CN111464532A - Information encryption method and system - Google Patents

Information encryption method and system Download PDF

Info

Publication number
CN111464532A
CN111464532A CN202010243922.0A CN202010243922A CN111464532A CN 111464532 A CN111464532 A CN 111464532A CN 202010243922 A CN202010243922 A CN 202010243922A CN 111464532 A CN111464532 A CN 111464532A
Authority
CN
China
Prior art keywords
user identification
data
server
key
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010243922.0A
Other languages
Chinese (zh)
Inventor
龚健虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Peizheng College
Original Assignee
Guangdong Peizheng College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Peizheng College filed Critical Guangdong Peizheng College
Priority to CN202010243922.0A priority Critical patent/CN111464532A/en
Publication of CN111464532A publication Critical patent/CN111464532A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an information encryption method and a system, wherein the method comprises the following steps: the browser sends out an encrypted access request according to the uniform resource locator; the server receives the access request needing to be decrypted and generates a program coding file corresponding to the webpage; outputting the program code file to the browser; the browser displays, explains and presents the program coding file on a client, and receives data input by the client; encrypting at least a portion of the client's data according to the public key with the encryption program embedded in the program code file; to verify the validity of the data and/or the user identification; taking out a corresponding private key according to the public key, and decrypting the encrypted data by using the private key; transmitting the decrypted data to the server; the access request is ended.

Description

Information encryption method and system
Technical Field
The invention relates to an information encryption method and system.
Background
Man-in-the-Middle Attack (MITM Attack for short) is a network Attack method that indirectly completes Attack behaviors by stealing or tampering communication physical and logical links. The attack mode is controlled by various attack means in an intrusion manner, or a host between two communication computers is directly controlled in a physical access manner, and the purpose of attacking any one of the two communication computers is achieved through the host. This communication node controlled by the attacker is the so-called "man-in-the-middle". Man-in-the-middle attack has long been a commonly used attack means for hackers, and the idea can be traced back to ancient times thousands of years ago, the Xinling monarch who signs and rescues Zhao is stolen in the spring and autumn warring states, and the typical man-in-the-middle attack aiming at the information transmission mode between Weiwang and the army is to control the army by stealing weapons signs. When a network communication system is designed most, security factors are not considered, and common protocols such as ARP, DNS, DHCP and the like designed by Internet Engineering Task Force (IETF) do not consider the situation that network communication is maliciously tampered by people, even if there is no attacker in a local area network, as long as an individual operator mistakenly configures a non-critical node in the network (for example, activates a DHCP server more), normal network communication of other nodes in the network may be affected.
The hacking of the hacking takes place first to find the vulnerability of the network protocol, the intermediate network device changes day by day, the rogue cannot unknowingly replace itself with the intermediate station through which the network transmission process must pass, and records the data packets within a specific network segment, the hacker is difficult to defend against the hacking 1) when the hacker eavesdrops on the network link normally without breaking, so that few persons actively discover 2) the user computer is not installed with trojans or malicious software, and is difficult to discover by antivirus software 3) when the network protocol is under the condition that the network device does not retain the record file, the network device cannot track after the data is absolutely 4), the network device is still protected from the hacking of the secret password, the Secure server only has to recover the secret password data from the Secure domain of the internet protocol, the Secure data such as the Secure domain of the hacking certificate of the hacking data, the hacking certificate of the hacking certificate.
It can be seen that the prior art has drawbacks in various ways of dealing with man-in-the-middle attacks.
Disclosure of Invention
In view of the above problems in the prior art, the present invention is directed to an information encryption method and system, which can be applied to protect sensitive data (e.g., account, password) from interception and resubmission.
In order to achieve the above object, an aspect of the present invention provides an information encryption method for resisting man-in-the-middle attacks when a browser fetches a web page of a server according to a uniform resource locator, including:
s1, the browser sends out an encrypted access request according to the uniform resource locator;
s2, the server receives the access request needing to be decrypted, obtains a public key from a key bank encryption program, and generates a program coding file corresponding to the webpage by the server according to the access request;
s3, outputting the program code file to the browser, embedding an encryption program, the public key and a user identification in the program code file, and storing the user identification in an identification database, wherein the user identification comprises fields of server time, a key pair index value and key survival time;
s4, the browser displays, explains and presents the program code file on the client, and receives data input by the client;
s5, encrypting at least one part of the data of the client according to the public key by the encryption program embedded in the program code file;
s6, transmitting at least a part of the encrypted data, and the public key and the user identification to verify validity of the data and/or the user identification, if the data and the user identification are valid, performing step S7, otherwise performing S8;
s7, taking out a corresponding private key according to the public key, and decrypting the encrypted data by using the private key;
s8, transmitting the decrypted data to the server so as to transmit the webpage back to the browser;
and S9, ending the access request.
Preferably, step S1 further comprises receiving the access request through a reverse proxy server, and transmitting the access request to the server.
Preferably, the step S3 further comprises pre-specifying a special field of the program code file by the encryption program and executing.
Preferably, the selection of the encryption program is related to the special field of the client or the special field specified by the client.
Preferably, step S3 further includes calculating the program code file and the user identification through a secure hash algorithm to encrypt the program code file and the user identification.
Preferably, step S6 further comprises verifying the user identification existing in the identification database, and the user identification can be used only once or within the lifetime of the key.
Preferably, the step S6 further comprises determining whether the data is transmitted repeatedly.
Another aspect of the embodiments of the present invention further provides an information encryption system, including an information encryption apparatus, where the apparatus includes:
a keystore providing a plurality of public keys and a plurality of private keys, wherein the public keys are randomly generated and correspond to the plurality of private keys;
the identity identification database is provided with a memory, and the memory stores user identity certificates;
the communication unit is connected with the key database and the identity identification database and receives an access request from a client;
a processor, communicatively coupled to the communication unit, the processor generating the user identification, the processor being configured to obtain at least one public key from the keystore according to an access request, obtain a web page from a server, generate a program code file corresponding to the web page from the server, and embed an encryption program and the public key in the program code file corresponding to the web page, the processor being further configured to decrypt at least a portion of data from a client encrypted by the encryption program according to the public key, transmit at least a portion of the encrypted data, the public key and the user identification to the processor, and the processor verifying whether the data and the user identification are valid to determine to transmit the data decrypted by the private key to the server; wherein the user identification comprises fields for server time, key pair index value, and key time-to-live.
Preferably, the processor is configured to execute a secure hash algorithm to calculate the program code file and the user identification to form an encrypted program code file and a user identification.
Preferably, the encryption program pre-selects at least a portion of the data of the client to be encrypted.
Compared with the prior art, the information encryption method and the information encryption system can be applied to protecting sensitive data (such as accounts and passwords) from being intercepted and resubmitted. The method ensures that the client cannot be forged or reused by hardware or software in the process of data exchange between the browser and the application program (APP) and the webpage server. Even if the man-in-the-middle can steal the data, the invention can ensure that the disposable data can not be used again by utilizing the server time and the key survival time of the User Identification (UID).
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
This document provides an overview of various implementations or examples of the technology described in this disclosure, and is not a comprehensive disclosure of the full scope or all features of the disclosed technology.
Drawings
Fig. 1 is a block diagram showing the configuration of an information encryption system according to the present invention.
Fig. 2 is a flow chart of the information encryption method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described below clearly and completely with reference to the accompanying drawings of the embodiments of the present disclosure. It is to be understood that the described embodiments are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the described embodiments of the disclosure without any inventive step, are within the scope of protection of the disclosure.
Unless otherwise defined, technical or scientific terms used herein shall have the ordinary meaning as understood by one of ordinary skill in the art to which this disclosure belongs. The use of the word "comprising" or "comprises", and the like, in this disclosure is intended to mean that the elements or items listed before that word, include the elements or items listed after that word, and their equivalents, without excluding other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may also include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
To maintain the following description of the embodiments of the present disclosure clear and concise, a detailed description of known functions and known components have been omitted from the present disclosure.
As shown in fig. 1, an information encryption system according to an aspect of the present invention includes an encryption apparatus 10, where the encryption apparatus 10 includes a key store 12, an id database 14, a communication unit 16 and a processor 18, for convenience of description, fig. 1 also shows a plurality of other components that may be involved, such as a client 2, a browser 4, a web server 6 and a web page 8, which may communicate via a carrier (e.g., a network cable, an optical fiber, etc.) conforming to internet specifications, where the client 2 refers to a user, the user of the browser 4 may open via a computer, a tablet computer, a mobile phone, for example, and may display a program code file developed in a language such as HTM L or JavaScript, the browser 4 may be an IE, Chrome, safari, Firefox, opera, an App, etc., and the web server 6 is a host for executing the web page 8.
The keystore 12 provides a plurality of public keys 122 and a plurality of private keys 124, wherein the keystore 12 may be a memory, a server, a hard disk, a floppy disk, a compact disk, etc. Public key 122 is randomly generated and public key 122 is associated with private key 124. Generally, each public key 122 corresponds to each private key 124, thereby forming a key pair.
The id database 14 has a memory 142, wherein the id database 14 may also be a memory, a server, a hard disk, a floppy disk, an optical disk, etc. The memory 142 can store a user identification, which is generally illustrated by four fields, namely, server time, key pair index value, key survival time (or timeout), and authentication. Which are defined separately as follows:
the server time: the time at which the client, browser or reverse proxy server accesses the web server 6 may be in milliseconds.
Key pair index value: the key pair index value corresponds to the index value of the public key 122 or the private key 124 in the keystore 12.
Key survival time: the lifetime (or validity time) of a User Identification (UID). For example, when the user id is returned to the web server 6, the time of the return is greater than or equal to the server time and the key survival time, and the entire user id is considered invalid; otherwise, the returned time is less than the server time and the key survival time, and the entire user identity certificate is considered to be valid.
And (3) verification: for example, the user may scramble data using a hash function to create a hash value, wherein the hash value may be composed of random letters and numbers.
Therefore, the server time, the key pair index value and the key survival time can be further combined with the hash value to ensure that the user identity certificate has uniqueness, uniqueness and irreproducibility.
The communication unit 16 connects the keystore 12 and the id database 14, for example, the communication unit 16 is a one-way or two-way port that conforms to a wired communication specification or a wireless communication specification. The communication unit 16 is capable of receiving an access request from a client 2.
The processor 18 is connected to the communication unit 16. The functions of the processor 18 to provide data processing are listed below, respectively:
(1) the processor 18 generates a user identification. For example, the processor 18 executes an algorithm to establish the aforementioned user identification according to the requirements of the fields.
(2) The processor 18 retrieves the public key 122 from the keystore 12 in response to the access request. In another embodiment, the processor 18 may determine whether the access request has an encryption function in advance, and if the access request is encrypted, the access request may be decoded in advance.
(3) The processor 18 retrieves the web page 8 from the web server 6 and embeds an encryption program and a public key 122 in the web page 8. In some embodiments, the encryption program may pre-select at least a portion of the client 2's data for encryption. Wherein at least a part of the data is related to sensitive data of the client 2. The operation speed can be increased by selecting a specific field for encryption, and the encrypted field is usually data actively provided by the client 2 or data already stored in the cookie.
(4) The processor 18 decrypts the data (e.g., account name, password, etc.) from the client 2 encrypted by the encryption program according to the public key 122, such as the encrypted account name and password, which are not in the clear, but are changed in an encryption manner, i.e., the encrypted account name and password are already different from the originally input data.
(5) The processor 18 verifies that the data, the user identification, is valid and decides to have the data transmitted to the web server 6.
(6) The processor 18 executes a secure hash algorithm to compute the program code file and the user identification to form an encrypted program code file and user identification.
In practice, the client 2 executes the browser 4 of a computer (not shown), and keys a uniform resource locator (or url L) of a bank into the browser 4, for example, the browser 4 sends an access request to the web server 6 according to the url, and in this embodiment, the access request is first received by the processor 18.
The processor 18 may determine whether the access request is encrypted in advance, if the access request is encrypted, the processor 18 first decrypts the access request, and the processor 18 performs two steps, one step is to connect to the web server 6 corresponding to the access request according to the access request, the other step is to randomly obtain the public key 122 from the key store 12 according to the access request, for example, the processor 18 generates an index value according to a random function, and the processor 18 obtains the corresponding public key 122 from the key store 12 according to the index value. Therefore, the processor 18 obtains the public key 122 corresponding to the index value.
The processor 18 waits for the web page 8 of the web server 6 to obtain the program code file of the web page 8 of the web server 6. After the processor 18 receives the program code file, the processor 18 further adds an encrypted program encryption program and a public key 122 to the program code file. In addition, the processor 18 generates a user identification according to the program code file, the encrypted program encryption program and the public key 122, and the program code file, the encrypted program, the public key 122 and the user identification are transmitted to the browser 4. Note that the encryption program is preset with a setting for encrypting the account name and the password of the client 2. The user identification is stored in the identification database 14.
The client 2 can view the web page 8 of the bank through the browser 4, for example, the web page 8 displays a dialog box, so that the client 2 can input the account name, the password, the verification code, the identification number, and the like to be logged in. The web page 8 may include contents such as an encryption program, a public key 122, and a user identification in addition to the above-described contents.
The client 2 enters data such as a corresponding account name and password into the browser 4. At this time, the browser 4 executes the encryption program based on the data of the client 2, and the encryption program is calculated based on the public key 122. Furthermore, since the encryption program is preset to encrypt only the account name and the password, the account name and the password input by the client 2 are encrypted instead of plaintext, which is different from the content input by the client 2.
At this point, the encrypted data, public key, user identification, etc. are passed by the browser 4 to the processor 18. The processor 18 first confirms whether the user identification exists in the identification database 14, and if the same user identification does not exist in the identification database 14, the data transmission to the web server 6 is finished; if, on the other hand, the identity database 14 does have the same user identification, the processor 18 may further determine whether the client 2 has ever sent the same user identification.
If the user identification is not sent, the user identification is sent for the first time. The processor 18 further determines whether the time that the web server 6 receives the user identification is less than the sum of the server time and the key survival time, and the user identification is considered to be valid and can be used as the login of the client 2; on the contrary, if the time of the user identification is longer than the sum of the server time and the key survival time, the user identification is considered to be invalid and is likely to be intercepted by the man in the middle, and if the user identification is likely to be the action of the man in the middle for replaying, the user identification is considered to be invalid. In this embodiment, if the user identification is invalid, an error page is displayed in the browser 4.
If the user identity is valid, the processor 18 parses the public key 122 and obtains the private key 124 from the keystore 12 according to the public key 122, the processor 18 further decrypts the data according to the private key 124 and transmits the data to the web server 6, and the account name and the password at this time are decrypted into the plaintext input by the client 2. The web server 6 obtains the corresponding account data according to the account name and the password of the plain code. Finally, the account data is output to the browser 4 in the form of a program code file.
As shown in fig. 2, an information encryption method according to another embodiment of the present invention includes: in step S1, the browser issues an access request according to the uniform resource locator. In another embodiment, this step may include a reverse proxy server (reverse proxy) receiving the access request and sending the access request to the server to the proxy server.
In step S2, the server receives an access request to be decrypted, obtains the public key from the key store, and outputs a program code file corresponding to the web page according to the access request.
In step S3, an encryption program and a public key are embedded in the program code file, and a user id is generated and stored in an id database. The user identification at least comprises fields of server time and key survival time. In another embodiment, the encryption process may pre-specify a special field of the code file to be executed. Wherein the encryption program selects a particular field associated with the client or a particular field specified by the client.
In another embodiment, the program code file and the user identification may be calculated by a secure hash algorithm to encrypt the program code file and the user identification.
In step S4, the browser displays the program code file on the client for the client to input data.
In step S5, the encryption program encrypts at least a portion of the client' S data based on the public key.
Step S6, verifying the validity of the data and the user identification, if the data and the user identification are valid, performing step S7, and if the data and the user identification are invalid, performing step S9. For example, the user id is stored in the id database, and the user id can be used only once, used for the lifetime of the key, or determined whether the data is transmitted repeatedly.
Step S7, a corresponding private key is retrieved according to the public key, and the encrypted data is decrypted by using the private key.
Step S8, the decrypted data is transmitted to the server to return the web page to the browser.
In step S9, the access request is terminated.
While there has been described what are believed to be the preferred embodiments of the present invention, it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the principles of the invention, and it is intended to cover all such changes and modifications as fall within the true scope of the invention.

Claims (10)

1. An information encryption method for resisting man-in-the-middle attacks when a browser obtains a webpage of a server according to a uniform resource locator, the method comprising:
s1, the browser sends out an encrypted access request according to the uniform resource locator;
s2, the server receives the access request needing to be decrypted, obtains a public key from a key bank encryption program, and generates a program coding file corresponding to the webpage by the server according to the access request;
s3, outputting the program code file to the browser, embedding an encryption program, the public key and a user identification in the program code file, and storing the user identification in an identification database, wherein the user identification comprises fields of server time, a key pair index value and key survival time;
s4, the browser displays, explains and presents the program code file on the client, and receives data input by the client;
s5, encrypting at least one part of the data of the client according to the public key by the encryption program embedded in the program code file;
s6, transmitting at least a part of the encrypted data, and the public key and the user identification to verify validity of the data and/or the user identification, if the data and the user identification are valid, performing step S7, otherwise performing S8;
s7, taking out a corresponding private key according to the public key, and decrypting the encrypted data by using the private key;
s8, transmitting the decrypted data to the server so as to transmit the webpage back to the browser;
and S9, ending the access request.
2. The method of claim 1, wherein step S1 further comprises receiving the access request through a reverse proxy server and transmitting the access request to the server.
3. The method as claimed in claim 1, wherein the step S3 further comprises pre-designating a special field of the program code file by the encryption program and executing.
4. The method of claim 3, wherein the selection of the encryption program is related to the special field of the client or the special field specified by the client.
5. The method as claimed in claim 3, wherein step S3 further comprises computing the program code file and the user identification by a secure hash algorithm to encrypt the program code file and the user identification.
6. The method according to claim 1, wherein step S6 further comprises verifying that the user identification exists in the identification database, and the user identification can only be used once or within the lifetime of the key.
7. The method of claim 6, wherein step S6 further comprises determining whether the data is transmitted repeatedly.
8. An information encryption system comprising an information encryption device, the device comprising:
a keystore providing a plurality of public keys and a plurality of private keys, wherein the public keys are randomly generated and correspond to the plurality of private keys;
the identity identification database is provided with a memory, and the memory stores user identity certificates;
the communication unit is connected with the key database and the identity identification database and receives an access request from a client;
a processor, communicatively coupled to the communication unit, the processor generating the user identification, the processor being configured to obtain at least one public key from the keystore according to an access request, obtain a web page from a server, generate a program code file corresponding to the web page from the server, and embed an encryption program and the public key in the program code file corresponding to the web page, the processor being further configured to decrypt at least a portion of data from a client encrypted by the encryption program according to the public key, transmit at least a portion of the encrypted data, the public key and the user identification to the processor, and the processor verifying whether the data and the user identification are valid to determine to transmit the data decrypted by the private key to the server; wherein the user identification comprises fields for server time, key pair index value, and key time-to-live.
9. The system of claim 8, wherein the processor is configured to perform a secure hash algorithm to compute the program code file and the user identification to form an encrypted program code file and user identification.
10. The system of claim 9, wherein the encryption program pre-selects at least a portion of the data of a client to encrypt.
CN202010243922.0A 2020-03-31 2020-03-31 Information encryption method and system Pending CN111464532A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010243922.0A CN111464532A (en) 2020-03-31 2020-03-31 Information encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010243922.0A CN111464532A (en) 2020-03-31 2020-03-31 Information encryption method and system

Publications (1)

Publication Number Publication Date
CN111464532A true CN111464532A (en) 2020-07-28

Family

ID=71682141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010243922.0A Pending CN111464532A (en) 2020-03-31 2020-03-31 Information encryption method and system

Country Status (1)

Country Link
CN (1) CN111464532A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084388A (en) * 2020-08-07 2020-12-15 广州力挚网络科技有限公司 Data encryption method and device, electronic equipment and storage medium
CN113742752A (en) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 Unified authentication method and device for interface docking, computer equipment and storage medium
CN114513605A (en) * 2022-01-25 2022-05-17 重庆医药高等专科学校 An image capturing big data storage system
CN114826729A (en) * 2022-04-22 2022-07-29 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN117874783A (en) * 2023-12-14 2024-04-12 天翼云科技有限公司 Data storage method and device, storage medium and electronic equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201913445A (en) * 2017-08-25 2019-04-01 小松鼠軟體有限公司 User data encryption device for blocking man-in-the-middle attacks and method thereof capable of providing a unique identity code and encrypting the public key

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201913445A (en) * 2017-08-25 2019-04-01 小松鼠軟體有限公司 User data encryption device for blocking man-in-the-middle attacks and method thereof capable of providing a unique identity code and encrypting the public key

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084388A (en) * 2020-08-07 2020-12-15 广州力挚网络科技有限公司 Data encryption method and device, electronic equipment and storage medium
CN112084388B (en) * 2020-08-07 2024-04-30 广州力挚网络科技有限公司 Data encryption method and device, electronic equipment and storage medium
CN113742752A (en) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 Unified authentication method and device for interface docking, computer equipment and storage medium
CN113742752B (en) * 2021-09-13 2024-03-26 杭州安恒信息技术股份有限公司 Unified authentication method, device, computer equipment and storage medium for interface docking
CN114513605A (en) * 2022-01-25 2022-05-17 重庆医药高等专科学校 An image capturing big data storage system
CN114513605B (en) * 2022-01-25 2024-03-05 重庆医药高等专科学校 Big data storage system for image shooting
CN114826729A (en) * 2022-04-22 2022-07-29 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN114826729B (en) * 2022-04-22 2024-05-28 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN117874783A (en) * 2023-12-14 2024-04-12 天翼云科技有限公司 Data storage method and device, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US8209744B2 (en) Mobile device assisted secure computer network communication
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
US20150195257A1 (en) Securing passwords against dictionary attacks
CN111464532A (en) Information encryption method and system
EP1359491A1 (en) Methods for remotely changing a communications password
US20110179478A1 (en) Method for secure transmission of sensitive data utilizing network communications and for one time passcode and multi-factor authentication
TWI424726B (en) Method and system for defeating the man in the middle computer hacking technique
JP2016063533A (en) Network authentication method for electronic transactions
WO2008118966A1 (en) System and method for user authentication with exposed and hidden keys
JP6627043B2 (en) SSL communication system, client, server, SSL communication method, computer program
CN112910867A (en) Double verification method for trusted equipment to access application
CN118233218B (en) Remote authentication system and method based on distributed trusted execution environment application
EP1766848A1 (en) Method, system and computer program for protecting user credentials against security attacks
CN116743470A (en) Business data encryption processing method and device
US8806216B2 (en) Implementation process for the use of cryptographic data of a user stored in a data base
JP5186648B2 (en) System and method for facilitating secure online transactions
Badra et al. Phishing attacks and solutions
Raddum et al. Security analysis of mobile phones used as OTP generators
Latze Stronger Authentication in E-Commerce-How to protect even naıve Users against Phishing, Pharming, and MITM attacks
WO2001011817A2 (en) Network user authentication protocol
Karthiga et al. Enhancing performance of user authentication protocol with resist to password reuse attacks
CN117879803A (en) Data transmission system, method, device and storage medium based on link encryption
KR100892609B1 (en) A medium on which a secure communication system, method and computer program for executing the method are recorded.
Guo et al. Extending registration and authentication processes of FIDO2 external authenticator with QR codes
JP7808021B2 (en) Authentication device, authentication method, and authentication program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200728

RJ01 Rejection of invention patent application after publication