[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107094156A - A kind of safety communicating method and system based on P2P patterns - Google Patents

A kind of safety communicating method and system based on P2P patterns Download PDF

Info

Publication number
CN107094156A
CN107094156A CN201710473340.XA CN201710473340A CN107094156A CN 107094156 A CN107094156 A CN 107094156A CN 201710473340 A CN201710473340 A CN 201710473340A CN 107094156 A CN107094156 A CN 107094156A
Authority
CN
China
Prior art keywords
certificate
center
communication
security capabilities
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710473340.XA
Other languages
Chinese (zh)
Other versions
CN107094156B (en
Inventor
郭迎春
喻波
王志海
王志华
秦凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN201710473340.XA priority Critical patent/CN107094156B/en
Publication of CN107094156A publication Critical patent/CN107094156A/en
Application granted granted Critical
Publication of CN107094156B publication Critical patent/CN107094156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of safety communicating method based on P2P patterns and system, comprise the following steps:By P2P communication datas and common discharge data separating;To the encrypted public key of security capabilities center requests P2P Correspondent Node clients;Random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;The random key is encrypted using the encrypted public key of opposite end client;Using the signature private key signature data splitting of local client, the data splitting includes encrypted the P2P communication datas and random key;Signed data splitting is sent to opposite end client.By this programme, safe point-to-point communication between user can be provided.

Description

A kind of safety communicating method and system based on P2P patterns
Technical field
The present invention relates to information security field, and in particular to a kind of safety communicating method and system based on P2P patterns.
Background technology
" internet+" epoch, mobile Internet development in-depth, mobile intelligent terminal is not only communication, converter tools, is even more Mobile government, mobile law enforcement, mobile office and mobile e-business etc. is promoted to develop rapidly.
As occupation rate of market highest Mobile operating system in smart mobile phone, Android possesses more than one hundred million huge users Colony, but because its code is increased income, the generality that system vulnerability is present is also beyond imagination.Information of mobile terminal security incident frequency Hair, information security turns into social concerns focus.
The method for comparing traditional guarantee personal information security in Android phone is just to try to avoid browsing sensitive net Stand, all kinds of antivirus anti-virus softwares are installed.But this can only ensure that cell phone system is safe within the specific limits, how ensure hand Machine is also safe in communication process just into a problem.
The content of the invention
In order to solve the above technical problems, the invention provides a kind of safety communicating method based on P2P patterns, including it is following Step:
1) P2P communication datas are separated with non-P2P communication datas;
2) to the encrypted public key of security capabilities center requests P2P Correspondent Node clients;
3) random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;
4) random key is encrypted using the encrypted public key of opposite end client;
7) using the signature private key signature data splitting of local client, the data splitting includes the described of unencryption P2P communication datas and random key;
8) signed data splitting and the encrypted P2P communication datas and random key are sent to opposite end visitor Family end.
Embodiments in accordance with the present invention, it is preferred that the P2P communication datas include:Instant communication data, file transmission number According to and voice communication data.
Embodiments in accordance with the present invention, it is preferred that the step 1) before, in addition to:
A) local client cryptographically applies for TF Ka Kaika to security capabilities center;
B) security capabilities center decryption application information, and application information is sent to CA centers, notifies CA to be centrally generated card Book;
C) CA centers Generate Certificate according to the application information and return to the security capabilities center;
D) certificate is sent to out card instrument by security capabilities center according to the application information;
E) drive card instrument and the certificate is write into TF cards.
Embodiments in accordance with the present invention, it is preferred that the step a) includes:
A.1) local client downloads the encrypted public key for obtaining security capabilities center;
A.2) local client encrypts application information and temporal information using the encrypted public key, is demonstrate,proved using the signature of itself Book private key signature application information and temporal information.
Embodiments in accordance with the present invention, it is preferred that the step b) includes:
B.1) inquiry database in security capabilities center obtains the public signature key of the local client;
B.2) security capabilities center using oneself encryption key decryption obtain the local client application information and Temporal information, and sign test is carried out to the application information and temporal information;
B.3) the application time information obtained according to decryption determines the information returned.
Embodiments in accordance with the present invention, it is preferred that the local client includes TF cards, the TF cards include:With user The encryption and decryption certificate and signing certificate of identity binding, while the encryption and decryption certificate, signing certificate and user profile are stored in institute State security capabilities center.
In order to solve the above technical problems, the invention provides a kind of safe communication system based on P2P patterns, the system bag Include:
At least two communication terminals, the communication terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, to be upper Layer safety applications provide user log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, random number The function that generation, TF cards are formatted;
Security capabilities center, is responsible for the function of opening with management function, log management and certificate of TF cards, coordinates The communication terminal completes encryption business:TF card business is opened, self-inspection is reported, login authentication, communication key application, opposite end card Book application, file encryption, certificate validity authentication function;
CA centers, receive the application at the security capabilities center, for when application is by verifying, to the security capabilities Center sends the certificate of application;
Communication service module, is serviced the offer communication encryption between the communication terminal, decryption.
Embodiments in accordance with the present invention, it is preferred that the security capabilities center carries out certificate authority using card instrument is driven, and issues Possesses the certificate with user identity binding in the TF cards for sending out successfully then user communication terminal, while by the certificate and user profile Security capabilities center is stored in, in case application query and encryption and decryption service.
Embodiments in accordance with the present invention, it is preferred that the certificate includes:Security capabilities center for security capabilities center Certificate and the communication terminal certificate for communication terminal, the security capabilities center certificate and communication terminal certificate divide respectively For two versions:Encryption and decryption certificate and signing certificate, the encryption and decryption certificate are used to add the communication data of communicating pair Decryption, prevents communication data from being stolen by third party, and the signing certificate is used to sign to the communication data of communicating pair, protects The data for demonstrate,proving communicating pair acquisition come from believable terminal or system.
In order to solve the above technical problems, the invention provides a kind of communication terminal, the communication terminal includes computer disposal Device and computer-readable storage medium, the computer-readable storage medium are stored with computer instruction, when the computer processor unit is held When row above computer is instructed, one of above method is performed.
By technical scheme, following beneficial technique effect is achieved:
1) realize that End to End Encryption is conversed in standard voice channel, special line is provided without any third party service provider Road or O&M are supported, it is to avoid service provider is intentionally or event of being given away secrets caused by administrative skill leak.
2) voice channel is encrypted, and call is stable, and voice is without delay.
3) after lost mobile phone, teleinstruction can be used to wipe sensitive information --- the address list of particular contact and logical The data informations such as words record.
Brief description of the drawings
Fig. 1 is present system Organization Chart
Fig. 2 be P2P of the present invention communicate-relay frame diagram
Fig. 3 is hair fastener flow chart of the present invention
Fig. 4 is client of the present invention and security capabilities center to center communications flow chart
Fig. 5 is the secret letter login process figure of the present invention
Fig. 6 is file encryption transfer process figure of the present invention.
Embodiment
The present invention is by point-to-point (P2P) communication data (instant messaging, file transmission, voice call) and common discharge data (non-P2P communication datas) is separated.Development and application software systems carry out mark processing to point-to-point (P2P) data, realize and common Internet data is separated.
<The system architecture of the present invention>
Fig. 1 shows that the system of the present invention is constituted:Cell phone intelligent terminal (can include the intelligence of various tape operation systems eventually End, such as Android intelligent terminal and ios intelligent terminals, following client is identical with intelligent terminal implication, intelligent terminal bag Include encryption TF cards, safe SDK, applications client), security capabilities center, CA centers (certificate authority, Certificate Authority), secret letter applied business platform (also referred to as secret letter, encrypted word business platform or secret letter server).Wherein, secret letter application The account that business platform is mainly responsible for the clients of safety applications such as secret letter, encrypted word is registered, logged in, nullifying, individual address pipe Reason, the management of common IM message communicatings and encrypted word telecommunication management, are the server admin platforms of client secure application software.Should Above-mentioned functions can be implemented separately by server in secret letter applied business platform, can also together be completed by server and Service Database Above-mentioned functions, can also realize above-mentioned functions by high in the clouds.
Wherein, cell phone intelligent terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, can be upper layer security application User log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, generating random number, TF card lattice are provided The interfaces such as formula.
Security capabilities center (KMC) --- main responsible TF cards are opened and management function, log management and issue card The function of book, security capabilities center coordinates encryption equipment to complete encryption business:TF card business is opened, self-inspection is reported, login authentication, The functions such as communication key application, opposite end certificate request, file encryption, certificate validity checking.
The present invention uses standard PKI systems, and CA server certificates form is the digital certificate of X.509 form.CA is issued The certificate of hair includes security capabilities center certificate and mobile phone terminal certificate, and both certificates are divided into two versions:Communication Certificate (i.e. encryption and decryption certificate) and letter of identity (i.e. signing certificate).The communication that wherein communication certificate is used between mobile phone and mobile phone Communication data between data and mobile phone and security capabilities center carries out encryption and decryption, prevents communication data from being stolen by third party. And letter of identity is used to sign to the communication data of both sides, it is ensured that the data that both sides obtain are from believable terminal or flat Platform.
The present invention provides pkcs#11 and the interface of the close 2 kinds of standards of state, it is easier to meet the selection of different user.In system Sm1, sm2, sm3 and sm4 algorithm are used according to different demands, that is, ensure that security, flexibility has been taken into account again.
Point-to-point communication data transfer uses P2P application frames in present system, can be independent of special in such system Centralized servers.In P2P structures, each node (peer) mostly has information consumer, informant simultaneously With the function of the aspect of information communication etc. three.For from computation schema, P2P has broken traditional Client/Server (C/S) mould Formula, the status of each node in a network is reciprocity.Each node both serves as server, and clothes are provided for other nodes Business, while also enjoying the service of other nodes offer.
Existing internet has some middlewares, such as NAT and fire wall, causes in two (not in same Intranet) Client can not direct communication.Most of Middleware implementations a kind of asymmetrical Communication Model, i.e. main frame in Intranet can be with The external link of initialization, and the main frame of outer net can not initialize the link to Intranet.This intranet host is hidden in centre Inaccessible after part is accomplished by P2P technologies and realizes Direct Communication between intranet and extranet main frame to cross over NAT.Adopted in the system With the P2P patterns of via node:Its principle is to two different Intranet clients by a server with public network IP Communication data is relayed and forwarded, and sees Fig. 2.Customer end A and customer end B are due to being all hidden in behind respective NAT not in figure Communication connection can be directly set up, is then first all established the link with service end S --- service end S has public network IP, then leads to again The path of S and other side's foundation is crossed to relay the data of transmission.
Support the data of diversified forms that transmission is encrypted in present system:Text, picture, file, audio frequency and video, phone Voice etc..
<The method flow of the present invention>
Client first has to security capabilities center and goes application to open card, and flow is shown in Fig. 3:
1) legitimacy of TF cards is verified;
2) drive card instrument and apply for certificate to security capabilities center;
3) CA is centrally generated certificate and returns to security capabilities center;
4) security capabilities center transmits data to out card instrument;
5) by driving card instrument to TF write-in certificates.
Security capabilities center using card instrument is driven in certificate authority, the TF cards for issuing successfully then user have and user The encrypted certificate and signing certificate of identity binding, while the certificate and user profile are stored in into security capabilities center, in case should With inquiry and encryption and decryption service.So user just possesses identity in a system of the invention.
Client downloads key after certificate authority success by Fig. 4 flow application.
Fig. 4's comprises the following steps that:
Client:
1) client downloads obtain the encrypted public key at security capabilities center;
2) client encrypts application information and temporal information using security capabilities center public key, uses the signing certificate of itself Private key signature application information and temporal information.
Security capabilities center:
1) inquiry database in security capabilities center obtains the public signature key of client;
2) security capabilities center obtains the application information and temporal information of client using the decrypted private key decryption of oneself, and The use of the public signature key sign test data of client whether is that client is sent;
3) judge whether request is out-of-date according to the temporal information of decryption, it is out-of-date, out-of-date information is returned to, if not out-of-date, then Inquire about the information that database returns to application.
Client after secret letter login interface inputs the user name after registration and password, clicks on login button by Fig. 5, will User name, encrypted message call the secret letter applied business platform for being sent to secret letter by webService, and secret letter applied business is put down Platform and security capabilities center mutual authentication return to login result, if login failure, point out user error information, login process knot Beam.If logining successfully, into secret letter main interface, log in and complete, detailed process is shown in Fig. 5.
SecID:Represent the unique ID, pubc/pric of user:The public/private key pair of user, pubs/pris are represented respectively:Respectively Represent the public/private key pair at security capabilities center.
Step 1, secret letter client sends log on request to secret letter applied business platform (secret letter server), asks bag data Including:The data (secID, 16 random numbers, current time) of secID, pubs encryption, data (secID, 16 of pric signatures Position random number, timestamp).Secret letter client, secret letter terminal herein is identical with the implication of above-mentioned cell phone intelligent terminal, is Refer to the intelligent terminal for possessing operating system.
For logging in every time for client, the random number occurred at this and the random number subsequently occurred are same random number, Purpose is to ensure this uniqueness and security for logging in;If such as 2 logins of user's adopting consecutive click chemical reaction, server and client End just cannot be distinguished by this and log in twice, and logging in twice for user can be made a distinction by the random number of generation;Random number is led to Cross Generating Random Number generation, it is difficult to be forged, so as to increase the security of system.
Step 2, secret letter applied business platform inquires about whether corresponding service condition can use according to secID.
Step 3, if it is available, then forwarding request, the request bag data of forwarding include:Pubs encryption data (secID, 16 random numbers, current time), the data (secID, 16 random numbers, timestamp) of pric signatures.
Step 4, sign test is decrypted to the request bag data of forwarding in security capabilities center, verify user, random number and when Between stab, if being proved to be successful produce server timestamp.
Step 5, decryption sign test is successful, then security capabilities center returned data bag, and the packet of return includes:Safety The data (16 random numbers, server time stamp) of token, pubc encryption, data (16 random numbers, service of pris signatures Device timestamp).
Step 6, secret letter applied business platform is according to the data of return, generation business token.
Step 7, data verification success of the secret letter applied business platform to return, to secret letter client returned data bag, is returned The packet for the data returned includes:Data (16 random numbers, server time of business token, safe token, pubc encryption Stamp), the data (16 random numbers, server time stamp) of pris signatures.
Step 8, secret letter client decryption sign test, checking random number and server timestamp, complete client to server Checking.
Step 9, secret letter client logs in secret letter to secret letter applied business platform, while carrying business token and safety token。
Step 10, secret letter applied business platform sends the request for verifying safe token to security capabilities center.
Step 11, security capabilities center returns to secret letter applied business platform and verifies whether successful result.
Step 12, if secret letter applied business platform receives the result being proved to be successful, secret letter applied business platform (secret letter Server) allow User logs in, set up connection.
Step 13, secret letter applied business platform (secret letter server) to secret letter terminal return log in whether successful result.
When being communicated between client and security capabilities center and between client and client, it is necessary to close by state Algorithm comes encryption and decryption data and signature sign test data, and because the identity private key of user is only stored in encryption TF cards, It can guarantee that the data information security between communication parties.
Client (secret letter terminal) is received log in successful result after, can be by Fig. 6 flow using corresponding Key carries out the data transmission of safety, realizes coded communication.
Fig. 6 file encryption transfer process is as follows:
Customer end A:
1) to the encrypted public key of security capabilities center requests customer end B;
2) generate random key key and the file (sm1 algorithms) of customer end B is sent to this key encrypting key;
3) using the encrypted public key encrypted random keys key (sm2 algorithms) of customer end B;
4) to be sent to the data splitting of customer end B using the signature private key signature of client (sm2 algorithms are signed plaintext Key and file), customer end B can be just sent to afterwards.
Customer end B:
1) to the public signature key of security capabilities center requests customer end A;
2) encryption key decruption key key is used, and uses key key decryption files (sm1 algorithms);
3) using the public signature key sign test signed data (sm2 algorithms) of customer end A.
The rivest, shamir, adelman for having used state close in present system, in asymmetric encryption techniques, there is two kinds of keys, It is divided into encryption key and encrypted public key, encryption key is that key is held to the owner, can not be announced, encrypted public key is key to holding The person of having is published to other people.Encryption key and signature private key in the present invention are stored in encryption TF cards or in encrypted card, no External disclosure, encrypted public key and public signature key are stored in the database at security capabilities center, are available for communicating pair to inquire about.
Specific embodiment
The encrypted word communication service system for the business level that certain communication operator is done based on the present invention.By for client it is particularly customized , the special mobile phone terminal for the security encryption chip that built-in close office of state authenticated utilizes the safe skill of commercial cipher technology and information Art, the end-to-end mobile phone speech communication encryption function of business level is provided to client, prevents eavesdropping.
By implementing technical scheme, following technique effect is achieved.
1. national business's level of confidentiality certification, voice encryption is safer.Enciphering and deciphering algorithm and sm2 asymmetric arithmetics etc. are flowed using sm1 High strength encrypting algorithm.
2. end-to-end whole encryption a, words one are close safer;End-to-end whole ciphertext transmission, random key is once conversed One key.
3. realizing that End to End Encryption is conversed in standard voice channel, special line is provided without any third party service provider Road or O&M are supported, it is to avoid service provider is intentionally or event of being given away secrets caused by administrative skill leak.
4. voice channel is encrypted, call is stable, and voice is without delay.
5. after lost mobile phone, teleinstruction can be used to wipe sensitive information --- the address list of particular contact and logical The data informations such as words record.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement for being made etc. all should protect the guarantor in the present invention Within the scope of shield.

Claims (10)

1. a kind of safety communicating method based on P2P patterns, comprises the following steps:
1) P2P communication datas are separated with non-P2P communication datas;
2) to the encrypted public key of security capabilities center requests P2P Correspondent Node clients;
3) random key is generated, and encryption will be sent to the P2P communication datas of opposite end client;
4) random key is encrypted using the encrypted public key of opposite end client;
7) using the signature private key signature data splitting of local client, the P2P that the data splitting includes unencryption leads to Letter data and random key;
8) signed data splitting and the encrypted P2P communication datas and random key are sent to opposite end client End.
2. according to the method described in claim 1, the P2P communication datas include:Instant communication data, file transfer data and Voice communication data.
3. according to the method described in claim 1, the step 1) before, in addition to:
A) local client cryptographically applies for TF Ka Kaika to security capabilities center;
B) security capabilities center decryption application information, and application information is sent to CA centers, notifies CA to be centrally generated certificate;
C) CA centers Generate Certificate according to the application information and return to the security capabilities center;
D) certificate is sent to out card instrument by security capabilities center according to the application information;
E) drive card instrument and the certificate is write into TF cards.
4. method according to claim 3, the step a) includes:
A.1) local client downloads the encrypted public key for obtaining security capabilities center;
A.2) local client encrypts application information and temporal information using the encrypted public key, private using the signing certificate of itself Key signature application information and temporal information.
5. the method according to claim 3 or 4, the step b) includes:
B.1) inquiry database in security capabilities center obtains the public signature key of the local client;
B.2) security capabilities center obtains application information and the time of the local client using the encryption key decryption of oneself Information, and sign test is carried out to the application information and temporal information;
B.3) the application time information obtained according to decryption determines the information returned.
6. according to the method described in claim 1, the local client includes TF cards, the TF cards include:With user identity The encryption and decryption certificate and signing certificate of binding, while the encryption and decryption certificate, signing certificate and user profile are stored in the peace Full Competence Center.
7. a kind of safe communication system based on P2P patterns, the system includes:
At least two communication terminals, the communication terminal encrypts TF cards using hardware, is packaged into security capabilities SDK, is upper strata peace Full application provide user log-in authentication, key agreement, certificate acquisition, hardware enciphering and deciphering, signature, key generation, generating random number, The function that TF cards are formatted;
Security capabilities center, is responsible for the function of opening with management function, log management and certificate of TF cards, coordinates described Communication terminal completes encryption business:TF card business is opened, self-inspection is reported, login authentication, communication key application, opposite end certificate Shen Please, file encryption, certificate validity authentication function;
CA centers, receive the application at the security capabilities center, for when application is by verifying, to the security capabilities center Send the certificate of application;
Communication service module, is serviced the offer communication encryption between the communication terminal, decryption.
8. system according to claim 7, the security capabilities center carries out certificate authority using card instrument is driven, issue into Work(then possesses the certificate with user identity binding in the TF cards of user communication terminal, while the certificate and user profile are stored At security capabilities center, in case application query and encryption and decryption service.
9. system according to claim 7, the certificate includes:Security capabilities center certificate for security capabilities center And the communication terminal certificate for communication terminal, the security capabilities center certificate and communication terminal certificate are respectively divided into two Individual version:Encryption and decryption certificate and signing certificate, the encryption and decryption certificate are used to carry out encryption and decryption to the communication data of communicating pair, Prevent communication data from being stolen by third party, the signing certificate is used to sign to the communication data of communicating pair, it is ensured that logical Believe that the data that both sides obtain come from believable terminal or system.
10. a kind of communication terminal, the communication terminal includes computer processor unit and computer-readable storage medium, computer storage Media storage has computer instruction, and when the computer processor unit performs above computer instruction, performing aforesaid right will Seek the method described in one of 1-6.
CN201710473340.XA 2017-06-21 2017-06-21 Secure communication method and system based on P2P mode Active CN107094156B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710473340.XA CN107094156B (en) 2017-06-21 2017-06-21 Secure communication method and system based on P2P mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710473340.XA CN107094156B (en) 2017-06-21 2017-06-21 Secure communication method and system based on P2P mode

Publications (2)

Publication Number Publication Date
CN107094156A true CN107094156A (en) 2017-08-25
CN107094156B CN107094156B (en) 2020-02-28

Family

ID=59639513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710473340.XA Active CN107094156B (en) 2017-06-21 2017-06-21 Secure communication method and system based on P2P mode

Country Status (1)

Country Link
CN (1) CN107094156B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493294A (en) * 2017-09-04 2017-12-19 上海润欣科技股份有限公司 A kind of secure accessing and management control method of the OCF equipment based on rivest, shamir, adelman
CN109361508A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method, electronic equipment and computer readable storage medium
CN109361512A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method
CN111030827A (en) * 2019-12-06 2020-04-17 深圳乐信软件技术有限公司 Information interaction method and device, electronic equipment and storage medium
CN111538973A (en) * 2020-03-26 2020-08-14 成都云巢智联科技有限公司 Personal authorization access control system based on state cryptographic algorithm
CN111931158A (en) * 2020-08-10 2020-11-13 深圳大趋智能科技有限公司 Bidirectional authentication method, terminal and server
CN114844713A (en) * 2022-05-23 2022-08-02 贵州大学 Video stream encryption method based on cryptographic algorithm and related equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1775879A3 (en) * 2005-09-09 2008-07-02 Samsung Electronics Co., Ltd. Method and Apparatus for Securely Transmitting and Receiving Data in Peer-to-Peer Manner
CN101707611A (en) * 2009-11-20 2010-05-12 北京工业大学 Safe and effective privacy protection method of P2P system
CN101741903A (en) * 2009-11-20 2010-06-16 北京工业大学 Group-based trust data management method in mobile P2P network
CN102111411A (en) * 2011-01-21 2011-06-29 南京信息工程大学 Method for switching encryption safety data among peer-to-peer user nodes in P2P network
CN102868709A (en) * 2011-07-04 2013-01-09 中国移动通信集团公司 Certificate management method and certificate management device based on P2P (peer-to-peer)
CN106470201A (en) * 2015-08-21 2017-03-01 中兴通讯股份有限公司 A kind of user authen method and device
US10057225B1 (en) * 2016-12-29 2018-08-21 Wells Fargo Bank, N.A. Wireless peer to peer mobile wallet connections

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1775879A3 (en) * 2005-09-09 2008-07-02 Samsung Electronics Co., Ltd. Method and Apparatus for Securely Transmitting and Receiving Data in Peer-to-Peer Manner
CN101707611A (en) * 2009-11-20 2010-05-12 北京工业大学 Safe and effective privacy protection method of P2P system
CN101741903A (en) * 2009-11-20 2010-06-16 北京工业大学 Group-based trust data management method in mobile P2P network
CN102111411A (en) * 2011-01-21 2011-06-29 南京信息工程大学 Method for switching encryption safety data among peer-to-peer user nodes in P2P network
CN102868709A (en) * 2011-07-04 2013-01-09 中国移动通信集团公司 Certificate management method and certificate management device based on P2P (peer-to-peer)
CN106470201A (en) * 2015-08-21 2017-03-01 中兴通讯股份有限公司 A kind of user authen method and device
US10057225B1 (en) * 2016-12-29 2018-08-21 Wells Fargo Bank, N.A. Wireless peer to peer mobile wallet connections

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493294A (en) * 2017-09-04 2017-12-19 上海润欣科技股份有限公司 A kind of secure accessing and management control method of the OCF equipment based on rivest, shamir, adelman
CN107493294B (en) * 2017-09-04 2020-08-21 上海润欣科技股份有限公司 Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm
CN109361508A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method, electronic equipment and computer readable storage medium
CN109361512A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method
CN111030827A (en) * 2019-12-06 2020-04-17 深圳乐信软件技术有限公司 Information interaction method and device, electronic equipment and storage medium
CN111538973A (en) * 2020-03-26 2020-08-14 成都云巢智联科技有限公司 Personal authorization access control system based on state cryptographic algorithm
CN111931158A (en) * 2020-08-10 2020-11-13 深圳大趋智能科技有限公司 Bidirectional authentication method, terminal and server
CN114844713A (en) * 2022-05-23 2022-08-02 贵州大学 Video stream encryption method based on cryptographic algorithm and related equipment

Also Published As

Publication number Publication date
CN107094156B (en) 2020-02-28

Similar Documents

Publication Publication Date Title
US10243742B2 (en) Method and system for accessing a device by a user
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN102547688B (en) Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel
US10742426B2 (en) Public key infrastructure and method of distribution
CN109309565A (en) A kind of method and device of safety certification
CN102685749B (en) Wireless safety authentication method orienting to mobile terminal
CN102625294B (en) Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card
CN112425136A (en) Internet of things security using multi-party computing (MPC)
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
Nyamtiga et al. Enhanced security model for mobile banking systems in Tanzania
Isobe et al. Security analysis of end-to-end encryption for zoom meetings
CN112448958B (en) Domain policy issuing method and device, electronic equipment and storage medium
CN111131416A (en) Business service providing method and device, storage medium and electronic device
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN101296083A (en) Enciphered data transmission method and system
CN105577377A (en) Identity-based authentication method and identity-based authentication system with secret key negotiation
Di Pietro et al. A two-factor mobile authentication scheme for secure financial transactions
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN114331456A (en) Communication method, device, system and readable storage medium
CN107104888B (en) Safe instant messaging method
CN101437228B (en) Method, apparatus and system for implementing wireless business based on smart card
CN109492359B (en) Secure network middleware for identity authentication and implementation method and device thereof
CN114095229B (en) Method, device and system for constructing data transmission protocol of energy internet
CN110809000A (en) Service interaction method, device, equipment and storage medium based on block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant