CN110430203A - A kind of improved safety JSON transmission method towards sensitive data - Google Patents
A kind of improved safety JSON transmission method towards sensitive data Download PDFInfo
- Publication number
- CN110430203A CN110430203A CN201910740054.4A CN201910740054A CN110430203A CN 110430203 A CN110430203 A CN 110430203A CN 201910740054 A CN201910740054 A CN 201910740054A CN 110430203 A CN110430203 A CN 110430203A
- Authority
- CN
- China
- Prior art keywords
- json
- client
- key
- data packet
- code book
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000007246 mechanism Effects 0.000 claims abstract description 3
- 230000004044 response Effects 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000008901 benefit Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of improved safety JSON transmission method towards sensitive data, system includes two, client and server end part.Firstly, realizing the distribution of code book by code book distribution mechanisms, client and server end is made to possess identical code book;It is encrypted secondly, client selects secret key pair to send out the JSON data packet sent in code book at random, and in encryption JSON transmission of data packets, carries the Code field of mark code key;Finally, server end is decrypted the encryption JSON received by the corresponding code key completion of Code Field Inquiry.This method combination symmetric cryptography, asymmetric encryption technology existing cipher mode is improved, propose new transmission flow, and the new packet format of JSON safe transmission is devised, the difficulty being cracked in JSON transmission process is greatly improved, the safety of JSON transmission is increased.
Description
Technical field
The present invention relates to communication protocol field, specially a kind of transmission side improved safety JSON towards sensitive data
Method.
Background technique
Common cipher mode is substantially symmetric cryptography and asymmetric encryption in network transmission at present.
Symmetric cryptography is that server-side and client all use identical key, and client information to be sent is using agreement
Good key is encrypted, and is transferred to server end later, after received server-side to ciphertext, is solved with the key appointed
It is close.
Asymmetric encryption needs two keys: public-key cryptography (hereinafter referred to as public key) and private cipher key are (hereinafter referred to as private
Key), public key and private key are a pair, with the data of public key encryption, could only be decrypted with corresponding private key;If added with private key
It is close, it is referred to as non-right because encryption and decryption are different key then could only be decrypted with corresponding public key
Claim encryption.If first and second are communicated, the process of normal encryption information exchange is: first generates a pair of secret keys, will wherein one
It is disclosed as public key to its other party, second obtains the public key, and sends after needing the information sent to be encrypted using the key pair
To first, then first is decrypted with the private key of oneself again.In general, mainly being issued in the form of digital certificate in reality public
Key.
JSON is a kind of lightweight data interchange format.It is a subset based on ECMAScript, using completely solely
The text formatting of programming language is stood on to store and indicate data.Succinctly and clearly hierarchical structure makes JSON become ideal
Data interaction language.It is easy to read and write, while is also easy to the parsing and generation of machine, can effectively promotes network biography
Defeated efficiency.It is used to transmit data between server end and client currently, JSON gradually replaces XML.But JSON is in safety
Property aspect there are hidden danger, when the data of transmission carry sensitive or privacy data, it is easy to be intercepted by illegal person packet capturing, visitor
There are biggish potential risks for family end and server information transmission.
In view of the above problems, there is the Encryption Algorithm of some JSON data.The JSON data encryption of current some open sources
The scene that algorithm is suitble to security requirements not high, is easy to analyze data if being truncated to by other people, therefore the effect encrypted is not
Ideal can not adapt to the common scenario of current internet transmission.
Summary of the invention
In order to overcome the disadvantages of the above prior art, the present invention provides a kind of improved safety JSON towards sensitive data
Transmission method, the safety of JSON data packet when effectively increasing client and server end direct communication reduce privacy leakage
Risk.
The present invention is realized with following technical solution: a kind of transmission side improved safety JSON towards sensitive data
Method, it is characterised in that: communication party includes two, client and server end part;
Firstly, realizing the distribution of code book by code book distribution mechanisms, possess client and server end identical
Code book;
It is encrypted, and is being added secondly, client selects secret key pair to send out the JSON data packet sent in code book at random
In close JSON transmission of data packets, the Code field of mark code key is carried;
Finally, server end solves the encryption JSON received by the corresponding code key completion of Code Field Inquiry
It is close.
Preferably, server end generates public key and private key using rivest, shamir, adelman, when client sends request, service
Public key occurs to client at device end, and client generates the password of N number of KEY composition of tape identification using symmetric encipherment algorithm
This, is saved locally for subsequent use, after later being encrypted code book using the public key received using rivest, shamir, adelman
Be sent to server end, after received server-side to encrypted code book, be decrypted using private key and save it is local for
Subsequent use.
Preferably, the generation of code book and distribution flow are as follows:
(1) server end generates public key and private key using rivest, shamir, adelman;
(2) client sends request;
(3) public key is sent to client by server end;
(4) client generates the code book of N number of KEY composition of tape identification using symmetric encipherment algorithm, saves local
For subsequent use;
(5) client is sent to server after encrypting code book using the public key received using rivest, shamir, adelman
End;
(6) it after received server-side to encrypted code book, is decrypted and is saved local for subsequent using private key
It uses.
Preferably, after received server-side to the request of client, data to be responded are packaged into according to operation flow
JSON data packet, server end are at random all added the Key and Value in JSON data packet using the KEY in code book
It is close, after the encryption of JSON data packet, newer field Code is written in JSON data, value is to encrypt the mark of KEY, is formed new
JSON data packet simultaneously returns to client for business needs.
Preferably, the encryption flow of JSON data packet is as follows:
(1) client needs to send GET or POST request to server end according to business;
(2) server end receives request, processing requests and generates response data to be sent, by response data to be sent
It is packaged into JSON data packet;
(3) server end is at random all added the Key and Value in JSON data packet using the KEY in code book
It is close;
(4) after the encryption of JSON data packet, newer field Code is written in JSON data, value is to encrypt the mark of KEY, group
At final JSON data packet;
(5) server end returns to final JSON data packet to client;
Preferably, it after client receives encrypted JSON data packet, first ensures that JSON data packet integrality, uses
Code value carries out inquiry in code book and obtains corresponding KEY in JSON data packet, will using corresponding KEY using the algorithm of symmetric cryptography
JSON is decrypted, and obtains original JSON data packet for business use.
Preferably, the decryption process of SON data packet is as follows:
(1) client receives the JSON data packet of response, check JOSN data packet integrality in anti-transmitting procedure or its
His link leads to JSON data loss problem, if JSON data completely if execute (2), otherwise return to miscue;
(2) client carries out inquiry in code book using Code value in JSON data packet and obtains corresponding encryption KEY;
(3) client is decrypted JSON data packet using encryption KEY, obtains final original JSON data packet, for
Client traffic uses.
Compared with the prior technical scheme, beneficial effects of the present invention:
(1) the advantages of making full use of and being integrated with existing encryption technology;
(2) it combines the technology of symmetric cryptography, asymmetric encryption to improve existing cipher mode, greatly improves JSON biography
The difficulty being cracked during defeated increases the safety of JSON transmission.
Detailed description of the invention
The present invention will be further explained below with reference to the attached drawings.
Fig. 1 is the data actual transmissions flow chart in the present invention;
Fig. 2 is generation and the distribution schematic diagram of code book in the present invention;
Fig. 3 is JSON data packet encrypted work flow chart in the present invention;
Fig. 4 is JSON packet decryption work flow diagram in the present invention;
Fig. 5 is improved safety JSON form schematic diagram in the present invention.
Specific embodiment
A kind of improved safety JSON transmission method towards sensitive data as shown in Figure 1, passes through client, server end
The generation and distribution, the encryption of JSON data packet and JSON data packet of code book are realized using symmetric cryptography combination asymmetric encryption
Decrypt three processes.Firstly, client needs to send GET/POST request to server end according to business;Secondly, server end
Code book is generated using symmetric cryptography and rivest, shamir, adelman and is distributed to client;Again, server end receives request, place
Reason requests and generates response data to be sent, response data to be sent is assembled into JSON data packet, using in code book
A random KEY encrypts JSON data packet, and newer field Code is written after encryption in JSON data, and value is encryption
The mark of KEY forms new JSON data packet and sends back client;From secondary, client receives the JSON data packet of response, inspection
Look into data integrity;Finally, client, which carries out inquiry in code book using Code value in JSON data packet, obtains corresponding KEY, benefit
JSON data packet is decrypted to obtain original JSON data packet for client industry using corresponding KEY with the algorithm of symmetric cryptography
It make sures use.
As shown in Fig. 2, the generation of code book and distribution flow are as follows in the present invention:
(1) server end generates public key and private key using rivest, shamir, adelman;
(2) client sends request;
(3) public key is sent to client by server end;
(4) client generates the code book of N number of KEY composition of tape identification using symmetric encipherment algorithm, saves local
For subsequent use;
(5) client is sent to server after encrypting code book using the public key received using rivest, shamir, adelman
End;
(6) it after received server-side to encrypted code book, is decrypted and is saved local for subsequent using private key
It uses.
As shown in figure 3, the encryption flow of JSON data packet is as follows in the present invention:
(1) client needs to send GET or POST request to server end according to business;
(2) server end receives request, processing requests and generates response data to be sent, by response data to be sent
It is packaged into JSON data packet;
(3) server end is at random all added the Key and Value in JSON data packet using the KEY in code book
It is close;
(4) after the encryption of JSON data packet, newer field Code is written in JSON data, value is to encrypt the mark of KEY, group
At final JSON data packet;
(5) server end returns to final JSON data packet to client;
As shown in figure 4, the decryption process of JSON data packet is as follows in the present invention:
(1) client receives the JSON data packet of response, check JOSN data packet integrality in anti-transmitting procedure or its
His link leads to JSON data loss problem, if JSON data completely if execute (2), otherwise return to miscue;
(2) client carries out inquiry in code book using Code value in JSON data packet and obtains corresponding encryption KEY;
(3) client is decrypted JSON data packet using encryption KEY, obtains final original JSON data packet, for
Client traffic uses.
As shown from the above technical solution, the advantages of being integrated with existing encryption technology;In conjunction with symmetric cryptography, asymmetric encryption
Technology improves existing cipher mode, greatly improves the difficulty being cracked in JSON transmission process, increases JSON transmission
Safety.
Claims (7)
1. a kind of improved safety JSON transmission method towards sensitive data, it is characterised in that: communication party include client and
Two parts of server end;
Firstly, realizing the distribution of code book by code book distribution mechanisms, client and server end is made to possess identical password
This;
It is encrypted, and is being encrypted secondly, client selects secret key pair to send out the JSON data packet sent in code book at random
In JSON transmission of data packets, the Code field of mark code key is carried;
Finally, server end is decrypted the encryption JSON received by the corresponding code key completion of Code Field Inquiry.
2. a kind of improved safety JSON transmission method towards sensitive data according to claim 1, it is characterised in that:
Server end generates public key and private key using rivest, shamir, adelman, and when client sends request, public key occurs server end
To client, client generates the code book of N number of KEY composition of tape identification using symmetric encipherment algorithm, save it is local with
For subsequent use, be sent to server after later code book being encrypted using the public key received using rivest, shamir, adelman
It holds, after received server-side to encrypted code book, is decrypted and is saved local for subsequent use using private key.
3. a kind of improved safety JSON transmission method towards sensitive data according to claim 2, it is characterised in that:
The generation of code book and distribution flow are as follows:
(1) server end generates public key and private key using rivest, shamir, adelman;
(2) client sends request;
(3) public key is sent to client by server end;
(4) client generates the code book of N number of KEY composition of tape identification using symmetric encipherment algorithm, save it is local for
Subsequent use;
(5) client is sent to server end after encrypting code book using the public key received using rivest, shamir, adelman;
(6) it after received server-side to encrypted code book, is decrypted and is saved local for subsequent use using private key.
4. a kind of improved safety JSON transmission method towards sensitive data according to claim 1, it is characterised in that:
After received server-side to the request of client, data to be responded are packaged by JSON data packet according to operation flow, are serviced
Device end is at random all encrypted the Key and Value in JSON data packet using the KEY in code book, and JSON data packet adds
After close, newer field Code is written in JSON data, value is to encrypt the mark of KEY, forms new JSON data packet and returns
To client for business needs.
5. a kind of improved safety JSON transmission method towards sensitive data according to claim 4, it is characterised in that:
The encryption flow of JSON data packet is as follows:
(1) client needs to send GET or POST request to server end according to business;
(2) server end receives request, response data to be sent is requested and generated in processing, and response data to be sent is encapsulated
At JSON data packet;
(3) server end is at random all encrypted the Key and Value in JSON data packet using the KEY in code book;
(4) after the encryption of JSON data packet, newer field Code is written in JSON data, value is to encrypt the mark of KEY, and composition is most
Whole JSON data packet;
(5) server end returns to final JSON data packet to client.
6. a kind of improved safety JSON transmission method towards sensitive data according to claim 1, it is characterised in that:
After client receives encrypted JSON data packet, JSON data packet integrality is first ensured that, using in JSON data packet
Code value carries out inquiry in code book and obtains corresponding KEY, is solved JSON using corresponding KEY using the algorithm of symmetric cryptography
It is close, original JSON data packet is obtained for business use.
7. a kind of improved safety JSON transmission method towards sensitive data according to claim 6, it is characterised in that:
The decryption process of SON data packet is as follows:
(1) client receives the JSON data packet of response, checks JOSN data packet integrality in anti-transmitting procedure or other rings
Section lead to JSON data loss problem, if JSON data completely if execute (2), otherwise return to miscue;
(2) client carries out inquiry in code book using Code value in JSON data packet and obtains corresponding encryption KEY;
(3) client is decrypted JSON data packet using encryption KEY, final original JSON data packet is obtained, for client
End business uses.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910740054.4A CN110430203A (en) | 2019-08-12 | 2019-08-12 | A kind of improved safety JSON transmission method towards sensitive data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910740054.4A CN110430203A (en) | 2019-08-12 | 2019-08-12 | A kind of improved safety JSON transmission method towards sensitive data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110430203A true CN110430203A (en) | 2019-11-08 |
Family
ID=68414114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910740054.4A Pending CN110430203A (en) | 2019-08-12 | 2019-08-12 | A kind of improved safety JSON transmission method towards sensitive data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110430203A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224968A (en) * | 2019-12-31 | 2020-06-02 | 北京同舟医联网络科技有限公司 | Secure communication method for randomly selecting transfer server |
| CN111884795A (en) * | 2020-07-21 | 2020-11-03 | 湖南创星科技股份有限公司 | Medical information data desensitization secrecy and restoration method and system |
| CN114024754A (en) * | 2021-11-08 | 2022-02-08 | 浙江力石科技股份有限公司 | Method and system for running encryption of application system software |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101484927A (en) * | 2007-07-05 | 2009-07-15 | 日立软件工程株式会社 | Method for encrypting and decrypting shared encrypted files |
| CN101815091A (en) * | 2010-03-12 | 2010-08-25 | 薛明 | Cipher providing equipment, cipher authentication system and cipher authentication method |
| CN102238002A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Dynamic encryption and decryption methods and equipment for network communication |
| CN106134160A (en) * | 2014-01-27 | 2016-11-16 | 法斯埃托有限公司 | System and method for peer-to-peer communication |
| CN106302422A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Business encryption and decryption method and device |
| CN107995160A (en) * | 2017-10-26 | 2018-05-04 | 常熟市第人民医院 | A kind of JSON data packet encrypting and decrypting methods based on high in the clouds management and control |
| CN108810017A (en) * | 2018-07-12 | 2018-11-13 | 中国工商银行股份有限公司 | Business processing safe verification method and device |
| CN109150541A (en) * | 2018-08-15 | 2019-01-04 | 飞天诚信科技股份有限公司 | A kind of Verification System and its working method |
-
2019
- 2019-08-12 CN CN201910740054.4A patent/CN110430203A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101484927A (en) * | 2007-07-05 | 2009-07-15 | 日立软件工程株式会社 | Method for encrypting and decrypting shared encrypted files |
| CN101815091A (en) * | 2010-03-12 | 2010-08-25 | 薛明 | Cipher providing equipment, cipher authentication system and cipher authentication method |
| CN102238002A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Dynamic encryption and decryption methods and equipment for network communication |
| CN106134160A (en) * | 2014-01-27 | 2016-11-16 | 法斯埃托有限公司 | System and method for peer-to-peer communication |
| CN106302422A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Business encryption and decryption method and device |
| CN107995160A (en) * | 2017-10-26 | 2018-05-04 | 常熟市第人民医院 | A kind of JSON data packet encrypting and decrypting methods based on high in the clouds management and control |
| CN108810017A (en) * | 2018-07-12 | 2018-11-13 | 中国工商银行股份有限公司 | Business processing safe verification method and device |
| CN109150541A (en) * | 2018-08-15 | 2019-01-04 | 飞天诚信科技股份有限公司 | A kind of Verification System and its working method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224968A (en) * | 2019-12-31 | 2020-06-02 | 北京同舟医联网络科技有限公司 | Secure communication method for randomly selecting transfer server |
| CN111224968B (en) * | 2019-12-31 | 2022-01-04 | 北京安盛联合科技有限公司 | Secure communication method for randomly selecting transfer server |
| CN111884795A (en) * | 2020-07-21 | 2020-11-03 | 湖南创星科技股份有限公司 | Medical information data desensitization secrecy and restoration method and system |
| CN111884795B (en) * | 2020-07-21 | 2022-09-13 | 湖南创星科技股份有限公司 | Medical information data desensitization secrecy and restoration method and system |
| CN114024754A (en) * | 2021-11-08 | 2022-02-08 | 浙江力石科技股份有限公司 | Method and system for running encryption of application system software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI313996B (en) | System and method for secure remote access | |
| US9704159B2 (en) | Purchase transaction system with encrypted transaction information | |
| CN101247232B (en) | Encryption technique method based on digital signature in data communication transmission | |
| CN111953492B (en) | ERP (Enterprise resource planning) networking monitoring system based on quantum key encryption and application method thereof | |
| CN105721502A (en) | Authorized access method for browser client and server | |
| CN109981584B (en) | Block chain-based distributed social contact method | |
| CN107104977A (en) | A kind of block chain data safe transmission method based on Stream Control Transmission Protocol | |
| CN109005027B (en) | Random data encryption and decryption method, device and system | |
| CN111901335B (en) | Block chain data transmission management method and system based on middle station | |
| CN106411926A (en) | Data encryption communication method and system | |
| TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
| CN111555879B (en) | Satellite communication network management channel message encryption and decryption method and system | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN103634266A (en) | A bidirectional authentication method for a server and a terminal | |
| CN110430203A (en) | A kind of improved safety JSON transmission method towards sensitive data | |
| CN116132025A (en) | Key negotiation method, device and communication system based on preset key group | |
| CN114398688B (en) | A communication system based on quantum encryption box | |
| CN109104278A (en) | A kind of encrypting and decrypting method | |
| CN111224968B (en) | Secure communication method for randomly selecting transfer server | |
| CN107579903A (en) | A kind of image information safe transmission method and system based on mobile device | |
| CN107659405A (en) | The encrypting and decrypting method that data communicate between a kind of transformer station boss station | |
| CN1691583B (en) | Based on a secure communication method between endpoints | |
| JPH0969831A (en) | Cryptographic communication system | |
| CN105282239A (en) | Encryption method and system based on Web Service | |
| CN113472539A (en) | Method for carrying out national encryption by using RDMA R _ Key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191108 |