reply encryption method, and a first client first information receiving decryption method, where the first client first information sending encryption method includes the following steps as shown in fig. 1:
s01: generating a first virtual data head, wherein the virtual data head comprises a version number, a data length and a data type, the data length is the length of a data body of user data formed by the virtual data head, the version number and the data type are changed according to a preset rule, the same rule is stored in a first client and a second client, namely after the first virtual data head is known, the second virtual data heads generated by the first client and the second client according to the first virtual data head are the same, so that the synchronization of the virtual data heads between the two clients is realized, and a basis is provided for communication between the two clients by adopting the virtual data heads;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head; the original data head corresponding to the virtual data head can be determined through the first mapping relation table, so that the communication data can be conveniently stored;
s05: performing packet cutting and filling on the first user data according to the preset fixed data size 1 kB;
s06: encrypting each data packet to generate a first ciphertext and sending the first ciphertext through a TCP (transmission control protocol); the second client can decrypt when receiving data of 1kB, so that the encryption safety transmission of the original data head and the first virtual data head is realized, and the problems that the size of a ciphertext cannot be determined and the decryption is started due to the encryption of the data head are solved;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: and encrypting the data body of the second user data to obtain third user data and transmitting the third user data.
As shown in fig. 2, the first-time information receiving and decrypting method of the second client includes the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s13: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data head according to the data head of the user data and adding the second virtual data head into a second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
As shown in fig. 3, the second client information reply encryption method includes the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and taking the input information of the second client user as a data body;
s22: encrypting the data body of the fourth user data to obtain fifth user data and sending the fifth user data
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
As shown in fig. 4, the first-time information receiving and decrypting method for the first client includes the following steps:
s31: screening the received data, and reserving the user data with the data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding the third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
When the first client communicates with the second client for the first time and immediately sends the next piece of information to the second client, the following steps are executed:
s41: generating user data by taking the second virtual data head as a data head and taking the input information of the first client user as a data body;
s42: encrypting the data body of the user data to obtain the encrypted user data and sending the encrypted user data
S43: generating a third virtual data head according to the second virtual data head;
s44: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s45: and deleting the second virtual data header in the first data receiving white list.
That is, in the communication process between the first client and the second client, different data headers are adopted for each user data communication. For example, after the first communication, the first client continuously sends 5 pieces of information to the second client, the data headers of the 5 pieces of information are sequentially a data header a, a data header b, a data header c, a data header d, and a data header e, the data header b is generated on the basis of the data header a according to a preset rule, the data header c is generated on the basis of the data header b according to a preset rule, and so on. Meanwhile, after receiving the information, the second client also generates a next data header according to the data header of the information so as to receive the next piece of information of the first client or send the information to the first client.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.

Claims (6)

1. An encryption communication method based on an application layer is used for mutual communication between a first client and a second client, and is characterized in that: the method comprises a first client side first information sending encryption method, a second client side first information receiving decryption method, a second client side information reply encryption method and a first client side first information receiving decryption method, wherein the first client side first information sending encryption method comprises the following steps:
s01: generating a first virtual data head;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head;
s05: the method comprises the steps of cutting and filling first user data according to a preset fixed data size;
s06: encrypting each data packet to generate a first ciphertext and transmitting the first ciphertext;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: encrypting the data body of the second user data to obtain third user data and sending the third user data;
the first information receiving and decrypting method for the second client comprises the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s15: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data header according to the data header of the user data in step S15 and adding the second virtual data header to the second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
2. The encrypted communication method based on the application layer according to claim 1, characterized in that: the second client information reply encryption method comprises the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and the second client user input information as a data body;
s22: encrypting the data body of the fourth user data to obtain fifth user data and sending the fifth user data
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
3. The encryption communication method based on the application layer as claimed in claim 2, wherein: the first-time information receiving and decrypting method for the first client comprises the following steps:
s31: screening the received data, and reserving the user data with the data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
4. A method of encrypted communication based on the application layer according to claim 1, 2 or 3, characterized by: the virtual data head comprises a version number, a data length and a data type, wherein the data length is the length of a data body of user data formed by the virtual data head, and the version number and the data type are changed according to a preset rule.
5. The encryption communication method based on the application layer as claimed in claim 1, wherein: and the first ciphertext is transmitted through a TCP protocol.
6. The encryption communication method based on the application layer as claimed in claim 1, wherein: in the communication process of the first client and the second client, different data heads are adopted for each user data communication.
CN202010743010.XA 2020-07-29 2020-07-29 Encrypted communication method based on application layer Active CN112073369B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010743010.XA CN112073369B (en) 2020-07-29 2020-07-29 Encrypted communication method based on application layer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010743010.XA CN112073369B (en) 2020-07-29 2020-07-29 Encrypted communication method based on application layer

Publications (2)

Publication Number Publication Date
CN112073369A CN112073369A (en) 2020-12-11
CN112073369B true CN112073369B (en) 2022-06-17

Family

ID=73656888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010743010.XA Active CN112073369B (en) 2020-07-29 2020-07-29 Encrypted communication method based on application layer

Country Status (1)

Country Link
CN (1) CN112073369B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN108712236A (en) * 2018-07-06 2018-10-26 北京比特大陆科技有限公司 A kind of information processing method, device and electronic equipment
CN109379380A (en) * 2018-12-06 2019-02-22 联想图像(天津)科技有限公司 Data transmission method, data receiver method and remote printing system, mobile terminal
CN110995639A (en) * 2019-08-30 2020-04-10 深圳精匠云创科技有限公司 Data transmission method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007010779A1 (en) * 2005-07-15 2007-01-25 Matsushita Electric Industrial Co., Ltd. Packet transmitter

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN108712236A (en) * 2018-07-06 2018-10-26 北京比特大陆科技有限公司 A kind of information processing method, device and electronic equipment
CN109379380A (en) * 2018-12-06 2019-02-22 联想图像(天津)科技有限公司 Data transmission method, data receiver method and remote printing system, mobile terminal
CN110995639A (en) * 2019-08-30 2020-04-10 深圳精匠云创科技有限公司 Data transmission method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种无线网络数据传输加密协议的设计;王晓明等;《电子设计工程》;20200131;第28卷(第02期);第73-77页 *

Also Published As

Publication number Publication date
CN112073369A (en) 2020-12-11

Similar Documents

Publication Publication Date Title
US8868912B2 (en) Method and apparatus for establishing a security association
US7016499B2 (en) Secure ephemeral decryptability
CN107888560B (en) Mail safe transmission system and method for mobile intelligent terminal
EP2803165B1 (en) System and method of lawful access to secure communications
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
JP2003503901A (en) User information security apparatus and method in mobile communication system in Internet environment
CN110493367B (en) Address-free IPv6 non-public server, client and communication method
US20130067227A1 (en) System and Method for Anonymous Digital Communication
CN112702332B (en) Chain key exchange method, client, server and system
CN112073369B (en) Encrypted communication method based on application layer
JPH0969831A (en) Cipher communication system
CN112073370B (en) Client encryption communication method
CN112367316B (en) Encryption communication method
CN115225389A (en) Communication encryption method, device, equipment and storage medium
CN115150076A (en) Encryption system and method based on quantum random number
CN112291196B (en) End-to-end encryption method and system suitable for instant messaging
CN114172694A (en) E-mail encryption and decryption method, system and storage medium
US11362812B2 (en) Method of end to end securing of a communication
CN114978564B (en) Data transmission method and device based on multiple encryption
US20230292111A1 (en) Method for managing identity by a transmitting entity in a 3gpp mcs network
Pérez Working from Home and Data Protection
CN101123504A (en) Certification method for communication terminal and response source
CN115567226A (en) Binary end-to-end encryption method based on session communication
JP2005142719A (en) System, method, and program for message verification
Breuch Web Key Directory and other key exchange methods for OpenPGP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant