CN112769789B - Encryption communication method and system - Google Patents

Encryption communication method and system Download PDF

Info

Publication number
CN112769789B
CN112769789B CN202011610365.8A CN202011610365A CN112769789B CN 112769789 B CN112769789 B CN 112769789B CN 202011610365 A CN202011610365 A CN 202011610365A CN 112769789 B CN112769789 B CN 112769789B
Authority
CN
China
Prior art keywords
communication
hash value
controller
equipment
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011610365.8A
Other languages
Chinese (zh)
Other versions
CN112769789A (en
Inventor
田静伟
姚竞聪
张万萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202011610365.8A priority Critical patent/CN112769789B/en
Publication of CN112769789A publication Critical patent/CN112769789A/en
Application granted granted Critical
Publication of CN112769789B publication Critical patent/CN112769789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Abstract

The embodiment of the application provides an encryption communication method and system, which relate to the technical field of communication, and the encryption communication method comprises the following steps: calculating according to the equipment identification code, the equipment public key and a verification key prestored in the communication equipment to obtain a first hash value; sending the first hash value to a controller so that the controller judges whether the identity of the communication equipment is legal or not according to the first hash value, and sending encrypted information and a second hash value to the communication equipment when the identity is legal; receiving encryption information and a second hash value; the encrypted information is obtained by encrypting the communication key, and the second hash value is obtained by calculating according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information; judging whether the encrypted information is valid according to the second hash value; when the encrypted information is valid, decrypting the encrypted information to obtain a communication key; and carrying out symmetric encrypted communication with the controller according to the communication key. Thus, the implementation of the embodiment can improve the communication safety.

Description

Encryption communication method and system
Technical Field
The present application relates to the field of communications technologies, and in particular, to an encryption communication method and system.
Background
With the rapid development of network technology, more and more communication means appear in front of people. However, in practice, it is found that certain communication security risks are generated in the using process of any communication means, and thus problems such as "information leakage", "virus intrusion", and "malicious attack" are easily caused in the communication process, so that the communication security is greatly reduced.
Disclosure of Invention
An object of the embodiments of the present application is to provide an encrypted communication method and system, which can improve communication security.
A first aspect of an embodiment of the present application provides an encryption communication method, where the encryption communication method is applied to a communication device, and the method includes:
calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification key prestored by the communication equipment to obtain a first hash value;
sending the first hash value to a controller so that the controller judges whether the identity of the communication equipment is legal or not according to the first hash value, and sending encryption information and a second hash value to the communication equipment when the identity of the communication equipment is legal;
receiving the encryption information and the second hash value; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculating according to the equipment identification code, a controller public key of the controller, the verification key and the encrypted information;
judging whether the encrypted information is valid according to the second hash value;
when the encrypted information is valid, decrypting the encrypted information to obtain the communication key;
and carrying out symmetric encrypted communication with the controller according to the communication key.
In the implementation process, the communication device may perform comprehensive calculation on the device id of the communication device, the device public key, and the same verification key obtained simultaneously with the controller to obtain hash 1; the hash1 is then sent to the controller, so that the controller can determine whether the hash1 matches the calculation result by calculation, and confirm that the identity of the communication device is legal when the hash1 matches the calculation result, so that the communication key can be exchanged by using the hash authentication method, and the communication device can use the communication key to communicate data with the controller. Therefore, by implementing the implementation mode, the controller can complete the authentication of the communication equipment through the method of the hash value authentication, and meanwhile, the controller can send the communication key to the communication equipment through the method of the hash value authentication, so that the transmission safety of the communication key is ensured, and further, the data interaction can be carried out through the communication key to ensure the safety of the subsequent communication.
Further, the step of sending the first hash value to a controller, so that the controller determines whether the identity of the communication device is legal according to the first hash value, and sending encryption information and a second hash value to the communication device when the identity of the communication device is legal includes:
sending request information including the equipment identification code, the equipment public key and the first hash value to a controller, so that the controller judges whether the identity of the communication equipment is legal or not according to the equipment identification code, the equipment public key, the first hash value and the verification key prestored by the controller, wherein the request information includes the equipment identification code, the equipment public key, the first hash value and the verification key, and sending encryption information and a second hash value to the communication equipment when the identity of the communication equipment is legal.
In the implementation process, the communication device can send the device id, the device public key and the first hash value to the controller, so that the controller performs hash value calculation according to the device id, the device public key and the verification key stored by the controller, and when the calculated hash value is equal to the first hash value, the identity of the communication device is determined to be legal, thereby determining that the controller can communicate with the communication device, and further avoiding triggering illegal communication and non-compliant communication.
Further, the step of determining whether the encryption information is valid according to the second hash value includes:
calculating according to the equipment identification code, the controller public key, the verification key prestored in the communication equipment and the encryption information to obtain a fourth hash value;
judging whether the second hash value and the fourth hash value are the same;
and when the second hash value and the fourth hash value are the same, determining that the encryption information is valid.
In the implementation process, the communication device may perform hash value calculation according to the device id, the controller public key, the verification key, and the encryption information to determine whether the calculated hash value is the same as the fourth hash value, and if the calculated hash value is the same as the fourth hash value, the verification key is the same, so that the encryption information sent by the controller is determined, and the encryption information is determined to be valid.
Further, when the encrypted information is valid, the step of decrypting the encrypted information to obtain the communication key includes:
and when the encrypted information is valid, decrypting the encrypted information according to the equipment secret key of the communication equipment and the controller public key to obtain the communication secret key.
In the implementation process, the communication device can perform double decryption on the encrypted information by using the device key and the public key of the controller when the encrypted information is valid, so that the communication key sent to the communication device by the controller is obtained, and further, the communication device and the controller can communicate by using the communication key, thereby achieving the effect of improving the communication security.
A second aspect of the embodiments of the present application provides an encrypted communication method, where the encrypted communication method is applied to a controller, and the method includes:
receiving a first hash value sent by communication equipment, wherein the first hash value is obtained by calculation according to an equipment identification code of the communication equipment, an equipment public key of the communication equipment and a verification key prestored by the communication equipment;
judging whether the identity of the communication equipment is legal or not according to the first hash value;
when the identity of the communication equipment is legal, sending encryption information and a second hash value to the communication equipment; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculation according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information.
In the implementation process, the controller may receive the first hash value sent by the communication device, determine whether the two hash values are the same through the calculated hash values, determine that the identity of the communication device is legal if the two hash values are the same, and send the encrypted information and the second hash value to the communication device, where the method defaults that the communication device knows the public key of the controller. Therefore, by implementing the implementation mode, the controller can preferentially determine whether the identity of the communication equipment is legal or not, encrypt the communication key to obtain the encrypted information when the identity of the communication equipment is legal, then calculate the second hash value, and finally simultaneously send the encrypted information and the second hash value to the communication equipment, so that the communication equipment can authenticate the controller and obtain the communication key after the authentication is successful, thereby ensuring that the communication key is sent to the specific communication equipment by the appointed controller, further improving the communication reliability, and enabling the communication equipment to use the communication key and the controller to perform subsequent communication interaction.
Further, the step of judging whether the identity of the communication device is legal according to the first hash value includes:
calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and the verification key prestored by the controller to obtain a third hash value;
judging whether the first hash value and the third hash value are the same;
and when the first hash value and the third hash value are the same, determining that the identity of the communication equipment is legal.
In the implementation process, the controller may calculate to obtain a third hash value according to the device id, the device public key, and the pre-stored verification key, and determine whether the third hash value is the same as the first hash value, and if the third hash value is the same as the first hash value, determine that the communication device is a legal device, so that the controller may transmit the communication key to the communication device.
Further, when the identity of the communication device is legal, the step of sending the encryption information and the second hash value to the communication device includes:
when the identity of the communication equipment is legal, encrypting the communication key according to an equipment public key of the communication equipment and a controller private key of the controller to obtain encrypted information;
and sending the encryption information and the second hash value to the communication equipment.
In the implementation process, the controller can encrypt the communication key by using the device public key and the controller private key, so that the communication device must decrypt by using the controller public key and the device private key after receiving the encrypted information, thereby ensuring the transmission security of the encrypted information; in addition, the transmission of the second hash value enables the communication device to determine that the encrypted information is sent by the controller, thereby further improving the security of the communication.
A third aspect of embodiments of the present application provides an encrypted communication system including a communication device and a controller, wherein,
the communication equipment is used for calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification key prestored by the communication equipment to obtain a first hash value;
the communication device is further configured to send the first hash value to the controller;
the controller is configured to receive a first hash value sent by the communication device, where the first hash value is obtained by calculation according to a device identifier of the communication device, a device public key of the communication device, and a verification key pre-stored in the communication device;
the controller is further configured to determine whether the identity of the communication device is legal according to the first hash value;
the controller is further configured to send encryption information and a second hash value to the communication device when the identity of the communication device is legal; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculating according to the equipment identification code, a controller public key of the controller, the verification key and the encrypted information;
the communication device is further configured to receive the encryption information and the second hash value;
the communication device is further configured to determine whether the encrypted information is valid according to the second hash value;
the communication device is further configured to decrypt the encrypted information to obtain the communication key when the encrypted information is valid;
the communication device is further configured to perform symmetric encrypted communication with the controller according to the communication key.
In the implementation process, the communication equipment can perform double-end authentication and communication key transmission with the controller, wherein the double-end authentication uses two times of hash calculation to improve the communication security; meanwhile, the encrypted transmission of the communication key can improve the transmission security of the communication key, so that the controller cannot send the communication key to the wrong equipment, and the wrong equipment cannot acquire the communication key, thereby improving the security of communication in multiple aspects and providing a safer communication basis for subsequent communication.
A fourth aspect of the embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the encryption communication method described in any one of the first aspect of the embodiments of the present application.
A fifth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions perform the encrypted communication method according to any one of the first aspect of the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of an encrypted communication method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another encrypted communication method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another encrypted communication method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of another encrypted communication method provided in an embodiment of the present application;
fig. 5 is a system diagram of an encrypted communication system according to an embodiment of the present application;
fig. 6 is a schematic flowchart of an example encrypted communication method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a flowchart illustrating an encrypted communication method according to an embodiment of the present application. The encryption communication method is applied to communication equipment, wherein the encryption communication method comprises the following steps:
s101, calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification secret key prestored by the communication equipment to obtain a first hash value.
In this embodiment, the encryption communication method may be applied to an encryption communication system including a controller and a communication device. Wherein the controller may control the communication device.
In this embodiment, the controller may store a same authentication key in advance at the same time as the communication device, and in this embodiment, the authentication key may be key a.
In this embodiment, both the controller and the pass device pre-copy an identical key a via a physical access means (readable storage medium).
In this embodiment, the device identification code may be understood as a device id (psn) of the communication device.
In this embodiment, the communication device corresponds to a device public key and a device private key.
In this embodiment, the first hash value may be obtained by calculating a device id, a device public key, and a secret key a. Wherein the first hash value may be represented by a hash1 (device id, device public key, key a).
In this embodiment, the method may use the device id as a verification parameter to participate in the calculation of the hash value.
In this embodiment, after detecting that the controller is started, the method performs calculation according to the device identifier of the communication device, the device public key of the communication device, and the verification key pre-stored in the communication device, so as to obtain the first hash value.
S102, sending the first hash value to the controller so that the controller can judge whether the identity of the communication equipment is legal or not according to the first hash value, and sending the encrypted information and the second hash value to the communication equipment when the identity of the communication equipment is legal.
In this embodiment, the method may send the first hash value to the controller.
In this embodiment, the method may send the device identification code and the device public key to the controller while sending the first hash value.
S103, receiving the encryption information and a second hash value; the encrypted information is obtained by encrypting the communication key, and the second hash value is obtained by calculating according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information.
S104, judging whether the encrypted information is valid according to the second hash value, if so, executing the steps S105-S106; if not, the flow is ended.
S105, the encrypted information is decrypted to obtain the communication key.
And S106, carrying out symmetric encryption communication with the controller according to the communication key.
In the embodiment of the present application, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
It can be seen that, by implementing the encryption communication method described in this embodiment, the device id of the user, the device public key, and the same verification key obtained simultaneously with the controller can be comprehensively calculated to obtain a hash 1; and then the hash1 is sent to the controller, so that the controller judges whether the hash1 is in accordance with the calculation result through calculation, and confirms that the identity of the communication device is legal when the hash1 is in accordance with the calculation result, so that the communication key is exchanged by using a hash value authentication method, and the communication device can use the communication key to perform data communication with the controller. Therefore, by implementing the implementation mode, the controller can complete the authentication of the communication equipment through the method of the hash value authentication, and meanwhile, the controller can send the communication key to the communication equipment through the method of the hash value authentication, so that the transmission safety of the communication key is ensured, and further, the data interaction can be carried out through the communication key to ensure the safety of the subsequent communication.
Example 2
Referring to fig. 2, fig. 2 is a schematic flowchart of an encrypted communication method according to an embodiment of the present application. As shown in fig. 2, the encryption communication method is also applied to a communication apparatus, wherein the encryption communication method includes:
s201, calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification secret key prestored in the communication equipment to obtain a first hash value.
S202, sending request information comprising the equipment identification code, the equipment public key and the first hash value to the controller, enabling the controller to judge whether the identity of the communication equipment is legal or not according to the equipment identification code, the equipment public key, the first hash value and a verification key prestored by the controller, and sending encryption information and the second hash value to the communication equipment when the identity of the communication equipment is legal.
S203, receiving the encrypted information and a second hash value; the encrypted information is obtained by encrypting the communication key, and the second hash value is obtained by calculating according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information.
In this embodiment, the second hash value (hash2) may be calculated by the device id, the controller public key, the key a copied in advance, and the key B of the encrypted signature.
And S204, calculating according to the equipment identification code, the controller public key, the verification key prestored in the communication equipment and the encryption information to obtain a fourth hash value.
In this embodiment, the communication device calculates the fourth hash value according to the device id, the controller public key, the key a, and the key B of the encryption signature.
S205, judging whether the second hash value and the fourth hash value are the same, if so, executing the steps S206-S207; if not, the flow is ended.
In this embodiment, the method compares the calculated fourth hash value with the second hash value transmitted by the controller, and executes subsequent decryption operation when the fourth hash value is the same as the second hash value, and refuses to continue communication when the fourth hash value is different from the second hash value.
S206, the encrypted information is decrypted according to the device key and the controller public key of the communication device to obtain the communication key.
In this embodiment, the method may decrypt the encrypted and signed key B using the controller public key and the device private key.
In the embodiment, if the decryption is successful, the decryption key B is considered to be legal, communication is established between the communication equipment and the controller, and then the symmetric encryption communication is carried out by using the key B; otherwise, the request is rejected and the communication is terminated.
And S207, carrying out symmetric encryption communication with the controller according to the communication key.
In this embodiment, the method can ensure the validity of the public key sent by the other party through the pre-shared key a, thereby ensuring the reliability of the identity of the other party. Meanwhile, the same secret key A copied by the communication equipment and the controller before communication can ensure that the hash value cannot be replaced, so that the communication equipment or the controller cannot pass the verification of the hash value under the condition that an attacker replaces the public key, and further cannot establish a communication link. It can be seen that implementing such an embodiment can greatly enhance the security of enterprise devices.
It can be seen that, with the encryption communication method described in this embodiment, the controller can complete authentication of the communication device through the hash value authentication method, and meanwhile, the controller can send the communication key to the communication device through the hash value authentication method, so that security of communication key transmission is ensured, and further, security of subsequent communication can be ensured by performing data interaction through the communication key.
Example 3
Referring to fig. 3, fig. 3 is a flow chart illustrating an encrypted communication method according to an embodiment of the present application. The encryption communication method is applied to a controller, wherein the encryption communication method comprises the following steps:
s301, receiving a first hash value sent by the communication device, wherein the first hash value is obtained by calculation according to the device identification code of the communication device, the device public key of the communication device and a verification key prestored by the communication device.
S302, judging whether the identity of the communication equipment is legal or not according to the first hash value, if so, executing a step S303; if not, the flow is ended.
S303, sending the encrypted information and the second hash value to the communication equipment; the encrypted information is obtained by encrypting the communication key, and the second hash value is obtained by calculating according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information.
In the embodiment of the present application, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
It can be seen that, in implementing the encryption communication method described in this embodiment, the first hash value sent by the communication device can be received, and whether the two hash values are the same is determined by the calculated hash value, if the two hash values are the same, the identity of the communication device is determined to be legal, and then the encryption information and the second hash value are sent to the communication device, where the method defaults that the communication device knows the public key of the controller. Therefore, by implementing the implementation mode, the controller can preferentially determine whether the identity of the communication equipment is legal or not, encrypt the communication key to obtain the encrypted information when the identity of the communication equipment is legal, then calculate the second hash value, and finally simultaneously send the encrypted information and the second hash value to the communication equipment, so that the communication equipment can authenticate the controller and obtain the communication key after the authentication is successful, thereby ensuring that the communication key is sent to the specific communication equipment by the appointed controller, further improving the communication reliability, and enabling the communication equipment to use the communication key and the controller to perform subsequent communication interaction.
Example 4
Referring to fig. 4, fig. 4 is a flowchart illustrating an encrypted communication method according to an embodiment of the present application. As shown in fig. 4, the encryption communication method is also applied to the controller, wherein the encryption communication method includes:
s401, receiving a first hash value sent by the communication equipment, wherein the first hash value is obtained by calculation according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification key prestored by the communication equipment.
S402, calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification secret key prestored by the controller to obtain a third hash value.
In this embodiment, after receiving the first hash value, the controller calculates according to the device id, the device public key, and a secret key a pre-stored in the controller, to obtain a third hash value.
S403, judging whether the first hash value and the third hash value are the same, if so, executing steps S404-S405; if not, the flow is ended.
In this embodiment, when the first hash value and the third hash value are the same, the controller considers that the communication device is legitimate, and performs subsequent operations; otherwise, the communication equipment is considered to be illegal, and the communication is terminated.
In this embodiment, whether or not the communication device is legitimate is used to indicate whether or not the communication device is a controlled device under the control of the controller. It will be appreciated that legitimate communication devices have a pre-set matching relationship with the controller.
S404, encrypting the communication key according to the device public key of the communication device and the controller private key of the controller to obtain encrypted information.
In this embodiment, the controller may encrypt the communication key (key B) using the device public key, and then sign the communication key using the controller private key to obtain encrypted information.
In this embodiment, the controller may perform calculation according to the device ID, the controller public key, the key a, and the above encryption information to obtain a hash2 (the device ID, the controller public key, the key a, and the encrypted and signed key B).
S405, sending the encryption information and the second hash value to the communication equipment; the second hash value is obtained by calculation according to the equipment identification code, the controller public key of the controller, the verification key and the encryption information.
In this embodiment, the controller may send the key B carrying the encryption and signature, the second hash value, the device id, and the controller public key to the communication device.
It can be seen that, by implementing the encryption communication method described in this embodiment, the controller can preferentially determine whether the identity of the communication device is legal, encrypt the communication key to obtain the encrypted information when the identity of the communication device is legal, then calculate the second hash value, and finally send the encrypted information and the second hash value to the communication device at the same time, so that the communication device can authenticate the controller, and obtain the communication key after successful authentication, thereby ensuring that the communication key is sent to a specific communication device by a designated controller, and further improving communication reliability, so that the communication device can use the communication key and the controller to perform subsequent communication interaction.
Example 5
Referring to fig. 5, fig. 5 is a schematic structural diagram of an encryption communication system according to an embodiment of the present application. As shown in fig. 5, the encryption communication system includes a communication apparatus 500 and a controller 600, wherein,
the communication device 500 is configured to perform calculation according to the device identifier of the communication device 500, the device public key of the communication device 500, and a verification key pre-stored in the communication device 500 to obtain a first hash value;
the communication device 500, further configured to send the first hash value to the controller 600;
the controller 600 is configured to receive a first hash value sent by the communication device 500, where the first hash value is obtained by calculation according to the device identifier of the communication device 500, the device public key of the communication device 500, and a verification key pre-stored in the communication device 500;
the controller 600 is further configured to determine whether the identity of the communication device 500 is legal according to the first hash value;
the controller 600 is further configured to send the encrypted information and the second hash value to the communication device 500 when the identity of the communication device 500 is legal; the encrypted information is obtained by encrypting the communication key, and the second hash value is obtained by calculating according to the equipment identification code, the controller 600 public key of the controller 600, the verification key and the encrypted information;
the communication device 500 is further configured to receive the encryption information and the second hash value;
the communication device 500 is further configured to determine whether the encrypted information is valid according to the second hash value;
the communication device 500 is further configured to decrypt the encrypted information to obtain a communication key when the encrypted information is valid;
the communication device 500 is also configured to perform symmetric encrypted communication with the controller 600 according to the communication key.
Referring to fig. 6, fig. 6 is a schematic exemplary flow chart provided in this embodiment, wherein for the explanation of fig. 6, reference may be made to embodiments 1 to 4, and further description in this embodiment is not repeated.
In the embodiment of the present application, for explanation of an encrypted communication system, reference may be made to descriptions in embodiment 1, embodiment 2, embodiment 3, or embodiment 4, and details of this embodiment are not repeated.
It can be seen that, in implementing the encrypted communication system described in this embodiment, it is possible to perform double-end authentication and communication key transmission, where the double-end authentication uses two hash computations to improve communication security; meanwhile, the encrypted transmission of the communication key can improve the transmission safety of the communication key, so that the controller cannot send the communication key to the error equipment, and the error equipment cannot acquire the communication key, thereby improving the safety of communication in multiple aspects and providing a safer communication basis for subsequent communication.
An embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the encryption communication method in any one of embodiment 1 or embodiment 2 of the present application.
An embodiment of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions execute the encryption communication method according to any one of embodiment 1 or embodiment 2 of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. The system embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated to form an independent part.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. An encryption communication method applied to a communication device, the method comprising:
calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification key prestored by the communication equipment to obtain a first hash value;
sending the first hash value to a controller so that the controller judges whether the identity of the communication equipment is legal or not according to the first hash value, and sending encrypted information and a second hash value to the communication equipment when the identity of the communication equipment is legal;
receiving the encryption information and the second hash value; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculating according to the equipment identification code, a controller public key of the controller, the verification key and the encrypted information;
judging whether the encrypted information is valid according to the second hash value;
when the encrypted information is valid, decrypting the encrypted information to obtain the communication key;
and carrying out symmetric encrypted communication with the controller according to the communication key.
2. The encrypted communication method according to claim 1, wherein the step of sending the first hash value to a controller so that the controller judges whether the identity of the communication device is legitimate according to the first hash value, and sending the encrypted information and the second hash value to the communication device when the identity of the communication device is legitimate comprises:
sending request information including the equipment identification code, the equipment public key and the first hash value to a controller, so that the controller judges whether the identity of the communication equipment is legal or not according to the equipment identification code, the equipment public key, the first hash value and the verification key prestored by the controller, wherein the request information includes the equipment identification code, the equipment public key, the first hash value and the verification key, and sending encryption information and a second hash value to the communication equipment when the identity of the communication equipment is legal.
3. The encrypted communication method according to claim 1, wherein the step of determining whether the encryption information is valid based on the second hash value includes:
calculating according to the equipment identification code, the controller public key, the verification key prestored in the communication equipment and the encryption information to obtain a fourth hash value;
judging whether the second hash value and the fourth hash value are the same;
and when the second hash value and the fourth hash value are the same, determining that the encryption information is valid.
4. The encrypted communication method according to claim 1, wherein the step of decrypting the encrypted information to obtain the communication key when the encrypted information is valid comprises:
and when the encrypted information is valid, decrypting the encrypted information according to the equipment key of the communication equipment and the controller public key to obtain the communication key.
5. An encryption communication method applied to a controller, the method comprising:
receiving a first hash value sent by communication equipment, wherein the first hash value is obtained by calculation according to an equipment identification code of the communication equipment, an equipment public key of the communication equipment and a verification key prestored in the communication equipment;
judging whether the identity of the communication equipment is legal or not according to the first hash value;
when the identity of the communication equipment is legal, sending encryption information and a second hash value to the communication equipment; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculation according to the equipment identification code, the controller public key of the controller, the verification key and the encrypted information.
6. The encrypted communication method according to claim 5, wherein the step of determining whether the identity of the communication device is legitimate from the first hash value includes:
calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and the verification key prestored by the controller to obtain a third hash value;
judging whether the first hash value and the third hash value are the same;
and when the first hash value and the third hash value are the same, determining that the identity of the communication equipment is legal.
7. The encrypted communication method according to claim 5, wherein the step of sending the encryption information and the second hash value to the communication device when the identity of the communication device is legitimate comprises:
when the identity of the communication equipment is legal, encrypting the communication key according to an equipment public key of the communication equipment and a controller private key of the controller to obtain encrypted information;
and sending the encryption information and the second hash value to the communication equipment.
8. An encrypted communication system comprising a communication device and a controller, wherein,
the communication equipment is used for calculating according to the equipment identification code of the communication equipment, the equipment public key of the communication equipment and a verification key prestored by the communication equipment to obtain a first hash value;
the communication device is further configured to send the first hash value to the controller;
the controller is configured to receive a first hash value sent by the communication device, where the first hash value is obtained by calculation according to a device identifier of the communication device, a device public key of the communication device, and a verification key pre-stored in the communication device;
the controller is further configured to determine whether the identity of the communication device is legal according to the first hash value;
the controller is further configured to send encryption information and a second hash value to the communication device when the identity of the communication device is legal; the encrypted information is obtained by encrypting a communication key, and the second hash value is obtained by calculating according to the equipment identification code, a controller public key of the controller, the verification key and the encrypted information;
the communication device is further configured to receive the encryption information and the second hash value;
the communication device is further configured to determine whether the encrypted information is valid according to the second hash value;
the communication device is further configured to decrypt the encrypted information to obtain the communication key when the encrypted information is valid;
the communication device is further configured to perform symmetric encrypted communication with the controller according to the communication key.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the cryptographic communication method of any one of claims 1 to 4.
10. A readable storage medium having stored therein computer program instructions which, when read and executed by a processor, perform the encrypted communication method of any one of claims 1 to 4.
CN202011610365.8A 2020-12-29 2020-12-29 Encryption communication method and system Active CN112769789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011610365.8A CN112769789B (en) 2020-12-29 2020-12-29 Encryption communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011610365.8A CN112769789B (en) 2020-12-29 2020-12-29 Encryption communication method and system

Publications (2)

Publication Number Publication Date
CN112769789A CN112769789A (en) 2021-05-07
CN112769789B true CN112769789B (en) 2022-06-24

Family

ID=75696846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011610365.8A Active CN112769789B (en) 2020-12-29 2020-12-29 Encryption communication method and system

Country Status (1)

Country Link
CN (1) CN112769789B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645198B (en) * 2021-07-23 2023-12-26 天津航远信息技术有限公司 Computer network information safety monitoring method
CN113645221A (en) * 2021-08-06 2021-11-12 中国工商银行股份有限公司 Encryption method, device, equipment, storage medium and computer program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040149A (en) * 2018-11-02 2018-12-18 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109067524A (en) * 2018-07-31 2018-12-21 杭州复杂美科技有限公司 A kind of public private key pair generation method and system
CN109150897A (en) * 2018-09-18 2019-01-04 深圳市风云实业有限公司 A kind of communication encrypting method and device end to end
JP2019057867A (en) * 2017-09-22 2019-04-11 mtes Neural Networks株式会社 Encryption communication system
CN110138558A (en) * 2019-05-30 2019-08-16 全链通有限公司 Transmission method, equipment and the computer readable storage medium of session key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019057867A (en) * 2017-09-22 2019-04-11 mtes Neural Networks株式会社 Encryption communication system
CN109067524A (en) * 2018-07-31 2018-12-21 杭州复杂美科技有限公司 A kind of public private key pair generation method and system
CN109150897A (en) * 2018-09-18 2019-01-04 深圳市风云实业有限公司 A kind of communication encrypting method and device end to end
CN109040149A (en) * 2018-11-02 2018-12-18 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN110138558A (en) * 2019-05-30 2019-08-16 全链通有限公司 Transmission method, equipment and the computer readable storage medium of session key

Also Published As

Publication number Publication date
CN112769789A (en) 2021-05-07

Similar Documents

Publication Publication Date Title
AU2021203815B2 (en) Methods for secure cryptogram generation
CN109309565B (en) Security authentication method and device
CN106612180B (en) Method and device for realizing session identification synchronization
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
WO2009140663A1 (en) Mobile device assisted secure computer network communications
CN107733636B (en) Authentication method and authentication system
US20160182230A1 (en) Secure token-based signature schemes using look-up tables
CN109831311B (en) Server verification method, system, user terminal and readable storage medium
CN111130798B (en) Request authentication method and related equipment
CN104753674A (en) Application identity authentication method and device
KR101531662B1 (en) Method and system for mutual authentication between client and server
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN112769789B (en) Encryption communication method and system
CN108768941B (en) Method and device for remotely unlocking safety equipment
JP6533542B2 (en) Secret key replication system, terminal and secret key replication method
CN105873043B (en) Method and system for generating and applying network private key for mobile terminal
KR20160063250A (en) Network authentication method using a card device
CN114745115A (en) Information transmission method and device, computer equipment and storage medium
CN107343276B (en) Method and system for protecting SIM card locking data of terminal
KR102355708B1 (en) Method for processing request based on user authentication using blockchain key and system applying same
CN116633530A (en) Quantum key transmission method, device and system
CN115146284A (en) Data processing method and device, electronic equipment and storage medium
CN109104393B (en) Identity authentication method, device and system
CN108574657B (en) Server access method, device and system, computing equipment and server
CN116912985B (en) Door lock control method, device, system, equipment and medium based on dynamic password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant