CN115134177B

CN115134177B - Networking encryption communication method and device, server equipment and terminal equipment

Info

Publication number: CN115134177B
Application number: CN202211068320.1A
Authority: CN
Inventors: 史成亮; 李帅; 吕鹏; 何小勇; 刘明朗; 郭万鹏; 李世皎
Original assignee: State Grid Ruijia Tianjin Intelligent Robot Co ltd
Current assignee: State Grid Ruijia Tianjin Intelligent Robot Co ltd
Priority date: 2022-09-02
Filing date: 2022-09-02
Publication date: 2022-11-18
Anticipated expiration: 2042-09-02
Also published as: CN115134177A

Abstract

The application provides a networking encryption communication method and device, server-side equipment and terminal equipment, and relates to the technical field of internet. According to the method and the device, the server-side equipment obtains a networking encryption verification request generated by the terminal equipment based on the terminal networking time, first data in a data pool and a target verification code in a verification code pool, and generates a corresponding key base number according to second data in the data pool and the terminal networking time and feeds the key base number back to the terminal equipment when the networking encryption verification request is successfully verified by using the data pool and the verification code pool which have the same configuration with the terminal equipment, and the terminal equipment feeds index information of third data randomly selected from the data pool back to the server-side equipment, so that the server-side equipment analyzes the third data by using the data pool and calculates a first key by matching with the key base number to carry out encryption communication with the terminal equipment, and therefore the privacy of key construction in the network communication process is effectively enhanced, the key cracking risk is reduced, and the security condition of network communication is improved.

Description

Networking encryption communication method and device, server equipment and terminal equipment

Technical Field

The present application relates to the field of internet technologies, and in particular, to a networking encryption communication method and apparatus, a server device, and a terminal device.

Background

With the continuous development of scientific technology and the development of internet technology becoming more mature, people have higher and higher requirements on network communication security, so that network communication between terminal equipment (for example, a smart phone, a tablet computer, and the like) and server-side equipment generally needs to perform data encryption by using an encryption algorithm to effectively maintain the security of networking communication. However, it is worth noting that the secret key construction privacy of the existing network encryption communication scheme is not strong, the risk of secret key cracking is high, and the overall network communication security condition needs to be improved.

Disclosure of Invention

In view of this, an object of the present application is to provide a networking encryption communication method and apparatus, a server device, a terminal device, and a readable storage medium, which can effectively enhance the privacy of key construction in the network communication process, and reduce the risk of key decryption, thereby improving the network communication security performance and improving the network communication security status.

In order to achieve the above object, the embodiments of the present application adopt the following technical solutions:

in a first aspect, the present application provides a networking encryption communication method, applied to a server device that establishes communication with a terminal device, where the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, where the encryption communication method includes:

acquiring a networking encryption verification request from the terminal equipment, wherein the networking encryption verification request is generated based on the terminal networking time of the terminal equipment, first data in the data pool and a target verification code in the verification code pool;

requesting encryption verification to the networking encryption verification request according to the data pool and the verification code pool, and generating a corresponding key base number according to second data in the data pool and the terminal networking time when the verification is successful;

generating a corresponding networking encryption response message according to the key base number, and sending the networking encryption response message to the terminal equipment;

acquiring a key communication request fed back by the terminal equipment, wherein the key communication request is generated by the terminal equipment based on the key base number and index information of randomly selected third data in the data pool;

analyzing the key communication request according to the data pool and the key base number to obtain third data, and calculating according to the key base number and the third data to obtain a corresponding first key;

and sending an encrypted communication confirmation message encrypted by the first key to the terminal equipment, so that the terminal equipment performs encrypted communication with the server equipment according to the first key.

In an optional embodiment, the encrypted communication further comprises:

replacing key forming time parameters at preset time intervals, wherein the key forming time parameters of each replacement are different;

selecting fourth data from the data pool, and generating a corresponding key base number to be replaced according to the fourth data and the key forming time parameter;

generating a corresponding key replacement request according to the key base number to be replaced, and sending the key replacement request to the terminal equipment;

acquiring a replacement response message fed back by the terminal equipment, wherein the replacement response message is generated by the terminal equipment based on the base number of the key to be replaced and index information of randomly selected fifth data in the data pool;

analyzing the replacement response message according to the data pool and the base number of the key to be replaced to obtain fifth data, and calculating according to the base number of the key to be replaced and the fifth data to obtain a corresponding target key;

and sending a key replacement confirmation message encrypted by the target key to the terminal equipment, so that the terminal equipment performs encrypted communication with the server equipment according to the replaced target key.

In a second aspect, the present application provides a networking encryption communication method, applied to a terminal device that establishes communication with a server device, where the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, where the encryption communication method includes:

generating a corresponding networking encryption verification request according to the current terminal networking time, the first data in the data pool and the target verification code in the verification code pool, and sending the networking encryption verification request to the server-side equipment for requesting encryption verification;

acquiring a networking encryption response message fed back by the server equipment when the networking encryption verification request is successfully verified;

analyzing the networking encryption response message to obtain a key base number, and calculating a corresponding key to be confirmed according to the key base number and third data randomly selected from the data pool;

generating a corresponding key communication request according to the key base number and the index information of the third data, and sending the key communication request to the server-side equipment;

acquiring an encrypted communication confirmation message which is fed back by the server-side equipment and encrypted by a first secret key, wherein the first secret key is generated by the server-side equipment based on the secret key base number and the third data;

and decrypting the encrypted communication confirmation message according to the key to be confirmed, and carrying out encrypted communication with the server equipment according to the first key when the decryption is successful.

In an optional embodiment, the encrypted communication method further includes:

acquiring a key replacement request sent by the server equipment according to a preset time interval;

analyzing the key change request to obtain a key base number to be changed, and calculating a corresponding target change key according to the key base number to be changed and fifth data randomly selected from the data pool;

generating a corresponding replacement response message according to the base number of the key to be replaced and the index information of the fifth data, and feeding back the replacement response message to the server-side equipment;

acquiring a key replacement confirmation message which is fed back by the server-side equipment and encrypted by a target key, wherein the target key is generated by the server-side equipment based on the base number of the key to be replaced and the fifth data;

and decrypting the key replacement confirmation message according to the target replacement key, and carrying out encryption communication with the server equipment according to the target key when the decryption is successful.

In a third aspect, the present application provides a networking encryption communication method, applied to a terminal device and a server device that establish communication, where the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores multiple pieces of encryption source data, and the verification code pool stores multiple pieces of networking verification codes, where the encryption communication method includes:

the terminal equipment generates a corresponding networking encryption verification request according to the current terminal networking time, first data in the data pool and a target verification code in the verification code pool, and sends the networking encryption verification request to the server equipment;

the server-side equipment carries out encryption verification request on the networking encryption verification request according to the data pool and the verification code pool, and generates a corresponding key base number according to second data in the data pool and the terminal networking time when the verification is successful;

the server-side equipment generates a corresponding networking encryption response message according to the key base number and sends the networking encryption response message to the terminal equipment;

the terminal equipment analyzes the networking encryption response message to obtain a key base number, and calculates a corresponding key to be confirmed according to the key base number and third data randomly selected from the data pool;

the terminal equipment generates a corresponding key communication request according to the key base number and the index information of the third data, and sends the key communication request to the server-side equipment;

the server-side equipment analyzes the key communication request according to the data pool and the key base number to obtain the third data, and calculates according to the key base number and the third data to obtain a corresponding first key;

the server side equipment sends an encrypted communication confirmation message encrypted by the first secret key to the terminal equipment;

and the terminal equipment decrypts the encrypted communication confirmation message according to the key to be confirmed and performs encrypted communication with the server equipment according to the first key when the decryption is successful.

In an optional embodiment, the encrypted communication method further comprises:

the server-side equipment changes the key forming time parameters at preset time intervals, wherein the key forming time parameters changed each time are different from each other;

the server-side equipment selects fourth data from the data pool and generates a corresponding key base number to be replaced according to the fourth data and the key forming time parameter;

the server side equipment generates a corresponding key replacement request according to the key base number to be replaced and sends the key replacement request to the terminal equipment;

the terminal equipment analyzes the key change request to obtain a key base number to be changed, and calculates a corresponding target change key according to the key base number to be changed and fifth data randomly selected from the data pool;

the terminal equipment generates a corresponding replacement response message according to the base number of the key to be replaced and the index information of the fifth data, and feeds the replacement response message back to the server equipment;

the server-side equipment analyzes the replacement response message according to the data pool and the key base number to be replaced to obtain fifth data, and calculates a corresponding target key according to the key base number to be replaced and the fifth data;

the server side equipment sends a key exchange confirmation message encrypted by the target key to the terminal equipment;

and the terminal equipment decrypts the key replacement confirmation message according to the target replacement key and carries out encryption communication with the server equipment according to the target replacement key when decryption is successful.

In a fourth aspect, the present application provides a networking encryption communication apparatus, applied to a server device that establishes communication with a terminal device, where the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores a plurality of encryption source data, the verification code pool stores a plurality of networking verification codes, and the encryption communication apparatus includes:

a networking request acquisition module, configured to acquire a networking encryption check request from the terminal device, where the networking encryption check request is generated based on a terminal networking time of the terminal device, first data in the data pool, and a target verification code in the verification code pool;

the key base number calculation module is used for carrying out encryption verification on the networking encryption verification request according to the data pool and the verification code pool and generating a corresponding key base number according to second data in the data pool and the terminal networking time when the verification is successful;

the encryption response sending module is used for generating a corresponding networking encryption response message according to the key base number and sending the networking encryption response message to the terminal equipment;

a communication request obtaining module, configured to obtain a key communication request fed back by the terminal device, where the key communication request is generated by the terminal device based on the key base and index information of third data randomly selected in the data pool;

the first key calculation module is used for analyzing the key communication request according to the data pool and the key base number to obtain the third data, and calculating a corresponding first key according to the key base number and the third data;

and the encrypted communication confirmation module is used for sending an encrypted communication confirmation message encrypted by the first key to the terminal equipment so that the terminal equipment performs encrypted communication with the server equipment according to the first key.

In an optional embodiment, the encryption communication apparatus further comprises:

the time parameter replacing module is used for replacing the key forming time parameters at preset time intervals, wherein the key forming time parameters replaced each time are different;

the key base number calculation module is also used for selecting fourth data from the data pool and generating a corresponding key base number to be replaced according to the fourth data and the key forming time parameter;

the key replacement feedback module is used for generating a corresponding key replacement request according to the key base number to be replaced and sending the key replacement request to the terminal equipment;

the change response acquiring module is used for acquiring a change response message fed back by the terminal equipment, wherein the change response message is generated by the terminal equipment based on the base number of the key to be changed and index information of randomly selected fifth data in the data pool;

the target key calculation module is used for analyzing the change response message according to the data pool and the key base number to be changed to obtain the fifth data, and calculating a corresponding target key according to the key base number to be changed and the fifth data;

and the key replacement confirmation module is used for sending a key replacement confirmation message encrypted by the target key to the terminal equipment, so that the terminal equipment performs encrypted communication with the server equipment according to the replaced target key.

In a fifth aspect, the present application provides a networking encryption communication apparatus, applied to a terminal device that establishes communication with a server device, where the terminal device and the server device have a data pool and a verification code pool that have the same configuration, the data pool stores multiple pieces of encryption source data, and the verification code pool stores multiple pieces of networking verification codes, where the encryption communication apparatus includes:

the networking request sending module is used for generating a corresponding networking encryption verification request according to the current terminal networking time, the first data in the data pool and the target verification code in the verification code pool, and sending the networking encryption verification request to the server equipment for requesting encryption verification;

the encryption response acquisition module is used for acquiring a networking encryption response message fed back by the server equipment when the networking encryption verification request is successfully verified;

the key analysis generation module is used for analyzing the networking encryption response message to obtain a key base number and calculating a corresponding key to be confirmed according to the key base number and third data randomly selected from the data pool;

the communication request sending module is used for generating a corresponding key communication request according to the key base number and the index information of the third data and sending the key communication request to the server-side equipment;

the encryption confirmation acquisition module is used for acquiring an encrypted communication confirmation message which is fed back by the server-side equipment and encrypted by a first key, wherein the first key is generated by the server-side equipment based on the key base and the third data;

and the message decryption communication module is used for decrypting the encrypted communication confirmation message according to the key to be confirmed and carrying out encrypted communication with the server equipment according to the first key when the decryption is successful.

In an optional embodiment, the encrypted communication apparatus further comprises:

the server side equipment is used for sending a key replacing request to the server side equipment according to a preset time interval;

the key replacement calculation module is used for analyzing the key replacement request to obtain a key base number to be replaced and calculating a corresponding target replacement key according to the key base number to be replaced and fifth data randomly selected from the data pool;

the replacement response feedback module is used for generating a corresponding replacement response message according to the base number of the key to be replaced and the index information of the fifth data and feeding the replacement response message back to the server-side equipment;

the change confirmation acquisition module is used for acquiring a key change confirmation message which is fed back by the server-side equipment and encrypted by a target key, wherein the target key is generated by the server-side equipment based on the base number of the key to be changed and the fifth data;

and the message decryption communication module is further configured to decrypt the key exchange confirmation message according to the target exchange key, and perform encryption communication with the server device according to the target key when decryption is successful.

In a sixth aspect, the present application provides a server device, which includes a processor and a memory, where the memory stores a computer program that can be executed by the processor, and the processor can execute the computer program to implement the networking encryption communication method described in the foregoing embodiment.

In a seventh aspect, the present application provides a terminal device, which includes a processor and a memory, where the memory stores a computer program that can be executed by the processor, and the processor can execute the computer program to implement the networking encryption communication method described in the foregoing embodiment.

In an eighth aspect, the present application provides a readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the networking encryption communication method described in any one of the foregoing embodiments.

In this case, the beneficial effects of the embodiments of the present application include the following:

the method comprises the steps that a server side device obtains a networking encryption verification request generated by the terminal device based on terminal networking time, first data in a data pool and a target verification code in a verification code pool, the networking encryption verification request is subjected to encryption verification through the data pool and the verification code pool which have the same configuration with the terminal device, then a corresponding key base is generated and fed back to the terminal device according to second data in the data pool and terminal networking time when verification is successful, the terminal device generates a corresponding key communication request and feeds back to the server side device according to the key base and index information of randomly selected third data in the data pool, the server side device analyzes the third data at the position where the key base is combined with the key communication request, a corresponding first key is obtained through calculation according to the key base and the third data, finally, an encryption communication confirmation message encrypted by the first key is sent to the terminal device, the terminal device conducts encryption communication with the server side device according to the first key, and the server side device and the terminal device establish a key in a mutual negotiation mode in a key generation process, and accordingly the security of established key communication parameters can be improved, and the security of a network can be improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below.

Fig. 1 is a schematic diagram of communication interaction between a terminal device and a server device according to an embodiment of the present application;

fig. 2 is a schematic composition diagram of a server device according to an embodiment of the present application;

fig. 3 is a schematic composition diagram of a terminal device according to an embodiment of the present application;

fig. 4 is a flowchart illustrating a first method for network encryption communication according to an embodiment of the present application;

fig. 5 is a second flowchart of a first method for network encryption communication according to an embodiment of the present application;

fig. 6 is a flowchart illustrating a second method for network encryption communication according to an embodiment of the present application;

fig. 7 is a second flowchart of a second method for network encryption communication according to an embodiment of the present application;

fig. 8 is a flowchart illustrating a third method for network encryption communication according to an embodiment of the present application;

fig. 9 is a second flowchart of a third method for network encryption communication according to an embodiment of the present application;

fig. 10 is a schematic composition diagram of a first network encryption communication device according to an embodiment of the present application;

fig. 11 is a second schematic diagram illustrating a first network encryption communication apparatus according to an embodiment of the present application;

fig. 12 is a schematic diagram of a second networking encryption communication device according to an embodiment of the present application;

fig. 13 is a second schematic diagram illustrating a second network-connected encrypted communication device according to an embodiment of the present application.

Icon: 10-a server device; 20-a terminal device; 11-a first memory; 12-a first processor; 13-a first communication unit; 100-a first connected encrypted communications device; 21-a second memory; 22-a second processor; 23-a second communication unit; 200-a second networked encrypted communications device; 110-networking request acquisition module; 120-a key base calculation module; 130-encrypted response sending module; 140-communication request acquisition module; 150-a first key calculation module; 160-encrypted communication confirmation module; 170-time parameter replacement module; 180-key exchange feedback module; 190-replacing the response obtaining module; 1110 — target key calculation module; 1120-rekeying validation module; 210-a networking request sending module; 220-encrypted response obtaining module; 230-key parsing and generating module; 240-a communication request sending module; 250-an encryption confirmation acquisition module; 260-message decryption communication module; 270-a replacement request acquisition module; 280-a rekey calculation module; 290-replacement response feedback module; 2110-replace acknowledge acquisition module.

Detailed Description

The applicant finds out through diligent research that the key encryption modes of the existing network encryption communication scheme can be generally divided into three categories: symmetric encryption, asymmetric encryption, and one-way encryption.

The symmetric encryption is an encryption mode originally adopted for encrypting communication transmission, namely the encryption and decryption both use the same key, and single-key encryption is adopted during encryption. In the communication process, a data sending party divides original data into blocks with fixed size, and sends the blocks to a receiving party after the blocks are encrypted one by one through a secret key and an encryption algorithm. And after receiving the encrypted message, the receiver decrypts the combination by using the same key in combination with a decryption algorithm to obtain the original data. Its disadvantages are poor security and expansibility. Since the encryption and decryption algorithms are public, secure transfer of the keys becomes a critical issue in this process. And the key is usually transferred to the other party in a physical way through negotiation between the two parties, or transferred to the other party by using a third-party platform, once the key is leaked in the process, a person who is not good will can intercept and decrypt the content of the encrypted transmission by combining a corresponding algorithm. Each pair of communication users need to negotiate a key, and a community of n users needs to negotiate n x (n-1)/2 different keys, which is inconvenient to manage; if the same key is used, the probability of the key being compromised is greatly increased and the encryption is meaningless.

The asymmetric encryption adopts two different passwords of a public key and a private key for encryption and decryption. The public key and the private key exist in pairs, the public key is extracted from the private key to generate a public key for all, if the public key is used to encrypt data, only the corresponding private key (which cannot be disclosed) can be decrypted, and vice versa. N users communicate, requiring 2N keys. The disadvantages of this method are the complexity of the algorithm and the lack of validity of the public key source. The disadvantage of asymmetric key encryption is that the algorithm is very complex, resulting in a long time for encrypting a large amount of data, which is only suitable for encrypting a small amount of data. And because more additional information is added in the encryption process, the encrypted message is longer, data fragmentation is easily caused, network transmission is not facilitated, and the source validity of the public key and the integrity of the data cannot be confirmed.

The one-way encryption algorithm can only be used for encrypting data, cannot be decrypted, and is characterized by fixed-length output and avalanche effect (a small number of message bit changes can cause a plurality of bit changes of an information summary).

Therefore, the key encryption mode of the existing network encryption communication scheme obviously has the problems of low secret key construction privacy, high key cracking risk and the problem that the overall network communication security condition needs to be improved. Therefore, by providing a networking encryption communication method and apparatus, a server device, a terminal device, and a readable storage medium, embodiments of the present application effectively enhance the privacy of key construction in the network communication process, and reduce the risk of key cracking, thereby improving the network communication security performance and improving the network communication security status.

Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments and features of the embodiments described below can be combined with each other without conflict.

Referring to fig. 1, fig. 1 is a schematic view of communication interaction between a terminal device 20 and a server device 10 according to an embodiment of the present application. In this embodiment, after establishing communication with the server device 10, the terminal device 20 may utilize a data pool and a verification code pool having the same configuration as that of the server device 10 to respectively provide parameter contents required for key construction in a mutual authentication type negotiation with the server device 10 in a key generation process, so as to ensure that a finally constructed key can effectively enhance key construction privacy in a network communication process, reduce key cracking risk, thereby improving network communication security performance and improving network communication security. Wherein, the terminal device 20 may be, but is not limited to, a smart phone, a personal computer, a tablet computer, etc.; the server device 10 may be, but is not limited to, a server, a personal computer, or the like.

The data pool stores a plurality of encrypted source data, wherein the encrypted source data are used for representing parameter contents of a configurable key, and each encrypted source data individually corresponds to index position information in the data pool; the verification code pool stores a plurality of networking verification codes, the networking verification codes are used for representing verification code data which can be used when the terminal device 20 and the server device 10 perform networking communication verification, and each networking verification code individually corresponds to index position information in the verification code pool. In one embodiment of this embodiment, the data pool may be represented in the form of a parenthesis recording all encrypted source data and commas separating two adjacent encrypted source data, for example {233, 13, 35, 45, 79, 245, 146, 218, 59, 28, 139, 201, 93, 83, 69, 83}; the pool of verification codes may also be represented in the form of braces that record all networked verification codes and commas that separate two adjacent networked verification codes, e.g., {10, 20, 30, 29, 28, 49}.

Referring to fig. 2, fig. 2 is a schematic diagram illustrating a server device 10 according to an embodiment of the present disclosure. In the embodiment of the present application, the server device 10 may include a first memory 11, a first processor 12, a first communication unit 13, and a first network encryption communication apparatus 100. Wherein, the elements of the first memory 11, the first processor 12 and the first communication unit 13 are electrically connected to each other directly or indirectly to realize the transmission or interaction of data. For example, the components of the first memory 11, the first processor 12 and the first communication unit 13 may be electrically connected to each other through one or more communication buses or signal lines.

In this embodiment, the first Memory 11 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The first memory 11 is used for storing a computer program, and the first processor 12 can execute the computer program after receiving an execution instruction.

The first memory 11 is further configured to have a data pool and an authentication code pool with the same configuration as the terminal device 20, where the data pool at the terminal device 20 is consistent with the data pool at the server device 10, and the authentication code pool at the terminal device 20 is consistent with the authentication code pool at the server device 10.

In this embodiment, the first processor 12 may be an integrated circuit chip having signal processing capabilities. The first Processor 12 may be a general-purpose Processor including at least one of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a Network Processor (NP), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, and a discrete hardware component. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that implements or performs the methods, steps and logic blocks disclosed in the embodiments of the present application.

In this embodiment, the first communication unit 13 is configured to establish a communication connection between the server device 10 and another electronic device through a network, and transmit and receive data through the network, where the network includes a wired communication network and a wireless communication network.

In this embodiment, the first network encryption communication apparatus 100 may include at least one software functional module that can be stored in the first memory 11 in the form of software or firmware or solidified in the operating system of the server device 10. The first processor 12 may be used to execute executable modules stored in the first memory 11, such as software functional modules and computer programs included in the first network encryption communication device 100. The server device 10 may utilize the data pool and the verification code pool configured in the same way in cooperation with the terminal device 20 through the first network encryption communication apparatus 100, and provide parameter contents required for key construction separately in a mutual verification type negotiation with the terminal device 20 in a key generation process, so as to ensure that a finally constructed key can effectively enhance the key construction privacy in a network communication process, reduce the risk of key cracking, thereby improving the network communication security performance, and improving the network communication security status.

It is understood that the block diagram shown in fig. 2 is only one constituent schematic diagram of the server device 10, and the server device 10 may further include more or fewer components than those shown in fig. 2, or have a different configuration from that shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.

Referring to fig. 3, fig. 3 is a schematic diagram illustrating a terminal device 20 according to an embodiment of the present disclosure. In the embodiment of the present application, the terminal device 20 may include a second memory 21, a second processor 22, a second communication unit 23, and a second networking encryption communication apparatus 200. Wherein, the elements of the second memory 21, the second processor 22 and the second communication unit 23 are electrically connected to each other directly or indirectly, so as to realize data transmission or interaction. For example, the components of the second memory 21, the second processor 22 and the second communication unit 23 may be electrically connected to each other through one or more communication buses or signal lines.

In this embodiment, the second Memory 21 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. Wherein the second memory 21 is used for storing a computer program, and the second processor 22 can execute the computer program after receiving the execution instruction.

The second memory 21 is further configured to have a data pool and an authentication code pool with the same configuration as the server device 10, the data pool at the terminal device 20 is consistent with the data pool at the server device 10, and the authentication code pool at the terminal device 20 is consistent with the authentication code pool at the server device 10.

In this embodiment, the second processor 22 may be an integrated circuit chip having signal processing capability. The second Processor 22 may be a general-purpose Processor including at least one of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a Network Processor (NP), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, and a discrete hardware component. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that implements or executes the methods, steps and logic blocks disclosed in the embodiments of the present application.

In this embodiment, the second communication unit 23 is configured to establish a communication connection between the terminal device 20 and another device apparatus through a network, and to send and receive data through the network, where the network includes a wired communication network and a wireless communication network.

In this embodiment, the second networking encryption communication apparatus 200 may include at least one software functional module that can be stored in the second memory 21 in the form of software or firmware or be solidified in the operating system of the terminal device 20. The second processor 22 may be used to execute executable modules stored in the second memory 21, such as software functional modules and computer programs included in the second networking encryption communication device 200. The terminal device 20 may utilize the data pool and the verification code pool configured in the same manner through the second networking encryption communication apparatus 200 in cooperation with the server device 10, and respectively provide parameter contents required for key construction in a mutually authenticated negotiation manner with the server device 10 during a key generation process, so as to ensure that a finally constructed key can effectively enhance the key construction privacy during a network communication process, reduce the risk of key cracking, thereby improving the network communication security performance and improving the network communication security status.

It is understood that the block diagram shown in fig. 3 is only one constituent schematic diagram of the terminal device 20, and the terminal device 20 may further include more or fewer components than those shown in fig. 3, or have a different configuration than that shown in fig. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof.

In the present application, in order to ensure that the terminal device 20 and the server device 10 establishing communication can cooperate with each other to effectively enhance the secret key construction privacy in the network communication process, and reduce the risk of key cracking, thereby improving the network communication security performance and improving the network communication security status, embodiments of the present application provide a networking encryption communication method applied to the terminal device 20 and the server device 10 establishing communication, to achieve the foregoing object. The following describes the networking encryption communication method provided by the present application in detail.

Referring to fig. 4, fig. 4 is a flowchart illustrating a first networking encryption communication method according to an embodiment of the present application. In the embodiment of the present application, the first networking encryption communication method is applied to the terminal device 20 and the server device 10 for establishing communication, and may include steps S310 to S380.

And step S310, the terminal equipment generates a corresponding networking encryption verification request according to the current terminal networking time, the first data in the data pool and the target verification code in the verification code pool, and sends the networking encryption verification request to the server equipment.

In this embodiment, the terminal device 20 may select first data from a data pool stored by the terminal device 20 after establishing communication with the server device 10, select a target verification code from the verification code pool, perform data processing on the terminal networking time, the first data, and the target verification code by using a first pre-stored data processing policy, generate corresponding networking encryption check information, generate a networking encryption check request including the networking encryption check information and the terminal networking time, and then send the networking encryption check request to the server device 10 for requesting encryption verification.

The first pre-stored data processing policy may be to perform a feature fusion operation after data features are respectively extracted from the terminal networking time, the first data, and the target verification code, so as to obtain the networking encryption verification information.

The first pre-stored data processing policy may also be that the first data and the terminal networking time are directly subjected to xor calculation to obtain first data to be processed, then the first data to be processed and the target verification code are subjected to xor calculation to obtain second data to be processed, then check code information between the first data to be processed and the second data to be processed is calculated, and thus the first data to be processed, the second data to be processed and the check code information are subjected to data splicing to obtain the networking encryption check information, so that the data calculation amount of the terminal device 20 is effectively reduced, and the key construction time is reduced.

It can be understood that the first data may be a certain encrypted source data in the data pool, or may be several encrypted source data in the data pool; the first data may be specific encrypted source data (for example, the first six encrypted source data of the data pool) that is negotiated by the terminal device 20 and the server device 10 in advance; the first data may also be encrypted source data randomly selected from the data pool by the terminal device 20, and at this time, the networking encryption verification request is to correspondingly record index information of the first data in the data pool, so that the server device 10 performs subsequent encryption verification request operation; the target verification code may be a specific verification code (for example, the last verification code in a verification code pool) pre-negotiated by the terminal device 20 and the server device 10; the target verification code may also be a verification code randomly selected from the verification code pool by the terminal device 20, and at this time, the networking encryption verification request is to correspondingly record index information of the target verification code in the verification code pool, so that the server device 10 executes subsequent request encryption verification operations.

In an implementation manner of this embodiment, after the terminal device 20 constructs the networking encryption verification information, additional random data may be added before or after the networking encryption verification information, so that the data regularity of the networking encryption verification information in the data presentation form in the networking encryption verification request is further reduced.

And step S320, the server-side equipment carries out encryption verification request on the networking encryption verification request according to the data pool and the verification code pool, and generates a corresponding key base number according to the second data in the data pool and the terminal networking time when the verification is successful.

In this embodiment, after receiving the networking encryption check request, the server device 10 may extract, based on various information shown in the networking encryption check request, first data from the data pool, extract a target verification code from the verification code pool, extract, from the networking encryption check request, current terminal networking time of the terminal device 20, perform data processing on the extracted first data, the target verification code, and terminal networking time by using a first pre-stored data processing policy stored in the server device and kept in agreement with the terminal device 20, to obtain corresponding data to be checked, and perform information comparison between the data to be checked and the networking encryption check information in the networking encryption check request, so as to implement a request encryption check operation on the networking encryption check request.

If the data to be verified is not the same as the networking encryption verification information, that is, the networking encryption verification information transmitted by the terminal device 20 to the server device 10 is not legal and belongs to tampered information content, at this time, the networking encryption verification request is failed to verify, the server device 10 immediately disconnects the communication connection with the terminal device 20, does not process any message of the terminal device 20, prevents receiving and processing wrong data, then adds the IP address of the terminal device 20 to the wrong IP cache pool of the server device 10, and prohibits the IP address from being connected to the server device 10 again within a period of time.

If the data to be verified is consistent with the networking encryption verification information, it indicates that the networking encryption verification information transmitted by the terminal device 20 to the server device 10 belongs to legal and untampered information content, at this time, the networking encryption verification request is verified successfully, the server device 10 may select second data from the data pool, and then perform data processing on the second data and the terminal networking time by using a second pre-stored data processing policy to generate a corresponding key base number for constructing a key.

The second pre-stored data processing policy may be to perform a feature fusion operation after data features are respectively extracted from the terminal networking time and the second data, so as to obtain the key base number.

The second pre-stored data processing policy may be to directly perform xor calculation on the second data and the terminal networking time to obtain the key base, so as to effectively reduce the data calculation amount of the server device 10 and reduce the key construction time.

It is to be understood that the second data may be a certain encrypted source data in the data pool, or may be several encrypted source data in the data pool; the second data may be encrypted source data preset by the server device 10 (for example, the last six encrypted source data of the data pool); the second data may also be encrypted source data randomly selected from the data pool by the server device 10. The second data may be partially identical to or completely different from the first data.

And step S330, the server device generates a corresponding networking encryption response message according to the key base number and sends the networking encryption response message to the terminal device.

In this embodiment, after the server device 10 calculates the key base, it may directly encapsulate the key base to form a corresponding networking encryption response message, and then feed back the networking encryption response message to the terminal device 20; or extracting target encrypted source data from the data pool, performing data processing on the key base and the target encrypted source data according to a third pre-stored data processing strategy to obtain corresponding encrypted reply data, generating a networking encrypted response message including the encrypted reply data, and feeding back the networking encrypted response message to the terminal device 20.

The third pre-stored data processing policy may be to perform a feature fusion operation after extracting data features from the key base and the target encryption source data, respectively, to obtain the encryption reply data.

The third pre-stored data processing strategy may be to directly perform xor calculation on the key base and the target encryption source data to obtain third data to be processed, and then calculate check code information of the third data to be processed, so that the encrypted reply data is obtained by performing data splicing on the third data to be processed and the check code information of the third data to be processed, thereby effectively reducing the data calculation amount of the server device 10 and reducing the key construction time.

It can be understood that the target encrypted source data may be a certain encrypted source data in the data pool, or may be several encrypted source data in the data pool; the target encrypted source data may be specific encrypted source data (for example, six encrypted source data in the middle of the data pool) that is negotiated in advance by the terminal device 20 and the server device 10; the target encrypted source data may also be encrypted source data randomly selected from the data pool by the server device 10, and at this time, the networking encryption response message will be correspondingly recorded with index information of the target encrypted source data in the data pool.

In an implementation manner of this embodiment, after the terminal device 20 constructs the encrypted reply data, additional random data may be added before or after the encrypted reply data, so that the data regularity of the encrypted reply data in the networking encrypted response message is further reduced.

Step S340, the terminal device obtains the key base number by parsing from the networking encryption response message, and calculates the corresponding key to be confirmed according to the key base number and the third data randomly selected in the data pool.

In this embodiment, after receiving the networking encryption response message, the terminal device 20 may verify whether the networking encryption response message is valid based on various information disclosed by the networking encryption response message (for example, perform validity detection on the encrypted reply data recorded in the networking encryption response message by using a third pre-stored data processing policy stored by itself and target encryption source data extracted from the data pool with reference to the above request encryption verification operation), so that, in the case that the networking encryption response message is substantially valid, a corresponding key base is extracted from the networking encryption response message, then the terminal device 20 randomly selects third data from the data pool of itself, and then invokes a pre-stored key generation policy to perform data processing on the key base and the third data, so as to obtain a corresponding key to be confirmed. The third encrypted source data may be one of the encrypted source data in the data pool, or some of the encrypted source data in the data pool.

The pre-stored key generation strategy can be that after data features are respectively extracted from the third data and the key base number, feature fusion operation is executed to obtain the key to be confirmed;

the pre-stored key generation strategy may also be to directly perform xor calculation on the third data and the key base to obtain the key to be confirmed, so as to effectively reduce the data calculation amount of the server device 10 and reduce the key construction time.

Step S350, the terminal device generates a corresponding key communication request according to the key base and the index information of the third data, and sends the key communication request to the server device.

In this embodiment, after selecting the third data from the data pool, the terminal device 20 may directly package the key base and the index information of the third data to form a corresponding key communication request, and send the key communication request to the server device 10; or performing data processing on the key base and the index information of the third data according to a fourth pre-stored data processing policy to obtain a corresponding encrypted communication message, then generating a key communication request including the encrypted communication message, and then feeding back the key communication request to the server device 10.

The fourth pre-stored data processing policy may be to perform a feature fusion operation after extracting data features from the key base and the index information of the third data, respectively, to obtain the encrypted communication message;

the fourth pre-stored data processing policy may also be that the key base and the index information of the third data are directly subjected to xor calculation to obtain fourth data to be processed, and then check code information of the fourth data to be processed is calculated, so that the encrypted communication message is obtained by performing data splicing on the fourth data to be processed and the check code information of the fourth data to be processed, thereby effectively reducing the data calculation amount of the terminal device 20 and reducing the key construction time.

In an implementation manner of this embodiment, after the terminal device 20 constructs the encrypted communication message, additional random data may be added before and after the encrypted communication message, so that the data regularity of the encrypted communication message in the data presentation form in the key communication request is further reduced.

And step S360, the server-side equipment analyzes the key communication request according to the data pool and the key base number to obtain third data, and calculates a corresponding first key according to the key base number and the third data.

In this embodiment, after receiving the key communication request, the server device 10 may verify whether the key communication request is valid based on the data pool and the key base number based on various pieces of information disclosed by the key communication request, so that when the key communication request is substantially valid, index information of the third data is parsed from the key communication request to extract the third data from the data pool, and then perform data processing on the key base number and the extracted third data based on a pre-stored key generation policy stored in the server device and kept consistent with the terminal device 20, so as to obtain a corresponding first key.

In step S370, the server device sends an encrypted communication confirmation message encrypted with the first key to the terminal device.

And step 380, the terminal equipment decrypts the encrypted communication confirmation message according to the key to be confirmed, and performs encrypted communication with the server equipment according to the first key when the decryption is successful.

In this embodiment, if the terminal device 20 can effectively decrypt the encrypted communication confirmation message encrypted by the first key according to the key to be confirmed calculated by itself, it indicates that the key to be confirmed and the first key substantially keep consistent, and the key to be confirmed and the first key belong to real, valid and legal keys, at this time, the terminal device 20 can perform encrypted network communication with the server device 10 by using the first key.

Therefore, by executing the steps S310 to S380, the terminal device 20 cooperates with the server device 10 to utilize the data pool and the verification code pool configured identically, and provide parameter contents required for key construction in a mutual verification type negotiation manner in a key generation process, so that the finally constructed key can be ensured to effectively enhance the key construction privacy in a network communication process, reduce the key cracking risk, improve the network communication security performance, and improve the network communication security.

Optionally, referring to fig. 5, fig. 5 is a second flowchart of a first networking encryption communication method according to an embodiment of the present application. In the embodiment of the present application, compared with the first network encryption communication method shown in fig. 4, the first network encryption communication method shown in fig. 5 may further include steps S410 to S480, and the key used when the server device 10 and the terminal device 20 perform encryption communication is changed at different times, so that the same communication data may be encrypted by using different keys in different time periods, thereby effectively reducing the probability of key cracking.

And step S410, the server side equipment replaces the key forming time parameters according to a preset time interval, wherein the key forming time parameters replaced each time are different from each other.

The key forming time parameter is used to represent time parameter data for constructing a key, the key forming time parameter for each change may be obtained by performing time offset on the key forming time parameter used in the previous key change, and the key forming time parameter for each change may be directly used as the current system time point of the server device 10.

Step S420, the server device selects fourth data from the data pool, and generates a corresponding key base number to be replaced according to the fourth data and the key forming time parameter.

In this embodiment, the server device 10 may refer to the specific execution process of step S320, and perform line data processing on the fourth data and the key forming time parameter by using the second pre-stored data processing policy, so as to generate a corresponding key base number to be replaced, which is currently used for constructing the key. The fourth data may be a certain encrypted source data in the data pool, or may be some encrypted source data in the data pool; the fourth data may be encrypted source data preset by the server device 10; the second data may also be encrypted source data randomly selected from the data pool by the server device 10.

And step S430, the server device generates a corresponding key exchange request according to the key base number to be exchanged, and sends the key exchange request to the terminal device.

In this embodiment, the server device 10 may refer to the specific implementation process of step S330, directly encapsulate the base number of the key to be replaced to form a corresponding key replacement request, and then feed back the key replacement request to the terminal device 20; or, the reference encrypted source data may be extracted from the data pool, and then the data processing may be performed on the key base to be replaced and the reference encrypted source data according to a third pre-stored data processing policy to obtain a corresponding key replacement message, and then a key replacement request including the key replacement message may be generated, and then the key replacement request may be fed back to the terminal device 20.

It can be understood that the reference encrypted source data may be a certain encrypted source data in the data pool, or may be several encrypted source data in the data pool; the reference encrypted source data may be specific encrypted source data that is negotiated in advance between the terminal device 20 and the server device 10; the reference encrypted source data may also be encrypted source data randomly selected from the data pool by the server device 10, and at this time, the key exchange request will correspondingly record index information of the reference encrypted source data in the data pool.

And step S440, the terminal equipment analyzes the key change request to obtain a key base number to be changed, and calculates a corresponding target change key according to the key base number to be changed and fifth data randomly selected in the data pool.

In this embodiment, the terminal device 20 may refer to the specific execution process of step S340, and invoke a pre-stored key generation policy to perform data processing on the key base to be replaced and the fifth data, so as to obtain a corresponding target replacement key.

And step S450, the terminal equipment generates a corresponding replacement response message according to the base number of the key to be replaced and the index information of the fifth data, and feeds the replacement response message back to the server-side equipment.

In this embodiment, the terminal device 20 may refer to the specific execution process of step S350, directly package the base number of the key to be changed and the index information of the fifth data to form the change response message, and feed back the change response message to the server device 10; or calling a fourth pre-stored data processing strategy to perform data processing on the key base number to be changed and the index information of the fifth data to obtain a corresponding change response message, and then feeding back the change response message to the server-side device 10.

Step S460, the server device obtains fifth data from the replacement response message according to the data pool and the key base number to be replaced, and obtains a corresponding target key by calculation according to the key base number to be replaced and the fifth data.

In this embodiment, the server device 10 may refer to the specific execution process of step S360, invoke a pre-stored key generation policy that is stored by itself and is consistent with that of the terminal device 20, and perform data processing on the base number of the key to be replaced and the extracted fifth data to obtain a corresponding target key.

In step S470, the server device sends a key exchange confirmation message encrypted with the target key to the terminal device.

And step S480, the terminal equipment decrypts the key replacement confirmation message according to the target replacement key, and performs encryption communication with the server equipment according to the target key when decryption is successful.

In this embodiment, if the terminal device 20 can effectively decrypt the key exchange confirmation message encrypted with the target key according to the target exchange key calculated by itself, it indicates that the target exchange key substantially coincides with the target key, and the target exchange key and the target key belong to real, valid and legal keys, and at this time, the terminal device 20 may perform encrypted network communication with the server device 10 by using the target key.

Therefore, by executing the steps S410 to S480, the server device 10 can cooperate with the terminal device 20 to utilize the data pool and the verification code pool with the same configuration, and timely replace the secret key used when the server device 10 and the terminal device 20 perform encrypted communication, so that the same communication data can be encrypted by adopting different secret keys at different time periods, thereby effectively reducing the probability of the secret key being cracked.

In this application, in order to ensure that the server device 10 can cooperate with the terminal device 20 to effectively enhance the secret key construction privacy in the network communication process, and reduce the risk of key decryption, thereby improving the network communication security performance and improving the network communication security status, an embodiment of the present application provides a networking encryption communication method applied to the server device 10 to achieve the foregoing object. The networking encryption communication method provided by the present application is explained in detail below.

Referring to fig. 6, fig. 6 is a flowchart illustrating a second method for networking encryption communication according to an embodiment of the present application. In the embodiment of the present application, the second networking encryption communication method may include steps S510 to S560.

Step S510, obtaining a networking encryption verification request from the terminal device, where the networking encryption verification request is generated based on the terminal networking time of the terminal device, the first data in the data pool, and the target verification code in the verification code pool.

And step S520, performing encryption verification request on the networking encryption verification request according to the data pool and the verification code pool, and generating a corresponding key base number according to the second data in the data pool and the terminal networking time when the verification is successful.

Step S530, generating a corresponding networking encryption response message according to the key base number, and sending the networking encryption response message to the terminal equipment.

Step S540, a key communication request fed back by the terminal device is obtained, where the key communication request is generated by the terminal device based on the key base and the index information of the randomly selected third data in the data pool.

And step S550, analyzing the key communication request according to the data pool and the key base number to obtain third data, and calculating according to the key base number and the third data to obtain a corresponding first key.

Step S560, sending the encrypted communication confirmation message encrypted by the first key to the terminal device, so that the terminal device performs encrypted communication with the server device according to the first key.

Therefore, by executing the steps S510 to S560, the privacy of key construction in the network communication process can be effectively enhanced by matching with the terminal device 20, and the risk of key decryption is reduced, so that the network communication safety performance is improved, and the network communication safety condition is improved. The specific implementation process of steps S510 to S560 may refer to the above detailed description of steps S310 to S380, which is not repeated herein.

Optionally, referring to fig. 7, fig. 7 is a second flowchart of a second networking encryption communication method according to an embodiment of the present application. In this embodiment, compared with the second networking encryption communication method shown in fig. 6, the second networking encryption communication method shown in fig. 7 may further include steps S610 to S660, so as to cooperate with the terminal device 20 to utilize the data pool and the verification code pool with the same configuration to replace the key used when the server device 10 and the terminal device 20 perform encryption communication in time, so that the same communication data may be encrypted by using different keys in different time periods, thereby effectively reducing the probability of the key being cracked.

In step S610, the key forming time parameters are changed at preset time intervals, wherein the key forming time parameters for each change are different from each other.

And S620, selecting fourth data from the data pool, and generating a corresponding key base number to be replaced according to the fourth data and the key forming time parameter.

Step S630, a corresponding key replacing request is generated according to the key base number to be replaced, and the key replacing request is sent to the terminal equipment.

And step S640, acquiring a replacement response message fed back by the terminal device, wherein the replacement response message is generated by the terminal device based on the base number of the key to be replaced and the index information of the randomly selected fifth data in the data pool.

And step S650, analyzing the replacement response message according to the data pool and the key base number to be replaced to obtain fifth data, and calculating according to the key base number to be replaced and the fifth data to obtain a corresponding target key.

Step S660, sending a key exchange confirmation message encrypted by the target key to the terminal device, so that the terminal device performs encrypted communication with the server device according to the exchanged target key.

Therefore, the server side equipment 10 and the terminal equipment 20 can exchange the keys used in the encrypted communication by using the same configured data pool and the verification code pool in cooperation with the terminal equipment 20 by executing the steps S610 to S660, so that the same communication data can be encrypted by using different keys in different time periods, and the probability of the key being cracked is effectively reduced. The specific implementation process of steps S610 to S660 can refer to the above detailed description of steps S410 to S480, which is not repeated herein.

In this application, in order to ensure that the terminal device 20 can cooperate with the server device 10 to effectively enhance the secret key construction privacy in the network communication process, and reduce the risk of key decryption, thereby improving the network communication security performance and improving the network communication security status, an embodiment of the present application provides a networking encryption communication method applied to the terminal device 20 to achieve the foregoing object. The following describes the networking encryption communication method provided by the present application in detail.

Referring to fig. 8, fig. 8 is a flowchart illustrating a third method for networking encryption communication according to an embodiment of the present application. In the embodiment of the present application, the third networking encryption communication method may include steps S710 to S760.

Step S710, generating a corresponding networking encryption verification request according to the current terminal networking time, the first data in the data pool and the target verification code in the verification code pool, and sending the networking encryption verification request to the server device for requesting encryption verification.

And step S720, acquiring a networking encryption response message fed back by the server equipment when the networking encryption verification request is successfully verified.

And step S730, analyzing the networking encryption response message to obtain a key base number, and calculating a corresponding key to be confirmed according to the key base number and third data randomly selected in the data pool.

Step S740, generating a corresponding key communication request according to the key base and the index information of the third data, and sending the key communication request to the server device.

Step S750, obtaining an encrypted communication confirmation message encrypted by a first key fed back by the server device, where the first key is generated by the server device based on the key base and the third data.

And step S760, decrypting the encrypted communication confirmation message according to the key to be confirmed, and carrying out encrypted communication with the server equipment according to the first key when the decryption is successful.

Therefore, by executing the steps 710 to 760, the server device 10 is cooperated to effectively enhance the secret key construction privacy in the network communication process and reduce the risk of key decryption, so that the network communication security performance is improved and the network communication security status is improved. The specific implementation processes of steps S710 to S760 refer to the above detailed descriptions of steps S310 to S380, which are not repeated herein.

Optionally, referring to fig. 9, fig. 9 is a second flowchart of a third method for networking encrypted communication according to the embodiment of the present application. In this embodiment, compared with the third networking encryption communication method shown in fig. 8, the third networking encryption communication method shown in fig. 9 may further include steps S810 to S850, so as to cooperate with the server device 10 to utilize the data pool and the verification code pool with the same configuration, and timely replace the key used when the server device 10 and the terminal device 20 perform encryption communication, so that the same communication data may be encrypted by using different keys in different time periods, thereby effectively reducing the probability of the key being cracked.

Step S810, acquiring a key exchange request sent by the server device according to a preset time interval.

Step S820, analyzing the key change request to obtain a key base number to be changed, and calculating a corresponding target change key according to the key base number to be changed and the randomly selected fifth data in the data pool.

And step S830, generating a corresponding replacement response message according to the base number of the key to be replaced and the index information of the fifth data, and feeding back the replacement response message to the server device.

And step 840, acquiring a key replacement confirmation message which is fed back by the server and encrypted by a target key, wherein the target key is generated by the server based on a base number of the key to be replaced and the fifth data.

And step S850, decrypting the key replacement confirmation message according to the target replacement key, and carrying out encryption communication with the server equipment according to the target key when the decryption is successful.

Therefore, by executing the steps S810 to S850, the server device 10 can timely replace the secret key used in the encrypted communication between the server device 10 and the terminal device 20 by using the data pool and the verification code pool which are configured identically, so that the same communication data can be encrypted by using different secret keys at different time periods, and the probability of the secret key being cracked is effectively reduced. The specific implementation process of steps S610 to S660 can refer to the above detailed description of steps S410 to S480, which is not repeated herein.

In this application, in order to ensure that the server device 10 can effectively execute the second networking encryption communication method, the foregoing functions are implemented by dividing the first networking encryption communication apparatus 100 stored at the server device 10 into functional modules. The following describes a specific configuration of the first networking encryption communication apparatus 100 applied to the server device 10 provided in the present application.

Referring to fig. 10, fig. 10 is a schematic diagram illustrating a first network encryption communication apparatus 100 according to an embodiment of the present disclosure. In the embodiment of the present application, the first network encryption communication device 100 may include a network request obtaining module 110, a key base calculating module 120, an encryption response sending module 130, a communication request obtaining module 140, a first key calculating module 150, and an encryption communication confirming module 160.

A networking request obtaining module 110, configured to obtain a networking encryption verification request from the terminal device, where the networking encryption verification request is generated based on the terminal networking time of the terminal device, the first data in the data pool, and the target verification code in the verification code pool.

And the key base number calculation module 120 is configured to perform request encryption verification on the network connection encryption verification request according to the data pool and the verification code pool, and generate a corresponding key base number according to the second data in the data pool and the terminal networking time when the verification is successful.

And the encrypted response sending module 130 is configured to generate a corresponding networking encrypted response message according to the key base, and send the networking encrypted response message to the terminal device.

A communication request obtaining module 140, configured to obtain a key communication request fed back by the terminal device, where the key communication request is generated by the terminal device based on a key base and index information of third data randomly selected in the data pool.

The first key calculation module 150 is configured to analyze the key communication request according to the data pool and the key base to obtain third data, and calculate a corresponding first key according to the key base and the third data.

And the encrypted communication confirmation module 160 is configured to send an encrypted communication confirmation message encrypted with the first key to the terminal device, so that the terminal device performs encrypted communication with the server device according to the first key.

Optionally, referring to fig. 11, fig. 11 is a second schematic view illustrating a composition of the first network encryption communication apparatus 100 according to an embodiment of the present application. In this embodiment, the first network-connected encrypted communication device 100 may further include a time parameter replacing module 170, a key replacing feedback module 180, a replacing response obtaining module 190, a target key calculating module 1110, and a key replacing confirmation module 1120.

The time parameter replacing module 170 is configured to replace the key forming time parameter at a preset time interval, where the key forming time parameter for each replacement is different from each other.

The key base number calculating module 120 is further configured to select fourth data from the data pool, and generate a corresponding key base number to be changed according to the fourth data and the key forming time parameter.

And the key exchange feedback module 180 is configured to generate a corresponding key exchange request according to the key base to be exchanged, and send the key exchange request to the terminal device.

And the replacement response obtaining module 190 is configured to obtain a replacement response message fed back by the terminal device, where the replacement response message is generated by the terminal device based on the base number of the key to be replaced and the index information of the fifth data randomly selected in the data pool.

And the target key calculation module 1110 is configured to obtain the fifth data by parsing from the replacement response message according to the data pool and the key base number to be replaced, and calculate to obtain a corresponding target key according to the key base number to be replaced and the fifth data.

The key exchange confirmation module 1120 is configured to send a key exchange confirmation message encrypted with the target key to the terminal device, so that the terminal device performs encrypted communication with the server device according to the exchanged target key.

It should be noted that the basic principle and the resulting technical effects of the first networking encryption communication apparatus 100 provided in the embodiment of the present application are the same as those of the second networking encryption communication method described above. For a brief description, where not mentioned in this embodiment section, reference may be made to the above description of the second method of networked encrypted communication.

In the present application, in order to ensure that the terminal device 20 can effectively execute the third networking encryption communication method, the foregoing functions are realized by dividing the functional modules of the second networking encryption communication apparatus 200 stored at the terminal device 20. The following describes a specific configuration of the second networking encryption communication device 200 applied to the terminal equipment 20 provided by the present application.

Referring to fig. 12, fig. 12 is a schematic diagram illustrating a second networking encryption communication apparatus 200 according to an embodiment of the present disclosure. In the embodiment of the present application, the second networking encryption communication device 200 may include a networking request sending module 210, an encryption response obtaining module 220, a key parsing and generating module 230, a communication request sending module 240, an encryption confirmation obtaining module 250, and a message decryption communication module 260.

And the networking request sending module 210 is configured to generate a corresponding networking encryption verification request according to the current terminal networking time, the first data in the data pool, and the target verification code in the verification code pool, and send the networking encryption verification request to the server device for requesting encryption verification.

And the encrypted response obtaining module 220 is configured to obtain a networking encrypted response message fed back by the server device when the networking encrypted verification request is successfully verified.

And the key analysis generation module 230 is configured to analyze the networking encryption response message to obtain a key base, and calculate a corresponding key to be confirmed according to the key base and third data randomly selected in the data pool.

And a communication request sending module 240, configured to generate a corresponding key communication request according to the key base and the index information of the third data, and send the key communication request to the server device.

And an encryption confirmation obtaining module 250, configured to obtain an encrypted communication confirmation message, which is fed back by the server device and encrypted with a first key, where the first key is generated by the server device based on the key base and the third data.

And the message decryption communication module 260 is configured to decrypt the encrypted communication confirmation message according to the key to be confirmed, and perform encrypted communication with the server device according to the first key when decryption is successful.

Optionally, referring to fig. 13, fig. 13 is a second schematic composition diagram of the second networking encryption communication device 200 according to the embodiment of the present application. In the embodiment of the present application, the second networked encrypted communication apparatus 200 may further include a replacement request obtaining module 270, a replacement key calculating module 280, a replacement response feedback module 290, and a replacement confirmation obtaining module 2110.

A replacement request obtaining module 270, configured to obtain a key replacement request sent by the server device according to a preset time interval.

And the key replacement calculation module 280 is configured to obtain a base number of the key to be replaced through parsing from the key replacement request, and calculate a corresponding target replacement key according to the base number of the key to be replaced and fifth data randomly selected from the data pool.

And the replacement response feedback module 290 is configured to generate a corresponding replacement response message according to the key base number to be replaced and the index information of the fifth data, and feed back the replacement response message to the server device.

The replacement confirmation obtaining module 2110 is configured to obtain a key replacement confirmation message, which is encrypted with a target key and fed back by the server device, where the target key is generated by the server device based on the key base to be replaced and the fifth data.

The message decryption communication module 260 is further configured to decrypt the key exchange confirmation message according to the target exchange key, and perform encrypted communication with the server device according to the target key when decryption is successful.

It should be noted that the second networking encryption communication apparatus 200 provided in the embodiment of the present application has the same basic principle and the same technical effect as the third networking encryption communication method described above. For a brief description, where not mentioned in this embodiment section, reference may be made to the above description of the third method of networked encrypted communication.

In this application, an embodiment of the present application further provides a readable storage medium, where the readable storage medium stores a computer program, which includes a plurality of machine instructions for causing a processor of an electronic device to execute the computer program, so as to implement any one of the foregoing networking encryption communication methods. Wherein the computer program may be implemented in the form of software functional modules.

To sum up, in the networking encryption communication method and apparatus, the server device, the terminal device, and the readable storage medium provided in the embodiments of the present application, the server device obtains a networking encryption check request generated by the terminal device based on a terminal networking time, first data in a data pool, and a target verification code in a verification code pool, performs a request encryption verification on the networking encryption check request by using the data pool and the verification code pool having the same configuration as the terminal device, generates a corresponding key base according to second data in the data pool and the terminal networking time when the verification is successful, feeds back the key base to the terminal device, generates a corresponding key communication request by using the terminal device in combination with the key base and index information of third data randomly selected in the data pool, so that the server device analyzes the third data by using the data pool and the key base in combination with the key communication request, calculates and obtains a corresponding first key according to the key base and the third data, and sends an encryption communication confirmation message encrypted with the first key to the terminal device, so that the terminal device performs encryption communication according to the key base and the service device, thereby increasing a security risk of establishing a network communication pool and a network communication device.

The above description is only for various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and all such changes or substitutions are included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A networking encryption communication method is applied to a server device which establishes communication with a terminal device, wherein the terminal device and the server device have a data pool and a verification code pool which have the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, and the encryption communication method comprises the following steps:

acquiring a key communication request fed back by the terminal equipment, wherein the key communication request is generated by the terminal equipment based on the key base number and index information of third data randomly selected in the data pool;

sending an encrypted communication confirmation message encrypted by the first key to the terminal equipment, so that the terminal equipment performs encrypted communication with the server-side equipment according to the first key;

further, the encryption communication method further includes:

generating a corresponding key replacement request according to a key base number to be replaced, and sending the key replacement request to the terminal equipment;

2. A networking encryption communication method is applied to a terminal device which establishes communication with a server device, wherein the terminal device and the server device have a data pool and a verification code pool which have the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, and the encryption communication method comprises the following steps:

generating a corresponding networking encryption verification request according to the current terminal networking time, first data in the data pool and a target verification code in the verification code pool, and sending the networking encryption verification request to the server-side equipment for encryption verification request;

decrypting the encrypted communication confirmation message according to the key to be confirmed, and carrying out encrypted communication with the server-side equipment according to the first key when the decryption is successful;

further, the encryption communication method further includes:

acquiring a key replacement confirmation message which is fed back by the server-side equipment and encrypted by using a target key, wherein the target key is generated by the server-side equipment based on the base number of the key to be replaced and the fifth data;

3. A networking encryption communication method, applied to a terminal device and a server device for establishing communication, wherein the terminal device and the server device have a data pool and an authentication code pool with the same configuration, the data pool stores a plurality of encryption source data, and the authentication code pool stores a plurality of networking authentication codes, the encryption communication method comprising:

the server-side equipment analyzes the key communication request according to the data pool and the key base number to obtain third data, and calculates according to the key base number and the third data to obtain a corresponding first key;

the terminal equipment decrypts the encrypted communication confirmation message according to the key to be confirmed and conducts encrypted communication with the server equipment according to the first key when decryption is successful;

further, the encryption communication method further includes:

the server-side equipment changes the key forming time parameters at preset time intervals, wherein the key forming time parameters changed each time are different;

the server-side equipment analyzes the data pool and the key base number to be replaced from the replacement response message to obtain fifth data, and calculates a corresponding target key according to the key base number to be replaced and the fifth data;

and the terminal equipment decrypts the key replacement confirmation message according to the target replacement key and carries out encryption communication with the server equipment according to the target key when decryption is successful.

4. A networking encryption communication apparatus, applied to a server device that establishes communication with a terminal device, wherein the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, the encryption communication apparatus comprising:

the encrypted communication confirmation module is used for sending an encrypted communication confirmation message encrypted by the first key to the terminal equipment so that the terminal equipment performs encrypted communication with the server equipment according to the first key;

further, the encryption communication apparatus further includes:

the key base number calculation module is further used for selecting fourth data from the data pool and generating a corresponding key base number to be replaced according to the fourth data and the key forming time parameter;

5. A networking encryption communication apparatus, applied to a terminal device that establishes communication with a server device, wherein the terminal device and the server device have a data pool and a verification code pool with the same configuration, the data pool stores a plurality of encryption source data, and the verification code pool stores a plurality of networking verification codes, the encryption communication apparatus comprising:

an encrypted response obtaining module, configured to obtain a networking encrypted response message fed back by the server device when the networking encrypted verification request is successfully verified;

the message decryption communication module is used for decrypting the encrypted communication confirmation message according to the key to be confirmed and carrying out encrypted communication with the server equipment according to the first key when the decryption is successful;

further, the encryption communication apparatus further includes:

6. A server device comprising a processor and a memory, the memory storing a computer program executable by the processor, the processor being configured to execute the computer program to implement the method of networked encrypted communication of claim 1.

7. A terminal device comprising a processor and a memory, said memory storing a computer program executable by said processor, said processor being adapted to execute said computer program to implement the networked encrypted communication method of claim 2.

8. A readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of networked encrypted communication of any of claims 1-3.