CN108809936A - A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm - Google Patents
A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm Download PDFInfo
- Publication number
- CN108809936A CN108809936A CN201810359179.8A CN201810359179A CN108809936A CN 108809936 A CN108809936 A CN 108809936A CN 201810359179 A CN201810359179 A CN 201810359179A CN 108809936 A CN108809936 A CN 108809936A
- Authority
- CN
- China
- Prior art keywords
- aes
- data
- key
- stamp
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
Abstract
The present invention relates to a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm and its realize system, transmission is encrypted to data information by the mixed encryption method based on RAS+AES+ timestamps in the present invention, can be used for authentication and the information transmission of a variety of clients.Transmission and returned data stream between client and server are ciphertext transmission and are difficult by Brute Force, transmission can accomplish one-time pad without key risk of missing every time, to reduce the risk that user data information is stolen in transmission process, the safety and reliability of identity authorization system is improved.
Description
Technical field
The present invention relates to a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm and its realize system,
Belong to information security of intelligent terminal technical field.
Background technology
With the fast development of mobile intelligent terminal, more and more users are by private data information storage in network application
On.Privacy of user data are stolen will to be brought user and cause huge risk and loss.Go out not in information security issue layer
Poor today, either personal user or corporate facility all give information security and secret protection unprecedented heavy
Depending on.Traditional data information security scheme is faced with problems and challenge.
The access of users personal data be unable to do without the verification to user identity, and it is to keep to access identity legitimacy verification to user
Protect first of gate of user information safety.Current most of mobile application subscriber authentications depend on three kinds of schemes:
Md5 encryption (Message Digest Algorithm MD5) is carried out to user information, uses DES and AES encryption algorithm for encryption
Or use RSA cryptographic algorithms.But for these types of scheme, MD5 algorithms exist by the risk of Brute Force, are not suitable for peace
Full property requires high field.DES/AES places one's entire reliance upon channel transfer as symmetric encipherment algorithm key, and key is once transmitting
In be trapped exposure, the safety of entire authentication system will be without collateral security.Although and rivest, shamir, adelman RSA keys pass
It is defeated convenient with preservation, but ciphering process is complicated, is not suitable for that larger data volume is encrypted.It can be seen that above-mentioned several
Traditional scheme is faced with great risk and challenge in the terminal user ID verification in intelligent movable epoch.
Invention content
In view of the deficiencies of the prior art, the present invention provides a kind of intelligent mobile terminal identity based on Hybrid Encryption algorithm
Verification method;
The present invention also provides a kind of intelligent mobile terminal authentication systems based on Hybrid Encryption algorithm.
The technical scheme is that:
A kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm is applied to client and server
End, the client is the ends PC or mobile client, including carries out authentication to the ends PC, recognizes mobile client progress identity
Card:
Authentication is carried out to the ends PC, including:
(1) a RSA public key is calculated, RSA key is to (including the public key of encryption and decryption in engineering development
Private key) acquisition can by java program create KeyPairGenerator objects obtain, RSA public keys for data encryption simultaneously
The ends PC are stored in, calculate the corresponding private key of RSA public keys, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through
The RSA public keys that step (1) preserves encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encryption
Ciphertext afterwards is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR Quick Response Codes for the ends PC
It obtains;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key
>;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate at random
One ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information ginseng that the ends PC are stored in step (1)
The ends the PC cipher-text information RSA that number time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES is close
Key aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key
>, null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) passes through the private key solution preserved in step (1)
The close encrypted ciphertext for receiving step (4) and transmitting, obtains clear data:Data, time_stamp, pc_identifier,
aes_pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, certificate parameter pc_identifier
Whether it is sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not
Sky, then for the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES
<re_data>, return to the ends PC;
According to currently preferred, the step (6), server end verification data and time_stamp legitimacy with have
Effect property, and the ends PC type is differentiated according to parameter pc_identifier identifiers, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data
It is legal;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates to ask
It asks and derives from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_ of step (2) generation
Pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, including:
A, establishment KeyPairGenerator calculation and objects are programmed by java in exploitation and goes out a RSA public key, the RSA is public
Key is for data encryption and is stored in mobile client, calculates the corresponding private key of RSA public keys, which is used for data deciphering simultaneously
It is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, for validity verification, and with
Machine generates a mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data,
The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_
mp_key>;
C, the encrypted ciphertext that received server-side is transmitted to step B is received by the private key decryption preserved in step A
The encrypted ciphertext that step B is transmitted obtains solution clear data:aes_mp_key;
D, the aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext
It is expressed as AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations
Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
The realization system of above-mentioned intelligent mobile terminal auth method, including the ends PC processing module, mobile terminal processing
Module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key
aes_pc_key;Pc_identifier, random AES key aes_ are accorded with to terminal recognition by the RSA public keys that step (1) preserves
Pc_key is encrypted, and encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is given birth to
It is obtained for mobile client at QR Quick Response Codes;That is above-mentioned steps (2);
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generate one at random
A mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data,
The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_
mp_key>;That is above-mentioned steps B;
The mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_
Identifier, aes_pc_key>;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in the ends PC in step (1)
The ends the PC cipher-text information RSA that timestamp information parameter time_stamp, step (3) obtain<Pc_identifier, aes_pc_
key>, AES key aes_mp_key encryption;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<pc_
Identifier, aes_pc_key>, null>;And it is sent to server end;That is above-mentioned steps (3), step (4).
The server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains plaintext number
According to:Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_identifier
Identifier differentiates client type, and the aes_pc_key obtained by step (5) is to needing the data re_data for returning to the ends pc to add
Close, ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES of step (2) generation
Key aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;That is above-mentioned steps
(5), step (6), step (7).
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution is obtained in plain text
Data:aes_mp_key;
The aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext table
It is shown as AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations
Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.That is above-mentioned steps C, step
Rapid D, step E.
According to currently preferred, the ends the PC processing module computer;The mobile terminal processing module is mobile phone.
The ends PC processing module includes for calculating and the personal computer of store function and the corresponding ends PC software;It is mobile
End processing module be mobile intelligent terminal include carry Android or IOS systems mobile phone and corresponding mobile client software,
Server processing module includes server process program and database.
Beneficial effects of the present invention are:
The present invention improve and has optimized for existing mobile network's client identity information data verification method.It is logical
It crosses the mixed encryption method based on RAS+AES+ timestamps and transmission is encrypted to data information, can be used for a variety of clients
Authentication and information transmission.Transmission and returned data stream between client and server are ciphertext transmission and are difficult quilt
Brute Force, every time transmission can accomplish that one-time pad without key risk of missing, is being transmitted across to reduce user data information
The risk being stolen in journey improves the safety and reliability of identity authorization system.
Description of the drawings
Fig. 1 is the flow diagram for carrying out authentication in the present invention to the ends PC;
Fig. 2 is the flow diagram for carrying out authentication in the present invention to mobile client;
Fig. 3 is the structure chart of the realization system of intelligent mobile terminal auth method of the present invention.
Specific implementation mode
The present invention is further limited with embodiment with reference to the accompanying drawings of the specification, but not limited to this.
Embodiment 1
A kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm is applied to client and server
End, client is the ends PC or mobile client, including carries out authentication to the ends PC, carries out authentication to mobile client:
Authentication is carried out to the ends PC, as shown in Figure 1, including:
(1) a RSA public key is calculated, RSA key is to (including the public key of encryption and decryption in engineering development
Private key) acquisition can by java program create KeyPairGenerator objects obtain, RSA public keys for data encryption simultaneously
The ends PC are stored in, calculate the corresponding private key of RSA public keys, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through
The RSA public keys that step (1) preserves encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encryption
Ciphertext afterwards is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR Quick Response Codes for the ends PC
It obtains;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key
>;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate at random
One ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information ginseng that the ends PC are stored in step (1)
The ends the PC cipher-text information RSA that number time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES is close
Key aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key
>, null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) passes through the private key solution preserved in step (1)
The close encrypted ciphertext for receiving step (4) and transmitting, obtains clear data:Data, time_stamp, pc_identifier,
aes_pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, certificate parameter pc_identifier
Whether it is sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not
Sky, then for the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES
<re_data>, return to the ends PC;
In step (6), server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_
Identifier identifiers differentiate the ends PC type, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data
It is legal;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates to ask
It asks and derives from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_ of step (2) generation
Pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, as shown in Fig. 2, including:
A, establishment KeyPairGenerator calculation and objects are programmed by java in exploitation and goes out a RSA public key, the RSA is public
Key is for data encryption and is stored in mobile client, calculates the corresponding private key of RSA public keys, which is used for data deciphering simultaneously
It is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, for validity verification, and with
Machine generates a mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data,
The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_
mp_key>;
C, the encrypted ciphertext that received server-side is transmitted to step B is received by the private key decryption preserved in step A
The encrypted ciphertext that step B is transmitted obtains solution clear data:aes_mp_key;
D, the aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext
It is expressed as AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations
Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
Embodiment 2
The realization system of intelligent mobile terminal auth method described in embodiment 1, as shown in figure 3, including at the ends PC
Manage module, mobile terminal processing module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key aes_pc_
key;The RSA public keys preserved by step (1) accord with pc_identifier to terminal recognition, random AES key aes_pc_key adds
Close, encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR two dimensions
Code is obtained for mobile client;That is above-mentioned steps (2);
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generate one at random
A mobile client AES key aes_mp_key;
Using be stored in step A mobile client RSA public keys will need encrypt send user ID data data,
The time_stamp encryptions of current time stamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_
mp_key>;That is above-mentioned steps B;
Mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_
Identifier, aes_pc-_key>;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in the ends PC in step (1)
The ends the PC cipher-text information RSA that timestamp information parameter time_stamp, step (3) obtain<Pc_identifier, aes_pc_
key>, AES key aes_mp_key encryption;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<pc_
Identifier, aes_pc_key>, null>;And it is sent to server end;That is above-mentioned steps (3), step (4).
Server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains plaintext number
According to:Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_identifier
Identifier differentiates client type, and the aes_pc_key obtained by step (5) is to needing the data re_data for returning to the ends pc to add
Close, ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES of step (2) generation
Key aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;That is above-mentioned steps
(5), step (6), step (7).
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution is obtained in plain text
Data:aes_mp_key;
The aes_mp_key obtained by step C is to needing the data re_data for returning to mobile client to encrypt, ciphertext table
It is shown as AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key of step B generations
Aes_mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.That is above-mentioned steps C, step
Rapid D, step E.
The ends PC processing module computer;Mobile terminal processing module is mobile phone.
The ends PC processing module includes for calculating and the personal computer of store function and the corresponding ends PC software;It is mobile
End processing module be mobile intelligent terminal include carry Android or IOS systems mobile phone and corresponding mobile client software,
Server processing module includes server process program and database.
Claims (4)
1. a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm, which is characterized in that be applied to client
With server end, the client be the ends PC or mobile client, including to the ends PC carry out authentication, to mobile client into
Row authentication:
Authentication is carried out to the ends PC, including:
(1) a RSA public key is calculated, RSA public keys are for data encryption and are stored in the ends PC, and it is corresponding to calculate the RSA public keys
Private key, private key is for data deciphering and is stored in server end;
(2) fixed terminal recognition symbol pc_identifier, random AES key aes_pc_key are generated by the ends PC;Pass through step
(1) the RSA public keys preserved encrypt terminal recognition symbol pc_identifier, random AES key aes_pc_key, encrypted
Ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information generation QR Quick Response Codes are obtained for the ends PC
It takes;It enters step (3);
(3) the QR Quick Response Codes that the ends PC scanning step (2) generates obtain ciphertext RSA<Pc_identifier, aes_pc_key>;
(4) ends PC generate a current time stamp information parameter time_stamp, are used for validity verification, and generate one at random
The ends PC AES key aes_mp_key;
Use RSA public key encryption user ID datas data, the current time stamp information parameter that the ends PC are stored in step (1)
The ends the PC cipher-text information RSA that time_stamp, step (3) obtain<Pc_identifier, aes_pc_key>And AES key
aes_mp_key;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier, aes_pc_key>,
null>;
(5) the encrypted ciphertext that received server-side is transmitted to step (4) is decrypted by the private key preserved in step (1) and is received
The encrypted ciphertext transmitted to step (4), obtains clear data:Data, time_stamp, pc_identifier, aes_
pc_key;
(6) legitimacy and validity of server end verification data and time_stamp, whether certificate parameter pc_identifier
For sky, legitimacy and the validation verification of data and time_stamp pass through, and parameter pc_identifier is not sky, then
For the aes_pc_key obtained by step (5) to needing the data re_data for returning to the ends pc to encrypt, ciphertext is expressed as AES<re_
data>, return to the ends PC;
(7) ends PC receive the ciphertext AES of step (6) return<re_data>, utilize the AES key aes_pc_ of step (2) generation
Key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Authentication is carried out to mobile client, including:
A, a RSA public key is calculated, the RSA public keys are for data encryption and are stored in mobile client, calculate the RSA public keys
Corresponding private key, the private key is for data deciphering and is stored in server end;
B, mobile client generates a current time stamp information parameter time_stamp, is used for validity verification, and give birth at random
At a mobile client AES key aes_mp_key;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in mobile client in step A
The time_stamp encryptions of timestamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_mp_
key>;
C, the encrypted ciphertext that received server-side is transmitted to step B receives step by the private key decryption preserved in step A
The encrypted ciphertext that B is transmitted obtains solution clear data:aes_mp_key;
D, to needing the data re_data for returning to mobile client to encrypt, ciphertext indicates the aes_mp_key obtained by step C
For AES<re_data>, return to mobile client;
E, mobile client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key aes_mp_ of step B generations
Key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
2. a kind of intelligent mobile terminal auth method based on Hybrid Encryption algorithm according to claim 1, special
Sign is that the step (6), server end verifies the legitimacy and validity of data and time_stamp, and according to parameter pc_
Identifier identifiers differentiate the ends PC type, including:
A, server end inquiry user preserves identity information in the database, and whether verification mobile phone terminal solicited message data closes
Method;
B, whether expired by parameter time_stamp comparisons current time checking request;
C, whether server end certificate parameter pc_identifier is empty, and pc_identifier is not sky, that is, indicates that request comes
Derived from the ends PC, otherwise, that is, indicate that request does not derive from the ends PC.
3. the realization system of intelligent mobile terminal auth method as claimed in claim 1 or 2, which is characterized in that including PC
Hold processing module, mobile terminal processing module, server processing module;
The ends PC processing module is used for:Generate fixed terminal recognition symbol pc_identifier, random AES key aes_pc_
key;The RSA public keys preserved by step (1) accord with pc_identifier to terminal recognition, random AES key aes_pc_key adds
Close, encrypted ciphertext is:RSA<Pc_identifier, aes_pc_key>, encrypted cipher-text information is generated into QR two dimensions
Code is obtained for mobile client;
Alternatively, generating a current time stamp information parameter time_stamp, it is used for validity verification, and generates a shifting at random
Dynamic customer end A ES keys aes_mp_key;
It will need to encrypt the user ID data data sent, current using the RSA public keys for being stored in mobile client in step A
The time_stamp encryptions of timestamp information parameter;Encrypted ciphertext is:RSA<Data, time_stamp, null, aes_mp_
key>;
The mobile terminal processing module is used for:The QR Quick Response Codes that scanning step (2) generates obtain ciphertext RSA<pc_
Identifier, aes_pc_key>;
It will need to encrypt the user ID data data sent, current time using the RSA public keys for being stored in the ends PC in step (1)
Stab information parameter time_stamp, the ends the PC cipher-text information RSA that step (3) obtains<Pc_identifier, aes_pc_key>,
AES key aes_mp_key encryptions;Encrypted ciphertext is:RSA<Data, time_stamp, RSA<Pc_identifier,
aes_pc_key>, null>;And it is sent to server end;
The server processing module is used for:
The encrypted ciphertext that step (4) transmits is received by the private key decryption preserved in step (1), obtains clear data:
Data, time_stamp, pc_identifier, aes_pc_key;
Server end verifies the legitimacy and validity of data and time_stamp, and is identified according to parameter pc_identifier
Symbol differentiates client type, by the aes_pc_key of step (5) acquisition to needing the data re_data for returning to the ends pc to encrypt,
Ciphertext is expressed as AES<re_data>, return to the ends PC;
Different type client receives the ciphertext AES of step (6) return<re_data>, utilize the AES key of step (2) generation
Aes_pc_key decrypts AES<re_data>, obtain the clear data re_data returned from server section;
Alternatively, receiving the encrypted ciphertext that step B is transmitted by the private key decryption preserved in step A, solution clear data is obtained:
aes_mp_key;
To needing the data re_data for returning to mobile client to encrypt, ciphertext is expressed as the aes_mp_key obtained by step C
AES<re_data>, return to mobile client;
Different type client receives the ciphertext AES that step D is returned<re_data>, utilize the AES key aes_ of step B generations
Mp_key decrypts AES<re_data>, obtain the clear data re_data returned from server section.
4. the realization system of intelligent mobile terminal auth method according to claim 3, which is characterized in that the PC
Hold processing module computer;The mobile terminal processing module is mobile phone.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810359179.8A CN108809936B (en) | 2018-04-20 | 2018-04-20 | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810359179.8A CN108809936B (en) | 2018-04-20 | 2018-04-20 | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108809936A true CN108809936A (en) | 2018-11-13 |
CN108809936B CN108809936B (en) | 2020-12-08 |
Family
ID=64093413
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810359179.8A Active CN108809936B (en) | 2018-04-20 | 2018-04-20 | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108809936B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988301A (en) * | 2020-08-14 | 2020-11-24 | 武汉气吞云梦科技有限公司 | Secure communication method for preventing client from hacker violence attack |
CN112182621A (en) * | 2020-09-30 | 2021-01-05 | 银盛支付服务股份有限公司 | Method and device for system data safety interaction, computer equipment and storage medium |
CN112713988A (en) * | 2020-12-31 | 2021-04-27 | 南威软件股份有限公司 | No-key encryption and decryption method, system, terminal and medium based on identity card number |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
CN114531235A (en) * | 2022-03-01 | 2022-05-24 | 中国科学院软件研究所 | End-to-end encrypted communication method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102118710A (en) * | 2011-03-08 | 2011-07-06 | 上海红松信息技术有限公司 | System and method for transmitting data between mobile terminals |
CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
CN103218731A (en) * | 2013-03-25 | 2013-07-24 | 深圳市精彩明天科技有限公司 | Method and system utilizing two-dimension code to advertise |
CN104821944A (en) * | 2015-04-28 | 2015-08-05 | 广东小天才科技有限公司 | Hybrid encrypted network data security method and system |
US20160197731A1 (en) * | 2015-01-06 | 2016-07-07 | Electronics And Telecommunications Research Institute | Method of collecting peer-to-peer-based content sending/reception information |
CN107277059A (en) * | 2017-08-08 | 2017-10-20 | 沈阳东青科技有限公司 | A kind of one-time password identity identifying method and system based on Quick Response Code |
-
2018
- 2018-04-20 CN CN201810359179.8A patent/CN108809936B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102118710A (en) * | 2011-03-08 | 2011-07-06 | 上海红松信息技术有限公司 | System and method for transmitting data between mobile terminals |
CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
CN103218731A (en) * | 2013-03-25 | 2013-07-24 | 深圳市精彩明天科技有限公司 | Method and system utilizing two-dimension code to advertise |
US20160197731A1 (en) * | 2015-01-06 | 2016-07-07 | Electronics And Telecommunications Research Institute | Method of collecting peer-to-peer-based content sending/reception information |
CN104821944A (en) * | 2015-04-28 | 2015-08-05 | 广东小天才科技有限公司 | Hybrid encrypted network data security method and system |
CN107277059A (en) * | 2017-08-08 | 2017-10-20 | 沈阳东青科技有限公司 | A kind of one-time password identity identifying method and system based on Quick Response Code |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988301A (en) * | 2020-08-14 | 2020-11-24 | 武汉气吞云梦科技有限公司 | Secure communication method for preventing client from hacker violence attack |
CN112182621A (en) * | 2020-09-30 | 2021-01-05 | 银盛支付服务股份有限公司 | Method and device for system data safety interaction, computer equipment and storage medium |
CN112713988A (en) * | 2020-12-31 | 2021-04-27 | 南威软件股份有限公司 | No-key encryption and decryption method, system, terminal and medium based on identity card number |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
CN114531235A (en) * | 2022-03-01 | 2022-05-24 | 中国科学院软件研究所 | End-to-end encrypted communication method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108809936B (en) | 2020-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101075874B (en) | Certifying method and system | |
CN101090316B (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
CN106789042B (en) | Authentication key negotiation method for user in IBC domain to access resources in PKI domain | |
CN108282329B (en) | Bidirectional identity authentication method and device | |
KR20190073472A (en) | Method, apparatus and system for transmitting data | |
CN108809936A (en) | A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm | |
CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
CN108809633B (en) | Identity authentication method, device and system | |
CN101123495A (en) | A data encryption, decryption system and method | |
CN112804205A (en) | Data encryption method and device and data decryption method and device | |
CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
CN110098925B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number | |
CN112528309A (en) | Data storage encryption and decryption method and device | |
CN114157488B (en) | Key acquisition method, device, electronic equipment and storage medium | |
KR20060078768A (en) | System and method for key recovery using distributed registration of private key | |
CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
JPH09330298A (en) | Password registering method, verifying method, password updating method, password registering system, verifying system and password updating system | |
CN110086627B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp | |
CN113792314A (en) | Secure access method, device and system | |
EP3185504A1 (en) | Security management system for securing a communication between a remote server and an electronic device | |
KR101388452B1 (en) | Method of migrating certificate to mobile terminal using certificate transmission server based on one-time public information and apparatus using the same | |
KR100649858B1 (en) | System and method for issuing and authenticating of payphone smart card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |