Data encryption and transmission method based on HTTP protocol

Abstract

The present invention provides a data encryption and transmission method based on HTTP protocol. The method includes the following steps: a client acquires a parameter, calculates a parameter summary value, signs an abstract value by a client private key, obtains a signature value, encrypts a parameter and the signature value by using a public key of a server to obtain encrypted data and send it to the server; the server decrypts the received information, validates the selected parameters and verifies the signature, to achieve authentication of the client by the server; the same authentication method is used to achieve the authentication of the server by the client; after identity authentication of both parties, the client or server generates a session key and encrypts the contents of the HTTP message with the negotiated session key. Through the interaction of the method of the present invention, the client and the server complete two-way authentication and realize secure data transmission service, preventing users from illegally accessing the network, eavesdropping and stealing, replaying attacks and breaking the data transmitted over the network.

Description

technical field [0001] The invention belongs to the communication field, and in particular relates to an HTTP protocol-based data encryption transmission method. Background technique [0002] The HTTP protocol is a transmission protocol used to transmit hypertext from a WWW server to a local browser. It is a standard for request and response between the client and the server. Currently, most websites and app interfaces use the HTTP protocol. However, there are some deficiencies in the HTTP protocol. For example, the HTTP protocol uses clear text to send content, which itself does not have the function of encryption, and the content may be eavesdropped; neither the server nor the client using the HTTP protocol will verify the identity of the communicating party. May encounter camouflage, that is, it is impossible to determine whether the other party is communicating with the real intention, and it is impossible to identify whether the request is intercepted and replayed, and ...

AI Technical Summary

Problems solved by technology

However, the use of HTTPS makes the gateway and proxy system unable to effectively handle the HTTP protocol, and loses the advantages of HTTP transmission on the network.

In addition, some authentication mechanisms, including Basic authentication, Digest authentication, OAuth, NTLM, etc., only protect the information in the HTTP header, but do not encrypt and authenticate the data in the HTTP message body.