CN114006736B - Instant communication message protection system and method based on hardware password equipment - Google Patents
Instant communication message protection system and method based on hardware password equipment Download PDFInfo
- Publication number
- CN114006736B CN114006736B CN202111234494.6A CN202111234494A CN114006736B CN 114006736 B CN114006736 B CN 114006736B CN 202111234494 A CN202111234494 A CN 202111234494A CN 114006736 B CN114006736 B CN 114006736B
- Authority
- CN
- China
- Prior art keywords
- client
- key
- message
- server
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004891 communication Methods 0.000 title claims abstract description 13
- 230000008569 process Effects 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 claims abstract description 7
- 238000013500 data storage Methods 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 4
- 230000002457 bidirectional effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 11
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000002688 persistence Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/07—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
- H04L51/10—Multimedia information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an instant communication message protection system and method based on hardware cipher equipment, the system includes: the system comprises a first client, a second client and a server, wherein the server is used for providing a channel for signing and verifying labels by two-way authentication between the client and the server, the first client and the second client are respectively connected with a hardware password device for opening a private space, acquiring an encryption key and a session key and encrypting and decrypting instant communication messages, and the hardware password device comprises a true random number generator, a key management module, a data storage module and an authentication module. The invention has the beneficial effects that: the method solves the problem of information leakage in the transmission process of the instant messaging information of the intelligent terminal, adopts an encryption mode of free combination of software and hardware in the encryption process, enhances the confidentiality of the instant messaging information, ensures the safety of the transmission of the instant messaging information, and improves the safety level of session information.
Description
Technical Field
The invention relates to the field of instant message security protection of mobile intelligent terminals, in particular to an instant message protection system and method based on hardware password equipment.
Background
Instant messaging (INSTANT MESSAGING) is the most popular communication mode on the Internet at present, and utilizes the Internet line to communicate and interact through information of characters, voice, video and files, so that the time and economic cost of both communication parties are effectively saved. Various instant messaging software is also layered in the prior art; however, most instant messaging systems are public, so that the risk of information theft easily occurs during the transmission of information and at the information receiving terminal. Generally, the instant messaging protection method includes two methods, communication channel encryption, such as VPN dedicated channel encryption, and information source encryption, and the instant message is subjected to ciphertext conversion and then sent out.
The existing instant messaging message encryption technology generally solves the problem of stealing instant messaging messages from a signal source or an information transmission channel, and generally converts signals into a ciphertext form to be sent out from the signal source, but the form is very easy to steal, once a stealer grasps a ciphertext cracking method, such as symmetric key decryption, due to the same decryption key, the protection of the messages is similar to that of a dummy. For the information transmission channel, the information encryption security channel is established to achieve the purpose of safely sending out the information, but the cost is high, and once the encryption transmission channel is broken, the safe transmission of the data cannot be ensured.
Disclosure of Invention
According to the characteristics of the prior art, the technical scheme combines the efficiency of software encryption files and the safety of hardware encryption, encrypts different message contents in a mode of combining different software and hardware, encrypts the message contents for multiple times, and effectively improves the safety in the message transmission process. The method is realized by the following technical scheme.
The invention provides an instant messaging message protection method based on hardware password equipment. Firstly, local data is encrypted, and text data with smaller transmission quantity is directly encrypted by using hardware password equipment, so that the safety is ensured, and the encryption speed is not delayed. The method comprises the steps of firstly carrying out hardware encryption on key parts of pictures, voice or video with larger transmission quantity, and then carrying out free combination type encryption on the rest files in a mode of combining software with hardware; after local encryption is completed, a session key is added on the channels of both sides, and the encrypted message content is encrypted again and then transmitted. The invention processes the instant message by using the software and hardware encryption method, not only encrypts the information content, but also encrypts the information channel, thereby effectively saving the cost and improving the efficiency and the safety of the instant communication information.
The beneficial effects of the invention are as follows: the protection of the instant messaging information provided by the invention is based on the hardware password equipment, so that the problem of information leakage in the process of transmitting the instant messaging information of the intelligent terminal is solved, and the secret key generated by the hardware password equipment cannot be copied out of the hardware equipment, thereby preventing the secret key from being stolen.
In addition, the encryption process of the instant message adopts an encryption mode of free combination of software and hardware, and adopts hardware encryption to key parts, thereby enhancing the confidentiality of the instant message, ensuring the transmission safety of the instant message and improving the safety level of session information.
In addition, the software and hardware encryption keys in the file encryption process are different, so that the security of the ciphertext is improved.
Drawings
Fig. 1 is a system configuration diagram of an instant messaging server and a client based on a hardware cryptographic device.
Fig. 2 is a diagram of two-way authentication between an instant messaging client and a background server based on a hardware cryptographic device.
Fig. 3 is a flow chart of an instant messaging message establishment session based on a hardware cryptographic device.
Fig. 4 is a flow chart of instant messaging message forwarding based on a hardware cryptographic device.
Fig. 5 is a flow chart of instant messaging message login and sending a message based on a hardware cryptographic device.
Fig. 6 is a flow chart of burn after reading an instant messaging message based on a hardware cryptographic device.
Detailed Description
Embodiments of the invention are described in detail below with reference to the attached drawings, but the invention can be implemented in a number of different ways, which are defined and covered by the claims.
FIG. 1 is a system architecture diagram of an instant messaging server and client based on a hardware cryptographic device; the components of the material comprise three types: a first client (client a), a second client (client B), and a server.
The client is connected with a hardware password device and is used for opening the private space, acquiring the encryption key and the session key and encrypting and decrypting the instant communication message. In addition, a signature verification channel is provided for the mutual authentication of the client and the server.
The server comprises a forwarding server and an application background server; the forwarding server is used for forwarding the encrypted message, and the background server is used for authenticating the identity of the client and the identity of the hardware password equipment bound by the client, so that the reliability of the inserted hardware password equipment is ensured.
The hardware cipher device comprises a true random number generator, a key management module, a data storage module and an authentication module.
The true random number generator is used to generate random numbers for composing dynamic factors in session packages in instant messages.
The key management module is used for generating various encryption keys and is motivated by the derivative factors of the client. Including software encryption keys, hardware encryption keys, and session keys.
The data storage module is used for storing various encrypted files, videos and the like so as to provide a safe protection area.
The authentication module is used for providing encryption information for the bidirectional authentication of the client and the server so as to ensure the security of the authentication information.
FIG. 2 is a flow chart of a key agreement mutual authentication between an instant messaging client and a server based on a hardware cryptographic device; when the mobile phone security chip is inserted, the client (i.e. mobile phone) with the security chip performs two-way authentication with the server, and adopts the national secret SM2 algorithm.
The client and the server firstly exchange public keys, and then store the public key of the opposite party and the private key of the own party in hardware password equipment respectively so as to ensure that signature verification or encryption and decryption processes are in a physically isolated environment.
The interaction process of the client and the server is as follows:
The client firstly encrypts the service data (comprising APP loading identifier serialNo, type SERIALTYPE, login user name userName and version number versionName) by using a symmetric key temporarily generated by the system to form DATAENCRYPT; then signs DATAENCRYPT and the timestamp using the client's private key to form authCode; and finally, encrypting the temporarily generated symmetric key by using the public key of the server to form KEYENCRYPT, and sending the symmetric key to the server.
The server side will first receive authCode and KEYENCRYPT sent by the client side. And checking the signature of authCode by using the public key of the client to confirm the integrity and the reliability of the received data. If verification is successful, decrypting KEYENCRYPT by using a private key of the server side to obtain a symmetric key, decrypting the service data by using the symmetric key, and after the service processing is successful, entering an authentication stage of the server, encrypting the service data (APP loading identifier serialNo, type SERIALTYPE, SESSIONKEY, login user name, token and sessionOutTime) of the server side by using the symmetric key temporarily generated by the server side to form DATAENCRYPT; then, using a private key of the server side to sign DATAENCRYPT and the time stamp to form authCode; finally, the temporarily generated symmetric key is encrypted using the client public key to form KEYENCRYPT. And sends it to the client.
Similarly, after receiving authCode and KEYENCRYPT sent by the server, the client first uses the public key of the server to check authCode, to confirm the integrity and reliability of the received data, and after passing, uses the private key of the client to decrypt KEYENCRYPT to obtain the symmetric key, and then uses the symmetric key to decrypt the service data from the server.
It is added that if there is no verification or verification fails during the validity period, the refresh sessionKeytoken needs to be refreshed for authentication.
Fig. 3 is a flow chart of an instant messaging session establishment based on a hardware cryptographic device. Firstly, when a session window is established, the two parties create a session handle, a random factor is randomly generated in a registration code of the two parties, a unique code of a server account, a hardware SN number and sender hardware to form a session package, and then a derivative factor S1 is generated, and the derivative factor is exchanged with hardware password equipment to obtain a key for encrypting and decrypting the instant message and a session key for encrypting the session content.
The system derives different keys according to different file types for local file encryption, and derives hardware encryption keys by a key management module for message types such as small text data (less than 32K, defaults to 32K and can be customized by a user) such as voice, short messages and the like, and finishes an encryption process in hardware and then forwards the keys; if the information is a large-scale message text in a video, a document and the like, the hardware password equipment can generate a software encryption key at the same time, and in order to ensure the security of the software encryption key, the software encryption key is transmitted to a client after being encrypted asymmetrically in the hardware password equipment, and the client obtains the software encryption key after decrypting. The hardware cryptographic device then encrypts the key information of the file header in hardware.
The file type defaults to encrypt the format header, the video defaults to encrypt the key frame, the rest part generally adopts a method which mainly uses software and combines software and hardware encryption to encrypt, wherein the hardware encryption equipment integrates an encryption soft algorithm, at the moment, the software encryption and the hardware encryption are both carried out in the hardware encryption equipment, the independence of an encryption space is ensured, in addition, the software encryption and the hardware encryption mainly correspond to different scenes, and the key derivation mode is mainly inconsistent, so that the ciphertext obtained by the software encryption and the hardware encryption are different, the ciphertext cannot be mutually encrypted and decrypted, and the safety of the information is ensured. After the encryption of the information is finished, the hardware cipher device derives the window session key to re-encrypt the encrypted information, and then the information is sent after the completion.
Fig. 4 is a flow chart of instant messaging message forwarding based on a hardware cryptographic device. Assuming that the user of the first client is user a, the user of the second client is user B, and the user of the third client is user C.
When the user A communicates with the user B, if the message needs to be forwarded to the user C, the user B needs to exit the session window with the user A first, and the session window with the user C is established.
Because the user changes in the session window, the session package changes along with the changes of the random number, the session ID of both parties, the background unique code and the like, so that the derivative factors are different, and the keys for encrypting the file and encrypting the window information also change along with the changes, so that the ciphertext message in the session window of the user A and the user B cannot be decrypted by the user C, the user B firstly needs to decrypt the S2 sent by the user A by using the own session key to obtain S1, then the decryption key of the file software and hardware decrypts the message content, and the session window needs to be established with the user C again after the completion of the decryption process.
Firstly, establishing a session handle by both sides, acquiring a registration code of a user C and a user B, a hardware SN number, a unique code in a server account and a random number newly generated by both sides, packaging, generating a new derivative factor, and interactively acquiring a hardware encryption key and a software encryption key with hardware password equipment, and similarly, encrypting pure hardware for a small file (smaller than 32K and defaulting to 32K, wherein the user can customize the encryption to protect the security); and carrying out hardware encryption processing on a file format header or a video key frame of a relatively large file (more than or equal to 32K) by default, carrying out free combination type software and hardware encryption on the rest bytes to obtain a ciphertext S3, then encrypting the S3 by using a session key to obtain S4, and forwarding the S4 to a user C by a server.
Similarly, if the user a forwards the message to the user C, the session window needs to be re-established.
A flow chart for logging in and sending a message in instant messaging messages based on a hardware cryptographic device is shown in fig. 5. The specific flow is as follows:
Firstly, the user can acquire authorization code from the authorization module after logging in, if the authorization is passed, then the method returns jwt, the user can be connected with the access module in the form of jwttoken after receiving jwt, meanwhile, the authorization module can authenticate the accessed user, if the accessed user is the user authorized by the user, if the user is authorized by the user, the method can send message to the connection access module, the connection access module returns an ack confirmation character to the user, the data is received,
The connection access module forwards the message to the routing module, the routing module transmits the data to the database module (DB module) according to whether persistence is carried out, if persistence is successful, the message which is successful in persistence is returned to the routing module, the routing module then searches dispatch information (dispatch) of the user on line, and the message sent by the sending end is forwarded to the user module after the dispatch information is found.
Fig. 6 is a flow chart of burn after reading instant messaging messages based on a hardware cryptographic device. The specific flow is as follows:
The user A of the first client can edit various types of message contents, including files such as video, audio, pictures, documents, expression packages and the like, and the burn-after time of different files is given according to different file types. And then the client transmits various messages to the hardware password equipment, the hardware password equipment encrypts the message content, the message content returns to the client after the encryption, and the client packages the message receiver, the suffix destruct burnt after reading and the message content to finish the message forwarding to the server.
After receiving the message, the server searches for the user B of the second client, judges whether the user B of the second client is online, if so, directly forwards the message to the user B of the second client, and if not, sends a push message to the user B of the second client, and after logging in, receives an offline message.
After receiving the message, the user B of the second client firstly checks the message suffix, identifies the burn-after time after the message is checked, then decrypts the message content by the hardware password equipment, sends the checked event to the user A of the first client after checking, and deletes the message content after the burn-after time is counted down.
And after receiving the message forwarded by the user B of the second client, the user A of the first client immediately deletes the message source file.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. An instant communication message protection system based on hardware cipher device is characterized in that,
The system comprises: the system comprises a first client, a second client and a server, wherein the server is used for providing a channel for signature verification by two-way authentication between the client and the server, and the first client and the second client are respectively connected with a hardware password device for opening a private space, acquiring an encryption key and a session key and encrypting and decrypting instant communication messages; the hardware password equipment comprises a true random number generator, a key management module, a data storage module and an authentication module; wherein: the true random number generator is used for generating random numbers and forming dynamic factors in session packets in the instant messages; the key management module is used for generating various encryption keys, the encryption keys are motivated by the derivative factors of the client, and the generated keys comprise: a software encryption key, a hardware encryption key, and a session key; the data storage module is used for storing various encrypted files and videos and providing a safe protection area; the authentication module is used for providing encryption information for the bidirectional authentication of the client and the server so as to ensure the security of the authentication information; the server comprises a forwarding server and an application background server, wherein the forwarding server is used for forwarding encrypted messages, and the background server is used for authenticating the identity of the client and the identity of the hardware password equipment bound by the client so as to ensure the reliability of the inserted hardware password equipment; the instant messaging message protection system is used for realizing an instant messaging message protection method;
the method for protecting instant communication information includes that a client side with a security chip and a server side can carry out two-way authentication, specifically, the client side and the server side can exchange public keys, then the public keys of the opposite side and private keys of the opposite side are respectively stored in hardware password equipment so as to ensure that signature verification or encryption and decryption processes are carried out in a physically isolated environment, and the instant communication information is protected under the environment, and the method comprises the following steps:
Firstly, a client encrypts service data by using a symmetric key temporarily generated by a system to form DATAENCRYPT; then signs DATAENCRYPT and the timestamp using the client's private key to form authCode; finally, encrypting the temporarily generated symmetric key by using the public key of the server to form KEYENCRYPT, and sending the symmetric key to the server;
the server firstly receives authCode and KEYENCRYPT sent by the client, performs signature verification on authCode by utilizing a public key of the client, confirms the integrity and reliability of received data, decrypts KEYENCRYPT by using a private key of the server if verification is successful to obtain a symmetric key, decrypts service data by using the symmetric key, and enters an authentication stage of the server after service processing is successful;
The service data of the server end is encrypted by using a symmetric key temporarily generated by the server end to form DATAENCRYPT, and then the private key of the server end is used for signing DATAENCRYPT and the time stamp to form authCode; finally, the client public key is used for encrypting the temporarily generated symmetric key to form KEYENCRYPT, and the symmetric key is sent to the client;
Similarly, after receiving authCode and KEYENCRYPT sent by the server, the client first uses the public key of the server to check authCode, to confirm the integrity and reliability of the received data, and after passing, uses the private key of the client to decrypt KEYENCRYPT to obtain the symmetric key, and then uses the symmetric key to decrypt the service data from the server.
2. The instant messaging protection system of claim 1, wherein the authentication is required to be refreshed sessionKey token if the authentication is authCode performed without verification or if the verification fails within a validity period.
3. The instant messaging protection system of claim 1, further comprising a method for establishing a session of an instant messaging message, wherein the session is established between two clients, the steps comprising:
When a session window of a first client is established, a session handle is created, a random factor is generated to form a session package, a first derivative factor is further generated, and the first derivative factor is exchanged with hardware password equipment to obtain a key for encrypting and decrypting the instant message and a session key for encrypting session content;
the hardware password equipment encrypts the file in hardware;
After the encryption of the file is completed, the hardware password equipment derives a window session key, the encrypted file is subjected to re-encryption processing through the window session key, and information is sent after the re-encryption is completed.
4. The instant messaging protection system of claim 3, wherein the hardware cryptographic device derived keys are processed separately from the file:
for local file encryption, the system derives different keys according to different file types;
For small text data, deriving a hardware encryption key by a key management module, completing an encryption process in hardware, and then forwarding;
For medium and large message texts, the hardware cipher device can generate a software encryption key at the same time, in order to ensure the security of the software encryption key, the software encryption key is transmitted to the client after being encrypted asymmetrically, and the client obtains the software encryption key after decryption.
5. The instant messaging protection system of claim 4, further comprising a software and hardware combined encryption method comprising the steps of:
Firstly encrypting the format header of the file or the key frame of the video, and mainly encrypting the rest part by software, wherein an encryption soft algorithm is integrated in the hardware password equipment, at the moment, the software encryption and the hardware encryption are both carried out in the hardware password equipment, so that the independence of an encryption space is ensured.
6. The instant messaging protection system of claim 3, further comprising a method of instant messaging message forwarding, the steps comprising: if the first client or the second client needs to forward the message to the third client, the second client needs to exit the session window with the first client first, and establishes the session window with the third client;
The second client decrypts the second ciphertext sent by the first client by using the session key to obtain the first ciphertext, then decrypts the message content by using the software and hardware decryption key, and after the decryption is completed, a session window needs to be established with the third client again.
7. The instant messaging message protection system of claim 3, further comprising a method of burn after reading a message, comprising the steps of:
When the first client edits the message content, burn-after-reading time is given;
The first client transmits the message to the hardware password equipment, the hardware password equipment encrypts the message content, the message content returns to the first client after the encryption, and the first client packages the message receiver, the suffix destruct burnt after reading and the message content to complete the message forwarding to the server;
After receiving the message, the server searches the second client, judges whether the user of the second client is online, if so, directly forwards the message to the second client, and if not, sends a push message to the second client, and after logging in, the user of the second client receives an offline message.
8. The system of claim 7, wherein the second client checks the message suffix after receiving the message, identifies the burn-after-reading time after the message is checked, decrypts the message content by the hardware cryptographic device, sends the checked event to the first client after checking the message, and deletes the message content after the burn-after-reading time counts down.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111234494.6A CN114006736B (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111234494.6A CN114006736B (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114006736A CN114006736A (en) | 2022-02-01 |
| CN114006736B true CN114006736B (en) | 2024-08-27 |
Family
ID=79923795
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111234494.6A Active CN114006736B (en) | 2021-10-22 | 2021-10-22 | Instant communication message protection system and method based on hardware password equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006736B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001713B (en) * | 2022-06-10 | 2023-08-25 | 深圳市马博士网络科技有限公司 | Instant message encryption system based on commercial cryptographic algorithm in medical field |
| CN115189929B (en) * | 2022-06-27 | 2024-06-07 | 苏州华兴源创科技股份有限公司 | Authorization authentication method, device, computer equipment and storage medium |
| CN116319949B (en) * | 2022-12-19 | 2023-11-14 | 北京开科唯识技术股份有限公司 | Session migration method, session migration device, terminal equipment and storage medium |
| CN116596542A (en) * | 2023-05-24 | 2023-08-15 | 广东科谊网络技术有限公司 | Mobile secure payment method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040097717A (en) * | 2003-05-13 | 2004-11-18 | 펜타시큐리티시스템 주식회사 | Method and system for transporting session key |
| SI2011301T1 (en) * | 2006-04-10 | 2011-10-28 | Trust Integration Services B V | Arrangement of and method for secure data transmission. |
| US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
| CN108400867B (en) * | 2017-02-07 | 2021-03-05 | 中国科学院沈阳计算技术研究所有限公司 | Authentication method based on public key encryption system |
| CN111030814B (en) * | 2019-12-25 | 2023-04-25 | 杭州迪普科技股份有限公司 | Secret key negotiation method and device |
| CN111614637B (en) * | 2020-05-08 | 2022-03-15 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
| CN112637157A (en) * | 2020-12-14 | 2021-04-09 | 国网电动汽车服务有限公司 | Access method of credible battery replacement equipment |
| CN113472793B (en) * | 2021-07-01 | 2023-04-28 | 中易通科技股份有限公司 | Personal data protection system based on hardware password equipment |
-
2021
- 2021-10-22 CN CN202111234494.6A patent/CN114006736B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114006736A (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114006736B (en) | Instant communication message protection system and method based on hardware password equipment | |
| CN107888560B (en) | Mail safe transmission system and method for mobile intelligent terminal | |
| US8499156B2 (en) | Method for implementing encryption and transmission of information and system thereof | |
| US7542569B1 (en) | Security of data connections | |
| US9485096B2 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| CN103974255B (en) | A kind of vehicle access system and method | |
| CN106411926A (en) | Data encryption communication method and system | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN113452687B (en) | Method and system for encrypting sent mail based on quantum security key | |
| CN112564906A (en) | Block chain-based data security interaction method and system | |
| CN112020038A (en) | Domestic encryption terminal suitable for rail transit mobile application | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN113346995A (en) | Quantum security key-based method and system for preventing mail from being tampered in transmission process | |
| US20050141718A1 (en) | Method of transmitting and receiving message using encryption/decryption key | |
| JP2001177513A (en) | Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon | |
| CN114553441B (en) | Electronic contract signing method and system | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| CN112332986A (en) | Private encryption communication method and system based on authority control | |
| CN110740116A (en) | multi-application identity authentication system and method | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| JPH0969831A (en) | Cipher communication system | |
| CN111698203A (en) | Cloud data encryption method | |
| KR20060078768A (en) | System and method for key recovery using distributed registration of private key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |