CN114006697A - Encrypted communication method and device - Google Patents
Encrypted communication method and device Download PDFInfo
- Publication number
- CN114006697A CN114006697A CN202111637290.7A CN202111637290A CN114006697A CN 114006697 A CN114006697 A CN 114006697A CN 202111637290 A CN202111637290 A CN 202111637290A CN 114006697 A CN114006697 A CN 114006697A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- plaintext
- protocol
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Abstract
The embodiment of the application provides an encryption communication method and device, wherein the method comprises the following steps: initiating a request message of an encryption protocol to a server so that the server sends a response message of the encryption protocol corresponding to the request message, wherein the response message comprises a secret key; receiving the response message, and analyzing the response message to obtain the secret key; acquiring a first plaintext; encrypting the first plaintext by using the key to obtain a first ciphertext; sending the first ciphertext to the server by using a connectionless protocol; and receiving a second ciphertext sent by the server, and decrypting the second ciphertext by using the key to obtain a second plaintext. By implementing the embodiment, the safety of data in the connectionless protocol transmission process can be improved.
Description
Technical Field
The present application relates to the field of communication security technologies, and in particular, to an encryption communication method and apparatus.
Background
Data in network communication is generally transmitted in a specific protocol, and existing protocols generally include a connection-oriented protocol and a connectionless-oriented protocol. Data transmission using a connection-oriented protocol goes through three phases: before data transmission, connection is established first, data is transmitted after the connection is established, and after the data is transmitted, the connection is released. The data transmission using the connectionless-oriented protocol is characterized in that: only the data transfer phase. Overhead other than data communication is eliminated. As long as the sending entity is active, the receiving entity is not needed, and the method has the advantages of flexibility, convenience and rapidness. However, in connectionless data transmission, the confidentiality of data cannot be guaranteed.
Disclosure of Invention
The embodiment of the application aims to provide an encryption communication method and device, which can ensure the confidentiality of a data transmission process by using a connectionless-oriented protocol.
In a first aspect, an embodiment of the present application provides an encrypted communication method, including:
initiating a request message of an encryption protocol to a server so that the server sends a response message of the encryption protocol corresponding to the request message, wherein the response message comprises a secret key;
receiving the response message, and analyzing the response message to obtain the secret key;
acquiring a first plaintext;
encrypting the first plaintext by using the key to obtain a first ciphertext;
sending the first ciphertext to the server by using a connectionless protocol;
and receiving a second ciphertext sent by the server, and decrypting the second ciphertext by using the key to obtain a second plaintext.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
Further, the step of encrypting the plaintext by using the key to obtain a first ciphertext includes:
performing exclusive or operation on the first plaintext and the secret key according to bytes to obtain the first ciphertext;
the step of decrypting the second ciphertext by using the key to obtain a second plaintext includes:
and executing exclusive OR operation on the second ciphertext and the key according to bytes to obtain the second plaintext.
In the implementation process, the plaintext is encrypted by adopting an exclusive-or algorithm, and the exclusive-or algorithm has reversibility, so that the client and the server can decrypt the encrypted data of the other party by using the same key under the condition that the client and the server have the same key.
Further, the encryption protocol includes: one of a hypertext Transfer Protocol over secure Layer (HTTPS Protocol) and a packet Transport Layer Security Protocol (DTLS Protocol).
In the implementation process, the HTTPS protocol and the DTLS protocol are both encryption protocols, and when the above protocols are used for key agreement, even if communication data is intercepted by a third party, the third party cannot acquire a key through the data.
Further, the connectionless protocol comprising a connectionless protocol comprises: user Datagram Protocol (UDP) or Internet Control Message Protocol (ICMP).
In the implementation process, the protocol does not need to establish connection in advance in the transmission process. And the data transmission efficiency is improved.
In a second aspect, an embodiment of the present application provides an encrypted communication method, which is applied to a server, and the method includes:
responding to a request message of an encryption protocol sent by a client, randomly generating a secret key, and generating a response message of the encryption protocol corresponding to the request message according to the secret key;
sending the response message to a client;
receiving a first ciphertext sent by a client;
decrypting the first ciphertext by using the key to obtain a first plaintext;
acquiring a second plaintext;
encrypting the second plaintext by using the key to obtain a second ciphertext;
and transmitting the second ciphertext to the client using a connectionless protocol.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
Further, the step of decrypting the first ciphertext by using the key to obtain a first plaintext includes:
performing exclusive or operation on the first ciphertext and the key according to bytes to obtain a first plaintext;
the step of encrypting the second plaintext by using the key to obtain a second ciphertext comprises:
and executing exclusive OR operation on the second plaintext and the key according to bytes to obtain the second ciphertext.
In the implementation process, the plaintext is encrypted by adopting an exclusive-or algorithm, and the exclusive-or algorithm has reversibility, so that the client and the server can decrypt the encrypted data of the other party by using the same key under the condition that the client and the server have the same key.
Further, the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
In the implementation process, the HTTPS protocol and the DTLS protocol are both encryption protocols, and when the above protocols are used for key agreement, even if communication data is intercepted by a third party, the third party cannot acquire a key through the data.
Further, the connectionless protocol comprising a connectionless protocol comprises: UDP, ICMP.
In the implementation process, the protocol does not need to establish connection in advance in the transmission process, and the data transmission efficiency is improved.
In a third aspect, the present application provides an encrypted communication apparatus for a client, the apparatus comprising:
a first sending module, configured to initiate a request packet of an encryption protocol to a server by a first point, so that the server sends a response packet of the encryption protocol corresponding to the request packet, where the response packet includes a secret key;
the first receiving module is used for receiving the response message and analyzing the response message to obtain the secret key;
the first obtaining module is used for obtaining a first plaintext;
the first encryption module is used for encrypting the first plaintext by using the secret key to obtain a first ciphertext;
the first sending module is further configured to send the first ciphertext to the server using a connectionless protocol;
the first receiving module is further used for receiving a second ciphertext sent by the server;
the device further comprises: and the first decryption module is used for decrypting the second ciphertext by using the key to obtain a second plaintext.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
In a fourth aspect, an embodiment of the present application provides a communication encryption apparatus, which applies a server, and includes:
the generating module is used for responding to a request message of an encryption protocol sent by a client, randomly generating a secret key and generating a response message of the encryption protocol corresponding to the request message according to the secret key;
the second sending module is used for sending the response message to the client;
the second receiving module is used for receiving the first ciphertext sent by the client;
the second decryption module is used for decrypting the first ciphertext by using the key to obtain a first plaintext;
the second obtaining module is used for obtaining a second plaintext;
the second encryption module is used for encrypting the second plaintext by using the secret key to obtain a second ciphertext;
the second sending module is further configured to send the second ciphertext to the client using a connectionless protocol.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the above-described techniques.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of an encrypted communication method according to an embodiment of the present application;
fig. 2 is another schematic flow chart of an encrypted communication method according to an embodiment of the present application;
fig. 3 is another schematic flow chart of an encrypted communication method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an apparatus for encrypted communication according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another encryption communication method apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Data transmission using a connection-oriented protocol goes through three phases: before data transmission, connection is established first, data is transmitted after the connection is established, and after the data is transmitted, the connection is released. Meanwhile, the connection-oriented protocol has high transmission delay and low efficiency. For example, the HTTPS Protocol is based on a Transmission Control Protocol (TCP Protocol), and three handshakes are required for establishing a connection each time, which causes additional overhead. The HTTPS protocol is based on the TCP protocol and generates a large number of retransmissions in a harsh network environment, causing additional overhead and delay. At low bandwidth, high packet loss, high latency connections, the extra round trip required by the large number of HTTPS/TCP connections may slow some speeds or even become unusable. The data transmission using the connectionless-oriented protocol is characterized in that: only the data transfer phase. Overhead other than data communication is eliminated. As long as the sending entity is active, the receiving entity is not needed, and the method has the advantages of flexibility, convenience and rapidness. However, in connectionless data transmission, the confidentiality of data cannot be guaranteed.
Example 1
Referring to fig. 1, an embodiment of the present application provides an encrypted communication method, which is applied to a client, and the method includes:
s11: initiating a request message of an encryption protocol to a server so that the server sends a response message of the encryption protocol corresponding to the request message, wherein the response message comprises a secret key;
s12: receiving a response message, and analyzing the response message to obtain a secret key;
s13: acquiring a first plaintext;
s14: encrypting the first plaintext by using the key to obtain a first ciphertext;
s15: sending the first ciphertext to the server by using a connectionless protocol;
s16: and receiving a second ciphertext sent by the server, and decrypting the second ciphertext by using the key to obtain a second plaintext.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
Further, the step of encrypting the plaintext by using the key to obtain the first ciphertext includes:
executing exclusive or operation on the first plaintext and the key according to bytes to obtain a first ciphertext;
the step of decrypting the second ciphertext by using the key to obtain a second plaintext includes:
and executing exclusive OR operation on the second ciphertext and the key according to bytes to obtain a second plaintext.
In this embodiment, the XOR operation, also called half-add operation, is equivalent to binary addition without carry: if 1 represents true and 0 represents false in binary system, the algorithm of exclusive or is: 0 ≦ 0=0, 1 ≦ 0=1, 0 ≦ 1=1, 1 ≦ 1=0 (both 0 and 1), and these rules are the same as addition except that no carry is present, so exclusive or is often considered as non-carry addition. The exclusive-or operation has an important characteristic: reflexive, i.e. a xor B = a.
In the implementation process, the plaintext is encrypted by adopting an exclusive-or algorithm, and the exclusive-or algorithm has reversibility, so that the client and the server can decrypt the encrypted data of the other party by using the same key under the condition that the client and the server have the same key.
Further, the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
In the implementation process, the HTTPS protocol and the DTLS protocol are both encryption protocols, and when the above protocols are used for key agreement, even if communication data is intercepted by a third party, the third party cannot acquire a key through the data.
Further, the connectionless protocol includes a connectionless protocol comprising: UDP, ICMP.
In the implementation process, the protocol does not need to establish connection in advance in the transmission process, and the data transmission efficiency can be improved.
Example 2
Referring to fig. 2, an embodiment of the present application provides an encrypted communication method, which is applied to a server, and the method includes:
s21: responding to a request message of an encryption protocol sent by a client, randomly generating a secret key, and generating a response message of the encryption protocol corresponding to the request message according to the secret key;
s22: sending the response message to the client;
s23: receiving a first ciphertext sent by a client;
s24: decrypting the first ciphertext by using the key to obtain a first plaintext;
s25: acquiring a second plaintext;
s26: encrypting the second plaintext by using the key to obtain a second ciphertext;
s27: and sending the second ciphertext to the client by using a connectionless protocol.
In the implementation process, an encryption protocol is used for key agreement between the server and the client. Since this process is performed only once during the entire data transmission, even if the encryption protocol needs to establish a connection, the time taken for the entire data transmission is not very long. In the subsequent transmission process, the negotiated secret key is used for encrypting the data to be transmitted, so that the safety of the data can be ensured, and meanwhile, the subsequent data transmission process is used for packaging the data by using a connectionless-oriented protocol, so that the process that a server and a client need to establish connection for many times is reduced, and the efficiency of data transmission is greatly improved. Because the encryption protocol is adopted to carry out the key agreement between the server side and the client side, the data is intercepted by the third party in time in the key agreement process, the third party can not obtain the key, and the subsequent data content transmitted by utilizing the connectionless-oriented protocol can not be further obtained. Based on the above embodiment, the application can improve the data security in the process of carrying out data transmission by using the connectionless-oriented protocol.
Further, the step of decrypting the first ciphertext by using the key to obtain the first plaintext includes:
executing exclusive or operation on the first ciphertext and the key according to bytes to obtain a first plaintext;
the step of encrypting the second plaintext by using the key to obtain a second ciphertext comprises the following steps:
and executing exclusive OR operation on the second plaintext and the key according to bytes to obtain a second ciphertext.
In the implementation process, the plaintext is encrypted by adopting an exclusive-or algorithm, and the exclusive-or algorithm has reversibility, so that the client and the server can decrypt the encrypted data of the other party by using the same key under the condition that the client and the server have the same key.
Further, the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
In the implementation process, the HTTPS protocol and the DTLS protocol are both encryption protocols, and when the above protocols are used for key agreement, even if communication data is intercepted by a third party, the third party cannot acquire a key through the data.
Further, the connectionless protocol includes a connectionless protocol comprising: UDP, ICMP.
In the implementation process, the protocol does not need to establish connection in advance in the transmission process. And the data transmission efficiency is improved.
Example 3
Referring to fig. 3, an embodiment of the present application provides a server and a client encryption communication process, including:
s301: a client initiates a request message of an encryption protocol;
s302: the server side responds to a request message of an encryption protocol sent by the client side, randomly generates a secret key, and generates a response message of the encryption protocol corresponding to the request message according to the secret key;
s303: the server side sends the response message to the client side;
s304: the client receives the response message, and analyzes the response message to obtain a secret key;
s305: a client acquires a first plaintext;
s306: the client encrypts a first plaintext by using the key to obtain a first ciphertext;
s307: the client sends the first ciphertext to the server by using a connectionless protocol;
s308: the server receives a first ciphertext sent by the client;
s309: the server decrypts the first ciphertext by using the key to obtain a first plaintext;
s310: the server side obtains a second plaintext;
s311: the server side encrypts a second plaintext by using the key to obtain a second ciphertext;
s312: the server side sends the second ciphertext to the client side by using a connectionless protocol;
s313: and the client receives the second ciphertext sent by the server, and decrypts the second ciphertext by using the key to obtain a second plaintext.
Example 4
Referring to fig. 4, an embodiment of the present application provides an encrypted communication apparatus, which is applied to a client, and includes:
a first sending module 11, configured to initiate a request message of an encryption protocol to a server by a first point, so that the server sends a response message of the encryption protocol corresponding to the request message, where the response message includes a secret key;
the first receiving module 12 is configured to receive the response message, and analyze the response message to obtain a secret key;
a first obtaining module 13, configured to obtain a first plaintext;
the first encryption module 14 is configured to encrypt a first plaintext by using a key to obtain a first ciphertext;
the first sending module 11 is further configured to send the first ciphertext to the server by using a connectionless protocol;
the first receiving module 12 is further configured to receive a second ciphertext sent by the server;
the device still includes: and the first decryption module 15 is configured to decrypt the second ciphertext with the key to obtain a second plaintext.
In a possible implementation manner, the first encryption module 14 is further configured to perform an exclusive or operation on the first plaintext and the key according to bytes to obtain a first ciphertext; and executing exclusive OR operation on the second ciphertext and the key according to bytes to obtain a second plaintext. In one possible embodiment, the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol. In one possible embodiment, the connectionless protocol comprises a connectionless protocol comprising: UDP, ICMP.
Example 5
Referring to fig. 5, an encrypted communication apparatus provided in an embodiment of the present application is applied to a server, and includes:
a generating module 20, configured to randomly generate a secret key in response to a request message of an encryption protocol sent by a client, and generate a response message of the encryption protocol corresponding to the request message according to the secret key;
a second sending module 21, configured to send the response packet to the client;
the second receiving module 22 is configured to receive a first ciphertext sent by the client;
the second decryption module 25 is configured to decrypt the first ciphertext with the key to obtain a first plaintext;
a second obtaining module 23, configured to obtain a second plaintext;
the second encryption module 24 is configured to encrypt a second plaintext by using the key to obtain a second ciphertext;
the second sending module 21 is further configured to send the second ciphertext to the client using a connectionless protocol.
In a possible implementation manner, the second encryption module 24 is further configured to perform an exclusive or operation on the first ciphertext and the key according to bytes to obtain a first plaintext; and executing exclusive OR operation on the second plaintext and the key according to bytes to obtain a second ciphertext.
In one possible embodiment, the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
In one possible embodiment, the connectionless protocol comprises a connectionless protocol comprising: UDP, ICMP.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. An encrypted communication method applied to a client is characterized by comprising the following steps:
initiating a request message of an encryption protocol to a server so that the server sends a response message of the encryption protocol corresponding to the request message, wherein the response message comprises a secret key;
receiving the response message, and analyzing the response message to obtain the secret key;
acquiring a first plaintext;
encrypting the first plaintext by using the key to obtain a first ciphertext;
sending the first ciphertext to the server by using a connectionless protocol;
and receiving a second ciphertext sent by the server, and decrypting the second ciphertext by using the key to obtain a second plaintext.
2. The encrypted communication method according to claim 1,
the step of encrypting the plaintext by using the key to obtain a first ciphertext comprises:
performing exclusive or operation on the first plaintext and the secret key according to bytes to obtain the first ciphertext;
the step of decrypting the second ciphertext by using the key to obtain a second plaintext includes:
and executing exclusive OR operation on the second ciphertext and the key according to bytes to obtain the second plaintext.
3. The encrypted communication method according to claim 1, wherein the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
4. The encrypted communication method according to claim 1, wherein the connectionless protocol comprising a connectionless protocol comprises: UDP, ICMP.
5. An encryption communication method applied to a server side is characterized by comprising the following steps:
responding to a request message of an encryption protocol sent by a client, randomly generating a secret key, and generating a response message of the encryption protocol corresponding to the request message according to the secret key;
sending the response message to a client;
receiving a first ciphertext sent by a client;
decrypting the first ciphertext by using the key to obtain a first plaintext;
acquiring a second plaintext;
encrypting the second plaintext by using the key to obtain a second ciphertext;
and transmitting the second ciphertext to the client using a connectionless protocol.
6. The encrypted communication method according to claim 5, wherein the step of decrypting the first ciphertext using the key to obtain a first plaintext comprises:
performing exclusive or operation on the first ciphertext and the key according to bytes to obtain a first plaintext;
the step of encrypting the second plaintext by using the key to obtain a second ciphertext comprises:
and executing exclusive OR operation on the second plaintext and the key according to bytes to obtain the second ciphertext.
7. The encrypted communication method according to claim 5, wherein the encryption protocol includes: one of an HTTPS protocol and a DTLS protocol.
8. The encrypted communication method according to claim 5, wherein the connectionless protocol comprising a connectionless protocol comprises: UDP, ICMP.
9. An encryption communication apparatus applied to a client, comprising:
a first sending module, configured to initiate a request packet of an encryption protocol to a server by a first point, so that the server sends a response packet of the encryption protocol corresponding to the request packet, where the response packet includes a secret key;
the first receiving module is used for receiving the response message and analyzing the response message to obtain the secret key;
the first obtaining module is used for obtaining a first plaintext;
the first encryption module is used for encrypting the first plaintext by using the secret key to obtain a first ciphertext;
the first sending module is further configured to send the first ciphertext to the server using a connectionless protocol;
the first receiving module is further used for receiving a second ciphertext sent by the server;
the device further comprises: and the first decryption module is used for decrypting the second ciphertext by using the key to obtain a second plaintext.
10. An encryption communication device applied to a server side, comprising:
the generating module is used for responding to a request message of an encryption protocol sent by a client, randomly generating a secret key and generating a response message of the encryption protocol corresponding to the request message according to the secret key;
the second sending module is used for sending the response message to the client;
the second receiving module is used for receiving the first ciphertext sent by the client;
the second decryption module is used for decrypting the first ciphertext by using the key to obtain a first plaintext;
the second obtaining module is used for obtaining a second plaintext;
the second encryption module is used for encrypting the second plaintext by using the secret key to obtain a second ciphertext;
the second sending module is further configured to send the second ciphertext to the client using a connectionless protocol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637290.7A CN114006697A (en) | 2021-12-30 | 2021-12-30 | Encrypted communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637290.7A CN114006697A (en) | 2021-12-30 | 2021-12-30 | Encrypted communication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114006697A true CN114006697A (en) | 2022-02-01 |
Family
ID=79932197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111637290.7A Pending CN114006697A (en) | 2021-12-30 | 2021-12-30 | Encrypted communication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006697A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6377691B1 (en) * | 1996-12-09 | 2002-04-23 | Microsoft Corporation | Challenge-response authentication and key exchange for a connectionless security protocol |
| CN101277192A (en) * | 2008-04-25 | 2008-10-01 | 华为技术有限公司 | Method and system for checking client terminal |
| CN112003879A (en) * | 2020-10-22 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Data transmission method for virtual scene, computer device and storage medium |
| CN112187832A (en) * | 2020-11-03 | 2021-01-05 | 北京指掌易科技有限公司 | Data transmission method and electronic equipment |
-
2021
- 2021-12-30 CN CN202111637290.7A patent/CN114006697A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6377691B1 (en) * | 1996-12-09 | 2002-04-23 | Microsoft Corporation | Challenge-response authentication and key exchange for a connectionless security protocol |
| CN101277192A (en) * | 2008-04-25 | 2008-10-01 | 华为技术有限公司 | Method and system for checking client terminal |
| CN112003879A (en) * | 2020-10-22 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Data transmission method for virtual scene, computer device and storage medium |
| CN112187832A (en) * | 2020-11-03 | 2021-01-05 | 北京指掌易科技有限公司 | Data transmission method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| EP1223705B1 (en) | Methods and systems for generating encryption keys using random bit sequences | |
| CN111245802B (en) | Data transmission security control method, server and terminal | |
| WO2017045552A1 (en) | Method and device for loading digital certificate in ssl or tls communication | |
| EP3205048B1 (en) | Generating a symmetric encryption key | |
| JP2017063432A (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
| JP6764753B2 (en) | Systems and methods for efficient and confidential symmetric encryption on channels with limited bandwidth | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN113067828A (en) | Message processing method and device, server, computer equipment and storage medium | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN108632296B (en) | Dynamic encryption and decryption method for network communication | |
| EP3673610B1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN111131282B (en) | Request encryption method and device, electronic equipment and storage medium | |
| WO2016056988A1 (en) | Mutual authentication | |
| Lu et al. | A complex encryption system design implemented by AES | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| Shirole et al. | Review paper on data security in cloud computing environment | |
| Kumar et al. | A novel framework for secure file transmission using modified AES and MD5 algorithms | |
| KR101934899B1 (en) | Authenticated encryption device and method thereof | |
| CN114006697A (en) | Encrypted communication method and device | |
| CN110784480A (en) | Data transmission method, system, equipment and storage medium | |
| CN112564969A (en) | Information transmission method, system and related device in simple network management protocol | |
| CN114978564B (en) | Data transmission method and device based on multiple encryption | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN112653698B (en) | Communication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220201 |