Summary of the invention
The technical problem to be solved by the present invention is to how improve the safety of instant messaging service.
In order to solve the above technical problems, the invention proposes a kind of instant communicating method and system based on password.
In a first aspect, this method is applied in communication terminal, comprising:
When receiving the password of user's input, session connection request is issued to server-side;
When receiving the session connection request that the server-side is sent, password entry order is generated, and exist according to user
The password inputted under the password entry command cue carries out authentication to session request person, if authentication success, to
Server-side sends session connection response;
When receiving the session connection response of server-side transmission, password carries out session respondent based on the received
Authentication, if authentication success, is confirmed whether to allow to conversate using server.
Further, this method further include: when sending the session connection response to the server-side, utilize the clothes
Business end judges whether session connection is overtime, specifically:
Server judgement receives session connection request and whether receives time difference between session connection response
Less than the first preset duration,
If so, sending session connection response to the sending terminal of session connection request;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
It is further, described to be confirmed whether to allow to conversate using server, comprising:
Connection confirmation message is sent to the server-side, judges whether session connection is overtime using the server-side, specifically
Are as follows:
Server-side judgement receives session connection request and whether receives time difference between connection confirmation message
Less than the second preset duration,
If so, issuing successful connection to the sending terminal of session connection request and the sending terminal of session connection response
Prompt information;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
Further, include: to the process of the session request person or session respondent progress authentication
Obtain the received corresponding password ciphertext of password;
Using the password ciphertext to the encrypted public key in the session connection request received or the session connection received
Encrypted public key in response is decrypted, and judges whether successful decryption,
If so, authentication success, and the public key after being decrypted;
Otherwise, authentication fails.
Further, the encrypted public key in the session connection request or the encrypted public key in the session connection response
Generating process includes:
When receiving the password of user's input, the first random big number is generated, and using first random big number as private key;
The password received is encrypted, the password ciphertext is obtained;
The second random big number is generated according to the private key, and using the password ciphertext as the second random big number described in key pair
It is encrypted, obtains the encrypted public key.
Further, this method further include:
When terminal allows to conversate using server confirmation, what the private key and the terminal generated according to the terminal obtained
Public key after decryption is generated for the first key to the communication information encryption and decryption in conversation procedure.
Further, this method further include:
When terminal allows to conversate using server confirmation, what the private key and the terminal generated according to the terminal obtained
Public key after decryption generates first key, encrypts to the first key and random string, generates for session
Second key of the communication information encryption and decryption in journey.
Second aspect, the system include:
Request module, for issuing session connection request to server-side when receiving the password of user's input;
Responder module, for generating password entry order when receiving the session connection request that the server-side is sent,
And authentication is carried out to session request person according to the password that user inputs under the password entry command cue, if identity is tested
It demonstrate,proves successfully, then sends session connection response to server-side;
Confirmation module, for when receiving the session connection response of server-side transmission, password pair based on the received
Session respondent carries out authentication, if authentication success, is confirmed whether to allow to conversate using server.
Further, the system further include:
Overtime detection module, for utilizing the server-side when sending the session connection response to the server-side
Judge whether session connection is overtime, specifically:
Server judgement receives session connection request and whether receives time difference between session connection response
Less than the first preset duration,
If so, sending session connection response to the sending terminal of session connection request;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
Further, it is confirmed whether to allow to conversate using server in the confirmation module, comprising:
Connection confirmation message is sent to the server-side, judges whether session connection is overtime using the server-side, specifically
Are as follows:
Server-side judgement receives session connection request and whether receives time difference between connection confirmation message
Less than the second preset duration,
If so, issuing successful connection to the sending terminal of session connection request and the sending terminal of session connection response
Prompt information;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
It is every to establish a session it is necessary to carry out a session connection using the present invention in the present invention.Due to different meetings
The password of words, use can be different, so even a session is cracked, will not influence the safety of other sessions.And
And the present invention verifies the identity of communicating pair using password, and only when the authentication of both sides is all successful, Cai Youhui
The possibility of successful connection is talked about, therefore improves the safety of session.
Specific embodiment
To better understand the objects, features and advantages of the present invention, with reference to the accompanying drawing and specific real
Applying mode, the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
In the following description, numerous specific details are set forth in order to facilitate a full understanding of the present invention, still, the present invention may be used also
To be implemented using other than the one described here other modes, therefore, protection scope of the present invention is not by described below
Specific embodiment limitation.
The present invention provides a kind of instant communicating method based on password, is applied in communication terminal, as shown in Figure 1, 2, should
Method includes:
When receiving the password of user's input, session connection request is issued to server-side;
When receiving the session connection request that the server-side is sent, password entry order is generated, and exist according to user
The password inputted under the password entry command cue carries out authentication to session request person, if authentication success, to
Server-side sends session connection response;
When receiving the session connection response of server-side transmission, password carries out session respondent based on the received
Authentication, if authentication success, is confirmed whether to allow to conversate using server.
Above-mentioned technical proposal through the invention, it is known that practical communication process is substantially are as follows:
Here for convenience of introducing, it will the terminal for talking about requestor is known as first terminal, and the terminal of session respondent is known as the
Two terminals.
After session request person inputs a password in first terminal, first terminal receives the password, sends to server-side
One session connection request.After server receives the session connection request, second terminal is forwarded it to.When second terminal receives
When to session connection request, a password entry order is generated, session respondent is prompted to input password.When second terminal receives mouth
After order, authentication is carried out to session request person using the password.If authentication fails, it may be possible to input password mistake
Accidentally, it is also possible to be the identity mistake of session request person.Miscue can be generated in second terminal, prompts session respondent again
It inputs password and carries out authentication again, until session respondent input password is correct, authentication success.When authentication just
Really or after success, second terminal issues session connection response to server-side.The session connection response is forwarded to first by server-side
Terminal carries out authentication to session respondent using the password of itself when first terminal receives the session connection response.
If authentication fails, first terminal prompts connection failure, if authentication success, is confirmed whether to allow using server
It conversates.Here, it after all succeeding to the authentication of both sides, may not necessarily also conversate.Other factors are also contemplated that, such as
Session connection time, network environment, special setting of user etc..
In practice, every to establish a session it is necessary to carry out a session connection using the present invention.Due to different meetings
The password of words, use can be different, so even a session is cracked, will not influence the safety of other sessions.And
And the present invention verifies the identity of communicating pair using password, and only when the authentication of both sides is all successful, Cai Youhui
The possibility of successful connection is talked about, therefore improves the safety of session.In addition, the formulating method due to password is varied, such as
The mode arranged under line (telephonic communication is linked up face-to-face).Transmitting between net on any line all has inevitable technology wind
It is dangerous.So according to the mode arranged under line, a possibility that being exposed to avoid initial safe information due to technical risk, line
Above with the mode combined under line, the safety of communication is further improved.
In practice, in the transmission process in session connection request from first terminal to second terminal, it is possible to unknown
Third party intercept and capture, decode, to influence the accuracy of authentication, lead to session loss of security.The feelings in order to prevent
The generation of condition can use following measures:
When sending the session connection response to the server-side, judge whether session connection surpasses using the server-side
When, specifically:
Server judgement receives session connection request and whether receives time difference between session connection response
Less than the first preset duration,
If so, sending session connection response to the sending terminal of session connection request;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
As it can be seen that server timing since when receiving session connection request, within the defined time (the first preset duration),
Second terminal must make the correct session connection response responded and receive second terminal before the deadline.Otherwise, it services
Device is judged as time-out, prompts communicating pair connection failure.If having not timed out, continue the connection of session.
The length of first preset duration can be arranged according to actual needs.Under normal circumstances, second terminal is asked to session
When the person of asking carries out authentication, it is related to some encryption or decryption process.Based on existing technology and equipment performance, to some encryptions
The decoding of the especially more complex data encryption algorithm of algorithm (Data Encryption Algorithm, vehicle economy S) at least needs
Want a few hours.It is to be appreciated that up to the present, other than exhaustive search algorithm attacks DES, also no discovery is not done more effectively
Method, and the time that DES at least needs a few hours is cracked with current hardware technology level.And the second preset time can be set accordingly
A few minutes or dozens of minutes are set to, within the time period, a possibility that being decrypted is substantially not present in DES.Even if session connects in this way
It connects request to be trapped in transmission process, third party also decodes without time enough, pretends, therefore further raising
The safety of session.
In the present invention, after the authentication to both sides is all successful, it is confirmed whether to allow to conversate using server,
The process may include:
Connection confirmation message is sent to the server-side, judges whether session connection is overtime using the server-side, specifically
Are as follows:
Server-side judgement receives session connection request and whether receives time difference between connection confirmation message
Less than the second preset duration,
If so, issuing successful connection to the sending terminal of session connection request and the sending terminal of session connection response
Prompt information;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
Wherein, the connection confirmation message in the above process can be confirmation character ACK, when server-side receives connection confirmation
When information, judge whether connection is overtime.If overtime, communicating pair connection failure is prompted, both sides can also be guided to reconnect.
If having not timed out, both sides' successful connection is prompted, both sides is prompted to allow to converse.After the identity of both sides is all proved to be successful, then
It is secondary to judge whether connection time-out, further improve the safety of instant messaging service.
In specific implementation process of the invention, as shown in figure 3, to the session request person or the session respondent into
The process of row authentication includes:
Obtain the received corresponding password ciphertext of password;
The encrypted public key in the session connection request received or the session connection received are answered using the password ciphertext
Encrypted public key in answering is decrypted,
If the public key after being decrypted, authentication success;
Otherwise, authentication fails.
First terminal, second terminal, which can be used, carries out authentication to other side with upper type, is second terminal first
Authentication is carried out to session request person, then just has first terminal to carry out authentication to session respondent:
The corresponding password ciphertext of the password that the session respondent that second terminal receives is inputted, the password ciphertext is
It has generated before second terminal carries out authentication to other side, therefore when carrying out authentication, has directly acquired.When
After second terminal obtains the password ciphertext, the encrypted public key in the session connection request received is carried out using the password ciphertext
Decryption, since session connection request is generated and issued by first terminal, the encrypted public key in the request is also first
What terminal generated, therefore just can recognize according to decrypted result the identity of other side.
First terminal is also in this way, i.e. when first terminal obtains the password itself received to the verification process of session respondent
After corresponding password ciphertext, the encrypted public key in the session connection response received is decrypted using the password ciphertext.
Certain session connection response is to be generated and issued by second terminal, therefore the encrypted public key in the response is also second terminal
It generates, therefore recognizes the identity of other side according to decrypted result, judge whether authentication succeeds.
As it can be seen that above-mentioned authentication process itself is completed based on received password, and verification process safety, Yi Shi
It is existing.
The generation of the encrypted public key in a kind of session connection request or the encrypted public key in session connection response is described below
Process, as shown in Figure 4:
When receiving the password of user's input, the first random big number is generated, and using first random big number as private key;
The password received is encrypted, the password ciphertext is obtained;
The second random big number is generated according to the private key, and using the password ciphertext as the second random big number described in key pair
It is encrypted, obtains the encrypted public key.
By the above process it is found that the generating process not only generates encrypted public key, password ciphertext and private key are also created,
Middle password ciphertext is used for the decryption in the encryption or authentication process itself of the second random big number, and the effect of private key can be later
Illustrate in text.
In above-mentioned generating process, md5-challenge (Message-Digest can be used to the Encryption Algorithm of password
Algorithm 5, abbreviation MD5), DES can be used to the Encryption Algorithm of the second random big number.If random to second with DES herein
Big number encryption, then when carrying out authentication, need that encrypted public key is decrypted using DES.
First terminal, second terminal can be used above method and generate encrypted public key, be illustrated by taking first terminal as an example:
(1) when first terminal receives the password K of session request person's input, generate the first random big number M, and by this
One random big number M is as private key pvtKeyA;
(2) first terminal obtains password ciphertext mk to password md5 encryption;
(3) private key pvtKeyA progress operation is converted to the second random big number N by first terminal, then with password ciphertext
Mk is key, carries out des encryption to the second random big number N, obtains encrypted public key enPubKeyA.
The private key pvtKeyB of second terminal, the generation method of encrypted public key enPubKeyB please refer to the above process.
The above process of the invention is only the connection procedure of session.After session connection success, both sides be can communicate.
In order to further increase the safety of communication, the communication information in conversation procedure can also be encrypted, specifically:
When terminal allows to conversate using server confirmation, what the private key and the terminal generated according to the terminal obtained
Public key after decryption is generated for the first key to the communication information encryption and decryption in conversation procedure.
Communication information is encrypted using first key, to improve the safety of communication.But due to first close
Key is possible to be decrypted, at this point, can also encrypt to the first key and random string, generates the second key, utilizes
Communication information encryption and decryption in second key pair conversation procedure.
Due to being encrypted after combining the first key and random string, substantially increase be decrypted can
It can property.The above process is illustrated with second terminal below:
Public key pubKeyA after private key pvtKeyB that second terminal is generated according to itself and the decryption itself obtained is (by the
Two terminals obtain after decrypting to the encrypted public key enPubKeyA in session connection request), by operation (operation mode herein
Without limitation), first key is obtained.Certainly, second terminal carries out encryption and decryption to communication information using first key.In order into one
Step improves the safety of communication information, can also by first key and the further des encryption of random string, using further plus
The the second cipher key pair communication message encryption and decryption obtained after close further increases the difficulty decoded by third party.Wherein, random words
Symbol string can be the character string being solidificated in operation program.
Since communication information is encryption, communication information is also encryption storage in server-side, and server-side is not
Any key information is stored, so service supplier can not also read the message content of user, improves the safety of communication.
The present invention is illustrated instant messaging process of the invention referring to the example of Fig. 2 below:
(1) first terminal A receives the password of session request person a input, and it is public to generate the encryption of the first private key pvtKeyA and first
Key enPubKeyA sends session connection request to server-side, includes the first encrypted public key enPubKeyA in the request;
(2) when server-side receives session connection request, start timing, and session connection request is forwarded to second eventually
Hold B;
(3) it when second terminal receives session connection request, prompts user to input password, extracts in session connection request
The first encrypted public key enPubKeyA, using the password received to a carry out authentication, after obtaining decryption after being proved to be successful
The first public key pubKeyA, then generate private key the second private key pvtKeyB and the second encrypted public key enPubKeyB, and to service
End sends session connection response, includes the second encrypted public key enPubKeyB in the response;
(4) when server-side receives session connection response, judgement receives session connection request and answers with session connection is received
Whether the time difference between answering exceeds the first preset duration, if without departing from session connection reply is forwarded to first terminal;
(5) when first terminal receives session connection response, the second encrypted public key in session connection response is extracted
EnPubKeyB, and authentication is carried out to b using password, the second public key pubKeyB after being decrypted after being proved to be successful, and
Confirmation character ACK is sent to server-side;
(6) after server-side receives ACK, judgement receives session connection request and receives the time difference between confirmation character
Whether the second preset duration is exceeded, if without departing from allow to conversate i.e. session establishment success, if exceeding, informs both sides
Connection failure.
Wherein, first terminal is by after the first private key and decryption to the first key of the communication information encryption and decryption in session
Second public key generates, and second terminal is by after the second private key and decryption to the first key of the communication information encryption and decryption in session
First private key generates.
Note: the first public key after the first private key, the first encrypted public key, decryption, the second private key, the second encryption are public here
The second public key after key, decryption is merely to distinguish first terminal and second terminal key generated, with above-mentioned for logical
Believe that the first key of message encryption and decryption, the second key are different.
The present invention also provides a kind of instantaneous communication systems based on password, are applied in communication terminal, as shown in figure 5, should
System 100 includes:
Request module 101, for issuing session connection request to server-side when receiving the password of user's input;
Responder module 102, for when receiving the session connection request that the server-side is sent, generating password entry life
It enables, and authentication is carried out to session request person according to the password that user inputs under the password entry command cue, if body
Part is proved to be successful, then sends session connection response to server-side;
Confirmation module 103, for when receiving the session connection response of server-side transmission, password based on the received
Authentication is carried out to session respondent, if authentication success, is confirmed whether to allow to conversate using server.
Further, the system further include:
Overtime detection module, for utilizing the server-side when sending the session connection response to the server-side
Judge whether session connection is overtime, specifically:
Server judgement receives session connection request and whether receives time difference between session connection response
Less than the first preset duration,
If so, sending session connection response to the sending terminal of session connection request;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
Further, it is confirmed whether to allow to conversate using server in the confirmation module, comprising:
Connection confirmation message is sent to the server-side, judges whether session connection is overtime using the server-side, specifically
Are as follows:
Server-side judgement receives session connection request and whether receives time difference between connection confirmation message
Less than the second preset duration,
If so, issuing successful connection to the sending terminal of session connection request and the sending terminal of session connection response
Prompt information;
Otherwise, mentioning for connection failure is sent to the sending terminal of session connection request and the sending terminal of session connection response
Show information.
It is that the present invention is based on the function structures of the instant communicating method of password the present invention is based on the instantaneous communication system of password
Module, explanation, explanation and beneficial effect in relation to content please refer to the phase in the instant communicating method the present invention is based on password
Part is answered, which is not described herein again.
In conclusion the present invention is based on the instant communicating methods of password and system to have the advantage that
(1) each session has the password of oneself, executes a session connection, after a certain session is decrypted, not shadow
Ring the safety of other sessions;
(2) present invention verifies both sides' identity using password, guarantees the authenticity of communicating pair identity;
(3) using server-side carry out twice time-out judgement, avoid third party intercept and capture have afterwards for information about time enough into
Row is decoded, and the safety of communication is further increased;
(4) communication information in conversation procedure is encrypted, and further improves the safety of communication.
Although the embodiments of the invention are described in conjunction with the attached drawings, but those skilled in the art can not depart from this hair
Various modifications and variations are made in the case where bright spirit and scope, such modifications and variations are each fallen within by appended claims
Within limited range.