CN108965311A - Encryption of communicated data method and apparatus - Google Patents

Encryption of communicated data method and apparatus Download PDF

Info

Publication number
CN108965311A
CN108965311A CN201810851516.5A CN201810851516A CN108965311A CN 108965311 A CN108965311 A CN 108965311A CN 201810851516 A CN201810851516 A CN 201810851516A CN 108965311 A CN108965311 A CN 108965311A
Authority
CN
China
Prior art keywords
data
encryption
parameter
terminal device
page data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810851516.5A
Other languages
Chinese (zh)
Inventor
张驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810851516.5A priority Critical patent/CN108965311A/en
Priority to PCT/CN2018/107636 priority patent/WO2020019477A1/en
Publication of CN108965311A publication Critical patent/CN108965311A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses encryption of communicated data method and apparatus, wherein method includes: the access request to target pages for obtaining terminal device and initiating;The corresponding first page data of the target pages are obtained from the corresponding background server of the target pages according to the access request;The first page data are encrypted to obtain second page data using the first Encryption Algorithm;The first response to the access request is sent to the terminal device, so that the terminal device is decrypted the second page data according to the first ciphertext data to obtain the first page data, first response includes the second page data and first ciphertext data, and first ciphertext data is to include the corresponding ciphertext data of first Encryption Algorithm.By being encrypted to the page data that background server returns, avoids the universal scans tool such as scanner from being directly obtained page data, improve the safety of background server.

Description

Encryption of communicated data method and apparatus
Technical field
The present invention relates to field of communication technology more particularly to encryption of communicated data method and apparatus.
Background technique
Website is to rely on the application of web technology foundation, and the information exchange each time in the application of website is directed to web client End and web services end, wherein the main task of web client is to show the information content to user, specifically utilizes html language Speech, shell script, CSS, plug-in part technology etc. realize that corresponding web page is shown;Web services end provides business for web client It supports, the technologies such as PHP, ASP, JSP is specifically utilized to realize corresponding function.The interaction flow at web services end and web client Generally are as follows: web client sends to web services end and requests, and the request that web services end group is issued in web client is to web client End returns to the corresponding data (such as html code) of the request.
In order to improve the safety of website, certain data of website can generally be added using certain encryption technology It is close, in current some Encryption Designs, the content to avoid website is mainly encrypted by the html code to website Structure is read easily.But there are also the interaction parameters between each function of number of site (as mentioned by post list at present User name, password of friendship etc.) it is to be transmitted in the form of plaintext, monitored risk is faced, the safety of website is not high enough.
Summary of the invention
The embodiment of the present invention provides encryption of communicated data method and apparatus, solves the problems, such as that web portal security is not high enough.
In a first aspect, providing a kind of encryption of communicated data method, comprising:
Obtain the access request to target pages that terminal device is initiated;
It is corresponding from the target pages corresponding background server acquisition target pages according to the access request First page data;
The first page data are encrypted to obtain second page data using the first Encryption Algorithm;
The first response to the access request is sent to the terminal device, so that the terminal device is according to the first solution Ciphertext data is decrypted the second page data to obtain the first page data, and first response includes described second Page data and first ciphertext data, first ciphertext data are the data comprising first Encryption Algorithm.
In the embodiment of the present invention, by page data corresponding to access request from terminal device to server that initiate into Row encryption, and ciphertext data corresponding to cipher mode is sent jointly into terminal device together with encrypted page data, really Encrypted page data can be decrypted using the ciphertext data to show that the access request is corresponding by protecting terminal device Target pages, background server is encrypted to the data that terminal device returns by way of encrypting page data, The tool that the page can be scanned to avoid scanner, reptile instrument etc. is directly obtained page data, increases the safety of website.
With reference to first aspect, in one possible implementation, first ciphertext data includes the first Encryption Algorithm Corresponding decryption script, the decryption script make the terminal device execute first Encryption Algorithm when being run by terminal device To be decrypted;Described send to the terminal device comprises determining that described first adds to the first response of the access request The corresponding decryption script of close algorithm;The corresponding decryption script of first Encryption Algorithm is inserted into the second page data, And by be inserted into first Encryption Algorithm it is corresponding decryption script after second page data carry it is described first response in send out Give the terminal device.By the way that decryption script corresponding to the cipher mode used when encrypting page data is inserted in encryption In page data afterwards, terminal device is allowed to run the decryption script to carry out the corresponding operation of decryption script, thus Encrypted page data can be decrypted.
It with reference to first aspect, in one possible implementation, is the feelings that parameter obtains the page in the target pages Under condition, first response further includes the first encryption data, and first encryption data is the corresponding data of the second Encryption Algorithm. By the way that the corresponding data of cipher mode are being added into the response that terminal device returns, allow terminal device according to the encryption Data encrypt needs to the data that background server is submitted.
With reference to first aspect, in one possible implementation, described to send to the terminal device to the access After first response of request, further includes: obtain the parameter that the terminal device is initiated and submit request, the parameter submits request Including the first parameter, first parameter is that the terminal device encrypts the second parameter according to first encryption data Obtained parameter, second parameter are the parameter that the terminal device is got by the target pages;To described first Parameter is decrypted to obtain second parameter, and second parameter is sent to the background server.Due to that will add in advance Ciphertext data is sent to terminal device, and terminal device encrypts the parameter of submission, by terminal device backward The parameter that platform server is submitted is encrypted, and is avoided the scanning tools such as scanner, reptile instrument from getting these parameters, is increased The safety of interaction data between terminal device and background server.
With reference to first aspect, in one possible implementation, described that first parameter is decrypted to obtain institute Stating the second parameter includes: the identification information for submitting request to determine the terminal device according to the parameter;It is set according to the terminal Standby identification information determines first encryption data;Second Encryption Algorithm is determined according to first encryption data;It adopts First parameter is decrypted with second Encryption Algorithm to obtain second parameter.By the body for determining terminal device Part, it may be determined that it is sent to the encryption data of terminal device, before so as to determine that terminal device encrypts according to the encryption data Used cipher mode when parameter, and then encrypted parameter can be decrypted.
With reference to first aspect, in one possible implementation, described that second parameter is sent to the backstage After server further include: obtain the third page data that the background server is returned according to second parameter;Using Three Encryption Algorithm are encrypted to obtain the 4th page data to the third page data;It sends to the terminal device to described Parameter submits the second response of request, so that the terminal device carries out the 4th page data according to the second ciphertext data Decryption obtains the third page data, and second response includes the 4th page data and second ciphertext data, Second ciphertext data is the data comprising the third Encryption Algorithm.
It is with reference to first aspect, described that second parameter is sent to the background server includes: based on safe socket Word layer hypertext transfer protocol (hypertext transfer protocol over secure socket layer, HTTPS first parameter) is sent to the background server;It is described to obtain the background server according to second ginseng The third page data that number returns includes: to obtain the background server to be based on the HTTPS agreement according to second parameter The third page data of return.It when being interacted with background server, is transmitted based on HTTPS agreement, it is ensured that with backstage The data of interaction are encryptions between server, to guarantee that interaction data is all encryption during entire transmission.
Second aspect provides a kind of encryption of communicated data device, comprising:
Access request obtains module, for obtaining the access request to target pages of terminal device initiation;
Page data obtains module, for being obtained according to the access request from the corresponding background server of the target pages Take the corresponding first page data of the target pages;
Encrypting module, for being encrypted to obtain second page number to the first page data using the first Encryption Algorithm According to;
Ask respond module, for sending the first response to the access request to the terminal device, so that described Terminal device is decrypted to obtain the first page data to the second page data according to the first ciphertext data, and described One response includes the second page data and first ciphertext data, and first ciphertext data is to include described first The data of Encryption Algorithm.
The third aspect provides another encryption of communicated data device, including processor, memory and communication interface, institute It states processor, memory and communication interface to be connected with each other, wherein the communication interface is described to deposit for receiving or sending data Reservoir is used to store the application code that encryption of communicated data device executes the above method, and the processor is configured for holding The method of the above-mentioned first aspect of row.
Fourth aspect provides a kind of computer storage medium, and the computer storage medium is stored with computer program, institute Stating computer program includes program instruction, and described program instruction makes the processor execute above-mentioned first when being executed by a processor The method of aspect.
In the embodiment of the present invention, by intercepting and capturing the data interacted between terminal device and background server and adding to it It is close, it ensure that the safety of the data interacted between terminal device and background server.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is a kind of configuration diagram of web station system provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of encryption of communicated data method provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another encryption of communicated data method provided in an embodiment of the present invention;
Fig. 4 is a kind of composed structure schematic diagram of encryption of communicated data device provided in an embodiment of the present invention;
Fig. 5 is the composed structure schematic diagram of another encryption of communicated data device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts Example is applied, shall fall within the protection scope of the present invention.
Technical solution of the present invention is suitable for traditional web station system with plaintext version transmission data, and web station system can wrap Include website client end and website service end.Website client end is user oriented client, for providing service for user.The net Client of standing can be universal client, and universal client can provide service for multiple Website servers, such as It can be browser;The website client end can also specific client, which is served only for as some ad hoc networks It stands offer service, for example, " Tencent's video " client.Under normal circumstances, which operates in the terminal device of user On, wherein terminal device includes but is not limited to that mobile phone, computer, tablet computer, electronic reader etc. have website browsing function Electronic equipment.For managing and providing the resource of the web station system to website client end, website service end is used at website service end There is provided various data to website client end allows the website client end to showing the various pages.The website service end can be with It is made of one or more server.The embodiment of the present invention passes through in traditional web station system for transmitting data with plaintext version Increase encryption server, the data encryption using encryption server to interacting between website service end and website client end, with reality Now ensure the purpose of web portal security.Illustratively, the framework of the web station system of the embodiment of the present invention can be as shown in Figure 1, website System includes the website client end operated on terminal device 101, encryption server 102 and Website server 103, wherein Encryption server 102 is used to obtain website client end and encrypts the interaction data between the server-side of website and encrypted.
The method of the embodiment of the present invention may be implemented that the embodiment of the present invention is described below in system architecture shown in Fig. 1 Method.
Referring to fig. 2, Fig. 2 is a kind of flow diagram of encryption of communicated data method provided in an embodiment of the present invention, is such as schemed It is shown, this method comprises:
S201, terminal device initiate the access request to target pages, and encryption server obtains the access to target pages Request.
Here, terminal device initiates to ask the access of target pages by the website client end operated in terminal device It asks, which is one of page of web station system.In the case where the website client end is universal client, The target pages can be the one of page for any one web station system that user wants access to;It is at the website client end In the case where specific client, which is one of page of the corresponding web station system in website client end.
The target pages correspond to a uniform resource locator (uniform resource location, URL), the visit Ask that request carries the URL, which is directed toward Internet protocol (Internet protocol, an IP) address, which is The address of access request access.
In the embodiment of the present invention, the IP address which is directed toward can have following two design:
The first design, the IP address which is directed toward are the IP address of encryption server.When terminal device is initiated to the mesh When marking the access request of the page, terminal device carries out domain name analysis system (domain name system, DNS) solution to the URL Analyse the IP address that obtained IP address is the encryption server.Terminal device takes according to the IP address of the encryption server to encryption Device of being engaged in is initiated to the access requests of target pages, and encryption server obtains the access to target pages by received mode and asks It asks.
Second of design, the IP address which is directed toward are the IP address of background server.When terminal device is initiated to the mesh When marking the access request of the page, terminal device to the URL with carrying out IP that the obtained IP address of dns resolution is the background server Location.Terminal device initiates the access request to target pages, encryption to background server according to the IP address of the background server Server intercepts the access of the access request to obtain this to target pages to target pages in such a way that flow is kidnapped Request.
S202, encryption server send the corresponding resource acquisition request of target pages, background server to background server Receive the resource access request to target pages.
Here, background server is the corresponding background server of the target pages, namely the website comprising the target pages The background server of system.The corresponding resource acquisition request of target pages is for requesting the background server to return to the target pages Corresponding first page data, the first page data can make the website when being run by the website client end in terminal device Client shows the target pages.
In the embodiment of the present invention, encryption server, which sends the corresponding resource acquisition request of target pages to background server, to be had Following two situation:
The first situation, the IP address that the URL that carries in the access request to target pages is directed toward be it is above-mentioned the first In the case where design, can in encryption server the preset background server IP address, and by the IP of background server Location is associated with target access request, when encryption server gets target access request, requests to close according to the target access The IP address of connection determines that the target access requests the resource of corresponding page data on the background server, thus cryptographic services Device can initiate the corresponding resource of target pages to the background server according to IP address corresponding with target access request and obtain Take request, wherein target access request refers to asks with the associated access request of the background server, the i.e. correlation of the web station system It asks.
For example, preparatory " pingan.com " this domain name is corresponding with the IP address of background server, background server IP address be 192.168.11.32, when encryption server receives in access request carrying " pingan.com " this domain name Request when, for example, www.pingan.com/login, due to this request in carry " pingan.com ", then can be true Fixed to request the IP address of corresponding background server for 192.168.11.32 with this, then encryption server is to IP address 192.168.11.32 background server initiate the corresponding resource request of the access request.
Second situation, the IP address that the URL carried in the access request of target pages is directed toward set for above-mentioned second In the case where meter, encryption server, can be to taking in the access request after being truncated to the access request to target pages The URL of band carries out dns resolution and obtains the IP address of the background server, and the backstage that encryption server can be obtained according to parsing takes The IP address of business device initiates the corresponding resource acquisition request of target pages to background server.Specifically, the target pages are corresponding Resource acquisition request can be the access request to target pages.
For example, the URL carried in the access request that encryption server is truncated to is www.pingan.com/login, encryption Server by DNS mode parse the URL obtain the corresponding IP address of the URL be 202.132.11.32, then encryption server to The server that IP address is 202.132.11.32 initiates the corresponding resource request of target pages.
S203, background server send the corresponding first page data of target pages, and encryption server obtains target pages Corresponding first page data.
Here, background server finds the target according to the corresponding resource acquisition request of the target pages from directory web site The corresponding site file of the page obtains first page data from the site file, then sends the first page data.
In the embodiment of the present invention, in the case that the URL carried in the access request is the first above-mentioned design, backstage is taken Device be engaged in the corresponding first page data of encryption server transmission target pages, encryption server is obtained by received mode The corresponding first page data of target pages;In the case that the URL carried in the access request is above-mentioned second of design, after Platform server sends target to the terminal device and sends the corresponding first page data of the page, which is robbed by flow The mode held intercepts this to the corresponding first page data of target pages.
Optionally, if the URL carried in the access request is the first above-mentioned design, in the first possible realization side In formula, encryption server can be communicated with background server based on HTTPS agreement.Wherein, encryption server can be based on HTTPS agreement sends the corresponding resource acquisition request of target pages to background server, and encryption server can be assisted based on HTTPS It discusses to encryption server and sends the corresponding first page data of the target pages.In the second possible implementation, should add The access mode of close server can be a Password-Enabled server access, i.e., have in the access white list of the background server and The only identity information of the proof such as the IP address of the encryption server or MAC Address encryption server.With a kind of safe side Formula guarantees the communication security of the interactive process between encryption server and background server, further enhances the peace of web station system Quan Xing.
S204, encryption server encrypt first page data to obtain second page number using the first Encryption Algorithm According to.
In the embodiment of the present invention, the first Encryption Algorithm can be symmetry algorithm, be also possible to asymmetric arithmetic, wherein the One Encryption Algorithm includes but is not limited to data encryption standards (data encryption standard, DES) algorithm, 3DES calculation Method, RSA Algorithm, Advanced Encryption Standard (advanced encryption standard, AES) algorithm.
In the specific implementation, encryption server selects one of key to make from the corresponding key space of the first Encryption Algorithm For first key, the corresponding operation of first Encryption Algorithm is carried out to the first key and the first page data, obtains second Page data.
S205, encryption server send the first response to terminal device, and terminal device receives the first response, the first response bag Include second page data and the first ciphertext data.
Here, the first response is the response to the access request of step S201.First ciphertext data may include two parts Data, first part's data are the second key, and second part data are to make the terminal device carry out first Encryption Algorithm to correspond to Operation data.In the case where first Encryption Algorithm is symmetry algorithm, second key and encryption server to this One page data when being encrypted used key it is identical, i.e., second key be encryption server to the first page data Used key when being encrypted;In the case where first Encryption Algorithm is asymmetric arithmetic, if encryption server pair The first page data when being encrypted used first key be public key, then second key be the corresponding private of the public key Key, if the encryption server when being encrypted to the first page data used first key be private key, this second Key is the corresponding public key of the private key.
In a kind of possible mode, this makes the data of terminal device progress operation corresponding with first Encryption Algorithm can Think the corresponding decryption script of first Encryption Algorithm, then the encryption server send the first response to terminal device can be as Under: encryption server determines the corresponding decryption script of the first Encryption Algorithm;Encryption server is inserted into second page data should The corresponding decryption script of first Encryption Algorithm, and by be inserted into the first Encryption Algorithm it is corresponding decryption script after second page data It carries and is sent to terminal device in the first response.
In the specific implementation, (can refer to the meter of the execution Encryption Algorithm in the preset at least one Encryption Algorithm of encryption server Calculation machine program), and in encryption server preset key space, encryption script and decryption script, then by key space, It is corresponding with Encryption Algorithm to encrypt script, decryption script.When transmission first responds, encryption server can choose and Encryption Algorithm Corresponding decryption script is sent to terminal device, is specifically described below:
The first situation, preset a kind of Encryption Algorithm in encryption server.In this case, add in encryption server The corresponding encryption script of close algorithm and decryption script only one, encryption server obtains unique decryption script, the Unique decryption script is inserted into two page datas, the second page data and second then insertion to be decrypted to script after are close Key is sent to terminal device.
Second situation presets multiple encryption algorithms in encryption server.In this case, add in encryption server There are many close algorithms, encryption script and decryption script have it is multiple, encryption server can according to Encryption Algorithm and encryption script with And the mutual corresponding relationship of decryption script selects decryption script corresponding with the first Encryption Algorithm as object decryption script, Then the object decryption script is inserted into second page data, then by the second page data after insertion object decryption script And second key be sent to terminal device.
S206, terminal device are decrypted second page data according to the first ciphertext data to obtain first page data.
In the specific implementation, terminal device obtain the second key respectively from the first ciphertext data and make terminal device carry out with Then the data of the corresponding operation of first Encryption Algorithm carry out terminal device and the operation of the first Encryption Algorithm by this Data carry out the corresponding operation of first Encryption Algorithm to second key and the second page data, and the data that operation obtains are First page data.
It is corresponding in the first Encryption Algorithm of data for making terminal device carry out operation corresponding with first Encryption Algorithm Decrypt script in the case where, terminal device run the corresponding decryption script of first Encryption Algorithm to second key and this second Page data carries out the corresponding operation of the first Encryption Algorithm and obtains first page data.
S207, terminal device is according to first page data shows target pages.
In the embodiment of the present invention, encryption server passes through corresponding to access request from terminal device to server that initiate Page data is encrypted, and ciphertext data corresponding to cipher mode is sent jointly to end together with encrypted page data Terminal device is decrypted to encrypted page data so as to show this using the ciphertext data in end equipment The corresponding target pages of access request, the number that background server is returned to terminal device by way of encrypting page data According to being encrypted, page data can be directly obtained and get by avoiding the universal scans such as scanner, reptile instrument tool The information of website increases the safety of background server.
In the corresponding embodiment of fig. 2 described above, the page number that encryption server returns to background server to terminal device According to being encrypted, in some possible implementations, if the target pages are that parameter obtains the page, terminal device to In the case that background server submits the parameter information got from target pages, terminal device can be to terminal device to from the background The parameter information that server is submitted is encrypted.Encryption server can carry the encryption data for being used to encrypt the parameter information It is sent to terminal device in the corresponding page data of the target pages, i.e., is that parameter page obtains the page in the target pages In the case of, which can also include the first encryption data, which is the number comprising the second Encryption Algorithm According to first encryption data can be used for encryption data by terminal device.
First encryption data may include two parts data, and first part's data are third key, and second part data are The terminal device is set to carry out the data of operation corresponding with second Encryption Algorithm.
Second Encryption Algorithm can be symmetry algorithm, or asymmetric arithmetic is symmetrical calculate in the second Encryption Algorithm In the case where method, which is symmetric key;In the case where the second Encryption Algorithm is asymmetric arithmetic, second encryption Key is unsymmetrical key.Second Encryption Algorithm includes but is not limited to DES algorithm, 3DES algorithm, RSA Algorithm, aes algorithm.
Second Encryption Algorithm and third key can have following several situations:
One, the second Encryption Algorithm is identical as the first Encryption Algorithm, and third key is identical as first key.
Two, the second Encryption Algorithm is identical as the first Encryption Algorithm, and third key is different from first key.
Three, the second Encryption Algorithm is different from the first Encryption Algorithm, and third key is identical as first key.
Four, the second Encryption Algorithm is different from the first Encryption Algorithm, and third key is identical as first key.
In above-mentioned four kinds of situations, in addition to the first situation, excess-three kind situation be may be implemented to terminal device with after The dynamic encryption of the data of interaction between platform server.
In one possible implementation, the number for making terminal device progress operation corresponding with second Encryption Algorithm According to that can be the corresponding encryption script of second Encryption Algorithm, then the encryption server sends the first response to terminal device and may be used also To include: that encryption server determines the corresponding encryption script of the second Encryption Algorithm;Encryption server is inserted in second page data Enter the corresponding decryption script of second Encryption Algorithm, it then will the corresponding decryption script of the first Encryption Algorithm of insertion and the second encryption Second page data after the corresponding encryption script of algorithm, which are carried, is sent to terminal device in the first response.
In the case where the first Encryption Algorithm and the second Encryption Algorithm are identical Encryption Algorithm, second Encryption Algorithm pair The encryption script answered can decryption script corresponding with first Encryption Algorithm can be the same script.
After the first encryption data carried being sent to terminal device in the first response, terminal device can use this One encryption data encrypts the parameter information got from the target pages.It is that the embodiment of the present invention mentions referring to Fig. 3, Fig. 3 The flow diagram of another encryption of communicated data method supplied, this method can be performed after above-mentioned steps S207, should Method includes:
S301, terminal device obtain the second parameter that user inputs by target pages.
In the embodiment of the present invention, target pages are that parameter obtains the page, and parameter obtains the page and refers to that user can input number According to and the page submitted, parameter obtain that the page is specifically as follows login page, user information fills in the page, consumers' opinions mentions Hand over page, etc..Second parameter is the information of user's input, and the second parameter can be the user that user is inputted by login page Name, password, identifying code etc., the second parameter may be that user by user information fills in name, the gender, age that the page is filled in It can also be message, the suggestion etc. that user submits Deng, the second parameter, be not limited to description here.
S302, terminal device encrypt the second parameter according to the first encryption data to obtain the first parameter.
In the specific implementation, terminal device can be obtained respectively from the first encryption data third key and make terminal device into Then the data of row operation corresponding with second Encryption Algorithm keep terminal device progress corresponding with second encryption by this The data of operation the corresponding operation of second Encryption Algorithm, the number that operation obtains are carried out to the third key and second parameter According to for the first parameter.
It is corresponding in the second Encryption Algorithm of data for making terminal device carry out operation corresponding with second Encryption Algorithm Encrypt script in the case where, terminal device run the corresponding encryption script of second Encryption Algorithm to second key and this second Parameter carries out the corresponding operation of the second Encryption Algorithm and obtains the first parameter.
S303, terminal device initiate parameter and submit request, and encryption server, which gets parms, submits request, and parameter submits request Including the first parameter.
Here, parameter is submitted and carries a URL in request, which is directed toward an IP address, which is that the parameter mentions Request is handed over to submit the address of parameter.The IP address that the URL carried in the IP address and access request that the URL is directed toward is directed toward is identical. Terminal device initiates parameter submission request and encryption server gets parms and submits the specific implementation of request that can refer to Aforementioned terminals equipment initiates access request and encryption server obtains the description of access request, and details are not described herein again.
S304, encryption server are decrypted the first parameter to obtain the second parameter.
As previously mentioned, the first encryption data is sent to terminal device by encryption server, asked when getting parameter submission When asking, in parameter submission request other than carrying the first parameter, the identification information of carried terminal equipment is gone back, encryption server can To submit the identification information for requesting to determine terminal device according to the parameter, first then is determined according to the identification information of terminal device Encryption data determines the second Encryption Algorithm according to the first encryption data, finally using second Encryption Algorithm to the first parameter into Row decryption obtains the second parameter.Wherein, the identification information of terminal device can be session information or cookie information.
In the specific implementation, encryption server has been after having determined the first encryption data, in the corresponding key of third Encryption Algorithm Corresponding with the third key in the first encryption data the 4th key is determined in space, wherein in third key be symmetric key In the case where, the 4th key is the third key, in the case where third key is unsymmetrical key, if the third key For public key, then the 4th key is the corresponding private key of the public key, if the third key is private key, the 4th key is the private The corresponding public key of key;After determining the 4th key, encryption server to the 4th key and first parameter carry out this second The corresponding operation of Encryption Algorithm algorithm obtains the second parameter.
Second parameter is sent to background server by S305, encryption server, and background server receives the second parameter.
In the embodiment of the present invention, the second parameter is sent to background server and encryption server to backstage by encryption server The corresponding resource acquisition request of server transmission target pages is similar, and in the case where a kind of possible, encryption server can root It is submitted according to the parameter and requests to determine that the parameter submits the corresponding IP address of request, submitted according to the parameter and request corresponding IP address Second parameter is sent to background server;In the case where alternatively possible, encryption server submits in request the parameter URL parsed to obtain the IP address of the background server, the IP address then obtained according to the parsing is sent out to background service Give second parameter.
S306, background server send third page data according to the second parameter, and encryption server obtains third page number According to.
Here, background server sends third page data according to the second parameter and encryption server obtains the third page The mode of data can refer to abovementioned steps S203 background server and send the corresponding first page data of target pages and encryption Server obtains the description of the corresponding first page data of target pages, and details are not described herein again.
Optionally, the parameter submit request carry URL be it is above-mentioned the first design in the case where, the first can In the implementation of energy, encryption server can be communicated with background server based on HTTPS agreement.Encryption server is based on HTTPS agreement sends the second parameter to background server, encryption server be based on HTTPS agreement to encryption server send this Three page datas.In the second possible implementation, the access mode of the encryption server can be a Password-Enabled clothes Business device access.The communication security for guaranteeing the interactive process between encryption server and background server by security means, into one Step enhances the safety of web station system.
S307, encryption server encrypt third page data to obtain the 4th page number using third Encryption Algorithm According to.
S308, encryption server send the second response to terminal device, and terminal device receives the second response, the second response bag Include the 4th page data and the second ciphertext data.
S309, terminal device are decrypted to obtain third page data according to the second ciphertext data to the 4th page data.
S310, terminal device show the corresponding page of third page data.
Here, the specific implementation class of the specific implementation of step S307~S310 and above-mentioned steps S204~S207 Seemingly, it can refer to the description of abovementioned steps S204~S207, details are not described herein again.
In the embodiment of the present invention, encryption server obtains the corresponding page number of the page in parameter by carrying encryption data It is sent to terminal device in, terminal device is allowed to obtain the ginseng that the page is got to by parameter using the encryption data Number is encrypted, so that these parameters be avoided to be acquired during transmission, is having no need to change original web site architecture In the case of ensure that safety and the privacy of parameter.
The method of inventive embodiments is described above, the device of inventive embodiments is described below.
Referring to fig. 4, Fig. 4 is a kind of composed structure schematic diagram of encryption of communicated data device provided in an embodiment of the present invention, The device 40 can be a part of encryption server or encryption server in above-mentioned Fig. 1 or Fig. 2-embodiment shown in Fig. 3, The device 40 includes:
Access request obtains module 401, for obtaining the access request to target pages of terminal device initiation;
Page data obtains module 402, for according to the access request from the corresponding background service of the target pages Device obtains the corresponding first page data of the target pages;
Encrypting module 403, for being encrypted to obtain second page to the first page data using the first Encryption Algorithm Face data;
Ask respond module 404, for sending the first response to the access request to the terminal device, so that institute Terminal device is stated the second page data are decrypted according to the first ciphertext data to obtain the first page data, it is described First response includes the second page data and first ciphertext data, and first ciphertext data is comprising described the The data of one Encryption Algorithm.
In a kind of possible design, first ciphertext data includes the corresponding decryption script of the first Encryption Algorithm, institute Stating when decryption script is run by the terminal device makes terminal device execute first Encryption Algorithm to be decrypted;
The ask respond module 404 is specifically used for:
Determine the corresponding decryption script of first Encryption Algorithm;
It is inserted into the corresponding decryption script of first Encryption Algorithm in the second page data, and described will be inserted into Second page data carrying after the corresponding decryption script of one Encryption Algorithm is sent to the terminal in first response and sets It is standby.
In a kind of possible design, in the case where the target pages are that parameter obtains the page, first response It further include the first encryption data, first encryption data is the data corresponding comprising the second Encryption Algorithm.
In a kind of possible design, the device 40 further include:
Request module 405 is submitted, submits request for obtaining the parameter that the terminal device is initiated, the parameter mentions Hand over request include the first parameter, first parameter be the terminal device according to first encryption data to the second parameter into The parameter that row encryption obtains, second parameter are the parameter that the terminal device is got by the target pages;
Deciphering module 406 obtains second parameter for first parameter to be decrypted;
Sending module 407, for second parameter to be sent to the background server.
In a kind of possible design, the deciphering module 406 is specifically used for:
The identification information of the determining terminal device of request is submitted according to the parameter;
First encryption data is determined according to the identification information of the terminal device;
Second Encryption Algorithm is determined according to first encryption data;
First parameter is decrypted using second Encryption Algorithm to obtain second parameter.
In a kind of possible design, the page data obtains 402 and is also used to obtain the background server according to institute State the third page data of the second parameter return;
The encrypting module 403 is also used to be encrypted to obtain the to the third page data using third Encryption Algorithm Four page datas;
The ask respond module 404 is also used to send the second sound for submitting the parameter request to the terminal device It answers, so that the terminal device is decrypted to obtain the third page according to the second ciphertext data to the 4th page data Data, second response include the 4th page data and second ciphertext data, and second ciphertext data is packet Data containing the third Encryption Algorithm.
In a kind of possible design, the sending module 407 is specifically used for: the hypertext based on security socket layer passes First parameter is sent to the background server by defeated HTTPS agreement;
The page data obtains module 402 and is specifically used for obtaining the background server based on the HTTPS agreement root The third page data returned according to second parameter.
It should be noted that unmentioned content can be found in the description of embodiment of the method in the corresponding embodiment of Fig. 4, here It repeats no more.
In the embodiment of the present invention, encryption of communicated data device passes through access request institute from terminal device to server that initiate Corresponding page data is encrypted, and by ciphertext data corresponding to cipher mode together with encrypted one starting of page data Give terminal device, allow terminal device using the ciphertext data to encrypted page data be decrypted so as to It shows the corresponding target pages of the access request, background server is returned to terminal device by way of encrypting page data The data returned are encrypted, and page data can be directly obtained and get website by avoiding the universal scans such as scanner tool Information, increase the safety of background server.
It is the composed structure signal of another encryption of communicated data device provided in an embodiment of the present invention referring to Fig. 5, Fig. 5 Figure, the device can be one of encryption server or encryption server in above-mentioned Fig. 1 or Fig. 2-embodiment shown in Fig. 3 Point, as shown, the device 50 includes processor 501, memory 502 and communication interface 503.Processor 501, which is connected to, to be deposited Reservoir 502 and communication interface 503, such as processor 501 can be connected to memory 502 and communication interface 503 by bus.
Processor 501 is configured as that the encryption of communicated data device is supported to execute communication data described in Fig. 2-Fig. 3 and add The corresponding function of encryption server in decryption method.The processor 501 can be central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP), hardware chip or any combination thereof.Above-mentioned hardware core Piece can be specific integrated circuit (Application-Specific Integrated Circuit, ASIC), programmable logic Device (Programmable Logic Device, PLD) or combinations thereof.Above-mentioned PLD can be Complex Programmable Logic Devices (Complex Programmable Logic Device, CPLD), field programmable gate array (Field- Programmable Gate Array, FPGA), Universal Array Logic (Generic Array Logic, GAL) or its any group It closes.
502 memory of memory is for storing program code etc..Memory 502 may include volatile memory (Volatile Memory, VM), such as random access memory (Random Access Memory, RAM);Memory 502 It may include nonvolatile memory (Non-Volatile Memory, NVM), such as read-only memory (Read-Only Memory, ROM), flash memory (flash memory), hard disk (Hard Disk Drive, HDD) or solid state hard disk (Solid-State Drive, SSD);Memory 502 can also include the combination of the memory of mentioned kind.The present invention is implemented In example, memory 502 is used to store program, various encryption scripts, decryption script, key of encryption of communicated data etc..
The communication interface 503 is for sending or receiving data.
Processor 501 can call said program code to execute following operation:
The access request to target pages that terminal device is initiated is obtained by communication interface 503;
Described in being obtained from the corresponding background server of the target pages by communication interface 503 according to the access request The corresponding first page data of target pages;
The first page data are encrypted to obtain second page data using the first Encryption Algorithm;
The first response to the access request is sent to the terminal device by communication interface 503, so that the end End equipment is decrypted to obtain the first page data to the second page data according to the first ciphertext data, and described first Response includes the second page data and first ciphertext data, and first ciphertext data is to add comprising described first The data of close algorithm.
It should be noted that the realization of each operation can also be to the phase that should refer to Fig. 2-embodiment of the method shown in Fig. 3 It should describe;The processor 501 can also cooperate other operations executed in above method embodiment with communication interface 503.
The embodiment of the present invention also provides a kind of computer storage medium, and the computer storage medium is stored with computer journey Sequence, the computer program include program instruction, and described program instruction executes the computer such as Method described in previous embodiment, the computer can be a part of encryption of communicated data device mentioned above.Such as For above-mentioned processor 501.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims (10)

1. a kind of encryption of communicated data method characterized by comprising
Obtain the access request to target pages that terminal device is initiated;
The target pages corresponding first are obtained from the corresponding background server of the target pages according to the access request Page data;
The first page data are encrypted to obtain second page data using the first Encryption Algorithm;
The first response to the access request is sent to the terminal device, so that the terminal device is according to the first decryption number It is decrypted to obtain the first page data according to the second page data, first response includes the second page Data and first ciphertext data, first ciphertext data are the data comprising first Encryption Algorithm.
2. the method according to claim 1, wherein first ciphertext data is corresponding including the first Encryption Algorithm Decryption script, the decryption script make when being run by the terminal device terminal device execute first Encryption Algorithm with into Row decryption;
It is described to include: to the first response of the access request to terminal device transmission
Determine the corresponding decryption script of first Encryption Algorithm;
It is inserted into the corresponding decryption script of first Encryption Algorithm in the second page data, and described first will be inserted into and added Second page data after the corresponding decryption script of close algorithm, which are carried, is sent to the terminal device in first response.
3. method according to claim 1 or 2, which is characterized in that in the feelings that the target pages are the parameter acquisition page Under condition, first response further includes the first encryption data, and first encryption data is the data comprising the second Encryption Algorithm.
4. according to the method described in claim 3, it is characterized in that, described send to the terminal device to the access request First response after, further includes:
It obtaining the parameter that the terminal device is initiated and submits request, it includes the first parameter that the parameter, which submits request, and described first Parameter is the parameter that the terminal device encrypts the second parameter according to first encryption data, second ginseng Number is the parameter that the terminal device is got by the target pages;
First parameter is decrypted to obtain second parameter;
Second parameter is sent to the background server.
5. according to the method described in claim 4, it is characterized in that, described be decrypted first parameter to obtain described Two parameters include:
The identification information of the determining terminal device of request is submitted according to the parameter;
First encryption data is determined according to the identification information of the terminal device;
Second Encryption Algorithm is determined according to first encryption data;
First parameter is decrypted using second Encryption Algorithm to obtain second parameter.
6. method according to claim 4 or 5, which is characterized in that described that second parameter is sent to the backstage After server further include:
Obtain the third page data that the background server is returned according to second parameter;
The third page data is encrypted to obtain the 4th page data using third Encryption Algorithm;
The second response that request is submitted to the parameter is sent to the terminal device, so that the terminal device is according to the second solution Ciphertext data is decrypted the 4th page data to obtain the third page data, and second response includes the described 4th Page data and second ciphertext data, second ciphertext data are the data comprising the third Encryption Algorithm.
7. according to the method described in claim 6, it is characterized in that, described be sent to the background service for second parameter Device includes:
Second parameter is sent to the background server by the Hyper text transfer HTTPS agreement based on security socket layer.
It is described to obtain the background server according to the third page data that second parameter returns and include:
Obtain the third page data that the background server is returned according to second parameter based on the HTTPS agreement.
8. a kind of encryption of communicated data device characterized by comprising
Access request obtains module, for obtaining the access request to target pages of terminal device initiation;
Page data obtains module, for obtaining institute from the corresponding background server of the target pages according to the access request State the corresponding first page data of target pages;
Encrypting module, for being encrypted to obtain second page data to the first page data using the first Encryption Algorithm;
Ask respond module, for sending the first response to the access request to the terminal device, so that the terminal Equipment is decrypted the second page data according to the first ciphertext data to obtain the first page data, first sound It should include the second page data and first ciphertext data, first ciphertext data is comprising first encryption The data of algorithm.
9. a kind of encryption of communicated data device, including processor, memory and communication interface, the processor, memory and Communication interface is connected with each other, wherein the communication interface is used for transmission data, and the memory is for storing program code, institute Processor is stated for calling said program code, executes the method according to claim 1 to 7.
10. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with computer program, described Computer program includes program instruction, and described program instruction makes the processor execute such as claim when being executed by a processor The described in any item methods of 1-7.
CN201810851516.5A 2018-07-27 2018-07-27 Encryption of communicated data method and apparatus Pending CN108965311A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810851516.5A CN108965311A (en) 2018-07-27 2018-07-27 Encryption of communicated data method and apparatus
PCT/CN2018/107636 WO2020019477A1 (en) 2018-07-27 2018-09-26 Communication data encryption method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810851516.5A CN108965311A (en) 2018-07-27 2018-07-27 Encryption of communicated data method and apparatus

Publications (1)

Publication Number Publication Date
CN108965311A true CN108965311A (en) 2018-12-07

Family

ID=64466211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810851516.5A Pending CN108965311A (en) 2018-07-27 2018-07-27 Encryption of communicated data method and apparatus

Country Status (2)

Country Link
CN (1) CN108965311A (en)
WO (1) WO2020019477A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110362308A (en) * 2019-06-20 2019-10-22 平安科技(深圳)有限公司 Page generation method, device, computer equipment and storage medium
CN111291397A (en) * 2020-02-09 2020-06-16 成都神殿科技有限责任公司 Webpage data anti-crawling encryption method
CN111541758A (en) * 2020-04-17 2020-08-14 支付宝(杭州)信息技术有限公司 Page updating method and device
CN111885042A (en) * 2020-07-20 2020-11-03 北京沃东天骏信息技术有限公司 Processing method, device and equipment for accessing website and storage medium
CN112257094A (en) * 2020-11-11 2021-01-22 恩亿科(北京)数据科技有限公司 Data processing method and device
CN112738117A (en) * 2020-12-31 2021-04-30 青岛海尔科技有限公司 Data transmission method, device and system, storage medium and electronic device
CN113326519A (en) * 2021-06-09 2021-08-31 支付宝(杭州)信息技术有限公司 Data acquisition method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635622A (en) * 2008-07-24 2010-01-27 阿里巴巴集团控股有限公司 Method, system and equipment for encrypting and decrypting web page
CN104580086A (en) * 2013-10-17 2015-04-29 腾讯科技(深圳)有限公司 Information transmission method, client side, server and system
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
US20180150619A1 (en) * 2016-11-28 2018-05-31 Ricoh Company, Ltd. Piecewise encryption for content in print jobs

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187389B (en) * 2015-08-07 2019-01-04 北京思特奇信息技术股份有限公司 A kind of Web access method and system for obscuring encryption based on number
CN107463840B (en) * 2016-06-02 2018-11-09 腾讯科技(深圳)有限公司 A kind of method and device based on the encrypted defence CC attacks of website and webpage title
CN106412024B (en) * 2016-09-07 2019-10-15 网易无尾熊(杭州)科技有限公司 A kind of page acquisition methods and device
CN107330336B (en) * 2017-05-23 2020-02-14 中国人民解放军信息工程大学 Instant encryption and decryption method and system for memory page of Linux operating system
CN107733633B (en) * 2017-09-22 2020-11-10 成都知道创宇信息技术有限公司 Anti-crawling insect method based on computing power

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635622A (en) * 2008-07-24 2010-01-27 阿里巴巴集团控股有限公司 Method, system and equipment for encrypting and decrypting web page
CN104580086A (en) * 2013-10-17 2015-04-29 腾讯科技(深圳)有限公司 Information transmission method, client side, server and system
US20180150619A1 (en) * 2016-11-28 2018-05-31 Ricoh Company, Ltd. Piecewise encryption for content in print jobs
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110362308A (en) * 2019-06-20 2019-10-22 平安科技(深圳)有限公司 Page generation method, device, computer equipment and storage medium
CN111291397A (en) * 2020-02-09 2020-06-16 成都神殿科技有限责任公司 Webpage data anti-crawling encryption method
CN111541758A (en) * 2020-04-17 2020-08-14 支付宝(杭州)信息技术有限公司 Page updating method and device
CN111885042A (en) * 2020-07-20 2020-11-03 北京沃东天骏信息技术有限公司 Processing method, device and equipment for accessing website and storage medium
CN112257094A (en) * 2020-11-11 2021-01-22 恩亿科(北京)数据科技有限公司 Data processing method and device
CN112257094B (en) * 2020-11-11 2024-03-29 恩亿科(北京)数据科技有限公司 Data processing method and device
CN112738117A (en) * 2020-12-31 2021-04-30 青岛海尔科技有限公司 Data transmission method, device and system, storage medium and electronic device
CN113326519A (en) * 2021-06-09 2021-08-31 支付宝(杭州)信息技术有限公司 Data acquisition method and device

Also Published As

Publication number Publication date
WO2020019477A1 (en) 2020-01-30

Similar Documents

Publication Publication Date Title
CN108965311A (en) Encryption of communicated data method and apparatus
CN109067739A (en) Encryption of communicated data method and apparatus
US10650119B2 (en) Multimedia data processing method, apparatus, system, and storage medium
US6711678B2 (en) Pre-authenticated communication within a secure computer network
CN102624739B (en) Authentication and authorization method and system applied to client platform
CN109347835A (en) Information transferring method, client, server and computer readable storage medium
US8745394B1 (en) Methods and systems for secure electronic communication
CN103428221B (en) Safe login method, system and device to Mobile solution
CN111428225A (en) Data interaction method and device, computer equipment and storage medium
EP3197190B1 (en) Methods for fast, secure and privacy-friendly internet connection discovery in wireless networks
EP3633949A1 (en) Method and system for performing ssl handshake
CN110276000B (en) Method and device for acquiring media resources, storage medium and electronic device
CN104580086A (en) Information transmission method, client side, server and system
CN102055768A (en) Network logon method and system
CN105354451A (en) Access authentication method and system
CN111444551A (en) Account registration and login method and device, electronic equipment and readable storage medium
CN106031097A (en) Service processing method and device
CN113949566A (en) Resource access method, device, electronic equipment and medium
CN110351254B (en) Access operation execution method and device
CN112583599B (en) Communication method and device
JP2023532976A (en) Method and system for verification of user identity
JP2012128726A (en) Network authentication system, network authentication method and program
CN110572366B (en) Network data transmission method and device, electronic equipment and storage medium
EP3511852B1 (en) Method for providing an enhanced level of authentication related to a secure software client application that is provided, by an application distribution entity, in order to be transmitted to a client computing device; system, software client application instance or client computing device, third party server entity, and program and computer program product
CN111835734A (en) Information processing method, information processing device, electronic equipment, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181207