CN108809936A - A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm - Google Patents

A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm Download PDF

Info

Publication number
CN108809936A
CN108809936A CN201810359179.8A CN201810359179A CN108809936A CN 108809936 A CN108809936 A CN 108809936A CN 201810359179 A CN201810359179 A CN 201810359179A CN 108809936 A CN108809936 A CN 108809936A
Authority
CN
China
Prior art keywords
aes
data
key
stamp
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810359179.8A
Other languages
Chinese (zh)
Other versions
CN108809936B (en
Inventor
周晓天
蒲承祖
袁东风
王茹意
林成浴
张海霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Qingdao Campus of Naval Aviation University of PLA
Original Assignee
Shandong University
Qingdao Campus of Naval Aviation University of PLA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University, Qingdao Campus of Naval Aviation University of PLA filed Critical Shandong University
Priority to CN201810359179.8A priority Critical patent/CN108809936B/en
Publication of CN108809936A publication Critical patent/CN108809936A/en
Application granted granted Critical
Publication of CN108809936B publication Critical patent/CN108809936B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

The present invention relates to a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm and its realize system, transmission is encrypted to data information by the mixed encryption method based on RAS+AES+ timestamps in the present invention, can be used for authentication and the information transmission of a variety of clients.Transmission and returned data stream between client and server are ciphertext transmission and are difficult by Brute Force, transmission can accomplish one-time pad without key risk of missing every time, to reduce the risk that user data information is stolen in transmission process, the safety and reliability of identity authorization system is improved.

Description

A kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm and in fact Existing system
Technical field
The present invention relates to a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm and its realize system, Belong to information security of intelligent terminal technical field.
Background technology
With the fast development of mobile intelligent terminal, more and more users are by private data information storage in network application On.Privacy of user data are stolen will to be brought user and cause huge risk and loss.Go out not in information security issue layer Poor today, either personal user or corporate facility all give information security and secret protection unprecedented heavy Depending on.Traditional data information security scheme is faced with problems and challenge.
The access of users personal data be unable to do without the verification to user identity, and it is to keep to access identity legitimacy verification to user Protect first of gate of user information safety.Current most of mobile application subscriber authentications depend on three kinds of schemes: Md5 encryption (Message Digest Algorithm MD5) is carried out to user information, uses DES and AES encryption algorithm for encryption Or use RSA cryptographic algorithms.But for these types of scheme, MD5 algorithms exist by the risk of Brute Force, are not suitable for peace Full property requires high field.DES/AES places one's entire reliance upon channel transfer as symmetric encipherment algorithm key, and key is once transmitting In be trapped exposure, the safety of entire authentication system will be without collateral security.Although and rivest, shamir, adelman RSA keys pass It is defeated convenient with preservation, but ciphering process is complicated, is not suitable for that larger data volume is encrypted.It can be seen that above-mentioned several Traditional scheme is faced with great risk and challenge in the terminal user ID verification in intelligent movable epoch.
Invention content
In view of the deficiencies of the prior art, the present invention provides a kind of intelligent mobile terminal identity based on Hybrid Encryption algorithm Verification method;
The present invention also provides a kind of intelligent mobile terminal authentication systems based on Hybrid Encryption algorithm.
The technical scheme is that:
A kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm is applied to client and server End, the client is the ends PC or mobile client, including carries out authentication to the ends PC, recognizes mobile client progress identity Card:
Authentication is carried out to the ends PC, including:
(1) a RSA public key is calculated, RSA key is to (including the public key of encryption and decryption in engineering development Private key) acquisition can by java program create KeyPairGenerator objects obtain, RSA public keys for data encryption simultaneously The ends PC are stored in, calculate the corresponding private key of RSA public keys, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through The RSA public keys that step (1) preserves encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encryption Ciphertext afterwards is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR Quick Response Codes for the ends PC It obtains;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key >;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate at random One ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information ginseng that the ends PC are stored in step (1) The ends the PC cipher-text information RSA that number time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES is close Key aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key >, null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) passes through the private key solution preserved in step (1) The close encrypted ciphertext for receiving step (4) and transmitting, obtains clear data:Data, time_stamp, pc_identifier, aes_pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, certificate parameter pc_identifier Whether it is sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not Sky, then for the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES <re_data>, return to the ends PC;
According to currently preferred, the step (6), server end verification data and time_stamp legitimacy with have Effect property, and the ends PC type is differentiated according to parameter pc_identifier identifiers, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data It is legal;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates to ask It asks and derives from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_ of step (2) generation Pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, including:
A, establishment KeyPairGenerator calculation and objects are programmed by java in exploitation and goes out a RSA public key, the RSA is public Key is for data encryption and is stored in mobile client, calculates the corresponding private key of RSA public keys, which is used for data deciphering simultaneously It is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, for validity verification, and with Machine generates a mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data, The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_ mp_key>;
C, the encrypted ciphertext that received server-side is transmitted to step B is received by the private key decryption preserved in step A The encrypted ciphertext that step B is transmitted obtains solution clear data:aes_mp_key;
D, the aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext It is expressed as AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
The realization system of above-mentioned intelligent mobile terminal auth method, including the ends PC processing module, mobile terminal processing Module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key;Pc_identifier, random AES key aes_ are accorded with to terminal recognition by the RSA public keys that step (1) preserves Pc_key is encrypted, and encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is given birth to It is obtained for mobile client at QR Quick Response Codes;That is above-mentioned steps (2);
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generate one at random A mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data, The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_ mp_key>;That is above-mentioned steps B;
The mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_ Identifier, aes_pc_key>;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in the ends PC in step (1) The ends the PC cipher-text information RSA that timestamp information parameter time_stamp, step (3) obtain<Pc_identifier, aes_pc_ key>, AES key aes_mp_key encryption;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<pc_ Identifier, aes_pc_key>, null>;And it is sent to server end;That is above-mentioned steps (3), step (4).
The server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains plaintext number According to:Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_identifier Identifier differentiates client type, and the aes_pc_key obtained by step (5) is to needing the data re_data for returning to the ends pc to add Close, ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES of step (2) generation Key aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;That is above-mentioned steps (5), step (6), step (7).
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution is obtained in plain text Data:aes_mp_key;
The aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext table It is shown as AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.That is above-mentioned steps C, step Rapid D, step E.
According to currently preferred, the ends the PC processing module computer;The mobile terminal processing module is mobile phone.
The ends PC processing module includes for calculating and the personal computer of store function and the corresponding ends PC software;It is mobile End processing module be mobile intelligent terminal include carry Android or IOS systems mobile phone and corresponding mobile client software, Server processing module includes server process program and database.
Beneficial effects of the present invention are:
The present invention improve and has optimized for existing mobile network's client identity information data verification method.It is logical It crosses the mixed encryption method based on RAS+AES+ timestamps and transmission is encrypted to data information, can be used for a variety of clients Authentication and information transmission.Transmission and returned data stream between client and server are ciphertext transmission and are difficult quilt Brute Force, every time transmission can accomplish that one-time pad without key risk of missing, is being transmitted across to reduce user data information The risk being stolen in journey improves the safety and reliability of identity authorization system.
Description of the drawings
Fig. 1 is the flow diagram for carrying out authentication in the present invention to the ends PC;
Fig. 2 is the flow diagram for carrying out authentication in the present invention to mobile client;
Fig. 3 is the structure chart of the realization system of intelligent mobile terminal auth method of the present invention.
Specific implementation mode
The present invention is further limited with embodiment with reference to the accompanying drawings of the specification, but not limited to this.
Embodiment 1
A kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm is applied to client and server End, client is the ends PC or mobile client, including carries out authentication to the ends PC, carries out authentication to mobile client:
Authentication is carried out to the ends PC, as shown in Figure 1, including:
(1) a RSA public key is calculated, RSA key is to (including the public key of encryption and decryption in engineering development Private key) acquisition can by java program create KeyPairGenerator objects obtain, RSA public keys for data encryption simultaneously The ends PC are stored in, calculate the corresponding private key of RSA public keys, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through The RSA public keys that step (1) preserves encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encryption Ciphertext afterwards is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR Quick Response Codes for the ends PC It obtains;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key >;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate at random One ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information ginseng that the ends PC are stored in step (1) The ends the PC cipher-text information RSA that number time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES is close Key aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key >, null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) passes through the private key solution preserved in step (1) The close encrypted ciphertext for receiving step (4) and transmitting, obtains clear data:Data, time_stamp, pc_identifier, aes_pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, certificate parameter pc_identifier Whether it is sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not Sky, then for the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES <re_data>, return to the ends PC;
In step (6), server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_ Identifier identifiers differentiate the ends PC type, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data It is legal;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates to ask It asks and derives from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_ of step (2) generation Pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, as shown in Fig. 2, including:
A, establishment KeyPairGenerator calculation and objects are programmed by java in exploitation and goes out a RSA public key, the RSA is public Key is for data encryption and is stored in mobile client, calculates the corresponding private key of RSA public keys, which is used for data deciphering simultaneously It is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, for validity verification, and with Machine generates a mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data, The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_ mp_key>;
C, the encrypted ciphertext that received server-side is transmitted to step B is received by the private key decryption preserved in step A The encrypted ciphertext that step B is transmitted obtains solution clear data:aes_mp_key;
D, the aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext It is expressed as AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
Embodiment 2
The realization system of intelligent mobile terminal auth method described in embodiment 1, as shown in figure 3, including at the ends PC Manage module, mobile terminal processing module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key aes_pc_ key;The RSA public keys preserved by step (1) accord with pc_identifier to terminal recognition, random AES key aes_pc_key adds Close, encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR two dimensions Code is obtained for mobile client;That is above-mentioned steps (2);
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generate one at random A mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data, The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_ mp_key>;That is above-mentioned steps B;
Mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_ Identifier, aes_pc-_key>;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in the ends PC in step (1) The ends the PC cipher-text information RSA that timestamp information parameter time_stamp, step (3) obtain<Pc_identifier, aes_pc_ key>, AES key aes_mp_key encryption;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<pc_ Identifier, aes_pc_key>, null>;And it is sent to server end;That is above-mentioned steps (3), step (4).
Server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains plaintext number According to:Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_identifier Identifier differentiates client type, and the aes_pc_key obtained by step (5) is to needing the data re_data for returning to the ends pc to add Close, ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES of step (2) generation Key aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;That is above-mentioned steps (5), step (6), step (7).
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution is obtained in plain text Data:aes_mp_key;
The aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext table It is shown as AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.That is above-mentioned steps C, step Rapid D, step E.
The ends PC processing module computer;Mobile terminal processing module is mobile phone.
The ends PC processing module includes for calculating and the personal computer of store function and the corresponding ends PC software;It is mobile End processing module be mobile intelligent terminal include carry Android or IOS systems mobile phone and corresponding mobile client software, Server processing module includes server process program and database.

Claims (4)

1. a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm, which is characterized in that be applied to client With server end, the client be the ends PC or mobile client, including to the ends PC carry out authentication, to mobile client into Row authentication:
Authentication is carried out to the ends PC, including:
(1) a RSA public key is calculated, RSA public keys are for data encryption and are stored in the ends PC, and it is corresponding to calculate the RSA public keys Private key, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through step (1) the RSA public keys preserved encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encrypted Ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information generation QR Quick Response Codes are obtained for the ends PC It takes;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key>;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate one at random The ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information parameter that the ends PC are stored in step (1) The ends the PC cipher-text information RSA that time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES key aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key>, null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) is decrypted by the private key preserved in step (1) and is received The encrypted ciphertext transmitted to step (4), obtains clear data:Data, time_stamp, pc_identifier, aes_ pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, whether certificate parameter pc_identifier For sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not sky, then For the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES<re_ data>, return to the ends PC;
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_pc_ of step (2) generation Key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, including:
A, a RSA public key is calculated, the RSA public keys are for data encryption and are stored in mobile client, calculate the RSA public keys Corresponding private key, the private key is for data deciphering and is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, is used for validity verification, and give birth at random At a mobile client AES key aes_mp_key;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in mobile client in step A The time_stamp encryptions of timestamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_mp_ key>;
C, the encrypted ciphertext that received server-side is transmitted to step B receives step by the private key decryption preserved in step A The encrypted ciphertext that B is transmitted obtains solution clear data:aes_mp_key;
D, to needing the data re_data for returning to mobile client to encrypt, ciphertext indicates the aes_mp_key obtained by step C For AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key aes_mp_ of step B generations Key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
2. a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm according to claim 1, special Sign is that the step (6), server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_ Identifier identifiers differentiate the ends PC type, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data closes Method;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates that request comes Derived from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
3. the realization system of intelligent mobile terminal auth method as claimed in claim 1 or 2, which is characterized in that including PC Hold processing module, mobile terminal processing module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key aes_pc_ key;The RSA public keys preserved by step (1) accord with pc_identifier to terminal recognition, random AES key aes_pc_key adds Close, encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR two dimensions Code is obtained for mobile client;
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generates a shifting at random Dynamic customer end A ES keys aes_mp_key;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in mobile client in step A The time_stamp encryptions of timestamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_mp_ key>;
The mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_ Identifier, aes_pc_key>;
It will need to encrypt the user ID data data sent, current time using the RSA public keys for being stored in the ends PC in step (1) Stab information parameter time_stamp, the ends the PC cipher-text information RSA that step (3) obtains<Pc_identifier, aes_pc_key>, AES key aes_mp_key encryptions;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key>, null>;And it is sent to server end;
The server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains clear data: Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and is identified according to parameter pc_identifier Symbol differentiates client type, by the aes_pc_key of step (5) acquisition to needing the data re_data for returning to the ends pc to encrypt, Ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES key of step (2) generation Aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution clear data is obtained: aes_mp_key;
To needing the data re_data for returning to mobile client to encrypt, ciphertext is expressed as the aes_mp_key obtained by step C AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key aes_ of step B generations Mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
4. the realization system of intelligent mobile terminal auth method according to claim 3, which is characterized in that the PC Hold processing module computer;The mobile terminal processing module is mobile phone.
CN201810359179.8A 2018-04-20 2018-04-20 Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof Active CN108809936B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810359179.8A CN108809936B (en) 2018-04-20 2018-04-20 Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810359179.8A CN108809936B (en) 2018-04-20 2018-04-20 Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof

Publications (2)

Publication Number Publication Date
CN108809936A true CN108809936A (en) 2018-11-13
CN108809936B CN108809936B (en) 2020-12-08

Family

ID=64093413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810359179.8A Active CN108809936B (en) 2018-04-20 2018-04-20 Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof

Country Status (1)

Country Link
CN (1) CN108809936B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988301A (en) * 2020-08-14 2020-11-24 武汉气吞云梦科技有限公司 Secure communication method for preventing client from hacker violence attack
CN112182621A (en) * 2020-09-30 2021-01-05 银盛支付服务股份有限公司 Method and device for system data safety interaction, computer equipment and storage medium
CN112713988A (en) * 2020-12-31 2021-04-27 南威软件股份有限公司 No-key encryption and decryption method, system, terminal and medium based on identity card number
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114531235A (en) * 2022-03-01 2022-05-24 中国科学院软件研究所 End-to-end encrypted communication method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118710A (en) * 2011-03-08 2011-07-06 上海红松信息技术有限公司 System and method for transmitting data between mobile terminals
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone
CN103218731A (en) * 2013-03-25 2013-07-24 深圳市精彩明天科技有限公司 Method and system utilizing two-dimension code to advertise
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
US20160197731A1 (en) * 2015-01-06 2016-07-07 Electronics And Telecommunications Research Institute Method of collecting peer-to-peer-based content sending/reception information
CN107277059A (en) * 2017-08-08 2017-10-20 沈阳东青科技有限公司 A kind of one-time password identity identifying method and system based on Quick Response Code

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118710A (en) * 2011-03-08 2011-07-06 上海红松信息技术有限公司 System and method for transmitting data between mobile terminals
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone
CN103218731A (en) * 2013-03-25 2013-07-24 深圳市精彩明天科技有限公司 Method and system utilizing two-dimension code to advertise
US20160197731A1 (en) * 2015-01-06 2016-07-07 Electronics And Telecommunications Research Institute Method of collecting peer-to-peer-based content sending/reception information
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107277059A (en) * 2017-08-08 2017-10-20 沈阳东青科技有限公司 A kind of one-time password identity identifying method and system based on Quick Response Code

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988301A (en) * 2020-08-14 2020-11-24 武汉气吞云梦科技有限公司 Secure communication method for preventing client from hacker violence attack
CN112182621A (en) * 2020-09-30 2021-01-05 银盛支付服务股份有限公司 Method and device for system data safety interaction, computer equipment and storage medium
CN112713988A (en) * 2020-12-31 2021-04-27 南威软件股份有限公司 No-key encryption and decryption method, system, terminal and medium based on identity card number
CN113890730A (en) * 2021-09-23 2022-01-04 上海华兴数字科技有限公司 Data transmission method and system
CN114531235A (en) * 2022-03-01 2022-05-24 中国科学院软件研究所 End-to-end encrypted communication method and system

Also Published As

Publication number Publication date
CN108809936B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
CN101075874B (en) Certifying method and system
CN101090316B (en) Identify authorization method between storage card and terminal equipment at off-line state
CN106789042B (en) Authentication key negotiation method for user in IBC domain to access resources in PKI domain
CN108282329B (en) Bidirectional identity authentication method and device
KR20190073472A (en) Method, apparatus and system for transmitting data
CN108809936A (en) A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm
CN104796265A (en) Internet-of-things identity authentication method based on Bluetooth communication access
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
CN108809633B (en) Identity authentication method, device and system
CN101123495A (en) A data encryption, decryption system and method
CN112804205A (en) Data encryption method and device and data decryption method and device
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN103701787A (en) User name password authentication method implemented on basis of public key algorithm
CN110098925B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number
CN112528309A (en) Data storage encryption and decryption method and device
CN114157488B (en) Key acquisition method, device, electronic equipment and storage medium
KR20060078768A (en) System and method for key recovery using distributed registration of private key
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
JPH09330298A (en) Password registering method, verifying method, password updating method, password registering system, verifying system and password updating system
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN113792314A (en) Secure access method, device and system
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device
KR101388452B1 (en) Method of migrating certificate to mobile terminal using certificate transmission server based on one-time public information and apparatus using the same
KR100649858B1 (en) System and method for issuing and authenticating of payphone smart card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant