CN117082501A - Mobile terminal data encryption method - Google Patents
Mobile terminal data encryption method Download PDFInfo
- Publication number
- CN117082501A CN117082501A CN202311216819.7A CN202311216819A CN117082501A CN 117082501 A CN117082501 A CN 117082501A CN 202311216819 A CN202311216819 A CN 202311216819A CN 117082501 A CN117082501 A CN 117082501A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- key
- server
- data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000005540 biological transmission Effects 0.000 claims abstract description 47
- 238000012795 verification Methods 0.000 claims description 16
- 230000009286 beneficial effect Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a mobile terminal data encryption method, which relates to the technical field of data encryption transmission, wherein a mobile terminal randomly generates a first public key, a first private key and a secret number, and a server generates a second public key and a second private key; the mobile terminal receives a second public key of the server, encrypts the first public key, the secret number, the mobile terminal equipment identifier and the user login information by using the second public key, and transmits the encrypted information to the server; the mobile terminal receives the encrypted third secret key sent by the server, decrypts the third secret key by using the first private key, encrypts the transmission data by using the third secret key and the secret number to obtain a transmission ciphertext, and transmits the transmission ciphertext to the server, and the server decrypts the transmission data by using the third secret key and the secret number to obtain the transmission data of the mobile terminal. The invention combines the asymmetric encryption and the symmetric encryption flexibly, combines the secret number and the third secret key, and fully ensures the safety of the data transmission process and standardizes the data encryption transmission process through the process of double identity authentication.
Description
Technical Field
The invention relates to the technical field of data encryption transmission, in particular to a mobile terminal data encryption method.
Background
In recent years, with the proliferation of the scale and application of the internet, the mobile internet and the cloud computing, the generation of data volume is directly caused to be increased, and the frequency of security events such as various data leakage is generated. Abnormal behaviors of users such as data theft, unauthorized access and the like not only easily cause industry sensitive information leakage and serious loss of brand reputation of organizations, but also seriously infringe citizen privacy and increasingly threaten network information security. In the prior art, when encrypting the mobile terminal data, a fixed encryption mode is generally adopted, so that a cracker can easily acquire a corresponding encryption mode and can pertinently crack the data, thereby causing data leakage.
Therefore, how to enhance the security and privacy of the data transmission process is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a mobile terminal data encryption method to overcome the defects of the prior art.
In order to achieve the above object, the present invention provides the following technical solutions:
a mobile terminal data encryption method comprises the following steps:
step 1, a mobile terminal randomly generates a first public key, a first private key and a secret number by using an asymmetric encryption algorithm, and a server generates a second public key and a second private key;
step 2, the mobile terminal receives a second public key sent by the server;
step 3, the mobile terminal encrypts the first public key, the secret number, the mobile terminal equipment identifier and the user login information by using the second public key, and transmits the encrypted first public key, the secret number, the mobile terminal equipment identifier and the user login information to the server;
step 4, the mobile terminal receives the encrypted third secret key sent by the server and decrypts the third secret key by using the first private key;
and step 5, the mobile terminal encrypts the transmission data by using the third secret key and the secret number to obtain a transmission ciphertext, and transmits the transmission ciphertext to the server.
Optionally, in the step 4, the method for generating the encrypted third key includes:
step 4.1, the server uses the second key to decrypt the first public key, the secret number, the mobile terminal equipment identifier and the user login information;
step 4.2, the server performs identity verification on the user login information;
step 4.3, the server generates a corresponding third secret key according to the mobile terminal equipment identifier;
step 4.4, the server encrypts the third key by using the first public key.
Optionally, the first public key and the first private key are pairwise keys in an asymmetric encryption algorithm, the second public key and the second private key are pairwise keys in the asymmetric encryption algorithm, and the third key is a key of the symmetric encryption algorithm.
Optionally, in the step 4.2, the method for performing identity verification on the user login information by the server includes:
the server compares the user login information with an identity information database pre-stored in the server, judges whether the user identity is stored in the identity information database, if so, the identity verification is successful, the next step is carried out, and if not, the identity verification fails, and no operation is executed.
Optionally, the user login information includes a user name and a login password.
Optionally, in step 4.3, the method for generating the corresponding third key by the server according to the mobile terminal device identifier includes:
the server compares the mobile terminal equipment identifier with a key authority configuration table pre-stored in the server, judges whether the mobile terminal equipment identifier is stored in the key authority configuration table, if yes, acquires a key corresponding to the mobile terminal equipment identifier as a third key, and otherwise, does not execute operation.
Optionally, after receiving the transmission ciphertext, the server decrypts the transmission ciphertext by using the third key and the secret number to obtain the transmission data of the mobile terminal.
Optionally, the identity information database includes a white list, a black list and a gray list, when the server performs identity verification on the user login information in the step 4.2, if the user identity is in the white list, the data transmission times of the user are not limited, if the user identity is in the black list, the data transmission of the user is forbidden, and if the user identity is in the gray list, the data transmission times of the user are limited.
According to the technical scheme, the invention provides a mobile terminal data encryption method, which has the following beneficial effects compared with the prior art:
(1) The invention uses the second pair of asymmetric keys to carry out mobile terminal equipment verification and user authentication to obtain the secret number of the mobile terminal, uses the first pair of asymmetric keys to transmit the symmetric key, namely the third key, and further uses the third key and the secret number to encrypt and decrypt the transmission data.
(2) The invention combines the asymmetric encryption and the symmetric encryption flexibly, integrates the beneficial effects of the two encryption methods, and enhances the security of the data transmission process between the mobile terminal and the server.
(3) The invention further introduces the secret number, combines the secret number with the third secret key to encrypt the transmission data together, wherein the secret number is generated by the mobile terminal, and the third secret key is generated by the server, namely the secret key for encrypting the transmission data in the invention not only comprises the secret number of the mobile terminal, but also comprises the third secret key generated by the server, thereby further ensuring the security of the data transmission process.
(4) The invention further introduces a double identity verification process, including mobile terminal equipment verification and user identity verification, and limits corresponding authorities, so that the data encryption transmission process is standardized, and the data encryption transmission efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the invention discloses a mobile terminal data encryption method, which is shown in fig. 1 and comprises the following steps:
step 1, a mobile terminal randomly generates a first public key, a first private key and a secret number by using an asymmetric encryption algorithm, and a server generates a second public key and a second private key; the first public key and the first private key are pairwise keys in an asymmetric encryption algorithm, the second public key and the second private key are pairwise keys in the asymmetric encryption algorithm, and the secret number is a random number which is generated randomly.
In the implementation process, after the mobile terminal performs one round of data transmission, the first public key, the first private key and the secret number can be automatically destroyed, and then a new randomly generated key pair and secret number are used before each round of data transmission, so that the safety of the data transmission of the mobile terminal is further ensured.
And step 2, the mobile terminal receives the second public key sent by the server.
Step 3, the mobile terminal encrypts the first public key, the secret number, the mobile terminal equipment identifier and the user login information by using the second public key, and transmits the encrypted first public key, the secret number, the mobile terminal equipment identifier and the user login information to the server; the user login information comprises a user name, a login password and the like, the mobile terminal equipment identifier uniquely corresponds to the mobile terminal equipment, and the user identifier is the number or the identity of the mobile terminal equipment.
Step 4, the mobile terminal receives the encrypted third secret key sent by the server and decrypts the third secret key by using the first private key;
the generation method of the encrypted third key comprises the following steps:
step 4.1, the server uses the second key to decrypt the first public key, the secret number, the mobile terminal equipment identifier and the user login information;
step 4.2, the server performs identity verification on the user login information, and the specific method comprises the following steps:
the server compares the user login information with an identity information database pre-stored in the server, the identity information database stores user identity information, whether the user identity is stored in the identity information database is judged, if yes, the identity verification is successful, the next step is carried out, otherwise, the identity verification fails, and no operation is executed;
step 4.3, the server generates a corresponding third secret key according to the mobile terminal equipment identifier, and the specific method is as follows:
the server compares the mobile terminal equipment identifier with a key authority configuration table pre-stored in the server, judges whether the mobile terminal equipment identifier is stored in the key authority configuration table, if yes, acquires a key corresponding to the mobile terminal equipment identifier as a third key, and otherwise, does not execute operation;
the key authority configuration table stores a mobile terminal device identifier and a unique key corresponding to the mobile terminal device identifier, and the key is used as a third key to encrypt subsequent transmission data, wherein the third key is a key of a symmetric encryption algorithm;
step 4.4, the server encrypts the third secret key by using the first public key;
and step 5, the mobile terminal encrypts the transmission data by using the third secret key and the secret number to obtain a transmission ciphertext, and transmits the transmission ciphertext to the server.
Further, after the server receives the transmission ciphertext, the server decrypts the transmission ciphertext by using the third key and the secret number to obtain the transmission data of the mobile terminal.
In another embodiment, the identity information database includes a white list, a black list and a gray list, when the server performs identity verification on the user login information in the step 4.2, if the user identity is in the white list, the data transmission times of the user are not limited, if the user identity is in the black list, the data transmission of the user is prohibited, and if the user identity is in the gray list, the data transmission times of the user are limited. The limiting times of the user members in the gray list can be set according to actual conditions or set in a grading manner according to the identity authority level of the user.
In another embodiment, a white list, a black list and a gray list may be set in the key authority configuration table, and the function is similar to that of the white list, the black list and the gray list in the identity information database, and is used for limiting the number of times of authority of the mobile terminal device, if the mobile terminal device is identified in the white list, the number of times of data transmission of the device is not limited, if the mobile terminal device is identified in the black list, the device is prohibited from transmitting data, and if the mobile terminal device is identified in the gray list, the number of times of data transmission of the device is limited. The limiting times of the equipment in the gray list can be set according to actual conditions or set in a grading manner according to the authority level of the equipment, and the invention is not limited.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. The mobile terminal data encryption method is characterized by comprising the following steps:
step 1, a mobile terminal randomly generates a first public key, a first private key and a secret number by using an asymmetric encryption algorithm, and a server generates a second public key and a second private key;
step 2, the mobile terminal receives a second public key sent by the server;
step 3, the mobile terminal encrypts the first public key, the secret number, the mobile terminal equipment identifier and the user login information by using the second public key, and transmits the encrypted first public key, the secret number, the mobile terminal equipment identifier and the user login information to the server;
step 4, the mobile terminal receives the encrypted third secret key sent by the server and decrypts the third secret key by using the first private key;
and step 5, the mobile terminal encrypts the transmission data by using the third secret key and the secret number to obtain a transmission ciphertext, and transmits the transmission ciphertext to the server.
2. The method for encrypting data at a mobile terminal according to claim 1, wherein in the step 4, the method for generating the encrypted third key is as follows:
step 4.1, the server uses the second key to decrypt the first public key, the secret number, the mobile terminal equipment identifier and the user login information;
step 4.2, the server performs identity verification on the user login information;
step 4.3, the server generates a corresponding third secret key according to the mobile terminal equipment identifier;
step 4.4, the server encrypts the third key by using the first public key.
3. The mobile terminal data encryption method according to claim 2, wherein the first public key and the first private key are pairwise keys in an asymmetric encryption algorithm, the second public key and the second private key are pairwise keys in the asymmetric encryption algorithm, and the third key is a key of the symmetric encryption algorithm.
4. The method for encrypting the mobile terminal data according to claim 2, wherein in step 4.2, the method for authenticating the user login information by the server comprises the following steps:
the server compares the user login information with an identity information database pre-stored in the server, judges whether the user identity is stored in the identity information database, if so, the identity verification is successful, the next step is carried out, and if not, the identity verification fails, and no operation is executed.
5. The method for encrypting mobile terminal data according to claim 1, wherein said user login information includes a user name and a login password.
6. The method for encrypting data at a mobile terminal according to claim 2, wherein in step 4.3, the method for generating the corresponding third key by the server according to the mobile terminal device identifier is as follows:
the server compares the mobile terminal equipment identifier with a key authority configuration table pre-stored in the server, judges whether the mobile terminal equipment identifier is stored in the key authority configuration table, if yes, acquires a key corresponding to the mobile terminal equipment identifier as a third key, and otherwise, does not execute operation.
7. The method for encrypting data at a mobile terminal according to claim 1, wherein the server decrypts the data at the mobile terminal by using the third key and the secret number after receiving the ciphertext.
8. The method for encrypting data at mobile terminal according to claim 4, wherein said identity information database comprises a white list, a black list and a gray list, and when the server performs authentication on the login information of the user in step 4.2, if the user identity is in the white list, the number of data transmissions of the user is not limited, if the user identity is in the black list, the data transmissions of the user are prohibited, and if the user identity is in the gray list, the number of data transmissions of the user is limited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311216819.7A CN117082501A (en) | 2023-09-20 | 2023-09-20 | Mobile terminal data encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311216819.7A CN117082501A (en) | 2023-09-20 | 2023-09-20 | Mobile terminal data encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117082501A true CN117082501A (en) | 2023-11-17 |
Family
ID=88717966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311216819.7A Pending CN117082501A (en) | 2023-09-20 | 2023-09-20 | Mobile terminal data encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117082501A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
-
2023
- 2023-09-20 CN CN202311216819.7A patent/CN117082501A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
| CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| CN101822082B (en) | Techniques for secure channelization between UICC and terminal | |
| CN105828332B (en) | improved method of wireless local area network authentication mechanism | |
| CN106878016A (en) | Data is activation, method of reseptance and device | |
| CN108667791B (en) | Identity authentication method | |
| CN111159684B (en) | Safety protection system and method based on browser | |
| DK2414983T3 (en) | Secure computer system | |
| CN108650261B (en) | Mobile terminal system software burning method based on remote encryption interaction | |
| CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
| CN105141629A (en) | Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN111246476B (en) | Method and device for verifying micro base station user | |
| KR101358375B1 (en) | Prevention security system and method for smishing | |
| CN117082501A (en) | Mobile terminal data encryption method | |
| CN108667800B (en) | Access authority authentication method and device | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN108768958B (en) | Verification method for data integrity and source based on no leakage of verified information by third party | |
| CN116112234B (en) | Electronic signing security verification method, system, medium and equipment | |
| CN115208650A (en) | Data security implementation method, device, medium and product based on cloud platform | |
| CN111885600A (en) | Access method of dual-card terminal, terminal and server | |
| CN113163250B (en) | Safe communication method based on smart television | |
| CN112769560B (en) | Key management method and related device | |
| CN115276991B (en) | Secure chip dynamic key generation method, secure chip device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |