Disclosure of Invention
The application mainly aims to provide a message body encryption method, a server, electronic equipment and a storage medium, and aims to reduce the occurrence probability of data leakage in the communication process.
In order to achieve the above object, the present application provides a message body encryption method, applied to a server, the method comprising:
under the condition that the authentication of the electronic equipment is passed, generating a session key according to the received equipment identifier;
Encrypting the session key by using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic equipment, so that the electronic equipment decrypts the encrypted string by using a preset public key to obtain a session key, and encrypts an initial message body by using the session key to obtain an encrypted message body;
Under the condition that the encrypted message body and a first algorithm identifier sent by the electronic equipment are received, determining a decryption algorithm according to the first algorithm identifier;
And decrypting the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In one embodiment, the step of encrypting the session key using a private key to obtain an encrypted string and transmitting the encrypted string to the electronic device includes:
Encrypting the session key by using the private key and the random number to obtain an encrypted string;
And sending the encryption string and the random number to the electronic equipment so that the electronic equipment can decrypt the encryption string by using the public key and the random number to obtain a session key.
In an embodiment, before the step of generating the session key according to the received device identifier, the method further includes:
under the condition that the equipment identifier, the first key string and the second algorithm identifier sent by the electronic equipment are received, determining an equipment password according to the equipment identifier;
determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm adopted when the electronic equipment encrypts the equipment password;
encrypting the equipment password by using the encryption algorithm to obtain a second key string;
And under the condition that the first key string and the second key string are the same, confirming that the authentication of the electronic equipment is successful.
In addition, in order to achieve the above object, the present application further provides a message body encryption method, applied to an electronic device, where the method includes:
Under the condition that an encryption string sent by a server is received, decrypting the encryption string by using a preset public key to obtain a session key, wherein the session key is generated by the server according to a device identifier, and the encryption string is obtained by encrypting the session key by using a preset private key by the server;
encrypting the initial message body by using the session key to obtain an encrypted message body;
And sending the encrypted message body and a first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In one embodiment, the step of sending the encrypted message body and the first algorithm identification to the server includes:
And encapsulating the first algorithm identifier in a flag bit of a message transmission protocol, and sending the encrypted message body to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol.
In an embodiment, before the step of encrypting the initial message body using the session key, the method further comprises:
And under the condition that the encrypted string and the random number sent by the server are received, decrypting the encrypted string by using the public key and the random number to obtain a session key.
In an embodiment, after the step of obtaining the session key, the method further includes:
Comparing whether the time interval between the time stamp and the current time exceeds a preset time threshold value under the condition that the random number is the time stamp;
disconnecting a connection with the server in case the time interval exceeds the time threshold;
the steps of encrypting an initial message body using the session key and thereafter are performed if the time interval does not exceed the time threshold.
In addition, in order to achieve the above object, the present application also proposes a message body encryption apparatus applied to a server, the message body encryption apparatus comprising:
The key generation module is used for generating a session key according to the received equipment identifier under the condition that the authentication of the electronic equipment is passed;
the key encryption module is used for encrypting the session key by using a preset private key to obtain an encryption string, and sending the encryption string to the electronic equipment so that the electronic equipment can decrypt the encryption string by using the preset public key to obtain a session key, and encrypting an initial message body by using the session key to obtain an encrypted message body;
The algorithm determining module is used for determining a decryption algorithm according to the first algorithm identifier under the condition that the encrypted message body and the first algorithm identifier sent by the electronic equipment are received;
and the message body decryption module is used for decrypting the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In addition, in order to achieve the above object, the present application also proposes a message body encryption apparatus, which is applied to an electronic device, the message body encryption apparatus comprising:
The key decryption module is used for decrypting the encrypted string by using a preset public key under the condition of receiving the encrypted string sent by the server to obtain a session key, wherein the session key is generated by the server according to the equipment identifier, and the encrypted string is obtained by encrypting the session key by using a preset private key by the server;
the message body encryption module is used for encrypting the initial message body by using the session key to obtain an encrypted message body;
and the message sending module is used for sending the encrypted message body and the first algorithm identifier to the server so that the server can determine a decryption algorithm according to the first algorithm identifier, and decrypt the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In addition, to achieve the above object, the present application also proposes a storage medium, which is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the message body encryption method as described above.
The technical scheme provided by the application is applied to a server, and has the technical effects that under the condition that the authentication of the electronic equipment is passed, a session key is generated according to the received equipment identification, so that each session is ensured to have a unique key, the risk of interception or cracking is reduced, then, a preset private key is used for encrypting the session key to obtain an encryption string, the encryption is used for encrypting the initial message body by using the private key, the confidentiality of the session key in the transmission process is ensured, the encryption string is further sent to the electronic equipment, unauthorized equipment (namely equipment without a corresponding public key) cannot acquire the session key even if the encryption string is intercepted, further, under the condition that an encrypted message body sent by the electronic equipment and a first algorithm identification are received, a decryption algorithm for decrypting the encrypted message body is determined according to the first algorithm identification, and only equipment knowing the matching relation between the algorithm identification and the encryption algorithm can determine a correct decryption algorithm, so that the message leakage is avoided, only the equipment with the session key is used for encrypting the initial message body, only equipment with the session key can generate the encryption string, the encryption string is not used for decrypting the correct message body, the message body is encrypted by using the encryption algorithm, the encryption algorithm can not be generated, and the confidentiality of the message body is also can be completely verified in the transmission process, and the message is completely encrypted, and the message is prevented from being tampered. The application ensures confidentiality and reliability of data transmission through encryption and decryption processes, and reduces occurrence probability of data leakage in the communication process between the electronic equipment and the server.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the technical solution of the present application and are not intended to limit the present application.
For a better understanding of the technical solution of the present application, the following detailed description will be given with reference to the drawings and the specific embodiments.
In the conventional technology, the static key is exposed in the long-term storage process, if the static key is illegally acquired, the confidentiality of data is difficult to guarantee even if both communication parties use an encryption technology, and with the enhancement of computing capacity and the appearance of a new attack method, the original encryption algorithm may become unsafe, the message content between equipment and a server may be stolen by a third party, and the message leakage is caused, which directly leads to the increase of the occurrence probability of the data leakage.
The application provides a solution, which is applied to a server, and is characterized in that firstly, a device password is determined according to a device identifier sent by electronic equipment before communication, a key string sent by the electronic equipment is verified by encrypting the device password, so that the legitimacy of the electronic equipment is ensured, a session key is dynamically generated according to the received device identifier under the condition that the electronic equipment authentication is passed, each communication is ensured to have a unique key, the risk of repeated use or stealing of the session key is effectively prevented, replay attack is effectively prevented, thereby enhancing the confidentiality of data transmission, then, a preset private key is used for encrypting the session key, an encryption string is generated and sent to the electronic equipment, the process not only protects the safe transmission of the session key, but also further strengthens a communication link by utilizing the uniqueness and confidentiality of the private key, so that the electronic equipment is more difficult to be cracked by an unauthorized third party, when an encrypted message body sent by the electronic equipment and a first algorithm identifier are received, the device and the server can use various encryption and decryption algorithms to carry out corresponding encryption and decryption, the possibility of the encrypted and decryption algorithms are reduced, and finally, the possibility of the encrypted message body and the decryption algorithm can be reduced, and the error of the encryption and decryption algorithm can be reduced, and the error of the message can be completely transmitted in the transmission process.
It should be noted that, the execution body of the embodiment may be a computing service device having functions of data processing, network communication and program running, such as a tablet computer, a personal computer, a mobile phone, or an electronic device capable of implementing the above functions.
The present embodiment will be described below using a server as an execution body.
Based on this, an embodiment of the present application provides a message body encryption method, and referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the message body encryption method of the present application.
In this embodiment, the message body encryption method includes steps S10 to S40:
step S10, under the condition that the authentication of the electronic equipment is passed, generating a session key according to the received equipment identification;
the session key is a key used for encrypting and decrypting the message content in the communication session, and may be a random number generated by an algorithm or a hash value calculated based on a device identifier, which corresponds to a disposable key that is temporarily generated during each communication process and cannot be copied.
When the electronic device attempts to access the server, for example, it first needs to pass an authentication process (such as inputting a correct user name and password), and after passing the authentication, a unique session key is generated based on the unique identifier (device identifier) of the electronic device, and the session key is sent to the electronic device for subsequent data encryption and decryption operations.
It can be appreciated that by randomly generating the key string, it is ensured that each generated key string is unique and is difficult to crack and reuse, preventing replay attacks.
Step S20, encrypting a session key by using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic equipment, so that the electronic equipment decrypts the encrypted string by using the preset public key to obtain the session key, and encrypts an initial message body by using the session key to obtain an encrypted message body;
In a possible embodiment, the server encrypts one session key (session key) using the private key and then sends the encrypted session key (encrypted string) to the client. The client decrypts the session key using the public key and encrypts subsequent communication data using the session key.
It should be noted that the public key and the private key need to be used in pairs and stored in the electronic device and the server respectively before communication, and the message body refers to specific content that the electronic device wants to communicate with the server.
The server first encrypts the initial temporary session key using the private key and then sends the encrypted result (encrypted string) to the electronic device, preventing theft of the temporary session key. After the electronic equipment receives the encrypted message body, the encrypted message body is decrypted by using the corresponding public key to obtain an original temporary session key, and then the message body to be transmitted is encrypted by using the temporary session key to obtain the encrypted message body, so that the encrypted message body is difficult to decrypt under the condition of undefined decryption algorithm and key even if the encrypted message body is intercepted or stolen by a third party.
By way of example, a digital signature technology can be introduced at the server side to ensure the integrity of temporary session key transmission, and meanwhile, the method is also used for authenticating the identity of the server to avoid man-in-the-middle attack.
The method includes the steps of selecting a set of encryption algorithm from a plurality of preset encryption and decryption algorithms randomly or according to the security requirement of a user when a session key is encrypted by using a preset private key, and transmitting an encrypted string obtained by encryption and an algorithm identifier to electronic equipment after encryption is completed. After the electronic equipment receives the encrypted string, a corresponding decryption algorithm is determined according to the algorithm identification, and then the encrypted string is decrypted by using the corresponding decryption algorithm and the public key to obtain the session key. Therefore, the problem that the session key is leaked due to the fact that the encrypted string is cracked by violence caused by using the same set of encryption algorithm for a long time can be avoided, and the risk of data leakage is further reduced.
It can be understood that the confidentiality and the integrity of the temporary session key in the transmission process are ensured by using the private key to encrypt and decrypt the public key, so that only an authorized entity can acquire the temporary session key information, the information is prevented from being stolen by a third party or being impersonated by a legal user, and the possibility that the information is revealed to an unauthorized third party and the identity is stolen is effectively reduced.
Step S30, under the condition that an encrypted message body and a first algorithm identifier sent by the electronic equipment are received, determining a decryption algorithm according to the first algorithm identifier;
It should be noted that the algorithm identifier refers to a code or identifier for identifying a specific encryption algorithm or decryption algorithm, the first algorithm identifier is an identifier for identifying an encryption algorithm used for encrypting the message body, and the decryption algorithm corresponds to the encryption algorithm and refers to an algorithm for restoring the encrypted message body to the original data content.
Illustratively, a plurality of paired encryption algorithms and decryption algorithms are preset in the electronic device and the server, and are stored in association with corresponding first algorithm identifications. When the electronic equipment encrypts the message body, an encryption algorithm is randomly selected from the message body to encrypt the initial message body, and the encrypted message body and the first algorithm identification are sent to the server. After the server receives the first algorithm identification, the corresponding decryption algorithm can be determined according to the first algorithm identification.
Referring to fig. 2, fig. 2 provides an overall architecture diagram of a message body encryption method, a maintainer 300 presets a public key and an encryption and decryption algorithm in an electronic device 100, presets a private key and the same encryption and decryption algorithm in a server 200, and the electronic device 100 and the server 200 can determine the encryption and decryption algorithm used by the opposite party according to the received algorithm identifier.
It can be understood that by arranging a plurality of encryption algorithms, data leakage of other messages can not be caused even if one of the encryption algorithms is cracked, and by the identification of the first algorithm, only a receiver matched with a correct decryption algorithm can decrypt the message body, so that the possibility of unauthorized access to sensitive information and data leakage in the communication process is reduced.
And step S40, decrypting the encrypted message body by using a decryption algorithm and the session key to obtain an initial message body.
The server, after determining the decryption algorithm, determines a corresponding temporary session key (session key) directly from the device identity, and decrypts the encrypted message body using the corresponding decryption algorithm and temporary session key, thereby yielding the original, unencrypted message content.
It can be appreciated that by the use of the decryption algorithm in conjunction with the temporary session key, it is ensured that only the receiver who knows the correct decryption algorithm and correct key can decrypt the message, ensuring that only the authorized receiver can access and understand the original message, thereby reducing the risk of data leakage and unauthorized access.
The embodiment provides a message body encryption method, which is characterized in that a temporary session key generated by private key encryption is used for preventing the temporary session key from being stolen by a third party, a corresponding decryption algorithm is determined through a first algorithm identifier, and even if the encrypted message body is intercepted by the third party, the corresponding decryption algorithm cannot be determined, and the original message content cannot be acquired.
In one possible embodiment, step S20 includes:
Step S21, encrypting a session key by using a private key and a random number to obtain an encrypted string;
It should be noted that, the random number refers to disposable data which is hard to predict and is used in the encryption process, such as tiny voltage fluctuation, network delay and the like when computer hardware runs.
Illustratively, in a payment scenario, the server encrypts the payment information using a private key and a timestamp (random number) when sending the payment request.
Step S22, the encryption string and the random number are sent to the electronic equipment, so that the electronic equipment decrypts the encryption string by using the public key and the random number to obtain a session key.
Illustratively, the electronic device (e.g., a payment terminal) upon receiving the encrypted information decrypts and verifies the timestamp using the public key and the random number, ensuring that the payment request is within a valid time, and if the request is out of date, the payment terminal will refuse to process and disconnect.
It is also possible to ensure that the data has not been tampered with during transmission, by hashing the random number, for example.
In the embodiment, the session key is encrypted and is safely transmitted to the electronic equipment, so that the session key can be ensured not to be acquired by an unauthorized third party, and the confidentiality and the integrity of communication are protected.
In a possible embodiment, before step S10, further includes:
step S01, under the condition that a device identifier, a first key string and a second algorithm identifier sent by electronic equipment are received, determining a device password according to the device identifier;
the device password is stored in the server when the electronic device is registered.
Step S02, determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm adopted when the electronic equipment encrypts the equipment password;
In an exemplary embodiment, a plurality of encryption algorithms are preset in the electronic device and the server, and when the electronic device encrypts the device password, a set of encryption algorithm is generally selected randomly from the electronic device, and the server can determine which set of encryption algorithm is used by the electronic device through the algorithm identification for subsequent first key string verification.
It can be understood that, because the encryption algorithm adopted each time may have a difference, the encryption body (the first key string) generated by encrypting the same device password each time is different, so that a third party is difficult to violently break the encryption body, thereby reducing the occurrence probability of a data leakage event in the communication process of the electronic device and the server.
Step S03, encrypting the equipment password by using an encryption algorithm to obtain a second key string;
step S04, in the case that the first key string and the second key string are the same, the authentication success of the electronic equipment is confirmed.
In the authentication process of the electronic device, the server encrypts the device password by using an encryption algorithm to obtain a second key string, compares the second key string with the received first key string to confirm the identity of the electronic device, and if the second key string is identical to the first key string, the electronic device is authenticated as a legal user and can communicate with the server.
An exemplary embodiment of the present invention is shown in fig. 3, in which fig. 3 provides an interaction diagram of device authentication, specifically, an electronic device performs step S101 to randomly select a set of encryption algorithm, encrypts a device password input by a user to obtain a first key string (S102), then performs step S103 to send a device identifier, the first key string and the algorithm identifier to a server, and after receiving the device identifier, the first key string and the algorithm identifier sent by the electronic device, the server performs step S104 to retrieve the device password stored in the database according to the device identifier and determine the encryption algorithm selected by the electronic device according to the algorithm identifier, then proceeds to step S105 to encrypt the retrieved device password using the encryption algorithm to obtain a second key string, and compares the first key string and the second key string (S106), and if they are the same, confirms that the electronic device authentication is passed, and the electronic device and the server can perform subsequent communication (S107).
In the embodiment, when the electronic equipment hopes to authenticate through the equipment password, the equipment password is encrypted by using an encryption algorithm, so that the password can be effectively prevented from being directly stolen or cracked, a server determines the corresponding encryption algorithm through an algorithm identifier, compares whether a key string generated by encryption is identical with a received key string, completes the equipment authentication process, and confirms the legitimacy of the equipment identity, thereby reducing the occurrence probability of data leakage and unauthorized access.
Based on the above-mentioned first embodiment, a second embodiment of the message body encryption method of the present application is provided, in this embodiment, the message body encryption method is applied to an electronic device, and the message body encryption method includes:
step A10, under the condition that an encrypted string sent by a server is received, decrypting the encrypted string by using a preset public key to obtain a session key, wherein the session key is generated by the server according to the equipment identifier, and the encrypted string is obtained by encrypting the session key by using a private key by the server;
Illustratively, after receiving an encrypted version (second key string) of the session key sent by the server, this encrypted Hui key is decrypted using a preset public key to obtain the session key (session key) for subsequent communications.
It will be appreciated that by using asymmetric encryption techniques, the risk of data leakage during data transmission is reduced, ensuring that only devices holding the correct public key are able to decrypt and access the data. Meanwhile, the private key encryption is equivalent to a digital signature, and the server side is prevented from repudiating the transmitted information.
Step A20, encrypting an initial message body by using a session key to obtain an encrypted message body;
it can be understood that the initial message body is encrypted using the session key (session key), so that confidentiality of the initial message body is ensured and data leakage is prevented.
And step A30, transmitting the encrypted message body and the first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypting the encrypted message body by using the decryption algorithm and the session key to obtain an initial message body.
Illustratively, the client encrypts the transaction data using the session key and transmits the encrypted data and the algorithm identification to the server, which determines a decryption algorithm based on the algorithm identification and decrypts the transaction data using the session key to verify the transaction information.
For an example, in order to facilitate understanding of the implementation flow of the message body encryption method obtained after the first embodiment is combined with the first embodiment, please refer to fig. 4, fig. 4 provides a schematic message communication diagram between an electronic device and a server, specifically, the server firstly executes step S201 to randomly generate a session key according to a device identifier, the session key is randomly generated each time at the beginning of a session and destroyed after the communication ends, ensuring that each communication uses a different session key, then executes step S202 to encrypt the generated session key by using a preset private key to obtain an encrypted string and send the encrypted string to the electronic device (S203), the electronic device executes step S204 to decrypt the encrypted string by using a preset public key to obtain a session key for communication, then executes step S205 to encrypt an initial message body by using the session key to obtain an encrypted message body and send each encrypted message body to the server (S206), the server executes step S207 to determine a corresponding algorithm identifier and decrypt the initial message body by using the algorithm identifier after receiving the algorithm identifier and the encrypted message body, and then executes the decryption algorithm to obtain the initial message body by using the initial message body and then executes the decryption algorithm to decrypt step S to obtain the initial message body.
In the embodiment, confidentiality and integrity of an initial message body in a transmission process are ensured through encryption communication, data leakage and tampering are prevented, and through introduction of algorithm identification, communication between electronic equipment and a server can be performed based on different algorithms, the possibility that the encrypted message body is cracked by violence is reduced, and therefore the occurrence probability of data leakage in the communication process is reduced.
In one possible embodiment, step a30 includes:
And step A31, the first algorithm identification is packaged in the flag bit of the message transmission protocol, and the encrypted message body is sent to the server through the message transmission protocol, so that the server obtains the first algorithm identification by reading the flag bit of the message transmission protocol.
It should be noted that the message transmission protocol refers to a set of rules for specifying how data is transmitted in the network, including the format and transmission mechanism of the data packet, and the flag bit is a bit or field in the message transmission protocol for indicating specific information, and is used for carrying additional information. Message transmission protocols in which additional information may be embedded include, but are not limited to, AMQP (ADVANCED MESSAGE streaming Protocol, advanced message queue Protocol), MQTT (Message Queuing Telemetry Transport, message queue telemetry transmission Protocol).
Illustratively, an identification of the encryption algorithm (e.g., "AES-256") is encapsulated in a header flag of the mail protocol, the encrypted mail content is sent to the recipient, and the recipient can obtain the encryption algorithm identification (first algorithm identification) by reading the flag of the mail header, and decrypt the data using the corresponding decryption algorithm.
It can be appreciated that by encapsulating the algorithm identifier in the flag bit of the message transmission protocol, the overhead of data transmission can be reduced, and meanwhile, the risk of tampering the algorithm identifier is reduced, so that the algorithm identifier is protected by the protocol, and the occurrence probability of data leakage in the communication process is further reduced.
In a possible embodiment, before step a20, further comprises:
step B10, in the case of receiving the encrypted string and the random number sent by the server, decrypting the encrypted string by using the public key and the random number to obtain a session key, and executing the steps of encrypting the initial message body and thereafter by using the session key.
Illustratively, the encrypted session key (encryption string) is decrypted using the pre-installed public key and the last four bits of the random number according to a preset rule (e.g., taking the last 4 bits of the random number for encryption and decryption) with the server to obtain the session key (session key) for subsequent communications.
Illustratively, in the subsequent communication process, the message body is encrypted by using the session key and the random number to obtain an encrypted message body, and the encryption algorithm identifier is encapsulated in the flag bit of the MQTT, and the encrypted message body is sent to the server through the MQTT.
In the embodiment, confidentiality and integrity of a session key (session key) in a transmission process are ensured by introducing a random number and a public key encryption technology, man-in-the-middle attacks and key leakage are prevented, and meanwhile, each communication is unique due to the use of the random number, so that even if an attacker intercepts and breaks out the session key, the session key cannot be reused in subsequent communication.
In a possible embodiment, after step B10, further comprising:
Step B20, comparing whether the time interval between the time stamp and the current time exceeds a preset time threshold value under the condition that the random number is the time stamp;
It should be noted that, the timestamp represents a mark of a certain data or an event generating time, and is used to verify the timeliness of the data, typically a character sequence, and may be accurate to the number of seconds or milliseconds when the event occurs. The current time refers to the current date and time obtained from a system clock or other time source, and the time threshold is used to control the expiration of certain operations or data.
It will be appreciated that the use of a time stamp and a pre-set time threshold interval check ensures that data is processed within a valid time, prevents stale data from causing erroneous operation, and ensures data integrity and tamper resistance.
Step B30, disconnecting the connection with the server under the condition that the time interval exceeds the time threshold;
Step B40, in the case that the time interval does not exceed the time threshold, performing a step of encrypting the initial message body using the session key.
Illustratively, after receiving a time stamp transmitted as a random number, the current date and time are acquired, a difference (time interval) between the time stamp and the current time is calculated, and the calculated time interval is compared with a preset time threshold. If the difference is too large and exceeds the safe time threshold, the current information is considered to be possibly outdated, and possibly tampered by a third party, and the connection with the server is disconnected to ensure safety. If the time difference is within an acceptable range, the current communication is continued.
In the embodiment, by verifying the time stamp, an attacker can be prevented from attacking by using the old data packet, and the timeliness of the message is ensured, so that the risk of message leakage in the communication process is reduced.
It should be noted that the foregoing examples are only for understanding the present application, and are not meant to limit the message body encryption method of the present application, and more forms of simple transformation based on the technical concept are all within the scope of the present application.
An embodiment of the present application further provides a message body encryption device, referring to fig. 5, where the message body encryption device is applied to a server, and the device includes:
A key generation module 10, configured to generate a session key according to the received device identifier in a case where the electronic device authentication passes;
The key encryption module 20 is configured to encrypt the session key with a preset private key to obtain an encrypted string, and send the encrypted string to the electronic device, so that the electronic device decrypts the encrypted string with the preset public key to obtain a session key, and encrypts an initial message body with the session key to obtain an encrypted message body;
An algorithm determining module 30, configured to determine a decryption algorithm according to a first algorithm identifier when the encrypted message body and the first algorithm identifier sent by the electronic device are received;
and a message body decryption module 40, configured to decrypt the encrypted message body by using the decryption algorithm and the session key, to obtain the initial message body.
The message body encryption device provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process by adopting the message body encryption method in the embodiment. Compared with the prior art, the beneficial effects of the message body encryption device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the message body encryption device are the same as those disclosed by the method of the embodiment, so that the description is omitted herein.
An embodiment of the present application further provides a message body encryption device, referring to fig. 6, where the message body encryption device is applied to an electronic device, and the device includes:
A key decryption module 50, configured to decrypt, when an encrypted string sent by a server is received, the encrypted string with a preset public key to obtain a session key, where the session key is generated by the server according to a device identifier, and the encrypted string is obtained by encrypting, by the server, the session key with a preset private key;
a message body encryption module 60, configured to encrypt an initial message body by using the session key, to obtain an encrypted message body;
And a message sending module 70, configured to send the encrypted message body and the first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
The message body encryption device provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process by adopting the message body encryption method in the embodiment. Compared with the prior art, the beneficial effects of the message body encryption device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the message body encryption device are the same as those disclosed by the method of the embodiment, so that the description is omitted herein.
The embodiment of the application provides a server, which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the first embodiment.
Reference is now made to FIG. 7, which illustrates a schematic diagram of a server suitable for use in implementing embodiments of the present application. The server in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (Personal DIGITAL ASSISTANT: personal digital assistant), a PAD (Portable Application Description: tablet), a PMP (Portable MEDIA PLAYER: portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), etc., a fixed terminal such as a digital TV, a desktop computer, etc. The server illustrated in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 7, the server may include a processing device 1001 (e.g., a central processing unit, a graphics processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access Memory (RAM: random Access Memory) 1004. In the RAM1004, various programs and data required for the operation of the server are also stored. The processing device 1001, the ROM1002, and the RAM1004 are connected to each other by a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus. In general, a system including an input device 1007 such as a touch screen, a touch pad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc., an output device 1008 including a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), a speaker, a vibrator, etc., a storage device 1003 including a magnetic tape, a hard disk, etc., and a communication device 1009 may be connected to the I/O interface 1006. The communication means 1009 may allow the server to communicate with other devices wirelessly or by wire to exchange data. While a server having various systems is illustrated in the figures, it is to be understood that not all illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through a communication device, or installed from the storage device 1003, or installed from the ROM 1002. The above-described functions defined in the method of the disclosed embodiment of the application are performed when the computer program is executed by the processing device 1001.
The server provided by the embodiment of the application adopts the message body encryption method in the embodiment, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the server provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the server are the same as those disclosed by the method of the previous embodiment, and are not repeated here.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The embodiment of the application provides electronic equipment, which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the first embodiment.
Referring now to fig. 8, a schematic diagram of an electronic device suitable for use in implementing embodiments of the present application is shown. The electronic device in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (Personal DIGITAL ASSISTANT: personal digital assistant), a PAD (Portable Application Description: tablet computer), a PMP (Portable MEDIA PLAYER: portable multimedia player), an in-vehicle terminal (e.g., an in-vehicle navigation terminal), and the like, a fixed terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 8 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
As shown in fig. 8, the electronic device may include a processing means 2001 (e.g., a central processor, a graphics processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 2002 or a program loaded from the storage means 2003 into a random access Memory (RAM: random Access Memory) 2004. In the RAM2004, various programs and data required for the operation of the electronic device are also stored. The processing device 2001, ROM2002, and RAM2004 are connected to each other by a bus 2005. An input/output (I/O) interface 2006 is also connected to the bus. In general, a system including an input device 2007 such as a touch screen, a touch panel, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, and the like, an output device 2008 including a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), a speaker, a vibrator, and the like, a storage device 2003 including a magnetic tape, a hard disk, and the like, and a communication device 2009 may be connected to the I/O interface 2006. The communication means 2009 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While electronic devices having various systems are shown in the figures, it should be understood that not all of the illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via a communication device, or installed from the storage device 2003, or installed from the ROM 2002. The above-described functions defined in the method of the disclosed embodiment of the application are performed when the computer program is executed by the processing device 2001.
The electronic equipment provided by the embodiment of the application adopts the message body encryption method in the embodiment, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the electronic device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features of the electronic device are the same as those disclosed by the method of the previous embodiment, and are not repeated herein.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
An embodiment of the present application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon for performing the message body encryption method in the above-described embodiment.
The computer readable storage medium provided by the embodiments of the present application may be, for example, a usb disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RAM: random Access Memory), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (EPROM: erasable Programmable Read Only Memory or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, the computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (Radio Frequency) and the like, or any suitable combination of the foregoing.
The computer readable storage medium may be included in the server and/or the electronic device, or may exist alone without being incorporated in the server and/or the electronic device.
The computer readable storage medium carries one or more programs, when the one or more programs are executed by a server, the server generates a session key according to a received device identifier when the electronic device passes authentication, encrypts the session key by using a preset private key to obtain an encrypted string, and sends the encrypted string to the electronic device, so that the electronic device decrypts the encrypted string by using a preset public key to obtain the session key, encrypts an initial message body by using the session key to obtain an encrypted message body, determines a decryption algorithm according to the first algorithm identifier when the encrypted message body sent by the electronic device and the first algorithm identifier are received, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
The computer readable storage medium carries one or more programs, and when the one or more programs are executed by the electronic device, the electronic device is caused to decrypt the encrypted string by using a preset public key to obtain a session key under the condition that the encrypted string sent by the server is received, wherein the session key is generated by the server according to the device identifier, the encrypted string is obtained by encrypting the session key by using a preset private key by the server, the initial message body is encrypted by using the session key to obtain an encrypted message body, the encrypted message body and a first algorithm identifier are sent to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN: local Area Network) or a wide area network (WAN: wide Area Network), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present application may be implemented in software or in hardware. Wherein the name of the module does not constitute a limitation of the unit itself in some cases.
The readable storage medium provided by the embodiment of the application is a computer readable storage medium, and the computer readable storage medium stores computer readable program instructions (i.e. a computer program) for executing the message body encryption method, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the application are the same as those of the message body encryption method provided by the above embodiment, and are not described herein.
The embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of a message body encryption method as described above.
The computer program product provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process. Compared with the prior art, the beneficial effects of the computer program product provided by the application are the same as those of the message body encryption method provided by the above embodiment, and are not described herein.
The foregoing description is only a partial embodiment of the present application, and is not intended to limit the scope of the present application, and all the equivalent structural changes made by the description and the accompanying drawings under the technical concept of the present application, or the direct/indirect application in other related technical fields are included in the scope of the present application.