CN109067746A - Communication means and device between client and server - Google Patents
Communication means and device between client and server Download PDFInfo
- Publication number
- CN109067746A CN109067746A CN201810911334.2A CN201810911334A CN109067746A CN 109067746 A CN109067746 A CN 109067746A CN 201810911334 A CN201810911334 A CN 201810911334A CN 109067746 A CN109067746 A CN 109067746A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- random factor
- master key
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 93
- 238000004891 communication Methods 0.000 title claims abstract description 91
- 238000000034 method Methods 0.000 claims abstract description 56
- 230000004044 response Effects 0.000 claims abstract description 37
- 230000006399 behavior Effects 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 21
- 230000005540 biological transmission Effects 0.000 abstract description 17
- 238000012795 verification Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 230000006835 compression Effects 0.000 description 4
- 238000007906 compression Methods 0.000 description 4
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
本发明公开了一种客户端与服务器之间的通信方法及装置。其中,方法包括:根据客户端证书信息生成第一随机因子;向服务器发送握手请求信息,握手请求信息中携带有第一随机因子;接收服务器对握手请求信息反馈的响应信息,响应信息中携带有服务器生成的第二随机因子;根据第一随机因子以及第二随机因子生成主密钥,以供客户端及服务器根据主密钥进行数据通信。本方案中客户端证书信息与最终生成的主密钥相关联,从而将主密钥的生成与证书验证过程相耦合,避免现有技术中易绕开证书验证过程而带来的通信安全性低的弊端,并且,本方案中的客户端证书信息在传输过程中为非明文形式传输,从而进一步地增大逆向难度,保障数据安全。
The invention discloses a communication method and device between a client and a server. Among them, the method includes: generating the first random factor according to the client certificate information; sending the handshake request information to the server, the handshake request information carries the first random factor; receiving the response information fed back by the server to the handshake request information, the response information carries the A second random factor generated by the server; a master key is generated according to the first random factor and the second random factor for data communication between the client and the server according to the master key. In this scheme, the client certificate information is associated with the final generated master key, so that the generation of the master key is coupled with the certificate verification process, avoiding the low communication security caused by the easy bypass of the certificate verification process in the prior art In addition, the client certificate information in this scheme is transmitted in non-plaintext form during the transmission process, which further increases the reverse difficulty and ensures data security.
Description
Technical field
The present invention relates to field of computer technology, and in particular to communication means and dress between a kind of client and server
It sets.
Background technique
Currently, the communication between client and server usually passes through https protocol realization.And https agreement is to be based on
Tls protocol (Transport Layer Security, secure transport layer protocol) realizes the communication of data.Client with clothes
Before carrying out formal data transmission between business device, usual client or server need to verify the certificate information of both sides,
Under the legal preceding topic of certificate information, carry out data transmission.
However, at present in the communication mode between client and server, after being usually verified to certificate information again
It further generates between client and server and communicates required master key.It and is usually that TLS is held to the verifying of certificate information
An independent subprocess that can be executed by external checkpoint during hand.For example, can by system provide interface or open
The interface that source library provides verifies certificate, such as the HttpURLConnection of Android platform, however, the setting
Mode easily makes reverse person get around certificate checking procedure, to threaten the communication security between client and server, reduces number
According to safety;Also, in the prior art in certificate checking procedure, certificate is usually transmitted with clear-text way, thus further
Communication risk is increased, Information Security is influenced.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind
State the communication means and device between the client of problem and server.
According to an aspect of the invention, there is provided the communication means between a kind of client and server, comprising:
The first random factor is generated according to client certificate information;
To server send handshake request information, wherein carried in the handshake request information described first it is random because
Son;
Receive the response message that server feeds back the handshake request information, wherein carry in the response message
The second random factor that server generates;
Master key is generated according to first random factor and second random factor, for the client and institute
It states server and data communication is carried out according to the master key.
According to another aspect of the present invention, the communication device between a kind of client and server is provided, comprising:
First random factor generation module is suitable for generating the first random factor according to client certificate information;
Sending module is suitable for sending handshake request information to server, wherein carry in the handshake request information
State the first random factor;
Receiving module, the response message that the handshake request information is fed back suitable for receiving server, wherein the response
The second random factor of server generation is carried in information;
Master key generation module is suitable for generating master according to first random factor and second random factor close
Key, so that the client and the server carry out data communication according to the master key.
According to another aspect of the invention, provide a kind of calculating equipment, comprising: processor, memory, communication interface and
Communication bus, the processor, the memory and the communication interface complete mutual communication by the communication bus;
For the memory for storing an at least executable instruction, it is above-mentioned that the executable instruction executes the processor
The corresponding operation of communication means between client and server.
In accordance with a further aspect of the present invention, provide a kind of computer storage medium, be stored in the storage medium to
A few executable instruction, the executable instruction execute processor such as the communication means pair between above-mentioned client and server
The operation answered.
Communication means and device between the client provided according to the present invention and server.First according to client certificate
Information generates the first random factor;And handshake request information is sent to server, wherein carry first in handshake request information
Random factor;Receive the response message that server feeds back handshake request information, wherein it is raw that server is carried in response message
At the second random factor;Master key is finally generated according to the first random factor and the second random factor, for client and
Server carries out data communication according to master key.Client certificate information by being tied to clothes by this programme during the handshake process
It is engaged in the first random factor in the handshake request information that device is sent, so that client certificate information and the master key ultimately generated
It is associated, so that the generation of master key is coupled with credentials verification process, avoid easily getting around certification authentication in the prior art
Journey and the low drawback of bring communications security, also, the client certificate information in this programme is non-bright in transmission process
Literary form transmission improves the communications security between client and server to further increase reverse difficulty, ensures number
According to safety.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the communication means between a kind of client provided according to an embodiment of the present invention and server
Flow diagram;
Fig. 2 shows the communication means between a kind of client provided according to a further embodiment of the invention and server
Flow diagram;
Fig. 3 shows the communication device between a kind of client provided according to an embodiment of the present invention and server
Illustrative view of functional configuration;
Fig. 4 shows a kind of structural schematic diagram of the calculating equipment provided according to an embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Fig. 1 shows the communication means between a kind of client provided according to an embodiment of the present invention and server
Flow diagram.As shown in Figure 1, this method comprises:
Step S110 generates the first random factor according to client certificate information.
Wherein, the present embodiment is executed in client-side.Specifically, formal data are carried out in client and server to transmit
Before, the Handshake Protocol interactive process between client and server need to be first passed through, generates client in Handshake Protocol interactive process
After master key needed for carrying out communications between end and server, it can carry out data transmission.
So Handshake Protocol interactive process initial stage is carried out in client and server first in this step, according to client
Certificate information generates the first random factor, so that client certificate information is bound among the first random factor, and with non-
The form of plaintext is transmitted.
Step S120, to server send handshake request information, wherein carried in handshake request information first it is random because
Son.
Client further believes the handshake request for carrying the first random factor after generating the first random factor
Breath is sent to server.Optionally, client ends relative, such as version information, encryption set are also carried in handshake request information
Part candidate list, the information such as compression algorithm candidate list and/or extended field.
Step S130 receives the response message that server feeds back handshake request information, wherein carry in response message
The second random factor that server generates.
Server generates the second random factor after the handshake request information for receiving client transmission, and to client
End feedback carries the response message of the second random factor.Optionally, server selection has been can further include in response message
The protocol version used, encryption suite of selection, and/or the compression algorithm of selection etc..
Client further executes step after receiving the response message that server feeds back handshake request information
S140。
Step S140 generates master key according to the first random factor and the second random factor, for client and service
Device carries out data communication according to master key.
The response message that the first random factor and received server that client is generated according to client itself are sent
In the second random factor, generate client and server and carrying out master key needed for formal data transmission procedure, from
And client and server are carried out data transmission according to the master key.
According to the communication means between client provided in this embodiment and server, first according to client certificate information
Generate the first random factor;And handshake request information is sent to server, wherein it is random that first is carried in handshake request information
The factor;Receive the response message that server feeds back handshake request information, wherein server generation is carried in response message
Second random factor;Master key is finally generated according to the first random factor and the second random factor, for client and service
Device carries out data communication according to master key.Client certificate information by being tied to server by this programme during the handshake process
In the first random factor in the handshake request information of transmission, so that client certificate information is related to the master key ultimately generated
Connection, so that the generation of master key is coupled with credentials verification process, avoid easily getting around credentials verification process in the prior art and
The low drawback of bring communications security, also, the client certificate information in this programme is ciphertext shape in transmission process
Formula transmission improves the communications security between client and server to further increase reverse difficulty, ensures data peace
Entirely.
Fig. 2 shows the communication means between a kind of client provided according to a further embodiment of the invention and server
Flow diagram.As shown in Fig. 2, this method comprises:
Step S210 generates the first random number by default random number generator, by the first random number and client certificate
Information is bound, and generates the first random factor according to binding result.
Wherein, the present embodiment is executed in client-side.In the specific implementation process, first by presetting generating random number
Device generates the first random number, wherein the present embodiment to the type of default random number generator, based on generating random number side
Method, digit of the random number of generation etc. are not construed as limiting, and those skilled in the art can be according to actual demand self-setting.
Further, the present embodiment is different from being sent directly to service by the random number that client-side generates in the prior art
Device, but after according to random number generator the first random number of generation is preset, further the first random number and client are demonstrate,proved
Letter breath binding, generates the first random factor.Wherein, client certificate information includes client public key information, and by
During one random number and client certificate information are bound, those skilled in the art can voluntarily select according to the actual situation
Corresponding binding algorithm.For example, if being the random number of 32 bytes according to the first random number that default random number generator generates,
The first random number and client certificate information are bound using PRF function, MD5, and/or SHA1 scheduling algorithm, or are into one
Step ground improves reverse difficulty, can also upset the algorithm of interference etc. of information (such as client application packet name interference information) by addition
First random number and client certificate information are bound, to obtain the first random factor.Due in actual implementation process,
Reverse personnel believe when being unaware of corresponding binding algorithm according to the certificate that the first random factor can not inversely obtain client
Breath further ensures logical so that the certificate information of client is transmitted in a manner of ciphertext between a client and a server
Letter safety, promotes Information Security.
Optionally, further to increase reverse difficulty, communication security is ensured, this step is in the first random number and client
Certificate information carries out in binding procedure, is pre-processed first using preset algorithm to client certificate information, acquisition and client
Hold the corresponding pre-processed results of certificate information.Wherein, preset algorithm can be hash algorithm etc., and the present invention does not limit this
It is fixed.After obtaining pre-processed results corresponding with client certificate information, further the first random number and pretreatment are tied
Fruit is bound, and generates the first random factor according to binding result.
It optionally, can be by default in the present embodiment to guarantee that the first random factor generated meets the requirement of tls protocol
Interception algorithm make first the first preset length of random factor ultimately generated, such as the first preset length be 32 bytes.
Step S220, to server send handshake request information, wherein carried in handshake request information first it is random because
Son.
Wherein, handshake request information is specially ClientHello information.Then client generate the first random factor it
Afterwards, user end to server sends the ClientHello information for carrying the first random factor.Optionally, ClientHello believes
Also carry client ends relative, such as version information in breath, encryption suite candidate list, compression algorithm candidate list, and/or
The information such as extended field.
Step S230 receives the response message that server feeds back handshake request information, wherein carry in response message
The second random factor that server generates.
Server passes through corresponding generating random number side after the ClientHello information for receiving client transmission
Method generates the second random factor.Wherein, the second random factor is the first preset length, to guarantee that second random factor accords with
Close the requirement of tls protocol.
Server is further anti-by the response message for carrying the second random factor after generating the second random factor
It feeds client, wherein response message is SeverHello information.It optionally, also may include having clothes in SeverHello information
Business device protocol version selected to use, encryption suite of selection, and/or the compression algorithm of selection etc..
Client further executes after receiving the SeverHello information that server feeds back handshake request information
Step S240.
Step S240 generates pre- master key, and is generated according to the first random factor, the second random factor and pre- master key
Master key, so that client and server carry out data communication according to master key.
Specifically, it is close further to generate pre-master after receiving the SeverHello information of server feedback for client
Key.Wherein, pre- master key is the random number generated by corresponding random digit generation method.
Further, client is generated according to pre- master key pre_master_secret, the step S210 that this step generates
The first random factor ClientHello.random and step S230 in include in the SeverHello information that receives
Second random factor SeverHello.random generates master key by preset generating algorithm (such as PRF algorithm).To
So that including client certificate information in the master key ultimately generated.Optionally, the master key of generation is the second preset length
(such as 48 bytes), so that the master key generated meets the requirement of tls protocol.
After client generates master key, further the master key is sent in server, thus in subsequent visitor
Family end and server carry out in data communication process, and client and server are according to master key progress data communication.Specifically,
It is carried out in data communication process in client and server, user end to server sends master key, and server is receiving visitor
After the master key that family end is sent, further the master key is verified, that is, judges the master key and service that client is sent
Whether the master key in device is identical, if so, verifying is consistent, so as to carry out the data communication between client and server.
According to the communication means between client provided in this embodiment and server, by presetting random number generator
After generating the first random number, and the first random number is sent not directly to server, but further by the first random number and visitor
Family end certificate information is bound, and is generated the first random factor and is sent in server;Receiving the of server feedback
After two random factors, pre- master key is further generated, thus according to pre- master key, the first random factor and the second random factor
Master key is generated, so that client and server carry out formal data communication according to the master key.This programme is by shaking hands
Client certificate information is tied in the first random factor into the handshake request information that server is sent in the process, so that
Client certificate information is associated with the master key ultimately generated, thus by the generation of master key and credentials verification process phase coupling
It closes, avoids easily getting around credentials verification process in the prior art and the low drawback of bring communications security, also, in this programme
Client certificate information is transmitted in transmission process for ciphertext form, to further increase reverse difficulty, improves client
Communications security between end and server ensures data safety.
Fig. 3 shows the communication device between a kind of client provided according to an embodiment of the present invention and server
Illustrative view of functional configuration.As shown in figure 3, the device includes: the first random factor generation module 31, sending module 32, receives mould
Block 33 and master key generation module 34.
Wherein, the first random factor generation module 31 is suitable for generating the first random factor according to client certificate information;
Sending module 32 is suitable for sending handshake request information to server, wherein carry in the handshake request information
First random factor;
Receiving module 33, the response message that the handshake request information is fed back suitable for receiving server, wherein the sound
Answer the second random factor that server generation is carried in information;
Master key generation module 34 is suitable for generating master according to first random factor and second random factor close
Key, so that the client and the server carry out data communication according to the master key.
Optionally, the first random factor generation module 31 further comprises: generating first by default random number generator
Random number;First random number and the client certificate information are bound, generate described first according to binding result
Random factor.
Optionally, the first random factor generation module 31 is further adapted for: by preset algorithm to the client certificate
Information is pre-processed, and pre-processed results corresponding with the client certificate information are obtained;By first random number and institute
It states pre-processed results to be bound, first random factor is generated according to binding result.
Optionally, device further include: pre- master key generation module (not shown) is suitable for generating pre- master key;
Then master key generation module 34 is further adapted for: according to first random factor, second random factor, with
And the pre- master key generates master key.
Optionally, master key generation module 34 is further adapted for: according to first random factor and described second with
The machine factor generates master key, and the master key is sent to server, so that server verifies the master key, if
Verifying is consistent, then the client and the server are according to master key progress data communication.
Optionally, first random factor/or second random factor are the first preset length;And/or the master
Key is the second preset length.
Optionally, the client certificate information includes client public key information.
Optionally, the handshake request information is ClientHello information;The response message is SeverHello letter
Breath.
Wherein, the specific implementation process of the modules in the present apparatus can refer to embodiment of the method shown in Fig. 1 and/or Fig. 2
In corresponding steps elaboration, this will not be repeated here for the present embodiment.
According to the communication device between client provided in this embodiment and server, first according to client certificate information
Generate the first random factor;And handshake request information is sent to server, wherein it is random that first is carried in handshake request information
The factor;Receive the response message that server feeds back handshake request information, wherein server generation is carried in response message
Second random factor;Master key is finally generated according to the first random factor and the second random factor, for client and service
Device carries out data communication according to master key.Client certificate information by being tied to server by the present apparatus during the handshake process
In the first random factor in the handshake request information of transmission, so that client certificate information is related to the master key ultimately generated
Connection, so that the generation of master key is coupled with credentials verification process, avoid easily getting around credentials verification process in the prior art and
The low drawback of bring communications security, also, the client certificate information in the present apparatus is ciphertext shape in transmission process
Formula transmission improves the communications security between client and server to further increase reverse difficulty, ensures data peace
Entirely.
A kind of nonvolatile computer storage media is provided according to an embodiment of the present invention, and the computer storage is situated between
Matter is stored with an at least executable instruction, which can be performed the client in above-mentioned any means embodiment
Communication means between server.
Fig. 4 shows a kind of calculating device structure schematic diagram provided according to an embodiment of the present invention, and the present invention is specific
Embodiment does not limit the specific implementation for calculating equipment.
As shown in figure 4, the calculating equipment may include: processor (processor) 402, communication interface
(Communications Interface) 404, memory (memory) 406 and communication bus 408.
Wherein:
Processor 402, communication interface 404 and memory 406 complete mutual communication by communication bus 408.
Communication interface 404, for being communicated with the network element of other equipment such as client or other servers etc..
Processor 402 can specifically execute the communication party between above-mentioned client and server for executing program 410
Correlation step in method embodiment.
Specifically, program 410 may include program code, which includes computer operation instruction.
Processor 402 may be central processor CPU or specific integrated circuit ASIC (Application
Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention
Road.The one or more processors that equipment includes are calculated, can be same type of processor, such as one or more CPU;It can also
To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 406, for storing program 410.Memory 406 may include high speed RAM memory, it is also possible to further include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 410 specifically can be used for so that processor 402 executes following operation:
The first random factor is generated according to client certificate information;
To server send handshake request information, wherein carried in the handshake request information described first it is random because
Son;
Receive the response message that server feeds back the handshake request information, wherein carry in the response message
The second random factor that server generates;
Master key is generated according to first random factor and second random factor, for the client and institute
It states server and data communication is carried out according to the master key.
In a kind of optional embodiment, program 410 specifically can be used for so that processor 402 executes following operation:
The first random number is generated by default random number generator;
First random number and the client certificate information are bound, generate described first according to binding result
Random factor.
In a kind of optional embodiment, program 410 specifically can be used for so that processor 402 executes following operation:
The client certificate information is pre-processed by preset algorithm, is obtained and the client certificate information pair
The pre-processed results answered;
First random number is bound with the pre-processed results, it is random to generate described first according to binding result
The factor.
In a kind of optional embodiment, program 410 specifically can be used for so that processor 402 executes following operation:
Generate pre- master key;
Master key is generated according to first random factor, second random factor and the pre- master key.
In a kind of optional embodiment, program 410 specifically can be used for so that processor 402 executes following operation:
Master key is generated according to first random factor and second random factor, and the master key is sent
To server, so that server verifies the master key, if verifying consistent, the client and the server root
Data communication is carried out according to the master key.
In a kind of optional embodiment, first random factor/or second random factor are first default
Length;And/or the master key is the second preset length.
In a kind of optional embodiment, the client certificate information includes client public key information.
In a kind of optional embodiment, the handshake request information is ClientHello information;The response message
For SeverHello information.
Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein.
Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various
Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or digital signal processor (DSP) realize the communication between client according to embodiments of the present invention and server
The some or all functions of some or all components in device.The present invention is also implemented as being retouched here for executing
The some or all device or device programs (for example, computer program and computer program product) for the method stated.
It is such to realize that program of the invention can store on a computer-readable medium, or can have one or more signal
Form.Such signal can be downloaded from an internet website to obtain, be perhaps provided on the carrier signal or with it is any its
He provides form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
The invention discloses: the communication means between a kind of client of A1. and server, comprising:
The first random factor is generated according to client certificate information;
To server send handshake request information, wherein carried in the handshake request information described first it is random because
Son;
Receive the response message that server feeds back the handshake request information, wherein carry in the response message
The second random factor that server generates;
Master key is generated according to first random factor and second random factor, for the client and institute
It states server and data communication is carried out according to the master key.
A2. method according to a1, wherein described further according to client certificate information the first random factor of generation
Include:
The first random number is generated by default random number generator;
First random number and the client certificate information are bound, generate described first according to binding result
Random factor.
A3. the method according to A2, wherein described to carry out first random number and the client certificate information
Binding, generating first random factor according to binding result further comprises:
The client certificate information is pre-processed by preset algorithm, is obtained and the client certificate information pair
The pre-processed results answered;
First random number is bound with the pre-processed results, it is random to generate described first according to binding result
The factor.
A4. the method according to any one of A1-A3, wherein described according to first random factor and institute
Before stating the second random factor generation master key, the method also includes:
Generate pre- master key;
It is then described to further comprise according to first random factor and second random factor generation master key:
Master key is generated according to first random factor, second random factor and the pre- master key.
A5. the method according to any one of A1-A4, wherein according to first random factor and described second
Random factor generates master key, so that the client and the server are further according to master key progress data communication
Include:
Master key is generated according to first random factor and second random factor, and the master key is sent
To server, so that server verifies the master key, if verifying consistent, the client and the server root
Data communication is carried out according to the master key.
A6. the method according to any one of A1-A5, wherein first random factor/or it is described second it is random because
Son is the first preset length;And/or the master key is the second preset length.
A7. the method according to any one of A1-A6, wherein the client certificate information includes client public key
Information.
A8. the method according to any one of A1-A7, wherein the handshake request information is ClientHello letter
Breath;The response message is SeverHello information.
The invention also discloses: the communication device between a kind of client of B9. and server, comprising:
First random factor generation module is suitable for generating the first random factor according to client certificate information;
Sending module is suitable for sending handshake request information to server, wherein carry in the handshake request information
State the first random factor;
Receiving module, the response message that the handshake request information is fed back suitable for receiving server, wherein the response
The second random factor of server generation is carried in information;
Master key generation module is suitable for generating master according to first random factor and second random factor close
Key, so that the client and the server carry out data communication according to the master key.
B10. the device according to B9, wherein the first random factor generation module further comprises: by default
Random number generator generates the first random number;
First random number and the client certificate information are bound, generate described first according to binding result
Random factor.
B11. device according to b10, wherein the first random factor generation module is further adapted for:
The client certificate information is pre-processed by preset algorithm, is obtained and the client certificate information pair
The pre-processed results answered;
First random number is bound with the pre-processed results, it is random to generate described first according to binding result
The factor.
B12. the device according to any one of B9-B11, wherein described device further include: pre- master key generates mould
Block is suitable for generating pre- master key;
Then the master key generation module is further adapted for: according to first random factor, second random factor,
And the pre- master key generates master key.
B13. the device according to any one of B9-B12, wherein the master key generation module is further adapted for: root
Master key is generated according to first random factor and second random factor, and the master key is sent to server,
So that server verifies the master key, if verifying is consistent, the client and the server are according to the master
Key carries out data communication.
B14. the device according to any one of B9-B13, wherein first random factor/or described second is at random
The factor is the first preset length;And/or the master key is the second preset length.
B15. the device according to any one of B9-B14, wherein the client certificate information includes client public affairs
Key information.
B16. the device according to any one of B9-B15, wherein the handshake request information is ClientHello letter
Breath;The response message is SeverHello information.
The invention also discloses: a kind of calculating equipment of C17., comprising: processor, memory, communication interface and communication are total
Line, the processor, the memory and the communication interface complete mutual communication by the communication bus;
The memory executes the processor such as storing an at least executable instruction, the executable instruction
The corresponding operation of communication means described in any one of A1-A8 between client and server.
The invention also discloses a kind of computer storage medium of D18., being stored at least one in the storage medium can be held
Row instruction, the executable instruction make processor execute the client as described in any one of A1-A8 and leading between server
The corresponding operation of letter method.
Claims (10)
1. the communication means between a kind of client and server, comprising:
The first random factor is generated according to client certificate information;
Handshake request information is sent to server, wherein first random factor is carried in the handshake request information;
Receive the response message that server feeds back the handshake request information, wherein service is carried in the response message
The second random factor that device generates;
Master key is generated according to first random factor and second random factor, for the client and the clothes
Device be engaged according to master key progress data communication.
2. described to generate the first random factor into one according to client certificate information according to the method described in claim 1, wherein
Step includes:
The first random number is generated by default random number generator;
First random number and the client certificate information are bound, it is random to generate described first according to binding result
The factor.
3. according to the method described in claim 2, wherein, it is described by first random number and the client certificate information into
Row binding, generating first random factor according to binding result further comprises:
The client certificate information is pre-processed by preset algorithm, is obtained corresponding with the client certificate information
Pre-processed results;
First random number is bound with the pre-processed results, according to binding result generate it is described first it is random because
Son.
4. method according to any one of claim 1-3, wherein described according to first random factor and institute
Before stating the second random factor generation master key, the method also includes:
Generate pre- master key;
It is then described to further comprise according to first random factor and second random factor generation master key:
Master key is generated according to first random factor, second random factor and the pre- master key.
5. method according to any of claims 1-4, wherein according to first random factor and described second
Random factor generates master key, so that the client and the server are further according to master key progress data communication
Include:
Master key is generated according to first random factor and second random factor, and the master key is sent to clothes
Business device, so that server verifies the master key, if verifying is consistent, the client and the server are according to institute
It states master key and carries out data communication.
6. method according to any one of claims 1-5, wherein first random factor/or described second is at random
The factor is the first preset length;And/or the master key is the second preset length.
7. method according to claim 1 to 6, wherein the client certificate information includes client public key
Information.
8. the communication device between a kind of client and server, comprising:
First random factor generation module is suitable for generating the first random factor according to client certificate information;
Sending module is suitable for sending handshake request information to server, wherein carry described the in the handshake request information
One random factor;
Receiving module, the response message that the handshake request information is fed back suitable for receiving server, wherein the response message
In carry server generation the second random factor;
Master key generation module is suitable for generating master key according to first random factor and second random factor, with
Data communication is carried out according to the master key for the client and the server.
9. a kind of calculating equipment, comprising: processor, memory, communication interface and communication bus, the processor, the storage
Device and the communication interface complete mutual communication by the communication bus;
The memory executes the processor as right is wanted for storing an at least executable instruction, the executable instruction
Ask the corresponding operation of the communication means described in any one of 1-7 between client and server.
10. a kind of computer storage medium, an at least executable instruction, the executable instruction are stored in the storage medium
Execute processor such as the corresponding behaviour of communication means between client of any of claims 1-7 and server
Make.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810911334.2A CN109067746B (en) | 2018-08-10 | 2018-08-10 | Communication method and device between client and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810911334.2A CN109067746B (en) | 2018-08-10 | 2018-08-10 | Communication method and device between client and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067746A true CN109067746A (en) | 2018-12-21 |
| CN109067746B CN109067746B (en) | 2021-06-29 |
Family
ID=64683500
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810911334.2A Active CN109067746B (en) | 2018-08-10 | 2018-08-10 | Communication method and device between client and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067746B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110336666A (en) * | 2019-07-17 | 2019-10-15 | 武汉信安珞珈科技有限公司 | A method of random number randomness in enhancing SSL/TLS agreement |
| CN110380868A (en) * | 2019-08-22 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of communication means, device and communication system and storage medium |
| CN110768792A (en) * | 2019-09-30 | 2020-02-07 | 奇安信科技集团股份有限公司 | Master key generation method and device and encryption and decryption method of sensitive security parameters |
| CN114095202A (en) * | 2021-10-09 | 2022-02-25 | 浪潮软件股份有限公司 | Method for fast authentication of client-server architecture |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296228A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | SSL VPN protocol detection method based on flow analysis |
| CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
| CN104852902A (en) * | 2015-04-10 | 2015-08-19 | 中国民航大学 | SWIM user identity authentication method based on improved Diameter/EAP-TLS protocol |
| US20150341178A1 (en) * | 2014-05-23 | 2015-11-26 | Panasonic Intellectual Property Management Co., Ltd. | Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method |
| CN106603182A (en) * | 2015-10-16 | 2017-04-26 | 北京邮电大学 | Space environment oriented safe time synchronization method |
-
2018
- 2018-08-10 CN CN201810911334.2A patent/CN109067746B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296228A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | SSL VPN protocol detection method based on flow analysis |
| CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
| US20150341178A1 (en) * | 2014-05-23 | 2015-11-26 | Panasonic Intellectual Property Management Co., Ltd. | Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method |
| CN104852902A (en) * | 2015-04-10 | 2015-08-19 | 中国民航大学 | SWIM user identity authentication method based on improved Diameter/EAP-TLS protocol |
| CN106603182A (en) * | 2015-10-16 | 2017-04-26 | 北京邮电大学 | Space environment oriented safe time synchronization method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110336666A (en) * | 2019-07-17 | 2019-10-15 | 武汉信安珞珈科技有限公司 | A method of random number randomness in enhancing SSL/TLS agreement |
| CN110380868A (en) * | 2019-08-22 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of communication means, device and communication system and storage medium |
| CN110768792A (en) * | 2019-09-30 | 2020-02-07 | 奇安信科技集团股份有限公司 | Master key generation method and device and encryption and decryption method of sensitive security parameters |
| CN110768792B (en) * | 2019-09-30 | 2023-09-05 | 奇安信科技集团股份有限公司 | Main key generation method, device and encryption and decryption method for sensitive security parameters |
| CN114095202A (en) * | 2021-10-09 | 2022-02-25 | 浪潮软件股份有限公司 | Method for fast authentication of client-server architecture |
| CN114095202B (en) * | 2021-10-09 | 2024-04-12 | 浪潮软件股份有限公司 | Method for rapidly authenticating client-server architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067746B (en) | 2021-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109462588B (en) | Decentralized data transaction method and system based on block chain | |
| CN109067746A (en) | Communication means and device between client and server | |
| CN105556919B (en) | Multi-factor authentication using service request ticket | |
| CN108900471A (en) | It is used for transmission server, client, network system and the method for data | |
| CN105007280A (en) | Application sign-on method and device | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN112596754B (en) | Block chain intelligent contract deployment method and device | |
| CN109413076A (en) | Domain name analytic method and device | |
| US12368603B1 (en) | Code-sign white listing (CSWL) | |
| CN110351276A (en) | Data processing method, equipment and computer readable storage medium | |
| CN109587180B (en) | Method for establishing connection, client and server | |
| JP2023525576A (en) | Scope of control of authentication keys for software updates | |
| CN109981262A (en) | A kind of client anti-violence crack method and device | |
| CN109814889A (en) | Method and apparatus for updating a source code repository | |
| CN105812345B (en) | It is a kind of realize webpage to client communication method and device | |
| CN116975901A (en) | Identity verification method, device, equipment, medium and product based on block chain | |
| US12323808B2 (en) | Systems and methods for verified communication between mobile applications | |
| CN105577657B (en) | A kind of extended method of SSL/TLS algorithms external member | |
| CN109934016A (en) | The signature check method, apparatus and electronic equipment of application | |
| CN116962053A (en) | Efficient provable block chain data storage verification method, device and system | |
| CN110730186A (en) | Token issuing method, accounting node and medium based on block chain | |
| CN104580433B (en) | Method and device for retrieving favorite data | |
| CN113391851B (en) | A proxy control method, client device and proxy service device | |
| CN105871927B (en) | Micro-terminal automatic login method and device | |
| CN106130964B (en) | Micro-terminal automatic login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |