CN114006736A - Instant communication message protection system and method based on hardware password equipment - Google Patents
Instant communication message protection system and method based on hardware password equipment Download PDFInfo
- Publication number
- CN114006736A CN114006736A CN202111234494.6A CN202111234494A CN114006736A CN 114006736 A CN114006736 A CN 114006736A CN 202111234494 A CN202111234494 A CN 202111234494A CN 114006736 A CN114006736 A CN 114006736A
- Authority
- CN
- China
- Prior art keywords
- client
- key
- message
- hardware
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 title claims abstract description 18
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims abstract description 10
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 7
- 238000007726 management method Methods 0.000 claims abstract description 7
- 238000013500 data storage Methods 0.000 claims abstract description 5
- 238000012545 processing Methods 0.000 claims description 5
- 230000001960 triggered effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 13
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000002085 persistent effect Effects 0.000 description 3
- 238000009795 derivation Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/07—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
- H04L51/10—Multimedia information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an instant communication message protection system and method based on hardware password equipment, wherein the system comprises: the system comprises a first client, a second client and a server, wherein the server is used for providing a channel for signature verification through bidirectional authentication between the client and the server, the first client and the second client are respectively connected with a hardware password device and used for opening a private space, acquiring an encryption key and a session key and encrypting and decrypting an instant communication message, and the hardware password device comprises a true random number generator, a key management module, a data storage module and an authentication module. The invention has the beneficial effects that: the problem of information leakage in the transmission process of the instant messaging messages of the intelligent terminal is solved, the encryption mode of software and hardware free combination is adopted in the encryption process, the confidentiality of the instant messaging messages is enhanced, the transmission safety of the instant messaging messages is guaranteed, and the safety level of session information is improved.
Description
Technical Field
The invention relates to the field of instant message security protection of a mobile intelligent terminal, in particular to an instant communication message protection system and method based on hardware password equipment.
Background
Instant Messaging (Instant Messaging) is the most popular communication mode on the Internet at present, and utilizes an Internet line to effectively save the time and the economic cost of two communication parties through information exchange and interaction of characters, voice, video and files. Various instant messaging software also emerges endlessly at present; however, most instant messaging systems are open, so that the information transmission process and the information receiving terminal are easy to have the danger of information theft. In general, two methods for instant messaging protection include communication channel encryption, such as VPN channel encryption, and information source encryption, where an instant message is sent after being converted into a ciphertext.
The existing instant communication message encryption technology generally solves the stealing risk of instant communication messages from a signal source or an information transmission channel, generally converts signals into a form of ciphertext and sends the ciphertext out from the signal source, but the form is easy to steal, once a stealer masters a decryption method of the ciphertext, such as decryption of a symmetric key, the message is protected in the same way as a nominal way due to the same decryption key. For the information transmission channel, the purpose of safely sending out the message can be achieved by establishing the information encryption safety channel, but the cost is high, and once the encryption transmission channel is cracked, the safe transmission of the data cannot be guaranteed.
Disclosure of Invention
According to the characteristics of the prior art, the technical scheme of the invention combines the efficiency of software encryption files and the security of hardware encryption, encrypts different message contents in different software and hardware combination modes, and encrypts the message contents for multiple times, thereby effectively improving the security in the message transmission process. The technical scheme is as follows.
The invention provides an instant communication message protection method based on hardware password equipment. The method has the advantages that local data are encrypted, and the text data with small transmission quantity are directly encrypted by using hardware password equipment, so that the safety is ensured, and the encryption rate is not delayed. The method comprises the steps of firstly carrying out hardware encryption on key parts of pictures, voice or videos with large transmission quantity, and then carrying out free combined encryption on the rest files in a mode of mainly using software and combining the software and the hardware; after the local encryption is finished, a session key is added on the channels of the two parties, the encrypted message content is encrypted again, and then the transmission is carried out. The invention processes the instant message by using a software and hardware encryption method, not only encrypts the information content, but also encrypts the information channel, thereby effectively saving the cost and improving the efficiency and the safety of the instant communication information.
The invention has the beneficial effects that: the protection of the instant messaging message provided by the invention is carried out based on the hardware password equipment, the problem of information leakage in the transmission process of the instant messaging message of the intelligent terminal is solved, and the key generated by the hardware password equipment cannot be copied out of the hardware equipment, so that the key is prevented from being stolen.
In addition, the invention adopts an encryption mode of freely combining software and hardware in the encryption process of the instant message, and adopts hardware encryption to key parts, thereby enhancing the confidentiality of the instant communication message, ensuring the transmission safety of the instant communication message and improving the safety level of session information.
In addition, the encryption keys of software and hardware in the file encryption process are different, so that the security of the ciphertext is improved.
Drawings
Fig. 1 is a system configuration diagram of an instant messaging server and a client based on a hardware cryptographic device.
Fig. 2 is a diagram of bidirectional authentication between an instant messaging client and a backend server based on a hardware cryptographic device.
Fig. 3 is a flow diagram of an instant messaging session establishment based on a hardware cryptographic device.
Fig. 4 is a flow diagram of an instant messaging message forwarding message based on a hardware cryptographic device.
Fig. 5 is a flow diagram of instant messaging message login and sending a message based on a hardware password device.
Fig. 6 is a flow chart of burning after reading instant messaging messages based on a hardware password device.
Detailed Description
The embodiments of the invention will be described in detail below with reference to the drawings, but the invention can be implemented in many different ways as defined and covered by the claims.
FIG. 1 is a system architecture diagram of an instant messaging server and a client based on a hardware cryptographic device; the components of the method comprise three types: a first client (client a), a second client (client B) and a server.
The client is connected with a hardware password device and is used for opening a private space, acquiring an encryption key and a session key and encrypting and decrypting an instant communication message. In addition, a channel for signature verification is provided for bidirectional authentication of the client and the server.
The server comprises a forwarding server and an application background server; the forwarding server is used for forwarding the encrypted message, and the background server is used for authenticating the identity of the client and the identity of the hardware password device bound by the client, so that the reliability of the inserted hardware password device is ensured.
The hardware password device comprises a true random number generator, a key management module, a data storage module and an authentication module.
The true random number generator is used to generate random numbers for composing dynamic factors in the conversation package in the instant message.
The key management module is used for generating various encryption keys, and is triggered by derivative factors of the client. Including software encryption keys, hardware encryption keys, and session keys.
The data storage module is used for storing various encrypted files, videos and the like so as to provide a safe protection area.
The authentication module is used for providing encryption information for the bidirectional authentication of the client and the server so as to ensure the security of the authentication information.
Fig. 2 is a flowchart of key agreement mutual authentication between an instant messaging client and a server based on a hardware cryptographic device; when the mobile phone security chip is inserted, the client (i.e. the mobile phone) with the security chip performs mutual authentication with the server side, and the SM2 algorithm is adopted.
The client and the server exchange public keys with each other, and then respectively store the public key of the other party and the private key of the own party in the hardware password device so as to ensure that the signature verification or encryption and decryption process is in a physically isolated environment.
The interaction process of the client and the server is as follows:
firstly, a client encrypts service data (including APP loading identification serial No, type serial type, login user name and version number versioname) by using a symmetric secret key temporarily generated by a system to form dataEncrypt; then, the private key of the client is used for signing the dataEncrypt and the timestamp to form authCode; and finally, encrypting the temporarily generated symmetric secret key by using the public key of the server side to form keyEncrypt, and sending the keyEncrypt to the server side.
The server side first receives the authCode and the keyEncrypt sent by the client side. And (4) verifying the authCode by using the public key of the client, and confirming the integrity and the reliability of the received data. If the verification is successful, a private key of the server end is used for decrypting the keyEncrypt to obtain a symmetric secret key, then the symmetric secret key is used for decrypting the service data, after the service processing successfully enters an authentication stage of the server, the service data (APP loading identification serial No, type serial type, sessionKey, login user name, Token and sessionOuttime) of the server end is encrypted by the symmetric secret key temporarily generated by the server end to form dataEncrypt in the same way; then, a private key of the server side is used for signing the dataEncrypt and the timestamp to form authCode; and finally, encrypting the temporarily generated symmetric key by using the client public key to form keyEncrypt. And sends it to the client.
Similarly, after receiving the authCode and the keyEncrypt sent by the server, the client firstly uses the public key of the server to check the authCode, confirms the integrity and reliability of the received data, and then uses the private key of the client to decrypt the keyEncrypt to obtain the symmetric key, and then uses the symmetric key to decrypt the service data from the server.
It is added that if there is no verification or the verification fails in the validity period, sessionkeyken needs to be refreshed for authentication.
Fig. 3 is a flow chart of an instant messaging session established based on a hardware cryptographic device. Firstly, when two parties establish a session window, the two parties establish a session handle, a session packet is formed by a registration code of the two parties, a unique code in a server account number, a hardware SN number and a random factor randomly generated in sender hardware, and then a derivative factor S1 is generated, and the derivative factor exchanges with hardware cryptographic equipment to acquire a key for encrypting and decrypting an instant message and a session key for encrypting session content.
The system derives different keys according to different file types, derives different keys for message types, such as small text data (less than 32K, default to 32K, wherein the small text data can be customized by a user) such as voice, short messages and the like, derives a hardware encryption key by a key management module, completes an encryption process in hardware, and then forwards the hardware encryption key; if the message text is a large or medium message text such as a video or a document, the hardware password device can generate a software encryption key at the same time, in order to ensure the security of the software encryption key, the hardware password device adopts asymmetric encryption and then forwards the encrypted message text to the client, and the client decrypts the encrypted message text to obtain the software encryption key. The hardware cryptographic device then hardware encrypts key information of the file header.
The format header is encrypted by default for a file type, the key frame is encrypted by default for a video, the rest part is generally encrypted by a method of combining software and hardware encryption, wherein the hardware encryption device is integrated with an encryption software algorithm, the software encryption and the hardware encryption are both performed in the hardware encryption device at the moment, the independence of an encryption space is ensured, in addition, the software encryption and the hardware encryption mainly correspond to different scenes, and mainly lie in that the derivation modes of keys are different, so that cryptographs obtained by the software encryption and the hardware encryption are different and cannot be mutually encrypted and decrypted, and the safety of messages is ensured. After the encryption of the message is completed, the hardware password equipment carries out re-encryption processing on the encrypted message by deriving the window session key, and then sends the message after the re-encryption processing is completed.
Fig. 4 is a flow chart of instant messaging message forwarding message based on hardware password equipment. Assume that the user of the first client is user a, user B of the user of the second client, and user C of the third client.
When a user A communicates with a user B, if a message needs to be forwarded to a user C, the user B is required to exit a session window with the user A and establish the session window with the user C.
Due to the change of the user in the session window, the session packet will change with the change of the random number, the session ID of both parties, the unique background code, etc., resulting in different derivation factors, and further the key for encrypting the file and the information of the encryption window will change, so the ciphertext message in the session window between the user a and the user B cannot be decrypted by the user C, so the user B is required to decrypt S2 sent by the user a by using the own session key to obtain S1, then the message content is decrypted by using the file software and hardware decryption key, and after the decryption is completed, the session window needs to be established with the user C again.
Firstly, both sides create session handles, acquire registration codes of a user C and a user B, hardware SN numbers, unique codes in server account numbers and random numbers newly generated by both sides for packaging, generate new derivative factors, interact with hardware password equipment to acquire a hardware encryption key and a software encryption key, and similarly, encrypt pure hardware for small files (less than 32K, default to 32K, wherein the small files can be defined by users) to protect the security; for a larger file (greater than or equal to 32K), the file format header or the video key frame is subjected to hardware encryption processing by default, the remaining bytes are subjected to free-combination software and hardware encryption to obtain a ciphertext S3, then the session key is used for encrypting the S3 to obtain S4, and the ciphertext is forwarded to the user C by the server.
Similarly, if the user a forwards the message to the user C, steps such as reestablishing the session window are also required.
Fig. 5 is a flow chart illustrating instant messaging message login and sending a message based on a hardware password device. The specific process is as follows:
firstly, a user can obtain an authorization code from an authorization module after logging in, if authorization passes, jwt is returned, the user can connect an access module in a jwttokken form after receiving jwt, meanwhile, the authorization module can authenticate the accessed user and determine whether the user is the user authorized by the user, if authorization is successful, a message can be sent to the connection access module, the connection access module returns an ack confirmation character to the user to indicate that data is received,
the connection access module forwards the message to the routing module, the routing module transmits the data to a database module (DB module) according to whether the data is persistent, if the data is persistent successfully, the persistent successfully message is returned to the routing module, the routing module then searches dispatch information (dispatch) of the user on line, and forwards the message sent by the sending end to the user module after finding the dispatch information.
Fig. 6 is a flow chart of burning after reading instant messaging messages based on a hardware password device. The specific process is as follows:
the user A of the first client can edit various types of message contents including video, audio, pictures, documents, emoticons and other files, and the burn-after-reading time of different files is given according to different file types. Then the client transmits various messages to the hardware password equipment, the hardware password equipment encrypts the message content, the message content is returned to the client after the encryption, the client packages the message receiver, the burned suffix destruct after reading and the message content, and the message is transmitted to the server.
After receiving the message, the server searches for the user B of the second client, judges whether the user B of the second client is online or not, directly forwards the message to the user B of the second client if the user B of the second client is online, sends a push message to the user B of the second client if the user B of the second client is not online, and receives an offline message after the user B of the second client logs in.
After receiving the message, the user B of the second client side firstly checks the message suffix, identifies the burning time after reading of the checked message, then decrypts the message content by the hardware password equipment, sends the checked event to the user A of the first client side after checking of the user B of the second client side, and deletes the message content after the countdown of the burning time after reading is finished.
And after receiving the message forwarded by the user B of the second client, the user A of the first client deletes the message source file immediately.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An instant communication message protection method based on hardware password equipment is characterized in that a client side with a security chip and a server side carry out bidirectional authentication, specifically, the client side and the server side exchange public keys with each other firstly, then the public key of the other side and the private key of the own side are respectively stored in the hardware password equipment to ensure that a signature verification process or an encryption and decryption process is in a physically isolated environment, and the instant communication message protection method based on the hardware password equipment under the environment comprises the following steps:
the client side firstly encrypts the service data by using a symmetric secret key temporarily generated by the system to form dataEncrypt; then, the private key of the client is used for signing the dataEncrypt and the timestamp to form authCode; finally, the temporarily generated symmetric secret key is encrypted by using the public key of the server side to form keyEncrypt, and the keyEncrypt is sent to the server side;
the server side firstly receives the authCode and the keyEncrypt sent by the client side, checks the authCode by using a public key of the client side, confirms the integrity and reliability of received data, decrypts the keyEncrypt by using a private key of the server side if the verification is successful to obtain a symmetric key, decrypts the service data by using the symmetric key, and enters an authentication stage of the server after the service processing is successful;
the service data of the server end is encrypted by using a symmetric secret key temporarily generated by the server end to form dataEncrypt; then, a private key of the server side is used for signing the dataEncrypt and the timestamp to form authCode; finally, the temporarily generated symmetric secret key is encrypted by using the client public key to form keyEncrypt, and the keyEncrypt is sent to the client;
similarly, after receiving the authCode and the keyEncrypt sent by the server, the client firstly uses the public key of the server to check the authCode, confirms the integrity and reliability of the received data, and then uses the private key of the client to decrypt the keyEncrypt to obtain the symmetric key, and then uses the symmetric key to decrypt the service data from the server.
2. The personal data protection system of claim 1, wherein when the authCode is verified, if the verification is not performed or fails within the validity period, the sessionKey token needs to be refreshed for authentication.
3. The instant messaging message protection method of claim 1, further comprising the step of establishing a session between two clients by instant messaging, the steps comprising:
when a session window of a first client is established, a session handle is established, a random factor is generated to form a session packet, a first derived factor is further generated, and the first derived factor and hardware password equipment exchange to obtain a key for encrypting and decrypting the instant message and a session key for encrypting session content;
the hardware password equipment can carry out hardware encryption on the file;
after the file is encrypted, the hardware password equipment derives a window session key, re-encrypts the encrypted file through the window session key, and sends information after re-encryption.
4. The instant messaging message protection method of claim 3, wherein the hardware cryptographic device derived keys are separately processed from a file:
for local file encryption, the system derives different keys according to different file types;
for small text data, a hardware encryption key is derived by a key management module, an encryption process is completed in hardware, and then forwarding is carried out;
for medium and large message texts, the hardware password equipment can generate a software encryption key at the same time, in order to ensure the security of the software encryption key, the hardware password equipment adopts asymmetric encryption and then forwards the hardware encryption key to the client, and the client decrypts the hardware encryption key to obtain the software encryption key.
5. The instant messaging message protection method of claim 4, further comprising a software and hardware combined encryption method, comprising the steps of:
the method comprises the steps of firstly encrypting a format header of a file or a key frame of a video, and mainly encrypting the rest part by software, wherein an encryption soft algorithm is integrated in hardware password equipment, and at the moment, the software encryption and the hardware encryption are both carried out in the hardware password equipment, so that the independence of an encryption space is guaranteed.
6. The instant messaging message protection method of claim 3, further comprising a method of instant messaging message forwarding, comprising the steps of: if the first client or the second client needs to forward the message to the third client, the second client is required to quit the session window with the first client and establish the session window with the third client;
and the second client decrypts the second ciphertext sent by the first client by using the session key of the second client to obtain the first ciphertext, decrypts the message content by using the software and hardware decryption key, and needs to establish a session window with the third client again after the decryption is completed.
7. The instant messaging message protection method of claim 3, further comprising a burn-after-message method comprising the steps of:
when the first client edits the message content, giving the burn time after reading;
the first client transmits the message to the hardware password device, the hardware password device encrypts the message content, the message content is returned to the first client after the encryption, the first client packages the message receiver, the suffix destruct which is burned after reading and the message content, and the message is transmitted to the server;
and after receiving the message, the server searches for the second client and judges whether the user of the second client is online, if so, the server directly forwards the message to the second client, if not, the server sends a push message to the second client, and the user of the second client receives an offline message after logging in.
8. The method according to claim 7, wherein the message is received by the second client, and then the message suffix is checked, the burn-after-reading time after the message is checked is identified, then the message content is decrypted by the hardware cryptographic device, the second client sends the checked event to the first client after the message is checked, and the message content is deleted after the burn-after-reading time countdown is finished.
9. An instant messaging message protection system based on a hardware cryptographic device, the system comprising: the system comprises a first client, a second client and a server, wherein the server is used for providing a channel for signature verification through bidirectional authentication between the client and the server, and the first client and the second client are respectively connected with a hardware password device and are used for starting a private space, acquiring an encryption key and a session key and encrypting and decrypting an instant communication message; the hardware password equipment comprises a true random number generator, a key management module, a data storage module and an authentication module; wherein:
the true random number generator is used for generating random numbers which are used for forming dynamic factors in a conversation packet in the instant message;
the key management module is used for generating various encryption keys, and the keys are triggered by derivative factors of the client and comprise: a software encryption key, a hardware encryption key, and a session key;
the data storage module is used for storing various encrypted files and videos and providing a safe protection area;
the authentication module is used for providing encryption information for the bidirectional authentication of the client and the server so as to ensure the security of the authentication information.
10. The instant messaging message protection system of claim 9, wherein the server comprises a forwarding server and an application backend server, the forwarding server is configured to forward encrypted messages, and the backend server is configured to authenticate the identity of the client and the identity of the hardware cryptographic device bound by the client, thereby ensuring the authenticity of the inserted hardware cryptographic device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111234494.6A CN114006736A (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111234494.6A CN114006736A (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114006736A true CN114006736A (en) | 2022-02-01 |
Family
ID=79923795
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111234494.6A Pending CN114006736A (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006736A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001713A (en) * | 2022-06-10 | 2022-09-02 | 王爽 | Instant message encryption system based on commercial cryptographic algorithm in medical field |
| CN115189929A (en) * | 2022-06-27 | 2022-10-14 | 苏州华兴源创科技股份有限公司 | Method, device, computer equipment and storage medium for authorization authentication |
| CN116319949A (en) * | 2022-12-19 | 2023-06-23 | 北京开科唯识技术股份有限公司 | Session migration method, session migration device, terminal equipment and storage medium |
| CN116596542A (en) * | 2023-05-24 | 2023-08-15 | 广东科谊网络技术有限公司 | Mobile secure payment method and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040097717A (en) * | 2003-05-13 | 2004-11-18 | 펜타시큐리티시스템 주식회사 | Method and system for transporting session key |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| EP2011301A1 (en) * | 2006-04-10 | 2009-01-07 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission. |
| US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN108400867A (en) * | 2017-02-07 | 2018-08-14 | 中国科学院沈阳计算技术研究所有限公司 | A kind of authentication method based on public encryption system |
| CN111030814A (en) * | 2019-12-25 | 2020-04-17 | 杭州迪普科技股份有限公司 | Key negotiation method and device |
| CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
| CN112637157A (en) * | 2020-12-14 | 2021-04-09 | 国网电动汽车服务有限公司 | Access method of credible battery replacement equipment |
| CN113472793A (en) * | 2021-07-01 | 2021-10-01 | 中易通科技股份有限公司 | Personal data protection system based on hardware password equipment |
-
2021
- 2021-10-22 CN CN202111234494.6A patent/CN114006736A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040097717A (en) * | 2003-05-13 | 2004-11-18 | 펜타시큐리티시스템 주식회사 | Method and system for transporting session key |
| EP2011301A1 (en) * | 2006-04-10 | 2009-01-07 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission. |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN108400867A (en) * | 2017-02-07 | 2018-08-14 | 中国科学院沈阳计算技术研究所有限公司 | A kind of authentication method based on public encryption system |
| CN111030814A (en) * | 2019-12-25 | 2020-04-17 | 杭州迪普科技股份有限公司 | Key negotiation method and device |
| CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
| CN112637157A (en) * | 2020-12-14 | 2021-04-09 | 国网电动汽车服务有限公司 | Access method of credible battery replacement equipment |
| CN113472793A (en) * | 2021-07-01 | 2021-10-01 | 中易通科技股份有限公司 | Personal data protection system based on hardware password equipment |
Non-Patent Citations (2)
| Title |
|---|
| MCC TF160: "R5-201586 "Updates to MCX generic test procedures and default message contents"", 3GPP TSG_RAN\\WG5_TEST_EX-T1, no. 5, 8 May 2020 (2020-05-08) * |
| 刘壮;郭荷清;张娟娟;: "基于公钥的Kerberos分布式认证方法研究", 计算机工程与应用, no. 04, 1 February 2006 (2006-02-01) * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001713A (en) * | 2022-06-10 | 2022-09-02 | 王爽 | Instant message encryption system based on commercial cryptographic algorithm in medical field |
| CN115001713B (en) * | 2022-06-10 | 2023-08-25 | 深圳市马博士网络科技有限公司 | Instant message encryption system based on commercial cryptographic algorithm in medical field |
| CN115189929A (en) * | 2022-06-27 | 2022-10-14 | 苏州华兴源创科技股份有限公司 | Method, device, computer equipment and storage medium for authorization authentication |
| CN115189929B (en) * | 2022-06-27 | 2024-06-07 | 苏州华兴源创科技股份有限公司 | Authorization authentication method, device, computer equipment and storage medium |
| CN116319949A (en) * | 2022-12-19 | 2023-06-23 | 北京开科唯识技术股份有限公司 | Session migration method, session migration device, terminal equipment and storage medium |
| CN116319949B (en) * | 2022-12-19 | 2023-11-14 | 北京开科唯识技术股份有限公司 | Session migration method, session migration device, terminal equipment and storage medium |
| CN116596542A (en) * | 2023-05-24 | 2023-08-15 | 广东科谊网络技术有限公司 | Mobile secure payment method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104796265B (en) | A kind of Internet of Things identity identifying method based on Bluetooth communication access | |
| US7095851B1 (en) | Voice and data encryption method using a cryptographic key split combiner | |
| CN107888560B (en) | Mail safe transmission system and method for mobile intelligent terminal | |
| CN114006736A (en) | Instant communication message protection system and method based on hardware password equipment | |
| US5440635A (en) | Cryptographic protocol for remote authentication | |
| JP4689815B2 (en) | Data authentication method, message transmission method, and distributed system | |
| US7542569B1 (en) | Security of data connections | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| WO2009155781A1 (en) | Method and system of transmitting the encrypted information | |
| US20090287929A1 (en) | Method and apparatus for two-factor key exchange protocol resilient to password mistyping | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN112564906A (en) | Block chain-based data security interaction method and system | |
| JP2001177513A (en) | Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| CN113452687A (en) | Method and system for encrypting sent mail based on quantum security key | |
| CN112332986A (en) | Private encryption communication method and system based on authority control | |
| CN110740116A (en) | multi-application identity authentication system and method | |
| CN114553441A (en) | Electronic contract signing method and system | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| CN116709325B (en) | Mobile equipment security authentication method based on high-speed encryption algorithm | |
| JPH0969831A (en) | Cipher communication system | |
| US20020184501A1 (en) | Method and system for establishing secure data transmission in a data communications network notably using an optical media key encrypted environment (omkee) | |
| CN111698203A (en) | Cloud data encryption method | |
| US11265298B2 (en) | Method for end-to-end transmission of a piece of encrypted digital information, application of this method and object implementing this method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |