Nothing Special   »   [go: up one dir, main page]

CN111030827A - Information interaction method and device, electronic equipment and storage medium - Google Patents

Information interaction method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111030827A
CN111030827A CN201911240554.8A CN201911240554A CN111030827A CN 111030827 A CN111030827 A CN 111030827A CN 201911240554 A CN201911240554 A CN 201911240554A CN 111030827 A CN111030827 A CN 111030827A
Authority
CN
China
Prior art keywords
request
random key
encrypted
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911240554.8A
Other languages
Chinese (zh)
Inventor
袁玮鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lexin Software Technology Co Ltd
Original Assignee
Shenzhen Lexin Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Lexin Software Technology Co Ltd filed Critical Shenzhen Lexin Software Technology Co Ltd
Priority to CN201911240554.8A priority Critical patent/CN111030827A/en
Publication of CN111030827A publication Critical patent/CN111030827A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses an information interaction method, an information interaction device, electronic equipment and a storage medium, wherein the method comprises the following steps: performed by an application client, the method comprising: generating a random key; the random key is used for encrypting request data by adopting RC4 to obtain encrypted request data, an RSA public key is used for encrypting the random key to obtain an encrypted random key, and the encrypted request data and a request head carrying the encrypted random key are used as request information to be sent to a server; and receiving encrypted response data returned by the server according to the request information, and decrypting the encrypted response data by using the random key to perform RC4 to obtain response data. The technical side of the embodiment can improve the safety of information interaction.

Description

Information interaction method and device, electronic equipment and storage medium
Technical Field
The embodiment of the disclosure relates to the technical field of information security, in particular to an information interaction method, an information interaction device, electronic equipment and a storage medium.
Background
In network communication, communication transmission data is easy to be intercepted or tampered, and if the communication transmission data is intercepted or tampered by a lawbreaker in the process of transmitting user privacy data, a user can be injured, such as being fraudulently injured, so that encryption of the transmission data of a client and a server is essential in network communication.
Currently, the IOS and android systems that dominate the market and recently the hongmeng systems that have been brought up have some communication security problems in the APP of such systems, i.e. the interaction between embedded clients and servers.
Disclosure of Invention
In order to maintain the security behavior of software and aim at the problem of security interaction between a client and a server, embodiments of the present disclosure provide an information interaction method, apparatus, electronic device, and storage medium, so as to improve the security of information interaction.
Additional features and advantages of the disclosed embodiments will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosed embodiments.
In a first aspect, an embodiment of the present disclosure provides an information interaction method, which is executed by an application client, and the method includes:
generating a random key;
the random key is used for encrypting request data by adopting RC4 to obtain encrypted request data, an RSA public key is used for encrypting the random key to obtain an encrypted random key, and the encrypted request data and a request head carrying the encrypted random key are used as request information to be sent to a server;
and receiving encrypted response data returned by the server according to the request information, and decrypting the encrypted response data by using the random key to perform RC4 to obtain response data.
In one embodiment, after randomly generating the random key, MD5 signing the random key is further included.
In an embodiment, the RSA public key is a public key corresponding to the application; or
The RSA public key is a public key corresponding to the application program client.
In an embodiment, the sending the request to the server includes sending an HTTPS request to the server.
In one embodiment, the generating the random key includes generating a random appKey key.
In a second aspect, an embodiment of the present disclosure further provides an information interaction method, which is executed by a server, and the method includes:
receiving request information of a client, wherein the request information comprises encrypted request data and a request head, and the request head carries an encrypted random key corresponding to the request;
decrypting the encrypted random key by using an RSA private key to obtain a random key, and decrypting the encrypted request data by using the random key to obtain request data by using RC 4;
and performing MD5 signature verification on the request data by using the random key, if the signature verification is passed, determining response data corresponding to the request data, performing RC4 encryption on the response data by using the random key, and returning the encrypted response data to the client.
In an embodiment, the method further includes, after determining response data corresponding to the request data, performing MD5 tagging on the response data using the random key.
In one embodiment, the random key is a random appKey key.
In a third aspect, an embodiment of the present disclosure further provides an information interaction apparatus configured at an application client, where the apparatus includes:
a random key generation unit for generating a random key;
the request sending unit is used for encrypting the request data by using the random key by adopting RC4 to obtain encrypted request data, encrypting the random key by using an RSA public key to obtain an encrypted random key, and sending the encrypted request data and a request head carrying the encrypted random key as request information to a server;
and the response acquisition unit is used for receiving the encrypted response data returned by the server according to the request information, and performing RC4 decryption on the encrypted response data by using the random key to obtain response data.
In one embodiment, the apparatus further comprises a key signing unit for performing MD5 signing on the random key after randomly generating the random key.
In an embodiment, the RSA public key is a public key corresponding to the application; or
The RSA public key is a public key corresponding to the application program client.
In an embodiment, the request sending unit is configured to send an HTTPS request to a server.
In an embodiment, the random key generation unit is configured to generate a random appKey key.
In a fourth aspect, an embodiment of the present disclosure further provides an information interaction apparatus, configured at a server, where the apparatus includes:
a request receiving unit, configured to receive request information of a client, where the request information includes encrypted request data and a request header, and the request header carries an encrypted random key corresponding to the request;
the request decryption unit is used for decrypting the encrypted random key by using an RSA private key to obtain a random key and performing RC4 decryption on the encrypted request data by using the random key to obtain request data;
and the request response unit is used for performing MD5 signature verification on the request data by using the random key, determining response data corresponding to the request data if the signature verification is passed, performing RC4 encryption on the response data by using the random key, and returning the encrypted response data to the client.
In an embodiment, the apparatus further includes a response data tagging unit, configured to perform MD5 tagging on the response data using the random key after determining the response data corresponding to the request data.
In one embodiment, the random key is a random appKey key.
In a sixth aspect, an embodiment of the present disclosure further provides an information interaction system, including a server and at least one client;
if any client needs to send a request to the server, generating a random key, encrypting request data by using the random key through RC4 to obtain encrypted request data, encrypting the random key by using an RSA public key to obtain an encrypted random key, and sending the encrypted request data and a request header carrying the encrypted random key to the server as request information;
after receiving the request information, the server decrypts the encrypted random key by using an RSA private key to obtain a random key, decrypts the encrypted request data by using the random key to obtain request data by using RC4, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification is passed, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client;
and the client receives the encrypted response data returned by the server according to the request information, and the encrypted response data is decrypted by RC4 by using the random key to obtain response data.
In a sixth aspect, an embodiment of the present disclosure further provides an electronic device, including:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the instructions of the method of any one of the first or second aspects.
In a seventh aspect, the disclosed embodiments also provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method according to any one of the first or second aspects.
In the technical scheme of this embodiment, before the application client sends a request to the server, a random key is generated, the request data is encrypted by RC4 using the random key to obtain encrypted request data, the random key is encrypted by an RSA public key to obtain an encrypted random key, and the encrypted request data plus a request header carrying the encrypted random key is sent to the server as request information. After receiving request information of a client, a server decrypts the request information by using an RSA private key to obtain a random key, decrypts the request data by using the random key to obtain RC4, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification passes, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client. And the client receives the encrypted response data returned by the server according to the request information, and the encrypted response data is decrypted by RC4 by using the random key to obtain response data. The technical side of the embodiment can improve the safety of information interaction.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments of the present disclosure will be briefly described below, and it is obvious that the drawings in the following description are only a part of the embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the contents of the embodiments of the present disclosure and the drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information interaction method performed by an application client according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of an information interaction method performed by a server according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an information interaction device configured at an application client according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an information interaction device configured at a server according to an embodiment of the present disclosure;
FIG. 5 is an interaction flow diagram of an information interaction system provided by an embodiment of the present disclosure;
FIG. 6 shows a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
In order to make the technical problems solved, technical solutions adopted and technical effects achieved by the embodiments of the present disclosure clearer, the technical solutions of the embodiments of the present disclosure will be described in further detail below with reference to the accompanying drawings, and it is obvious that the described embodiments are only some embodiments, but not all embodiments, of the embodiments of the present disclosure. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present disclosure, belong to the protection scope of the embodiments of the present disclosure.
It should be noted that the terms "system" and "network" are often used interchangeably in the embodiments of the present disclosure. Reference to "and/or" in embodiments of the present disclosure is meant to include any and all combinations of one or more of the associated listed items. The terms "first", "second", and the like in the description and claims of the present disclosure and in the drawings are used for distinguishing between different objects and not for limiting a particular order.
It should also be noted that, in the embodiments of the present disclosure, each of the following embodiments may be executed alone, or may be executed in combination with each other, and the embodiments of the present disclosure are not limited specifically.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The technical solutions of the embodiments of the present disclosure are further described by the following detailed description in conjunction with the accompanying drawings.
Fig. 1 is a flowchart illustrating an information interaction method executed by an application client according to an embodiment of the present disclosure, where this embodiment is applicable to a case where the application client sends a request to a server and obtains response data, and the method may be executed by an information interaction device configured at the application client, as shown in fig. 1, where the information interaction method according to this embodiment includes:
in step S110, a random key is generated.
In this embodiment, an interactive relationship is established between the client and the server in a form of requesting a key, that is, a random password is generated for the request every time the client sends a request to the server.
The random key may be a variety of forms of keys, for example, an appKey key.
Further, MD5 signing may also be performed on the random key after the random key is randomly generated to reduce the information security risk.
In step S120, the random key is used to encrypt the request data by RC4 to obtain encrypted request data, and the RSA public key is used to encrypt the random key to obtain an encrypted random key, and the request header carrying the encrypted random key is added to the encrypted request data and is sent to the server as request information.
The RSA public key may be a public key corresponding to the application program, or may be a public key corresponding to the application program client.
And sending the request information to the server, wherein the request information may be request information in an HTTPS format.
In step S130, encrypted response data returned by the server according to the request message is received, and the encrypted response data is decrypted by RC4 using the random key to obtain response data.
In this embodiment, when the application client needs to send request information to the server, a random key is generated first, the random key is used to encrypt request data by using RC4 to obtain encrypted request data, an RSA public key is used to encrypt the random key to obtain an encrypted random key, and then the encrypted request data and a request header carrying the encrypted random key are sent to the server as request information. After receiving the encrypted response data returned by the server according to the request information, the encrypted response data is decrypted by RC4 by using the random key to obtain response data, so that the security during information interaction with the server can be improved.
Fig. 2 is a schematic flowchart illustrating an information interaction method executed by a server according to an embodiment of the present disclosure, where the present embodiment is a method on a server side corresponding to the foregoing embodiment. As shown in fig. 2, the information interaction method described in this embodiment is executed by a server, and the method includes:
in step S210, request information of a client is received, where the request information includes encrypted request data and a request header, and the request header carries an encrypted random key corresponding to the request.
For example, the random key may be a key in various forms, which is not limited in this embodiment, and may be, for example, a random appKey key.
In step S220, the RSA private key is used to decrypt the encrypted random key to obtain a random key, and the random key is used to perform RC4 decryption on the encrypted request data to obtain request data.
In step S230, the request data is MD5 checked by using the random key, if the check passes, response data corresponding to the request data is determined, the response data is RC4 encrypted by using the random key, and the encrypted response data is returned to the client.
Further, after response data corresponding to the request data is determined, MD5 tagging may be performed on the response data by using the random key, so as to further improve information security and reduce the risk of exposing the random key.
According to the technical scheme of the embodiment, after the server receives request information of the client, the server decrypts the request information by using an RSA private key to obtain a random key, decrypts the request information by using an RC4 to obtain request data, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification passes, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client, so that the safety of information interaction with the client can be improved.
As an implementation of the method shown in fig. 1, the present application provides an embodiment of an information interaction apparatus configured at an application client, and fig. 3 illustrates a schematic structural diagram of an information interaction apparatus provided in this embodiment, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 1, and the apparatus is configured at the application client, and may be specifically applied to various electronic devices. As shown in fig. 3, the information interaction apparatus according to the present embodiment includes a random key generation unit 310, a request transmission unit 320, and a response acquisition unit 330.
The random key generation unit 310 is configured to generate a random key.
The request sending unit 320 is configured to encrypt the request data by using the random key through RC4 to obtain encrypted request data, encrypt the random key by using an RSA public key to obtain an encrypted random key, and send the encrypted request data plus a request header carrying the encrypted random key as request information to the server.
The response obtaining unit 330 is configured to receive encrypted response data returned by the server according to the request information, and perform RC4 decryption on the encrypted response data using the random key to obtain response data.
In an embodiment, the apparatus further comprises a key signing unit (not shown in fig. 3) configured to, after randomly generating a random key, MD5 sign the random key.
In an embodiment, the RSA public key is a public key corresponding to the application; or
The RSA public key is a public key corresponding to the application program client.
In an embodiment, the request sending unit is configured to send an HTTPS request to a server.
In an embodiment, the random key generation unit is configured to generate a random appKey key.
The information interaction device provided by this embodiment can execute the information interaction method provided by the method embodiment shown in fig. 1 of this disclosure, and has the corresponding functional modules and beneficial effects of the execution method.
As an implementation of the method shown in fig. 2, the present application provides an embodiment of an information interaction device configured at a server, and fig. 4 illustrates a schematic structural diagram of an information interaction device provided in this embodiment, where the embodiment of the device corresponds to the embodiment of the method shown in fig. 2, and the device is configured at the server and can be specifically applied to various electronic devices. As shown in fig. 4, the information interaction apparatus according to this embodiment includes a request receiving unit 410, a request decrypting unit 420, and a request responding unit 430.
The request receiving unit 410 is configured to receive request information of a client, where the request information includes encrypted request data and a request header, where the request header carries an encrypted random key corresponding to the request;
the request decryption unit 420 is configured to decrypt the encrypted random key by using an RSA private key to obtain a random key, and decrypt the encrypted request data by using the random key to obtain request data by using RC 4;
the request response unit 430 is configured to perform MD5 signature verification on the request data by using the random key, determine response data corresponding to the request data if the signature verification passes, perform RC4 encryption on the response data by using the random key, and return the encrypted response data to the client.
In an embodiment, the apparatus further comprises a response data tagging unit (not shown in fig. 4), configured to perform MD5 tagging on the response data using the random key after determining the response data corresponding to the request data.
In one embodiment, the random key is a random appKey key.
The information interaction device provided by this embodiment can execute the information interaction method provided by the method embodiment shown in fig. 2 of this disclosure, and has the corresponding functional modules and beneficial effects of the execution method.
The embodiment discloses an information interaction system which comprises a server side and at least one client side.
If any client needs to send a request to the server, a random key is generated, the random key is used for encrypting request data by adopting RC4 to obtain encrypted request data, an RSA public key is used for encrypting the random key to obtain an encrypted random key, and the encrypted request data and a request head carrying the encrypted random key are used as request information to be sent to the server.
After receiving the request information, the server decrypts the encrypted random key by using an RSA private key to obtain a random key, decrypts the encrypted request data by using the random key to obtain request data by using RC4, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification is passed, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client.
And the client receives the encrypted response data returned by the server according to the request information, and the encrypted response data is decrypted by RC4 by using the random key to obtain response data.
Fig. 5 is an interaction flow diagram of an information interaction system provided by an embodiment of the present disclosure, where interaction between any client and the server is shown in fig. 5.
The client generates a random key appkey (a) in step S5110.
In step S5120, the client adds a label to MD 5: ascending parameter + appkey (a).
In step S5130, the client encrypts the message and appkey (a) with RC4 to obtain a ciphertext (B).
In step S5140, the client encrypts appkey (a) with the public key RSA to obtain ppkey (B), which is used as a request header to send the request header plus the ciphertext (B) to the server.
In step S5210, the server gateway decrypts appkey (b) with the private key RSA to obtain appkey (a).
The server gateway decrypts the ciphertext (B) by RC4 + appkey (a) in step S5220.
The server gateway, in step S5230, buffers appkey (a).
In step S5240, the service gateway performs DM5 signature verification.
In step S5310, the service of the server performs service processing according to the request, and returns a response message.
In step S5250, the server gateway performs DM5 signing: ascending parameter + appkey (a).
In step S5260, the server gateway encrypts the return message and appkey (a) with RC4 and returns the encrypted return message to the client.
In step S5150, the client decrypts the return message by using RC4 and local appkey (a).
In step S5160, the client checks the signature with DM 5.
In this embodiment, a random key is generated before an application client sends a request to a server, the random key is used to encrypt request data by using RC4 to obtain encrypted request data, an RSA public key is used to encrypt the random key to obtain an encrypted random key, and the encrypted request data and a request header carrying the encrypted random key are sent to the server as request information. After receiving request information of a client, a server decrypts the request information by using an RSA private key to obtain a random key, decrypts the request data by using the random key to obtain RC4, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification passes, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client. And the client receives the encrypted response data returned by the server according to the request information, and the encrypted response data is decrypted by RC4 by using the random key to obtain response data. The technical side of the embodiment can improve the safety of information interaction.
Referring now to FIG. 6, a block diagram of an electronic device 600 suitable for use in implementing embodiments of the present disclosure is shown. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, electronic device 600 may include a processing means (e.g., central processing unit, graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 illustrates an electronic device 600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium described above in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the disclosed embodiments, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the disclosed embodiments, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:
generating a random key;
the random key is used for encrypting request data by adopting RC4 to obtain encrypted request data, an RSA public key is used for encrypting the random key to obtain an encrypted random key, and the encrypted request data and a request head carrying the encrypted random key are used as request information to be sent to a server;
and receiving encrypted response data returned by the server according to the request information, and decrypting the encrypted response data by using the random key to perform RC4 to obtain response data.
Or:
receiving request information of a client, wherein the request information comprises encrypted request data and a request head, and the request head carries an encrypted random key corresponding to the request;
decrypting the encrypted random key by using an RSA private key to obtain a random key, and decrypting the encrypted request data by using the random key to obtain request data by using RC 4;
and performing MD5 signature verification on the request data by using the random key, if the signature verification is passed, determining response data corresponding to the request data, performing RC4 encryption on the response data by using the random key, and returning the encrypted response data to the client.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The foregoing description is only a preferred embodiment of the disclosed embodiments and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present disclosure is not limited to the particular combination of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the scope of the present disclosure. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (13)

1. An information interaction method, which is executed by an application client, the method comprising:
generating a random key;
the random key is used for encrypting request data by adopting RC4 to obtain encrypted request data, an RSA public key is used for encrypting the random key to obtain an encrypted random key, and the encrypted request data and a request head carrying the encrypted random key are used as request information to be sent to a server;
and receiving encrypted response data returned by the server according to the request information, and decrypting the encrypted response data by using the random key to perform RC4 to obtain response data.
2. The method of claim 1, further comprising, after randomly generating a random key, MD5 signing the random key.
3. The method according to claim 1, wherein the RSA public key is a public key corresponding to the application; or
The RSA public key is a public key corresponding to the application program client.
4. The method of claim 1, wherein sending a request to a server comprises sending an HTTPS request to the server.
5. The method of claim 1, wherein generating the random key comprises generating a random appKey key.
6. An information interaction method, which is executed by a server side, the method comprising:
receiving request information of a client, wherein the request information comprises encrypted request data and a request head, and the request head carries an encrypted random key corresponding to the request;
decrypting the encrypted random key by using an RSA private key to obtain a random key, and decrypting the encrypted request data by using the random key to obtain request data by using RC 4;
and performing MD5 signature verification on the request data by using the random key, if the signature verification is passed, determining response data corresponding to the request data, performing RC4 encryption on the response data by using the random key, and returning the encrypted response data to the client.
7. The method of claim 6, further comprising, after determining response data corresponding to the request data, performing MD5 signing on the response data using the random key.
8. The method of claim 1, wherein the random key is a random appKey key.
9. An information interaction device, configured at an application client, the device comprising:
a random key generation unit for generating a random key;
the request sending unit is used for encrypting the request data by using the random key by adopting RC4 to obtain encrypted request data, encrypting the random key by using an RSA public key to obtain an encrypted random key, and sending the encrypted request data and a request head carrying the encrypted random key as request information to a server;
and the response acquisition unit is used for receiving the encrypted response data returned by the server according to the request information, and performing RC4 decryption on the encrypted response data by using the random key to obtain response data.
10. An information interaction device, configured to a server, the device comprising:
a request receiving unit, configured to receive request information of a client, where the request information includes encrypted request data and a request header, and the request header carries an encrypted random key corresponding to the request;
the request decryption unit is used for decrypting the encrypted random key by using an RSA private key to obtain a random key and performing RC4 decryption on the encrypted request data by using the random key to obtain request data;
and the request response unit is used for performing MD5 signature verification on the request data by using the random key, determining response data corresponding to the request data if the signature verification is passed, performing RC4 encryption on the response data by using the random key, and returning the encrypted response data to the client.
11. An information interaction system is characterized by comprising a server side and at least one client side;
if any client needs to send a request to the server, generating a random key, encrypting request data by using the random key through RC4 to obtain encrypted request data, encrypting the random key by using an RSA public key to obtain an encrypted random key, and sending the encrypted request data and a request header carrying the encrypted random key to the server as request information;
after receiving the request information, the server decrypts the encrypted random key by using an RSA private key to obtain a random key, decrypts the encrypted request data by using the random key to obtain request data by using RC4, performs MD5 signature verification on the request data by using the random key, determines response data corresponding to the request data if the signature verification is passed, performs RC4 encryption on the response data by using the random key, and returns the encrypted response data to the client;
and the client receives the encrypted response data returned by the server according to the request information, and the encrypted response data is decrypted by RC4 by using the random key to obtain response data.
12. An electronic device, comprising:
one or more processors;
a memory for storing one or more programs;
instructions which, when executed by the one or more processors, cause the one or more processors to carry out the method of any one of claims 1-8.
13. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
CN201911240554.8A 2019-12-06 2019-12-06 Information interaction method and device, electronic equipment and storage medium Pending CN111030827A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911240554.8A CN111030827A (en) 2019-12-06 2019-12-06 Information interaction method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911240554.8A CN111030827A (en) 2019-12-06 2019-12-06 Information interaction method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111030827A true CN111030827A (en) 2020-04-17

Family

ID=70204489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911240554.8A Pending CN111030827A (en) 2019-12-06 2019-12-06 Information interaction method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111030827A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111405539A (en) * 2020-05-20 2020-07-10 孙瑛楠 Method, device, equipment and storage medium for establishing wireless connection between equipment
CN112600836A (en) * 2020-12-10 2021-04-02 北京字节跳动网络技术有限公司 Form data processing method, equipment and storage medium
CN113516475A (en) * 2021-05-14 2021-10-19 数字印记(北京)科技有限公司 Data delivery method, device, system, electronic equipment and storage medium
CN114006757A (en) * 2021-10-29 2022-02-01 京东方科技集团股份有限公司 GIS service access control method, device, framework, medium and equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
US20150082030A1 (en) * 2013-09-18 2015-03-19 Sheng-Fu Chang Security Mechanism for Video Storage System
CN105141635A (en) * 2015-09-21 2015-12-09 北京元心科技有限公司 Method and system for safe communication of group sending messages
CN107094156A (en) * 2017-06-21 2017-08-25 北京明朝万达科技股份有限公司 A kind of safety communicating method and system based on P2P patterns
CN108521393A (en) * 2018-01-31 2018-09-11 世纪龙信息网络有限责任公司 Data interactive method, device, system, computer equipment and storage medium
CN109245905A (en) * 2018-11-01 2019-01-18 四川长虹电器股份有限公司 The method that message is digitally signed and is encrypted based on RSA and aes algorithm
CN110401677A (en) * 2019-08-23 2019-11-01 RealMe重庆移动通信有限公司 Acquisition methods, device, storage medium and the electronic equipment of digital publishing rights key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
US20150082030A1 (en) * 2013-09-18 2015-03-19 Sheng-Fu Chang Security Mechanism for Video Storage System
CN105141635A (en) * 2015-09-21 2015-12-09 北京元心科技有限公司 Method and system for safe communication of group sending messages
CN107094156A (en) * 2017-06-21 2017-08-25 北京明朝万达科技股份有限公司 A kind of safety communicating method and system based on P2P patterns
CN108521393A (en) * 2018-01-31 2018-09-11 世纪龙信息网络有限责任公司 Data interactive method, device, system, computer equipment and storage medium
CN109245905A (en) * 2018-11-01 2019-01-18 四川长虹电器股份有限公司 The method that message is digitally signed and is encrypted based on RSA and aes algorithm
CN110401677A (en) * 2019-08-23 2019-11-01 RealMe重庆移动通信有限公司 Acquisition methods, device, storage medium and the electronic equipment of digital publishing rights key

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111405539A (en) * 2020-05-20 2020-07-10 孙瑛楠 Method, device, equipment and storage medium for establishing wireless connection between equipment
CN111405539B (en) * 2020-05-20 2023-08-01 孙瑛楠 Method, device, equipment and storage medium for establishing wireless connection between equipment
CN112600836A (en) * 2020-12-10 2021-04-02 北京字节跳动网络技术有限公司 Form data processing method, equipment and storage medium
CN113516475A (en) * 2021-05-14 2021-10-19 数字印记(北京)科技有限公司 Data delivery method, device, system, electronic equipment and storage medium
CN114006757A (en) * 2021-10-29 2022-02-01 京东方科技集团股份有限公司 GIS service access control method, device, framework, medium and equipment
CN114006757B (en) * 2021-10-29 2024-04-05 京东方科技集团股份有限公司 Access control method, device, architecture, medium and equipment for GIS service

Similar Documents

Publication Publication Date Title
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN111835774B (en) Data processing method, device, equipment and storage medium
CN108923925B (en) Data storage method and device applied to block chain
CN113329239B (en) Data processing method and device, storage medium and electronic equipment
CN112149168B (en) File data encryption method and device and electronic equipment
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN113810779B (en) Code stream signature verification method, device, electronic equipment and computer readable medium
CN111178874A (en) Transaction method and system based on block chain cold wallet
CN113282951B (en) Application program security verification method, device and equipment
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN111786955B (en) Method and apparatus for protecting a model
CN111130805B (en) Secure transmission method, electronic device, and computer-readable storage medium
CN112600836A (en) Form data processing method, equipment and storage medium
CN111767550B (en) Data storage method and device
CN114499893B (en) Bidding file encryption and evidence storage method and system based on block chain
CN114745207B (en) Data transmission method, device, equipment, computer readable storage medium and product
CN112995322B (en) Information transmission channel establishment method, device, storage medium and terminal
CN111935138B (en) Protection method and device for secure login and electronic equipment
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN113961931A (en) Adb tool using method and device and electronic equipment
CN113836538A (en) Data model processing method, device, server and storage medium
CN115378743B (en) Information encryption transmission method, device, equipment and medium
CN111314320B (en) Communication method, terminal, server and system based on HTTP
CN115296934B (en) Information transmission method and device based on industrial control network intrusion and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200417