CN112073370A - Client encryption communication method - Google Patents

Client encryption communication method Download PDF

Info

Publication number
CN112073370A
CN112073370A CN202010743932.0A CN202010743932A CN112073370A CN 112073370 A CN112073370 A CN 112073370A CN 202010743932 A CN202010743932 A CN 202010743932A CN 112073370 A CN112073370 A CN 112073370A
Authority
CN
China
Prior art keywords
data
head
virtual
client
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010743932.0A
Other languages
Chinese (zh)
Inventor
钱伟
胡遨洋
朱重希
花志伟
刘书涵
徐宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202010743932.0A priority Critical patent/CN112073370A/en
Publication of CN112073370A publication Critical patent/CN112073370A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The invention relates to a client encryption communication method, which comprises a first client information sending encryption method, a second client information receiving decryption method, a second client information reply encryption method and a first client information receiving decryption method, wherein the first client information sending encryption method comprises the following steps: generating a first virtual data head; generating first user data; generating a second virtual data header, and adding the second virtual data header into the first data receiving white list; establishing and storing a first mapping relation table; generating and sending a first ciphertext; generating second user data; and encrypting the data body of the second user data to obtain third user data and transmitting the third user data. The invention has the advantages that: ensuring that the original data header information is not leaked and informing the opposite client of the virtual data header corresponding to the original data header; a hacker can be prevented from intercepting the data header to perform data counterfeiting; the problem that the size of the ciphertext and when to start decryption cannot be determined due to data header encryption is solved.

Description

Client encryption communication method
Technical Field
The invention relates to the technical field of communication safety, in particular to a client encryption communication method.
Background
With the development of computer technology in the 20 th century, network transmission technology has become an important information transfer means in the fields of industry, agriculture, national defense and the like, and gradually starts to enter other various fields of society. As the network gradually permeates the life, work, entertainment and other aspects of people, the information security problem in the network transmission process is becoming a hot spot of people's attention. In order to improve the security of user information in network transmission, network transmission data encryption technology is becoming a research hotspot of people. The current common data encryption technologies include digital signature authentication, personal identity authentication, electronic seal, and the like. Although a relatively secure network data environment can be realized by the methods, the data is stolen, and the website is hacked.
The prior computer network data transmission encryption method is mostly applied to an end-to-end encryption method, and the end-to-end encryption mode is that a ciphertext form is always transmitted from a transmitting end to a receiving end in the data transmission process. Therefore, the data transmission can be protected in the whole process. In the wireless network data encryption transmission, user data of an application layer is generally encrypted. The user data of the application layer comprises two parts, namely a data header and a data body, wherein the data header contains some important information related to the data body, such as version number, data length, data type and the like. At present, when user data is encrypted, only a data body is encrypted, and a data head containing some important information related to the data is not encrypted. At this time, if a hacking attack or an illegal action such as field tampering occurs, the hacker can intercept or modify some important information related to the user data. For example, in the case that the data header is not encrypted, if a hacker intercepts information in the data header at this time, it may send some spam information having the same data header as the normal data body to the receiving end, and occupy data transmission resources to cause service failure. If the data header is encrypted, the receiving party cannot determine the data length of the data volume, cannot determine the size of the ciphertext, and cannot determine when to start decryption.
Disclosure of Invention
The invention mainly solves the problem that a hacker can influence service by intercepting a data head and can communicate service if the data head is encrypted by the existing encryption scheme because the data body is only encrypted but not encrypted, and provides an encryption communication method based on an application layer, which can change the virtual data head in real time by setting the virtual data head.
The technical scheme adopted by the invention for solving the technical problem is that the client side encryption communication method is used for mutual communication between a first client side and a second client side, and comprises a first client side first information sending encryption method, a second client side first information receiving decryption method, a second client side information reply encryption method and a first client side first information receiving decryption method, wherein the first client side first information sending encryption method comprises the following steps:
s01: generating a first virtual data head;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body, wherein the original data head is an actual data head of the client;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head;
s05: encrypting a data head and a data body of first user data to generate a first ciphertext;
s06: sending a first ciphertext by using a UDP protocol;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: and encrypting the data body of the second user data to obtain third user data and transmitting the third user data.
When communication is established, the original data head and the virtual data head information of the opposite side are informed firstly, then the communication is carried out by the virtual data head, and each virtual data head is used only once, so that a hacker is prevented from intercepting the data head to attack; and the UDP protocol is adopted to transmit the ciphertext, and the decryption is started after the information is completely received by the second client, so that the problems that the size of the ciphertext cannot be determined and the decryption is started when the data head is encrypted are solved.
As a preferable scheme of the above scheme, the first-time information receiving and decrypting method for the second client includes the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s13: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data head according to the data head of the user data and adding the second virtual data head into a second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
As a preferable scheme of the foregoing scheme, the second client information reply encryption method includes the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and taking the input information of the second client user as a data body;
s22: encrypting the data body of the fourth user data to obtain fifth user data and sending the fifth user data
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
As a preferable scheme of the above scheme, the first-time information receiving and decrypting method of the first client includes the following steps:
s31: screening the received data, and reserving the user data with the data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
As a preferable scheme of the foregoing scheme, the dummy data header includes a version number, a data length, and a data type, where the data length is a length of a data body of the user data formed by the dummy data header, and the version number and the data type are changed according to a preset rule.
As a preferable scheme of the above scheme, during the communication between the first client and the second client, a different data header is used for each user data communication.
As a preferred scheme of the foregoing scheme, after one of the first client and the second client receives the information, the first data receiving white list and the second data receiving white list are the same, and the first mapping relationship table and the second mapping relationship table are the same.
The invention has the advantages that: the original data head and the virtual data head form application data, the application data is encrypted integrally and then sent to the opposite side, and therefore a communication relation is established, information of the original data head is guaranteed not to be leaked, and the client side of the opposite side can be informed of the virtual data head corresponding to the original data head; after the communication relation is established, the virtual data head is adopted for communication and changes along with information transmission, so that a hacker can be prevented from intercepting the data head to perform data counterfeiting; and the UDP protocol is adopted to transmit the ciphertext, and the decryption is started after the information is completely received by the second client, so that the problems that the size of the ciphertext cannot be determined and the decryption is started when the data head is encrypted are solved.
Drawings
Fig. 1 is a flowchart illustrating a first-time information sending encryption method of a first client in an embodiment.
Fig. 2 is a flowchart illustrating a first-time information receiving and decrypting method of the second client in the embodiment.
Fig. 3 is a flowchart illustrating a reply encryption method for a second client message according to an embodiment.
Fig. 4 is a flowchart illustrating a first-time information receiving and decrypting method of the first client in the embodiment.
Detailed Description
The technical solution of the present invention is further described below by way of examples with reference to the accompanying drawings.
Example (b):
the client encryption communication method is used for mutual communication between a first client and a second client, and comprises a first client first information sending encryption method, a second client first information receiving decryption method, a second client information reply encryption method and a first client first information receiving decryption method, wherein the first client first information sending encryption method comprises the following steps as shown in fig. 1:
s01: generating a first virtual data head, wherein the virtual data head comprises a version number, a data length and a data type, the data length is the length of a data body of user data formed by the virtual data head, the version number and the data type are changed according to a preset rule, the same rule is stored in a first client and a second client, namely after the first virtual data head is known, the second virtual data heads generated by the first client and the second client according to the first virtual data head are the same, so that the synchronization of the virtual data heads between the two clients is realized, and a basis is provided for communication between the two clients by adopting the virtual data heads;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head; the original data head corresponding to the virtual data head can be determined through the first mapping relation table, so that the communication data can be conveniently stored;
s05: encrypting a data head and a data body of first user data to generate a first ciphertext;
s06: sending a first ciphertext by using a UDP protocol; the UDP protocol has only two situations at the receiving end during transmission: complete data is received and no data is received. If the data is lost in the transmission process, the transmitting end needs to retransmit, so that the second client can start decryption after receiving the complete data, and the problems that the size of a ciphertext cannot be determined and the decryption is started when the ciphertext cannot be determined due to data header encryption are solved;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: and encrypting the data body of the second user data to obtain third user data and transmitting the third user data.
As shown in fig. 2, the first-time information receiving and decrypting method of the second client includes the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s13: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data head according to the data head of the user data and adding the second virtual data head into a second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
As shown in fig. 3, the second client information reply encryption method includes the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and taking the input information of the second client user as a data body;
s22: encrypting the data body of the fourth user data to obtain fifth user data and sending the fifth user data
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
As shown in fig. 4, the first-time information receiving and decrypting method for the first client includes the following steps:
s31: screening the received data, and reserving the user data with the data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
When the first client communicates with the second client for the first time and immediately sends the next piece of information to the second client, the following steps are executed:
s41: generating user data by taking the second virtual data head as a data head and taking the input information of the first client user as a data body;
s42: encrypting the data body of the user data to obtain the encrypted user data and sending the encrypted user data
S43: generating a third virtual data head according to the second virtual data head;
s44: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s45: and deleting the second virtual data header in the first data receiving white list.
That is, in the communication process between the first client and the second client, different data headers are adopted for each user data communication. For example, after the first communication, the first client continuously sends 5 pieces of information to the second client, the data headers of the 5 pieces of information are sequentially a data header a, a data header b, a data header c, a data header d, and a data header e, the data header b is generated on the basis of the data header a according to a preset rule, the data header c is generated on the basis of the data header b according to a preset rule, and so on. And after receiving the information, the second client also generates a next data header according to the data header of the information so as to receive the next piece of information of the first client or send the information to the first client.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.

Claims (7)

1. A client encryption communication method is used for mutual communication between a first client and a second client, and is characterized in that: the method comprises a first client side first information sending encryption method, a second client side first information receiving decryption method, a second client side information reply encryption method and a first client side first information receiving decryption method, wherein the first client side first information sending encryption method comprises the following steps:
s01: generating a first virtual data head;
s02: generating first user data by taking the original data head as a data head and taking the first virtual data head as a data body;
s03: generating a second virtual data head according to the first virtual data head, and adding the second virtual data head into the first data receiving white list;
s04: establishing and storing a first mapping relation table of the original data head and the first virtual data head and the second virtual data head;
s05: encrypting a data head and a data body of first user data to generate a first ciphertext;
s06: sending a first ciphertext by using a UDP protocol;
s07: generating second user data by taking the first virtual data head as a data head and taking data input by the user data as a data body;
s08: and encrypting the data body of the second user data to obtain third user data and transmitting the third user data.
2. The encryption communication method based on the application layer as claimed in claim 1, wherein: the first-time information receiving and decrypting method for the second client comprises the following steps:
s11: screening the received data, and reserving a first type of user data of which the data head and the data body are ciphertexts;
s12: decrypting the first type of user data to obtain an original data head and a first virtual data head;
s13: establishing a second mapping relation table of the original data head and the first virtual data head and storing the second mapping relation table;
s14: adding the first virtual data head into a second data receiving white list, and waiting for receiving user data of which the data head is the first virtual data head;
s13: after receiving user data with a data head as a first virtual data head, decrypting a data body of the user data;
s16: generating a second virtual data head according to the data head of the user data and adding the second virtual data head into a second mapping relation table;
s17: and adding the second virtual data header into a second data receiving white list.
3. The encryption communication method based on the application layer as claimed in claim 2, wherein: the second client information reply encryption method comprises the following steps:
s21: generating fourth user data by taking the second virtual data head as a data head and taking the input information of the second client user as a data body;
s22: encrypting the data body of the fourth user data to obtain fifth user data and sending the fifth user data
S23: generating a third virtual data head according to the second virtual data head;
s24: adding a third virtual data header into the second mapping relation table and the second data receiving white list;
s25: and deleting the second virtual data header in the second data receiving white list.
4. The encryption communication method based on the application layer as claimed in claim 3, wherein: the first-time information receiving and decrypting method for the first client comprises the following steps:
s31: screening the received data, and reserving the user data with the data head as a second virtual data head;
s32: decrypting the data body of the user data;
s33: generating a third virtual data head according to the second virtual data head;
s34: adding a third virtual data header into the first mapping relation table and the first data receiving white list;
s35: and deleting the second virtual data header in the first data receiving white list.
5. An application layer based encryption communication method according to claim 1, 2, 3 or 4, characterized in that: the virtual data head comprises a version number, a data length and a data type, wherein the data length is the length of a data body of user data formed by the virtual data head, and the version number and the data type are changed according to a preset rule.
6. The encryption communication method based on the application layer as claimed in claim 1, wherein: in the communication process of the first client and the second client, different data heads are adopted for each user data communication.
7. An application layer based encryption communication method according to any one of claims 2, 3 or 4, characterized by: after one of the first client and the second client receives the information, the first data receiving white list is the same as the second data receiving white list, and the first mapping relation table is the same as the second mapping relation table.
CN202010743932.0A 2020-07-29 2020-07-29 Client encryption communication method Pending CN112073370A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010743932.0A CN112073370A (en) 2020-07-29 2020-07-29 Client encryption communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010743932.0A CN112073370A (en) 2020-07-29 2020-07-29 Client encryption communication method

Publications (1)

Publication Number Publication Date
CN112073370A true CN112073370A (en) 2020-12-11

Family

ID=73657623

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010743932.0A Pending CN112073370A (en) 2020-07-29 2020-07-29 Client encryption communication method

Country Status (1)

Country Link
CN (1) CN112073370A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153705A1 (en) * 2006-08-11 2010-06-17 Panasonic Corporation Encryption device, decryption device, encryption method, and decryption method
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN108712236A (en) * 2018-07-06 2018-10-26 北京比特大陆科技有限公司 A kind of information processing method, device and electronic equipment
CN109379380A (en) * 2018-12-06 2019-02-22 联想图像(天津)科技有限公司 Data transmission method, data receiver method and remote printing system, mobile terminal
CN110995639A (en) * 2019-08-30 2020-04-10 深圳精匠云创科技有限公司 Data transmission method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153705A1 (en) * 2006-08-11 2010-06-17 Panasonic Corporation Encryption device, decryption device, encryption method, and decryption method
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN108712236A (en) * 2018-07-06 2018-10-26 北京比特大陆科技有限公司 A kind of information processing method, device and electronic equipment
CN109379380A (en) * 2018-12-06 2019-02-22 联想图像(天津)科技有限公司 Data transmission method, data receiver method and remote printing system, mobile terminal
CN110995639A (en) * 2019-08-30 2020-04-10 深圳精匠云创科技有限公司 Data transmission method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王晓明等: "一种无线网络数据传输加密协议的设计", 《电子设计工程》 *

Similar Documents

Publication Publication Date Title
US10313135B2 (en) Secure instant messaging system
US8868912B2 (en) Method and apparatus for establishing a security association
US7016499B2 (en) Secure ephemeral decryptability
EP2335391B1 (en) Key management in a communication network
US10084760B2 (en) Secure messages for internet of things devices
US9083509B2 (en) System and method of lawful access to secure communications
US8683194B2 (en) Method and devices for secure communications in a telecommunications network
CN108206739A (en) Key generation method and device
CN112073369B (en) Encrypted communication method based on application layer
CN112073370A (en) Client encryption communication method
JPH0969831A (en) Cipher communication system
CN112367316A (en) Encryption communication method
US11362812B2 (en) Method of end to end securing of a communication
CN107431690B (en) Method for communication of electronic communication system in open environment
CN104901932A (en) Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology
KR100542127B1 (en) Security Communication Method
CN114172694A (en) E-mail encryption and decryption method, system and storage medium
JP2005142719A (en) System, method, and program for message verification
Buchberger Adopting the Noise key exchange in Tox
CN101123504A (en) Certification method for communication terminal and response source
JP2006081225A (en) Communications system and contents-certified site apparatus to conduct contents certification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination