CN115514480A - Data interaction method and readable storage medium - Google Patents

Data interaction method and readable storage medium Download PDF

Info

Publication number
CN115514480A
CN115514480A CN202211214154.1A CN202211214154A CN115514480A CN 115514480 A CN115514480 A CN 115514480A CN 202211214154 A CN202211214154 A CN 202211214154A CN 115514480 A CN115514480 A CN 115514480A
Authority
CN
China
Prior art keywords
key
public
server
private key
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211214154.1A
Other languages
Chinese (zh)
Inventor
彭宏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Miracle Intelligent Network Co Ltd
Original Assignee
Shenzhen Miracle Intelligent Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Miracle Intelligent Network Co Ltd filed Critical Shenzhen Miracle Intelligent Network Co Ltd
Priority to CN202211214154.1A priority Critical patent/CN115514480A/en
Publication of CN115514480A publication Critical patent/CN115514480A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The invention provides a data interaction method and a readable storage medium, which are applied to a client, and the method comprises the following steps: acquiring a first SM2 public and private key; performing asymmetric key authentication according to the first SM2 public and private key and a second SM2 public and private key of the server; responding to the passing of the asymmetric key authentication, and acquiring a first SM4 shared key; performing symmetric key authentication according to the first SM4 shared key and a second SM4 shared key of the server; responding to the passing of the symmetric key authentication, encrypting the target data according to the first SM4 shared key, and sending the encrypted target data to the server, so that the server decrypts the target data according to the second SM4 shared key to obtain the target data; the method is also applied to the server side; according to the invention, a national secret code algorithm is added to the client on the basis of the HTTPS protocol so as to carry out secondary identity authentication and secondary encryption on the data, and the security of data interaction is effectively improved.

Description

Data interaction method and readable storage medium
Technical Field
The present application relates to the field of communication security technologies, and in particular, to a data interaction method and a readable storage medium.
Background
With the continuous development of the internet, people are used to shopping, trading and exchanging various information on the internet. However, malicious fraudulent activities such as hackers, trojans, and phishing bring great challenges to the security of the internet.
The existing WEB communication and interactive security application are based on an HTTPS protocol, in the implementation process of the protocol, an authentication certificate is relatively fixed, and a call-back key generated by a random number of a browser client is used as a symmetric cryptographic algorithm AES to establish a secure communication channel. However, in the symmetric cryptographic algorithm, the same key, the same plaintext and the same encryption result are the same in the encryption and decryption process each time, and the symmetric cryptographic algorithm is easier to attack. On the other hand, due to the limitation of browsers, most encryption and decryption cryptographic algorithms applied to WEB are based on AES or RSA cryptographic algorithms, SM2/3/4 national cryptographic algorithms cannot be called, and the security is low.
Disclosure of Invention
In view of this, an object of the present application is to provide a data interaction method and a readable storage medium, which add a cryptographic algorithm to a WEB application client based on an HTTPS protocol to perform secondary identity authentication and secondary encryption on data, so as to effectively improve security of data interaction.
In order to achieve the purpose, the following technical scheme is adopted in the application:
in a first aspect, the present invention provides a data interaction method, applied to a client, including:
acquiring a first SM2 public and private key;
performing asymmetric key authentication according to the first SM2 public and private key and a second SM2 public and private key of the server;
responding to the passing of the asymmetric key authentication, and acquiring a first SM4 shared key;
performing symmetric key authentication according to the first SM4 shared key and a second SM4 shared key of the server;
and responding to the passing of the symmetric key authentication, encrypting target data according to the first SM4 shared key, and sending the encrypted target data to the server, so that the server decrypts the target data according to the second SM4 shared key to obtain the target data.
In an embodiment, the performing asymmetric key authentication according to the first SM2 public/private key and the second SM2 public/private key of the server includes:
sending a first public key in the first SM2 public and private key to the server, and receiving a second public key in the second SM2 public and private key of the server;
encrypting a first plaintext according to the second public key to obtain a first ciphertext, and signing the first ciphertext by using a first private key in the first SM2 public private key;
and sending the signed first ciphertext to the server, so that the server checks the first ciphertext according to the first public key, decrypts the checked first ciphertext according to a second private key in the second SM2 public private key to obtain the first plaintext, and returns information that asymmetric key authentication passes when the first plaintext is determined to be legal.
In an embodiment, before performing asymmetric key authentication according to the first SM2 public/private key and the second SM2 public/private key of the server, the method includes:
and recording the first SM2 public and private key and the current timestamp in a current process memory.
In an embodiment, the performing symmetric key authentication according to the first SM4 shared key and a second SM4 shared key of a server includes:
encrypting a second plaintext according to the first SM4 shared key to obtain a second ciphertext, sending the second ciphertext to the server, enabling the server to decrypt the second ciphertext according to the second SM4 shared key to obtain a second plaintext, and returning information that symmetric key authentication passes when the second plaintext is determined to be legal.
In an embodiment, after the symmetric key passes the authentication, the method further includes:
and judging whether the validity of the first SM4 shared key is overtime, and if so, returning to the step of obtaining the first SM2 public and private keys.
The invention provides a data interaction method, which is also applied to a server and comprises the following steps:
acquiring a second SM2 public and private key;
performing asymmetric key authentication according to the second SM2 public and private key and the first SM2 public and private key of the client;
responding to the passing of the asymmetric key authentication, and acquiring a second SM4 shared key;
performing symmetric key authentication according to the second SM4 shared key and the first SM4 shared key of the client;
and responding to the passing of the symmetric key authentication, and decrypting the target data sent by the client according to the second SM4 shared key to obtain the target data, wherein the target data is encrypted by the client by adopting the first SM4 shared key.
In an embodiment, the performing asymmetric key authentication according to the second SM2 public/private key and the first SM2 public/private key of the client includes:
sending a second public key in the second SM2 public and private key to the client, and receiving a first public key in the first SM2 public and private key of the client;
and when the first plaintext is determined to be legal, returning information that the asymmetric key passes the authentication, wherein the first ciphertext is obtained by encrypting the first plaintext by the second public key of the client and signing by using the first private key in the first SM2 public private key.
In an embodiment, the performing symmetric key authentication with the first SM4 shared key of the client according to the second SM4 shared key includes:
and decrypting a second ciphertext sent by the client according to the second SM4 shared key to obtain a second plaintext, and returning information that symmetric key authentication passes when the second plaintext is determined to be legal, wherein the second ciphertext is obtained by encrypting the second plaintext by the client according to the first SM4 shared key.
In an embodiment, before performing asymmetric key authentication according to the second SM2 public/private key and the first SM2 public/private key of the client, the method includes:
and recording the second SM2 public and private key and the current timestamp in an SQL database of the server.
In a second aspect, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the data interaction method according to any one of claims 1 to 9.
According to the data interaction method and the readable storage medium, the national secret code algorithm is added to the WEB application client on the basis of the HTTPS protocol so as to perform secondary identity authentication and secondary encryption on the data, and the security of data interaction is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flowchart illustrating a method of a data interaction method of a client according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method of data interaction at a server according to an embodiment of the present application;
fig. 3 is a schematic method flowchart of a data interaction method according to an embodiment of the application.
Detailed Description
Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the description of the invention without inventive step, are within the scope of protection of the invention.
In the description of the present invention, unless otherwise explicitly specified or limited, the terms "disposed," "mounted," "connected," and the like are to be construed broadly and may, for example, be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; may be directly connected or indirectly connected through an intermediate. The specific meaning of the above terms can be understood as a special case for those of ordinary skill in the art.
The terms "upper", "lower", "left", "right", "front", "back", "top", "bottom", "inner", "outer", and the like, refer to an orientation or positional relationship that is based on the orientation or positional relationship shown in the drawings, or that is conventionally used in the practice of the invention, and are used for convenience of description and simplicity of illustration only, and do not indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and thus are not to be construed as limiting the present invention.
Moreover, the terms "first," "second," "third," and the like are used solely to distinguish between similar elements and not to indicate or imply relative importance or a particular order.
Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, including not only those elements listed, but also other elements not expressly listed.
Referring to fig. 1, fig. 1 is a flowchart of a method of a data interaction method of a client according to the present disclosure.
The invention provides a data interaction method, which is applied to a client and comprises the following steps:
s100, obtaining a first SM2 public and private key.
In an embodiment, the public key and the private key may also be referred to as a key pair, and in the asymmetric encryption technology, there are two keys, which are a private key and a public key, where the private key is held by the owner of the key pair and is not publishable, and the public key is published by the owner of the key pair to others. The client comprises a first public key and a first private key.
S110, performing asymmetric key authentication according to the first SM2 public-private key and the second SM2 public-private key of the server.
In one embodiment, asymmetric encryption often requires the assistance of a cryptographically secure pseudorandom number generator to generate a pair of keys, one of which can be freely disclosed, called a public key, and the other of which is not, called a private key, and must be kept in strict secret at the user's discretion and never provided to anyone via any way. The sender of the message is decrypted using the public key and the recipient of the message is decrypted using the private key. Public key mechanisms are flexible, but encryption and decryption speeds are much slower than symmetric key encryption. SM2 is asymmetric encryption, based on ECC, this algorithm is disclosed. Since the algorithm is based on ECC, the signature speed and the key generation speed are faster than those of RSA. The security strength of the ECC 256 bits (the SM2 adopts one of the ECC 256 bits) is higher than that of the RSA 2048 bits, but the operation speed is faster than that of the RSA. The first SM2 public and private key of the client exchanges information with the second SM2 public and private key of the server.
And S120, responding to the passing of the asymmetric key authentication, and acquiring a first SM4 shared key.
In one embodiment, SM4.0 (original name SMs 4.0) is a block cipher standard adopted by the government of the people's republic of china. In a commercial cryptosystem, SM4 is mainly used for data encryption, the algorithm is public, the packet length and the key length are both 128 bits, the encryption algorithm and the key expansion algorithm both adopt 32-round nonlinear iterative structures, and an S box is a fixed 8-bit input 8-bit output. The SM4 wireless local area network standard packet data algorithm, symmetric encryption, key length and packet length are 128 bits. After the authentication between the first SM2 public and private key of the client and the second SM2 public and private key of the server passes, the server acquires the first SM4 shared key.
S130, performing symmetric key authentication according to the first SM4 shared key and the second SM4 shared key of the server.
In one embodiment, symmetric key authentication is also known as private key encryption or session key encryption algorithm, i.e. the sender and receiver of a message use the same key to encrypt and decrypt data. Its advantages are high encryption/decryption speed and high data encryption speed. In short, there is a plaintext, which is encrypted by a key to obtain a ciphertext, and the ciphertext can be decrypted by the same key to obtain the same plaintext as the original plaintext. The client side uses the first SM4 shared key to carry out symmetric key authentication on the second SM4 shared key of the server side, and the first SM4 shared key and the second SM4 shared key are a pair of symmetric keys.
S140, responding to the passing of the symmetric key authentication, encrypting the target data according to the first SM4 shared key, and sending the encrypted target data to the server, so that the server decrypts the target data according to the second SM4 shared key to obtain the target data.
In an embodiment, after the authentication between the first SM4 shared key of the client and the second SM4 shared key of the server is passed, a secure channel based on an SM4 cryptographic algorithm is established between the client and the server.
Optionally, performing asymmetric key authentication according to the first SM2 public/private key and the second SM2 public/private key of the server, includes:
and sending a first public key in the first SM2 public and private key to the server, and receiving a second public key in a second SM2 public and private key of the server.
In an embodiment, the client sends the first public key in the first SM2 public and private key to the server, and at the same time, receives the second public key in the second SM2 public and private key sent by the server, and completes the exchange of the public keys.
And encrypting the first plaintext according to the second public key to obtain a first ciphertext, and signing the first ciphertext by using a first private key in the first SM2 public private key.
In an embodiment, the client encrypts the first plaintext with the second public key obtained after exchanging the public key with the server to obtain the first ciphertext, and then signs the first ciphertext with the first private key of the first SM2 public private key. The plaintext is an unencrypted text (or character string) that can be intuitively understood. The ciphertext is the encrypted text and the plaintext is the text before encryption. The ciphertext is information encrypted by plaintext, and is mainly used for protecting data from being stolen and read by an illegal person. The public key is used for encrypting the plaintext, the obtained ciphertext can be sent through an insecure way (such as a network), only a corresponding private key holder can decrypt the ciphertext to obtain the plaintext, and even if other people steal the ciphertext and the encrypted public key from the network, the plaintext cannot be decrypted (within reasonable time of years). The typical example is on the network bank or shopping website, because the user needs to input the sensitive message, the public key provided by the website server is used for encrypting and uploading data when the browser is connected, so that only the trusted website server can be ensured to decrypt and learn the message, and the user does not need to worry about the stealing of the sensitive personal information because the sensitive personal information is sent on the network. In addition, a private key is used to encrypt the digest of the text to be transmitted, and the obtained ciphertext is called a signature of the transmission process.
And sending the signed first ciphertext to the server, so that the server checks the first ciphertext according to the first public key, decrypts the checked first ciphertext according to a second private key in the second SM2 public private key to obtain a first plaintext, and when the first plaintext is determined to be legal, returning the information that the asymmetric key passes the authentication.
In an embodiment, the client sends the first ciphertext of the signature to the server, so that the server verifies the signature of the first ciphertext of the signature by using a first public key obtained after exchanging the public key with the client. And after the signature verification is passed, decrypting the first ciphertext subjected to signature verification by using a second private key in the second SM2 public private key to obtain a first plaintext, and returning the information passing the authentication to the client side when the first plaintext is determined to be legal. In the SM2 public and private keys generated by the same end, the public key is public and can be obtained by anyone, and the private key is not public. For example, the first SM2 public and private key generated by the server side is encrypted by the first public key of the first SM2 public and private key to obtain the ciphertext a, and the ciphertext a can only be decrypted by the first private key of the first SM2 public and private key to obtain the plaintext a, so that the security of data interaction is effectively increased.
Optionally, before performing asymmetric key authentication according to the first SM2 public-private key and the second SM2 public-private key of the server, the method includes:
and recording the first SM2 public and private key and the current timestamp in the current process memory.
In one embodiment, based on the HTTPS protocol, the client and the server first generate a pair of public and private keys through an elliptic curve before each communication. Before the client and the server perform asymmetric key authentication, the client records the first public key, the first private key and the current timestamp in the current process memory.
Optionally, performing symmetric key authentication according to the first SM4 shared key and the second SM4 shared key of the server, including:
and encrypting the second plaintext according to the first SM4 shared key to obtain a second ciphertext, sending the second ciphertext to the server, so that the server decrypts the second ciphertext according to the second SM4 shared key to obtain the second plaintext, and returning the information that the symmetric key passes the authentication when the second plaintext is determined to be legal.
In an embodiment, the client encrypts the second plaintext by using the first SM4 shared key to obtain a second ciphertext, sends the encrypted second ciphertext to the server, so that the server decrypts the received second ciphertext by using the second SM4 shared key to obtain the second plaintext, and sends the authenticated information to the client after determining that the second plaintext is legal. Wherein, the first SM4 shared key and the second SM4 shared key are a pair of symmetric keys.
Optionally, after the symmetric key authentication passes, the method further includes:
and judging whether the validity of the first SM4 shared secret key is overtime, if so, returning to the step of obtaining the first SM2 public and private keys.
In an embodiment, after the secure channel based on the SM4 cryptographic algorithm is established, the client determines whether the validity of the first SM4 shared key is overtime according to the current timestamp, and if the validity of the first SM4 shared key is overtime, the client needs to return to the step of S100 again, so that the security of data interaction is effectively increased.
Referring to fig. 2, a flowchart of a method of a data interaction method of a server according to the present application is shown.
The invention provides a data interaction method, which is also applied to a server and comprises the following steps:
s200, obtaining a second SM2 public and private key.
In an embodiment, the public key and the private key may also be referred to as a key pair, and in the asymmetric encryption technology, there are two keys, which are a private key and a public key, where the private key is held by the owner of the key pair and is not publishable, and the public key is published by the owner of the key pair to others. The server side comprises a second public key and a second private key.
S210, asymmetric key authentication is carried out according to the second SM2 public and private key and the first SM2 public and private key of the client.
In one embodiment, asymmetric encryption often requires the assistance of a cryptographically secure pseudo-random number generator to generate a pair of keys, one of which may be freely public, called a public key, and the other of which may not be public, called a private key, and must be kept in a strict secret at the user's discretion and never provided to anyone via any way. The sender of the message uses the public key to decrypt and the recipient of the message uses the private key to decrypt. Public key mechanisms are flexible, but encryption and decryption speeds are much slower than symmetric key encryption. SM2 is asymmetric encryption, based on ECC, this algorithm is disclosed. Since the algorithm is based on ECC, the signature speed and the key generation speed are faster than RSA. The security strength of the ECC 256 bits (the SM2 adopts one of the ECC 256 bits) is higher than that of the RSA 2048 bits, but the operation speed is faster than that of the RSA. And the second SM2 public and private key of the server exchanges information with the first SM2 public and private key of the client.
And S220, responding to the passing of the asymmetric key authentication, and acquiring a second SM4 shared key.
In one embodiment, SM4.0 (original name SMs 4.0) is a block cipher standard adopted by the government of the people's republic of china. In a commercial cryptosystem, SM4 is mainly used for data encryption, the algorithm is public, the packet length and the key length are both 128 bits, the encryption algorithm and the key expansion algorithm both adopt 32-round nonlinear iterative structures, and an S box is a fixed 8-bit input 8-bit output. The SM4 wireless local area network standard packet data algorithm, symmetric encryption, the key length and the packet length are 128 bits. And after the authentication between the second SM2 public and private key of the service and the first SM2 public and private key of the client passes, the server acquires the second SM4 shared key.
And S230, performing symmetric key authentication according to the second SM4 shared key and the first SM4 shared key of the client.
In one embodiment, symmetric key authentication is also known as private key encryption or session key encryption algorithm, i.e. the sender and receiver of a message use the same key to encrypt and decrypt data. Its advantage is high encryption/decryption speed and high data encrypting speed. In short, there is a plaintext, which is encrypted by a key to obtain a ciphertext, and the ciphertext can be decrypted by the same cipher to obtain the same plaintext as the original plaintext. The server side uses the second SM4 shared key to perform symmetric key authentication on the first SM4 shared key of the client side, and the first SM4 shared key and the second SM4 shared key are a pair of symmetric keys.
And S240, responding to the passing of the symmetric key authentication, decrypting the target data sent by the client according to the second SM4 shared key to obtain the target data, wherein the target data is encrypted by the client by adopting the first SM4 shared key.
In an embodiment, after the authentication between the second SM4 shared key of the server and the first SM4 shared key of the client passes, a secure channel based on an SM4 cryptographic algorithm is established between the server and the client.
Optionally, performing asymmetric key authentication according to the second SM2 public/private key and the first SM2 public/private key of the client, includes:
and sending the second public key in the second SM2 public private key to the client, and receiving the first public key in the first SM2 public private key of the client.
In an embodiment, the server sends the second public key in the second SM2 public and private key to the client, and meanwhile, receives the first public key in the first SM2 public and private key sent by the client, thereby completing the exchange of public keys.
The method comprises the steps of checking a first ciphertext sent by a client according to a first public key, decrypting the first ciphertext by using a second private key in a second SM2 public private key to obtain a first plaintext, and returning information that the asymmetric key passes authentication when the first plaintext is determined to be legal, wherein the first ciphertext is encrypted by the second public key of the client, and is signed by using the first private key in the first SM2 public private key to obtain the first ciphertext.
In an embodiment, the server exchanges public keys with the client to obtain a first public key, checks a first ciphertext, and decrypts the checked first ciphertext by using a second private key of the second SM2 public private key to obtain a first plaintext. And when the first plaintext is determined to be legal, the server returns the information passing the authentication to the client. And the first ciphertext is obtained by encrypting the first plaintext by using a second public key of the client and signing by using a first private key in the first SM2 public private key. In addition, in the SM2 public and private keys generated by the same end, the public key is public and can be obtained by anyone, and the private key is not public. For example, a first SM2 public and private key generated by the server side encrypts the plaintext a through a first public key of the first SM2 public and private key to obtain a ciphertext a, and the ciphertext a can only be decrypted by using the first private key of the first SM2 public and private key to obtain the plaintext a, so that the security of data interaction is effectively increased.
Optionally, performing symmetric key authentication according to the second SM4 shared key and the first SM4 shared key of the client, includes:
and when the second plaintext is determined to be legal, returning information that the symmetric key passes authentication, wherein the second ciphertext is obtained by encrypting the second plaintext by the client according to the first SM4 shared key.
In an embodiment, the first SM4 shared key of the client encrypts the second plaintext to obtain a second ciphertext and sends the second ciphertext to the server, and the server decrypts the second ciphertext according to the second SM4 shared key to obtain the second plaintext. In addition, when the client determines that the second plaintext is legal, the client sends the authenticated information to the client. Wherein, the first SM4 shared key and the second SM4 shared key are a pair of symmetric keys.
Optionally, before performing asymmetric key authentication according to the second SM2 public-private key and the first SM2 public-private key of the client, the method includes:
and recording the second SM2 public and private key and the current timestamp in an SQL database of the server.
In one embodiment, based on HTTPS protocol, the client and the server first generate a pair of public and private keys through an elliptic curve before each communication. And before the asymmetric key authentication is carried out between the server and the client, the server records the second public key, the second private key and the current timestamp in an SQL database of the server. The SQL (Structured Query Language) is a database Language with multiple functions of data manipulation and data definition, and has the interactive characteristic, which can provide great convenience for users, and the database management system should make full use of the SQL Language to improve the working quality and efficiency of the computer application system. Because the SQL Servers database management system has higher data management performance, the application range is very wide due to the superior performance, and the SQL Servers database management system is widely applied to server and client system structures.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the data interaction method according to any one of claims 1 to 9 are implemented.
In an embodiment, a computer program may be stored in a computer readable storage medium, which when executed by a processor may implement the steps of the various method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like which is the control center for the computer device and which connects the various parts of the overall computer device using various interfaces and lines.
Referring to fig. 3, a flowchart of a data interaction method provided in the present application is shown.
In one embodiment, the client and the server synchronously run in a bidirectional interaction mode.
Based on an HTTPS protocol, an HTTPS safety channel is suggested by default between the WEB client and the WEB server.
The data interaction method comprises the following processes:
s1, generating a first SM2 public and private key on a WEB client, wherein the first SM2 public and private key comprises a first public key PK1 and a first private key SK1. Meanwhile, a second SM2 public and private key is generated on the WEB server, which includes a second public key PK2 and a second private key SK2.
And S2, exchanging the PK1 of the WEB client with the PK2 of the WEB server.
S3, the WEB client encrypts the first plaintext according to PK2 to obtain a first ciphertext, SK1 signs the first ciphertext, and the signed first ciphertext is sent to the WEB server. The WEB server verifies and signs the first ciphertext according to the PK1, and the SK2 decrypts the first ciphertext to obtain a first plaintext, and judges the validity of the decrypted first plaintext. And if the authentication is legal, returning the information passing the authentication to the client.
And S4, the WEB client and the WEB server negotiate to obtain a first SM4 shared key and a second SM4 shared key.
And S5, the WEB client encrypts a second plaintext according to the first SM4 shared key to obtain a second ciphertext and sends the second ciphertext to the WEB server. And the WEB server decrypts the second ciphertext according to the second SM4 shared key to obtain a second plaintext, and judges the legality of the decrypted second plaintext. And if the authentication is legal, returning the information passing the authentication to the client side, and establishing a security channel between the WEB client side and the WEB service side by taking the SM4 shared key as a cryptographic algorithm.
In addition, before the step of establishing the secure channel between the WEB client and the WEB server with the SM4 shared key as the cryptographic algorithm, the method further comprises the step of judging whether the SM4 key is overtime, and if the SM4 key is overtime, the method returns to the step 1.
According to the data interaction method and the readable storage medium, the national secret code algorithm is added to the WEB application client on the basis of the HTTPS protocol so as to perform secondary identity authentication and secondary encryption on the data, and the security of data interaction is effectively improved.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims (10)

1. A data interaction method is applied to a client side and is characterized by comprising the following steps:
acquiring a first SM2 public and private key;
performing asymmetric key authentication according to the first SM2 public and private key and a second SM2 public and private key of the server;
responding to the passing of the asymmetric key authentication, and acquiring a first SM4 shared key;
performing symmetric key authentication according to the first SM4 shared key and a second SM4 shared key of the server;
and responding to the passing of the symmetric key authentication, encrypting target data according to the first SM4 shared key, and sending the encrypted target data to the server, so that the server decrypts the target data according to the second SM4 shared key to obtain the target data.
2. The data interaction method according to claim 1, wherein performing asymmetric key authentication according to the first SM2 public and private key and a second SM2 public and private key of the server includes:
sending a first public key in the first SM2 public and private key to the server, and receiving a second public key in the second SM2 public and private key of the server;
encrypting a first plaintext according to the second public key to obtain a first ciphertext, and signing the first ciphertext by using a first private key in the first SM2 public private key;
and sending the signed first ciphertext to the server side, so that the server side checks the signature of the first ciphertext according to the first public key, decrypts the first ciphertext after checking the signature according to a second private key in the second SM2 public and private keys to obtain the first plaintext, and when the first plaintext is determined to be legal, returning information that asymmetric key authentication passes.
3. The data interaction method according to claim 2, wherein before performing asymmetric key authentication according to the first SM2 public and private key and a second SM2 public and private key of a server, the method comprises:
and recording the first SM2 public and private key and the current timestamp in a current process memory.
4. The data interaction method of claim 1, wherein performing symmetric key authentication with a second SM4 shared key of a server according to the first SM4 shared key comprises:
encrypting a second plaintext according to the first SM4 shared key to obtain a second ciphertext, sending the second ciphertext to the server, enabling the server to decrypt the second ciphertext according to the second SM4 shared key to obtain a second plaintext, and returning information that symmetric key authentication passes when the second plaintext is determined to be legal.
5. The data interaction method of claim 1, wherein after the symmetric key authentication is passed, further comprising:
and judging whether the validity of the first SM4 shared key is overtime, and if so, returning to the step of obtaining the first SM2 public and private keys.
6. A data interaction method is applied to a server side and is characterized by comprising the following steps:
acquiring a second SM2 public and private key;
performing asymmetric key authentication according to the second SM2 public and private key and the first SM2 public and private key of the client;
responding to the passing of the asymmetric key authentication, and acquiring a second SM4 shared key;
performing symmetric key authentication according to the second SM4 shared key and the first SM4 shared key of the client;
and in response to the passing of the symmetric key authentication, decrypting the target data sent by the client according to the second SM4 shared key to obtain the target data, wherein the target data is encrypted by the client by adopting the first SM4 shared key.
7. The data interaction method according to claim 6, wherein the performing asymmetric key authentication with the first SM2 public and private key of the client according to the second SM2 public and private key comprises:
sending a second public key in the second SM2 public and private key to the client, and receiving a first public key in the first SM2 public and private key of the client;
and when the first plaintext is determined to be legal, returning information that the asymmetric key passes the authentication, wherein the first ciphertext is obtained by encrypting the first plaintext by the second public key of the client and signing by using the first private key in the first SM2 public private key.
8. The data interaction method of claim 6, wherein performing symmetric key authentication with the first SM4 shared key of the client according to the second SM4 shared key comprises:
and decrypting a second ciphertext sent by the client according to the second SM4 shared key to obtain a second plaintext, and returning information that symmetric key authentication passes when the second plaintext is determined to be legal, wherein the second ciphertext is obtained by encrypting the second plaintext by the client according to the first SM4 shared key.
9. The data interaction method according to claim 6, wherein before performing asymmetric key authentication with the first SM2 public and private key of the client according to the second SM2 public and private key, the method comprises:
and recording the second SM2 public and private key and the current timestamp in an SQL database of the server.
10. A computer-readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the data interaction method according to any one of claims 1 to 9.
CN202211214154.1A 2022-09-30 2022-09-30 Data interaction method and readable storage medium Pending CN115514480A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211214154.1A CN115514480A (en) 2022-09-30 2022-09-30 Data interaction method and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211214154.1A CN115514480A (en) 2022-09-30 2022-09-30 Data interaction method and readable storage medium

Publications (1)

Publication Number Publication Date
CN115514480A true CN115514480A (en) 2022-12-23

Family

ID=84508334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211214154.1A Pending CN115514480A (en) 2022-09-30 2022-09-30 Data interaction method and readable storage medium

Country Status (1)

Country Link
CN (1) CN115514480A (en)

Similar Documents

Publication Publication Date Title
US11677729B2 (en) Secure multi-party protocol
US11323276B2 (en) Mutual authentication of confidential communication
US11108565B2 (en) Secure communications providing forward secrecy
US10785019B2 (en) Data transmission method and apparatus
US8719952B1 (en) Systems and methods using passwords for secure storage of private keys on mobile devices
CA2446304C (en) Use and generation of a session key in a secure socket layer connection
KR100979576B1 (en) Methods for remotely changing a communications password
US20100031051A1 (en) Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP
CN112910843B (en) Data transmission method, electronic device, server, mobile terminal and storage medium
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
JP2022521525A (en) Cryptographic method for validating data
CN112738133A (en) RSA authentication method
WO2018076798A1 (en) Method and apparatus for transmitting data
CN112291179B (en) Method, system and device for realizing equipment authentication
Panda et al. An improved authentication and security scheme for LTE/LTE-A networks
TW200803392A (en) Method, device, server arrangement, system and computer program products for securely storing data in a portable device
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
CN115514480A (en) Data interaction method and readable storage medium
KR101388452B1 (en) Method of migrating certificate to mobile terminal using certificate transmission server based on one-time public information and apparatus using the same
CN112822015A (en) Information transmission method and related device
CN112087467A (en) Information encryption transmission method and system based on web system
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
KR100401063B1 (en) the method and the system for passward based key change
EP4195590A1 (en) Secure data transmission
KR20190135145A (en) Method for Protecting Information Using White-Box Cryptography Under Web Standard Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination