CN119652583A - Message body encryption method, server, electronic device and storage medium - Google Patents

Message body encryption method, server, electronic device and storage medium Download PDF

Info

Publication number
CN119652583A
CN119652583A CN202411752136.8A CN202411752136A CN119652583A CN 119652583 A CN119652583 A CN 119652583A CN 202411752136 A CN202411752136 A CN 202411752136A CN 119652583 A CN119652583 A CN 119652583A
Authority
CN
China
Prior art keywords
message body
session key
encrypted
server
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411752136.8A
Other languages
Chinese (zh)
Other versions
CN119652583B (en
Inventor
冯喜锋
梁荣辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kaihong Digital Industry Development Co Ltd
Original Assignee
Shenzhen Kaihong Digital Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kaihong Digital Industry Development Co Ltd filed Critical Shenzhen Kaihong Digital Industry Development Co Ltd
Priority to CN202411752136.8A priority Critical patent/CN119652583B/en
Publication of CN119652583A publication Critical patent/CN119652583A/en
Application granted granted Critical
Publication of CN119652583B publication Critical patent/CN119652583B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本申请公开了一种消息体加密方法、服务器、电子设备及存储介质,涉及安全加密技术领域,应用于服务器的消息体加密方法包括:在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;使用预设的私钥加密会话密钥,得到加密串,并将加密串发送至电子设备,以使电子设备使用预设的公钥对加密串进行解密,得到会话密钥,并使用会话密钥加密初始消息体,得到加密消息体;在接收到电子设备发送的加密消息体和第一算法标识的情形下,根据第一算法标识,确定解密算法;使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。本申请通过加密传输,降低了数据传输过程中数据泄露的发生概率。

The present application discloses a message body encryption method, a server, an electronic device and a storage medium, and relates to the field of security encryption technology. The message body encryption method applied to the server includes: generating a session key according to a received device identification when the electronic device is authenticated; encrypting the session key with a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic device so that the electronic device uses a preset public key to decrypt the encrypted string to obtain a session key, and encrypting the initial message body with the session key to obtain an encrypted message body; determining a decryption algorithm according to the first algorithm identification when the encrypted message body and a first algorithm identification sent by the electronic device are received; decrypting the encrypted message body using the decryption algorithm and the session key to obtain the initial message body. The present application reduces the probability of data leakage during data transmission through encrypted transmission.

Description

消息体加密方法、服务器、电子设备及存储介质Message body encryption method, server, electronic device and storage medium

技术领域Technical Field

本申请涉及具体的技术领域,尤其涉及消息体加密方法、服务器、电子设备及存储介质。The present application relates to a specific technical field, and in particular to a message body encryption method, a server, an electronic device and a storage medium.

背景技术Background Art

随着信息技术的广泛应用,设备和服务器之间的消息通信变得日益频繁。为保护数据的安全性和完整性,常规技术中普遍采用了多种消息体加密手段,包括但不限于使用加密算法进行数据加密,以及通过动态密钥协商机制来确保每次通信的密钥更新。With the widespread application of information technology, message communications between devices and servers have become increasingly frequent. In order to protect the security and integrity of data, conventional technologies generally use a variety of message body encryption methods, including but not limited to using encryption algorithms to encrypt data and using dynamic key negotiation mechanisms to ensure key updates for each communication.

常用的认证协议和数字签名技术也在消息传输层面上提供了身份验证和数据完整性保护,使得数据在传输过程中的安全性得到了进一步增强。尽管常规的安全防护策略为通信提供了有力的保障,但是静态密钥的安全存储难题、密钥协商的繁琐过程以及加密算法难以长期保持有效性等问题,都会导致数据在传输过程中被非法截获或泄露的风险升高。Common authentication protocols and digital signature technologies also provide identity authentication and data integrity protection at the message transmission level, further enhancing the security of data during transmission. Although conventional security protection strategies provide strong protection for communications, the difficulty of secure storage of static keys, the cumbersome process of key negotiation, and the difficulty of encryption algorithms to maintain long-term effectiveness all increase the risk of data being illegally intercepted or leaked during transmission.

上述内容仅用于辅助理解本申请的技术方案,并不代表承认上述内容是现有技术。The above contents are only used to assist in understanding the technical solution of the present application and do not constitute an admission that the above contents are prior art.

发明内容Summary of the invention

本申请的主要目的在于提供一种消息体加密方法、服务器、电子设备及存储介质,旨在降低通信过程中数据泄露的发生概率。The main purpose of this application is to provide a message body encryption method, server, electronic device and storage medium, aiming to reduce the probability of data leakage during communication.

为实现上述目的,本申请提出一种消息体加密方法,应用于服务器,所述的方法包括:To achieve the above purpose, the present application proposes a message body encryption method, which is applied to a server, and the method comprises:

在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;If the electronic device is authenticated, a session key is generated according to the received device identification;

使用预设的私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备,以使所述电子设备使用预设的公钥对所述加密串进行解密,得到会话密钥,并使用所述会话密钥加密初始消息体,得到加密消息体;Encrypting the session key using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic device so that the electronic device decrypts the encrypted string using a preset public key to obtain a session key, and encrypts the initial message body using the session key to obtain an encrypted message body;

在接收到所述电子设备发送的所述加密消息体和第一算法标识的情形下,根据所述第一算法标识,确定解密算法;Upon receiving the encrypted message body and the first algorithm identifier sent by the electronic device, determining a decryption algorithm according to the first algorithm identifier;

使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The encrypted message body is decrypted using the decryption algorithm and the session key to obtain the initial message body.

在一实施例中,所述使用私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备的步骤包括:In one embodiment, the step of encrypting the session key using a private key to obtain an encrypted string, and sending the encrypted string to the electronic device includes:

使用所述私钥和随机数加密所述会话密钥,得到加密串;Encrypt the session key using the private key and a random number to obtain an encrypted string;

将所述加密串和所述随机数发送至所述电子设备,以使所述电子设备使用所述公钥和所述随机数对所述加密串进行解密,得到会话密钥。The encrypted string and the random number are sent to the electronic device, so that the electronic device uses the public key and the random number to decrypt the encrypted string to obtain a session key.

在一实施例中,在所述根据接收到的设备标识,生成会话密钥的步骤之前,还包括:In one embodiment, before the step of generating a session key according to the received device identification, the method further includes:

在接收到所述电子设备发送的设备标识、第一密钥串和第二算法标识的情形下,根据所述设备标识,确定设备密码;Upon receiving the device identification, the first key string, and the second algorithm identification sent by the electronic device, determining the device password according to the device identification;

根据所述第二算法标识,确定加密算法,其中,所述加密算法为所述电子设备对所述设备密码进行加密时所采用的算法;determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm used by the electronic device to encrypt the device password;

使用所述加密算法加密所述设备密码,得到第二密钥串;Encrypt the device password using the encryption algorithm to obtain a second key string;

在所述第一密钥串和所述第二密钥串相同的情形下,确认所述电子设备认证成功。In a case where the first key string and the second key string are the same, it is confirmed that the electronic device authentication is successful.

此外,为实现上述目的,本申请还提出一种消息体加密方法,应用于电子设备,所述的方法包括:In addition, to achieve the above purpose, the present application also proposes a message body encryption method, which is applied to an electronic device, and the method includes:

在接收到服务器发送的加密串的情形下,使用预设的公钥解密所述加密串,得到会话密钥,其中,所述会话密钥由所述服务器根据设备标识生成,所述加密串由所述服务器使用预设的私钥对所述会话密钥加密得到;Upon receiving the encrypted string sent by the server, decrypt the encrypted string using a preset public key to obtain a session key, wherein the session key is generated by the server according to the device identifier, and the encrypted string is obtained by encrypting the session key by the server using a preset private key;

使用所述会话密钥加密初始消息体,得到加密消息体;Encrypt the initial message body using the session key to obtain an encrypted message body;

向所述服务器发送所述加密消息体和第一算法标识,以使所述服务器根据所述第一算法标识,确定解密算法,并使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The encrypted message body and the first algorithm identifier are sent to the server, so that the server determines the decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body.

在一实施例中,所述向所述服务器发送所述加密消息体和第一算法标识的步骤包括:In one embodiment, the step of sending the encrypted message body and the first algorithm identifier to the server includes:

将所述第一算法标识封装于消息传输协议的标志位中,并通过所述消息传输协议,发送所述加密消息体至所述服务器,以使所述服务器通过读取所述消息传输协议的标志位,获取所述第一算法标识。The first algorithm identifier is encapsulated in a flag bit of a message transmission protocol, and the encrypted message body is sent to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol.

在一实施例中,在所述使用所述会话密钥加密初始消息体的步骤之前,还包括:In one embodiment, before the step of encrypting the initial message body using the session key, the method further includes:

在接收到所述服务器发送的加密串和随机数的情形下,使用所述公钥和所述随机数对所述加密串进行解密,得到会话密钥。When the encrypted string and the random number sent by the server are received, the encrypted string is decrypted using the public key and the random number to obtain a session key.

在一实施例中,在所述得到会话密钥的步骤之后,还包括:In one embodiment, after the step of obtaining the session key, the method further includes:

在所述随机数为时间戳的情形下,比较所述时间戳和当前时间之间的时间间隔是否超过预设的时间阈值;In the case where the random number is a timestamp, comparing whether the time interval between the timestamp and the current time exceeds a preset time threshold;

在所述时间间隔超过所述时间阈值的情形下,断开与所述服务器之间的连接;When the time interval exceeds the time threshold, disconnecting the connection with the server;

在所述时间间隔未超过所述时间阈值的情形下,执行所述使用所述会话密钥加密初始消息体及之后的步骤。In a case where the time interval does not exceed the time threshold, the steps of encrypting the initial message body using the session key and subsequent steps are performed.

此外,为实现上述目的,本申请还提出一种消息体加密装置,所述消息体加密装置应用于服务器,所述消息体加密装置包括:In addition, to achieve the above purpose, the present application also proposes a message body encryption device, which is applied to a server and includes:

密钥生成模块,用于在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;A key generation module, used to generate a session key according to the received device identification when the electronic device is authenticated;

密钥加密模块,用于使用预设的私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备,以使所述电子设备使用预设的公钥对所述加密串进行解密,得到会话密钥,并使用所述会话密钥加密初始消息体,得到加密消息体;A key encryption module, used to encrypt the session key using a preset private key to obtain an encrypted string, and send the encrypted string to the electronic device, so that the electronic device decrypts the encrypted string using a preset public key to obtain a session key, and encrypts an initial message body using the session key to obtain an encrypted message body;

算法确定模块,用于在接收到所述电子设备发送的所述加密消息体和第一算法标识的情形下,根据所述第一算法标识,确定解密算法;an algorithm determination module, configured to determine a decryption algorithm according to the first algorithm identifier when receiving the encrypted message body and the first algorithm identifier sent by the electronic device;

消息体解密模块,用于使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The message body decryption module is used to decrypt the encrypted message body using the decryption algorithm and the session key to obtain the initial message body.

此外,为实现上述目的,本申请还提出一种消息体加密装置,所述消息体加密装置应用于电子设备,所述消息体加密装置包括:In addition, to achieve the above-mentioned purpose, the present application also proposes a message body encryption device, which is applied to an electronic device, and the message body encryption device includes:

密钥解密模块,用于在接收到服务器发送的加密串的情形下,使用预设的公钥解密所述加密串,得到会话密钥,其中,所述会话密钥由所述服务器根据设备标识生成,所述加密串由所述服务器使用预设的私钥对所述会话密钥加密得到;A key decryption module, configured to, upon receiving an encrypted string sent by the server, decrypt the encrypted string using a preset public key to obtain a session key, wherein the session key is generated by the server according to the device identifier, and the encrypted string is obtained by encrypting the session key by the server using a preset private key;

消息体加密模块,用于使用所述会话密钥加密初始消息体,得到加密消息体;A message body encryption module, used to encrypt the initial message body using the session key to obtain an encrypted message body;

消息发送模块,用于向所述服务器发送所述加密消息体和第一算法标识,以使所述服务器根据所述第一算法标识,确定解密算法,并使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The message sending module is used to send the encrypted message body and the first algorithm identifier to the server, so that the server determines the decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body.

此外,为实现上述目的,本申请还提出一种存储介质,所述存储介质为计算机可读存储介质,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上文所述的消息体加密方法的步骤。In addition, to achieve the above-mentioned purpose, the present application also proposes a storage medium, which is a computer-readable storage medium, and a computer program is stored on the storage medium. When the computer program is executed by a processor, the steps of the message body encryption method described above are implemented.

本申请提出的一个或多个技术方案,应用于服务器,至少具有以下技术效果:在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥,确保了每个会话都有独特的密钥,降低了会话被窃听或破解的风险;然后,使用预设的私钥加密会话密钥,得到加密串,使用私钥进行加密保证了会话密钥在传输过程中的机密性;进而将加密串发送至电子设备,无授权的设备(即没有对应公钥的设备)即使窃听到了加密串,也无法获取会话密钥;进一步地,在接收到电子设备发送的加密消息体和第一算法标识的情形下,根据第一算法标识,确定用于解密加密消息体的解密算法,只有知道算法标识和加解密算法的匹配关系的设备才能确定正确的解密算法,避免消息泄露;其中,加密消息体由电子设备使用会话密钥对初始消息体加密生成,只有拥有正确会话密钥的设备才能生成有效的加密消息体,这不仅保证了消息的机密性,同时也是对电子设备的一种身份验证;使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体,大部分对消息的篡改都会导致解密失败,从而确保了消息在传输过程中的完整性。本申请通过加密和解密的过程,确保了数据传输的机密性和可靠性,降低了电子设备和服务器之间的通信过程中数据泄露的发生概率。One or more technical solutions proposed in this application, when applied to a server, have at least the following technical effects: when the electronic device is authenticated, a session key is generated according to the received device identification, ensuring that each session has a unique key and reducing the risk of the session being eavesdropped or cracked; then, the session key is encrypted using a preset private key to obtain an encrypted string, and encryption using the private key ensures the confidentiality of the session key during transmission; the encrypted string is then sent to the electronic device, and an unauthorized device (i.e., a device without a corresponding public key) cannot obtain the session key even if it eavesdrops on the encrypted string; further, upon receiving the encrypted message body and the first algorithm identifier sent by the electronic device, In the case of, according to the first algorithm identifier, determine the decryption algorithm used to decrypt the encrypted message body. Only the device that knows the matching relationship between the algorithm identifier and the encryption and decryption algorithm can determine the correct decryption algorithm to avoid message leakage; wherein, the encrypted message body is generated by the electronic device using the session key to encrypt the initial message body. Only the device with the correct session key can generate a valid encrypted message body, which not only ensures the confidentiality of the message, but also serves as an identity authentication for the electronic device; use the decryption algorithm and session key to decrypt the encrypted message body to obtain the initial message body. Most tampering with the message will result in decryption failure, thereby ensuring the integrity of the message during transmission. This application ensures the confidentiality and reliability of data transmission through the encryption and decryption process, and reduces the probability of data leakage during communication between electronic devices and servers.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本申请的实施例,并与说明书一起用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the present application.

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, for ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

图1为本申请消息体加密方法实施例一提供的流程示意图;FIG1 is a schematic diagram of a flow chart of a method for encrypting a message body according to an embodiment of the present invention;

图2为本申请实施例一提供的消息体加密方法的总体架构图;FIG2 is a general architecture diagram of a message body encryption method provided in Example 1 of the present application;

图3为本申请实施例一提供的设备认证的交互示意图;FIG3 is a schematic diagram of an interaction of device authentication provided in Embodiment 1 of the present application;

图4为本申请实施例二提供的电子设备与服务器之间的消息通信示意图;FIG4 is a schematic diagram of message communication between an electronic device and a server provided in Embodiment 2 of the present application;

图5为本申请实施例一消息体加密装置的模块结构示意图;FIG5 is a schematic diagram of the module structure of a message body encryption device according to an embodiment of the present application;

图6为本申请实施例另一消息体加密装置的模块结构示意图;FIG6 is a schematic diagram of the module structure of another message body encryption device according to an embodiment of the present application;

图7为本申请实施例中消息体加密方法涉及的服务器的结构示意图;FIG7 is a schematic diagram of the structure of a server involved in the message body encryption method in an embodiment of the present application;

图8为本申请实施例中消息体加密方法涉及的电子设备的结构示意图。FIG8 is a schematic diagram of the structure of an electronic device involved in the message body encryption method in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

应当理解,此处所描述的具体实施例仅仅用以解释本申请的技术方案,并不用于限定本申请。It should be understood that the specific embodiments described herein are only used to explain the technical solutions of the present application and are not used to limit the present application.

为了更好的理解本申请的技术方案,下面将结合说明书附图以及具体的实施方式进行详细的说明。In order to better understand the technical solution of the present application, a detailed description will be given below in conjunction with the accompanying drawings and specific implementation methods.

常规技术中,静态密钥在长期存储过程中面临着泄露的风险,如果静态密钥被非法获取,那么即使通信双方使用加密技术,数据的机密性也难以保障;而且,随着计算能力的增强和新攻击方法的出现,原有的加密算法可能变得不再安全,设备和服务器之间的消息内容可能被第三方窃取,造成消息泄露,这些都直接导致数据泄露的发生概率增加。In conventional technology, static keys face the risk of leakage during long-term storage. If the static keys are illegally obtained, the confidentiality of the data is difficult to guarantee even if the communicating parties use encryption technology. Moreover, with the enhancement of computing power and the emergence of new attack methods, the original encryption algorithms may no longer be secure, and the message content between devices and servers may be stolen by third parties, resulting in message leakage. All of these directly lead to an increased probability of data leakage.

本申请提供一种解决方案,应用于服务器,首先,在通信之前,根据电子设备发送的设备标识,确定设备密码,通过对设备密码进行加密来验证电子设备发送的密钥串,从而确保电子设备的合法性;在电子设备认证通过的情形下,根据接收到的设备标识动态生成会话密钥,确保了每次通信都拥有独一无二的密钥,有效防止了会话密钥被重复使用或窃取的风险,有效防止了重放攻击,从而增强了数据传输的保密性;随后,使用预设的私钥对会话密钥进行加密,生成加密串并发送给电子设备,这一过程不仅保护了会话密钥的安全传输,还利用私钥的唯一性和保密性,进一步加固了通信链路,使其更难被未经授权的第三方破解;当接收到电子设备发送的加密消息体和第一算法标识时,根据算法标识确定解密算法,这一灵活性使得设备和服务器可以使用多种加解密算法进行对应的加解密,减少了被暴力破解的可能性;最后,利用会话密钥和确定的解密算法,对加密消息体进行解密,还原出初始消息体,保证了信息在传输过程中的完整性和可读性,同时减少了因解密错误导致的通信失败率。The present application provides a solution, which is applied to a server. First, before communication, a device password is determined according to a device identification sent by an electronic device, and a key string sent by the electronic device is verified by encrypting the device password, thereby ensuring the legitimacy of the electronic device; when the electronic device is authenticated, a session key is dynamically generated according to the received device identification, thereby ensuring that each communication has a unique key, effectively preventing the risk of the session key being reused or stolen, and effectively preventing replay attacks, thereby enhancing the confidentiality of data transmission; then, the session key is encrypted using a preset private key, an encrypted string is generated and sent to the electronic device, and this The process not only protects the secure transmission of session keys, but also uses the uniqueness and confidentiality of private keys to further strengthen the communication link, making it more difficult to be cracked by unauthorized third parties; when the encrypted message body and the first algorithm identifier sent by the electronic device are received, the decryption algorithm is determined according to the algorithm identifier. This flexibility allows the device and the server to use a variety of encryption and decryption algorithms for corresponding encryption and decryption, reducing the possibility of brute force cracking; finally, the encrypted message body is decrypted using the session key and the determined decryption algorithm to restore the original message body, ensuring the integrity and readability of the information during transmission, while reducing the communication failure rate caused by decryption errors.

需要说明的是,本实施例的执行主体可以是一种具有数据处理、网络通信以及程序运行功能的计算服务设备,例如平板电脑、个人电脑、手机等,或者是一种能够实现上述功能的电子设备等。It should be noted that the execution subject of this embodiment can be a computing service device with data processing, network communication and program running functions, such as a tablet computer, a personal computer, a mobile phone, etc., or an electronic device that can realize the above functions.

以下以服务器为执行主体为例,对本实施例进行说明。The present embodiment is described below by taking a server as an execution subject as an example.

基于此,本申请实施例提供了一种消息体加密方法,参照图1,图1为本申请消息体加密方法第一实施例的流程示意图。Based on this, an embodiment of the present application provides a message body encryption method, referring to Figure 1, which is a flow chart of the first embodiment of the message body encryption method of the present application.

本实施例中,消息体加密方法包括步骤S10~S40:In this embodiment, the message body encryption method includes steps S10 to S40:

步骤S10,在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;Step S10, when the electronic device is authenticated, a session key is generated according to the received device identification;

需要说明的是,会话密钥是在通信会话中用于加密和解密消息内容的密钥,可以是由算法生成的随机数或基于设备标识计算出的哈希值,相当于每次通信过程中临时生成的不可复制的一次性密钥。It should be noted that the session key is a key used to encrypt and decrypt message content in a communication session. It can be a random number generated by an algorithm or a hash value calculated based on a device identifier. It is equivalent to a one-time, non-replicable key that is temporarily generated during each communication process.

示例性地,当电子设备尝试访问服务器时,首先需要通过认证流程(如输入正确的用户名和密码);认证通过后,基于电子设备的唯一标识(设备标识)生成一个唯一的会话密钥,将会话密钥发送给电子设备,用于后续的数据加密和解密操作。For example, when an electronic device attempts to access a server, it first needs to pass an authentication process (such as entering a correct username and password); after authentication, a unique session key is generated based on the unique identifier of the electronic device (device identifier), and the session key is sent to the electronic device for subsequent data encryption and decryption operations.

可以理解的是,通过随机生成密钥串,确保每次生成的密钥串都是唯一的,难以被破解和重复利用,防止重放攻击。It is understandable that by randomly generating a key string, it is ensured that each generated key string is unique, difficult to be cracked and reused, and replay attacks are prevented.

步骤S20,使用预设的私钥加密会话密钥,得到加密串,并将加密串发送至电子设备,以使电子设备使用预设的公钥对加密串进行解密,得到会话密钥,并使用会话密钥加密初始消息体,得到加密消息体;Step S20, encrypting the session key using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic device, so that the electronic device uses a preset public key to decrypt the encrypted string to obtain the session key, and uses the session key to encrypt the initial message body to obtain an encrypted message body;

在一可行实施例中,服务器使用私钥加密一个会话密钥(会话密钥),然后将加密的会话密钥(加密串)发送给客户端。客户端使用公钥解密得到会话密钥,并使用该会话密钥来加密后续的通信数据。In one feasible embodiment, the server uses a private key to encrypt a session key (session key), and then sends the encrypted session key (encrypted string) to the client. The client uses the public key to decrypt to obtain the session key, and uses the session key to encrypt subsequent communication data.

需要说明的是,公钥与私钥需成对使用,在通信之前预先分别存储到电子设备和服务器中;消息体是指电子设备想要与服务器通信的具体内容。It should be noted that the public key and private key must be used in pairs and stored in the electronic device and the server respectively before communication; the message body refers to the specific content that the electronic device wants to communicate with the server.

示例性地,服务器首先使用私钥加密初始的临时会话密钥,然后将加密后的结果(加密串)发送给电子设备,防止临时会话密钥被窃取。电子设备收到后,使用对应的公钥解密,得到原始的临时会话密钥,接着使用这个临时会话密钥对需要传输的消息体进行加密,得到加密消息体,即使加密消息体被第三方拦截或窃取,也难以在不明确解密算法和密钥的情形下被解密。For example, the server first uses the private key to encrypt the initial temporary session key, and then sends the encrypted result (encrypted string) to the electronic device to prevent the temporary session key from being stolen. After receiving it, the electronic device uses the corresponding public key to decrypt it and obtain the original temporary session key. Then, the temporary session key is used to encrypt the message body to be transmitted to obtain the encrypted message body. Even if the encrypted message body is intercepted or stolen by a third party, it is difficult to be decrypted without knowing the decryption algorithm and key.

示例性地,还可以在服务器端引入数字签名技术,确保临时会话密钥传输的完整性,同时也是对服务器的身份认证,避免中间人攻击。Exemplarily, digital signature technology may also be introduced on the server side to ensure the integrity of the temporary session key transmission, which is also an identity authentication of the server to avoid man-in-the-middle attacks.

示例性地,在使用预设的私钥加密会话密钥时,可以从预设的多套加解密算法中随机选择一套加密算法或者根据用户的安全需求选择一套加密算法;在加密完成之后,将加密得到的加密串和算法标识一起发送至电子设备。电子设备接收到后,根据算法标识确定对应的解密算法,再使用对应的解密算法和公钥对加密串进行解密,得到会话密钥。这样可以避免长期使用同一套加密算法导致的加密串被暴力破解,造成会话密钥泄露,进一步减少了数据泄露的风险。For example, when using a preset private key to encrypt a session key, a set of encryption algorithms can be randomly selected from multiple preset encryption and decryption algorithms or a set of encryption algorithms can be selected according to the user's security requirements; after the encryption is completed, the encrypted string and the algorithm identifier are sent to the electronic device. After receiving the electronic device, the corresponding decryption algorithm is determined according to the algorithm identifier, and then the corresponding decryption algorithm and public key are used to decrypt the encrypted string to obtain the session key. This can avoid the encrypted string being violently cracked due to the long-term use of the same encryption algorithm, resulting in the leakage of the session key, and further reduce the risk of data leakage.

可以理解的是,通过使用私钥加密公钥解密的过程,确保了临时会话密钥在传输过程中的机密性和完整性,确保只有授权实体能获取到临时会话密钥信息,防止被第三方窃取消息或冒充合法用户,有效降低了信息泄露给未经授权的第三方以及身份被盗用的可能性。It can be understood that by using the private key to encrypt and the public key to decrypt, the confidentiality and integrity of the temporary session key during transmission are ensured, ensuring that only authorized entities can obtain temporary session key information, preventing third parties from stealing messages or impersonating legitimate users, and effectively reducing the possibility of information leakage to unauthorized third parties and identity theft.

步骤S30,在接收到电子设备发送的加密消息体和第一算法标识的情形下,根据第一算法标识,确定解密算法;Step S30, upon receiving the encrypted message body and the first algorithm identifier sent by the electronic device, determining a decryption algorithm according to the first algorithm identifier;

需要说明的是,算法标识是指用于标识特定加密算法或解密算法的一种代码或标识符,第一算法标识则是用于标识加密消息体所使用的加密算法的标识符;解密算法与上述加密算法相对应,是指用于将加密消息体还原成原始数据内容的算法。It should be noted that the algorithm identifier refers to a code or identifier used to identify a specific encryption algorithm or decryption algorithm, and the first algorithm identifier is an identifier used to identify the encryption algorithm used to encrypt the message body; the decryption algorithm corresponds to the above-mentioned encryption algorithm, and refers to the algorithm used to restore the encrypted message body to the original data content.

示例性地,在电子设备和服务器中预设有多套配对的加密算法和解密算法,且与对应的第一算法标识关联存储。电子设备在加密消息体时,从中随机选择一种加密算法对初始消息体进行加密,并将加密消息体和第一算法标识发送至服务器。服务器接收到后,可以根据第一算法标识确定对应的解密算法。Exemplarily, multiple sets of paired encryption algorithms and decryption algorithms are preset in the electronic device and the server, and are stored in association with the corresponding first algorithm identifier. When the electronic device encrypts the message body, it randomly selects an encryption algorithm to encrypt the initial message body, and sends the encrypted message body and the first algorithm identifier to the server. After receiving it, the server can determine the corresponding decryption algorithm according to the first algorithm identifier.

示例性地,请参照图2,图2提供了一种消息体加密方法的总体架构图,维修人员300会在电子设备100内预设公钥和加解密算法,在服务器200内预设私钥和相同的加解密算法;电子设备100和服务器200可以根据接收到的算法标识,确定对方使用的加解密算法。Exemplarily, please refer to Figure 2, which provides an overall architecture diagram of a message body encryption method. The maintenance personnel 300 will preset a public key and an encryption and decryption algorithm in the electronic device 100, and preset a private key and the same encryption and decryption algorithm in the server 200; the electronic device 100 and the server 200 can determine the encryption and decryption algorithm used by the other party based on the received algorithm identifier.

可以理解的是,通过设置多种加密算法,即使在其中一个被破解的情形下,也不会导致其他消息的数据泄露;通过第一算法标识,确保只有匹配到正确解密算法的接收方能解密消息体,减少了通信过程中未经授权访问敏感信息和数据泄露的可能性。It can be understood that by setting up multiple encryption algorithms, even if one of them is cracked, it will not lead to data leakage of other messages; through the first algorithm identification, it is ensured that only the recipient who matches the correct decryption algorithm can decrypt the message body, reducing the possibility of unauthorized access to sensitive information and data leakage during the communication process.

步骤S40,使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。Step S40: decrypt the encrypted message body using the decryption algorithm and the session key to obtain the initial message body.

示例性地,服务器在确定解密算法之后,直接根据设备标识确定对应的临时会话密钥(会话密钥),使用相应的解密算法和临时会话密钥对加密消息体进行解密,从而得到原始的、未加密的消息内容。Exemplarily, after determining the decryption algorithm, the server directly determines the corresponding temporary session key (session key) according to the device identifier, and uses the corresponding decryption algorithm and the temporary session key to decrypt the encrypted message body, thereby obtaining the original, unencrypted message content.

可以理解的是,通过解密算法和临时会话密钥的配合使用,确保只有知道正确解密算法和正确密钥的接收方才能解密消息,确保只有授权的接收方能够访问和理解原始消息,从而减少了数据泄露和未经授权访问的风险。It can be understood that through the coordinated use of the decryption algorithm and the temporary session key, it is ensured that only the recipient who knows the correct decryption algorithm and the correct key can decrypt the message, and that only the authorized recipient can access and understand the original message, thereby reducing the risk of data leakage and unauthorized access.

本实施例提供了一种消息体加密方法,通过使用私钥加密生成的临时会话密钥,防止在临时会话密钥被第三方窃取;通过第一算法标识,确定对应的解密算法,即使被第三方截获加密消息体,也无法确定对应的解密算法,无法获取原始消息内容。This embodiment provides a message body encryption method, which prevents the temporary session key from being stolen by a third party by using a private key to encrypt the temporary session key; determines the corresponding decryption algorithm through a first algorithm identifier, and even if the encrypted message body is intercepted by a third party, the corresponding decryption algorithm cannot be determined, and the original message content cannot be obtained.

在一种可行的实施方式中,步骤S20包括:In a feasible implementation manner, step S20 includes:

步骤S21,使用私钥和随机数加密会话密钥,得到加密串;Step S21, encrypting the session key using the private key and the random number to obtain an encrypted string;

需要说明的是,随机数是指在加密过程中使用的难以预测的一次性数据,比如计算机硬件运行时的微小电压波动、网络延迟等。It should be noted that random numbers refer to difficult-to-predict one-time data used in the encryption process, such as tiny voltage fluctuations and network delays when computer hardware is running.

示例性地,在支付场景中,服务器在发送支付请求时,使用私钥和时间戳(随机数)对支付信息进行加密。Exemplarily, in a payment scenario, when sending a payment request, the server uses a private key and a timestamp (random number) to encrypt the payment information.

步骤S22,将加密串和随机数发送至电子设备,以使电子设备使用公钥和随机数对加密串进行解密,得到会话密钥。Step S22, sending the encrypted string and the random number to the electronic device, so that the electronic device uses the public key and the random number to decrypt the encrypted string to obtain the session key.

示例性地,电子设备(如支付终端)在接收到加密信息后,使用公钥和随机数解密并验证时间戳,确保支付请求在有效时间内,如果请求过时,支付终端将拒绝处理并断开连接。Exemplarily, after receiving the encrypted information, the electronic device (such as a payment terminal) uses the public key and random number to decrypt and verify the timestamp to ensure that the payment request is within the valid time. If the request is out of date, the payment terminal will refuse to process it and disconnect.

示例性地,还可以通过对随机数进行哈希校验,确保数据在传输过程中未被篡改。Exemplarily, a hash check may be performed on the random number to ensure that the data has not been tampered with during transmission.

本实施方式中,通过加密会话密钥并安全地传输给电子设备,可以确保会话密钥不会被未经授权的第三方获取,从而保护通信的机密性和完整性。In this implementation, by encrypting the session key and securely transmitting it to the electronic device, it can be ensured that the session key will not be obtained by an unauthorized third party, thereby protecting the confidentiality and integrity of the communication.

在一种可行的实施方式中,在步骤S10之前,还包括:In a feasible implementation manner, before step S10, the method further includes:

步骤S01,在接收到电子设备发送的设备标识、第一密钥串和第二算法标识的情形下,根据设备标识,确定设备密码;Step S01, upon receiving a device identification, a first key string, and a second algorithm identification sent by an electronic device, determining a device password according to the device identification;

需要说明的是,设备密码是在电子设备进行注册时存储于服务器中的。It should be noted that the device password is stored in the server when the electronic device is registered.

步骤S02,根据第二算法标识,确定加密算法,其中,加密算法为电子设备对设备密码进行加密时所采用的算法;Step S02, determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm used by the electronic device to encrypt the device password;

示例性地,在电子设备和服务器内预设有多套加密算法,电子设备对设备密码进行加密时一般是从中随机选取一套加密算法,服务器可以通过算法标识确定电子设备使用的是哪套加密算法,用于后续的第一密钥串校对。Exemplarily, multiple encryption algorithms are preset in the electronic device and the server. When the electronic device encrypts the device password, it generally randomly selects an encryption algorithm from them. The server can determine which encryption algorithm the electronic device uses through the algorithm identifier for subsequent first key string verification.

可以理解的是,由于每次采用的加密算法可能存在区别,每次对同一设备密码加密产生的加密体(第一密钥串)不同,导致第三方难以对加密体进行暴力破解,从而降低了电子设备和服务器通信过程中数据泄露事件的发生概率。It is understandable that since the encryption algorithm used each time may be different, the encrypted body (first key string) generated each time the same device password is encrypted is different, making it difficult for a third party to brute force the encrypted body, thereby reducing the probability of data leakage during communication between electronic devices and servers.

步骤S03,使用加密算法加密设备密码,得到第二密钥串;Step S03, encrypting the device password using an encryption algorithm to obtain a second key string;

步骤S04,在第一密钥串和第二密钥串相同的情形下,确认电子设备认证成功。Step S04: confirming that the electronic device authentication is successful when the first key string and the second key string are the same.

示例性地,在电子设备的认证过程中,服务器会使用加密算法对设备密码进行加密,得到第二密钥串,并将其与接收到的第一密钥串进行比对来确认电子设备的身份,如果两者相同,电子设备被认证为合法用户,可以与服务器进行通信。Exemplarily, during the authentication process of an electronic device, the server uses an encryption algorithm to encrypt the device password, obtains a second key string, and compares it with the received first key string to confirm the identity of the electronic device. If the two are the same, the electronic device is authenticated as a legitimate user and can communicate with the server.

示例性地,请参照图3,图3提供了一种设备认证的交互示意图,具体地:首先电子设备执行步骤S101,随机选择一套加密算法,对用户输入的设备密码进行加密,得到第一密钥串(S102);然后执行步骤S103,将设备标识、第一密钥串和算法标识发送至服务器;服务器在接收到电子设备发送的设备标识、第一密钥串和算法标识之后,执行步骤S104,根据设备标识,检索存储在数据库中的设备密码,并根据算法标识,确定电子设备选择的加密算法;接着进入步骤S105,使用该加密算法对检索到的设备密码进行加密,得到第二密钥串,并将第一密钥串和第二密钥串进行比对(S106);如果两者相同,则确认电子设备认证通过,电子设备与服务器可以进行后续通信(S107)。Exemplarily, please refer to Figure 3, which provides an interactive schematic diagram of device authentication, specifically: first, the electronic device executes step S101, randomly selects a set of encryption algorithms, encrypts the device password input by the user, and obtains a first key string (S102); then executes step S103, and sends the device identification, the first key string and the algorithm identification to the server; after receiving the device identification, the first key string and the algorithm identification sent by the electronic device, the server executes step S104, retrieves the device password stored in the database according to the device identification, and determines the encryption algorithm selected by the electronic device according to the algorithm identification; then enters step S105, uses the encryption algorithm to encrypt the retrieved device password to obtain a second key string, and compares the first key string and the second key string (S106); if the two are the same, it is confirmed that the electronic device authentication is passed, and the electronic device and the server can communicate subsequently (S107).

本实施方式中,在电子设备希望通过设备密码进行认证时,使用加密算法对设备密码进行加密,可以有效防止密码被直接窃取或破解;服务器通过算法标识确定对应的加密算法,比较加密生成的密钥串与接收的密钥串是否相同,来完成设备认证过程,确认了设备身份的合法性,从而降低了数据泄露和未经授权访问的发生概率。In this embodiment, when an electronic device wishes to authenticate through a device password, an encryption algorithm is used to encrypt the device password, which can effectively prevent the password from being directly stolen or cracked; the server determines the corresponding encryption algorithm through the algorithm identifier, and compares whether the encrypted key string is the same as the received key string to complete the device authentication process, confirming the legitimacy of the device identity, thereby reducing the probability of data leakage and unauthorized access.

基于上述第一实施例,提出本申请消息体加密方法的第二实施例,在本实施例中,消息体加密方法应用于电子设备,消息体加密方法包括:Based on the above first embodiment, a second embodiment of the message body encryption method of the present application is proposed. In this embodiment, the message body encryption method is applied to an electronic device, and the message body encryption method includes:

步骤A10,在接收到服务器发送的加密串的情形下,使用预设的公钥解密加密串,得到会话密钥,其中,会话密钥由服务器根据设备标识生成,加密串由服务器使用私钥对会话密钥加密得到;Step A10, upon receiving the encrypted string sent by the server, decrypt the encrypted string using the preset public key to obtain a session key, wherein the session key is generated by the server according to the device identifier, and the encrypted string is obtained by encrypting the session key using the private key of the server;

示例性地,在接收到服务器发送的会话密钥的加密版本(第二密钥串)之后,使用预设的公钥解密这个加密的回沪密钥,以获得用于后续通信的会话密钥(会话密钥)。Exemplarily, after receiving the encrypted version of the session key (second key string) sent by the server, the encrypted return key is decrypted using a preset public key to obtain a session key (session key) for subsequent communications.

可以理解的是,通过使用非对称加密技术,降低了数据传输过程中数据泄露的风险,确保只有持有正确公钥的设备能够解密和访问数据。同时,私钥加密相当于一种数字签名,防止服务器方对发送的信息进行抵赖。It is understandable that by using asymmetric encryption technology, the risk of data leakage during data transmission is reduced, ensuring that only devices holding the correct public key can decrypt and access the data. At the same time, private key encryption is equivalent to a digital signature, preventing the server from denying the information sent.

步骤A20,使用会话密钥加密初始消息体,得到加密消息体;Step A20, encrypting the initial message body using the session key to obtain an encrypted message body;

可以理解的是,使用会话密钥(会话密钥)对初始消息体进行加密,确保了初始消息体的机密性,防止了数据泄露。It can be understood that the initial message body is encrypted using a session key (session key), which ensures the confidentiality of the initial message body and prevents data leakage.

步骤A30,向服务器发送加密消息体和第一算法标识,以使服务器根据第一算法标识,确定解密算法,并使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。Step A30, sending the encrypted message body and the first algorithm identifier to the server, so that the server determines the decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body.

示例性地,客户端使用会话密钥加密交易数据,并将加密数据和算法标识发送给服务器,服务器根据算法标识确定解密算法,并使用会话密钥解密交易数据,验证交易信息。Exemplarily, the client encrypts the transaction data using the session key, and sends the encrypted data and the algorithm identifier to the server. The server determines the decryption algorithm according to the algorithm identifier, and decrypts the transaction data using the session key to verify the transaction information.

示例性地,为了助于理解本实施例结合上述实施例一后所得到的消息体加密方法的实现流程,请参照图4,图4提供了一种电子设备与服务器之间的消息通信示意图,具体地:服务器首先执行步骤S201,根据设备标识,随机生成会话密钥,会话密钥每次在会话开始时随机生成,在通信结束后被销毁,确保每次通信都使用不同的会话密钥;然后执行步骤S202,使用预设的私钥对生成的会话密钥进行加密,得到加密串,并将加密串发送至电子设备(S203);电子设备在接收到加密串之后,执行步骤S204,使用预设的公钥对加密串进行解密,获取用于通信加密的会话密钥;然后执行步骤S205,使用会话密钥对初始消息体进行加密,得到加密消息体,并将算法标识各加密消息体发送至服务器(S206);服务器在接收到算法标识和加密消息体之后,执行步骤S207,根据算法标识,确定对应的解密算法;接着进行步骤S208使用原先生成的会话密钥对加密消息体进行解密,获取初始消息体,并进行存储。Exemplarily, in order to help understand the implementation process of the message body encryption method obtained by combining this embodiment with the above-mentioned embodiment 1, please refer to Figure 4. Figure 4 provides a schematic diagram of message communication between an electronic device and a server. Specifically: the server first executes step S201 to randomly generate a session key according to the device identification. The session key is randomly generated at the beginning of each session and is destroyed after the communication is completed, ensuring that a different session key is used for each communication; then executes step S202 to encrypt the generated session key using a preset private key to obtain an encrypted string, and sends the encrypted string to the electronic device (S203). ; After receiving the encrypted string, the electronic device executes step S204, uses the preset public key to decrypt the encrypted string, and obtains the session key used for communication encryption; then executes step S205, uses the session key to encrypt the initial message body, obtains the encrypted message body, and sends the algorithm identifier and each encrypted message body to the server (S206); after receiving the algorithm identifier and the encrypted message body, the server executes step S207, determines the corresponding decryption algorithm according to the algorithm identifier; then performs step S208 to decrypt the encrypted message body using the previously generated session key, obtains the initial message body, and stores it.

本实施例中,通过加密通信,确保了初始消息体在传输过程中的机密性和完整性,防止了数据泄露和篡改;通过引入算法标识,使得电子设备和服务器之间可以基于不同的算法进行通信,减小了加密消息体被暴力破解的可能性,从而降低了通信过程中数据泄露的发生概率。In this embodiment, through encrypted communication, the confidentiality and integrity of the initial message body during transmission are ensured, and data leakage and tampering are prevented; by introducing algorithm identification, electronic devices and servers can communicate based on different algorithms, reducing the possibility of the encrypted message body being brute-force cracked, thereby reducing the probability of data leakage during communication.

在一种可行的实施方式中,步骤A30包括:In a feasible implementation manner, step A30 includes:

步骤A31,将第一算法标识封装于消息传输协议的标志位中,并通过消息传输协议,发送加密消息体至服务器,以使服务器通过读取消息传输协议的标志位,获取第一算法标识。Step A31, encapsulate the first algorithm identifier in the flag bit of the message transmission protocol, and send the encrypted message body to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol.

需要说明的是,消息传输协议是指规定数据如何在网络中传输的一套规则,包括数据包的格式和传输机制;标志位是消息传输协议中用于指示特定信息的位或字段,用于携带额外的信息。可以嵌入额外信息的消息传输协议包括但不限于AMQP(AdvancedMessage Queuing Protocol,高级消息队列协议)、MQTT(Message Queuing TelemetryTransport,消息队列遥测传输协议)。It should be noted that the message transmission protocol refers to a set of rules that specify how data is transmitted in the network, including the format and transmission mechanism of the data packet; the flag bit is a bit or field used to indicate specific information in the message transmission protocol, which is used to carry additional information. Message transmission protocols that can embed additional information include but are not limited to AMQP (Advanced Message Queuing Protocol) and MQTT (Message Queuing Telemetry Transport).

示例性地,将加密算法的标识(如“AES-256”)封装在邮件协议的头部标志位中,发送加密的邮件内容至接收方,接收方可以通过读取邮件头部的标志位,获取加密算法标识(第一算法标识),并使用相应的解密算法解密数据。Exemplarily, the encryption algorithm identifier (such as "AES-256") is encapsulated in the header flag of the email protocol, and the encrypted email content is sent to the recipient. The recipient can obtain the encryption algorithm identifier (first algorithm identifier) by reading the flag in the email header and use the corresponding decryption algorithm to decrypt the data.

可以理解的是,通过将算法标识封装在消息传输协议的标志位中,可以减少数据传输的开销,同时减少算法标识被篡改的风险,使得算法标识受到协议的保护,进一步降低了通信过程中数据泄露的发生概率。It can be understood that by encapsulating the algorithm identifier in the flag bit of the message transmission protocol, the data transmission overhead can be reduced, and at the same time, the risk of the algorithm identifier being tampered with can be reduced, so that the algorithm identifier is protected by the protocol, further reducing the probability of data leakage during the communication process.

在一种可行的实施方式中,在步骤A20之前,还包括:In a feasible implementation manner, before step A20, the method further includes:

步骤B10,在接收到服务器发送的加密串和随机数的情形下,使用公钥和随机数对加密串进行解密,得到会话密钥,并执行使用会话密钥加密初始消息体及之后的步骤。Step B10, upon receiving the encrypted string and random number sent by the server, use the public key and random number to decrypt the encrypted string to obtain the session key, and execute the steps of encrypting the initial message body using the session key and subsequent steps.

示例性地,根据与服务器之间的预设规则(如取随机数的后4位用于加解密),使用预先安装的公钥和随机数的后四位对加密后的会话密钥(加密串)进行解密,得到会话密钥(会话密钥),将其用于后续的通信。Exemplarily, according to preset rules between the server (such as taking the last 4 digits of the random number for encryption and decryption), the encrypted session key (encrypted string) is decrypted using the pre-installed public key and the last four digits of the random number to obtain the session key (session key), which is used for subsequent communications.

示例性地,在后续的通信过程中,使用会话密钥和随机数对消息体进行加密,得到加密消息体,并将加密算法标识封装在MQTT的标志位中,通过MQTT将加密消息体发送至服务器。Exemplarily, in the subsequent communication process, the message body is encrypted using the session key and the random number to obtain an encrypted message body, and the encryption algorithm identifier is encapsulated in the flag bit of MQTT, and the encrypted message body is sent to the server via MQTT.

本实施方式中,通过引入随机数和公钥加密技术,确保了会话密钥(会话密钥)在传输过程中的机密性和完整性,防止了中间人攻击和密钥泄露;同时随机数的使用使得每次通信都是唯一的,即使攻击者截获并破解出了会话密钥,也无法在后续通信中重复使用。In this implementation, by introducing random numbers and public key encryption technology, the confidentiality and integrity of the session key (session key) during transmission are ensured, preventing man-in-the-middle attacks and key leakage; at the same time, the use of random numbers makes each communication unique, even if an attacker intercepts and cracks the session key, it cannot be reused in subsequent communications.

在一种可行的实施方式中,在步骤B10之后,还包括:In a feasible implementation manner, after step B10, the method further includes:

步骤B20,在随机数为时间戳的情形下,比较时间戳和当前时间之间的时间间隔是否超过预设的时间阈值;Step B20, when the random number is a timestamp, comparing whether the time interval between the timestamp and the current time exceeds a preset time threshold;

需要说明的是,时间戳表示某一数据或事件生成时间的标记,用于验证数据的时效性,通常是一个字符序列,可以准确到事件发生的秒数或毫秒数。当前时间指从系统时钟或其他时间源获取的当前的日期和时间;时间阈值则用于控制某些操作或数据的有效期限。It should be noted that the timestamp is a mark of the time when a certain data or event is generated. It is used to verify the timeliness of the data. It is usually a character sequence that can be accurate to the seconds or milliseconds when the event occurs. The current time refers to the current date and time obtained from the system clock or other time source; the time threshold is used to control the validity period of certain operations or data.

可以理解的是,使用时间戳和预设的时间阈值间隔检查,确保数据在有效时间内被处理,防止过时的数据导致错误操作,确保了数据的完整性和抗篡改性。It can be understood that the use of timestamps and preset time threshold interval checks ensures that data is processed within the valid time, prevents outdated data from causing erroneous operations, and ensures the integrity and tamper-resistance of the data.

步骤B30,在时间间隔超过时间阈值的情形下,断开与服务器之间的连接;Step B30, when the time interval exceeds the time threshold, disconnecting the connection with the server;

步骤B40,在时间间隔未超过时间阈值的情形下,执行使用会话密钥加密初始消息体的步骤。Step B40: When the time interval does not exceed the time threshold, execute the step of encrypting the initial message body using the session key.

示例性地,在接收到作为随机数发送的时间戳之后,获取当前的日期和时间,计算时间戳和当前时间之间的差异(时间间隔),将计算出的时间间隔与预设的时间阈值进行比较。如果差异太大,超过了安全的时间阈值,则认为当前信息可能已经过时,当前信息可能被第三方篡改,断开与服务器之间的连接以保证安全。如果时间差异在可接受范围内,则继续当前的通信。Exemplarily, after receiving the timestamp sent as a random number, the current date and time are obtained, the difference (time interval) between the timestamp and the current time is calculated, and the calculated time interval is compared with a preset time threshold. If the difference is too large and exceeds the safe time threshold, it is considered that the current information may be outdated and may be tampered with by a third party, and the connection with the server is disconnected to ensure security. If the time difference is within an acceptable range, the current communication continues.

本实施方式中,通过验证时间戳,可以防止攻击者使用旧的数据包进行攻击,确保消息的时效性,从而降低了通信过程中消息泄露的风险。In this implementation, by verifying the timestamp, it is possible to prevent attackers from using old data packets to attack, thereby ensuring the timeliness of the message and reducing the risk of message leakage during the communication process.

需要说明的是,上述示例仅用于理解本申请,并不构成对本申请消息体加密方法的限定,基于此技术构思进行更多形式的简单变换,均在本申请的保护范围内。It should be noted that the above examples are only used to understand the present application and do not constitute a limitation on the message body encryption method of the present application. More simple transformations based on this technical concept are all within the scope of protection of the present application.

本申请实施例还提供一种消息体加密装置,请参照图5,所述消息体加密装置应用于服务器,装置包括:The embodiment of the present application further provides a message body encryption device, please refer to FIG. 5, the message body encryption device is applied to a server, and the device includes:

密钥生成模块10,用于在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;The key generation module 10 is used to generate a session key according to the received device identification when the electronic device is authenticated;

密钥加密模块20,用于使用预设的私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备,以使所述电子设备使用预设的公钥对所述加密串进行解密,得到会话密钥,并使用所述会话密钥加密初始消息体,得到加密消息体;The key encryption module 20 is used to encrypt the session key using a preset private key to obtain an encrypted string, and send the encrypted string to the electronic device so that the electronic device decrypts the encrypted string using a preset public key to obtain a session key, and encrypts the initial message body using the session key to obtain an encrypted message body;

算法确定模块30,用于在接收到所述电子设备发送的所述加密消息体和第一算法标识的情形下,根据所述第一算法标识,确定解密算法;The algorithm determination module 30 is used to determine a decryption algorithm according to the first algorithm identifier when receiving the encrypted message body and the first algorithm identifier sent by the electronic device;

消息体解密模块40,用于使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The message body decryption module 40 is used to decrypt the encrypted message body using the decryption algorithm and the session key to obtain the initial message body.

本申请实施例提供的消息体加密装置,采用上述实施例中的消息体加密方法,能够降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的消息体加密装置的有益效果与上述实施例提供的消息体加密方法的有益效果相同,且所述消息体加密装置中的其他技术特征与上述实施例方法公开的特征相同,在此不做赘述。The message body encryption device provided in the embodiment of the present application adopts the message body encryption method in the above embodiment, which can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the message body encryption device provided by the present application are the same as the beneficial effects of the message body encryption method provided in the above embodiment, and other technical features in the message body encryption device are the same as the features disclosed in the above embodiment method, which will not be repeated here.

本申请实施例还提供一种消息体加密装置,请参照图6,所述消息体加密装置应用于电子设备,装置包括:The embodiment of the present application further provides a message body encryption device, please refer to FIG. 6, the message body encryption device is applied to an electronic device, and the device includes:

密钥解密模块50,用于在接收到服务器发送的加密串的情形下,使用预设的公钥解密所述加密串,得到会话密钥,其中,所述会话密钥由所述服务器根据设备标识生成,所述加密串由所述服务器使用预设的私钥对所述会话密钥加密得到;The key decryption module 50 is used to decrypt the encrypted string using a preset public key to obtain a session key when receiving the encrypted string sent by the server, wherein the session key is generated by the server according to the device identifier, and the encrypted string is obtained by encrypting the session key by the server using a preset private key;

消息体加密模块60,用于使用所述会话密钥加密初始消息体,得到加密消息体;A message body encryption module 60, configured to encrypt an initial message body using the session key to obtain an encrypted message body;

消息发送模块70,用于向所述服务器发送所述加密消息体和第一算法标识,以使所述服务器根据所述第一算法标识,确定解密算法,并使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The message sending module 70 is used to send the encrypted message body and the first algorithm identifier to the server, so that the server determines the decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body.

本申请实施例提供的消息体加密装置,采用上述实施例中的消息体加密方法,能够降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的消息体加密装置的有益效果与上述实施例提供的消息体加密方法的有益效果相同,且所述消息体加密装置中的其他技术特征与上述实施例方法公开的特征相同,在此不做赘述。The message body encryption device provided in the embodiment of the present application adopts the message body encryption method in the above embodiment, which can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the message body encryption device provided by the present application are the same as the beneficial effects of the message body encryption method provided in the above embodiment, and other technical features in the message body encryption device are the same as the features disclosed in the above embodiment method, which will not be repeated here.

本申请实施例提供一种服务器,服务器包括:至少一个处理器;以及,与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执行上述实施例一中的消息体加密方法。An embodiment of the present application provides a server, which includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the above-mentioned embodiment one.

下面参考图7,其示出了适于用来实现本申请实施例的服务器的结构示意图。本申请实施例中的服务器可以包括但不限于诸如移动电话、笔记本电脑、数字广播接收器、PDA(Personal Digital Assistant:个人数字助理)、PAD(Portable ApplicationDescription:平板电脑)、PMP(Portable Media Player:便携式多媒体播放器)、车载终端(例如车载导航终端)等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。图7示出的服务器仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。Referring to FIG. 7 below, a schematic diagram of the structure of a server suitable for implementing an embodiment of the present application is shown. The server in the embodiment of the present application may include, but is not limited to, mobile terminals such as mobile phones, laptop computers, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Portable Application Descriptions), PMPs (Portable Media Players), vehicle-mounted terminals (such as vehicle-mounted navigation terminals), etc., and fixed terminals such as digital TVs, desktop computers, etc. The server shown in FIG. 7 is only an example and should not impose any limitations on the functions and scope of use of the embodiments of the present application.

如图7所示,服务器可以包括处理装置1001(例如中央处理器、图形处理器等),其可以根据存储在只读存储器(ROM:Read Only Memory)1002中的程序或者从存储装置1003加载到随机访问存储器(RAM:Random Access Memory)1004中的程序而执行各种适当的动作和处理。在RAM1004中,还存储有服务器操作所需的各种程序和数据。处理装置1001、ROM1002以及RAM1004通过总线1005彼此相连。输入/输出(I/O)接口1006也连接至总线。通常,以下系统可以连接至I/O接口1006:包括例如触摸屏、触摸板、键盘、鼠标、图像传感器、麦克风、加速度计、陀螺仪等的输入装置1007;包括例如液晶显示器(LCD:Liquid CrystalDisplay)、扬声器、振动器等的输出装置1008;包括例如磁带、硬盘等的存储装置1003;以及通信装置1009。通信装置1009可以允许服务器与其他设备进行无线或有线通信以交换数据。虽然图中示出了具有各种系统的服务器,但是应理解的是,并不要求实施或具备所有示出的系统。可以替代地实施或具备更多或更少的系统。As shown in FIG7 , the server may include a processing device 1001 (e.g., a central processing unit, a graphics processing unit, etc.), which may perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage device 1003 to a random access memory (RAM) 1004. Various programs and data required for the operation of the server are also stored in the RAM 1004. The processing device 1001, the ROM 1002, and the RAM 1004 are connected to each other via a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus. Generally, the following systems may be connected to the I/O interface 1006: an input device 1007 including, for example, a touch screen, a touch pad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc.; an output device 1008 including, for example, a liquid crystal display (LCD), a speaker, a vibrator, etc.; a storage device 1003 including, for example, a magnetic tape, a hard disk, etc.; and a communication device 1009. The communication device 1009 can allow the server to communicate with other devices wirelessly or by wire to exchange data. Although the figure shows a server with various systems, it should be understood that it is not required to implement or have all the systems shown. More or fewer systems can be implemented or have alternatively.

特别地,根据本申请公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本申请公开的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信装置从网络上被下载和安装,或者从存储装置1003被安装,或者从ROM1002被安装。在该计算机程序被处理装置1001执行时,执行本申请公开实施例的方法中限定的上述功能。In particular, according to the embodiments disclosed in the present application, the process described above with reference to the flowchart can be implemented as a computer software program. For example, the embodiments disclosed in the present application include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program includes a program code for executing the method shown in the flowchart. In such an embodiment, the computer program can be downloaded and installed from a network through a communication device, or installed from a storage device 1003, or installed from a ROM 1002. When the computer program is executed by the processing device 1001, the above-mentioned functions defined in the method of the embodiment disclosed in the present application are executed.

本申请实施例提供的服务器,采用上述实施例中的消息体加密方法,能降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的服务器的有益效果与上述实施例提供的消息体加密方法的有益效果相同,且该服务器中的其他技术特征与上一实施例方法公开的特征相同,在此不做赘述。The server provided in the embodiment of the present application adopts the message body encryption method in the above embodiment, which can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the server provided in the present application are the same as the beneficial effects of the message body encryption method provided in the above embodiment, and other technical features in the server are the same as those disclosed in the method of the previous embodiment, which will not be repeated here.

应当理解,本申请公开的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式的描述中,具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。It should be understood that the various parts disclosed in this application can be implemented by hardware, software, firmware or a combination thereof. In the description of the above embodiments, specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art who is familiar with the present technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

本申请实施例提供一种电子设备,电子设备包括:至少一个处理器;以及,与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执行上述实施例一中的消息体加密方法。An embodiment of the present application provides an electronic device, which includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the above-mentioned embodiment one.

下面参考图8,其示出了适于用来实现本申请实施例的电子设备的结构示意图。本申请实施例中的电子设备可以包括但不限于诸如移动电话、笔记本电脑、数字广播接收器、PDA(Personal Digital Assistant:个人数字助理)、PAD(Portable ApplicationDescription:平板电脑)、PMP(Portable Media Player:便携式多媒体播放器)、车载终端(例如车载导航终端)等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。图8示出的电子设备仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。Referring to FIG8 below, it shows a schematic diagram of the structure of an electronic device suitable for implementing an embodiment of the present application. The electronic devices in the embodiments of the present application may include, but are not limited to, mobile terminals such as mobile phones, laptop computers, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Portable Application Descriptions), PMPs (Portable Media Players), vehicle-mounted terminals (such as vehicle-mounted navigation terminals), etc., and fixed terminals such as digital TVs, desktop computers, etc. The electronic device shown in FIG8 is only an example and should not impose any limitations on the functions and scope of use of the embodiments of the present application.

如图8所示,电子设备可以包括处理装置2001(例如中央处理器、图形处理器等),其可以根据存储在只读存储器(ROM:Read Only Memory)2002中的程序或者从存储装置2003加载到随机访问存储器(RAM:Random Access Memory)2004中的程序而执行各种适当的动作和处理。在RAM2004中,还存储有电子设备操作所需的各种程序和数据。处理装置2001、ROM2002以及RAM2004通过总线2005彼此相连。输入/输出(I/O)接口2006也连接至总线。通常,以下系统可以连接至I/O接口2006:包括例如触摸屏、触摸板、键盘、鼠标、图像传感器、麦克风、加速度计、陀螺仪等的输入装置2007;包括例如液晶显示器(LCD:LiquidCrystal Display)、扬声器、振动器等的输出装置2008;包括例如磁带、硬盘等的存储装置2003;以及通信装置2009。通信装置2009可以允许电子设备与其他设备进行无线或有线通信以交换数据。虽然图中示出了具有各种系统的电子设备,但是应理解的是,并不要求实施或具备所有示出的系统。可以替代地实施或具备更多或更少的系统。As shown in FIG8 , the electronic device may include a processing device 2001 (e.g., a central processing unit, a graphics processor, etc.), which may perform various appropriate actions and processes according to a program stored in a read-only memory (ROM: Read Only Memory) 2002 or a program loaded from a storage device 2003 to a random access memory (RAM: Random Access Memory) 2004. Various programs and data required for the operation of the electronic device are also stored in the RAM 2004. The processing device 2001, the ROM 2002, and the RAM 2004 are connected to each other via a bus 2005. An input/output (I/O) interface 2006 is also connected to the bus. Generally, the following systems may be connected to the I/O interface 2006: an input device 2007 including, for example, a touch screen, a touch pad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc.; an output device 2008 including, for example, a liquid crystal display (LCD: Liquid Crystal Display), a speaker, a vibrator, etc.; a storage device 2003 including, for example, a magnetic tape, a hard disk, etc.; and a communication device 2009. The communication device 2009 can allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. Although the figure shows an electronic device with various systems, it should be understood that it is not required to implement or have all the systems shown. More or fewer systems can be implemented or have alternatively.

特别地,根据本申请公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本申请公开的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信装置从网络上被下载和安装,或者从存储装置2003被安装,或者从ROM2002被安装。在该计算机程序被处理装置2001执行时,执行本申请公开实施例的方法中限定的上述功能。In particular, according to the embodiments disclosed in the present application, the process described above with reference to the flowchart can be implemented as a computer software program. For example, the embodiments disclosed in the present application include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program includes a program code for executing the method shown in the flowchart. In such an embodiment, the computer program can be downloaded and installed from a network through a communication device, or installed from a storage device 2003, or installed from a ROM 2002. When the computer program is executed by the processing device 2001, the above-mentioned functions defined in the method of the embodiment disclosed in the present application are executed.

本申请实施例提供的电子设备,采用上述实施例中的消息体加密方法,能降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的电子设备的有益效果与上述实施例提供的消息体加密方法的有益效果相同,且该电子设备中的其他技术特征与上一实施例方法公开的特征相同,在此不做赘述。The electronic device provided in the embodiment of the present application adopts the message body encryption method in the above embodiment, which can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the electronic device provided in the present application are the same as the beneficial effects of the message body encryption method provided in the above embodiment, and the other technical features in the electronic device are the same as the features disclosed in the method of the previous embodiment, which will not be repeated here.

应当理解,本申请公开的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式的描述中,具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。It should be understood that the various parts disclosed in this application can be implemented by hardware, software, firmware or a combination thereof. In the description of the above embodiments, specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art who is familiar with the present technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

本申请实施例提供一种计算机可读存储介质,具有存储在其上的计算机可读程序指令(即计算机程序),计算机可读程序指令用于执行上述实施例中的消息体加密方法。An embodiment of the present application provides a computer-readable storage medium having computer-readable program instructions (ie, a computer program) stored thereon, wherein the computer-readable program instructions are used to execute the message body encryption method in the above embodiment.

本申请实施例提供的计算机可读存储介质例如可以是U盘,但不限于电、磁、光、电磁、红外线、或半导体的系统或器件,或者任意以上的组合。计算机可读存储介质的更具体地例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM:Random Access Memory)、只读存储器(ROM:Read Only Memory)、可擦式可编程只读存储器(EPROM:Erasable Programmable Read Only Memory或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM:CD-Read Only Memory)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本实施例中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统或者器件使用或者与其结合使用。计算机可读存储介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:电线、光缆、RF(Radio Frequency:射频)等等,或者上述的任意合适的组合。The computer-readable storage medium provided in the embodiment of the present application may be, for example, a USB flash drive, but is not limited to electrical, magnetic, optical, electromagnetic, infrared, or semiconductor systems or devices, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM: Random Access Memory), a read-only memory (ROM: Read Only Memory), an erasable programmable read-only memory (EPROM: Erasable Programmable Read Only Memory or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM: CD-Read Only Memory), an optical storage device, a magnetic storage device, or any suitable combination of the above. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program, which may be used by or in combination with an instruction execution system or device. The program code contained on the computer-readable storage medium may be transmitted using any appropriate medium, including but not limited to: wires, optical cables, RF (Radio Frequency: Radio Frequency), etc., or any suitable combination of the above.

上述计算机可读存储介质可以是服务器和/或电子设备中所包含的;也可以是单独存在,而未装配入服务器和/或电子设备中。The computer-readable storage medium may be included in the server and/or the electronic device; or may exist independently without being installed in the server and/or the electronic device.

上述计算机可读存储介质承载有一个或者多个程序,当上述一个或者多个程序被服务器执行时,使得服务器:在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;使用预设的私钥加密会话密钥,得到加密串,并将加密串发送至电子设备,以使电子设备使用预设的公钥对加密串进行解密,得到会话密钥,并使用会话密钥加密初始消息体,得到加密消息体;在接收到电子设备发送的加密消息体和第一算法标识的情形下,根据第一算法标识,确定解密算法;使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。The above-mentioned computer-readable storage medium carries one or more programs. When the above-mentioned one or more programs are executed by the server, the server: generates a session key according to the received device identification when the electronic device authentication is passed; encrypts the session key using a preset private key to obtain an encrypted string, and sends the encrypted string to the electronic device, so that the electronic device uses a preset public key to decrypt the encrypted string to obtain the session key, and uses the session key to encrypt the initial message body to obtain an encrypted message body; determines the decryption algorithm according to the first algorithm identification when the encrypted message body and the first algorithm identification sent by the electronic device are received; and decrypts the encrypted message body using the decryption algorithm and the session key to obtain the initial message body.

上述计算机可读存储介质承载有一个或者多个程序,当上述一个或者多个程序被电子设备执行时,使得电子设备:在接收到服务器发送的加密串的情形下,使用预设的公钥解密加密串,得到会话密钥,其中,会话密钥由服务器根据设备标识生成,加密串由服务器使用预设的私钥对会话密钥加密得到;使用会话密钥加密初始消息体,得到加密消息体;向服务器发送加密消息体和第一算法标识,以使服务器根据第一算法标识,确定解密算法,并使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。The above-mentioned computer-readable storage medium carries one or more programs. When the above-mentioned one or more programs are executed by an electronic device, the electronic device: upon receiving an encrypted string sent by a server, uses a preset public key to decrypt the encrypted string to obtain a session key, wherein the session key is generated by the server according to a device identifier, and the encrypted string is obtained by encrypting the session key by the server using a preset private key; uses the session key to encrypt an initial message body to obtain an encrypted message body; sends the encrypted message body and a first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body.

可以以一种或多种程序设计语言或其组合来编写用于执行本申请的操作的计算机程序代码,上述程序设计语言包括面向对象的程序设计语言—诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LAN:Local Area Network)或广域网(WAN:Wide Area Network)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。Computer program code for performing the operations of the present application may be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, C++, and conventional procedural programming languages such as "C" or similar programming languages. The program code may be executed entirely on the user's computer, partially on the user's computer, as a separate software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer via any type of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (e.g., via the Internet using an Internet service provider).

附图中的流程图和框图,图示了按照本申请各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flow chart and block diagram in the accompanying drawings illustrate the possible architecture, function and operation of the system, method and computer program product according to various embodiments of the present application. In this regard, each box in the flow chart or block diagram can represent a module, a program segment or a part of a code, and the module, the program segment or a part of the code contains one or more executable instructions for realizing the specified logical function. It should also be noted that in some alternative implementations, the functions marked in the box can also occur in a sequence different from that marked in the accompanying drawings. For example, two boxes represented in succession can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each box in the block diagram and/or flow chart, and the combination of the boxes in the block diagram and/or flow chart can be implemented with a dedicated hardware-based system that performs a specified function or operation, or can be implemented with a combination of dedicated hardware and computer instructions.

描述于本申请实施例中所涉及到的模块可以通过软件的方式实现,也可以通过硬件的方式来实现。其中,模块的名称在某种情况下并不构成对该单元本身的限定。The modules involved in the embodiments of the present application may be implemented by software or hardware, wherein the name of the module does not, in some cases, constitute a limitation on the unit itself.

本申请实施例提供的可读存储介质为计算机可读存储介质,所述计算机可读存储介质存储有用于执行上述消息体加密方法的计算机可读程序指令(即计算机程序),能够降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的计算机可读存储介质的有益效果与上述实施例提供的消息体加密方法的有益效果相同,在此不做赘述。The readable storage medium provided in the embodiment of the present application is a computer-readable storage medium, which stores computer-readable program instructions (i.e., computer programs) for executing the above-mentioned message body encryption method, and can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in the present application are the same as the beneficial effects of the message body encryption method provided in the above-mentioned embodiment, and will not be repeated here.

本申请实施例还提供一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现如上述的消息体加密方法的步骤。An embodiment of the present application also provides a computer program product, including a computer program, which implements the steps of the message body encryption method as described above when executed by a processor.

本申请实施例提供的计算机程序产品能够降低通信过程中数据泄露的发生概率。与现有技术相比,本申请提供的计算机程序产品的有益效果与上述实施例提供的消息体加密方法的有益效果相同,在此不做赘述。The computer program product provided in the embodiment of the present application can reduce the probability of data leakage during communication. Compared with the prior art, the beneficial effects of the computer program product provided in the present application are the same as the beneficial effects of the message body encryption method provided in the above embodiment, which will not be repeated here.

以上所述仅为本申请的部分实施例,并非因此限制本申请的专利范围,凡是在本申请的技术构思下,利用本申请说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本申请的专利保护范围内。The above descriptions are only some embodiments of the present application, and are not intended to limit the patent scope of the present application. All equivalent structural changes made using the contents of the present application specification and drawings under the technical concept of the present application, or direct/indirect application in other related technical fields are included in the patent protection scope of the present application.

Claims (10)

1. A message body encryption method, wherein the message body encryption method is applied to a server, and the method comprises the following steps:
under the condition that the authentication of the electronic equipment is passed, generating a session key according to the received equipment identifier;
Encrypting the session key by using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic equipment, so that the electronic equipment decrypts the encrypted string by using a preset public key to obtain a session key, and encrypts an initial message body by using the session key to obtain an encrypted message body;
under the condition that the encrypted message body and a first algorithm identifier sent by the electronic equipment are received, determining a decryption algorithm according to the first algorithm identifier;
And decrypting the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
2. The message body encryption method of claim 1, wherein the step of encrypting the session key using a preset private key to obtain an encrypted string and transmitting the encrypted string to the electronic device comprises:
Encrypting the session key by using the private key and the random number to obtain an encrypted string;
and sending the encryption string and the random number to the electronic equipment so that the electronic equipment can decrypt the encryption string by using the public key and the random number to obtain a session key.
3. The message body encryption method of claim 1, further comprising, prior to the step of generating a session key based on the received device identification:
Under the condition that the equipment identifier, the first key string and the second algorithm identifier sent by the electronic equipment are received, determining an equipment password according to the equipment identifier;
determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm adopted when the electronic equipment encrypts the equipment password;
Encrypting the equipment password by using the encryption algorithm to obtain a second key string;
and under the condition that the first key string and the second key string are the same, confirming that the authentication of the electronic equipment is successful.
4. A message body encryption method, wherein the message body encryption method is applied to an electronic device, and the method comprises the following steps:
under the condition that an encryption string sent by a server is received, decrypting the encryption string by using a preset public key to obtain a session key, wherein the session key is generated by the server according to a device identifier, and the encryption string is obtained by encrypting the session key by using a preset private key by the server;
encrypting the initial message body by using the session key to obtain an encrypted message body;
and sending the encrypted message body and a first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
5. The message body encryption method of claim 4, wherein the step of sending the encrypted message body and the first algorithm identification to the server comprises:
And encapsulating the first algorithm identifier in a flag bit of a message transmission protocol, and sending the encrypted message body to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol.
6. The message body encryption method of claim 4, further comprising, prior to the step of encrypting the initial message body using the session key:
and under the condition that the encrypted string and the random number sent by the server are received, decrypting the encrypted string by using the public key and the random number to obtain a session key.
7. The message body encryption method of claim 6, further comprising, after the step of obtaining the session key:
comparing whether the time interval between the time stamp and the current time exceeds a preset time threshold value under the condition that the random number is the time stamp;
Disconnecting a connection with the server in case the time interval exceeds the time threshold;
the steps of encrypting an initial message body using the session key and thereafter are performed if the time interval does not exceed the time threshold.
8. A server comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the message body encryption method of any one of claims 1 to 3.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the message body encryption method according to any one of claims 4 to 7.
10. A storage medium, characterized in that the storage medium is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the message body encryption method according to any one of claims 1 to 7.
CN202411752136.8A 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium Active CN119652583B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411752136.8A CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411752136.8A CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN119652583A true CN119652583A (en) 2025-03-18
CN119652583B CN119652583B (en) 2025-10-10

Family

ID=94945358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411752136.8A Active CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN119652583B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120856459A (en) * 2025-09-12 2025-10-28 北京云行在线软件开发有限责任公司 Security authentication service method based on key and random algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017091959A1 (en) * 2015-11-30 2017-06-08 华为技术有限公司 Data transmission method, user equipment and network side device
CN107251476A (en) * 2015-02-13 2017-10-13 维萨国际服务协会 Secure Communications Management
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
WO2018090967A1 (en) * 2016-11-17 2018-05-24 深圳创维数字技术有限公司 Secure data transmission method and system based on eoc network
WO2023193157A1 (en) * 2022-04-06 2023-10-12 北京小米移动软件有限公司 Information processing method and apparatus, communication device, and storage medium
CN117714058A (en) * 2023-11-10 2024-03-15 中国建设银行股份有限公司 Encryption and decryption algorithm switching method and device for financial business equipment and computer equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107251476A (en) * 2015-02-13 2017-10-13 维萨国际服务协会 Secure Communications Management
WO2017091959A1 (en) * 2015-11-30 2017-06-08 华为技术有限公司 Data transmission method, user equipment and network side device
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
WO2018090967A1 (en) * 2016-11-17 2018-05-24 深圳创维数字技术有限公司 Secure data transmission method and system based on eoc network
WO2023193157A1 (en) * 2022-04-06 2023-10-12 北京小米移动软件有限公司 Information processing method and apparatus, communication device, and storage medium
CN117714058A (en) * 2023-11-10 2024-03-15 中国建设银行股份有限公司 Encryption and decryption algorithm switching method and device for financial business equipment and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
彭佳;汪海航;: "SMS安全通信系统的研究与实现", 计算机安全, no. 12, 15 December 2008 (2008-12-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120856459A (en) * 2025-09-12 2025-10-28 北京云行在线软件开发有限责任公司 Security authentication service method based on key and random algorithm

Also Published As

Publication number Publication date
CN119652583B (en) 2025-10-10

Similar Documents

Publication Publication Date Title
CN109361668B (en) Trusted data transmission method
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
CN100409609C (en) Systems and methods for implementing a trusted counter in a personal communication device
CN112565205B (en) Credible authentication and measurement method, server, terminal and readable storage medium
CN109412812B (en) Data security processing system, method, device and storage medium
JP2016063533A (en) Network authentication method for electronic transactions
CN115529591B (en) Authentication method, device, equipment and storage medium based on token
US20240106633A1 (en) Account opening methods, systems, and apparatuses
EP4423969A1 (en) Method to establish a secure channel
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN110519304A (en) HTTPS mutual authentication method based on TEE
CN118487749B (en) Key distribution method, device and system applied in quantum key management scenario
CN107483388A (en) A kind of safety communicating method and its terminal and high in the clouds
CN111224784A (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN117792767A (en) Communication method, related device and storage medium
CN119652583B (en) Message body encryption method, server, electronic device and storage medium
CN119728101B (en) Key management methods, key encryption methods, data encryption methods and related equipment
CN113672973A (en) Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN111651740B (en) Trusted platform sharing system for distributed intelligent embedded system
CN115459929A (en) Security verification method, apparatus, electronic device, system, medium, and product
CN119232376B (en) User identity verification method and system
CN117675252A (en) Single-packet authentication method, device, equipment and storage medium
JP2017079419A (en) Server authentication system, terminal, server, server authentication method, program
CN119892478B (en) A method and related equipment for secure transmission of information over a power grid intranet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant