CN111224943A - Internet encryption data transmission method - Google Patents
Internet encryption data transmission methodDownload PDFInfo
- Publication number
- CN111224943A CN111224943ACN201911144822.6ACN201911144822ACN111224943ACN 111224943 ACN111224943 ACN 111224943ACN 201911144822 ACN201911144822 ACN 201911144822ACN 111224943 ACN111224943 ACN 111224943A
- Authority
- CN
- China
- Prior art keywords
- receiving end
- key
- sending end
- integrity check
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540biological transmissionEffects0.000titleclaimsabstractdescription14
- 238000000034methodMethods0.000titleclaimsabstractdescription13
- 238000012790confirmationMethods0.000claimsdescription3
- FGUUSXIOTUKUDN-IBGZPJMESA-NC1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2Chemical compoundC1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2FGUUSXIOTUKUDN-IBGZPJMESA-N0.000claimsdescription2
- 238000013478data encryption standardMethods0.000description4
- 230000004048modificationEffects0.000description2
- 238000012986modificationMethods0.000description2
- 230000009286beneficial effectEffects0.000description1
- 230000007547defectEffects0.000description1
- 238000010586diagramMethods0.000description1
- 238000005538encapsulationMethods0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Technical Field
The invention relates to the field of data transmission methods, in particular to an internet encryption data transmission method.
Background
At present, SSL or IPsec is mostly adopted for internet data transmission in the market, but the performance is very low when the SSL or IPsec is used for data transmission, the SSL or IPsec cannot be well qualified under the condition of large flow, the bandwidth of 1Gbps can only run to 100Mbps, and particularly the performance is far from enough when the 5G era comes.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects in the prior art and provide an internet encryption data transmission method.
The invention is realized by the following technical scheme:
an internet encryption transmission data method is characterized by comprising the following steps:
a. establishing an ssl secure channel between a sending end and a receiving end;
b. the sending end sends a handshake request message to the receiving end, and the receiving end returns a handshake response message to the sending end after receiving the handshake request message;
c. the sending end sends a first random number message to the receiving end, the receiving end sends a second random number message to the sending end, and the sending end sends a confirmation message to the receiving end after receiving the second random number message;
d. the sending end and the receiving end respectively utilize the first random number, the second random number and the local integrity key to carry out XOR operation to obtain an integrity check key;
e. the sending end and the receiving end respectively use the first random number, the second random number and the local private key to carry out XOR operation to obtain a symmetric key;
f. the sending end carries out encryption operation on plaintext data by using the symmetric secret key to obtain a ciphertext;
g. the sending end utilizes the integrity check secret key to carry out MD5 algorithm operation on the ciphertext obtained in the step f to obtain a sending end integrity check value, and sends the ciphertext and the sending end integrity check value to the receiving end;
h. the receiving end utilizes the integrity check secret key to carry out MD5 algorithm operation on the received ciphertext to obtain a receiving end integrity check value, the receiving end integrity check value is compared with the transmitting end integrity check value, and whether the ciphertext is tampered or not is confirmed;
i. and the receiving end decrypts the received ciphertext by using the symmetric key to obtain plaintext data.
Preferably, the algorithm for encrypting plaintext data or decrypting ciphertext using a symmetric key is a DES or AES algorithm.
Preferably, the integrity check key is 32 bits.
Preferably, the symmetric key is 256 bits.
The invention has the beneficial effects that:
the internet data transmission method in the invention does not need to use SSL mechanism to encrypt, only uses SSL security channel to transmit relevant information such as handshake, random number, etc., uses the important information and local private key to generate final symmetric encryption key, the subsequent data encryption algorithm can be flexibly selected, the security is higher than that of common SSL, and the transmission performance can be obviously improved.
Drawings
FIG. 1 is a schematic flow diagram of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood by those skilled in the art, the present invention will be further described in detail with reference to the accompanying drawings and preferred embodiments.
Establishing an ssl secure channel between a sending end and a receiving end;
the sending end sends a handshake request message, and the receiving end receives the handshake request message and then returns a handshake response message to the receiving end;
a sending end sends a random number message X to a receiving end, the receiving end sends a random number Y message to the sending end, and the sending end sends a confirmation message to the receiving end;
the sending end and the receiving end respectively use the random number X, Y and the local integrity key to perform exclusive-or operation to obtain a 32-bit integrity check key auth _ key, and simultaneously use the random number X, Y and the local private key N to perform exclusive-or operation to obtain a 256-bit symmetric key encrypt _ key, thereby completing final key negotiation;
the sending end sends the data hello, firstly, the symmetric secret key encrypt _ key is used for carrying out encryption operation on a plaintext by using algorithms such as DES (data encryption standard), AES (advanced encryption standard) and the like to obtain a ciphertext, and the ciphertext is sent to the receiving end;
the sending end uses auth _ key to perform MD5 algorithm operation on the whole ciphertext to obtain an integrity check value, the integrity check value is placed in an auth _ data field of a message encapsulation head, and finally the message is sent to the receiving end;
the receiving end receives the ciphertext data, firstly, MD5 algorithm operation is carried out on the whole ciphertext by using auth _ key to obtain an integrity check value, whether the integrity check value is the same as the auth value of the message header is compared, the same data represents that the data is not tampered, then, the symmetric secret key encrypt _ key is used for carrying out DES, AES and other algorithm decryption on the ciphertext to obtain the plaintext, and the obtained data is hello.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (4)
1. An internet encryption transmission data method is characterized by comprising the following steps:
a. establishing an ssl secure channel between a sending end and a receiving end;
b. the sending end sends a handshake request message to the receiving end, and the receiving end returns a handshake response message to the sending end after receiving the handshake request message;
c. the sending end sends a first random number message to the receiving end, the receiving end sends a second random number message to the sending end, and the sending end sends a confirmation message to the receiving end after receiving the second random number message;
d. the sending end and the receiving end respectively utilize the first random number, the second random number and the local integrity key to carry out XOR operation to obtain an integrity check key;
e. the sending end and the receiving end respectively use the first random number, the second random number and the local private key to carry out XOR operation to obtain a symmetric key;
f. the sending end carries out encryption operation on plaintext data by using the symmetric secret key to obtain a ciphertext;
g. the sending end utilizes the integrity check secret key to carry out MD5 algorithm operation on the ciphertext obtained in the step f to obtain a sending end integrity check value, and sends the ciphertext and the sending end integrity check value to the receiving end;
h. the receiving end utilizes the integrity check secret key to carry out MD5 algorithm operation on the received ciphertext to obtain a receiving end integrity check value, the receiving end integrity check value is compared with the transmitting end integrity check value, and whether the ciphertext is tampered or not is confirmed;
i. and the receiving end decrypts the received ciphertext by using the symmetric key to obtain plaintext data.
2. The method for encrypting and transmitting data through the internet as claimed in claim 1, wherein the algorithm for encrypting the plaintext data or decrypting the ciphertext by using the symmetric key is a DES or AES algorithm.
3. The internet encryption transmission data method according to claim 1, wherein the integrity check key is 32 bits.
4. The method as claimed in claim 1, wherein the symmetric key is 256 bits.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911144822.6ACN111224943A (en) | 2019-11-21 | 2019-11-21 | Internet encryption data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911144822.6ACN111224943A (en) | 2019-11-21 | 2019-11-21 | Internet encryption data transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111224943Atrue CN111224943A (en) | 2020-06-02 |
Family
ID=70829010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911144822.6APendingCN111224943A (en) | 2019-11-21 | 2019-11-21 | Internet encryption data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111224943A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594226A (en)* | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| WO2014025459A1 (en)* | 2012-08-09 | 2014-02-13 | Cisco Technology, Inc. | Low latency encryption and authentication in optical transport networks |
| CN106534077A (en)* | 2016-10-18 | 2017-03-22 | 华南理工大学 | Authenticable agent re-encryption system and method based on symmetric cryptography |
| CN106549963A (en)* | 2016-11-05 | 2017-03-29 | 北京工业大学 | Safe storage system based on HDFS |
| CN107105060A (en)* | 2017-05-27 | 2017-08-29 | 天津恒天新能源汽车研究院有限公司 | A kind of method for realizing electric automobile information security |
| CN109347809A (en)* | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
- 2019
- 2019-11-21CNCN201911144822.6Apatent/CN111224943A/enactivePending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594226A (en)* | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| WO2014025459A1 (en)* | 2012-08-09 | 2014-02-13 | Cisco Technology, Inc. | Low latency encryption and authentication in optical transport networks |
| CN106534077A (en)* | 2016-10-18 | 2017-03-22 | 华南理工大学 | Authenticable agent re-encryption system and method based on symmetric cryptography |
| CN106549963A (en)* | 2016-11-05 | 2017-03-29 | 北京工业大学 | Safe storage system based on HDFS |
| CN107105060A (en)* | 2017-05-27 | 2017-08-29 | 天津恒天新能源汽车研究院有限公司 | A kind of method for realizing electric automobile information security |
| CN109347809A (en)* | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107104977B (en) | Block chain data secure transmission method based on SCTP | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN102025505A (en) | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device | |
| CN110138795B (en) | Multi-step mixed encryption and decryption method in communication process | |
| CN109005027B (en) | Random data encryption and decryption method, device and system | |
| CN113542428B (en) | Vehicle data uploading method and device, vehicle, system and storage medium | |
| CN116321129B (en) | Lightweight dynamic key-based power transaction private network communication encryption method | |
| CN114499857B (en) | Method for realizing data correctness and consistency in encryption and decryption of large data quanta | |
| CN106850185A (en) | A kind of method and system for being encrypted communication | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN116132025A (en) | Key negotiation method, device and communication system based on preset key group | |
| CN108494554B (en) | Data symmetric encryption method based on double plaintexts | |
| CN115001758B (en) | Quantum encryption-based short byte message security encryption method | |
| CN110365482B (en) | Data communication method and device | |
| CN104618355B (en) | A kind of safety storage and the method for transmission data | |
| CN104579645B (en) | Key updating method based on AES encryption system | |
| CN109587149A (en) | A kind of safety communicating method and device of data | |
| CN116743505B (en) | Safety transmission encryption method based on national secret | |
| CN206602532U (en) | A kind of system that communication is encrypted | |
| CN117749909A (en) | Data transmission method, data processing method and computer equipment | |
| US20100014670A1 (en) | One-Way Hash Extension for Encrypted Communication | |
| CN110022213A (en) | A kind of more level of confidentiality processing methods based on quantum key protection computer data | |
| CN114124369B (en) | Multi-group quantum key cooperation method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication | Application publication date:20200602 |