[go: up one dir, main page]

CN108809936B - A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system - Google Patents

A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system Download PDF

Info

Publication number
CN108809936B
CN108809936B CN201810359179.8A CN201810359179A CN108809936B CN 108809936 B CN108809936 B CN 108809936B CN 201810359179 A CN201810359179 A CN 201810359179A CN 108809936 B CN108809936 B CN 108809936B
Authority
CN
China
Prior art keywords
aes
key
data
identifier
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810359179.8A
Other languages
Chinese (zh)
Other versions
CN108809936A (en
Inventor
周晓天
蒲承祖
袁东风
王茹意
林成浴
张海霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Naval Aeronautical University
Original Assignee
Shandong University
Naval Aeronautical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University, Naval Aeronautical University filed Critical Shandong University
Priority to CN201810359179.8A priority Critical patent/CN108809936B/en
Publication of CN108809936A publication Critical patent/CN108809936A/en
Application granted granted Critical
Publication of CN108809936B publication Critical patent/CN108809936B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

本发明涉及一种基于混合加密算法的智能移动终端身份验证方法及其实现系统,本发明通过基于RSA+AES+时间戳的混合加密方法对数据信息进行加密传输,可以用于多种客户端的身份验证和信息传输。客户端与服务器端之间的发送及返回数据流均为密文传输且很难被暴力破解,每次传输能做到一次一密无密钥丢失风险,从而降低了用户数据信息在传输过程中被窃取的风险,提高了身份认证系统的安全性和可靠性。

Figure 201810359179

The invention relates to an intelligent mobile terminal identity verification method based on a mixed encryption algorithm and an implementation system thereof. The invention encrypts and transmits data information through a mixed encryption method based on RSA+AES+time stamp, and can be used for identity verification of various clients. and information transmission. The sending and returning data streams between the client and the server are all ciphertext transmissions and are difficult to be brute force cracked. Each transmission can achieve a one-time encryption without the risk of key loss, thus reducing the transmission process of user data information. The risk of being stolen improves the security and reliability of the identity authentication system.

Figure 201810359179

Description

一种基于混合加密算法的智能移动终端身份验证方法及其实 现系统An intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation current system

技术领域technical field

本发明涉及一种基于混合加密算法的智能移动终端身份验证方法及其实现系统,属于智能终端信息安全技术领域。The invention relates to an intelligent mobile terminal identity verification method based on a mixed encryption algorithm and an implementation system thereof, belonging to the technical field of intelligent terminal information security.

背景技术Background technique

随着移动智能终端的快速发展,越来越多的用户将私密数据信息存储在网络应用上。用户隐私数据被盗将会对用户带来并造成巨大的风险和损失。在信息安全问题层出不穷的今天,无论是个人用户还是公司机构都对信息安全及隐私保护给予了前所未有的重视。传统的数据信息安全方案面临着诸多问题与挑战。With the rapid development of mobile smart terminals, more and more users store private data information on network applications. The theft of user privacy data will bring and cause huge risks and losses to users. With information security problems emerging one after another, both individual users and companies have paid unprecedented attention to information security and privacy protection. Traditional data and information security solutions face many problems and challenges.

用户个人数据的访问离不开对用户身份的验证,对用户访问身份合法性验证是守护用户信息安全的第一道大门。目前大多数移动应用用户身份验证主要依赖于三种方案:对用户信息进行MD5加密(Message Digest Algorithm MD5)、使用DES及AES加密算法加密或者使用RSA加密算法。但对于这几种方案而言,MD5算法存在被暴力破解的风险,不适合安全性要求高的领域。DES/AES作为对称加密算法密钥完全依赖于信道传递,密钥一旦在传输中被截获暴露,整个身份验证系统的安全性将无从保证。而非对称加密算法RSA虽然密钥传输与保存方便,但是加密过程复杂,不适合对较大的数据量进行加密。由此可见,上述几种传统方案在移动智能时代的终端用户身份验证中面临着巨大风险和挑战。Access to user personal data is inseparable from the verification of user identity, and verification of the legitimacy of user access identity is the first gate to safeguard user information security. At present, most mobile application user authentication mainly relies on three schemes: MD5 encryption of user information (Message Digest Algorithm MD5), encryption using DES and AES encryption algorithm, or using RSA encryption algorithm. However, for these schemes, the MD5 algorithm has the risk of being brute-forced and is not suitable for fields with high security requirements. As a symmetric encryption algorithm key, DES/AES relies entirely on channel transmission. Once the key is intercepted and exposed during transmission, the security of the entire authentication system will not be guaranteed. Although the asymmetric encryption algorithm RSA is convenient for key transmission and storage, the encryption process is complicated, and it is not suitable for encrypting a large amount of data. It can be seen that the above-mentioned traditional solutions face huge risks and challenges in the authentication of end users in the era of mobile intelligence.

发明内容SUMMARY OF THE INVENTION

针对现有技术的不足,本发明提供了一种基于混合加密算法的智能移动终端身份验证方法;Aiming at the deficiencies of the prior art, the present invention provides an intelligent mobile terminal identity verification method based on a hybrid encryption algorithm;

本发明还提供了一种基于混合加密算法的智能移动终端身份验证系统。The invention also provides an intelligent mobile terminal identity verification system based on a mixed encryption algorithm.

本发明的技术方案为:The technical scheme of the present invention is:

一种基于混合加密算法的智能移动终端身份验证方法,应用于客户端与服务器端,所述客户端为PC端或移动客户端,包括对PC端进行身份验证、对移动客户端进行身份认证:An intelligent mobile terminal identity verification method based on a hybrid encryption algorithm is applied to a client and a server, wherein the client is a PC or a mobile client, including performing identity verification on the PC and performing identity authentication on the mobile client:

对PC端进行身份验证,包括:Authenticate the PC side, including:

(1)计算出一个RSA公钥,在工程开发中RSA密钥对(包括加密用的公钥与解密用的私钥)的获取均可通过java编程创建KeyPairGenerator对象获得,RSA公钥用于数据加密并保存在PC端,计算该RSA公钥对应的私钥,私钥用于数据解密并保存在服务器端;(1) Calculate an RSA public key. In engineering development, the RSA key pair (including the public key for encryption and the private key for decryption) can be obtained by creating a KeyPairGenerator object through java programming, and the RSA public key is used for data Encrypt and save on the PC side, calculate the private key corresponding to the RSA public key, and the private key is used for data decryption and saved on the server side;

(2)由PC端生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供PC端获取;进入步骤(3);(2) A fixed terminal identifier pc_identifier and a random AES key aes_pc_key are generated by the PC; the terminal identifier pc_identifier and random AES key aes_pc_key are encrypted by the RSA public key saved in step (1), and the encrypted ciphertext is: RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the PC to obtain; enter step (3);

(3)PC端扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc_key>;(3) The PC side scans the QR code generated in step (2) to obtain the ciphertext RSA<pc_identifier, aes_pc_key>;

(4)PC端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个PC端AES密钥aes_mp_key;(4) The PC side generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a PC side AES key aes_mp_key;

使用步骤(1)中保存在PC端的RSA公钥加密用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>以及AES密钥aes_mp_key;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;Encrypt user identity data data, current timestamp information parameter time_stamp, PC-side ciphertext information RSA<pc_identifier, aes_pc_key> and AES key aes_mp_key obtained in step (3) using the RSA public key stored on the PC side in step (1); encrypt The following ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>;

(5)服务器端接收到步骤(4)传来的加密后的密文,通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;(5) The server receives the encrypted ciphertext from step (4), decrypts the encrypted ciphertext from step (4) through the private key stored in step (1), and obtains plaintext data: data, time_stamp, pc_identifier, aes_pc_key;

(6)服务器端验证data和time_stamp的合法性与有效性,验证参数pc_identifier是否为空,,data和time_stamp的合法性与有效性验证通过,并且参数pc_identifier不为空,则通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;(6) The server verifies the legitimacy and validity of data and time_stamp, verifies whether the parameter pc_identifier is empty, the validity and validity of data and time_stamp are verified, and the parameter pc_identifier is not empty, then obtain through step (5) The aes_pc_key encrypts the data re_data that needs to be returned to the PC, and the ciphertext is expressed as AES<re_data>, which is returned to the PC;

根据本发明优选的,所述步骤(6),服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别PC端类型,包括:Preferably according to the present invention, in the step (6), the server verifies the legitimacy and validity of data and time_stamp, and identifies the type of PC according to the parameter pc_identifier, including:

a、服务器端查询用户保存在数据库中的身份信息,验证手机端请求信息data是否合法;a. The server side queries the user's identity information stored in the database, and verifies whether the data requested by the mobile phone side is legal;

b、通过参数time_stamp对比当前时间验证请求是否过期;b. Verify whether the request has expired by comparing the current time with the parameter time_stamp;

c、服务器端验证参数pc_identifier是否为空,pc_identifier不为空,即表示请求来源于PC端,否则,即表示请求不来源于PC端。c. The server verifies whether the parameter pc_identifier is empty. If pc_identifier is not empty, it means that the request originates from the PC side. Otherwise, it means that the request does not originate from the PC side.

(7)PC端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;(7) PC end receives the ciphertext AES<re_data> returned by step (6), and decrypts AES<re_data> using the AES key aes_pc_key generated in step (2) to obtain the plaintext data re_data returned from the server segment;

对移动客户端进行身份认证,包括:Authenticate mobile clients, including:

A、开发中通过java编程创建KeyPairGenerator对象计算出一个RSA公钥,该RSA公钥用于数据加密并保存在移动客户端,计算该RSA公钥对应的私钥,该私钥用于数据解密并保存在服务器端;A. In development, create a KeyPairGenerator object through java programming to calculate an RSA public key, the RSA public key is used for data encryption and stored in the mobile client, calculate the private key corresponding to the RSA public key, the private key is used for data decryption and Save on the server side;

B、移动客户端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;B. The mobile client generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a mobile client AES key aes_mp_key;

使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp that need to be encrypted and sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>;

C、服务器端接收到步骤B传来的加密后的密文,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到解明文数据:aes_mp_key;C. The server receives the encrypted ciphertext from step B, decrypts the encrypted ciphertext from step B through the private key stored in step A, and obtains decrypted plaintext data: aes_mp_key;

D、通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;D. The aes_mp_key obtained by step C encrypts the data re_data that needs to be returned to the mobile client, and the ciphertext is represented as AES<re_data>, which is returned to the mobile client;

E、移动客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。E. The mobile client receives the ciphertext AES<re_data> returned in step D, decrypts the AES<re_data> using the AES key aes_mp_key generated in step B, and obtains the plaintext data re_data returned from the server segment.

上述智能移动终端身份验证方法的实现系统,包括PC端处理模块,移动终端处理模块,服务器处理模块;The implementation system of the above-mentioned intelligent mobile terminal identity verification method includes a PC terminal processing module, a mobile terminal processing module, and a server processing module;

所述PC端处理模块用于:生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供移动客户端获取;即上述步骤(2);The PC-side processing module is used to: generate a fixed terminal identifier pc_identifier and a random AES key aes_pc_key; encrypt the terminal identifier pc_identifier and the random AES key aes_pc_key by the RSA public key saved in step (1), and the encrypted key is encrypted. The text is: RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the mobile client to obtain; that is, the above step (2);

或者,生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;Or, generate a current timestamp information parameter time_stamp for validity verification, and randomly generate a mobile client AES key aes_mp_key;

使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;即上述步骤B;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp to be sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>; that is, the above step B;

所述移动终端处理模块用于:扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc_key>;The mobile terminal processing module is used for: scanning the QR code generated in step (2) to obtain ciphertext RSA<pc_identifier, aes_pc_key>;

使用步骤(1)中保存在PC端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>、AES密钥aes_mp_key加密;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;并发送至服务器端;即上述步骤(3)、步骤(4)。Use the RSA public key saved on the PC side in step (1) to encrypt the user identity data data sent, the current timestamp information parameter time_stamp, the PC-side ciphertext information RSA<pc_identifier, aes_pc_key>, AES encryption information obtained in step (3) The key aes_mp_key is encrypted; the encrypted ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>; and sent to the server; that is, the above steps (3) and (4).

所述服务器处理模块用于:The server processing module is used for:

通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;Decrypt the encrypted ciphertext from step (4) by decrypting the private key saved in step (1), and obtain plaintext data: data, time_stamp, pc_identifier, aes_pc_key;

服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别客户端类型,通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;The server verifies the legitimacy and validity of data and time_stamp, and identifies the client type according to the parameter pc_identifier. The aes_pc_key obtained in step (5) encrypts the data re_data that needs to be returned to the pc, and the ciphertext is represented as AES<re_data>, Return to PC;

不同类型客户端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;即上述步骤(5)、步骤(6)、步骤(7)。Different types of clients receive the ciphertext AES<re_data> returned in step (6), decrypt AES<re_data> using the AES key aes_pc_key generated in step (2), and obtain the plaintext data re_data returned from the server segment; that is, the above steps ( 5), step (6), step (7).

或者,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到解明文数据:aes_mp_key;Or, decrypt the encrypted ciphertext from step B by decrypting the private key saved in step A, and obtain the decrypted plaintext data: aes_mp_key;

通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;The aes_mp_key obtained in step C encrypts the data re_data that needs to be returned to the mobile client, and the ciphertext is represented as AES<re_data>, which is returned to the mobile client;

不同类型客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。即上述步骤C、步骤D、步骤E。Clients of different types receive the ciphertext AES<re_data> returned in step D, use the AES key aes_mp_key generated in step B to decrypt AES<re_data>, and obtain the plaintext data re_data returned from the server segment. That is, the above steps C, D, and E.

根据本发明优选的,所述PC端处理模块计算机;所述移动端处理模块为手机。According to a preferred embodiment of the present invention, the PC-side processing module is a computer; and the mobile-side processing module is a mobile phone.

PC端处理模块包括为带有计算与存储功能的个人计算机及对应的PC端软件;移动端处理模块为移动智能终端包括搭载Android或IOS系统的手机及对应的移动客户端软件,服务器处理模块包括服务器处理程序与数据库。The PC-side processing module includes a personal computer with computing and storage functions and the corresponding PC-side software; the mobile-side processing module is a mobile intelligent terminal including a mobile phone equipped with Android or IOS system and the corresponding mobile client software, and the server processing module includes Server handler and database.

本发明的有益效果为:The beneficial effects of the present invention are:

本发明针对现有的移动网络客户端身份信息数据验证方法进行了改进及优化。通过基于RAS+AES+时间戳的混合加密方法对数据信息进行加密传输,可以用于多种客户端的身份验证和信息传输。客户端与服务器端之间的发送及返回数据流均为密文传输且很难被暴力破解,每次传输能做到一次一密无密钥丢失风险,从而降低了用户数据信息在传输过程中被窃取的风险,提高了身份认证系统的安全性和可靠性。The invention improves and optimizes the existing mobile network client identity information data verification method. The data information is encrypted and transmitted through the hybrid encryption method based on RAS+AES+timestamp, which can be used for authentication and information transmission of various clients. The sending and returning data streams between the client and the server are all ciphertext transmission and are difficult to be brute force cracked. Each transmission can achieve one-time encryption without the risk of key loss, thus reducing the transmission process of user data information. The risk of being stolen improves the security and reliability of the identity authentication system.

附图说明Description of drawings

图1为本发明中对PC端进行身份验证的流程示意图;Fig. 1 is the schematic flow chart of carrying out identity verification to PC terminal in the present invention;

图2为本发明中对移动客户端进行身份认证的流程示意图;Fig. 2 is the flow chart of carrying out identity authentication to the mobile client in the present invention;

图3为本发明智能移动终端身份验证方法的实现系统的结构图。FIG. 3 is a structural diagram of a system for implementing an identity verification method for an intelligent mobile terminal according to the present invention.

具体实施方式Detailed ways

下面结合说明书附图和实施例对本发明进一步限定,但不限于此。The present invention is further defined below with reference to the accompanying drawings and embodiments of the description, but is not limited thereto.

实施例1Example 1

一种基于混合加密算法的智能移动终端身份验证方法,应用于客户端与服务器端,客户端为PC端或移动客户端,包括对PC端进行身份验证、对移动客户端进行身份认证:An intelligent mobile terminal authentication method based on a hybrid encryption algorithm is applied to a client and a server, and the client is a PC or a mobile client, including performing identity authentication on the PC and performing identity authentication on the mobile client:

对PC端进行身份验证,如图1所示,包括:Authenticate the PC side, as shown in Figure 1, including:

(1)计算出一个RSA公钥,在工程开发中RSA密钥对(包括加密用的公钥与解密用的私钥)的获取均可通过java编程创建KeyPairGenerator对象获得,RSA公钥用于数据加密并保存在PC端,计算该RSA公钥对应的私钥,私钥用于数据解密并保存在服务器端;(1) Calculate an RSA public key. In engineering development, the RSA key pair (including the public key for encryption and the private key for decryption) can be obtained by creating a KeyPairGenerator object through java programming, and the RSA public key is used for data Encrypt and save on the PC side, calculate the private key corresponding to the RSA public key, and the private key is used for data decryption and saved on the server side;

(2)由PC端生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供PC端获取;进入步骤(3);(2) A fixed terminal identifier pc_identifier and a random AES key aes_pc_key are generated by the PC; the terminal identifier pc_identifier and random AES key aes_pc_key are encrypted by the RSA public key saved in step (1), and the encrypted ciphertext is: RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the PC to obtain; enter step (3);

(3)PC端扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc_key>;(3) The PC side scans the QR code generated in step (2) to obtain the ciphertext RSA<pc_identifier, aes_pc_key>;

(4)PC端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个PC端AES密钥aes_mp_key;(4) The PC side generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a PC side AES key aes_mp_key;

使用步骤(1)中保存在PC端的RSA公钥加密用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>以及AES密钥aes_mp_key;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;Encrypt user identity data data, current timestamp information parameter time_stamp, PC-side ciphertext information RSA<pc_identifier, aes_pc_key> and AES key aes_mp_key obtained in step (3) using the RSA public key stored on the PC side in step (1); encrypt The following ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>;

(5)服务器端接收到步骤(4)传来的加密后的密文,通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;(5) The server receives the encrypted ciphertext from step (4), decrypts the encrypted ciphertext from step (4) through the private key stored in step (1), and obtains plaintext data: data, time_stamp, pc_identifier, aes_pc_key;

(6)服务器端验证data和time_stamp的合法性与有效性,验证参数pc_identifier是否为空,,data和time_stamp的合法性与有效性验证通过,并且参数pc_identifier不为空,则通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;(6) The server verifies the legitimacy and validity of data and time_stamp, verifies whether the parameter pc_identifier is empty, the validity and validity of data and time_stamp are verified, and the parameter pc_identifier is not empty, then obtain through step (5) The aes_pc_key encrypts the data re_data that needs to be returned to the PC, and the ciphertext is expressed as AES<re_data>, which is returned to the PC;

步骤(6)中,服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别PC端类型,包括:In step (6), the server side verifies the legitimacy and validity of data and time_stamp, and identifies the type of PC side according to the parameter pc_identifier identifier, including:

a、服务器端查询用户保存在数据库中的身份信息,验证手机端请求信息data是否合法;a. The server side queries the user's identity information stored in the database, and verifies whether the data requested by the mobile phone side is legal;

b、通过参数time_stamp对比当前时间验证请求是否过期;b. Verify whether the request has expired by comparing the current time with the parameter time_stamp;

c、服务器端验证参数pc_identifier是否为空,pc_identifier不为空,即表示请求来源于PC端,否则,即表示请求不来源于PC端。c. The server verifies whether the parameter pc_identifier is empty. If pc_identifier is not empty, it means that the request originates from the PC side. Otherwise, it means that the request does not originate from the PC side.

(7)PC端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;(7) PC end receives the ciphertext AES<re_data> returned by step (6), and decrypts AES<re_data> using the AES key aes_pc_key generated in step (2) to obtain the plaintext data re_data returned from the server segment;

对移动客户端进行身份认证,如图2所示,包括:Authenticate the mobile client, as shown in Figure 2, including:

A、开发中通过java编程创建KeyPairGenerator对象计算出一个RSA公钥,该RSA公钥用于数据加密并保存在移动客户端,计算该RSA公钥对应的私钥,该私钥用于数据解密并保存在服务器端;A. In development, create a KeyPairGenerator object through java programming to calculate an RSA public key, the RSA public key is used for data encryption and stored in the mobile client, calculate the private key corresponding to the RSA public key, the private key is used for data decryption and Save on the server side;

B、移动客户端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;B. The mobile client generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a mobile client AES key aes_mp_key;

使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp that need to be encrypted and sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>;

C、服务器端接收到步骤B传来的加密后的密文,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到解明文数据:aes_mp_key;C. The server receives the encrypted ciphertext from step B, decrypts the encrypted ciphertext from step B through the private key stored in step A, and obtains decrypted plaintext data: aes_mp_key;

D、通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;D. The aes_mp_key obtained by step C encrypts the data re_data that needs to be returned to the mobile client, and the ciphertext is represented as AES<re_data>, which is returned to the mobile client;

E、移动客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。E. The mobile client receives the ciphertext AES<re_data> returned in step D, decrypts the AES<re_data> using the AES key aes_mp_key generated in step B, and obtains the plaintext data re_data returned from the server segment.

实施例2Example 2

实施例1所述的智能移动终端身份验证方法的实现系统,如图3所示,包括PC端处理模块,移动终端处理模块,服务器处理模块;The implementation system of the intelligent mobile terminal identity verification method described in Embodiment 1, as shown in FIG. 3 , includes a PC terminal processing module, a mobile terminal processing module, and a server processing module;

PC端处理模块用于:生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供移动客户端获取;即上述步骤(2);The PC-side processing module is used to: generate a fixed terminal identifier pc_identifier and a random AES key aes_pc_key; encrypt the terminal identifier pc_identifier and random AES key aes_pc_key with the RSA public key saved in step (1), and the encrypted ciphertext is : RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the mobile client to obtain; that is, the above step (2);

或者,生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;Or, generate a current timestamp information parameter time_stamp for validity verification, and randomly generate a mobile client AES key aes_mp_key;

使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;即上述步骤B;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp to be sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>; that is, the above step B;

移动终端处理模块用于:扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc-_key>;The mobile terminal processing module is used for: scanning the QR code generated in step (2) to obtain the ciphertext RSA<pc_identifier, aes_pc-_key>;

使用步骤(1)中保存在PC端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>、AES密钥aes_mp_key加密;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;并发送至服务器端;即上述步骤(3)、步骤(4)。Use the RSA public key saved on the PC side in step (1) to encrypt the user identity data data sent, the current timestamp information parameter time_stamp, the PC-side ciphertext information RSA<pc_identifier, aes_pc_key>, AES encryption information obtained in step (3) The key aes_mp_key is encrypted; the encrypted ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>; and sent to the server; that is, the above steps (3) and (4).

服务器处理模块用于:Server processing modules are used to:

通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;Decrypt the encrypted ciphertext from step (4) by decrypting the private key saved in step (1), and obtain plaintext data: data, time_stamp, pc_identifier, aes_pc_key;

服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别客户端类型,通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;The server verifies the legitimacy and validity of data and time_stamp, and identifies the client type according to the parameter pc_identifier. The aes_pc_key obtained in step (5) encrypts the data re_data that needs to be returned to the pc, and the ciphertext is represented as AES<re_data>, Return to PC;

不同类型客户端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;即上述步骤(5)、步骤(6)、步骤(7)。Different types of clients receive the ciphertext AES<re_data> returned in step (6), decrypt AES<re_data> using the AES key aes_pc_key generated in step (2), and obtain the plaintext data re_data returned from the server segment; that is, the above steps ( 5), step (6), step (7).

或者,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到解明文数据:aes_mp_key;Or, decrypt the encrypted ciphertext from step B by decrypting the private key saved in step A, and obtain the decrypted plaintext data: aes_mp_key;

通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;The aes_mp_key obtained in step C encrypts the data re_data that needs to be returned to the mobile client, and the ciphertext is represented as AES<re_data>, which is returned to the mobile client;

不同类型客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。即上述步骤C、步骤D、步骤E。Clients of different types receive the ciphertext AES<re_data> returned in step D, use the AES key aes_mp_key generated in step B to decrypt AES<re_data>, and obtain the plaintext data re_data returned from the server segment. That is, the above steps C, D, and E.

PC端处理模块计算机;移动端处理模块为手机。The PC-side processing module is a computer; the mobile-side processing module is a mobile phone.

PC端处理模块包括为带有计算与存储功能的个人计算机及对应的PC端软件;移动端处理模块为移动智能终端包括搭载Android或IOS系统的手机及对应的移动客户端软件,服务器处理模块包括服务器处理程序与数据库。The PC-side processing module includes a personal computer with computing and storage functions and the corresponding PC-side software; the mobile-side processing module is a mobile intelligent terminal including a mobile phone equipped with Android or IOS system and the corresponding mobile client software, and the server processing module includes Server handler and database.

Claims (4)

1.一种基于混合加密算法的智能移动终端身份验证方法,其特征在于,应用于客户端与服务器端,所述客户端为PC端或移动客户端,包括对PC端进行身份验证、对移动客户端进行身份认证:1. an intelligent mobile terminal identity verification method based on hybrid encryption algorithm, is characterized in that, is applied to client and server side, and described client is PC end or mobile client, comprises that PC end is carried out identity verification, to mobile The client authenticates: 对PC端进行身份验证,包括:Authenticate the PC side, including: (1)计算出一个RSA公钥,RSA公钥用于数据加密并保存在PC端,计算该RSA公钥对应的私钥,私钥用于数据解密并保存在服务器端;(1) Calculate an RSA public key, the RSA public key is used for data encryption and stored on the PC side, the private key corresponding to the RSA public key is calculated, and the private key is used for data decryption and stored on the server side; (2)由PC端生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供PC端获取;进入步骤(3);(2) A fixed terminal identifier pc_identifier and a random AES key aes_pc_key are generated by the PC; the terminal identifier pc_identifier and random AES key aes_pc_key are encrypted by the RSA public key saved in step (1), and the encrypted ciphertext is: RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the PC to obtain; enter step (3); (3)PC端扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc_key>;(3) The PC side scans the QR code generated in step (2) to obtain the ciphertext RSA<pc_identifier, aes_pc_key>; (4)PC端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个PC端AES密钥aes_mp_key;(4) The PC side generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a PC side AES key aes_mp_key; 使用步骤(1)中保存在PC端的RSA公钥加密用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>以及AES密钥aes_mp_key;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;Encrypt user identity data data, current timestamp information parameter time_stamp, PC-side ciphertext information RSA<pc_identifier, aes_pc_key> and AES key aes_mp_key obtained in step (3) using the RSA public key stored on the PC side in step (1); encrypt The following ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>; (5)服务器端接收到步骤(4)传来的加密后的密文,通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;(5) The server receives the encrypted ciphertext from step (4), decrypts the encrypted ciphertext from step (4) through the private key stored in step (1), and obtains plaintext data: data, time_stamp, pc_identifier, aes_pc_key; (6)服务器端验证data和time_stamp的合法性与有效性,验证参数pc_identifier是否为空,如果data和time_stamp的合法性与有效性验证通过,并且参数pc_identifier不为空,则通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;(6) The server verifies the validity and validity of data and time_stamp, and verifies whether the parameter pc_identifier is empty. If the validity and validity of data and time_stamp are verified, and the parameter pc_identifier is not empty, it will be obtained through step (5). The aes_pc_key encrypts the data re_data that needs to be returned to the PC side, the ciphertext is represented as AES<re_data>, and returns to the PC side; (7)PC端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;(7) PC end receives the ciphertext AES<re_data> returned by step (6), and decrypts AES<re_data> using the AES key aes_pc_key generated in step (2) to obtain the plaintext data re_data returned from the server segment; 对移动客户端进行身份认证,包括:Authenticate mobile clients, including: A、计算出一个RSA公钥,该RSA公钥用于数据加密并保存在移动客户端,计算该RSA公钥对应的私钥,该私钥用于数据解密并保存在服务器端;A. Calculate an RSA public key, the RSA public key is used for data encryption and stored on the mobile client, and the private key corresponding to the RSA public key is calculated, and the private key is used for data decryption and stored on the server side; B、移动客户端生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;B. The mobile client generates a current timestamp information parameter time_stamp for validity verification, and randomly generates a mobile client AES key aes_mp_key; 使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp that need to be encrypted and sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>; C、服务器端接收到步骤B传来的加密后的密文,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到明文数据:aes_mp_key;C. The server receives the encrypted ciphertext from step B, decrypts the encrypted ciphertext from step B through the private key stored in step A, and obtains plaintext data: aes_mp_key; D、通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;D. The aes_mp_key obtained by step C encrypts the data re_data that needs to be returned to the mobile client, and the ciphertext is represented as AES<re_data>, which is returned to the mobile client; E、移动客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。E. The mobile client receives the ciphertext AES<re_data> returned in step D, decrypts the AES<re_data> using the AES key aes_mp_key generated in step B, and obtains the plaintext data re_data returned from the server segment. 2.根据权利要求1所述的一种基于混合加密算法的智能移动终端身份验证方法,其特征在于,所述步骤(6),服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别PC端类型,包括:2. a kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm according to claim 1, is characterized in that, described step (6), the legitimacy and validity of server-side verification data and time_stamp, and according to parameter The pc_identifier identifier identifies the PC side type, including: a、服务器端查询用户保存在数据库中的身份信息,验证手机端请求信息data是否合法;a. The server side queries the user's identity information stored in the database, and verifies whether the data requested by the mobile phone side is legal; b、通过参数time_stamp对比当前时间验证请求是否过期;b. Verify whether the request has expired by comparing the current time with the parameter time_stamp; c、服务器端验证参数pc_identifier是否为空,pc_identifier不为空,即表示请求来源于PC端,否则,即表示请求不来源于PC端。c. The server verifies whether the parameter pc_identifier is empty. If pc_identifier is not empty, it means that the request originates from the PC side; otherwise, it means that the request does not originate from the PC side. 3.权利要求1或2所述的智能移动终端身份验证方法的实现系统,其特征在于,包括PC端处理模块、移动终端处理模块、服务器处理模块;3. The realization system of the intelligent mobile terminal identity verification method described in claim 1 or 2, is characterized in that, comprises PC end processing module, mobile terminal processing module, server processing module; 所述PC端处理模块用于:生成固定的终端识别符pc_identifier、随机AES密钥aes_pc_key;通过步骤(1)保存的RSA公钥对终端识别符pc_identifier、随机AES密钥aes_pc_key加密,加密后的密文为:RSA<pc_identifier,aes_pc_key>,将加密后的密文信息生成QR二维码供移动客户端获取;The PC-side processing module is used to: generate a fixed terminal identifier pc_identifier and a random AES key aes_pc_key; encrypt the terminal identifier pc_identifier and the random AES key aes_pc_key by the RSA public key saved in step (1), and the encrypted key is encrypted. The text is: RSA<pc_identifier, aes_pc_key>, generate a QR code from the encrypted ciphertext information for the mobile client to obtain; 或者,生成一个当前时间戳信息参数time_stamp,用于有效期验证,并随机生成一个移动客户端AES密钥aes_mp_key;Or, generate a current timestamp information parameter time_stamp for validity verification, and randomly generate a mobile client AES key aes_mp_key; 使用步骤A中保存在移动客户端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp加密;加密后的密文为:RSA<data,time_stamp,null,aes_mp_key>;Use the RSA public key stored in the mobile client in step A to encrypt the user identity data data and the current timestamp information parameter time_stamp that need to be encrypted and sent; the encrypted ciphertext is: RSA<data, time_stamp, null, aes_mp_key>; 所述移动终端处理模块用于:扫描步骤(2)生成的QR二维码,获得密文RSA<pc_identifier,aes_pc_key>;The mobile terminal processing module is used for: scanning the QR code generated in step (2) to obtain ciphertext RSA<pc_identifier, aes_pc_key>; 使用步骤(1)中保存在PC端的RSA公钥将需要加密发送的用户身份数据data、当前时间戳信息参数time_stamp、步骤(3)获得的PC端密文信息RSA<pc_identifier,aes_pc_key>、AES密钥aes_mp_key加密;加密后的密文为:RSA<data,time_stamp,RSA<pc_identifier,aes_pc_key>,null>;并发送至服务器端;Use the RSA public key saved on the PC side in step (1) to encrypt the user identity data data sent, the current timestamp information parameter time_stamp, the PC-side ciphertext information RSA<pc_identifier, aes_pc_key>, AES encryption information obtained in step (3) The key aes_mp_key is encrypted; the encrypted ciphertext is: RSA<data, time_stamp, RSA<pc_identifier, aes_pc_key>, null>; and sent to the server; 所述服务器处理模块用于:The server processing module is used for: 通过步骤(1)中保存的私钥解密收到步骤(4)传来的加密后的密文,得到明文数据:data,time_stamp,pc_identifier,aes_pc_key;Decrypt the encrypted ciphertext from step (4) by decrypting the private key saved in step (1), and obtain plaintext data: data, time_stamp, pc_identifier, aes_pc_key; 服务器端验证data和time_stamp的合法性与有效性,并根据参数pc_identifier识别符鉴别客户端类型,通过步骤(5)获得的aes_pc_key对需要返回pc端的数据re_data加密,密文表示为AES<re_data>,返回PC端;The server verifies the legitimacy and validity of data and time_stamp, and identifies the client type according to the parameter pc_identifier. The aes_pc_key obtained in step (5) encrypts the data re_data that needs to be returned to the pc, and the ciphertext is represented as AES<re_data>, Return to PC; 不同类型客户端收到步骤(6)返回的密文AES<re_data>,利用步骤(2)生成的AES密钥aes_pc_key解密AES<re_data>,获得从服务器段返回的明文数据re_data;Different types of clients receive the ciphertext AES<re_data> returned in step (6), decrypt AES<re_data> using the AES key aes_pc_key generated in step (2), and obtain the plaintext data re_data returned from the server segment; 或者,通过步骤A中保存的私钥解密收到步骤B传来的加密后的密文,得到解明文数据:aes_mp_key;Or, decrypt the encrypted ciphertext from step B by decrypting the private key saved in step A, and obtain the decrypted plaintext data: aes_mp_key; 通过步骤C获得的aes_mp_key对需要返回移动客户端的数据re_data加密,密文表示为AES<re_data>,返回移动客户端;The aes_mp_key obtained in step C encrypts the data re_data that needs to be returned to the mobile client, the ciphertext is represented as AES<re_data>, and returns to the mobile client; 不同类型客户端收到步骤D返回的密文AES<re_data>,利用步骤B生成的AES密钥aes_mp_key解密AES<re_data>,获得从服务器段返回的明文数据re_data。Clients of different types receive the ciphertext AES<re_data> returned in step D, use the AES key aes_mp_key generated in step B to decrypt AES<re_data>, and obtain the plaintext data re_data returned from the server segment. 4.根据权利要求3所述的智能移动终端身份验证方法的实现系统,其特征在于,所述PC端处理模块计算机;所述移动端处理模块为手机。4. The realization system of the method for identity verification of an intelligent mobile terminal according to claim 3, wherein the PC-side processing module is a computer; and the mobile-side processing module is a mobile phone.
CN201810359179.8A 2018-04-20 2018-04-20 A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system Active CN108809936B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810359179.8A CN108809936B (en) 2018-04-20 2018-04-20 A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810359179.8A CN108809936B (en) 2018-04-20 2018-04-20 A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system

Publications (2)

Publication Number Publication Date
CN108809936A CN108809936A (en) 2018-11-13
CN108809936B true CN108809936B (en) 2020-12-08

Family

ID=64093413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810359179.8A Active CN108809936B (en) 2018-04-20 2018-04-20 A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system

Country Status (1)

Country Link
CN (1) CN108809936B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988301A (en) * 2020-08-14 2020-11-24 武汉气吞云梦科技有限公司 Secure communication method for preventing client from hacker violence attack
CN112182621A (en) * 2020-09-30 2021-01-05 银盛支付服务股份有限公司 Method and device for system data safety interaction, computer equipment and storage medium
CN112713988A (en) * 2020-12-31 2021-04-27 南威软件股份有限公司 No-key encryption and decryption method, system, terminal and medium based on identity card number
CN113890730B (en) * 2021-09-23 2024-09-20 上海华兴数字科技有限公司 Data transmission method and system
CN114531235B (en) * 2022-03-01 2023-06-13 中国科学院软件研究所 Communication method and system for end-to-end encryption
CN114936012A (en) * 2022-04-26 2022-08-23 长沙朗源电子科技有限公司 Method and device for realizing screen projection by encrypting and scanning two-dimensional code
CN115442074A (en) * 2022-08-01 2022-12-06 银盛支付服务股份有限公司 Data interaction method for iOS mobile terminal and server back-end

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118710A (en) * 2011-03-08 2011-07-06 上海红松信息技术有限公司 System and method for transmitting data between mobile terminals
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone
CN103218731A (en) * 2013-03-25 2013-07-24 深圳市精彩明天科技有限公司 Method and system utilizing two-dimension code to advertise
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encryption network data security method and system
CN107277059A (en) * 2017-08-08 2017-10-20 沈阳东青科技有限公司 A kind of one-time password identity identifying method and system based on Quick Response Code

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102233473B1 (en) * 2015-01-06 2021-03-29 한국전자통신연구원 Method of acquiring contents exchange information among peers in P2P networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118710A (en) * 2011-03-08 2011-07-06 上海红松信息技术有限公司 System and method for transmitting data between mobile terminals
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone
CN103218731A (en) * 2013-03-25 2013-07-24 深圳市精彩明天科技有限公司 Method and system utilizing two-dimension code to advertise
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encryption network data security method and system
CN107277059A (en) * 2017-08-08 2017-10-20 沈阳东青科技有限公司 A kind of one-time password identity identifying method and system based on Quick Response Code

Also Published As

Publication number Publication date
CN108809936A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
CN108809936B (en) A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
CN110855671B (en) Trusted computing method and system
CN112836229A (en) A trusted data access control scheme combining attribute-based encryption and blockchain
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
CN106487765B (en) Authorized access method and devices using it
US20120054491A1 (en) Re-authentication in client-server communications
CN110958209B (en) Bidirectional authentication method, system and terminal based on shared secret key
CN114024710A (en) Data transmission method, device, system and equipment
CN108809633B (en) Identity authentication method, device and system
WO2014114080A1 (en) Method and system for data encryption protection
CN114244502B (en) Signature key generation method, device and computer equipment based on SM9 algorithm
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN114282189A (en) A data security storage method, system, client and server
US10785193B2 (en) Security key hopping
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN114154181B (en) Privacy computing method based on distributed storage
CN118898081B (en) File encryption method and system based on CP-ABE and USBKEY
CN113868715B (en) Signature method and system based on quantum key
CN115801232A (en) Private key protection method, device, equipment and storage medium
CN119109963A (en) TLCP secure channel communication method and system for national secret intelligent password key
CN114079921B (en) Session key generation method, anchor point function network element and system
CN112865968B (en) Data ciphertext hosting method and system, computer equipment and storage medium
CN114826620B (en) Safe method and system for binding intelligent door lock and intelligent door lock

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant