[go: up one dir, main page]

CN112073370B - Client encryption communication method - Google Patents

Client encryption communication method Download PDF

Info

Publication number
CN112073370B
CN112073370B CN202010743932.0A CN202010743932A CN112073370B CN 112073370 B CN112073370 B CN 112073370B CN 202010743932 A CN202010743932 A CN 202010743932A CN 112073370 B CN112073370 B CN 112073370B
Authority
CN
China
Prior art keywords
data
header
client
data header
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010743932.0A
Other languages
Chinese (zh)
Other versions
CN112073370A (en
Inventor
钱伟
胡遨洋
朱重希
花志伟
刘书涵
徐宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Tongxiang Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202010743932.0A priority Critical patent/CN112073370B/en
Publication of CN112073370A publication Critical patent/CN112073370A/en
Application granted granted Critical
Publication of CN112073370B publication Critical patent/CN112073370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种客户端加密通信方法,包括第一客户端首次信息发送加密方法、第二客户端首次信息接收解密方法、第二客户端信息回复加密方法和第一客户端首次信息接收解密方法,第一客户端首次信息发送加密方法包括以下步骤:生成第一虚拟数据头;生成第一用户数据;生成第二虚拟数据头,加入第一数据接收白名单;建立第一映射关系表并存储;生成第一密文并发送;生成第二用户数据;对第二用户数据的数据体进行加密得到第三用户数据并发送。本发明的优点是:保证原始数据头信息不泄露并能告知对方客户端该原始数据头对应的虚拟数据头;能够防止黑客截取数据头进行数据仿冒;避免了因数据头加密而无法确定密文大小以及何时开始解密的问题。

Figure 202010743932

The invention relates to a client encrypted communication method, including an encryption method for the first information transmission of a first client, a decryption method for the first information reception of a second client, an encryption method for replying information of the second client, and a method for the first information reception and decryption of the first client , the method for encrypting the first information sent by the first client includes the following steps: generating a first virtual data header; generating first user data; generating a second virtual data header, adding the first data receiving whitelist; establishing a first mapping relationship table and storing ; generate the first ciphertext and send it; generate the second user data; encrypt the data body of the second user data to obtain the third user data and send it. The invention has the advantages of: ensuring that the original data header information is not leaked and can inform the opposite client of the virtual data header corresponding to the original data header; preventing hackers from intercepting the data header for data counterfeiting; avoiding the inability to determine the ciphertext due to the encryption of the data header size and when to start decryption.

Figure 202010743932

Description

一种客户端加密通信方法A client-side encrypted communication method

技术领域technical field

本发明涉及通信安全技术领域,尤其涉及一种客户端加密通信方法。The invention relates to the technical field of communication security, in particular to a client encrypted communication method.

背景技术Background technique

20世纪以来随着计算机技术的发展,网络传输技术已经成为工业、农业以及国防等领域的重要信息传递手段,并逐渐开始进入到社会的其他各个领域。随着网络逐渐渗透到人们的生活、工作以及娱乐等各方面,网络传输过程中的信息安全问题也日益成为了大家关注的热点。为了提高用户信息在网络传输中的安全性,网络传输数据加密技术逐渐成为大家的研究热点。目前比较常用的数据加密技术包括数字签名认证、个人身份认证以及电子印章等。虽然通过这些方法我们已经能够实现比较安全的网络数据环境,但是依然还是会出现数据被盗取、网站被黑客攻击的事件。Since the 20th century, with the development of computer technology, network transmission technology has become an important means of information transmission in the fields of industry, agriculture and national defense, and gradually began to enter other fields of society. As the network gradually penetrates into people's life, work and entertainment, information security issues during network transmission have increasingly become a focus of attention. In order to improve the security of user information in network transmission, network transmission data encryption technology has gradually become a research hotspot. At present, the commonly used data encryption technologies include digital signature authentication, personal identity authentication, and electronic seal. Although we have been able to achieve a relatively secure network data environment through these methods, there are still incidents of data being stolen and websites being attacked by hackers.

目前计算机网络数据传输加密方法中应用较多的为端到端加密方法,端到端加密方式就是在数据传输的过程中始终是以密文的形式从发送端到接收端。因此,可以对数据传输进行全过程的保护。在无线网络数据加密传输中,一般都是对应用层的用户数据进行加密。应用层的用户数据包括数据头和数据体两个部分,其中数据头中包含与数据体相关的一些重要信息,例如,版本号、数据长度以及数据类型等信息。目前对用户数据进行加密时大都只对数据体进行加密,而对包含与数据相关的一些重要信息的数据头并没有进行加密。此时若出现黑客攻击或者是字段篡改等非法行为,则黑客将能截取或者修改与用户数据有关的一些重要信息。例如,在数据头未加密的情况下,此时若黑客截取到了数据头中的信息,则其可能会向接收端发送一些与正常数据体具有相同数据头的一些垃圾信息,占用数据传输资源从而导致业务失败。若是对数据头进行加密,则会出现接收方无法确定数据体数据长度,无法确定密文大小以及何时开始解密的问题。Currently, end-to-end encryption methods are widely used in computer network data transmission encryption methods, and end-to-end encryption methods are always in the form of ciphertext from the sender to the receiver during the data transmission process. Therefore, the entire process of data transmission can be protected. In the encrypted transmission of wireless network data, the user data at the application layer is generally encrypted. The user data of the application layer includes a data header and a data body, wherein the data header contains some important information related to the data body, such as version number, data length, and data type. At present, when encrypting user data, only the data body is mostly encrypted, and the data header containing some important information related to the data is not encrypted. At this time, if hacker attacks or field tampering and other illegal acts occur, hackers will be able to intercept or modify some important information related to user data. For example, if the data header is not encrypted, if the hacker intercepts the information in the data header at this time, it may send some junk information with the same data header as the normal data body to the receiving end, occupying data transmission resources and thus cause business failure. If the data header is encrypted, the receiver cannot determine the length of the data body, the size of the ciphertext, and when to start decryption.

发明内容SUMMARY OF THE INVENTION

本发明主要现有加密方案只对数据体加密,不对数据体进行加密,导致黑客能够通过截取数据头影响业务,对数据头加密则会应该通信业务的问题,提供一种通过设置虚拟数据头,且虚拟数据头会进行实时变化的基于应用层的加密通信方法。The main existing encryption scheme of the present invention only encrypts the data body, but does not encrypt the data body, so that the hacker can affect the business by intercepting the data header, and the encryption of the data header will solve the problem of the communication business. And the virtual data header will change in real time based on the encrypted communication method of the application layer.

本发明解决其技术问题所采用的技术方案是,一种客户端加密通信方法,用于第一客户端与第二客户端之间相互通信,包括第一客户端首次信息发送加密方法、第二客户端首次信息接收解密方法、第二客户端信息回复加密方法和第一客户端首次信息接收解密方法,所述第一客户端首次信息发送加密方法包括以下步骤:The technical solution adopted by the present invention to solve the technical problem is, a client encrypted communication method for mutual communication between a first client and a second client, including an encryption method for the first client to send information, a second A method for decrypting information received by a client for the first time, a method for encrypting information replying to a second client, and a method for decrypting information received by a first client for the first time. The encryption method for sending information for the first time on the first client includes the following steps:

S01:生成第一虚拟数据头;S01: generate a first virtual data header;

S02:以原始数据头为数据头,以第一虚拟数据头为数据体生成第一用户数据,原始数据头为客户端实际上的数据头;S02: take the original data header as the data header, take the first virtual data header as the data body to generate the first user data, and the original data header is the actual data header of the client;

S03:根据第一虚拟数据头生成第二虚拟数据头,将第二虚拟数据头加入第一数据接收白名单;S03: Generate a second virtual data header according to the first virtual data header, and add the second virtual data header to the first data receiving whitelist;

S04:建立原始数据头与第一虚拟数据头和第二虚拟数据头的第一映射关系表并存储;S04: establish and store a first mapping relationship table between the original data header and the first virtual data header and the second virtual data header;

S05:对第一用户数据的数据头和数据体进行加密,生成第一密文;S05: Encrypt the data header and data body of the first user data to generate a first ciphertext;

S06:采用UDP协议发送第一密文;S06: Send the first ciphertext by using the UDP protocol;

S07:以第一虚拟数据头为数据头,以用户数据输入的数据为数据体生成第二用户数据;S07: use the first virtual data header as the data header, and use the data input from the user data as the data body to generate the second user data;

S08:对第二用户数据的数据体进行加密得到第三用户数据并发送。S08: Encrypt the data body of the second user data to obtain the third user data and send it.

在建立通信时,首先告知对方原始的数据头和虚拟数据头信息,然后以虚拟数据头进行通信,并且每个虚拟数据头只使用一次,防止黑客截取数据头进行攻击;采用UDP协议进行密文发送,在信息完全被第二客户端接收后才开始解密,避免了因数据头加密而无法确定密文大小以及何时开始解密的问题。When establishing communication, first inform the other party of the original data header and virtual data header information, and then use the virtual data header to communicate, and each virtual data header is only used once to prevent hackers from intercepting the data header and attacking; UDP protocol is used for ciphertext After sending, the decryption starts only after the information is completely received by the second client, which avoids the problem that the size of the ciphertext and when to start decryption cannot be determined due to the encryption of the data header.

作为上述方案的一种优选方案,所述第二客户端首次信息接收解密方法包括以下步骤:As a preferred solution of the above solution, the method for decrypting the first information received by the second client includes the following steps:

S11:对接收到的数据进行筛选,保留数据头和数据体均为密文的第一类型用户数据;S11: Screen the received data, and retain the first type of user data whose data header and data body are both ciphertext;

S12:对第一类型用户数据进行解密,获取原始数据头和第一虚拟数据头;S12: Decrypt the first type of user data to obtain the original data header and the first virtual data header;

S13:建立原始数据头与第一虚拟数据头的第二映射关系表并存储;S13: establish and store a second mapping relationship table between the original data header and the first virtual data header;

S14:将第一虚拟数据头加入到第二数据接收白名单,等待接收数据头为第一虚拟数据头的用户数据;S14: adding the first virtual data header to the second data receiving whitelist, and waiting to receive user data whose data header is the first virtual data header;

S13:接收到数据头为第一虚拟数据头的用户数据后,对该用户数据的数据体进行解密;S13: after receiving the user data whose data header is the first virtual data header, decrypt the data body of the user data;

S16:根据该用户数据的数据头生成第二虚拟数据头并将第二虚拟数据头添加到第二映射关系表中;S16: generate a second virtual data header according to the data header of the user data and add the second virtual data header to the second mapping relationship table;

S17:将第二虚拟数据头加入到第二数据接收白名单中。S17: Add the second virtual data header to the second data receiving white list.

作为上述方案的一种优选方案,所述第二客户端信息回复加密方法包括以下步骤:As a preferred solution of the above solution, the second client information reply encryption method includes the following steps:

S21:以第二虚拟数据头为数据头以第二客户端用户输入信息为数据体生成第四用户数据;S21: Generate fourth user data with the second virtual data header as the data header and the second client user input information as the data body;

S22:对第四用户数据的数据体进行加密得到第五用户数据并发送S22: Encrypt the data body of the fourth user data to obtain the fifth user data and send it

S23:根据第二虚拟数据头生成第三虚拟数据头;S23: Generate a third virtual data header according to the second virtual data header;

S24:将第三虚拟数据头添加到第二映射关系表和第二数据接收白名单中;S24: Add the third virtual data header to the second mapping relationship table and the second data receiving whitelist;

S25:在第二数据接收白名单中删除第二虚拟数据头。S25: Delete the second dummy data header from the second data receiving whitelist.

作为上述方案的一种优选方案,所述第一客户端首次信息接收解密方法,包括以下步骤:As a preferred solution of the above solution, the method for first receiving and decrypting information of the first client includes the following steps:

S31:对接收到的数据进行筛选,保留数据头为第二虚拟数据头的用户数据;S31: Screen the received data, and retain the user data whose data header is the second virtual data header;

S32:对该用户数据的数据体进行解密;S32: Decrypt the data body of the user data;

S33:根据第二虚拟数据头生成第三虚拟数据头;S33: Generate a third virtual data header according to the second virtual data header;

S34:将第三虚拟数据头添加到第一映射关系表和第一数据接收白名单中;S34: Add the third virtual data header to the first mapping relationship table and the first data receiving whitelist;

S35:在第一数据接收白名单中删除第二虚拟数据头。S35: Delete the second virtual data header from the first data receiving whitelist.

作为上述方案的一种优选方案,所述虚拟数据头包括版本号、数据长度和数据类型,所述数据长度为与该虚拟数据头组成用户数据的数据体的长度,所述版本号和数据类型根据按照预设规则进行变化。As a preferred solution of the above solution, the virtual data header includes a version number, a data length and a data type, and the data length is the length of the data body that forms user data with the virtual data header. The version number and data type Change according to preset rules.

作为上述方案的一种优选方案,在第一客户端与第二客户端通信过程中,每一次用户数据通讯都采用不同的数据头。As a preferred solution of the above solution, during the communication process between the first client and the second client, different data headers are used for each user data communication.

作为上述方案的一种优选方案,所述第一客户端和第二客户端中的一个客户端接收到信息后,第一数据接收白名单和第二数据接收白名单相同,第一映射关系表和第二映射关系表相同。As a preferred solution of the above solution, after one of the first client and the second client receives the information, the first data receiving whitelist and the second data receiving whitelist are the same, and the first mapping relationship table It is the same as the second mapping relationship table.

本发明的优点是:以原始数据头和虚拟数据头组成应用数据进行整体加密后发送给对方,以此建立通信关系,保证原始数据头信息不泄露并能告知对方客户端该原始数据头对应的虚拟数据头;建立通信关系后采用虚拟数据头进行通信并虚拟数据头随着信息传输进行变化,能够防止黑客截取数据头进行数据仿冒;采用UDP协议进行密文发送,在信息完全被第二客户端接收后才开始解密,避免了因数据头加密而无法确定密文大小以及何时开始解密的问题。The advantages of the present invention are: the application data composed of the original data header and the virtual data header is encrypted as a whole and sent to the other party, thereby establishing a communication relationship, ensuring that the original data header information is not leaked, and can inform the counterparty client of the corresponding original data header. Virtual data header; after the communication relationship is established, the virtual data header is used for communication and the virtual data header changes with the information transmission, which can prevent hackers from intercepting the data header for data counterfeiting; using the UDP protocol for cipher text transmission, when the information is completely blocked by the second client Decryption starts after the terminal receives it, which avoids the problem that the size of the ciphertext and when to start decryption cannot be determined due to the encryption of the data header.

附图说明Description of drawings

图1为实施例中第一客户端首次信息发送加密方法的一种流程示意图。FIG. 1 is a schematic flowchart of a method for encrypting first information transmission by a first client in an embodiment.

图2为实施例中第二客户端首次信息接收解密方法的一种流程示意图。FIG. 2 is a schematic flowchart of a method for decrypting information received by a second client for the first time in an embodiment.

图3为实施例中第二客户端信息回复加密方法的一种流程示意图。FIG. 3 is a schematic flowchart of a method for encrypting information replying to a second client in an embodiment.

图4为实施例中第一客户端首次信息接收解密方法的一种流程示意图。FIG. 4 is a schematic flowchart of a method for decrypting information received by a first client for the first time in an embodiment.

具体实施方式Detailed ways

下面通过实施例,并结合附图,对本发明的技术方案作进一步的说明。The technical solutions of the present invention will be further described below through examples and in conjunction with the accompanying drawings.

实施例:Example:

本实施例一种客户端加密通信方法,用于第一客户端与第二客户端之间相互通信,包括第一客户端首次信息发送加密方法、第二客户端首次信息接收解密方法、第二客户端信息回复加密方法和第一客户端首次信息接收解密方法,第一客户端首次信息发送加密方法包括如图1所示,以下步骤:In this embodiment, a client-side encrypted communication method is used for mutual communication between a first client and a second client, including an encryption method for the first client to send information, a second client to receive and decrypt for the first time, and a second The client-side information reply encryption method and the first client's first-time information receiving and decrypting method, the first client-side first-time information sending encryption method includes as shown in Figure 1, the following steps:

S01:生成第一虚拟数据头,虚拟数据头包括版本号、数据长度和数据类型,数据长度为与该虚拟数据头组成用户数据的数据体的长度,所述版本号和数据类型根据按照预设规则进行变化,第一客户端和第二客户端中存储有相同的规则,即在已知第一虚拟数据头后,第一客户端和第二客户端根据第一虚拟数据头生成的第二虚拟数据头是相同的,实现了两个客户端之间虚拟数据头的同步,为两个客户端之间采用虚拟数据头进行通信提供基础;S01: generate a first virtual data header, the virtual data header includes a version number, a data length and a data type, the data length is the length of a data body that forms user data with the virtual data header, and the version number and the data type are according to preset The rules are changed, and the same rules are stored in the first client and the second client, that is, after the first virtual data header is known, the first client and the second client generate the second virtual data header according to the first virtual data header. The virtual data header is the same, which realizes the synchronization of the virtual data header between the two clients, and provides a basis for the communication between the two clients using the virtual data header;

S02:以原始数据头为数据头,以第一虚拟数据头为数据体生成第一用户数据;S02: generating the first user data with the original data header as the data header and the first virtual data header as the data body;

S03:根据第一虚拟数据头生成第二虚拟数据头,将第二虚拟数据头加入第一数据接收白名单;S03: Generate a second virtual data header according to the first virtual data header, and add the second virtual data header to the first data receiving whitelist;

S04:建立原始数据头与第一虚拟数据头和第二虚拟数据头的第一映射关系表并存储;通过第一映射关系表可以确定虚拟数据头对应的原始数据头,便于对通信数据进行存储;S04: establish and store a first mapping relationship table between the original data header, the first virtual data header and the second virtual data header; the original data header corresponding to the virtual data header can be determined through the first mapping relationship table, so as to facilitate the storage of communication data ;

S05:对第一用户数据的数据头和数据体进行加密,生成第一密文;S05: Encrypt the data header and data body of the first user data to generate a first ciphertext;

S06:采用UDP协议发送第一密文;UDP协议在传输时接收端只有两种情况:接收到完整的数据和没有接收到数据。如果数据在传输的过程中丢失,则发送端需进行重传,因此,第二客户端接收到完整的数据后才会开始解密,避免出因数据头加密而无法确定密文大小以及何时开始解密的问题;S06: The first ciphertext is sent by using the UDP protocol; when the UDP protocol is transmitted, the receiving end has only two situations: complete data is received and no data is received. If the data is lost during transmission, the sender needs to retransmit. Therefore, the second client will not start decryption until the complete data is received, to avoid the inability to determine the size of the ciphertext and when to start due to the encryption of the data header. decryption problem;

S07:以第一虚拟数据头为数据头,以用户数据输入的数据为数据体生成第二用户数据;S07: use the first virtual data header as the data header, and use the data input from the user data as the data body to generate the second user data;

S08:对第二用户数据的数据体进行加密得到第三用户数据并发送。S08: Encrypt the data body of the second user data to obtain the third user data and send it.

如图2所示,第二客户端首次信息接收解密方法包括以下步骤:As shown in Figure 2, the method for decrypting the first information received by the second client includes the following steps:

S11:对接收到的数据进行筛选,保留数据头和数据体均为密文的第一类型用户数据;S11: Screen the received data, and retain the first type of user data whose data header and data body are both ciphertext;

S12:对第一类型用户数据进行解密,获取原始数据头和第一虚拟数据头;S12: Decrypt the first type of user data to obtain the original data header and the first virtual data header;

S13:建立原始数据头与第一虚拟数据头的第二映射关系表并存储;S13: establish and store a second mapping relationship table between the original data header and the first virtual data header;

S14:将第一虚拟数据头加入到第二数据接收白名单,等待接收数据头为第一虚拟数据头的用户数据;S14: adding the first virtual data header to the second data receiving whitelist, and waiting to receive user data whose data header is the first virtual data header;

S13:接收到数据头为第一虚拟数据头的用户数据后,对该用户数据的数据体进行解密;S13: after receiving the user data whose data header is the first virtual data header, decrypt the data body of the user data;

S16:根据该用户数据的数据头生成第二虚拟数据头并将第二虚拟数据头添加到第二映射关系表中;S16: generate a second virtual data header according to the data header of the user data and add the second virtual data header to the second mapping relationship table;

S17:将第二虚拟数据头加入到第二数据接收白名单中。S17: Add the second virtual data header to the second data receiving white list.

如图3所示,第二客户端信息回复加密方法包括以下步骤:As shown in FIG. 3, the second client information reply encryption method includes the following steps:

S21:以第二虚拟数据头为数据头以第二客户端用户输入信息为数据体生成第四用户数据;S21: Generate fourth user data with the second virtual data header as the data header and the second client user input information as the data body;

S22:对第四用户数据的数据体进行加密得到第五用户数据并发送S22: Encrypt the data body of the fourth user data to obtain the fifth user data and send it

S23:根据第二虚拟数据头生成第三虚拟数据头;S23: Generate a third virtual data header according to the second virtual data header;

S24:将第三虚拟数据头添加到第二映射关系表和第二数据接收白名单中;S24: Add the third virtual data header to the second mapping relationship table and the second data receiving whitelist;

S25:在第二数据接收白名单中删除第二虚拟数据头。S25: Delete the second dummy data header from the second data receiving whitelist.

如图4所示,第一客户端首次信息接收解密方法,包括以下步骤:As shown in FIG. 4 , the method for decrypting information received by the first client for the first time includes the following steps:

S31:对接收到的数据进行筛选,保留数据头为第二虚拟数据头的用户数据;S31: Screen the received data, and retain the user data whose data header is the second virtual data header;

S32:对该用户数据的数据体进行解密;S32: Decrypt the data body of the user data;

S33:根据第二虚拟数据头生成第三虚拟数据头;S33: Generate a third virtual data header according to the second virtual data header;

S34:将第三虚拟数据头添加到第一映射关系表和第一数据接收白名单中;S34: Add the third virtual data header to the first mapping relationship table and the first data receiving whitelist;

S35:在第一数据接收白名单中删除第二虚拟数据头。S35: Delete the second virtual data header from the first data receiving whitelist.

当第一客户端首次与第二客户端通信后,马上发送下一条信息给第二客户端时,执行以下步骤:When the first client communicates with the second client for the first time and immediately sends the next message to the second client, the following steps are performed:

S41:以第二虚拟数据头为数据头以第一客户端用户输入信息为数据体生成用户数据;S41: Generate user data with the second virtual data header as the data header and the user input information of the first client as the data body;

S42:对该用户数据的数据体进行加密得到加密后的用户数据并发送S42: Encrypt the data body of the user data to obtain the encrypted user data and send it

S43:根据第二虚拟数据头生成第三虚拟数据头;S43: Generate a third virtual data header according to the second virtual data header;

S44:将第三虚拟数据头添加到第一映射关系表和第一数据接收白名单中;S44: Add the third virtual data header to the first mapping relationship table and the first data receiving whitelist;

S45:在第一数据接收白名单中删除第二虚拟数据头。S45: Delete the second virtual data header from the first data receiving whitelist.

即在第一客户端与第二客户端通信过程中,每一次用户数据通讯都采用不同的数据头。例如,在首次通信后,第一客户端连续发送了5条信息个第二客户端,这5条信息的数据头依次即为数据头a、数据头b、数据头c、数据头d、数据头e,数据头b是在数据头a的基础上按照预设的规则生成,数据头c是在数据头b的基础上按照预设的规则生成,依次类推。同时第二客户端在接收到信息后,也根据该条信息的数据头生成下一个数据头以便接收第一客户端的下一条信息或是发送信息给第一客户端,同理,当第一客户端接收或发送一条信息后,都会根据这条信息的数据头生成一个新的数据头,以便再次发送信息或接收信息,即第一客户端和第二客户端中的任意一个客户端接收到信息后,第一数据接收白名单和第二数据接收白名单相同,第一映射关系表和第二映射关系表相同。That is, during the communication process between the first client and the second client, different data headers are used for each user data communication. For example, after the first communication, the first client continuously sends 5 messages to the second client. The data headers of these 5 messages are data header a, data header b, data header c, data header d, data header The header e and the data header b are generated on the basis of the data header a according to preset rules, the data header c is generated on the basis of the data header b according to the preset rules, and so on. At the same time, after receiving the information, the second client also generates the next data header according to the data header of the information in order to receive the next information from the first client or send the information to the first client. Similarly, when the first client After the client receives or sends a message, it will generate a new data header according to the data header of the message, so as to send or receive the message again, that is, either the first client or the second client receives the message. After that, the first data receiving whitelist and the second data receiving whitelist are the same, and the first mapping relationship table and the second mapping relationship table are the same.

本文中所描述的具体实施例仅仅是对本发明精神作举例说明。本发明所属技术领域的技术人员可以对所描述的具体实施例做各种各样的修改或补充或采用类似的方式替代,但并不会偏离本发明的精神或者超越所附权利要求书所定义的范围。The specific embodiments described herein are merely illustrative of the spirit of the invention. Those skilled in the art to which the present invention pertains can make various modifications or additions to the described specific embodiments or substitute in similar manners, but will not deviate from the spirit of the present invention or go beyond the definitions of the appended claims range.

Claims (6)

1.一种客户端加密通信方法,用于第一客户端与第二客户端之间相互通信,其特征是:包括第一客户端首次信息发送加密方法、第二客户端首次信息接收解密方法、第二客户端信息回复加密方法和第一客户端首次信息接收解密方法,所述第一客户端首次信息发送加密方法包括以下步骤:1. A client-side encrypted communication method, used for mutual communication between the first client and the second client, is characterized in that: comprising the first client's first information sending encryption method, the second client's first information receiving decryption method , the second client information reply encryption method and the first client first information reception decryption method, the first client first information transmission encryption method comprises the following steps: S01:生成第一虚拟数据头;S01: generate a first virtual data header; S02:以原始数据头为数据头,以第一虚拟数据头为数据体生成第一用户数据;S02: generating the first user data with the original data header as the data header and the first virtual data header as the data body; S03:根据第一虚拟数据头生成第二虚拟数据头,将第二虚拟数据头加入第一数据接收白名单;S03: Generate a second virtual data header according to the first virtual data header, and add the second virtual data header to the first data receiving whitelist; S04:建立原始数据头与第一虚拟数据头和第二虚拟数据头的第一映射关系表并存储;S04: establish and store a first mapping relationship table between the original data header and the first virtual data header and the second virtual data header; S05:对第一用户数据的数据头和数据体进行加密,生成第一密文;S05: Encrypt the data header and data body of the first user data to generate a first ciphertext; S06:采用UDP协议发送第一密文;S06: Send the first ciphertext by using the UDP protocol; S07:以第一虚拟数据头为数据头,以用户数据输入的数据为数据体生成第二用户数据;S07: use the first virtual data header as the data header, and use the data input from the user data as the data body to generate the second user data; S08:对第二用户数据的数据体进行加密得到第三用户数据并发送;S08: Encrypt the data body of the second user data to obtain the third user data and send; 所述第二客户端首次信息接收解密方法包括以下步骤:The method for decrypting the first information received by the second client includes the following steps: S11:对接收到的数据进行筛选,保留数据头和数据体均为密文的第一类型用户数据;S11: Screen the received data, and retain the first type of user data whose data header and data body are both ciphertext; S12:对第一类型用户数据进行解密,获取原始数据头和第一虚拟数据头;S12: Decrypt the first type of user data to obtain the original data header and the first virtual data header; S13:建立原始数据头与第一虚拟数据头的第二映射关系表并存储;S13: establish and store a second mapping relationship table between the original data header and the first virtual data header; S14:将第一虚拟数据头加入到第二数据接收白名单,等待接收数据头为第一虚拟数据头的用户数据;S14: adding the first virtual data header to the second data receiving whitelist, and waiting to receive user data whose data header is the first virtual data header; S15:接收到数据头为第一虚拟数据头的用户数据后,对该用户数据的数据体进行解密;S15: after receiving the user data whose data header is the first virtual data header, decrypt the data body of the user data; S16:根据步骤S15中用户数据的数据头生成第二虚拟数据头并将第二虚拟数据头添加到第二映射关系表中;S16: generate a second virtual data header according to the data header of the user data in step S15 and add the second virtual data header to the second mapping relationship table; S17:将第二虚拟数据头加入到第二数据接收白名单中。S17: Add the second virtual data header to the second data receiving white list. 2.根据权利要求1所述的一种客户端加密通信方法,其特征是:所述第二客户端信息回复加密方法包括以下步骤:2. A client-side encrypted communication method according to claim 1, wherein: the second client-side information reply encryption method comprises the following steps: S21:以第二虚拟数据头为数据头,以第二客户端用户输入信息为数据体生成第四用户数据;S21: Use the second virtual data header as the data header, and use the second client user input information as the data body to generate fourth user data; S22:对第四用户数据的数据体进行加密得到第五用户数据并发送S22: Encrypt the data body of the fourth user data to obtain the fifth user data and send it S23:根据第二虚拟数据头生成第三虚拟数据头;S23: Generate a third virtual data header according to the second virtual data header; S24:将第三虚拟数据头添加到第二映射关系表和第二数据接收白名单中;S24: Add the third virtual data header to the second mapping relationship table and the second data receiving whitelist; S25:在第二数据接收白名单中删除第二虚拟数据头。S25: Delete the second dummy data header from the second data receiving whitelist. 3.根据权利要求2所述的一种客户端加密通信方法,其特征是:所述第一客户端首次信息接收解密方法,包括以下步骤:3. A kind of client encrypted communication method according to claim 2, is characterized in that: described first client first information reception decryption method, comprises the following steps: S31:对接收到的数据进行筛选,保留数据头为第二虚拟数据头的用户数据;S31: Screen the received data, and retain the user data whose data header is the second virtual data header; S32:对该用户数据的数据体进行解密;S32: Decrypt the data body of the user data; S33:根据第二虚拟数据头生成第三虚拟数据头;S33: Generate a third virtual data header according to the second virtual data header; S34:将第三虚拟数据头添加到第一映射关系表和第一数据接收白名单中;S34: Add the third virtual data header to the first mapping relationship table and the first data receiving whitelist; S35:在第一数据接收白名单中删除第二虚拟数据头。S35: Delete the second virtual data header from the first data receiving whitelist. 4.根据权利要求1或2或3所述的一种客户端加密通信方法,其特征是:所述虚拟数据头包括版本号、数据长度和数据类型,所述数据长度为与该虚拟数据头组成用户数据的数据体的长度,所述版本号和数据类型根据按照预设规则进行变化。4. A client encrypted communication method according to claim 1, 2 or 3, wherein the virtual data header includes a version number, a data length and a data type, and the data length is the same as the virtual data header. The length of the data body constituting the user data, the version number and the data type are changed according to preset rules. 5.根据权利要求1所述的一种客户端加密通信方法,其特征是:在第一客户端与第二客户端通信过程中,每一次用户数据通讯都采用不同的数据头。5 . The client-side encrypted communication method according to claim 1 , wherein in the communication process between the first client and the second client, different data headers are used for each user data communication. 6 . 6.根据权利要求3所述的一种客户端加密通信方法,其特征是:所述第一客户端和第二客户端中的一个客户端接收到信息后,第一数据接收白名单和第二数据接收白名单相同,第一映射关系表和第二映射关系表相同。6. A client-side encrypted communication method according to claim 3, wherein after one of the first client and the second client receives the information, the first data receiving whitelist and the first data The second data receiving white list is the same, and the first mapping relationship table and the second mapping relationship table are the same.
CN202010743932.0A 2020-07-29 2020-07-29 Client encryption communication method Active CN112073370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010743932.0A CN112073370B (en) 2020-07-29 2020-07-29 Client encryption communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010743932.0A CN112073370B (en) 2020-07-29 2020-07-29 Client encryption communication method

Publications (2)

Publication Number Publication Date
CN112073370A CN112073370A (en) 2020-12-11
CN112073370B true CN112073370B (en) 2022-08-09

Family

ID=73657623

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010743932.0A Active CN112073370B (en) 2020-07-29 2020-07-29 Client encryption communication method

Country Status (1)

Country Link
CN (1) CN112073370B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4912075B2 (en) * 2006-08-11 2012-04-04 パナソニック株式会社 Decoding device
CN106936763A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 Data encryption and the method and apparatus of decryption
CN108712236B (en) * 2018-07-06 2023-08-22 北京比特大陆科技有限公司 Information processing method and device and electronic equipment
CN109379380A (en) * 2018-12-06 2019-02-22 联想图像(天津)科技有限公司 Data transmission method, data receiver method and remote printing system, mobile terminal
CN110995639A (en) * 2019-08-30 2020-04-10 深圳精匠云创科技有限公司 Data transmission method

Also Published As

Publication number Publication date
CN112073370A (en) 2020-12-11

Similar Documents

Publication Publication Date Title
US7016499B2 (en) Secure ephemeral decryptability
US7424615B1 (en) Mutually authenticated secure key exchange (MASKE)
US8543808B2 (en) Trusted intermediary for network data processing
US20150244520A1 (en) One-time-pad data encryption with media server
US20030026426A1 (en) Wireless bridge for roaming in network environment
US20150229621A1 (en) One-time-pad data encryption in communication channels
CN101626294A (en) Certifying method based on identity, method, equipment and system for secure communication
SE539602C2 (en) Generating a symmetric encryption key
Schwittmann et al. SoNet--Privacy and replication in federated online social networks
US20160359822A1 (en) Sovereign share encryption protocol
Aggarwal et al. Security aspect in instant mobile messaging applications
CN102088352A (en) Data encryption transmission method and system for message-oriented middleware
Job et al. A modified secure version of the Telegram protocol (MTProto)
CN116800499A (en) Encrypted data transmission methods and devices, equipment and storage media
CN114172694A (en) Email encryption and decryption method, system and storage medium
CN115150076B (en) An encryption system and method based on quantum random numbers
Chen et al. Tackling data mining risks: A tripartite covert channel merging blockchain and ipfs
CN110690967A (en) Instant communication key establishment method independent of server security
CN110401531A (en) A Cooperative Signature and Decryption System Based on SM9 Algorithm
CN108206738A (en) A kind of quantum key output method and system
US6975729B1 (en) Method and apparatus for facilitating use of a pre-shared secret key with identity hiding
Sagheer et al. Sms security for smartphone
JPH0969831A (en) Cryptographic communication system
CN112073370B (en) Client encryption communication method
CN112073369B (en) A method of encrypted communication based on application layer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant