CN119652583B - Message body encryption method, server, electronic device and storage medium - Google Patents

Message body encryption method, server, electronic device and storage medium

Info

Publication number
CN119652583B
CN119652583B CN202411752136.8A CN202411752136A CN119652583B CN 119652583 B CN119652583 B CN 119652583B CN 202411752136 A CN202411752136 A CN 202411752136A CN 119652583 B CN119652583 B CN 119652583B
Authority
CN
China
Prior art keywords
message body
session key
encrypted
server
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411752136.8A
Other languages
Chinese (zh)
Other versions
CN119652583A (en
Inventor
冯喜锋
梁荣辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kaihong Digital Industry Development Co Ltd
Original Assignee
Shenzhen Kaihong Digital Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kaihong Digital Industry Development Co Ltd filed Critical Shenzhen Kaihong Digital Industry Development Co Ltd
Priority to CN202411752136.8A priority Critical patent/CN119652583B/en
Publication of CN119652583A publication Critical patent/CN119652583A/en
Application granted granted Critical
Publication of CN119652583B publication Critical patent/CN119652583B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本申请公开了一种消息体加密方法、服务器、电子设备及存储介质,涉及安全加密技术领域,应用于服务器的消息体加密方法包括:在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;使用预设的私钥加密会话密钥,得到加密串,并将加密串发送至电子设备,以使电子设备使用预设的公钥对加密串进行解密,得到会话密钥,并使用会话密钥加密初始消息体,得到加密消息体;在接收到电子设备发送的加密消息体和第一算法标识的情形下,根据第一算法标识,确定解密算法;使用解密算法和会话密钥,对加密消息体进行解密,得到初始消息体。本申请通过加密传输,降低了数据传输过程中数据泄露的发生概率。

The present application discloses a message body encryption method, a server, an electronic device, and a storage medium, and relates to the field of security encryption technology. The message body encryption method applied to the server includes: generating a session key based on a received device identifier when the electronic device is authenticated; encrypting the session key using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic device so that the electronic device decrypts the encrypted string using a preset public key to obtain a session key, and encrypting an initial message body using the session key to obtain an encrypted message body; upon receiving an encrypted message body and a first algorithm identifier sent by the electronic device, determining a decryption algorithm based on the first algorithm identifier; and decrypting the encrypted message body using the decryption algorithm and the session key to obtain the initial message body. The present application reduces the probability of data leakage during data transmission through encrypted transmission.

Description

Message body encryption method, server, electronic device and storage medium
Technical Field
The present application relates to the specific technical field, and in particular, to a message body encryption method, a server, an electronic device, and a storage medium.
Background
With the widespread use of information technology, messaging between devices and servers is becoming increasingly frequent. To protect the security and integrity of data, various message body encryption means are commonly employed in the conventional art, including, but not limited to, encrypting data using encryption algorithms, and securing the updating of keys for each communication through a dynamic key agreement mechanism.
Common authentication protocols and digital signature techniques also provide authentication and data integrity protection at the message transport level, so that the security of data during transmission is further enhanced. Although the conventional security protection strategy provides powerful guarantee for communication, the problems of difficult secure storage of a static key, complicated process of key negotiation, difficult long-term validity maintenance of an encryption algorithm and the like all result in increased risk of illegal interception or leakage of data in the transmission process.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present application and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The application mainly aims to provide a message body encryption method, a server, electronic equipment and a storage medium, and aims to reduce the occurrence probability of data leakage in the communication process.
In order to achieve the above object, the present application provides a message body encryption method, applied to a server, the method comprising:
under the condition that the authentication of the electronic equipment is passed, generating a session key according to the received equipment identifier;
Encrypting the session key by using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic equipment, so that the electronic equipment decrypts the encrypted string by using a preset public key to obtain a session key, and encrypts an initial message body by using the session key to obtain an encrypted message body;
Under the condition that the encrypted message body and a first algorithm identifier sent by the electronic equipment are received, determining a decryption algorithm according to the first algorithm identifier;
And decrypting the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In one embodiment, the step of encrypting the session key using a private key to obtain an encrypted string and transmitting the encrypted string to the electronic device includes:
Encrypting the session key by using the private key and the random number to obtain an encrypted string;
And sending the encryption string and the random number to the electronic equipment so that the electronic equipment can decrypt the encryption string by using the public key and the random number to obtain a session key.
In an embodiment, before the step of generating the session key according to the received device identifier, the method further includes:
under the condition that the equipment identifier, the first key string and the second algorithm identifier sent by the electronic equipment are received, determining an equipment password according to the equipment identifier;
determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm adopted when the electronic equipment encrypts the equipment password;
encrypting the equipment password by using the encryption algorithm to obtain a second key string;
And under the condition that the first key string and the second key string are the same, confirming that the authentication of the electronic equipment is successful.
In addition, in order to achieve the above object, the present application further provides a message body encryption method, applied to an electronic device, where the method includes:
Under the condition that an encryption string sent by a server is received, decrypting the encryption string by using a preset public key to obtain a session key, wherein the session key is generated by the server according to a device identifier, and the encryption string is obtained by encrypting the session key by using a preset private key by the server;
encrypting the initial message body by using the session key to obtain an encrypted message body;
And sending the encrypted message body and a first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In one embodiment, the step of sending the encrypted message body and the first algorithm identification to the server includes:
And encapsulating the first algorithm identifier in a flag bit of a message transmission protocol, and sending the encrypted message body to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol.
In an embodiment, before the step of encrypting the initial message body using the session key, the method further comprises:
And under the condition that the encrypted string and the random number sent by the server are received, decrypting the encrypted string by using the public key and the random number to obtain a session key.
In an embodiment, after the step of obtaining the session key, the method further includes:
Comparing whether the time interval between the time stamp and the current time exceeds a preset time threshold value under the condition that the random number is the time stamp;
disconnecting a connection with the server in case the time interval exceeds the time threshold;
the steps of encrypting an initial message body using the session key and thereafter are performed if the time interval does not exceed the time threshold.
In addition, in order to achieve the above object, the present application also proposes a message body encryption apparatus applied to a server, the message body encryption apparatus comprising:
The key generation module is used for generating a session key according to the received equipment identifier under the condition that the authentication of the electronic equipment is passed;
the key encryption module is used for encrypting the session key by using a preset private key to obtain an encryption string, and sending the encryption string to the electronic equipment so that the electronic equipment can decrypt the encryption string by using the preset public key to obtain a session key, and encrypting an initial message body by using the session key to obtain an encrypted message body;
The algorithm determining module is used for determining a decryption algorithm according to the first algorithm identifier under the condition that the encrypted message body and the first algorithm identifier sent by the electronic equipment are received;
and the message body decryption module is used for decrypting the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In addition, in order to achieve the above object, the present application also proposes a message body encryption apparatus, which is applied to an electronic device, the message body encryption apparatus comprising:
The key decryption module is used for decrypting the encrypted string by using a preset public key under the condition of receiving the encrypted string sent by the server to obtain a session key, wherein the session key is generated by the server according to the equipment identifier, and the encrypted string is obtained by encrypting the session key by using a preset private key by the server;
the message body encryption module is used for encrypting the initial message body by using the session key to obtain an encrypted message body;
and the message sending module is used for sending the encrypted message body and the first algorithm identifier to the server so that the server can determine a decryption algorithm according to the first algorithm identifier, and decrypt the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
In addition, to achieve the above object, the present application also proposes a storage medium, which is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the message body encryption method as described above.
The technical scheme provided by the application is applied to a server, and has the technical effects that under the condition that the authentication of the electronic equipment is passed, a session key is generated according to the received equipment identification, so that each session is ensured to have a unique key, the risk of interception or cracking is reduced, then, a preset private key is used for encrypting the session key to obtain an encryption string, the encryption is used for encrypting the initial message body by using the private key, the confidentiality of the session key in the transmission process is ensured, the encryption string is further sent to the electronic equipment, unauthorized equipment (namely equipment without a corresponding public key) cannot acquire the session key even if the encryption string is intercepted, further, under the condition that an encrypted message body sent by the electronic equipment and a first algorithm identification are received, a decryption algorithm for decrypting the encrypted message body is determined according to the first algorithm identification, and only equipment knowing the matching relation between the algorithm identification and the encryption algorithm can determine a correct decryption algorithm, so that the message leakage is avoided, only the equipment with the session key is used for encrypting the initial message body, only equipment with the session key can generate the encryption string, the encryption string is not used for decrypting the correct message body, the message body is encrypted by using the encryption algorithm, the encryption algorithm can not be generated, and the confidentiality of the message body is also can be completely verified in the transmission process, and the message is completely encrypted, and the message is prevented from being tampered. The application ensures confidentiality and reliability of data transmission through encryption and decryption processes, and reduces occurrence probability of data leakage in the communication process between the electronic equipment and the server.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of a message body encryption method according to an embodiment of the present application;
Fig. 2 is a general architecture diagram of a message body encryption method according to a first embodiment of the present application;
FIG. 3 is an interactive schematic diagram of device authentication according to a first embodiment of the present application;
fig. 4 is a schematic diagram of message communication between an electronic device and a server according to a second embodiment of the present application;
Fig. 5 is a schematic block diagram of a message body encryption device according to an embodiment of the application;
FIG. 6 is a schematic block diagram of another message body encryption device according to an embodiment of the present application;
Fig. 7 is a schematic structural diagram of a server related to a message body encryption method in an embodiment of the present application;
Fig. 8 is a schematic structural diagram of an electronic device related to a message body encryption method in an embodiment of the present application.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the technical solution of the present application and are not intended to limit the present application.
For a better understanding of the technical solution of the present application, the following detailed description will be given with reference to the drawings and the specific embodiments.
In the conventional technology, the static key is exposed in the long-term storage process, if the static key is illegally acquired, the confidentiality of data is difficult to guarantee even if both communication parties use an encryption technology, and with the enhancement of computing capacity and the appearance of a new attack method, the original encryption algorithm may become unsafe, the message content between equipment and a server may be stolen by a third party, and the message leakage is caused, which directly leads to the increase of the occurrence probability of the data leakage.
The application provides a solution, which is applied to a server, and is characterized in that firstly, a device password is determined according to a device identifier sent by electronic equipment before communication, a key string sent by the electronic equipment is verified by encrypting the device password, so that the legitimacy of the electronic equipment is ensured, a session key is dynamically generated according to the received device identifier under the condition that the electronic equipment authentication is passed, each communication is ensured to have a unique key, the risk of repeated use or stealing of the session key is effectively prevented, replay attack is effectively prevented, thereby enhancing the confidentiality of data transmission, then, a preset private key is used for encrypting the session key, an encryption string is generated and sent to the electronic equipment, the process not only protects the safe transmission of the session key, but also further strengthens a communication link by utilizing the uniqueness and confidentiality of the private key, so that the electronic equipment is more difficult to be cracked by an unauthorized third party, when an encrypted message body sent by the electronic equipment and a first algorithm identifier are received, the device and the server can use various encryption and decryption algorithms to carry out corresponding encryption and decryption, the possibility of the encrypted and decryption algorithms are reduced, and finally, the possibility of the encrypted message body and the decryption algorithm can be reduced, and the error of the encryption and decryption algorithm can be reduced, and the error of the message can be completely transmitted in the transmission process.
It should be noted that, the execution body of the embodiment may be a computing service device having functions of data processing, network communication and program running, such as a tablet computer, a personal computer, a mobile phone, or an electronic device capable of implementing the above functions.
The present embodiment will be described below using a server as an execution body.
Based on this, an embodiment of the present application provides a message body encryption method, and referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the message body encryption method of the present application.
In this embodiment, the message body encryption method includes steps S10 to S40:
step S10, under the condition that the authentication of the electronic equipment is passed, generating a session key according to the received equipment identification;
the session key is a key used for encrypting and decrypting the message content in the communication session, and may be a random number generated by an algorithm or a hash value calculated based on a device identifier, which corresponds to a disposable key that is temporarily generated during each communication process and cannot be copied.
When the electronic device attempts to access the server, for example, it first needs to pass an authentication process (such as inputting a correct user name and password), and after passing the authentication, a unique session key is generated based on the unique identifier (device identifier) of the electronic device, and the session key is sent to the electronic device for subsequent data encryption and decryption operations.
It can be appreciated that by randomly generating the key string, it is ensured that each generated key string is unique and is difficult to crack and reuse, preventing replay attacks.
Step S20, encrypting a session key by using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic equipment, so that the electronic equipment decrypts the encrypted string by using the preset public key to obtain the session key, and encrypts an initial message body by using the session key to obtain an encrypted message body;
In a possible embodiment, the server encrypts one session key (session key) using the private key and then sends the encrypted session key (encrypted string) to the client. The client decrypts the session key using the public key and encrypts subsequent communication data using the session key.
It should be noted that the public key and the private key need to be used in pairs and stored in the electronic device and the server respectively before communication, and the message body refers to specific content that the electronic device wants to communicate with the server.
The server first encrypts the initial temporary session key using the private key and then sends the encrypted result (encrypted string) to the electronic device, preventing theft of the temporary session key. After the electronic equipment receives the encrypted message body, the encrypted message body is decrypted by using the corresponding public key to obtain an original temporary session key, and then the message body to be transmitted is encrypted by using the temporary session key to obtain the encrypted message body, so that the encrypted message body is difficult to decrypt under the condition of undefined decryption algorithm and key even if the encrypted message body is intercepted or stolen by a third party.
By way of example, a digital signature technology can be introduced at the server side to ensure the integrity of temporary session key transmission, and meanwhile, the method is also used for authenticating the identity of the server to avoid man-in-the-middle attack.
The method includes the steps of selecting a set of encryption algorithm from a plurality of preset encryption and decryption algorithms randomly or according to the security requirement of a user when a session key is encrypted by using a preset private key, and transmitting an encrypted string obtained by encryption and an algorithm identifier to electronic equipment after encryption is completed. After the electronic equipment receives the encrypted string, a corresponding decryption algorithm is determined according to the algorithm identification, and then the encrypted string is decrypted by using the corresponding decryption algorithm and the public key to obtain the session key. Therefore, the problem that the session key is leaked due to the fact that the encrypted string is cracked by violence caused by using the same set of encryption algorithm for a long time can be avoided, and the risk of data leakage is further reduced.
It can be understood that the confidentiality and the integrity of the temporary session key in the transmission process are ensured by using the private key to encrypt and decrypt the public key, so that only an authorized entity can acquire the temporary session key information, the information is prevented from being stolen by a third party or being impersonated by a legal user, and the possibility that the information is revealed to an unauthorized third party and the identity is stolen is effectively reduced.
Step S30, under the condition that an encrypted message body and a first algorithm identifier sent by the electronic equipment are received, determining a decryption algorithm according to the first algorithm identifier;
It should be noted that the algorithm identifier refers to a code or identifier for identifying a specific encryption algorithm or decryption algorithm, the first algorithm identifier is an identifier for identifying an encryption algorithm used for encrypting the message body, and the decryption algorithm corresponds to the encryption algorithm and refers to an algorithm for restoring the encrypted message body to the original data content.
Illustratively, a plurality of paired encryption algorithms and decryption algorithms are preset in the electronic device and the server, and are stored in association with corresponding first algorithm identifications. When the electronic equipment encrypts the message body, an encryption algorithm is randomly selected from the message body to encrypt the initial message body, and the encrypted message body and the first algorithm identification are sent to the server. After the server receives the first algorithm identification, the corresponding decryption algorithm can be determined according to the first algorithm identification.
Referring to fig. 2, fig. 2 provides an overall architecture diagram of a message body encryption method, a maintainer 300 presets a public key and an encryption and decryption algorithm in an electronic device 100, presets a private key and the same encryption and decryption algorithm in a server 200, and the electronic device 100 and the server 200 can determine the encryption and decryption algorithm used by the opposite party according to the received algorithm identifier.
It can be understood that by arranging a plurality of encryption algorithms, data leakage of other messages can not be caused even if one of the encryption algorithms is cracked, and by the identification of the first algorithm, only a receiver matched with a correct decryption algorithm can decrypt the message body, so that the possibility of unauthorized access to sensitive information and data leakage in the communication process is reduced.
And step S40, decrypting the encrypted message body by using a decryption algorithm and the session key to obtain an initial message body.
The server, after determining the decryption algorithm, determines a corresponding temporary session key (session key) directly from the device identity, and decrypts the encrypted message body using the corresponding decryption algorithm and temporary session key, thereby yielding the original, unencrypted message content.
It can be appreciated that by the use of the decryption algorithm in conjunction with the temporary session key, it is ensured that only the receiver who knows the correct decryption algorithm and correct key can decrypt the message, ensuring that only the authorized receiver can access and understand the original message, thereby reducing the risk of data leakage and unauthorized access.
The embodiment provides a message body encryption method, which is characterized in that a temporary session key generated by private key encryption is used for preventing the temporary session key from being stolen by a third party, a corresponding decryption algorithm is determined through a first algorithm identifier, and even if the encrypted message body is intercepted by the third party, the corresponding decryption algorithm cannot be determined, and the original message content cannot be acquired.
In one possible embodiment, step S20 includes:
Step S21, encrypting a session key by using a private key and a random number to obtain an encrypted string;
It should be noted that, the random number refers to disposable data which is hard to predict and is used in the encryption process, such as tiny voltage fluctuation, network delay and the like when computer hardware runs.
Illustratively, in a payment scenario, the server encrypts the payment information using a private key and a timestamp (random number) when sending the payment request.
Step S22, the encryption string and the random number are sent to the electronic equipment, so that the electronic equipment decrypts the encryption string by using the public key and the random number to obtain a session key.
Illustratively, the electronic device (e.g., a payment terminal) upon receiving the encrypted information decrypts and verifies the timestamp using the public key and the random number, ensuring that the payment request is within a valid time, and if the request is out of date, the payment terminal will refuse to process and disconnect.
It is also possible to ensure that the data has not been tampered with during transmission, by hashing the random number, for example.
In the embodiment, the session key is encrypted and is safely transmitted to the electronic equipment, so that the session key can be ensured not to be acquired by an unauthorized third party, and the confidentiality and the integrity of communication are protected.
In a possible embodiment, before step S10, further includes:
step S01, under the condition that a device identifier, a first key string and a second algorithm identifier sent by electronic equipment are received, determining a device password according to the device identifier;
the device password is stored in the server when the electronic device is registered.
Step S02, determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm adopted when the electronic equipment encrypts the equipment password;
In an exemplary embodiment, a plurality of encryption algorithms are preset in the electronic device and the server, and when the electronic device encrypts the device password, a set of encryption algorithm is generally selected randomly from the electronic device, and the server can determine which set of encryption algorithm is used by the electronic device through the algorithm identification for subsequent first key string verification.
It can be understood that, because the encryption algorithm adopted each time may have a difference, the encryption body (the first key string) generated by encrypting the same device password each time is different, so that a third party is difficult to violently break the encryption body, thereby reducing the occurrence probability of a data leakage event in the communication process of the electronic device and the server.
Step S03, encrypting the equipment password by using an encryption algorithm to obtain a second key string;
step S04, in the case that the first key string and the second key string are the same, the authentication success of the electronic equipment is confirmed.
In the authentication process of the electronic device, the server encrypts the device password by using an encryption algorithm to obtain a second key string, compares the second key string with the received first key string to confirm the identity of the electronic device, and if the second key string is identical to the first key string, the electronic device is authenticated as a legal user and can communicate with the server.
An exemplary embodiment of the present invention is shown in fig. 3, in which fig. 3 provides an interaction diagram of device authentication, specifically, an electronic device performs step S101 to randomly select a set of encryption algorithm, encrypts a device password input by a user to obtain a first key string (S102), then performs step S103 to send a device identifier, the first key string and the algorithm identifier to a server, and after receiving the device identifier, the first key string and the algorithm identifier sent by the electronic device, the server performs step S104 to retrieve the device password stored in the database according to the device identifier and determine the encryption algorithm selected by the electronic device according to the algorithm identifier, then proceeds to step S105 to encrypt the retrieved device password using the encryption algorithm to obtain a second key string, and compares the first key string and the second key string (S106), and if they are the same, confirms that the electronic device authentication is passed, and the electronic device and the server can perform subsequent communication (S107).
In the embodiment, when the electronic equipment hopes to authenticate through the equipment password, the equipment password is encrypted by using an encryption algorithm, so that the password can be effectively prevented from being directly stolen or cracked, a server determines the corresponding encryption algorithm through an algorithm identifier, compares whether a key string generated by encryption is identical with a received key string, completes the equipment authentication process, and confirms the legitimacy of the equipment identity, thereby reducing the occurrence probability of data leakage and unauthorized access.
Based on the above-mentioned first embodiment, a second embodiment of the message body encryption method of the present application is provided, in this embodiment, the message body encryption method is applied to an electronic device, and the message body encryption method includes:
step A10, under the condition that an encrypted string sent by a server is received, decrypting the encrypted string by using a preset public key to obtain a session key, wherein the session key is generated by the server according to the equipment identifier, and the encrypted string is obtained by encrypting the session key by using a private key by the server;
Illustratively, after receiving an encrypted version (second key string) of the session key sent by the server, this encrypted Hui key is decrypted using a preset public key to obtain the session key (session key) for subsequent communications.
It will be appreciated that by using asymmetric encryption techniques, the risk of data leakage during data transmission is reduced, ensuring that only devices holding the correct public key are able to decrypt and access the data. Meanwhile, the private key encryption is equivalent to a digital signature, and the server side is prevented from repudiating the transmitted information.
Step A20, encrypting an initial message body by using a session key to obtain an encrypted message body;
it can be understood that the initial message body is encrypted using the session key (session key), so that confidentiality of the initial message body is ensured and data leakage is prevented.
And step A30, transmitting the encrypted message body and the first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypting the encrypted message body by using the decryption algorithm and the session key to obtain an initial message body.
Illustratively, the client encrypts the transaction data using the session key and transmits the encrypted data and the algorithm identification to the server, which determines a decryption algorithm based on the algorithm identification and decrypts the transaction data using the session key to verify the transaction information.
For an example, in order to facilitate understanding of the implementation flow of the message body encryption method obtained after the first embodiment is combined with the first embodiment, please refer to fig. 4, fig. 4 provides a schematic message communication diagram between an electronic device and a server, specifically, the server firstly executes step S201 to randomly generate a session key according to a device identifier, the session key is randomly generated each time at the beginning of a session and destroyed after the communication ends, ensuring that each communication uses a different session key, then executes step S202 to encrypt the generated session key by using a preset private key to obtain an encrypted string and send the encrypted string to the electronic device (S203), the electronic device executes step S204 to decrypt the encrypted string by using a preset public key to obtain a session key for communication, then executes step S205 to encrypt an initial message body by using the session key to obtain an encrypted message body and send each encrypted message body to the server (S206), the server executes step S207 to determine a corresponding algorithm identifier and decrypt the initial message body by using the algorithm identifier after receiving the algorithm identifier and the encrypted message body, and then executes the decryption algorithm to obtain the initial message body by using the initial message body and then executes the decryption algorithm to decrypt step S to obtain the initial message body.
In the embodiment, confidentiality and integrity of an initial message body in a transmission process are ensured through encryption communication, data leakage and tampering are prevented, and through introduction of algorithm identification, communication between electronic equipment and a server can be performed based on different algorithms, the possibility that the encrypted message body is cracked by violence is reduced, and therefore the occurrence probability of data leakage in the communication process is reduced.
In one possible embodiment, step a30 includes:
And step A31, the first algorithm identification is packaged in the flag bit of the message transmission protocol, and the encrypted message body is sent to the server through the message transmission protocol, so that the server obtains the first algorithm identification by reading the flag bit of the message transmission protocol.
It should be noted that the message transmission protocol refers to a set of rules for specifying how data is transmitted in the network, including the format and transmission mechanism of the data packet, and the flag bit is a bit or field in the message transmission protocol for indicating specific information, and is used for carrying additional information. Message transmission protocols in which additional information may be embedded include, but are not limited to, AMQP (ADVANCED MESSAGE streaming Protocol, advanced message queue Protocol), MQTT (Message Queuing Telemetry Transport, message queue telemetry transmission Protocol).
Illustratively, an identification of the encryption algorithm (e.g., "AES-256") is encapsulated in a header flag of the mail protocol, the encrypted mail content is sent to the recipient, and the recipient can obtain the encryption algorithm identification (first algorithm identification) by reading the flag of the mail header, and decrypt the data using the corresponding decryption algorithm.
It can be appreciated that by encapsulating the algorithm identifier in the flag bit of the message transmission protocol, the overhead of data transmission can be reduced, and meanwhile, the risk of tampering the algorithm identifier is reduced, so that the algorithm identifier is protected by the protocol, and the occurrence probability of data leakage in the communication process is further reduced.
In a possible embodiment, before step a20, further comprises:
step B10, in the case of receiving the encrypted string and the random number sent by the server, decrypting the encrypted string by using the public key and the random number to obtain a session key, and executing the steps of encrypting the initial message body and thereafter by using the session key.
Illustratively, the encrypted session key (encryption string) is decrypted using the pre-installed public key and the last four bits of the random number according to a preset rule (e.g., taking the last 4 bits of the random number for encryption and decryption) with the server to obtain the session key (session key) for subsequent communications.
Illustratively, in the subsequent communication process, the message body is encrypted by using the session key and the random number to obtain an encrypted message body, and the encryption algorithm identifier is encapsulated in the flag bit of the MQTT, and the encrypted message body is sent to the server through the MQTT.
In the embodiment, confidentiality and integrity of a session key (session key) in a transmission process are ensured by introducing a random number and a public key encryption technology, man-in-the-middle attacks and key leakage are prevented, and meanwhile, each communication is unique due to the use of the random number, so that even if an attacker intercepts and breaks out the session key, the session key cannot be reused in subsequent communication.
In a possible embodiment, after step B10, further comprising:
Step B20, comparing whether the time interval between the time stamp and the current time exceeds a preset time threshold value under the condition that the random number is the time stamp;
It should be noted that, the timestamp represents a mark of a certain data or an event generating time, and is used to verify the timeliness of the data, typically a character sequence, and may be accurate to the number of seconds or milliseconds when the event occurs. The current time refers to the current date and time obtained from a system clock or other time source, and the time threshold is used to control the expiration of certain operations or data.
It will be appreciated that the use of a time stamp and a pre-set time threshold interval check ensures that data is processed within a valid time, prevents stale data from causing erroneous operation, and ensures data integrity and tamper resistance.
Step B30, disconnecting the connection with the server under the condition that the time interval exceeds the time threshold;
Step B40, in the case that the time interval does not exceed the time threshold, performing a step of encrypting the initial message body using the session key.
Illustratively, after receiving a time stamp transmitted as a random number, the current date and time are acquired, a difference (time interval) between the time stamp and the current time is calculated, and the calculated time interval is compared with a preset time threshold. If the difference is too large and exceeds the safe time threshold, the current information is considered to be possibly outdated, and possibly tampered by a third party, and the connection with the server is disconnected to ensure safety. If the time difference is within an acceptable range, the current communication is continued.
In the embodiment, by verifying the time stamp, an attacker can be prevented from attacking by using the old data packet, and the timeliness of the message is ensured, so that the risk of message leakage in the communication process is reduced.
It should be noted that the foregoing examples are only for understanding the present application, and are not meant to limit the message body encryption method of the present application, and more forms of simple transformation based on the technical concept are all within the scope of the present application.
An embodiment of the present application further provides a message body encryption device, referring to fig. 5, where the message body encryption device is applied to a server, and the device includes:
A key generation module 10, configured to generate a session key according to the received device identifier in a case where the electronic device authentication passes;
The key encryption module 20 is configured to encrypt the session key with a preset private key to obtain an encrypted string, and send the encrypted string to the electronic device, so that the electronic device decrypts the encrypted string with the preset public key to obtain a session key, and encrypts an initial message body with the session key to obtain an encrypted message body;
An algorithm determining module 30, configured to determine a decryption algorithm according to a first algorithm identifier when the encrypted message body and the first algorithm identifier sent by the electronic device are received;
and a message body decryption module 40, configured to decrypt the encrypted message body by using the decryption algorithm and the session key, to obtain the initial message body.
The message body encryption device provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process by adopting the message body encryption method in the embodiment. Compared with the prior art, the beneficial effects of the message body encryption device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the message body encryption device are the same as those disclosed by the method of the embodiment, so that the description is omitted herein.
An embodiment of the present application further provides a message body encryption device, referring to fig. 6, where the message body encryption device is applied to an electronic device, and the device includes:
A key decryption module 50, configured to decrypt, when an encrypted string sent by a server is received, the encrypted string with a preset public key to obtain a session key, where the session key is generated by the server according to a device identifier, and the encrypted string is obtained by encrypting, by the server, the session key with a preset private key;
a message body encryption module 60, configured to encrypt an initial message body by using the session key, to obtain an encrypted message body;
And a message sending module 70, configured to send the encrypted message body and the first algorithm identifier to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
The message body encryption device provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process by adopting the message body encryption method in the embodiment. Compared with the prior art, the beneficial effects of the message body encryption device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the message body encryption device are the same as those disclosed by the method of the embodiment, so that the description is omitted herein.
The embodiment of the application provides a server, which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the first embodiment.
Reference is now made to FIG. 7, which illustrates a schematic diagram of a server suitable for use in implementing embodiments of the present application. The server in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (Personal DIGITAL ASSISTANT: personal digital assistant), a PAD (Portable Application Description: tablet), a PMP (Portable MEDIA PLAYER: portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), etc., a fixed terminal such as a digital TV, a desktop computer, etc. The server illustrated in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 7, the server may include a processing device 1001 (e.g., a central processing unit, a graphics processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access Memory (RAM: random Access Memory) 1004. In the RAM1004, various programs and data required for the operation of the server are also stored. The processing device 1001, the ROM1002, and the RAM1004 are connected to each other by a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus. In general, a system including an input device 1007 such as a touch screen, a touch pad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc., an output device 1008 including a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), a speaker, a vibrator, etc., a storage device 1003 including a magnetic tape, a hard disk, etc., and a communication device 1009 may be connected to the I/O interface 1006. The communication means 1009 may allow the server to communicate with other devices wirelessly or by wire to exchange data. While a server having various systems is illustrated in the figures, it is to be understood that not all illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through a communication device, or installed from the storage device 1003, or installed from the ROM 1002. The above-described functions defined in the method of the disclosed embodiment of the application are performed when the computer program is executed by the processing device 1001.
The server provided by the embodiment of the application adopts the message body encryption method in the embodiment, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the server provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features in the server are the same as those disclosed by the method of the previous embodiment, and are not repeated here.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The embodiment of the application provides electronic equipment, which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the message body encryption method in the first embodiment.
Referring now to fig. 8, a schematic diagram of an electronic device suitable for use in implementing embodiments of the present application is shown. The electronic device in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (Personal DIGITAL ASSISTANT: personal digital assistant), a PAD (Portable Application Description: tablet computer), a PMP (Portable MEDIA PLAYER: portable multimedia player), an in-vehicle terminal (e.g., an in-vehicle navigation terminal), and the like, a fixed terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 8 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
As shown in fig. 8, the electronic device may include a processing means 2001 (e.g., a central processor, a graphics processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 2002 or a program loaded from the storage means 2003 into a random access Memory (RAM: random Access Memory) 2004. In the RAM2004, various programs and data required for the operation of the electronic device are also stored. The processing device 2001, ROM2002, and RAM2004 are connected to each other by a bus 2005. An input/output (I/O) interface 2006 is also connected to the bus. In general, a system including an input device 2007 such as a touch screen, a touch panel, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, and the like, an output device 2008 including a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), a speaker, a vibrator, and the like, a storage device 2003 including a magnetic tape, a hard disk, and the like, and a communication device 2009 may be connected to the I/O interface 2006. The communication means 2009 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While electronic devices having various systems are shown in the figures, it should be understood that not all of the illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via a communication device, or installed from the storage device 2003, or installed from the ROM 2002. The above-described functions defined in the method of the disclosed embodiment of the application are performed when the computer program is executed by the processing device 2001.
The electronic equipment provided by the embodiment of the application adopts the message body encryption method in the embodiment, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the electronic device provided by the application are the same as those of the message body encryption method provided by the embodiment, and other technical features of the electronic device are the same as those disclosed by the method of the previous embodiment, and are not repeated herein.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
An embodiment of the present application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon for performing the message body encryption method in the above-described embodiment.
The computer readable storage medium provided by the embodiments of the present application may be, for example, a usb disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RAM: random Access Memory), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (EPROM: erasable Programmable Read Only Memory or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, the computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (Radio Frequency) and the like, or any suitable combination of the foregoing.
The computer readable storage medium may be included in the server and/or the electronic device, or may exist alone without being incorporated in the server and/or the electronic device.
The computer readable storage medium carries one or more programs, when the one or more programs are executed by a server, the server generates a session key according to a received device identifier when the electronic device passes authentication, encrypts the session key by using a preset private key to obtain an encrypted string, and sends the encrypted string to the electronic device, so that the electronic device decrypts the encrypted string by using a preset public key to obtain the session key, encrypts an initial message body by using the session key to obtain an encrypted message body, determines a decryption algorithm according to the first algorithm identifier when the encrypted message body sent by the electronic device and the first algorithm identifier are received, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
The computer readable storage medium carries one or more programs, and when the one or more programs are executed by the electronic device, the electronic device is caused to decrypt the encrypted string by using a preset public key to obtain a session key under the condition that the encrypted string sent by the server is received, wherein the session key is generated by the server according to the device identifier, the encrypted string is obtained by encrypting the session key by using a preset private key by the server, the initial message body is encrypted by using the session key to obtain an encrypted message body, the encrypted message body and a first algorithm identifier are sent to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and decrypts the encrypted message body by using the decryption algorithm and the session key to obtain the initial message body.
Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN: local Area Network) or a wide area network (WAN: wide Area Network), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present application may be implemented in software or in hardware. Wherein the name of the module does not constitute a limitation of the unit itself in some cases.
The readable storage medium provided by the embodiment of the application is a computer readable storage medium, and the computer readable storage medium stores computer readable program instructions (i.e. a computer program) for executing the message body encryption method, so that the occurrence probability of data leakage in the communication process can be reduced. Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the application are the same as those of the message body encryption method provided by the above embodiment, and are not described herein.
The embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of a message body encryption method as described above.
The computer program product provided by the embodiment of the application can reduce the occurrence probability of data leakage in the communication process. Compared with the prior art, the beneficial effects of the computer program product provided by the application are the same as those of the message body encryption method provided by the above embodiment, and are not described herein.
The foregoing description is only a partial embodiment of the present application, and is not intended to limit the scope of the present application, and all the equivalent structural changes made by the description and the accompanying drawings under the technical concept of the present application, or the direct/indirect application in other related technical fields are included in the scope of the present application.

Claims (10)

1.一种消息体加密方法,其特征在于,所述消息体加密方法应用于服务器,方法包括:1. A message body encryption method, characterized in that the message body encryption method is applied to a server, and the method comprises: 在电子设备认证通过的情形下,根据接收到的设备标识,生成会话密钥;If the electronic device passes authentication, a session key is generated based on the received device identification; 使用预设的私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备,以使所述电子设备使用预设的公钥对所述加密串进行解密,得到会话密钥,并使用所述会话密钥加密初始消息体,得到加密消息体;Encrypting the session key using a preset private key to obtain an encrypted string, and sending the encrypted string to the electronic device so that the electronic device decrypts the encrypted string using a preset public key to obtain a session key, and encrypting the initial message body using the session key to obtain an encrypted message body; 在接收到所述电子设备发送的所述加密消息体和第一算法标识的情形下,根据所述第一算法标识,确定解密算法;Upon receiving the encrypted message body and the first algorithm identifier sent by the electronic device, determining a decryption algorithm according to the first algorithm identifier; 使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The encrypted message body is decrypted using the decryption algorithm and the session key to obtain the initial message body. 2.如权利要求1所述的消息体加密方法,其特征在于,所述使用预设的私钥加密所述会话密钥,得到加密串,并将所述加密串发送至所述电子设备的步骤包括:2. The message body encryption method according to claim 1, wherein the step of encrypting the session key using a preset private key to obtain an encrypted string and sending the encrypted string to the electronic device comprises: 使用所述私钥和随机数加密所述会话密钥,得到加密串;Encrypt the session key using the private key and a random number to obtain an encrypted string; 将所述加密串和所述随机数发送至所述电子设备,以使所述电子设备使用所述公钥和所述随机数对所述加密串进行解密,得到会话密钥。The encrypted string and the random number are sent to the electronic device, so that the electronic device uses the public key and the random number to decrypt the encrypted string to obtain a session key. 3.如权利要求1所述的消息体加密方法,其特征在于,在所述根据接收到的设备标识,生成会话密钥的步骤之前,还包括:3. The message body encryption method according to claim 1, characterized in that before the step of generating a session key based on the received device identifier, the method further comprises: 在接收到所述电子设备发送的设备标识、第一密钥串和第二算法标识的情形下,根据所述设备标识,确定设备密码;Upon receiving the device identification, the first key string, and the second algorithm identification sent by the electronic device, determining the device password according to the device identification; 根据所述第二算法标识,确定加密算法,其中,所述加密算法为所述电子设备对所述设备密码进行加密时所采用的算法;determining an encryption algorithm according to the second algorithm identifier, wherein the encryption algorithm is an algorithm used by the electronic device to encrypt the device password; 使用所述加密算法加密所述设备密码,得到第二密钥串;Encrypt the device password using the encryption algorithm to obtain a second key string; 在所述第一密钥串和所述第二密钥串相同的情形下,确认所述电子设备认证成功。In a case where the first key string and the second key string are the same, it is confirmed that the electronic device authentication is successful. 4.一种消息体加密方法,其特征在于,所述消息体加密方法应用于电子设备,方法包括:4. A message body encryption method, characterized in that the message body encryption method is applied to an electronic device, the method comprising: 在接收到服务器发送的加密串的情形下,使用预设的公钥解密所述加密串,得到会话密钥,其中,所述会话密钥由所述服务器根据设备标识生成,所述加密串由所述服务器使用预设的私钥对所述会话密钥加密得到;Upon receiving an encrypted string sent by the server, decrypt the encrypted string using a preset public key to obtain a session key, wherein the session key is generated by the server according to the device identifier, and the encrypted string is obtained by encrypting the session key by the server using a preset private key; 使用所述会话密钥加密初始消息体,得到加密消息体;Encrypt the initial message body using the session key to obtain an encrypted message body; 向所述服务器发送所述加密消息体和第一算法标识,以使所述服务器根据所述第一算法标识,确定解密算法,并使用所述解密算法和所述会话密钥,对所述加密消息体进行解密,得到所述初始消息体。The encrypted message body and the first algorithm identifier are sent to the server, so that the server determines a decryption algorithm according to the first algorithm identifier, and uses the decryption algorithm and the session key to decrypt the encrypted message body to obtain the initial message body. 5.如权利要求4所述的消息体加密方法,其特征在于,所述向所述服务器发送所述加密消息体和第一算法标识的步骤包括:5. The message body encryption method according to claim 4, wherein the step of sending the encrypted message body and the first algorithm identifier to the server comprises: 将所述第一算法标识封装于消息传输协议的标志位中,并通过所述消息传输协议,发送所述加密消息体至所述服务器,以使所述服务器通过读取所述消息传输协议的标志位,获取所述第一算法标识。The first algorithm identifier is encapsulated in a flag bit of a message transmission protocol, and the encrypted message body is sent to the server through the message transmission protocol, so that the server obtains the first algorithm identifier by reading the flag bit of the message transmission protocol. 6.如权利要求4所述的消息体加密方法,其特征在于,在所述使用所述会话密钥加密初始消息体的步骤之前,还包括:6. The message body encryption method according to claim 4, characterized in that before the step of encrypting the initial message body using the session key, the method further comprises: 在接收到所述服务器发送的加密串和随机数的情形下,使用所述公钥和所述随机数对所述加密串进行解密,得到会话密钥。Upon receiving the encrypted string and random number sent by the server, the encrypted string is decrypted using the public key and the random number to obtain a session key. 7.如权利要求6所述的消息体加密方法,其特征在于,在所述得到会话密钥的步骤之后,还包括:7. The message body encryption method according to claim 6, characterized in that after the step of obtaining the session key, the method further comprises: 在所述随机数为时间戳的情形下,比较所述时间戳和当前时间之间的时间间隔是否超过预设的时间阈值;In the case where the random number is a timestamp, comparing whether the time interval between the timestamp and the current time exceeds a preset time threshold; 在所述时间间隔超过所述时间阈值的情形下,断开与所述服务器之间的连接;When the time interval exceeds the time threshold, disconnecting the connection with the server; 在所述时间间隔未超过所述时间阈值的情形下,执行所述使用所述会话密钥加密初始消息体及之后的步骤。In a case where the time interval does not exceed the time threshold, performing the steps of encrypting the initial message body using the session key and subsequent steps. 8.一种服务器,其特征在于,所述服务器包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序配置为实现如权利要求1至3中任一项所述的消息体加密方法的步骤。8. A server, characterized in that the server comprises: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program is configured to implement the steps of the message body encryption method according to any one of claims 1 to 3. 9.一种电子设备,其特征在于,所述电子设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序配置为实现如权利要求4至7中任一项所述的消息体加密方法的步骤。9. An electronic device, characterized in that the electronic device comprises: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program is configured to implement the steps of the message body encryption method according to any one of claims 4 to 7. 10.一种存储介质,其特征在于,所述存储介质为计算机可读存储介质,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7中任一项所述的消息体加密方法的步骤。10. A storage medium, characterized in that the storage medium is a computer-readable storage medium, and a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the message body encryption method according to any one of claims 1 to 7 are implemented.
CN202411752136.8A 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium Active CN119652583B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411752136.8A CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411752136.8A CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN119652583A CN119652583A (en) 2025-03-18
CN119652583B true CN119652583B (en) 2025-10-10

Family

ID=94945358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411752136.8A Active CN119652583B (en) 2024-12-02 2024-12-02 Message body encryption method, server, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN119652583B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120856459A (en) * 2025-09-12 2025-10-28 北京云行在线软件开发有限责任公司 Security authentication service method based on key and random algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018090967A1 (en) * 2016-11-17 2018-05-24 深圳创维数字技术有限公司 Secure data transmission method and system based on eoc network
CN117714058A (en) * 2023-11-10 2024-03-15 中国建设银行股份有限公司 Encryption and decryption algorithm switching method and device for financial business equipment and computer equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3257227B1 (en) * 2015-02-13 2021-03-31 Visa International Service Association Confidential communication management
WO2017091959A1 (en) * 2015-11-30 2017-06-08 华为技术有限公司 Data transmission method, user equipment and network side device
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
WO2023193157A1 (en) * 2022-04-06 2023-10-12 北京小米移动软件有限公司 Information processing method and apparatus, communication device, and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018090967A1 (en) * 2016-11-17 2018-05-24 深圳创维数字技术有限公司 Secure data transmission method and system based on eoc network
CN117714058A (en) * 2023-11-10 2024-03-15 中国建设银行股份有限公司 Encryption and decryption algorithm switching method and device for financial business equipment and computer equipment

Also Published As

Publication number Publication date
CN119652583A (en) 2025-03-18

Similar Documents

Publication Publication Date Title
EP4318217A1 (en) Method, apparatus, and storage medium for updating vehicle software
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
JP5981610B2 (en) Network authentication method for electronic transactions
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
US8321924B2 (en) Method for protecting software accessible over a network using a key device
CN109412812B (en) Data security processing system, method, device and storage medium
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
JP2003330365A (en) Content distribution / receiving method
CN115529591B (en) Authentication method, device, equipment and storage medium based on token
CN113282951A (en) Security verification method, device and equipment for application program
CN118337430B (en) Systems, methods, apparatuses, processors, and storage media for enabling trusted transmission and reverse authorization processing of multi-party interactive data.
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN115242397A (en) OTA upgrade security verification method and readable storage medium for vehicle EUC
CN110519304A (en) HTTPS mutual authentication method based on TEE
CN119652583B (en) Message body encryption method, server, electronic device and storage medium
CN107483388A (en) A kind of safety communicating method and its terminal and high in the clouds
KR101311059B1 (en) Revocation information management
CN117792767A (en) Communication method, related device and storage medium
CN106992978B (en) Network security management method and server
CN112559979A (en) Method for protecting software library authorized use on POS machine through hardware security chip
CN113672973A (en) Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN117879803A (en) Data transmission system, method, device and storage medium based on link encryption
CN115459929A (en) Security verification method, apparatus, electronic device, system, medium, and product
CN108960385A (en) Two dimensional code generation and verification method and system based on the encryption of multiple code key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant