CN114640526B - Commercial cipher algorithm-based web application data encryption technology implementation method and system - Google Patents

Commercial cipher algorithm-based web application data encryption technology implementation method and system Download PDF

Info

Publication number
CN114640526B
CN114640526B CN202210276945.0A CN202210276945A CN114640526B CN 114640526 B CN114640526 B CN 114640526B CN 202210276945 A CN202210276945 A CN 202210276945A CN 114640526 B CN114640526 B CN 114640526B
Authority
CN
China
Prior art keywords
key
password
user name
client
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210276945.0A
Other languages
Chinese (zh)
Other versions
CN114640526A (en
Inventor
张�浩
王彦集
闫亮
赵根
张旭
田云兵
周宏文
曾航
朱丹
陈坤
胡源
罗波
张好
郑翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Planning And Natural Resources Information Center
Original Assignee
Chongqing Planning And Natural Resources Information Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Planning And Natural Resources Information Center filed Critical Chongqing Planning And Natural Resources Information Center
Priority to CN202210276945.0A priority Critical patent/CN114640526B/en
Publication of CN114640526A publication Critical patent/CN114640526A/en
Application granted granted Critical
Publication of CN114640526B publication Critical patent/CN114640526B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a commercial cipher algorithm-based web application data encryption technology implementation method, which comprises the following steps: s1, a server side obtains an SM4 symmetric KEY SM4_ KEY, and a client side obtains a communication identification TK; s2, the client sends the encrypted user name, the encrypted password and the communication identification TK to a server; s3, according to the communication identifier TK, an SM4 symmetric KEY SM4_ KEY corresponding to the communication identifier TK is obtained from a cache server terminal redis; s4, the server decrypts the encrypted user name and the encrypted password by using the SM4 symmetric KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server; and S5, operating the data of the server by using the client. The invention can realize login safety and enhance the protection capability of the system.

Description

Commercial cipher algorithm-based web application data encryption technology implementation method and system
Technical Field
The invention relates to the technical field of cryptography, in particular to a commercial cryptographic algorithm-based web application data encryption technology implementation method.
Background
With the development of network technology, the internet has gone deep into the heart of vast network users, and the life, work and leisure of the vast network users are deeply influenced. Generally, if a network user wants to access a web page of a certain website, the network user needs to log in a server of the website first. Patent application No. 2020110346425, entitled "a method and system for hiding a Web security login password", discloses the following steps: s1: determining the positions of input boxes of a user name and a password in a login page of a preset browser; s2: adding a virtual component into a login interface according to the type of a preset browser and the position of an input box of a user name and a password; s3: scanning the cursor position of the current page, and setting the input boxes of the user name and the password to be in an inputtable state when the cursor is focused in the input boxes of the user name and the password; when the cursor disappears, setting the input boxes of the user name and the password into a forbidden state; s4: when the user finishes inputting the user name and the login password and the input box of the user name and the password is in a forbidden state, the virtual component starts a preset hiding mechanism to enable a preset browser to record the preset virtual password as the login password. The method and the device have the advantages that the hiding of the password is realized on the basis of not destroying the design of the browser, the virtual password can be exposed through the project with higher requirement on the security and confidentiality level, the real password is hidden, the learning cost is low, the operation is easy, and a guarantee is added for the security of the password.
Disclosure of Invention
The invention aims to at least solve the technical problems in the prior art, and particularly creatively provides a web application data encryption technology implementation method based on a commercial cryptographic algorithm.
In order to achieve the above object, the present invention provides a web application data encryption technology implementation method based on a commercial cryptographic algorithm, comprising the following steps:
s1, a server side obtains an SM4 symmetric KEY SM4_ KEY, and a client side obtains a communication identification TK;
s2, the client encrypts the acquired user name and password respectively by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted user name and an encrypted password; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
s3, after receiving the encrypted user name, the encrypted password and the communication identifier TK sent by the client, the server side obtains an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from a cache server side redis according to the communication identifier TK;
s4, the server decrypts the encrypted user name and the encrypted password by using the SM4 symmetric KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server;
and S5, operating the data of the server by using the client.
In a preferred embodiment of the present invention, step S2 includes the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
s23, carrying out a security algorithm on the mapping password to obtain the password; the computing method for obtaining the password by mapping the password comprises the following steps:
userpassword′=transmission fixed String(userpassword)XORtransmission fixed String(username),
wherein, username represents the user name;
the userpasssword represents a mapping password;
XOR represents an XOR operation;
transmission fixed String () represents a String encryption algorithm;
userpasswed' denotes a password.
In a preferred embodiment of the present invention, step S1 includes the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns the SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server, the client generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to perform SM2 encryption on the SM4 symmetric KEY SM4_ KEY to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY and simultaneously generates a communication identifier TK;
s16, establishing association between the communication identifier TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a cache server terminal redis; carrying out SM4 symmetric encryption on the communication identification TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identification ENTK, and returning the encrypted identification ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using the SM4 symmetric KEY SM4_ KEY to obtain the communication identification TK.
In a preferred embodiment of the present invention, the method for generating the communication identifier TK in step S15 includes the following steps:
s151, obtaining an SM2 public key SM2_ PUBKE corresponding to an SM2 private key SM2_ PRIKEY;
s152, obtaining an SM4 symmetric KEY SM4_ KEY obtained by decryption;
s153, connecting the SM2 public KEY SM2_ PUBKE in the step S151 with the SM4 symmetric KEY SM4_ KEY in the step S152 to obtain a character connection string, where the calculation method of the character connection string is:
C=A-B,
wherein, a represents the SM2 public key SM2_ PUBKE in step S151;
-representing a connector;
b represents the SM4 symmetric KEY SM4_ KEY in step S152;
c represents a character connection string;
s154, calculating a communication identifier TK according to the character connection string obtained in the step S153, wherein the calculation method of the communication identifier TK comprises the following steps:
C′=transmission fixed String(C),
wherein, the transmission fixed String () represents a String encryption algorithm, preferably using MD5 or SHA1;
c represents a character connection string;
c' represents a communication identifier TK.
In a preferred embodiment of the present invention, the method for determining whether the communication identifier TK obtained by decryption is correct in step S17 includes the following steps:
s171, obtaining an SM2 public key SM2_ PUBKE;
s172, obtaining an SM4 symmetric KEY SM4_ KEY;
s173, connecting the SM2 public KEY SM2_ PUBKE in the step S171 and the SM4 symmetric KEY SM4_ KEY in the step S172 to obtain a character judgment concatenated string, where the calculation method of the character judgment concatenated string is as follows:
C″=A′-B′,
wherein, a' represents the SM2 public key SM2_ PUBKE in step S171;
-representing a connector;
b' represents the SM4 symmetric KEY SM4_ KEY in step S172;
c' represents a character judgment connection string;
s174, calculating the judgment code according to the character judgment concatenation string obtained in step S173, wherein the judgment code is calculated by:
C″′=transmission fixed String(C″),
wherein, the transmission fixed String () represents a String encryption algorithm, preferably using MD5 or SHA1;
c' represents a character judgment connection string;
c' ″ denotes a judgment code;
s175, judging whether the code C 'is consistent with the communication identifier TKC':
if the judgment code C 'is consistent with the communication identification TKC', the communication identification TK obtained by decryption is correct;
if the judgment code C 'is inconsistent with the communication identification TKC', the communication identification TK obtained by decryption is wrong; returning to the step S11; the server side updates the SM2 public key SM2_ PUBKEY and the SM2 private key SM2_ PRIKEY pair.
In a preferred embodiment of the present invention, step S4 includes the following steps:
s41, the server side obtains a decryption user name and a decryption password;
s42, according to the decryption user name obtained in the step S41, a mapping table preset by the server side is utilized to reflect and obtain a server side search user name;
s43, according to the server-side search user name, whether a user name consistent with the server-side search user name is stored in the user name database is judged:
if the user name consistent with the user name searched by the server side is stored in the user name database, executing the next step;
if the user name consistent with the user name searched by the server side is not stored in the user name database, the user name is wrongly typed in the user name typing box;
s44, extracting a server-side password corresponding to the user name searched by the server side, and carrying out a security algorithm on the server-side password to obtain a verification password; the calculation method for obtaining the verification password by utilizing the server-side password comprises the following steps:
userpassword″′=transmission fixed String(userpassword″)XORtransmission fixed String(username′),
the username' represents that a server side searches a user name;
userpasssword' represents a server-side password;
XOR represents an exclusive OR operation;
transmission fixed String () represents a String encryption algorithm;
userpasssword' ″ denotes the authentication password;
s45, judging whether the verification password is consistent with the decryption password in the step S41:
if the verification password is consistent with the decryption password in the step S41, the verification is passed;
if the verification password is not identical to the decryption password in step S41, the key-in password entered in the password entry box is incorrect.
In a preferred embodiment of the present invention, the method further includes step S5, downloading data of the server side by using the client.
The invention also discloses a commercial cryptographic algorithm-based web application data encryption technology implementation system, which comprises a secret key communication acquisition module, an encryption sending module, a secret key acquisition module and a decryption passing module;
the data output end of the secret key communication acquisition module is connected with the data input end of the encryption sending module, the data output end of the encryption sending module is connected with the data input end of the secret key acquisition module, and the data output end of the secret key acquisition module is connected with the data input end of the decryption passing module;
the secret KEY communication acquisition module is used for the server side to acquire an SM4 symmetric secret KEY SM4_ KEY, and the client side to acquire a communication identifier TK;
the encryption sending module is used for the client to encrypt the acquired user name and the password respectively by using an SM4 symmetric secret KEY SM4_ KEY to obtain an encrypted user name and an encrypted password of the user name; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
the secret KEY acquisition module is used for acquiring an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from the cache server terminal redis according to the communication identifier TK after the server terminal receives the encrypted user name, the encrypted password and the communication identifier TK sent by the client terminal;
the decryption passing module is used for the server side to decrypt the encrypted user name and the encrypted password by using the SM4 symmetric secret KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server.
In a preferred embodiment of the present invention, the encryption transmission module comprises the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
s23, carrying out a security algorithm on the mapping password to obtain the password; the computing method for obtaining the password by mapping the password comprises the following steps:
userpassword′=transmission fixed String(userpassword)XORtransmission fixed String(username),
wherein username represents the user name;
the userpasssword represents a mapping password;
XOR represents an exclusive OR operation;
transmission fixed String () represents a String encryption algorithm;
userpasssword' denotes a password.
In a preferred embodiment of the present invention, the key communication obtaining module includes the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns the SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server side, the client side generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to encrypt the SM4 symmetric secret KEY SM4_ KEY in an SM2 mode to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY after decryption, and generates a communication identifier TK;
s16, establishing association between the communication identifier TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a cache server terminal redis; carrying out SM4 symmetric encryption on the communication identifier TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identifier ENTK, and returning the encrypted identifier ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using the SM4 symmetric KEY SM4_ KEY to obtain the communication identification TK.
In conclusion, by adopting the technical scheme, the invention can realize login safety and enhance the protection capability of the system.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic block diagram of the process of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
The invention provides a commercial cipher algorithm-based web application data encryption technology implementation method, as shown in figure 1, comprising the following steps:
s1, a server side obtains an SM4 symmetric KEY SM4_ KEY, and a client side obtains a communication identification TK;
s2, the client encrypts the acquired user name and password respectively by using an SM4 symmetric secret KEY SM4_ KEY to obtain an encrypted user name and an encrypted password of the user name; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
s3, after receiving the encrypted user name, the encrypted password and the communication identifier TK sent by the client, the server side acquires an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from the cache server side redis according to the communication identifier TK;
s4, the server decrypts the encrypted user name and the encrypted password by using the SM4 symmetric KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server;
and S5, operating the data of the server by using the client.
In a preferred embodiment of the present invention, step S2 includes the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
s23, carrying out a security algorithm on the mapping password to obtain the password; the computing method for obtaining the password by mapping the password comprises the following steps:
userpassword′=transmission fixed String(userpassword)XORtransmission fixed String(username),
wherein, username represents the user name;
the userpasssword represents a mapping password;
XOR represents an XOR operation;
transmission fixed String () represents a String encryption algorithm;
userpasssword' denotes a password.
In a preferred embodiment of the present invention, step S1 includes the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns the SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server, the client generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to encrypt the SM4 symmetric secret KEY SM4_ KEY in an SM2 mode to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY and simultaneously generates a communication identifier TK;
s16, establishing association between the communication identifier TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a cache server terminal redis; carrying out SM4 symmetric encryption on the communication identifier TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identifier ENTK, and returning the encrypted identifier ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using the SM4 symmetric KEY SM4_ KEY to obtain the communication identification TK. The SM4 symmetric KEY SM4_ KEY has timeliness, which may be one hour, one day, one month, etc., and updates the SM4 symmetric KEY SM4_ KEY after expiration, and for further security, the server may also update the SM2 public KEY SM2_ PUBKEY and SM2 private KEY SM2_ PRIKEY pair at the same time.
In a preferred embodiment of the present invention, the method for generating the communication identifier TK in step S15 includes the following steps:
s151, obtaining an SM2 public key SM2_ PUBKE corresponding to the SM2 private key SM2_ PRIKEY;
s152, obtaining an SM4 symmetric KEY SM4_ KEY obtained by decryption;
s153, connecting the SM2 public KEY SM2_ PUBKE in the step S151 with the SM4 symmetric KEY SM4_ KEY in the step S152 to obtain a character connection string, where a calculation method of the character connection string is:
C=A-B,
wherein, a represents the SM2 public key SM2_ PUBKE in step S151;
-representing a connector;
b represents the SM4 symmetric KEY SM4_ KEY in step S152;
c represents a character connection string;
s154, calculating a communication identification TK according to the character connection string obtained in the step S153, wherein the calculation method of the communication identification TK comprises the following steps:
C′=transmission fixed String(C),
wherein, the transmission fixed String () represents a String encryption algorithm, preferably using MD5 or SHA1;
c represents a character connection string;
c' represents a communication mark TK.
In a preferred embodiment of the present invention, the method for determining whether the communication identifier TK obtained by decryption is correct in step S17 includes the following steps:
s171, obtaining an SM2 public key SM2_ PUBKE;
s172, obtaining an SM4 symmetric KEY SM4_ KEY;
s173, connecting the SM2 public KEY SM2_ PUBKE in the step S171 and the SM4 symmetric KEY SM4_ KEY in the step S172 to obtain a character judgment concatenated string, where the calculation method of the character judgment concatenated string is as follows:
C″=A′-B′,
wherein, a' represents the SM2 public key SM2_ PUBKE in step S171;
-represents a connector;
b' represents the SM4 symmetric KEY SM4_ KEY in step S172;
c' represents a character judgment connection string;
s174, calculating a judgment code according to the character judgment concatenated string obtained in step S173, wherein the judgment code is calculated by:
C″′=transmission fixed String(C″),
wherein, the transmission fixed String () represents a String encryption algorithm, preferably using MD5 or SHA1;
c' represents a character judgment connection string;
c' ″ denotes a judgment code;
s175, judging whether the judgment code C 'is consistent with the communication identifier TKC':
if the judgment code C 'is consistent with the communication identifier TKC', the communication identifier TK obtained through decryption is correct;
if the judgment code C 'is inconsistent with the communication identification TKC', the communication identification TK obtained by decryption is wrong; returning to the step S11; the server side updates the SM2 public key SM2_ PUBKEY and the SM2 private key SM2_ PRIKEY pair.
In a preferred embodiment of the present invention, step S4 includes the following steps:
s41, the server side obtains a decryption user name and a decryption password;
s42, according to the decryption user name obtained in the step S41, utilizing a mapping table preset by the server side to reflect and obtain a search user name of the server side; the mapping table preset by the server side is consistent with the mapping table preset by the client side, one character of the mapping table uniquely corresponds to one character, and the original characters in the mapping table are as follows: eta 1 、η 2 、η 3 、……、η n N represents the total number of original characters, η 1 Representing the 1 st original character, η 2 Representing the 2 nd original character, η 3 Representing the 3 rd original character, η n Representing the nth original character, η 1 ≠η 2 ≠η 3 ≠……≠η n Mapping the character to η 1 ′、η 2 ′、η 3 ′、……、η n ′,η 1 ' denotes a mapping character corresponding to the 1 st original character,. Eta 2 ' represents a mapping character corresponding to the 2 nd original character, eta 3 ' represents a mapping character corresponding to the 3 rd original character, eta n ' represents a mapping character corresponding to the nth original character, eta 1 ′≠η 2 ′≠η 3 ′≠……≠η n ', and η 1 ≠η 1 ′,η 2 ≠η 2 ′,η 3 ≠η 3 ′,……,η n ≠η n ′;{η 123 ,……,η n }={η 1 ′,η 2 ′,η 3 ′,……,η n ' } can be as shown in the following table.
TABLE 1 correspondence of original characters to mapped characters
Original character 0 1 2 3 4 5 6 7 8 9 ……
Mapping characters @ # $ ^ & * ( ) ……
TABLE 2 correspondence between original characters and mapped characters
Original character 0 1 2 3 4 5 6 7 8 9 ……
Mapping characters 1 2 3 4 5 6 7 8 9 0 ……
TABLE 3 correspondence of original characters to mapped characters
Original character 0 1 2 3 4 5 6 7 8 9 ……
Mapping characters 1 2 3 7 5 4 9 8 6 0 ……
TABLE 4 correspondence of original characters to mapped characters
Original character 0 1 2 3 4 5 6 7 8 9 ……
Mapping characters 1 @ A a o E * c q ……
Tables 1-4 above do not list all the original characters, nor do they list the mapping characters corresponding to the original characters. Which is reverse mapped to the process of mapping characters to original characters.
S43, according to the server-side search user name, whether a user name consistent with the server-side search user name is stored in the user name database is judged:
if the user name consistent with the user name searched by the server side is stored in the user name database, executing the next step;
if the user name database does not store the user name consistent with the user name searched by the server side, the user name is wrongly typed in the user name typing box;
s44, extracting a server-side password corresponding to the user name searched by the server side, and carrying out a security algorithm on the server-side password to obtain a verification password; the calculation method for obtaining the verification password by utilizing the server-side password comprises the following steps:
userpassword″′=transmission fixed String(userpassword″)XORtransmission fixed String(username′),
the username' represents a server side to search a username;
the userpasssword' represents a server-side password;
XOR represents an XOR operation;
transmission fixed String () represents a String encryption algorithm;
userpasssword' ″ denotes the authentication password;
s45, judging whether the verification password is consistent with the decryption password in the step S41:
if the verification password is consistent with the decryption password in the step S41, the verification is passed;
if the verification password is not identical to the decryption password in step S41, the key-in password entered in the password entry box is incorrect.
During registration, the length of all the passwords input in the password input box is required to be more than 8 bits, and the upper case and the lower case and special symbols are forcibly included, so that the cracking difficulty is increased; the following steps are specifically executed:
firstly, a client acquires a registration key-in user name keyed in a registration user name keyed-in box and a registration key-in password keyed in a registration password keyed-in box;
secondly, mapping the acquired login user name and login password by using a mapping table preset by the client to obtain the login user name and the login password;
thirdly, the client encrypts the acquired registered user name and the acquired registered password respectively by using an SM4 symmetric KEY SM4_ KEY to obtain a registered encrypted user name and a registered encrypted password thereof; the client sends the registered encrypted user name, the registered encrypted password and the communication identification TK to the server;
fourthly, after receiving the registered encrypted user name, the registered encrypted password and the communication identifier TK sent by the client, the server side obtains an SM4 symmetric KEY SM4_ KEY corresponding to the communication identifier TK from the cache server side redis according to the communication identifier TK;
fifthly, the server decrypts the registered encrypted user name and the registered encrypted password by using the SM4 symmetric KEY SM4_ KEY in the fourth step to obtain the registered decrypted user name and the registered decrypted password (server-side password);
and sixthly, registering and decrypting the user name by using a mapping table preset by the server, reflecting and transmitting to obtain the server registration user name (the server searches for the user name), and establishing association between the server registration user name and the registration decryption password in the fifth step to form a user name password pair and store the user name password pair in a user name database.
Another way to register security: the first step, a client acquires a registration key-in user name which is keyed in a registration user name key-in box by a user;
secondly, mapping the obtained registered key-in user name by utilizing a mapping table preset by a client to obtain a registered user name;
thirdly, the client encrypts the acquired registered user name by using an SM4 symmetric KEY SM4_ KEY to obtain a registered encrypted user name; the client sends the registered encrypted user name and the communication identification TK to the server;
fourthly, after receiving the registered encrypted user name and the communication identifier TK sent by the client side, the server side acquires an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from a cache server side redis according to the communication identifier TK;
fifthly, the server decrypts the registered encrypted user name by using the SM4 symmetric KEY SM4_ KEY in the fourth step to obtain the registered decrypted user name;
sixthly, the registered decrypted user name is reflected by a mapping table preset by the server side to obtain a server side registered user name (the server side searches for the user name);
seventhly, judging whether the registered user name of the server exists in a user name database or not:
if the server side registered user name does not exist in the user name database, executing the next step;
if the server side registered user name exists in the user name database, prompting that the registered user name typed in the registered user name typing box exists, and asking for typing a new registered typing user name again;
eighthly, the server randomly generates a registration password, wherein the length of the registration password is required to be more than 8 bits, and the registration password forcibly comprises a case and a special symbol; mapping the registration password by using a mapping table preset by the server to obtain a mapping security password (server password), and establishing association between the server registration user name and the mapping security password in the step to form a user name password pair to be stored in a user name database;
step nine, encrypting the registration password by using an SM4 symmetric KEY SM4_ KEY to obtain a registration encryption password; sending the obtained registration encryption password to the client;
tenth, after receiving the registration encryption password sent by the server, the client decrypts the received registration encryption password by using the SM4 symmetric KEY SM4_ KEY to obtain a registration decryption password;
and step ten, reflecting the registered decryption password by using a mapping table preset by the client to obtain a safe registered password (registered key-in password), and displaying the safe registered password on the registered webpage. The user name is only required to be registered and typed in the registered user name typing box, and finally, the password (safe registration password) required during login is displayed on the client, so that the safety of the password is ensured, and the experience is enhanced.
In a preferred embodiment of the present invention, the method further includes step S5, downloading data of the server side by using the client.
In a preferred embodiment of the present invention, a method for downloading data from a server by a client comprises the following steps:
s51, the server side obtains the real estate registration storage service data to be downloaded, and the obtained real estate registration storage service data to be downloaded is used as a data file to be downloaded;
s52, compressing the data file to be downloaded to obtain a compressed data file to be downloaded, wherein the compression mode is one of zip, rar and 7z, the server side obtains file data information of the compressed data file to be downloaded according to the compressed data file to be downloaded, and the file data information comprises one or any combination of the size of the compressed data file to be downloaded, the name of the compressed data file to be downloaded and the hash value of the compressed data file to be downloaded;
s53, the server side sends the file data information to the client side, and after the client side receives the file data information sent by the server side, the client side inquires whether a consistent file exists at the client side by using the received file data information; the method for judging whether the received file data information exists in the client side is one of the following methods or any combination of the following methods:
inquiring: inquiring whether a file with the size consistent with that of a compressed data file to be downloaded exists at a client;
and querying: inquiring whether a file with the name consistent with that of a compressed data file to be downloaded exists at a client;
and (5) inquiring: inquiring whether a file consistent with the hash value of the compressed data file to be downloaded exists at the client;
if yes, the client sends a download stop control command to the server, and after the server receives the download stop command control command sent by the client, the server executes the next data file to be downloaded, and the step S51 is returned;
if not, the client sends a blocking start control command to the server, after the server receives the blocking start control command sent by the client, the server performs data blocking on the data file to be downloaded to obtain D blocks of block data, wherein D is a positive integer greater than or equal to 2 and is respectively the 1 st block data, the 2 nd block data, the 3 rd block data, … … and the D th block data, and the total number D of the blocks is sent to the client;
s54, the server side sends the current block data under the current hash value to the client side; if the information transmission is interrupted in the transmission process, returning to the step S54;
s55, the client receives the current block data and stores the current block data under the corresponding hash value, updates all the received block data under the current hash value stored in the client in real time, and counts and updates the number of the received block data; if the information updating interruption occurs, returning to the step S54;
s56, the client sends the number of the received block data to the server, and requests the server to judge whether the number of the downloaded block data is equal to the total number of the blocks:
if the number of the downloaded block data is equal to the total number of the blocks, executing the next step; if the information transmission is interrupted, returning to the step S54;
if the number of the downloaded block data is less than the total number of the blocks, the server updates the next block data to be downloaded to the current block data, and executes the step S54; if the information updating interruption occurs, directly executing step S54;
s57, the server finishes downloading and sends a message of finishing downloading to the client; and after receiving the message of completing downloading, the client combines all the received block data under the current hash value to obtain combined data, decompresses the combined data to obtain decompressed file data, and completes the downloading task at the moment. The downloading failure caused by the instability of the network or the refreshing or abnormal closing of the browser is prevented, the downloading is started from the beginning after the failure, the transmission efficiency is improved, and the user experience is enhanced.
The invention also discloses a commercial cryptographic algorithm-based web application data encryption technology implementation system, which comprises a secret key communication acquisition module, an encryption sending module, a secret key acquisition module and a decryption passing module;
the data output end of the secret key communication acquisition module is connected with the data input end of the encryption sending module, the data output end of the encryption sending module is connected with the data input end of the secret key acquisition module, and the data output end of the secret key acquisition module is connected with the data input end of the decryption passing module;
the secret KEY communication acquisition module is used for the server side to acquire an SM4 symmetric secret KEY SM4_ KEY, and the client side to acquire a communication identifier TK;
the encryption sending module is used for the client to encrypt the acquired user name and the password respectively by using an SM4 symmetric secret KEY SM4_ KEY to obtain an encrypted user name and an encrypted password of the user name; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
the secret KEY acquisition module is used for acquiring an SM4 symmetric secret KEY SM4_ KEY corresponding to a communication identifier TK from a cache server terminal redis according to the communication identifier TK after the server terminal receives the encrypted user name, the encrypted password and the communication identifier TK sent by the client terminal;
the decryption passing module is used for the server side to decrypt the encrypted user name and the encrypted password by using the SM4 symmetric KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server.
In a preferred embodiment of the present invention, the encryption transmission module comprises the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
s23, carrying out a security algorithm on the mapping password to obtain the password; the computing method for obtaining the password by mapping the password comprises the following steps:
userpassword′=transmission fixed String(userpassword)XORtransmission fixed String(username),
wherein username represents the user name;
the userpasssword represents a mapping password;
XOR represents an exclusive OR operation;
transmission fixed String () represents a String encryption algorithm;
userpasssword' denotes a password.
In a preferred embodiment of the present invention, the key communication acquiring module includes the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns the SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server, the client generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to perform SM2 encryption on the SM4 symmetric KEY SM4_ KEY to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY and simultaneously generates a communication identifier TK;
s16, establishing association between the communication identifier TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a cache server terminal redis; carrying out SM4 symmetric encryption on the communication identifier TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identifier ENTK, and returning the encrypted identifier ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using the SM4 symmetric KEY SM4_ KEY to obtain the communication identification TK.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

Claims (8)

1. A web application data encryption technology implementation method based on a commercial cryptographic algorithm is characterized by comprising the following steps:
s1, a server side obtains an SM4 symmetric KEY SM4_ KEY, and a client side obtains a communication identification TK; the method for obtaining the SM4 symmetric KEY SM4_ KEY by the server side and the communication identification TK by the client side comprises the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns an SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server, the client generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to encrypt the SM4 symmetric secret KEY SM4_ KEY in an SM2 mode to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY after decryption, and generates a communication identifier TK;
s16, establishing association between the communication identifier TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a cache server terminal redis; carrying out SM4 symmetric encryption on the communication identifier TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identifier ENTK, and returning the encrypted identifier ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using an SM4 symmetric KEY SM4_ KEY to obtain a communication identification TK;
s2, the client encrypts the acquired user name and password respectively by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted user name and an encrypted password; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
s3, after receiving the encrypted user name, the encrypted password and the communication identifier TK sent by the client, the server side obtains an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from a cache server side redis according to the communication identifier TK;
s4, the server decrypts the encrypted user name and the encrypted password by using the SM4 symmetric KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; and after the verification is passed, the client successfully logs in the server.
2. The method for implementing the web application data encryption technology based on the commercial cipher algorithm according to claim 1, wherein the step S2 comprises the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
and S23, carrying out a security algorithm on the mapping password to obtain the password.
3. The method for realizing the commercial cryptographic algorithm-based web application data encryption technology as claimed in claim 1, wherein the method for generating the communication identifier TK in step S15 comprises the following steps:
s151, obtaining an SM2 public key SM2_ PUBKE corresponding to the SM2 private key SM2_ PRIKEY;
s152, obtaining an SM4 symmetric KEY SM4_ KEY obtained by decryption;
s153, connecting the SM2 public KEY SM2_ PUBKE in the step S151 with the SM4 symmetric KEY SM4_ KEY in the step S152 to obtain a character connection string;
and S154, calculating the communication identification TK according to the character connection string obtained in the step S153.
4. The method for implementing the web application data encryption technology based on the commercial cryptographic algorithm as claimed in claim 1, wherein the method for determining whether the communication identifier TK decrypted in step S17 is correct comprises the steps of:
s171, obtaining an SM2 public key SM2_ PUBKE;
s172, obtaining an SM4 symmetric KEY SM4_ KEY;
s173, connecting the SM2 public KEY SM2_ PUBKE in step S171 with the SM4 symmetric KEY SM4_ KEY in step S172 to obtain a character judgment concatenated string;
s174, calculating the judgment code according to the character judgment connection string obtained in the step S173;
s175, judging whether the judgment code C' is consistent with the communication identification TK:
if the judgment code C' is consistent with the communication identification TK, the communication identification TK obtained by decryption is correct;
if the judgment code C' is inconsistent with the communication identification TK, the communication identification TK obtained by decryption is wrong; returning to the step S11; the server side updates the SM2 public key SM2_ PUBKEY and the SM2 private key SM2_ PRIKEY pair.
5. The commercial cipher algorithm-based web application data encryption technology implementation method of claim 1, wherein the step S4 comprises the following steps:
s41, the server side obtains a decryption user name and a decryption password;
s42, according to the decryption user name obtained in the step S41, utilizing a mapping table preset by the server side to reflect and obtain a search user name of the server side;
s43, according to whether the user name database searched by the server side stores the user name consistent with the user name searched by the server side:
if the user name database stores the user name consistent with the user name searched by the server side, executing the next step;
if the user name database does not store the user name consistent with the user name searched by the server side, the user name is wrongly typed in the user name typing box;
s44, extracting a server-side password corresponding to the user name searched by the server side, and carrying out a security algorithm on the server-side password to obtain a verification password;
s45, judging whether the verification password is consistent with the decryption password in the step S41:
if the verification password is consistent with the decryption password in the step S41, the verification is passed;
if the verification password is not identical to the decryption password in step S41, the key-in password entered in the password entry box is incorrect.
6. The method for implementing data encryption technology for web applications based on commercial cipher algorithm as claimed in claim 1, further comprising step S5, downloading data of server end by using client end.
7. A web application data encryption technology implementation system based on a commercial cryptographic algorithm is characterized by comprising a secret key communication acquisition module, an encryption sending module, a secret key acquisition module and a decryption passing module;
the data output end of the secret key communication acquisition module is connected with the data input end of the encryption sending module, the data output end of the encryption sending module is connected with the data input end of the secret key acquisition module, and the data output end of the secret key acquisition module is connected with the data input end of the decryption passing module;
the secret KEY communication acquisition module is used for the server side to acquire an SM4 symmetric secret KEY SM4_ KEY, and the client side to acquire a communication identifier TK; the method for obtaining the SM4 symmetric KEY SM4_ KEY by the server side and the communication identification TK by the client side comprises the following steps:
s11, the client sends a request for obtaining an SM2 public key to the server, and an SM2 public key SM2_ PUBKEY and an SM2 private key SM2_ PRIKEY pair are stored on the server;
s12, after receiving the SM2 public key request sent by the client, the server side returns the SM2 public key SM2_ PUBKEY to the client in a plaintext form;
s13, after receiving the SM2 public KEY SM2_ PUBKEY sent by the server side, the client side generates an SM4 symmetric secret KEY SM4_ KEY;
s14, using the SM2 public KEY SM2_ PUBKEY to encrypt the SM4 symmetric secret KEY SM4_ KEY in an SM2 mode to obtain a ciphertext ENSM4K, and sending the ciphertext ENSM4K to the server side;
s15, after receiving the ciphertext ENSM4K sent by the client, the server decrypts the received ciphertext ENSM4K by using an SM2 private KEY SM2_ PRIKEY to obtain an SM4 symmetric secret KEY SM4_ KEY and simultaneously generates a communication identifier TK;
s16, establishing association between the TK and the SM4 symmetric KEY SM4_ KEY to form a KV KEY value pair, and storing the KV KEY value pair in a redis of a cache server end; carrying out SM4 symmetric encryption on the communication identifier TK by using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted identifier ENTK, and returning the encrypted identifier ENTK to the client;
s17, the client side carries out SM4 symmetric decryption on the received encrypted identification ENTK by using an SM4 symmetric KEY SM4_ KEY to obtain a communication identification TK;
the encryption sending module is used for the client to encrypt the acquired user name and password by respectively using an SM4 symmetric KEY SM4_ KEY to obtain an encrypted user name and an encrypted password; the client sends the encrypted user name, the encrypted password and the communication identification TK to the server;
the secret KEY acquisition module is used for acquiring an SM4 symmetric secret KEY SM4_ KEY corresponding to the communication identifier TK from the cache server terminal redis according to the communication identifier TK after the server terminal receives the encrypted user name, the encrypted password and the communication identifier TK sent by the client terminal;
the decryption passing module is used for the server side to decrypt the encrypted user name and the encrypted password by using the SM4 symmetric secret KEY SM4_ KEY obtained in the step S3 to obtain a decrypted user name and a decrypted password; after the verification is passed, the client successfully logs in the server.
8. The commercial cipher algorithm-based web application data encryption technology implementation system of claim 7, wherein the encryption transmission module comprises the following steps:
s21, the client acquires a key-in user name and a key-in password which are respectively keyed in the user name key-in box and the password key-in box by the user;
s22, mapping the acquired key-in user name and key-in password by utilizing a mapping table preset by the client to obtain the user name and the mapping password;
and S23, carrying out a security algorithm on the mapping password to obtain the password.
CN202210276945.0A 2022-03-21 2022-03-21 Commercial cipher algorithm-based web application data encryption technology implementation method and system Active CN114640526B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210276945.0A CN114640526B (en) 2022-03-21 2022-03-21 Commercial cipher algorithm-based web application data encryption technology implementation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210276945.0A CN114640526B (en) 2022-03-21 2022-03-21 Commercial cipher algorithm-based web application data encryption technology implementation method and system

Publications (2)

Publication Number Publication Date
CN114640526A CN114640526A (en) 2022-06-17
CN114640526B true CN114640526B (en) 2023-01-24

Family

ID=81949414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210276945.0A Active CN114640526B (en) 2022-03-21 2022-03-21 Commercial cipher algorithm-based web application data encryption technology implementation method and system

Country Status (1)

Country Link
CN (1) CN114640526B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012144909A1 (en) * 2011-04-19 2012-10-26 Invenia As Method for secure storing of a data file via a computer communication network
CN103581105B (en) * 2012-07-18 2017-09-22 财付通支付科技有限公司 Login validation method and login authentication system
CN105721502B (en) * 2016-04-11 2019-02-01 上海上实龙创智慧能源科技股份有限公司 A kind of authorization access method for browser client and server
CN107483383B (en) * 2016-06-07 2021-10-15 腾讯科技(深圳)有限公司 Data processing method, terminal, background server and storage medium
CN113505355A (en) * 2021-06-22 2021-10-15 新华三大数据技术有限公司 Cloud desktop security access method and device

Also Published As

Publication number Publication date
CN114640526A (en) 2022-06-17

Similar Documents

Publication Publication Date Title
US6959394B1 (en) Splitting knowledge of a password
US6950523B1 (en) Secure storage of private keys
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
US20150363775A1 (en) Key protection method and system
JP2019512961A (en) Method and system for user authentication with improved security
JP2018098739A (en) Encryption data processing method, encryption data processing device and encryption data processing program
US20130315394A1 (en) Data encryption method, data verification method and electronic apparatus
CN110059458B (en) User password encryption authentication method, device and system
CN108509787B (en) Program authentication method
CN107920052B (en) Encryption method and intelligent device
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN115632880B (en) Reliable data transmission and storage method and system based on state cryptographic algorithm
JP7323004B2 (en) Data extraction system, data extraction method, registration device and program
CN109067517A (en) Encryption, the communication means for decrypting device, encryption and decryption method and secrete key
CN111639357B (en) Encryption network disk system and authentication method and device thereof
CN111526007A (en) Random number generation method and system
US8769301B2 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
CN109257381A (en) A kind of key management method, system and electronic equipment
CN103916372B (en) A kind of third party's log-on message trustship method and system
CN109412799B (en) System and method for generating local key
JP2002077135A (en) Encrypting method, decrypting method and their equipment
CN114640526B (en) Commercial cipher algorithm-based web application data encryption technology implementation method and system
CN114650285B (en) Method for multi-dimensional full-factor monitoring of real estate registration business
CN113965327B (en) Key grouping method and key grouping management system of hardware password equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant