CN109698834A - A kind of encrypted transmission method and system - Google Patents
A kind of encrypted transmission method and system Download PDFInfo
- Publication number
- CN109698834A CN109698834A CN201910028333.8A CN201910028333A CN109698834A CN 109698834 A CN109698834 A CN 109698834A CN 201910028333 A CN201910028333 A CN 201910028333A CN 109698834 A CN109698834 A CN 109698834A
- Authority
- CN
- China
- Prior art keywords
- terminal
- data
- transmitted
- encrypted
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application discloses a kind of encrypted transmission method and systems.This method comprises: second terminal receives the signature and encrypted first data to be transmitted that first terminal is sent;Using the signature of the first data to be transmitted described in first public key verifications;When being verified, the first data to be transmitted of the encryption, the first data to be transmitted after being decrypted are decrypted using second session key.In addition, corresponding encryption transmission system is also disclosed.The scheme for implementing the application, can ensure the communication security of wireless radio-frequency, establish believable communication with external equipment.
Description
Technical field
This application involves field of electronic devices, and in particular to a kind of encrypted transmission method and system.
Background technique
With popularizing for family car, people are also higher and higher for requirement of the vehicle in terms of convenience.Vehicle passes through
Various communication modes are interacted with outside, are handed over so that people can complete information with vehicle by means of various external smart equipment
Mutually, such as mobile terminal, wearable bracelet, smartwatch equipment.
In the prior art, vehicle is interacted usually using the communication modes such as bluetooth, WIFI and the external world, and these are interacted
Mode be substantially it is active, need real-time perfoming energy supply.And wireless radio-frequency as it is a kind of support it is active and passive
Communication mode, is more widely used for the communication in car networking epoch, and people are by the external equipment of support wireless radio-frequency
Connection can be established with vehicle, carry out information exchange.It is communicated using wireless radio-frequency, peace is equally existed in communication process
Full hidden danger, if vehicle private data is compromised, the safety of vehicle also will receive threat.
Summary of the invention
The embodiment of the present application provides a kind of encrypted transmission method and system, for ensureing that the communication of wireless radio-frequency is pacified
Entirely, it establishes with external equipment safe, credible and reliably communicates.
In a first aspect, the embodiment of the present application provides a kind of encrypted transmission method, comprising: receive the label that first terminal is sent
Name and encrypted first data to be transmitted, the signature and encrypted first data to be transmitted are first terminal use
First session key encrypts and the first private key signature is used to obtain, and first session key is according to the first terminal
What the first private key and the second public key of second terminal generated;Using the label of the first data to be transmitted described in first public key verifications
Name;When being verified, the first number to be transmitted of the encryption is decrypted using second session key, after being decrypted
One data to be transmitted.
In one possible implementation, the method also includes: using the second session key to the second number to be transmitted
According to being encrypted, encrypted second data to be transmitted is obtained, second session key is the second private according to second terminal
What the first public key of key and first terminal generated;Encrypted second data to be transmitted is carried out using second private key
Signature, is signed, encrypted second data to be transmitted;The signature, encrypted second are sent to the first terminal
Data to be transmitted.
In alternatively possible implementation, the method also includes: when the meeting for receiving the first terminal transmission
When request message is established in talking path, the second private key and the second public key are generated;Second public key is sent to the first terminal;When
When receiving the first public key that the first terminal is sent, according to second private key and first public key, described the is generated
Two session keys;Session channel, which is sent, to the first terminal establishes response message.
In another possible implementation, second private key and second public key are that a session is effective.
It is described using the first data to be transmitted described in first public key verifications in another possible implementation
After signature, the method also includes: if authentication failed, exports authentication failed interface and delete second session key, institute
State the second private key and second public key.
In another possible implementation, the method also includes: it is logical to receive the end that the first terminal is sent
Believe message;And according to the end communication information received, second session key, second private key and described are deleted
Second public key.
Second aspect, the embodiment of the present application provide a kind of encrypted transmission method, comprising: first terminal uses the first session
The first data to be transmitted of key pair is encrypted, and encrypted first data to be transmitted is obtained, and first session key is root
It is generated according to the first private key of the first terminal and the second public key of second terminal;The first terminal is private using described first
Key signs to encrypted first data to be transmitted, obtains signature and encrypted first data to be transmitted;It is described
First terminal sends the signature, encrypted first data to be transmitted to the second terminal by wireless radio frequency mode;Institute
It states second terminal and the signature and encrypted first data to be transmitted is received by wireless radio frequency mode;The second terminal is adopted
The signature of first data to be transmitted described in the first public key verifications with the first terminal;When being verified, described second eventually
The first data to be transmitted of the encryption, the first data to be transmitted after being decrypted are decrypted using the second session key in end.
The third aspect, the embodiment of the present application provide a kind of terminal, comprising: the second receiving unit, for receiving first eventually
Hold the signature sent and encrypted first data to be transmitted;Second authentication unit, for using the first public key verifications institute
State the signature of the first data to be transmitted;Second decryption unit, for being decrypted using second session key when being verified
First data to be transmitted of the encryption, the first data to be transmitted after being decrypted.
In one possible implementation, the terminal further include: the second encryption unit, for close using the second session
Key encrypts the second data to be transmitted, obtains encrypted second data to be transmitted;Second signature unit, for using institute
It states the second private key to sign to encrypted second data to be transmitted, obtains signature and the encrypted second number to be transmitted
According to;Second transmission unit, for sending the signature and encrypted second to the first terminal by wireless radio frequency mode
Data to be transmitted.
In alternatively possible implementation, the terminal further include: the second Key generating unit is received for working as
When the session channel that the first terminal is sent establishes request message, the second private key and the second public key are generated;Described second sends
Unit is also used to, and Xiang Suoshu first terminal sends second public key;Second Key generating unit is also used to, when receiving
When the first public key that the first terminal is sent, according to second private key and first public key, second session is generated
Key;Second transmission unit is also used to, and Xiang Suoshu first terminal sends session channel and establishes response message.
In another possible implementation, second decryption unit is also used to, if authentication failed, output verifying is lost
It loses interface and deletes second session key, second private key and second public key.
In another possible implementation, the terminal further include: second receiving unit is also used to, and receives institute
State the end communication information of first terminal transmission;Second decryption unit is also used to, and is communicated according to the end received
Message deletes second session key, second private key and second public key.
Fourth aspect, the embodiment of the present application provide a kind of terminal, comprising: the first receiving unit, for receiving second eventually
Hold the signature sent and encrypted second data to be transmitted;First authentication unit, for using the second public key verifications institute
State the signature of the second data to be transmitted;First decryption unit, for being decrypted using first session key when being verified
Second data to be transmitted of the encryption, the second data to be transmitted after being decrypted.
In one possible implementation, the terminal further include: the first encryption unit, for close using the first session
Key encrypts the first data to be transmitted, obtains encrypted first data to be transmitted, according to first session key
What the first private key of first terminal and the second public key of second terminal generated;First signature unit, for private using described first
Key signs to encrypted first data to be transmitted, is signed, encrypted first data to be transmitted;First hair
Unit is sent, for sending the signature, encrypted first data to be transmitted to the second terminal by wireless radio frequency mode.
In alternatively possible implementation, the terminal further include: first key generation unit;Described first sends
Unit is also used to, and Xiang Suoshu second terminal sends session channel and establishes request message;First key generation unit, for generating the
One private key and the first public key pair;The first key generation unit is also used to, when receive that the second terminal sends second
When public key, according to first private key and second public key, first session key is generated;First receiving unit is also
For receiving session channel from the second terminal and establishing response message.
5th aspect, the embodiment of the present application provides a kind of terminal, comprising: processor, input unit, output device and deposits
Reservoir, wherein the memory is for storing computer program, the computer program includes program instruction, the processor quilt
It is configured to call described program instruction, executes the execution of second terminal described in above-mentioned first aspect and its any optional way
Method.
6th aspect, the embodiment of the present application provides a kind of terminal, comprising: processor, input unit, output device and deposits
Reservoir, wherein the memory is for storing computer program, the computer program includes program instruction, the processor quilt
It is configured to call described program instruction, executes the execution of first terminal described in above-mentioned first aspect and its any optional way
Method.
7th aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer-readable storage
Instruction is stored in medium, when run on a computer so that computer execute above-mentioned first aspect and its it is any can
The method for selecting second terminal described in mode to execute.
Eighth aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer-readable storage
Instruction is stored in medium, when run on a computer so that computer execute above-mentioned first aspect and its it is any can
The method for selecting first terminal described in mode to execute.
9th aspect, the embodiment of the present application provides a kind of computer program product comprising instruction, when it is in computer
When upper operation, so that computer executes the side of the execution of second terminal described in above-mentioned first aspect and its any optional way
Method.
Tenth aspect, the embodiment of the present application provides a kind of computer program product comprising instruction, when it is in computer
When upper operation, so that computer executes the side of the execution of first terminal described in above-mentioned first aspect and its any optional way
Method.
The embodiment of the present application has the advantages that
Receive first terminal send signature, encrypted first data to be transmitted, it is described signature, encrypted first to
The transmission data first terminal is encrypted using the first session key and the first private key signature of use obtains, and described the
One session key is to be generated according to the first private key of the first terminal and the second public key of second terminal;Using described first
The signature of first data to be transmitted described in public key verifications;When being verified, add using second session key decryption is described
The first close data to be transmitted, the first data to be transmitted after being decrypted.
The scheme for implementing the application, can ensure the communication security of wireless radio-frequency, establish with external equipment believable
Communication.
Detailed description of the invention
Fig. 1 is a kind of architecture diagram of encryption transmission system provided by the embodiments of the present application;
Fig. 2 is a kind of flow diagram of encrypted transmission method provided by the embodiments of the present application;
Fig. 3 is the flow diagram of another encrypted transmission method provided by the embodiments of the present application;
Fig. 4 is the flow diagram of another encrypted transmission method provided by the embodiments of the present application;
Fig. 5 is the flow diagram of another encrypted transmission method provided by the embodiments of the present application;
Fig. 6 is the flow diagram of another encrypted transmission method provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of terminal provided by the embodiments of the present application;
Fig. 8 is the structural schematic diagram of another terminal provided by the embodiments of the present application;
Fig. 9 is a kind of hardware structural diagram of terminal provided by the embodiments of the present application;
Figure 10 is the hardware structural diagram of another terminal provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application is described.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " and "comprising" instruction
Described feature, entirety, step, operation, the presence of element and/or component, but one or more of the other feature, whole is not precluded
Body, step, operation, the presence or addition of element, component and/or its set.
It is also understood that mesh of the term used in this present specification merely for the sake of description specific embodiment
And be not intended to limit the application.As present specification and it is used in the attached claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singular, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in present specification and the appended claims is
Refer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
When people are by supporting the external equipment of wireless radio-frequency that can carry out information exchange with vehicle, still cannot
Ignore the existing security risk in communication process, i.e. vehicle private data is easy to be compromised, and the safety of vehicle will receive prestige
The side of body.Based on the above issues, the embodiment of the present application proposes the method and related system of a kind of encrypted transmission, wireless for ensureing
The communication security of radio-frequency technique is established safe, credible and is reliably communicated with external equipment.
Referring to Fig. 1, Fig. 1 is a kind of architecture diagram of encryption transmission system provided by the embodiments of the present application, as shown in Figure 1,
The encryption transmission system includes: second terminal 10 and second terminal 20;Wherein second terminal 10 and second terminal 20 use wireless
Mode is attached.Second terminal 10 includes eSIM module and RFID module, and above-mentioned RFID module is for receiving first terminal 20
The data of transmission, and the information of vehicles obtained is sent to first terminal 20;Above-mentioned eSIM module is for generating and saving encryption number
According to the key used.First terminal 20 is responsible for sending data to second terminal 10.The second terminal 10 that the embodiment of the present application is mentioned
It with first terminal 20, needs support wireless radio frequency mode and is communicated, including but not limited to smart phone, car-mounted terminal, OBD are set
The portable electronic products such as standby, wearable bracelet, wearable wrist-watch and earphone, or non-portable electronic product.
Encryption transmission system shown in FIG. 1 is divided into three phases at run time: key agreement phase, first terminal are sent
Information requirements stage and second terminal provide information phase.
Referring to Fig. 2, Fig. 2 is a kind of flow diagram of encrypted transmission method provided by the embodiments of the present application, it is applied to
The second terminal in first terminal transmission information requirements stage, in which:
S101, signature and encrypted first data to be transmitted that first terminal is sent are received.
Specifically, above-mentioned signature and encrypted first data to be transmitted are that above-mentioned first terminal uses the first session key
It encrypts and the first private key signature is used to obtain, above-mentioned first session key is according to the first private key of above-mentioned first terminal and the
What the second public key of two terminals generated.RFID module of the above-mentioned second terminal inside, is received by way of less radio-frequency
The data that above-mentioned first terminal is sent.
Above-mentioned first data to be transmitted may include terminal privacy information, so second terminal be not directly available it is above-mentioned
First data to be transmitted, after needing to carry out relevant verifying, above-mentioned second terminal could obtain above-mentioned first data to be transmitted.Tool
Body, above-mentioned signature, encrypted first data to be transmitted are that above-mentioned first terminal is encrypted and adopted using the first session key
It is obtained with the first private key signature.
In one possible implementation, if above-mentioned the first not encrypted data to be transmitted is obtained by third party,
Communication between first terminal and second terminal may be monitored completely, so the considerations of for communication security, first terminal
Data between second terminal require to transmit after encryption.Likewise, only when the letter that a side of communication sends
After breath is smoothly decrypted by other side according to preset rules, communicating pair is just calculated and establishes believable connection.
S102, using the signature of first the first data to be transmitted of public key verifications.
If the signature of above-mentioned first data to be transmitted can be decrypted using above-mentioned first public key, prove that other side uses
First private key encryption, and only while possessing the terminal of the first public private key pair and could generate above-mentioned signature, so being verified
It can confirm the identity of the sender of this communication.
In one possible implementation, above-mentioned second terminal using above-mentioned first public key cannot unlock above-mentioned first to
Transmit the signature of data, it was demonstrated that the source of the data is unreliable, which may be to endanger the dangerous command of terminal security.It is above-mentioned
Second terminal, which can choose, deletes the data received, second key pair of generation and the second session key, and exports authentication failed
Interface.
In alternatively possible implementation, above-mentioned first terminal and second terminal all preset CA server
The public key of (Certificate Authority, CA), can further verify whether communication party passes through reliable agency qualification.
The signature of above-mentioned first data to be transmitted includes the number for possessing the promulgation of CA (Certificate Authority, CA) server
Certificate, it was demonstrated that the sender of data is reliable.The digital certificate may include the identity information and registion time of terminal.On
State the signature that second terminal uses above-mentioned first data to be transmitted of above-mentioned first public key decryptions, it was demonstrated that communication party does not change.On
The public key that second terminal uses preset CA server (Certificate Authority, CA) is stated, data digital card is got
The identity information and registion time of terminal in book, authenticating to communication party is the reliable object by certification.
S103, when being verified, using the second session key decryption encryption the first data to be transmitted, after obtaining decryption
The first data to be transmitted.
The identity of communication object is as an important ring in communication in whole system, when the identity of other side is after verifying,
It can be confirmed that other side is the connection object of this vehicle data, further the data of other side's transmission can be handled.On
Stating the first data to be transmitted can be an individual functional instructions, complete for control vehicle in this conversation procedure a certain
Specific function, or the set of multiple function instruction completes multinomial function for controlling vehicle in this conversation procedure
Energy.
In one possible implementation, above-mentioned first data to be transmitted is that the transmission of vehicle data instructs, above-mentioned the
Two terminals decrypted after the first data to be transmitted after, obtain and the vehicle data of this apparatus bound.
In alternatively possible implementation, above-mentioned first data to be transmitted is to terminate communication information, and above-mentioned second eventually
Output termination session interface is held, after receiving the confirmation end operation of user, above-mentioned second terminal deletes encryption tool information,
Above-mentioned encryption tool information includes: the second key that above-mentioned second session key, received first public key and this session generate
It is right.
In alternatively possible implementation, above-mentioned second terminal is using in the first public key verifications of above-mentioned first terminal
After the signature for stating the first data to be transmitted, above-mentioned signature verification failure, above-mentioned second terminal exports authentication failed interface and deletes
Except above-mentioned second session key, above-mentioned second private key and above-mentioned second public key.
S104, the end communication information that first terminal is sent is received.
When first terminal has obtained desired information or has wanted to obtain the information of other terminals, need to terminate with
Communication between second terminal, can send to second terminal terminates communication information.When above-mentioned second terminal is inside
RFID module receives the end communication information of first terminal transmission, it was demonstrated that first terminal is no longer by way of less radio-frequency
Second terminal is needed to provide information of vehicles, second terminal no longer needs to carry out encrypted transmission with first terminal.
In an optional implementation manner, after the waiting time is more than preset duration, described in above-mentioned first terminal deletion
First session key, first private key and first public key, above-mentioned waiting time are that above-mentioned first terminal is successfully transmitted knot
Elapsed time after beam communication information.Further, above-mentioned first terminal can choose when memory space reaches threshold value, delete
It is used multiple before the first session key, the first private key and the first public key that are used except this communication and this communication
First session key, the first private key and the first public key.
The end communication information that S105, basis receive, deletes the second session key, the second private key and the second public key.
Above-mentioned second session key, the second private key and the second public key are all that a session is effective, when second terminal receives
The end communication information sent to first terminal, it was demonstrated that first terminal no longer needs second terminal to provide information of vehicles, and second eventually
End no longer needs to carry out encrypted transmission with first terminal.Second terminal can delete above-mentioned second session key, the second private immediately
Key and the second public key.Optionally, second terminal is receiving the preset time after terminating communication information, then to above-mentioned second session
Key, the second private key and the second public key carry out delete operation.For example, second terminal can receive 1 point after terminating communication information
Clock deletes above-mentioned second session key, the second private key and the second public key.
Wherein, step S104-S105 is optional step.
According to a kind of encrypted transmission method provided by the embodiments of the present application, connect by way of less radio-frequency from first terminal
The first encrypted data to be transmitted is received, after confirming the identity information of first terminal, second terminal is by the first of above-mentioned encryption
Data to be transmitted is decrypted.Implement the scheme of the application, it can be ensured that the identity of communication object is not tampered, and maintenance communicated
Safety in journey.
Referring to Fig. 3, Fig. 3 is a kind of flow diagram of encrypted transmission method provided by the embodiments of the present application, it is applied to
Key agreement phase and second terminal provide the second terminal of information phase, in which:
S201, when receive first terminal transmission session channel establish request message when, generate the second private key and second
Public key.
Corresponding, above-mentioned first terminal sends session channel to above-mentioned second terminal and establishes request message, and in transmission
After stating message, above-mentioned first terminal generates the first private key and the first public key.
Specifically, above-mentioned session channel establishes the sequence number that request message may include above-mentioned first terminal, the sequence number
A corresponding unique terminal device.After above-mentioned second terminal receives above-mentioned sequence number, verifying can be sent to server and asked
It asks, if the sequence number is in above-mentioned server, there are registrations, and above-mentioned second terminal can establish this session channel, and generate
Second private key and the second public key pair.
In one possible implementation, second terminal can randomly choose a pair of public and private from public private key pair database
Key pair, the second public private key pair used as this session.Public private key pair in above-mentioned public private key pair database is uniquely and not
Duplicate, which can be with public private key pair all in prefixed time interval more new database.Optionally, above-mentioned second eventually
Public private key pair is chosen as oneself the second public private key pair in end in sequence, on the sequence of used public private key pair will become
State the library tail in database.Further, above-mentioned public private key pair data can come from server, be also possible to second terminal oneself
The data of storage can also be the data generated online.
In alternatively possible implementation, the second public private key pair of above-mentioned second terminal is by oneself key generator
It generates, above-mentioned second public private key pair includes the second public key and the second private key, and the second public private key pair of generation can only be in this session
In effectively.The Encryption Algorithm that above-mentioned key generator uses, including but not limited to RSA cryptographic algorithms (RSA algorithm,
RSA), Elgamal algorithm, elliptic curve encryption algorithm (ECC), ECDSA algorithm (The Elliptic Curve Digital
Signature Algorithm, ECDSA) and DSA algorithm (Digital Signature Algorithm, DSA) etc., the application
Embodiment is not especially limited.
S202, the second public key is sent to first terminal.
Corresponding, above-mentioned first terminal receives above-mentioned second public key, and according to above-mentioned second public key and the first private generated
Key generates and encrypts the first session key that above-mentioned first data to be transmitted uses.
In one possible implementation, above-mentioned second public key can be with CA (Certificate Authority, CA)
The digital certificate that server generates is sent to above-mentioned first terminal together.It is corresponding that the digital certificate may include above-mentioned second terminal
Identity information.Meanwhile above-mentioned first terminal and the preset CA of second terminal (Certificate Authority, CA) server
Public key, for examining the authenticity of the digital certificate received.
In alternatively possible implementation, second terminal can take to CA (Certificate Authority, CA)
Business device sends the second public key generated at this time, obtains CA (Certificate Authority, CA) server and uses oneself private key
The digital certificate of generation.By it is above-mentioned include that the digital certificate of the second public key and identity information is sent to above-mentioned first terminal.The
One terminal uses the public key of preset CA (Certificate Authority, CA) server, for obtaining in digital certificate
Second public key.
S203, when receiving the first public key of first terminal transmission, according to the second private key and the first public key, generate second
Session key.
Specifically, the first public key that second terminal obtains can be that close form is not added, it is also possible to pass through with digital signature
The form of encryption is crossed, the embodiment of the present application is not especially limited.
Under the premise of first terminal and second terminal use identical encryption rule, the first session key of generation and the
Two session keys do not need actually to be transmitted.The content encrypted using the first session key, can be by the second session key
Decryption;The content encrypted using the second session key, can be decrypted by the first session key.Above-mentioned encryption rule can be one kind
The combination of Encryption Algorithm or multiple encryption algorithms.
S204, response message is established to first terminal transmission session channel.
When second terminal, which carries out communication, to be prepared, Xiang Shangshu first terminal sends session channel and establishes response message.
Corresponding, above-mentioned first terminal receives above-mentioned session channel and establishes response message.
Wherein, step S201-S204 is optional step.
S205, signature and encrypted first data to be transmitted that first terminal is sent are received.
The specific implementation of the step can refer to the step S101 of embodiment described in Fig. 2, and details are not described herein.
S206, using the signature of first the first data to be transmitted of public key verifications.
The specific implementation of the step can refer to the step S102 of embodiment described in Fig. 2, and details are not described herein.
S207, when being verified, using the second session key decryption encryption the first data to be transmitted, after obtaining decryption
The first data to be transmitted.
The specific implementation of the step can refer to the step S103 of embodiment described in Fig. 2, and details are not described herein.
S208, the second data to be transmitted is encrypted using the second session key, it is to be transmitted obtains encrypted second
Data.
Specifically, above-mentioned second session key is raw according to the second private key of second terminal and the first public key of first terminal
At.
In with a communication process, first terminal and second terminal are all considered temporarily believable by other side, so association
The second session key that quotient generates still can use in this communication process.To avoid the second data to be transmitted from revealing, the
Two terminals are encrypted the second data to be transmitted using the second session key.
Above-mentioned second data to be transmitted can be vehicle data.Above-mentioned vehicle data can for following information one kind or
It is a variety of: vehicle speed information, temperature information, water tank location information, oil mass information, air-conditioning information, temporal information, battery voltage information,
Engine speed information, location information, number of faults information, fault code indications, discharge capacity information, vehicle arrangement switching information, vehicle
Insurance information, mileage information, average fuel consumption information, travel-time information and vehicle alarm information.Optionally, according to vehicle number
According to the specific requirement of transmission instruction, second terminal selectively outwardly sends the vehicle data got.It should be understood that above-mentioned
Illustrate that, as just citing, the embodiment of the present application is not construed as limiting vehicle data type.
Further, above-mentioned vehicle data can be set to multiple privacy classes, and according to the difference of privacy classes, first eventually
End needs to carry out different degrees of proof of identification.For example, first terminal can be directly acquired in a session privacy classes compared with
Low information of vehicles.In another example first terminal is wanted to obtain the higher car insurance information of privacy classes, first terminal needs and the
Two terminals keep longer Session Time, and in conversation procedure, the identity of multiple authentication oneself.
S209, signed using the second data to be transmitted after the second private key pair encryption, obtain signature and it is encrypted
Second data to be transmitted.
First terminal may mistakenly obtain the data of other vehicles, and first terminal is only expected and tied up with second terminal
Fixed vehicle data.So second terminal can be used the second data to be transmitted after oneself the second private key pair encryption and be signed
Name.Since the second public private key pair can only be in this session effectively, and vehicle data can also occur accordingly as time goes by
Variation.Signature has ensured that the second data to be transmitted can only be utilized by first terminal whithin a period of time, after this conversation end,
The value of second data to be transmitted also decreases.
S210, signature and encrypted second data to be transmitted are sent to first terminal.
Since the second data to be transmitted is mostly the higher vehicle data of privacy, by signature, encrypted second to be passed
Transmission of data is considered the first terminal that can only be temporarily recognized acquisition.
Corresponding, above-mentioned first terminal receives above-mentioned signature and encrypted second data to be transmitted, and first terminal uses
The signature of above-mentioned above-mentioned second data to be transmitted of second public key verifications, when being verified, using above-mentioned first session key solution
Second data to be transmitted of close above-mentioned encryption, the second data to be transmitted after being decrypted.
Wherein, step S208-S210 is optional step.
According to a kind of encrypted transmission method provided by the embodiments of the present application, connect by way of less radio-frequency from second terminal
The second encrypted data to be transmitted is received, after confirming the identity information of second terminal, first terminal is by the second of above-mentioned encryption
Data to be transmitted is decrypted.The scheme for implementing the application can determine that communication object is believable, and communicating pair uses
Wireless radio-frequency sets up safe and reliable communication.
Referring to Fig. 4, Fig. 4 is the encryption biography that a kind of first terminal provided by the embodiments of the present application sends the information requirements stage
The flow diagram of transmission method, in which:
S301, first terminal encrypt the first data to be transmitted using the first session key, obtain encrypted the
One data to be transmitted.
In one possible implementation, above-mentioned first data to be transmitted includes specific control instruction.Above-mentioned control
Instruction can be an individual functional instructions, complete a certain specific function for controlling vehicle, or multiple function
Property instruction set, for control vehicle complete multiple function.
In alternatively possible implementation, above-mentioned first data to be transmitted includes the acquisition request of vehicle data, is used
Some data in acquisition vehicle data, or all vehicle datas for obtaining some classification in vehicle data.
For example, the first data to be transmitted can be the acquisition request of oil mass information, user can be obtained by first terminal
To the specific oil mass situation for the vehicle bound with second terminal.
In another example the first data to be transmitted can for insurance category information acquisition request, for obtain in vehicle data with
Insure the information such as relevant fault code indications, car insurance information, mileage information, travel-time information, user is whole using first
End obtains the relevant information of vehicle, self-service can judge whether the complaint for meeting insurance.
S302, first terminal are signed using the first data to be transmitted after the first private key pair encryption, obtain signature and
Encrypted first data to be transmitted.
Second terminal need to confirm first data to be transmitted really by first terminal send, so first terminal makes
It is signed with the first data to be transmitted after the first private key pair encryption of oneself.Since the first public private key pair is only in this session
Middle public key and private key as first terminal, signature have ensured that using the terminal that first private key is encrypted be second terminal
Communication object.
S303, first terminal send signature, encrypted first number to be transmitted to second terminal by wireless radio frequency mode
According to.
Since the first data to be transmitted has carried out signature, encryption, then ensure the first data to be transmitted only to possessing
The second terminal of first terminal public key and the second session key is effective.
S304, second terminal receive the signature and encrypted first data to be transmitted that first terminal is sent.
The specific implementation of the step can refer to the step S101 of embodiment described in Fig. 2, and details are not described herein.
S305, second terminal use the signature of first the first data to be transmitted of public key verifications.
The specific implementation of the step can refer to the step S102 of embodiment described in Fig. 2, and details are not described herein.
S306, when being verified, second terminal using the second session key decryption encryption the first data to be transmitted, obtain
The first data to be transmitted after to decryption.
The specific implementation of the step can refer to the step S103 of embodiment described in Fig. 2, and details are not described herein.
According to a kind of encrypted transmission method provided by the embodiments of the present application, connect by way of less radio-frequency from first terminal
The first encrypted data to be transmitted is received, after confirming the identity information of first terminal, second terminal is by the first of above-mentioned encryption
Data to be transmitted is decrypted.Implement the scheme of the application, it can be ensured that the identity of communication object is not tampered, and maintenance communicated
Safety in journey.
Referring to Fig. 5, Fig. 5 is that a kind of second terminal provided by the embodiments of the present application provides the encrypted transmission side of information phase
The flow diagram of method, in which:
S401, second terminal encrypt the second data to be transmitted using the second session key, obtain encrypted the
Two data to be transmitted.
The specific implementation of the step can refer to the step S208 of embodiment described in Fig. 3, and details are not described herein.
S402, second terminal are signed using the second data to be transmitted after the second private key pair encryption, obtain signature and
Encrypted second data to be transmitted.
The specific implementation of the step can refer to the step S209 of embodiment described in Fig. 3, and details are not described herein.
S403, second terminal send signature and encrypted second data to be transmitted to first terminal.
The specific implementation of the step can refer to the step S210 of embodiment described in Fig. 3, and details are not described herein.
S404, first terminal receive signature and encrypted second data to be transmitted.
Since the second data to be transmitted is related to all situations of vehicle, know that car owner's is hidden even by above-mentioned data
Personal letter breath, so it is the data being encrypted that first terminal, which receives the second data to be transmitted,.If above-mentioned second is to be passed
Transmission of data is not encrypted, and is obtained by third party, and the communication between first terminal and second terminal may be monitored completely.
It also will receive threat safely with the Che Liang Alto of second terminal binding.Specifically, the signature, encrypted second data to be transmitted
The second terminal is encrypted using the second session key and is obtained using the second private key signature.
S405, first terminal use the signature of second the second data to be transmitted of public key verifications.
First terminal also need to prove the data that receive whether be the secondary communication second terminal, so that it is determined that this
The validity of communication.If first terminal can decrypt the signature of above-mentioned second data to be transmitted using above-mentioned second public key, that
It proves that other side uses the second private key encryption, and only while possessing the terminal of the second public private key pair and could generate above-mentioned label
Name just can prove that the sender of this communication is second terminal so being verified.
In a kind of possible implementation, it is to be passed that above-mentioned first terminal uses above-mentioned second public key that cannot unlock above-mentioned second
The signature of transmission of data, it was demonstrated that the source of the data is unreliable, which may be to endanger the dangerous command of first terminal.Above-mentioned
One terminal can retransmit the first data to be transmitted by signature, encryption to second terminal.
In alternatively possible implementation, above-mentioned first terminal and second terminal all preset CA server
The public key of (Certificate Authority, CA), can further verify whether communication party passes through reliable agency qualification.
The signature of above-mentioned second data to be transmitted includes the number for possessing the promulgation of CA (Certificate Authority, CA) server
Certificate, it was demonstrated that the sender of data is reliable.The digital certificate may include the identity information and registion time of terminal.On
State the signature that first terminal uses above-mentioned second data to be transmitted of above-mentioned second public key decryptions, it was demonstrated that communication party does not change.On
The public key that first terminal uses preset CA server (Certificate Authority, CA) is stated, data digital card is got
The identity information and registion time of terminal in book, authenticating to communication party is the reliable object by certification.
S406, when being verified, first terminal using the first session key decryption encryption the second data to be transmitted, obtain
The second data to be transmitted after to decryption.
Specifically, above-mentioned second data to be transmitted can be the one or more of following information: vehicle speed information, temperature letter
Breath, water tank location information, oil mass information, air-conditioning information, temporal information, battery voltage information, engine speed information, position letter
Breath, is put down at number of faults information, fault code indications, discharge capacity information, vehicle arrangement switching information, car insurance information, mileage information
Equal fuel consumption information, travel-time information and vehicle alarm information.
In one possible implementation, according to the degree of privacy of the second data to be transmitted, first terminal may be again
Secondary verifying identity.For example, first terminal requires to obtain higher second data to be transmitted of degree of privacy, first terminal receives body
Part checking request, first terminal generate the verification information comprising temporal information and identity information.First terminal will be calculated using Hash
Method obtains verification information abstract, is then encrypted using the first private key to verification information abstract, encrypted verifying is believed
Breath abstract and verification information send jointly to second terminal.After second terminal verifies first terminal identity again, first terminal
Get corresponding data.It should be understood that the example above is merely possible to illustrate, the algorithm used encryption is not especially limited.
According to a kind of encrypted transmission method provided by the embodiments of the present application, first terminal receives the encryption that second terminal is sent
The second data to be transmitted crossed, after confirming the identity information of second terminal, first terminal is to be transmitted by the second of above-mentioned encryption
Data are decrypted.The scheme for implementing the application can determine that communication object is believable, and communicating pair is using wirelessly penetrating
Frequency technology sets up safe and reliable communication.
Referring to Fig. 6, Fig. 6 is a kind of process of the encrypted transmission method of key agreement phase provided by the embodiments of the present application
Schematic diagram, in which:
S501, first terminal send session channel to second terminal and establish request message.
Specifically, above-mentioned session channel establishes the sequence number that request may include above-mentioned first terminal, the sequence number is corresponding
A unique terminal device.Preliminary verifying is carried out convenient for identity of the second terminal to first terminal.
S502, when the session channel that second terminal receives first terminal transmission establishes request message, it is private to generate second
Key and the second public key.
The specific implementation of the step can refer to the step S201 of embodiment described in Fig. 3, and details are not described herein.
S503, second terminal send the second public key to first terminal.
The specific implementation of the step can refer to the step S202 of embodiment described in Fig. 3, and details are not described herein.
S504, when first terminal receives the second public key, generate the first private key and the first public key pair.
Specifically, the first private key and the first public key that first terminal generates be to the public key and private key used for this session,
It is not the fixed public key and private key used of first terminal.
In one possible implementation, first terminal can randomly choose a pair of public and private from public private key pair database
Key pair, the first public private key pair used as this session.Public private key pair in above-mentioned public private key pair database is uniquely and not
Duplicate, which can be with public private key pair all in prefixed time interval more new database.Optionally, above-mentioned first eventually
End selects public private key pair according to the serial number of public private key pair in order.Further, above-mentioned public private key pair data can come from servicing
Device is also possible to the data of second terminal oneself storage, can also be the data generated online.
In alternatively possible implementation, the first public private key pair of above-mentioned first terminal is by oneself key generator
Generate, on say the first public private key pair include the first public key and the first private key, the first public private key pair of generation can only be in this session
In effectively.The Encryption Algorithm that above-mentioned key generator uses, including but not limited to RSA cryptographic algorithms (RSA algorithm,
RSA), Elgamal algorithm, elliptic curve encryption algorithm (ECC), ECDSA algorithm (The Elliptic Curve Digital
Signature Algorithm, ECDSA) and DSA algorithm (Digital Signature Algorithm, DSA) etc., the application
Embodiment is not especially limited.
S505, according to the first private key and the second public key, first terminal generates the first session key.
Specifically, the second public key that first terminal obtains can be that close form is not added, it is also possible to pass through with digital signature
The form of encryption is crossed, the embodiment of the present application is not especially limited.
Under the premise of first terminal and second terminal use identical encryption rule, the first session key of generation and the
Two session keys do not need actually to be transmitted.The content encrypted using the first session key, can be by the second session key
Decryption;The content encrypted using the second session key, can be decrypted by the first session key.Above-mentioned encryption rule can be one kind
The combination of Encryption Algorithm or multiple encryption algorithms.
S506, first terminal send the first public key to second terminal.
Corresponding, above-mentioned second terminal receives above-mentioned first public key.
In one possible implementation, above-mentioned first public key can be with CA (Certificate Authority, CA)
The digital certificate that server generates is sent to above-mentioned second terminal together.It is corresponding that the digital certificate may include above-mentioned first terminal
Identity information.Meanwhile above-mentioned first terminal and the preset CA of second terminal (Certificate Authority, CA) server
Public key, for examining the authenticity of the digital certificate received.
In alternatively possible implementation, first terminal can take to CA (Certificate Authority, CA)
Business device sends the first public key generated at this time, obtains CA (Certificate Authority, CA) server and uses oneself private key
The digital certificate of generation.By it is above-mentioned include that the digital certificate of the first public key and identity information is sent to above-mentioned second terminal.The
Two terminals use the public key of preset CA (Certificate Authority, CA) server, for obtaining in digital certificate
First public key.
S507, when receive first terminal transmission the first public key when, according to the second private key and the first public key, second terminal
Generate the second session key.
The specific implementation of the step can refer to the step S203 of embodiment described in Fig. 3, and details are not described herein.
S508, second terminal send session channel to first terminal and establish response message.
The specific implementation of the step can refer to the step S204 of embodiment described in Fig. 3, and details are not described herein.
According to a kind of encrypted transmission method provided by the embodiments of the present application, by the verifying of identity, second terminal and sending
The first terminal of session request establishes session channel, obtains the arranging key encrypted to the data of transmission.Implement the application
Scheme, it can be ensured that carry out believable communication with reliable communication object.
Referring to Fig. 7, Fig. 7 is a kind of schematic diagram of terminal provided by the embodiments of the present application.Above-mentioned terminal includes: second to connect
Receive unit 601, the second authentication unit 602 and the second decryption unit 603;Optionally, above-mentioned terminal further include: the second encryption unit
604, the second signature unit 605 and the second transmission unit 606;Optionally, above-mentioned terminal further include: the second Key generating unit
607.Wherein:
Second receiving unit 601, for receiving the signature and encrypted first data to be transmitted that first terminal is sent;
Second authentication unit 602, for the signature using the first data to be transmitted described in first public key verifications;
Second decryption unit 603, for decrypting the of the encryption using second session key when being verified
One data to be transmitted, the first data to be transmitted after being decrypted.
In one implementation, above-mentioned terminal further include:
Second encryption unit 604 is encrypted for being encrypted using the second session key to the second data to be transmitted
The second data to be transmitted afterwards, second session key are the first public affairs of the second private key and first terminal according to second terminal
What key generated;
Second signature unit 605, for being carried out using second private key to encrypted second data to be transmitted
Signature obtains signature and encrypted second data to be transmitted;
Second transmission unit 606, for sending the signature, encrypted second number to be transmitted to the first terminal
According to.
In alternatively possible implementation, above-mentioned terminal further include:
Second Key generating unit 607 disappears for establishing request when the session channel for receiving the first terminal transmission
When breath, the second private key and the second public key are generated;
Above-mentioned second transmission unit 606 is also used to, and Xiang Suoshu first terminal sends second public key;
Second Key generating unit 607 described above is also used to, when the first public key for receiving the first terminal transmission
When, according to second private key and first public key, generate second session key;
Above-mentioned second transmission unit 606 is also used to, and Xiang Suoshu first terminal sends session channel and establishes response message.
In another possible implementation, above-mentioned second decryption unit 603 is also used to, if authentication failed, output is tested
Simultaneously delete second session key, second private key and second public key in card failure interface.
In another possible implementation, above-mentioned second decryption unit 603 is also used to, and when receiving, the end is logical
After believing message, second session key, second private key and second public key are deleted.
Related above-mentioned second receiving unit 601, the second authentication unit 602, the second decryption unit 603, the second encryption unit
604, the second signature unit 605, the second transmission unit 606 and the second Key generating unit 607 more detailed description can be direct
The correlation for the encrypted transmission method that above-mentioned second terminal executes in the embodiment of the method with reference to described in above-mentioned Fig. 2, Fig. 3 or Fig. 4 is retouched
It states and directly obtains, be not added repeat here.
A kind of terminal provided by the embodiments of the present application can confirm the identity of communication object by way of less radio-frequency
Information has ensured reliable communication process.
Referring to Fig. 8, Fig. 8 is a kind of schematic diagram of terminal provided by the embodiments of the present application.Above-mentioned terminal includes: first to connect
Receive unit 701, the first authentication unit 702 and the first decryption unit 703;Optionally, above-mentioned terminal further include: the first encryption unit
704, the first signature unit 705 and the first transmission unit 706;Optionally, above-mentioned terminal further include: first key generation unit
707.Wherein:
First receiving unit 701, for by wireless radio frequency mode from second terminal receive signature, encrypted second to
Transmit data;
First authentication unit 702, for the signature using the second data to be transmitted described in second public key verifications;
First decryption unit 703, for decrypting the of the encryption using first session key when being verified
Two data to be transmitted, the second data to be transmitted after being decrypted.
In one implementation, above-mentioned terminal further include:
First encryption unit 704 is encrypted for being encrypted using the first session key to the first data to be transmitted
The first data to be transmitted afterwards, first session key are the second public affairs of the first private key and second terminal according to first terminal
What key generated;
First signature unit 705, for being carried out using first private key to encrypted first data to be transmitted
Signature, is signed, encrypted first data to be transmitted;
First transmission unit 706, after sending the signature, encryption to the second terminal by wireless radio frequency mode
The first data to be transmitted.
In alternatively possible implementation, above-mentioned terminal further include:
Above-mentioned first transmission unit 706 is also used to, and Xiang Suoshu second terminal sends session channel and establishes request message;
First key generation unit 707, for generating the first private key and the first public key pair;
First key generation unit 707 described above is also used to, when the second public key for receiving the first terminal transmission
When, according to first private key and second public key, generate first session key;
Above-mentioned first receiving unit is also used to, and is received session channel from the second terminal and is established response message.
In another possible implementation, above-mentioned first transmission unit 706 is also used to, and Xiang Suoshu second terminal is sent
Terminate communication information.
Related above-mentioned first receiving unit 701, the first authentication unit 702, the first decryption unit 703, the first encryption unit
704, the first signature unit 708, the first transmission unit 706 and the more detailed description of first key generation unit 707 can be direct
The associated description for the encrypted transmission method that above-mentioned first terminal executes in the embodiment of the method with reference to described in above-mentioned Fig. 4 directly obtains
It arrives, is not added repeats here.
A kind of terminal provided by the embodiments of the present application can confirm the identity of communication object by way of less radio-frequency
Information has ensured reliable communication process.
Referring to Fig. 9, Fig. 9 is a kind of hardware structural diagram of terminal provided by the embodiments of the present application.As shown in Figure 8
Terminal in the present embodiment may include: processor 801, input unit 802, output device 803 and memory 804.Above-mentioned place
It can be connected with each other by bus between reason device 801, input unit 802, output device 803 and memory 804.
Memory include but is not limited to be random access memory (random access memory, RAM), read-only storage
Device (read-only memory, ROM), Erasable Programmable Read Only Memory EPROM (erasable programmable read
Only memory, EPROM) or portable read-only memory (compact disc read-only memory, CD-ROM),
The memory is used for dependent instruction and data.
Processor may include be one or more processors, for example including one or more central processing unit (central
Processing unit, CPU), in the case where processor is a CPU, which can be monokaryon CPU, be also possible to more
Core CPU.
Memory is used for the program code and data of storage networking device.
Input unit is used for output data and/or signal for input data and/or signal and output device.Output
Device and input unit can be independent device, be also possible to the device of an entirety.
Processor is used to call the program code and data in the memory, executes following steps: by less radio-frequency side
Formula receives signature, encrypted first data to be transmitted from first terminal, and the signature, encrypted first data to be transmitted are
The first terminal is encrypted using the first session key and the first private key signature is used to obtain, first session key
For what is generated according to the second public key of the first private key of the first terminal and second terminal;Using the first public key verifications institute
State the signature of the first data to be transmitted;When being verified, using second session key decrypt the first of the encryption to
Transmit data, the first data to be transmitted after being decrypted.
In one possible implementation, the processor is also used to execute following steps: using the second session key
Second data to be transmitted is encrypted, obtains encrypted second data to be transmitted, second session key is according to the
What the second private key of two terminals and the first public key of first terminal generated;Using second private key to described encrypted second
Data to be transmitted is signed, and is signed, encrypted second data to be transmitted;By wireless radio frequency mode to described first
Terminal sends the signature, encrypted second data to be transmitted.
In alternatively possible implementation, the processor is also used to execute following steps: when receiving described
When the session channel that one terminal is sent establishes request message, the second private key and the second public key pair are generated;It is sent out to the first terminal
Send second public key;When receiving the first public key that the first terminal is sent, according to second private key and described the
One public key generates second session key;Session channel, which is sent, to the first terminal establishes response message.
It is designed it is understood that Fig. 9 illustrate only simplifying for terminal.In practical applications, terminal can also be distinguished
Comprising necessary other elements, including but not limited to any number of network interface, input unit, output device, processor, deposit
Reservoir etc., and all second terminals that the embodiment of the present application may be implemented are all within the scope of protection of this application.
Referring to Fig. 10, Figure 10 is a kind of hardware structural diagram of terminal provided by the embodiments of the present application.As shown in Figure 9
The present embodiment in terminal may include: processor 901, input unit 902, output device 903 and memory 904.It is above-mentioned
It can be connected with each other by bus between processor 901, input unit 902, output device 903 and memory 904.
Memory include but is not limited to be random access memory (random access memory, RAM), read-only storage
Device (read-only memory, ROM), Erasable Programmable Read Only Memory EPROM (erasable programmable read
Only memory, EPROM) or portable read-only memory (compact disc read-only memory, CD-ROM),
The memory is used for dependent instruction and data.
Processor may include be one or more processors, for example including one or more central processing unit (central
Processing unit, CPU), in the case where processor is a CPU, which can be monokaryon CPU, be also possible to more
Core CPU.
Memory is used for the program code and data of storage networking device.
Input unit is used for output data and/or signal for input data and/or signal and output device.Output
Device and input unit can be independent device, be also possible to the device of an entirety.
Processor is used to call the program code and data in the memory, executes following steps: by less radio-frequency side
Formula receives signature, encrypted second data to be transmitted from second terminal;It is to be passed using described in second public key verifications second
The signature of transmission of data;When being verified, the second data to be transmitted of the encryption is decrypted using first session key, is obtained
The second data to be transmitted after to decryption.
In one possible implementation, the processor is also used to execute following steps: using the first session key
First data to be transmitted is encrypted, obtains encrypted first data to be transmitted, first session key is according to the
What the first private key of one terminal and the second public key of second terminal generated;Using first private key to described encrypted first
Data to be transmitted is signed, and is signed, encrypted first data to be transmitted;By wireless radio frequency mode to described second
Terminal sends the signature, encrypted first data to be transmitted.
In alternatively possible implementation, the processor is also used to execute following steps: Xiang Suoshu second terminal
It sends session channel and establishes request message;Generate the first private key and the first public key pair;When receiving what the second terminal was sent
When the second public key, according to first private key and second public key, first session key is generated;From the second terminal
It receives session channel and establishes response message.
It is designed it is understood that Figure 10 illustrate only simplifying for terminal.In practical applications, terminal can also be distinguished
Comprising necessary other elements, including but not limited to any number of network interface, input unit, output device, processor, deposit
Reservoir etc., and all first terminals that the embodiment of the present application may be implemented are all within the scope of protection of this application.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.For example, the division of the unit, only a kind of logical function partition, can have in actual implementation
Other division mode, for example, multiple units or components can be combined or can be integrated into another system or some features
It can ignore, or not execute.Shown or discussed mutual coupling or direct-coupling or communication connection can be logical
Some interfaces are crossed, the indirect coupling or communication connection of device or unit can be electrical property, mechanical or other forms.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program produces
Product include one or more computer instructions.It is all or part of when loading and execute on computers the computer program instructions
Ground generates the process or function according to the embodiment of the present application.The computer can be general purpose computer, special purpose computer, computer
Network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or by being somebody's turn to do
Computer readable storage medium is transmitted.The computer instruction can be from a web-site, computer, server or data
Center passes through wired (such as coaxial cable, optical fiber, Digital Subscriber Line (digital subscriber line, DSL)) or wireless
(such as infrared, wireless, microwave etc.) mode is transmitted to another web-site, computer, server or data center.It should
Computer readable storage medium can be any usable medium that computer can access or include one or more available
The data storage devices such as medium integrated server, data center.The usable medium can be read-only memory (read-only
Memory, ROM) or random access memory (random access memory, RAM) or magnetic medium, for example, floppy disk,
Hard disk, tape, magnetic disk or optical medium, for example, digital versatile disc (digital versatile disc, DVD) or half
Conductive medium, for example, solid state hard disk (solid state disk, SSD) etc..
Claims (10)
1. a kind of encrypted transmission method, which is characterized in that the described method includes:
Receive the signature and encrypted first data to be transmitted that first terminal is sent, the signature and encrypted first to be passed
The transmission of data first terminal is encrypted using the first session key and the first private key signature is used to obtain, first session
Key is to be generated according to the first private key of the first terminal and the second public key of second terminal;
Using the signature of the first data to be transmitted described in first public key verifications;
When being verified, the first number to be transmitted of the encryption is decrypted using second session key, after being decrypted
First data to be transmitted.
2. the method as described in claim 1, which is characterized in that the method also includes:
The second data to be transmitted is encrypted using the second session key, obtains encrypted second data to be transmitted, it is described
Second session key is to be generated according to the second private key of second terminal and the first public key of first terminal;
It is signed using second private key to encrypted second data to be transmitted, obtains signature and encrypted the
Two data to be transmitted;
The signature and encrypted second data to be transmitted are sent to the first terminal.
3. method according to claim 1 or 2, which is characterized in that the method also includes:
When the session channel for receiving the first terminal transmission establishes request message, the second private key and the second public key are generated;
Second public key is sent to the first terminal;
When receiving the first public key that the first terminal is sent, according to second private key and first public key, generate
Second session key;
Session channel, which is sent, to the first terminal establishes response message.
4. method as claimed in claim 3, which is characterized in that second private key and second public key are that a session has
Effect.
5. method as claimed in claim 3, which is characterized in that described to be transmitted using described in first public key verifications first
After the signature of data, the method also includes:
If authentication failed, exports authentication failed interface and delete second session key, second private key and described second
Public key.
6. method as claimed in claim 3, which is characterized in that the method also includes:
Receive the end communication information that the first terminal is sent;
According to the end communication information received, second session key, second private key and described second are deleted
Public key.
7. a kind of encrypted transmission method, which is characterized in that the described method includes:
First terminal encrypts the first data to be transmitted using the first session key, obtains the encrypted first number to be transmitted
According to first session key is to be generated according to the first private key of the first terminal and the second public key of second terminal;
The first terminal signs to encrypted first data to be transmitted using first private key, is signed
With encrypted first data to be transmitted;
The first terminal sends the signature, encrypted first data to be transmitted to the second terminal;
The second terminal receives the signature and encrypted first data to be transmitted;
The signature of first data to be transmitted described in the first public key verifications of the second terminal using the first terminal;
When being verified, the second terminal decrypts the first data to be transmitted of the encryption using the second session key, obtains
The first data to be transmitted after to decryption.
8. a kind of terminal, uses as second terminal, which is characterized in that including processor, input unit, output device and storage
Device, wherein the memory is for storing computer program, the computer program includes program instruction, and the processor is matched
It sets for calling described program to instruct, executes the method as described in claim 1 to 6 any claim.
9. a kind of terminal, uses as first terminal, which is characterized in that including processor, input unit, output device and storage
Device, wherein the memory is for storing computer program, and the computer program includes program instruction, the processor quilt
It is configured to call described program instruction, for being encrypted using the first session key to the first data to be transmitted, be added
The first data to be transmitted after close;It is also used to sign encrypted first data to be transmitted using first private key
Name obtains signature and encrypted first data to be transmitted;It is also used to control output device to described in second terminal transmission
Signature, encrypted first data to be transmitted.
10. a kind of encrypted data transmission system, which is characterized in that including terminal as claimed in claim 8, and as right is wanted
Terminal described in asking 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910028333.8A CN109698834A (en) | 2019-01-11 | 2019-01-11 | A kind of encrypted transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910028333.8A CN109698834A (en) | 2019-01-11 | 2019-01-11 | A kind of encrypted transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109698834A true CN109698834A (en) | 2019-04-30 |
Family
ID=66233257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910028333.8A Pending CN109698834A (en) | 2019-01-11 | 2019-01-11 | A kind of encrypted transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109698834A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377799A (en) * | 2019-06-26 | 2019-10-25 | 深圳市轱辘汽车维修技术有限公司 | A kind of vehicle assessment data checking method and device |
| CN110855628A (en) * | 2019-10-21 | 2020-02-28 | 南京磐固信息科技有限公司 | Data transmission method and system |
| CN112636916A (en) * | 2020-11-30 | 2021-04-09 | 捷德(中国)科技有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| CN113905368A (en) * | 2021-12-06 | 2022-01-07 | 武汉天喻信息产业股份有限公司 | Mobile terminal secure communication method, device, equipment and readable storage medium |
| CN114363894A (en) * | 2020-09-27 | 2022-04-15 | 华为技术有限公司 | Data transmission method and device |
| WO2022267723A1 (en) * | 2021-06-22 | 2022-12-29 | 华为技术有限公司 | Session key generation method and apparatus |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005361A (en) * | 2007-01-22 | 2007-07-25 | 北京飞天诚信科技有限公司 | Server and software protection method and system |
| US20140173281A1 (en) * | 2012-12-14 | 2014-06-19 | Electronics And Telecommunications Research Institute | Apparatus and method for anonymity-based authentication and key agreement capable of providing communication message binding property |
| CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
| CN107104888A (en) * | 2017-06-09 | 2017-08-29 | 成都轻车快马网络科技有限公司 | A kind of safe instant communicating method |
| CN108322451A (en) * | 2018-01-12 | 2018-07-24 | 深圳壹账通智能科技有限公司 | Data processing method, device, computer equipment and storage medium |
-
2019
- 2019-01-11 CN CN201910028333.8A patent/CN109698834A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005361A (en) * | 2007-01-22 | 2007-07-25 | 北京飞天诚信科技有限公司 | Server and software protection method and system |
| US20140173281A1 (en) * | 2012-12-14 | 2014-06-19 | Electronics And Telecommunications Research Institute | Apparatus and method for anonymity-based authentication and key agreement capable of providing communication message binding property |
| CN103974241A (en) * | 2013-02-05 | 2014-08-06 | 东南大学常州研究院 | Voice end-to-end encryption method aiming at mobile terminal with Android system |
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
| CN107104888A (en) * | 2017-06-09 | 2017-08-29 | 成都轻车快马网络科技有限公司 | A kind of safe instant communicating method |
| CN108322451A (en) * | 2018-01-12 | 2018-07-24 | 深圳壹账通智能科技有限公司 | Data processing method, device, computer equipment and storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110377799A (en) * | 2019-06-26 | 2019-10-25 | 深圳市轱辘汽车维修技术有限公司 | A kind of vehicle assessment data checking method and device |
| CN110855628A (en) * | 2019-10-21 | 2020-02-28 | 南京磐固信息科技有限公司 | Data transmission method and system |
| CN114363894A (en) * | 2020-09-27 | 2022-04-15 | 华为技术有限公司 | Data transmission method and device |
| CN114363894B (en) * | 2020-09-27 | 2024-06-04 | 花瓣云科技有限公司 | Data transmission method and device |
| CN112636916A (en) * | 2020-11-30 | 2021-04-09 | 捷德(中国)科技有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| WO2022267723A1 (en) * | 2021-06-22 | 2022-12-29 | 华为技术有限公司 | Session key generation method and apparatus |
| CN113905368A (en) * | 2021-12-06 | 2022-01-07 | 武汉天喻信息产业股份有限公司 | Mobile terminal secure communication method, device, equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109698834A (en) | A kind of encrypted transmission method and system | |
| CN102546155B (en) | On-demand safe key generates method and system | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN102916869B (en) | Instant messaging method and system | |
| US9615257B2 (en) | Data integrity for proximity-based communication | |
| CN104917807B (en) | Resource transfers methods, devices and systems | |
| US20140141750A1 (en) | Data integrity for proximity-based communication | |
| CN106576043A (en) | Virally distributable trusted messaging | |
| CN109391468A (en) | A kind of authentication method and system | |
| EP3363152A1 (en) | Message authentication | |
| CN110365486A (en) | A kind of certificate request method, device and equipment | |
| CN109728913A (en) | A kind of equipment validity verification method, relevant device and system | |
| CN108418845A (en) | Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit | |
| CN109729000B (en) | Instant messaging method and device | |
| WO2020036070A1 (en) | Terminal registration system and terminal registration method | |
| CN109768982A (en) | A kind of encrypted transmission method and device based on Internet of Things | |
| CN109639644A (en) | Authority checking method, apparatus, storage medium and electronic equipment | |
| CN115001841A (en) | Identity authentication method, identity authentication device and storage medium | |
| CN109698746A (en) | Negotiate the method and system of the sub-key of generation bound device based on master key | |
| CN108574571A (en) | Private key generation method, equipment and system | |
| CN110958266A (en) | Data processing method, system, computer device and storage medium | |
| CN108011856A (en) | A kind of method and apparatus for transmitting data | |
| CN109617899A (en) | A kind of data transmission method and system | |
| CN104660568A (en) | Address list information protecting method and device | |
| CN103731828B (en) | A kind of terminal unit and method for electronic certificate authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190430 |
|
| RJ01 | Rejection of invention patent application after publication |