WO2020042023A1 - Instant messaging data encryption method and apparatus - Google Patents

Instant messaging data encryption method and apparatus Download PDF

Info

Publication number
WO2020042023A1
WO2020042023A1 PCT/CN2018/103051 CN2018103051W WO2020042023A1 WO 2020042023 A1 WO2020042023 A1 WO 2020042023A1 CN 2018103051 W CN2018103051 W CN 2018103051W WO 2020042023 A1 WO2020042023 A1 WO 2020042023A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
client
group
information
data
Prior art date
Application number
PCT/CN2018/103051
Other languages
French (fr)
Chinese (zh)
Inventor
袁振南
林正显
陈国豪
Original Assignee
区链通网络有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 区链通网络有限公司 filed Critical 区链通网络有限公司
Priority to PCT/CN2018/103051 priority Critical patent/WO2020042023A1/en
Priority to CN201880002437.5A priority patent/CN109845184A/en
Publication of WO2020042023A1 publication Critical patent/WO2020042023A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present application relates to the field of network communication technologies, and in particular, to a data encryption method and device for instant communication.
  • the technical problem mainly solved by this application is to provide a data encryption method and device for instant communication, which can improve the security of communication information.
  • a technical solution adopted in the present application is to provide a data encryption method for instant communication, wherein the method includes: the first client generates a random number, and combines the random number and a group password to obtain Password data source; use hash algorithm to calculate password data source to obtain information password; use information password to encrypt communication data.
  • a technical solution adopted in the present application is to provide a data encryption device for instant communication, wherein the device includes a processor, and the processor is configured to generate a random number and combine the random number with a group password.
  • the password data source is obtained; the processor is also used to calculate the password data source by using a hash algorithm to obtain the information password; the processor is also used to encrypt the communication data by using the information password.
  • a data encryption device for instant communication wherein the device includes: a generating module for generating a random number, and performing the random number and the group password.
  • the combination obtains the password data source;
  • the calculation module is used to calculate the password data source using a hash algorithm to obtain the information password;
  • the encryption module is used to encrypt the communication data using the information password.
  • another technical solution adopted in the present application is to provide a device having a storage function, wherein the device stores a program, and when the program is executed, the data encryption method for real-time communication is implemented.
  • this application provides a data encryption method for instant communication. This method adds a random number to the password when the information is encrypted, so that each message sent will have a different The password is encrypted to improve the forward and backward password security of each message.
  • FIG. 1 is a schematic flowchart of a first embodiment of a data encryption method for instant communication according to the present application
  • FIG. 2 is a schematic flowchart of a second embodiment of a data encryption method for instant communication according to the present application
  • FIG. 3 is a schematic flowchart of a third embodiment of a data encryption method for instant communication according to the present application.
  • FIG. 4 is a schematic flowchart of a fourth embodiment of a data encryption method for instant communication according to the present application.
  • FIG. 5 is a schematic structural diagram of a first embodiment of a data encryption device for instant communication according to the present application.
  • FIG. 6 is a schematic structural diagram of a second embodiment of a data encryption device for instant communication according to the present application.
  • FIG. 7 is a schematic structural diagram of a first embodiment of a device with a storage function according to the present application.
  • This application provides a data encryption method for instant communication, which is applied at least in group chat information encryption, and improves the security of group chat communication by changing the group password transmission method and the group information encryption method.
  • the present application uses the Diffie-Hellman key exchange protocol (hereinafter referred to as the DH protocol), so that the communicating parties first determine a "negotiation key", and then This key is used as a symmetric key in subsequent communications to encrypt the information carrying the group password.
  • DH protocol Diffie-Hellman key exchange protocol
  • FIG. 1 is a schematic flowchart of a first embodiment of a data encryption method for instant messaging according to the present application.
  • the group password needs to be transferred, and the group password is encrypted when the group password is transferred.
  • the first client creates a group, and a password is randomly generated as the group password when the group is created. For example, you can randomly generate a 64-bit random password as the group password.
  • the first client invites the second client to join the group chat.
  • the group password needs to be sent to the second client.
  • the first client is provided with a public key A and a private key A for encryption; the second client is provided with a public key B and a private key B for encryption.
  • the first client and the second client exchange the public key A and the public key B through the server; the first client uses the private key A and the public key B to calculate a DH password through the DH protocol, and uses the DH password as The symmetric password encrypts the information carrying the group password, and then sends the encrypted information carrying the group password to the second client.
  • the second client uses the private key B and the public key A to calculate the DH password through the DH protocol.
  • the DH password calculated by the second client is the same as the password calculated by the first client.
  • the group password encryption also uses a symmetric encryption method. Therefore, the second client can use the DH password to decrypt the information carrying the group password to obtain the group password.
  • the two parties can determine a "negotiation key" in an insecure network without communicating in advance, which can prevent the risk of leakage of the key negotiated by the two parties online.
  • the calculated DH password includes its own private key and the other's public key parameters; so even if hacked, the hacker only knows the public key A and the public key B, because it does not know the private key of either party, it cannot be calculated
  • the DH password can improve the security of information.
  • FIG. 2 is a schematic flowchart of a second embodiment of a data encryption method for instant messaging according to the present application.
  • the first client uses the private key A and the public key B to calculate a DH password through an ECDH algorithm (Elliptic Curves Diffie-Hellman, ECDH).
  • the ECDH algorithm is a combination of ECC (Elliptic Curves Cryptography, Elliptic Curve Cryptography) algorithm and DH. It is a key agreement algorithm used for key negotiation.
  • the first 256 bits of the string are used as the information password to encrypt the information, and the last 128 bits of the string are used as the hash value (IV vector).
  • the information carrying the group password is encrypted by using a symmetric encryption method, and the encrypted group password is obtained and sent. Specifically, the information carrying the group password and the hash value of the information are encrypted as the original data; so that the data receiver can use the hash value to check the integrity of the information.
  • Symmetric encryption algorithms include DES (Data Encryption Standard), AES (Advanced Encryption Standard), IDEA (International Data Encryption Algorithm), and so on.
  • the present application when the group password is transmitted, the present application may also be transmitted by using asymmetric encryption to improve the security of information transmission.
  • the first client uses the public key B of the second client to encrypt the group password, and sends the encrypted password to the second client.
  • the second client uses its own private key B to decrypt and obtain Group password.
  • asymmetric encryption to transfer the password, the security of one-way transmission is improved. This is because different clients have different public keys and corresponding private keys. Therefore, each client can only download a group password that can be decrypted by its private key.
  • the present application provides a method for encrypting information.
  • the original information password is derived from the new information password to improve the confidentiality of the original information password.
  • FIG. 3 is a schematic flowchart of a third embodiment of a data encryption method for instant communication according to the present application. In this embodiment, the method includes the following steps:
  • S301 The first client generates a random number, and combines the random number and a group password to obtain a password data source.
  • the random number is data of a predetermined number of bits, and different information corresponds to that the random number is different.
  • the group password is obtained by the first client being invited into the group, or randomly generated when the group is established.
  • S302 Use a hash algorithm to calculate a password data source to obtain an information password.
  • the hash data is used to encrypt the password data source to protect the password more securely.
  • a digest with a fixed length is obtained after being encrypted by the hash, and the digest corresponding to each file is unique. Therefore, the digest is also called a file fingerprint and can be used to securely save the password.
  • the file fingerprint can be used to judge the integrity of the file.
  • S303 Encrypt the communication data by using the information password.
  • symmetric encryption is used to encrypt communication data to increase the speed of encryption and decryption, facilitate password management, and adapt to group encrypted chat.
  • FIG. 4 is a schematic flowchart of a fourth embodiment of a data encryption method for instant messaging according to the present application.
  • a 512-bit password is randomly generated as a random number, and this random number and the public group password constitute a separate password data source for the information.
  • a hash algorithm is used to calculate the password data source to obtain the information password.
  • the SHA512 algorithm is used to calculate the password information source to obtain a 512-bit string.
  • the first 256 bits of the string are used as the AES password, and the last 128 bits are used as the IV vector.
  • the information to be sent and the hash value of the information are used as The raw data is AES-encrypted.
  • the encrypted data consists of two parts, the first half of the message (head) is a 512-bit random number, and the second half of the message (body) is the encrypted message.
  • the present application also provides a data encryption device for instant communication.
  • FIG. 5 is a schematic structural diagram of a first embodiment of a data encryption device for instant communication of the present application.
  • the encryption device 50 includes a processor 501.
  • the processor 501 is configured to generate a random number and combine the random number with a group password to obtain a cryptographic data source; and then use a hash algorithm to calculate the cryptographic data source to obtain information Password; Finally, the communication data is encrypted with the information password.
  • the processor 501 randomly generates a different random number.
  • the processor 501 is specifically configured to use the SHA512 algorithm to calculate a password data source to obtain a 512-bit character string, and use the first 256 bits of the character string as the information password.
  • the processor 501 is further configured to receive a group password encrypted by a DH password, wherein the DH password is calculated by the second client using the Diffie-Herman key exchange protocol; the processor 501 It is also used to calculate the DH password by using the Diffie-Herman key exchange protocol, and use the DH password to decrypt the encrypted group password to obtain the group password.
  • the processor 501 is further configured to establish a group and randomly generate a group digit of a group password, and then use the Diffie-Herman key exchange protocol to calculate a DH password, and use the DH password.
  • the DH password encrypts the group password.
  • the DH password calculated by using the Diffie-Herman key exchange protocol includes: the first client is used to calculate the DH password by using the public key of the second client and the private key of the first client; the second client uses The DH password is calculated by using the public key of the first client and the private key of the second client.
  • the DH password calculated by the first client and the second client is the same.
  • the data encryption device for instant communication is used to perform the data encryption method for instant communication described above, which encrypts information data and has corresponding beneficial effects.
  • the device may be an independent device independent of the client, or may be a module or a processing unit in the client.
  • FIG. 6 is a schematic structural diagram of a second embodiment of a data encryption device for instant communication according to the present application.
  • the encryption device 60 is a certain processing module on the client side, and specifically includes a generation module 601, a calculation module 602, and an encryption module 603.
  • the generation module 601 is used to generate a random number, which is obtained by combining the random number and the group password.
  • a cryptographic data source; a computing module 602 is configured to calculate a cryptographic data source by using a hash algorithm to obtain an information password; an encryption module 603 is configured to use the information password to encrypt communication data.
  • the generating module is specifically configured to randomly generate a different random number each time a piece of information is sent.
  • the encryption device further includes a receiving module and a decryption module.
  • the receiving module is configured to receive the group password encrypted by the DH password.
  • the DH password is a second client using the Diffie-Herman key exchange. Calculated by the protocol; the decryption module is used to calculate the DH password using the Diffie-Herman key exchange protocol, and uses the DH password to decrypt the encrypted group password to obtain the group password.
  • the data encryption device for instant communication is used to perform the above-mentioned data encryption method for instant communication, which encrypts information data and has corresponding beneficial effects. For specific processes, please refer to the description of the foregoing embodiments, and details are not described herein again.
  • the present application further provides a device with a storage function.
  • FIG. 7 is a schematic structural diagram of a first embodiment of a device with a storage function according to the present application.
  • the storage device 70 stores a program 701.
  • the program 701 When the program 701 is executed, the data encryption method for real-time communication is implemented.
  • the specific working process is the same as in the above method embodiment, so it is not repeated here.
  • the device having a storage function may be a portable storage medium such as a U disk, an optical disk, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), or a magnetic disk.
  • the medium storing the program code may also be a terminal, a server, or the like.
  • this application provides a data encryption method for instant communication.
  • this group encryption method since the server does not store the client password, the security is in the hands of the client, and each message sent by the client will have Different passwords are encrypted to improve the forward and backward password security of each message.
  • the disclosed systems, devices, and methods may be implemented in other ways.
  • the device implementations described above are only schematic.
  • the division of the modules or units is only a logical function division.
  • multiple units or components may be divided.
  • the combination can either be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, which may be electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objective of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each of the units may exist separately physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
  • the integrated unit When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially a part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium. It includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to perform all or part of the steps of the method described in each embodiment of the present application.

Abstract

Disclosed in the present application are an instant messaging data encryption method and apparatus. The method comprises: performing calculation on a password data source using a Hash algorithm to obtain an information password; and encrypting communication data using the information password. By using the approach above, the present application can improve the security of communication information.

Description

一种即时通信的数据加密方法及装置Data encryption method and device for instant communication 【技术领域】[Technical Field]
本申请涉及网络通信技术领域,特别是涉及一种即时通信的数据加密方法及装置。The present application relates to the field of network communication technologies, and in particular, to a data encryption method and device for instant communication.
【背景技术】【Background technique】
随着网络通信技术的发展,即时通信技术逐渐成为双方的交流方式,也是多方交流的信息平台。在通过即时通信方式进行交流时,为了确保信息安全,需要对信息进行加密。本申请的发明人在长期的研发过程中,发现目前的群聊通信中,加密技术是通过采取密码对称加密的方式对客户端之间的通信信息进行安全保护,且这个密码保存在服务器上,当有新客户端加入该群的时候,服务器将密码‘分享’给该用户。这种使得群通信完全依赖于群密码,而群密码分布在每个客户端以及服务器后台,通信安全风险缺口明显,一旦服务器被破解,整个系统的安全性就被瓦解。因此,需要一种既安全,又高效的加密技术方案来解决信息通信问题。With the development of network communication technology, instant communication technology has gradually become a communication mode for both parties and an information platform for multi-party communication. When communicating through instant messaging, to ensure information security, the information needs to be encrypted. In the long-term research and development process, the inventor of the present application found that in the current group chat communication, the encryption technology uses password symmetric encryption to secure the communication information between the clients, and this password is stored on the server. When a new client joins the group, the server 'shares' the password with the user. This makes group communication completely dependent on group passwords, and group passwords are distributed on the back of each client and server. The communication security risk gap is obvious. Once the server is cracked, the security of the entire system is broken. Therefore, a secure and efficient encryption technology solution is needed to solve the problem of information communication.
【发明内容】[Summary of the Invention]
本申请主要解决的技术问题是提供一种即时通信的数据加密方法及装置,能够提高通信信息的安全性。The technical problem mainly solved by this application is to provide a data encryption method and device for instant communication, which can improve the security of communication information.
为解决上述技术问题,本申请采用的一个技术方案是:提供一种即时通信的数据加密方法,其中,所述方法包括:第一客户端生成一个随机数,将随机数与群密码进行组合得到密码数据源;利用哈希算法对密码数据源进行计算得到信息密码;利用信息密码对通信数据进行加密。In order to solve the above technical problem, a technical solution adopted in the present application is to provide a data encryption method for instant communication, wherein the method includes: the first client generates a random number, and combines the random number and a group password to obtain Password data source; use hash algorithm to calculate password data source to obtain information password; use information password to encrypt communication data.
为解决上述技术问题,本申请采用的一个技术方案是:提供一种即时通信的数据加密装置,其中,所述装置包括处理器,处理器用于生成一个随机数,将随机数与群密码进行组合得到密码数据源;处理器还用于利用哈希算法对密码数据源进行计算得到信息密码;处理器还用于利用信息密码对通信数据进行加密。In order to solve the above technical problem, a technical solution adopted in the present application is to provide a data encryption device for instant communication, wherein the device includes a processor, and the processor is configured to generate a random number and combine the random number with a group password. The password data source is obtained; the processor is also used to calculate the password data source by using a hash algorithm to obtain the information password; the processor is also used to encrypt the communication data by using the information password.
为解决上述技术问题,本申请采用的另一个技术方案是:提供一种即时通信的数据加密装置,其中,所述装置包括:生成模块,用于生成一个随机数,将随机数与群密码进行组合得到密码数据源;计算模块,用于利用哈希算法对密码数据源进行计算得到信息密码;加密模块,用于利用信息密码对通信数据进行加密。In order to solve the above technical problem, another technical solution adopted in the present application is to provide a data encryption device for instant communication, wherein the device includes: a generating module for generating a random number, and performing the random number and the group password. The combination obtains the password data source; the calculation module is used to calculate the password data source using a hash algorithm to obtain the information password; the encryption module is used to encrypt the communication data using the information password.
为解决上述技术问题,本申请采用的另一个技术方案是:提供一种具有存储功能的装置,其中,所述装置存储有程序,所述程序被执行时实现上述的即时通信的数据加密方法。In order to solve the above technical problem, another technical solution adopted in the present application is to provide a device having a storage function, wherein the device stores a program, and when the program is executed, the data encryption method for real-time communication is implemented.
本申请的有益效果是:区别于现有技术的情况,本申请提供一种即时通信的数据加密方法,该方法通过在信息加密时对密码加入随机数,使每一条发出的信息都会有不同的密码进行加密,提高了每条信息的前后向密码安全。The beneficial effect of this application is: Different from the situation of the prior art, this application provides a data encryption method for instant communication. This method adds a random number to the password when the information is encrypted, so that each message sent will have a different The password is encrypted to improve the forward and backward password security of each message.
【附图说明】[Brief Description of the Drawings]
图1是本申请即时通信的数据加密方法第一实施方式的流程示意图;FIG. 1 is a schematic flowchart of a first embodiment of a data encryption method for instant communication according to the present application;
图2是本申请即时通信的数据加密方法第二实施方式的流程示意图;2 is a schematic flowchart of a second embodiment of a data encryption method for instant communication according to the present application;
图3是本申请即时通信的数据加密方法第三实施方式的流程示意图;3 is a schematic flowchart of a third embodiment of a data encryption method for instant communication according to the present application;
图4是本申请即时通信的数据加密方法第四实施方式的流程示意图;4 is a schematic flowchart of a fourth embodiment of a data encryption method for instant communication according to the present application;
图5是本申请即时通信的数据加密装置第一实施方式的结构示意图;5 is a schematic structural diagram of a first embodiment of a data encryption device for instant communication according to the present application;
图6是本申请即时通信的数据加密装置第二实施方式的结构示意图;6 is a schematic structural diagram of a second embodiment of a data encryption device for instant communication according to the present application;
图7是本申请具有存储功能的装置第一实施方式的结构示意图。FIG. 7 is a schematic structural diagram of a first embodiment of a device with a storage function according to the present application.
【具体实施方式】【detailed description】
为使本申请的目的、技术方案及效果更加清楚、明确,以下参照附 图并举实施例对本申请进一步详细说明。In order to make the purpose, technical solution, and effect of this application more clear and definite, the application is further described in detail below with reference to the accompanying drawings and examples.
本申请提供一种即时通信的数据加密方法,至少应用在群聊信息加密中,通过改变群密码的传递方式以及群信息的加密方式,来提高群聊通信的安全性。This application provides a data encryption method for instant communication, which is applied at least in group chat information encryption, and improves the security of group chat communication by changing the group password transmission method and the group information encryption method.
其中,本申请在进行群密码传递时,利用迪菲-赫尔曼密钥交换协议(Diffie–Hellman key Exchange,后文简称DH协议),使通信双方先确定一个“协商密钥”,然后再用这个密钥在后续的通信中作为对称密钥来对携带群密码的信息进行加密。通过这种方式,能够避免双方网上协商密钥带来的泄露风险,提高密码传递的安全性。Wherein, in the group password transmission, the present application uses the Diffie-Hellman key exchange protocol (hereinafter referred to as the DH protocol), so that the communicating parties first determine a "negotiation key", and then This key is used as a symmetric key in subsequent communications to encrypt the information carrying the group password. In this way, it is possible to avoid the risk of leakage of the keys negotiated online by both parties and improve the security of password transmission.
其中,在一实施方式中,本申请提供一种群密码的传递方法。请参阅图1,图1是本申请即时通信的数据加密方法第一实施方式的流程示意图。在该实施方式中,需要对群密码进行传递,且在传递群密码时对群密码进行加密。Among them, in one embodiment, the present application provides a method for transmitting a group password. Please refer to FIG. 1. FIG. 1 is a schematic flowchart of a first embodiment of a data encryption method for instant messaging according to the present application. In this embodiment, the group password needs to be transferred, and the group password is encrypted when the group password is transferred.
具体地,第一客户端创建一个群组,在创建群组时随机生成一个密码为群密码。例如,可以随机生成一个64位的随机密码作为群密码。Specifically, the first client creates a group, and a password is randomly generated as the group password when the group is created. For example, you can randomly generate a 64-bit random password as the group password.
第一客户端邀请第二客户端加入群聊,在邀请第二客户端进行群聊时,需要把群密码发送给第二客户端。The first client invites the second client to join the group chat. When the second client is invited to the group chat, the group password needs to be sent to the second client.
其中,第一客户端设有用于加密的公钥A和私钥A;第二客户端设有用于加密的公钥B和私钥B。具体地,第一客户端、第二客户端通过服务器互相交换公钥A和公钥B;第一客户端利用私钥A和公钥B通过DH协议进行计算得到DH密码,利用该DH密码作为对称密码对携带群密码的信息进行加密,然后把加密后的携带群密码的信息发送给第二客户端。The first client is provided with a public key A and a private key A for encryption; the second client is provided with a public key B and a private key B for encryption. Specifically, the first client and the second client exchange the public key A and the public key B through the server; the first client uses the private key A and the public key B to calculate a DH password through the DH protocol, and uses the DH password as The symmetric password encrypts the information carrying the group password, and then sends the encrypted information carrying the group password to the second client.
第二客户端利用私钥B和公钥A通过DH协议进行计算得到DH密码,其中,第二客户端计算出来的DH密码与第一客户端计算出来的密码相同。群密码加密又使用的是对称加密方式,因此,第二客户端可以利用该DH密码对携带群密码的信息进行解密,获取群密码。The second client uses the private key B and the public key A to calculate the DH password through the DH protocol. The DH password calculated by the second client is the same as the password calculated by the first client. The group password encryption also uses a symmetric encryption method. Therefore, the second client can use the DH password to decrypt the information carrying the group password to obtain the group password.
通过这种方式,可以使双方无需预先沟通,在不安全的网络中即可确定一个“协商密钥”,能够避免双方网上协商密钥带来的泄露风险。同 时,计算出来的DH密码包括自己的私钥和对方的公钥两个参数;这样即使被黑客攻击,黑客只知道公钥A和公钥B,因为不知道任意一方的私钥,所以无法计算出DH密码,能够提高信息的安全性。In this way, the two parties can determine a "negotiation key" in an insecure network without communicating in advance, which can prevent the risk of leakage of the key negotiated by the two parties online. At the same time, the calculated DH password includes its own private key and the other's public key parameters; so even if hacked, the hacker only knows the public key A and the public key B, because it does not know the private key of either party, it cannot be calculated The DH password can improve the security of information.
请参阅图2,图2是本申请即时通信的数据加密方法第二实施方式的流程示意图。在该实施方式中,第一客户端利用私钥A和公钥B通过ECDH算法(Elliptic Curves Diffie-Hellman,ECDH)计算出DH密码。其中ECDH算法是ECC(Elliptic Curves Cryptography,椭圆曲线加密)算法和DH的结合使用,是一种密钥协商算法,用于密钥磋商。Please refer to FIG. 2, which is a schematic flowchart of a second embodiment of a data encryption method for instant messaging according to the present application. In this embodiment, the first client uses the private key A and the public key B to calculate a DH password through an ECDH algorithm (Elliptic Curves Diffie-Hellman, ECDH). The ECDH algorithm is a combination of ECC (Elliptic Curves Cryptography, Elliptic Curve Cryptography) algorithm and DH. It is a key agreement algorithm used for key negotiation.
然后再利用哈希算法对DH密码进行计算得到预定位数的字符串;例如,可以利用SHA512算法对DH密码进行计算得到一串512位的字符串。取字符串的前256位作为信息密码对信息进行加密,取字符串的后128位作为哈希值(IV向量)。其中利用对称加密的方式对携带群密码的信息进行加密,得到加密后的群密码进行发送。具体地,将携带群密码的信息以及该信息的哈希值作为原始数据进行加密;以使数据接收方可以利用哈希值检查信息的完整性。对称加密算法包括DES(Data Encryption Standard)、AES(Advanced Encryption Standard)、IDEA(International Data Encryption Algorithm)等等。Then use the hash algorithm to calculate the DH password to obtain a string of predetermined digits; for example, you can use the SHA512 algorithm to calculate the DH password to obtain a string of 512 bits. The first 256 bits of the string are used as the information password to encrypt the information, and the last 128 bits of the string are used as the hash value (IV vector). The information carrying the group password is encrypted by using a symmetric encryption method, and the encrypted group password is obtained and sent. Specifically, the information carrying the group password and the hash value of the information are encrypted as the original data; so that the data receiver can use the hash value to check the integrity of the information. Symmetric encryption algorithms include DES (Data Encryption Standard), AES (Advanced Encryption Standard), IDEA (International Data Encryption Algorithm), and so on.
其中,在另一实施方式中,本申请在进行群密码传递时,还可以利用非对称加密的方式进行传输,以提高信息传递的安全性。在该实施方式中,第一客户端利用第二客户端的公钥B对群密码进行加密,加密后发送给第二客户端,此时,第二客户端利用自己的私钥B进行解密,获取群密码。通过利用非对称加密的方式进行密码的传递,提高了单向传输的安全性。这是因为不同客户端的公钥不同,对应的私钥也不同,因此,每一个客户端只能下载通过自己私钥能解密的群密码。Wherein, in another embodiment, when the group password is transmitted, the present application may also be transmitted by using asymmetric encryption to improve the security of information transmission. In this embodiment, the first client uses the public key B of the second client to encrypt the group password, and sends the encrypted password to the second client. At this time, the second client uses its own private key B to decrypt and obtain Group password. By using asymmetric encryption to transfer the password, the security of one-way transmission is improved. This is because different clients have different public keys and corresponding private keys. Therefore, each client can only download a group password that can be decrypted by its private key.
群成员在获得群密码后,就可以在群聊时用这一群密码对信息进行加密。但每条信息如果只用同一个密码加密,那么一旦密码被泄漏所有信息都会变得透明,因此密码需要增加随机性来确保每条信息是有单独的加密密码。基于此,本申请提供一种信息加密的方法,通过在每一条信息的密码中附加一些随机数据,将原始信息密码导出新的信息密码, 提高原始信息密码的保密性。具体地,请参阅图3,图3是本申请即时通信的数据加密方法第三实施方式的流程示意图。在该实施方式中,该方法包括如下步骤:After the group members obtain the group password, they can use this group password to encrypt the information during the group chat. However, if each message is encrypted with the same password, all information will become transparent once the password is leaked. Therefore, the password needs to be added with randomness to ensure that each message has a separate encrypted password. Based on this, the present application provides a method for encrypting information. By appending some random data to the password of each message, the original information password is derived from the new information password to improve the confidentiality of the original information password. Specifically, please refer to FIG. 3, which is a schematic flowchart of a third embodiment of a data encryption method for instant communication according to the present application. In this embodiment, the method includes the following steps:
S301:第一客户端生成一个随机数,将随机数与群密码进行组合得到密码数据源。S301: The first client generates a random number, and combines the random number and a group password to obtain a password data source.
其中,随机数为预定位数的数据,不同信息对应是随机数是不同的。群密码为第一客户端被邀请进群获取的,或建立群组时随机生成的,具体获取方式请参阅上述实施方式的描述,在此不再赘述。The random number is data of a predetermined number of bits, and different information corresponds to that the random number is different. The group password is obtained by the first client being invited into the group, or randomly generated when the group is established. For the specific acquisition method, refer to the description of the foregoing embodiment, and details are not described herein again.
S302:利用哈希算法对密码数据源进行计算得到信息密码。S302: Use a hash algorithm to calculate a password data source to obtain an information password.
其中,利用哈希算法对密码数据源进行加密,以更安全的保护密码。具体地,被哈希加密后会得出一段长度固定的摘要(digest),并且每一个文件对应的摘要都是独一无二的,所以摘要也被称作文件指纹,可用于对密码进行安全保存。另外,任何文件即使被修改了一个字符,它的指纹也会变得完全不同,所以文件指纹可以被用来判断文件的完整性。Among them, the hash data is used to encrypt the password data source to protect the password more securely. Specifically, a digest with a fixed length is obtained after being encrypted by the hash, and the digest corresponding to each file is unique. Therefore, the digest is also called a file fingerprint and can be used to securely save the password. In addition, even if a file is modified by one character, its fingerprint will become completely different, so the file fingerprint can be used to judge the integrity of the file.
S303:利用信息密码对通信数据进行加密。S303: Encrypt the communication data by using the information password.
其中,利用对称加密的方式对通信数据进行加密,以提高加解密速度,也便于密码管理,适应群组加密聊天。Among them, symmetric encryption is used to encrypt communication data to increase the speed of encryption and decryption, facilitate password management, and adapt to group encrypted chat.
请参阅图4,图4是本申请即时通信的数据加密方法第四实施方式的流程示意图。在该实施方式中,第一客户端在发送信息时,随机生成一个512位密码作为随机数,将这一随机数与公共群密码组成该信息的单独密码数据源。Please refer to FIG. 4, which is a schematic flowchart of a fourth embodiment of a data encryption method for instant messaging according to the present application. In this embodiment, when the first client sends information, a 512-bit password is randomly generated as a random number, and this random number and the public group password constitute a separate password data source for the information.
利用哈希算法对密码数据源进行计算得到信息密码。例如利用SHA512算法对密码信息源进行计算,得到一个512位的字符串,取该字符串的前256位作为AES密码,后128位作为IV向量,以要发送的信息以及信息的哈希值作为原始数据进行AES加密。加密后的数据有两部分组成,信息的前半部分(head)为512位的随机数,信息的后半部分(body)为加密的信息。A hash algorithm is used to calculate the password data source to obtain the information password. For example, the SHA512 algorithm is used to calculate the password information source to obtain a 512-bit string. The first 256 bits of the string are used as the AES password, and the last 128 bits are used as the IV vector. The information to be sent and the hash value of the information are used as The raw data is AES-encrypted. The encrypted data consists of two parts, the first half of the message (head) is a 512-bit random number, and the second half of the message (body) is the encrypted message.
然后使用私钥签名,再将加密信息发给服务器,由服务器发送给其它成员。Then use the private key to sign, and then send the encrypted information to the server, which will send it to other members.
其他群成员在接收信息时,首先使用发送人的签名公钥验证,验证成功后,使用相应的链密钥生成信息密码,并用信息密码解密。在解密前,还可以利用哈希值校验原始信息的完整性,然后再利用信息密码对信息进行解密。When other group members receive information, they first use the sender's signature public key for verification. After successful verification, they use the corresponding chain key to generate the information password and decrypt it with the information password. Before decryption, you can also use the hash value to verify the integrity of the original information, and then use the information password to decrypt the information.
在此群加密方式下,由于服务器并不保存客户端密码,所以安全性掌握在客户端手中,同时客户端每一条发出的信息都会有不同的密码进行加密,提高了每条信息的前后向密码安全。In this group encryption method, since the server does not store the client password, the security is in the hands of the client. At the same time, each message sent by the client will be encrypted with a different password, which improves the forward and backward password of each message. Safety.
本申请还提供一种即时通信的数据加密装置,请参阅图5,图5是本申请即时通信的数据加密装置第一实施方式的结构示意图。在该实施方式中,加密装置50包括处理器501,处理器501用于生成一个随机数,将随机数与群密码进行组合得到密码数据源;再利用哈希算法对密码数据源进行计算得到信息密码;最后利用信息密码对通信数据进行加密。The present application also provides a data encryption device for instant communication. Please refer to FIG. 5, which is a schematic structural diagram of a first embodiment of a data encryption device for instant communication of the present application. In this embodiment, the encryption device 50 includes a processor 501. The processor 501 is configured to generate a random number and combine the random number with a group password to obtain a cryptographic data source; and then use a hash algorithm to calculate the cryptographic data source to obtain information Password; Finally, the communication data is encrypted with the information password.
其中,在一实施方式中,客户端每发送一条信息,处理器501随机生成一个不同的随机数。In one embodiment, each time a message is sent by the client, the processor 501 randomly generates a different random number.
其中,在一实施方式中,处理器501具体用于利用SHA512算法对密码数据源进行计算得到一个512位的字符串,取字符串的前256位作为信息密码。In one embodiment, the processor 501 is specifically configured to use the SHA512 algorithm to calculate a password data source to obtain a 512-bit character string, and use the first 256 bits of the character string as the information password.
其中,在一实施方式中,处理器501还用于接收被DH密码加密的群密码,其中,DH密码为第二客户端利用迪菲-赫尔曼密钥交换协议计算得到的;处理器501还用于利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用DH密码对加密后的群密码进行解密,获取群密码。Wherein, in an embodiment, the processor 501 is further configured to receive a group password encrypted by a DH password, wherein the DH password is calculated by the second client using the Diffie-Herman key exchange protocol; the processor 501 It is also used to calculate the DH password by using the Diffie-Herman key exchange protocol, and use the DH password to decrypt the encrypted group password to obtain the group password.
其中,在一实施方式中,处理器501还用于建立群组,且随机生成一个预定位数的群密码,然后利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用所述DH密码对所述群密码进行加密。Wherein, in an embodiment, the processor 501 is further configured to establish a group and randomly generate a group digit of a group password, and then use the Diffie-Herman key exchange protocol to calculate a DH password, and use the DH password. The DH password encrypts the group password.
其中,利用迪菲-赫尔曼密钥交换协议计算得到DH密码包括:第一客户端用于利用第二客户端的公钥以及第一客户端的私钥进行计算得到DH密码;第二客户端用于利用第一客户端的公钥以及第二客户端的私钥进行计算得到DH密码;其中,第一客户端、第二客户端计算得到的DH密码相同。The DH password calculated by using the Diffie-Herman key exchange protocol includes: the first client is used to calculate the DH password by using the public key of the second client and the private key of the first client; the second client uses The DH password is calculated by using the public key of the first client and the private key of the second client. The DH password calculated by the first client and the second client is the same.
以上,即时通信的数据加密装置用于执行上述即时通信的数据加密方法,对信息数据进行加密,且具有相应的有益效果,具体过程请参阅上述实施方式的描述,在此不再赘述。其中该装置可以是独立于客户端的独立装置,也可以是客户端中的某一模块,或某一处理单元。In the foregoing, the data encryption device for instant communication is used to perform the data encryption method for instant communication described above, which encrypts information data and has corresponding beneficial effects. For specific processes, please refer to the description of the foregoing embodiments, and details are not described herein again. The device may be an independent device independent of the client, or may be a module or a processing unit in the client.
请参阅图6,图6是本申请即时通信的数据加密装置第二实施方式的结构示意图。在该实施方式中,加密装置60为客户端的某一处理模块,具体包括生成模块601、计算模块602和加密模块603,生成模块601用于生成一个随机数,将随机数与群密码进行组合得到密码数据源;计算模块602用于利用哈希算法对密码数据源进行计算得到信息密码;加密模块603用于利用信息密码对通信数据进行加密。Please refer to FIG. 6, which is a schematic structural diagram of a second embodiment of a data encryption device for instant communication according to the present application. In this embodiment, the encryption device 60 is a certain processing module on the client side, and specifically includes a generation module 601, a calculation module 602, and an encryption module 603. The generation module 601 is used to generate a random number, which is obtained by combining the random number and the group password. A cryptographic data source; a computing module 602 is configured to calculate a cryptographic data source by using a hash algorithm to obtain an information password; an encryption module 603 is configured to use the information password to encrypt communication data.
其中,在一实施方式中,生成模块具体用于在每发送一条信息时,随机生成一个不同的随机数。In one embodiment, the generating module is specifically configured to randomly generate a different random number each time a piece of information is sent.
其中,在一实施方式中,加密装置还包括接收模块和解密模块,接收模块用于接收被DH密码加密的群密码,其中,DH密码为第二客户端利用迪菲-赫尔曼密钥交换协议计算得到的;解密模块用于利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用DH密码对加密后的群密码进行解密,获取群密码。即时通信的数据加密装置用于执行上述即时通信的数据加密方法,对信息数据进行加密,且具有相应的有益效果,具体过程请参阅上述实施方式的描述,在此不再赘述。In one embodiment, the encryption device further includes a receiving module and a decryption module. The receiving module is configured to receive the group password encrypted by the DH password. The DH password is a second client using the Diffie-Herman key exchange. Calculated by the protocol; the decryption module is used to calculate the DH password using the Diffie-Herman key exchange protocol, and uses the DH password to decrypt the encrypted group password to obtain the group password. The data encryption device for instant communication is used to perform the above-mentioned data encryption method for instant communication, which encrypts information data and has corresponding beneficial effects. For specific processes, please refer to the description of the foregoing embodiments, and details are not described herein again.
本申请还提供一种具有存储功能的装置,请参阅图7,图7是本申请具有存储功能的装置第一实施方式的结构示意图。在该实施方式中,存储装置70存储有程序701,程序701被执行时实现上述即时通信的数据加密方法。具体工作过程与上述方法实施例中一致,故在此不再赘述,详细请参阅以上对应方法步骤的说明。其中具有存储功能的装置可以是便携式存储介质如U盘、光盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟等各种可以存储程序代码的介质,也可以是终端、服务器等。The present application further provides a device with a storage function. Please refer to FIG. 7, which is a schematic structural diagram of a first embodiment of a device with a storage function according to the present application. In this embodiment, the storage device 70 stores a program 701. When the program 701 is executed, the data encryption method for real-time communication is implemented. The specific working process is the same as in the above method embodiment, so it is not repeated here. For details, please refer to the description of the corresponding method steps above. The device having a storage function may be a portable storage medium such as a U disk, an optical disk, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), or a magnetic disk. The medium storing the program code may also be a terminal, a server, or the like.
以上方案,本申请提供一种即时通信的数据加密方法,在此群加密方式下,由于服务器并不保存客户端密码,所以安全性掌握在客户端手 中,同时客户端每一条发出的信息都会有不同的密码进行加密,提高了每条信息的前后向密码安全。In the above solution, this application provides a data encryption method for instant communication. In this group encryption method, since the server does not store the client password, the security is in the hands of the client, and each message sent by the client will have Different passwords are encrypted to improve the forward and backward password security of each message.
在本申请所提供的几个实施方式中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施方式仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device implementations described above are only schematic. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be divided. The combination can either be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, which may be electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施方式方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objective of the solution of this embodiment.
另外,在本申请各个实施方式中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each of the units may exist separately physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施方式所述方法的全部或部分步骤。When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially a part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium. It includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to perform all or part of the steps of the method described in each embodiment of the present application.
以上所述仅为本申请的实施方式,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only an implementation of the present application, and does not limit the patent scope of the present application. Any equivalent structure or equivalent process transformation made by using the description and drawings of the present application, or directly or indirectly applied to other related technologies The fields are equally included in the patent protection scope of this application.

Claims (18)

  1. 一种即时通信的数据加密方法,其中,所述方法包括:A data encryption method for instant communication, wherein the method includes:
    第一客户端生成一个随机数,将所述随机数与群密码进行组合得到密码数据源;The first client generates a random number, and combines the random number with a group password to obtain a password data source;
    利用哈希算法对所述密码数据源进行计算得到信息密码;Calculating the information password using a hash algorithm to obtain the information password;
    利用所述信息密码对通信数据进行加密。The communication data is encrypted by using the information password.
  2. 根据权利要求1所述的即时通信的数据加密方法,其中,所述第一客户端生成一个随机数包括:The method of claim 1, wherein the generating a random number by the first client comprises:
    所述第一客户端每发送一条信息,则随机生成一个不同的随机数。Each time the first client sends a message, a different random number is generated randomly.
  3. 根据权利要求1所述的即时通信的数据加密方法,其中,所述利用哈希算法对所述密码数据源进行计算得到信息密码包括:The data encryption method for instant communication according to claim 1, wherein the information password obtained by calculating the password data source by using a hash algorithm comprises:
    利用SHA512算法对所述密码数据源进行计算得到一个512位的字符串,取所述字符串的前256位作为信息密码。A SHA512 algorithm is used to calculate the password data source to obtain a 512-bit character string, and the first 256 bits of the character string are used as the information password.
  4. 根据权利要求3所述的即时通信的数据加密方法,其中,取所述字符串的后128位作为哈希值,所述利用信息密码对通信数据进行加密包括:The data encryption method for instant communication according to claim 3, wherein taking the last 128 bits of the character string as a hash value, and the encrypting the communication data by using the information password comprises:
    将待发送的信息数据以及所述哈希值作为通信数据进行加密。The information data to be transmitted and the hash value are encrypted as communication data.
  5. 根据权利要求1所述的即时通信的数据加密方法,其中,所述利用信息密码对通信数据进行加密包括:The data encryption method for instant communication according to claim 1, wherein the encrypting communication data by using an information password comprises:
    利用对称加密的方式对所述通信数据进行加密,以使信息接收端利用所述信息密码对所述通信数据进行解密。The communication data is encrypted in a symmetric encryption manner, so that the information receiving end uses the information password to decrypt the communication data.
  6. 根据权利要求1所述的即时通信的数据加密方法,其中,所述第一客户端生成一个随机数,将所述随机数与群密码进行组合得到密码数据源之前包括:The data encryption method for instant communication according to claim 1, wherein before the first client generates a random number, and combining the random number and a group password to obtain a password data source comprises:
    所述第一客户端接收被DH密码加密的群密码,其中,所述DH密码为第二客户端利用迪菲-赫尔曼密钥交换协议计算得到的;Receiving, by the first client, a group password encrypted by a DH password, wherein the DH password is calculated by the second client using a Diffie-Herman key exchange protocol;
    所述第一客户端利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用所述DH密码对加密后的群密码进行解密,获取所述群密码。The first client uses the Diffie-Herman key exchange protocol to calculate a DH password, and uses the DH password to decrypt the encrypted group password to obtain the group password.
  7. 根据权利要求1所述的即时通信的数据加密方法,其中,所述第一客户端生成一个随机数,将所述随机数与群密码进行组合得到密码数据源之前包括:The data encryption method for instant communication according to claim 1, wherein before the first client generates a random number, and combining the random number and a group password to obtain a password data source comprises:
    所述第一客户端建立群组,且随机生成一个群密码;The first client establishes a group and randomly generates a group password;
    所述第一客户端利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用所述DH密码对所述群密码进行加密。The first client uses a Diffie-Herman key exchange protocol to calculate a DH password, and uses the DH password to encrypt the group password.
  8. 根据权利要求6或7所述的即时通信的数据加密方法,其中,所述利用DH密码对所述群密码进行加密包括:The data encryption method for instant communication according to claim 6 or 7, wherein the encrypting the group password by using a DH password comprises:
    利用SHA512算法对所述DH密码进行计算得到一个512位的字符串,取所述字符串的前256位作为密码对所述群密码进行加密。The SHA512 algorithm is used to calculate the DH password to obtain a 512-bit character string, and the first 256 bits of the character string are used as the password to encrypt the group password.
  9. 根据权利要求6或7所述的即时通信的数据加密方法,其中,所述利用迪菲-赫尔曼密钥交换协议计算得到DH密码包括:The data encryption method for instant communication according to claim 6 or 7, wherein the DH password calculated by using the Diffie-Herman key exchange protocol comprises:
    第一客户端利用第二客户端的公钥以及第一客户端的私钥进行计算得到所述DH密码;The first client calculates the DH password by using the public key of the second client and the private key of the first client;
    第二客户端利用第一客户端的公钥以及第二客户端的私钥进行计算得到所述DH密码;The second client calculates the DH password by using the public key of the first client and the private key of the second client;
    其中,所述第一客户端、第二客户端计算得到的DH密码相同。The DH password calculated by the first client and the second client is the same.
  10. 根据权利要求1所述的即时通信的数据加密方法,其中,所述随机数为一个512位的随机数,所述群密码为一个64位的群密码。The method of claim 1, wherein the random number is a 512-bit random number, and the group password is a 64-bit group password.
  11. 一种即时通信的数据加密装置,其中,所述装置包括处理器,所述处理器用于生成一个随机数,将所述随机数与群密码进行组合得到密码数据源;A data encryption device for instant communication, wherein the device includes a processor for generating a random number, and combining the random number with a group password to obtain a password data source;
    所述处理器还用于利用哈希算法对所述密码数据源进行计算得到信息密码;The processor is further configured to use a hash algorithm to calculate the password data source to obtain an information password;
    所述处理器还用于利用所述信息密码对通信数据进行加密。The processor is further configured to encrypt the communication data by using the information password.
  12. 根据权利要求11所述的即时通信的数据加密装置,其中,第一客户端每发送一条信息,所述处理器随机生成一个不同的随机数。The data encryption device for instant communication according to claim 11, wherein each time the first client sends a message, the processor randomly generates a different random number.
  13. 根据权利要求11所述的即时通信的数据加密装置,其中,所述处理器具体用于利用SHA512算法对所述密码数据源进行计算得到一个 512位的字符串,取所述字符串的前256位作为信息密码。The data encryption device for instant communication according to claim 11, wherein the processor is specifically configured to use the SHA512 algorithm to calculate the password data source to obtain a 512-bit character string, and take the first 256 of the character string Bits as the information password.
  14. 根据权利要求11所述的即时通信的数据加密装置,其中,所述处理器还用于接收被DH密码加密的群密码,其中,所述DH密码为第二客户端利用迪菲-赫尔曼密钥交换协议计算得到的;The data encryption device for instant communication according to claim 11, wherein the processor is further configured to receive a group password encrypted by a DH password, wherein the DH password is a second client utilizing Diffie-Herman Calculated by the key exchange protocol;
    所述处理器还用于利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用所述DH密码对加密后的群密码进行解密,获取所述群密码。The processor is further configured to calculate a DH password by using the Diffie-Herman key exchange protocol, and use the DH password to decrypt the encrypted group password to obtain the group password.
  15. 根据权利要求11所述的即时通信的数据加密装置,其中,所述处理器还用于建立群组,且随机生成一个预定位数的群密码;The data encryption device for instant communication according to claim 11, wherein the processor is further configured to establish a group and randomly generate a group password with a predetermined number of digits;
    所述处理器还用于利用迪菲-赫尔曼密钥交换协议计算得到DH密码,并利用所述DH密码对所述群密码进行加密。The processor is further configured to use a Diffie-Herman key exchange protocol to calculate a DH password, and use the DH password to encrypt the group password.
  16. 根据权利要求14或15所述的即时通信的数据加密装置,其中,所述利用迪菲-赫尔曼密钥交换协议计算得到DH密码包括:The data encryption device for instant communication according to claim 14 or 15, wherein the DH password calculated by using the Diffie-Herman key exchange protocol comprises:
    第一客户端用于利用第二客户端的公钥以及第一客户端的私钥进行计算得到所述DH密码;The first client is configured to calculate the DH password by using the public key of the second client and the private key of the first client;
    第二客户端用于利用第一客户端的公钥以及第二客户端的私钥进行计算得到所述DH密码;The second client is configured to calculate the DH password by using the public key of the first client and the private key of the second client;
    其中,所述第一客户端、第二客户端计算得到的DH密码相同。The DH password calculated by the first client and the second client is the same.
  17. 一种即时通信的数据加密装置,其中,所述装置包括:A data encryption device for instant communication, wherein the device includes:
    生成模块,用于生成一个随机数,将所述随机数与群密码进行组合得到密码数据源;A generating module, configured to generate a random number, and combine the random number with a group password to obtain a password data source;
    计算模块,用于利用哈希算法对所述密码数据源进行计算得到信息密码;A computing module, configured to use a hash algorithm to calculate the password data source to obtain an information password;
    加密模块,用于利用所述信息密码对通信数据进行加密。The encryption module is configured to encrypt the communication data by using the information password.
  18. 一种具有存储功能的装置,其中,所述装置存储有程序,所述程序被执行时实现权利要求1至10任一项所述的即时通信的数据加密方法。A device having a storage function, wherein the device stores a program, and when the program is executed, the data encryption method for instant messaging according to any one of claims 1 to 10 is implemented.
PCT/CN2018/103051 2018-08-29 2018-08-29 Instant messaging data encryption method and apparatus WO2020042023A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/103051 WO2020042023A1 (en) 2018-08-29 2018-08-29 Instant messaging data encryption method and apparatus
CN201880002437.5A CN109845184A (en) 2018-08-29 2018-08-29 A kind of data ciphering method and device of instant messaging

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/103051 WO2020042023A1 (en) 2018-08-29 2018-08-29 Instant messaging data encryption method and apparatus

Publications (1)

Publication Number Publication Date
WO2020042023A1 true WO2020042023A1 (en) 2020-03-05

Family

ID=66883762

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/103051 WO2020042023A1 (en) 2018-08-29 2018-08-29 Instant messaging data encryption method and apparatus

Country Status (2)

Country Link
CN (1) CN109845184A (en)
WO (1) WO2020042023A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110690967B (en) * 2019-12-11 2021-03-02 杭州字节信息技术有限公司 Instant communication key establishment method independent of server security
CN112671841B (en) * 2020-12-10 2022-02-15 清研灵智信息咨询(北京)有限公司 Data security management method and system based on micro-service technology architecture
CN113938270A (en) * 2021-12-17 2022-01-14 北京华云安信息技术有限公司 Data encryption method and device capable of flexibly reducing complexity

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101682639A (en) * 2007-04-12 2010-03-24 诺基亚公司 A handshake procedure
US20130152195A1 (en) * 2011-12-12 2013-06-13 Alcatel-Lucent Usa Inc. Replay Attack Protection With Small State For Use In Secure Group Communication
CN103260155A (en) * 2013-05-15 2013-08-21 兰州交通大学 Lightweight privacy-enhancing group message sending method
CN105141635A (en) * 2015-09-21 2015-12-09 北京元心科技有限公司 Method and system for safe communication of group sending messages
CN105610789A (en) * 2015-12-18 2016-05-25 成都三零瑞通移动通信有限公司 Data encryption method suitable for multi-user group chat instant communication
CN108155987A (en) * 2017-12-22 2018-06-12 中国联合网络通信集团有限公司 Group message sending method, method of reseptance and its system and communicating terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050149732A1 (en) * 2004-01-07 2005-07-07 Microsoft Corporation Use of static Diffie-Hellman key with IPSec for authentication
CN101790160A (en) * 2009-01-23 2010-07-28 中兴通讯股份有限公司 Method and device for safely consulting session key
CN105763331A (en) * 2014-12-19 2016-07-13 北大方正集团有限公司 Data encryption method, device, data decryption method and device
CN107070948A (en) * 2017-05-23 2017-08-18 广东工业大学 Signature and verification method based on hybrid encryption algorithm in cloud storage
CN108090370B (en) * 2018-01-10 2021-03-16 河南芯盾网安科技发展有限公司 Instant communication encryption method and system based on index

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101682639A (en) * 2007-04-12 2010-03-24 诺基亚公司 A handshake procedure
US20130152195A1 (en) * 2011-12-12 2013-06-13 Alcatel-Lucent Usa Inc. Replay Attack Protection With Small State For Use In Secure Group Communication
CN103260155A (en) * 2013-05-15 2013-08-21 兰州交通大学 Lightweight privacy-enhancing group message sending method
CN105141635A (en) * 2015-09-21 2015-12-09 北京元心科技有限公司 Method and system for safe communication of group sending messages
CN105610789A (en) * 2015-12-18 2016-05-25 成都三零瑞通移动通信有限公司 Data encryption method suitable for multi-user group chat instant communication
CN108155987A (en) * 2017-12-22 2018-06-12 中国联合网络通信集团有限公司 Group message sending method, method of reseptance and its system and communicating terminal

Also Published As

Publication number Publication date
CN109845184A (en) 2019-06-04

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
CN113424185B (en) Fast inadvertent transmission
US8331568B2 (en) Efficient distribution of computation in key agreement
CN109800584B (en) Identity or attribute encryption calculation method and system based on Intel SGX mechanism
Ngo et al. Dynamic Key Cryptography and Applications.
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
JP4944886B2 (en) Cryptographic authentication and / or shared encryption key configuration using signature keys encrypted with non-one-time pad cryptography, including but not limited to technology with improved security against malleable attacks
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
CN108347404B (en) Identity authentication method and device
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
CN109274502B (en) Method and device for creating public key encryption and key signature and readable storage medium
US20230188325A1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
US20210367767A1 (en) Methods and systems for secure network communication
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN204180095U (en) A kind of ciphering and deciphering device for network data encryption transmission
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
CN114513327A (en) Block chain-based Internet of things privacy data rapid sharing method
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN115834038A (en) Encryption method and device based on national commercial cryptographic algorithm
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
CN110365482B (en) Data communication method and device
CN112822015A (en) Information transmission method and related device
CN108429717B (en) Identity authentication method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18932262

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18932262

Country of ref document: EP

Kind code of ref document: A1