CN107659397A - A kind of sensitive information transmission method and system - Google Patents
A kind of sensitive information transmission method and system Download PDFInfo
- Publication number
- CN107659397A CN107659397A CN201710691022.0A CN201710691022A CN107659397A CN 107659397 A CN107659397 A CN 107659397A CN 201710691022 A CN201710691022 A CN 201710691022A CN 107659397 A CN107659397 A CN 107659397A
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- encrypted
- module
- data
- aes key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The application is related to sensitive information transmission technique field, more particularly to a kind of sensitive information transmission method and system.The sensitive information transmission method includes:Client carries out AES encryption by AES key to original sensitive information, forms the first encrypted fields;Rsa encryption is carried out to the AES key by RSA public keys, forms the second encrypted fields;Second encrypted fields and the first encrypted fields are transmitted to server;RSA private keys corresponding with the RSA public keys are obtained by server, the second encrypted fields are decrypted by the RSA private keys, obtain AES key;The first encrypted fields are decrypted by the AES key, obtain original sensitive information.The application is encrypted first by client using symmetric cryptosystem aes algorithm to sensitive information, then secondary encryption is carried out to the key of AES encryption by asymmetric encryption techniques RSA Algorithm, the security intensity of ciphertext is strengthened, solves the problems, such as the sensitive information plaintext transmission in data transmission procedure.
Description
Technical field
The application is related to sensitive information transmission technique field, more particularly to a kind of sensitive information transmission method and system.
Background technology
Payment gateway (Payment Gateway) is to connect bank network and Internet one group of server.It is main to make
With being to complete communication between the two, protocol conversion and carry out sensitive information transmission, decryption, to protect the safety inside bank.
At present, most of sensitive information transmission means uses clear-text way, passes through https (Hyper Text
Transfer Protocol over Secure Socket Layer, it is with safely for the HTTP passages of target) agreement encryption
Transmission.And the plaintext transmission that existing https cipher modes can not completely solve sensitive information in data transmission procedure is asked
Topic, in some specific data transmission procedures, once there is important sensitive information to be intercepted by a third party, can be to system and consumption
Person produces harmful effect.Therefore, it is necessary to a kind of safer cipher mode is provided, to ensure the security of data transfer.
The content of the invention
This application provides a kind of sensitive information transmission method and system, it is intended at least solves existing skill to a certain extent
One of above-mentioned technical problem in art.
In order to solve the above problems, this application provides following technical scheme:
A kind of sensitive information transmission method, including:
Step a:AES encryption is carried out to original sensitive information by AES key in client, forms the first encrypted fields;
Step b:Rsa encryption is carried out to the AES key by RSA public keys, forms the second encrypted fields;
Step c:Second encrypted fields and the first encrypted fields are transmitted to server;
Step d:RSA private keys corresponding with the RSA public keys are obtained by server, by the RSA private keys to second
Encrypted fields are decrypted, and obtain AES key;
Step e:The first encrypted fields are decrypted by the AES key, obtain original sensitive information.
The technical scheme that the embodiment of the present application is taken also includes:In the step a, it is described by AES key to original
Sensitive information carries out AES encryption and specifically included:
Step a1:Original sensitive information is collected by JS programs, and by the original sensitive information with standard JSON forms
It is stored as JSON objects;
Step a2:Random number is generated, the random number is stored in JSON objects;
Step a3:The JSON objects are converted into JSON character strings;
Step a4:Using the random number as AES key, AES encryption is carried out to the JSON character strings.
The technical scheme that the embodiment of the present application is taken also includes:It is described by second encrypted fields in the step c
Transmit to server and specifically include with the first encrypted fields:
Step c1:Program version number, the second encrypted fields and the first encrypted fields are spliced successively, generate encrypted content;
Step c2:Page table list Hidden field is created, and it is encrypted content to set the value of Hidden field;
Step c3:Submission form, by the encrypted content transfer to server.
The technical scheme that the embodiment of the present application is taken also includes:It is described to pass through server acquisition and institute in the step d
RSA private keys corresponding to RSA public keys are stated, the second encrypted fields are decrypted by RSA private keys and specifically included:
Step d1:Encrypted content is received by server, and verifies the legitimacy of the encrypted content;
Step d2:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky, performs step
d3;If the encrypted content received is sky, step d6 is performed;
Step d3:The encrypted content of reception is split, and judges to split whether data are three sections, if splitting data
For three sections, step d4 is performed;If it is not three sections to split data, step d6 is performed;
Step d4:Data are split according to first paragraph and judge whether described program version number is correct, if described program version
It is number correct, perform step d5;If described program version number is incorrect, step d6 is performed;
Step d5:RSA private keys corresponding with client RSA public keys are obtained, and second segment is torn open by the RSA private keys of acquisition
Divided data is decrypted, and obtains AES key;
Step d6:Decryption terminates.
The technical scheme that the embodiment of the present application is taken also includes:In the step e, it is described by AES key to first
Encrypted fields are decrypted, and obtain original sensitive information and specifically include:
Step e1:Whether the AES key for judging to obtain is empty, if AES key is not sky, performs step e2;If AES
Key is sky, performs step e7;
Step e2:Data are split to the 3rd section to be decrypted, and judge the 3rd section of fractionation data by the AES key of acquisition
Whether decryption content is empty, if decryption content is not sky, performs step e3;If decrypting content as sky, step e6 is performed;
Step e3:JSON character strings are obtained, JSON character strings are reinstalled into JSON objects;
Step e4:Judge whether random number inside JSON objects and the AES key got in step d5 are consistent, if
Unanimously, step e5 is performed;If inconsistent, step e6 is performed;
Step e5:The original sensitive information of client is obtained, and original sensitive information is set into gateway program;
Step e6:Decryption terminates.
Another technical scheme that the embodiment of the present application is taken is:A kind of sensitive information transmission system, including client kimonos
Business device,
The client includes:
First encrypting module:For carrying out AES encryption to original sensitive information by AES key, the first encrypted word is formed
Section;
Second encrypting module:For carrying out rsa encryption to the AES key by RSA public keys, the second encrypted word is formed
Section;
Data transmission module:For second encrypted fields and the first encrypted fields to be transmitted to server;
The server includes:
First deciphering module:For obtaining RSA private keys corresponding with the RSA public keys, by the RSA private keys to second
Encrypted fields are decrypted, and obtain AES key;
Second deciphering module:For the first encrypted fields to be decrypted by the AES key:
Data acquisition module:For obtaining original sensitive information after the completion of decryption.
The technical scheme that the embodiment of the present application is taken also includes:The client also includes:
Information collection module:For collecting original sensitive information by JS programs, and by the original sensitive information to mark
Quasi- JSON forms are stored as JSON objects;
Random number generation module:For generating random number, the random number is stored in JSON objects;
Data conversion module:For the JSON objects to be converted into JSON character strings, first encrypting module is by institute
Random number is stated as AES key, AES encryption is carried out to the JSON character strings.
The technical scheme that the embodiment of the present application is taken also includes:The client also includes:
Data concatenation module:For program version number, the second encrypted fields and the first encrypted fields to be spliced successively, generation
Encrypted content;
Hidden field setup module:For creating page table list Hidden field, and it is encrypted content to set the value of Hidden field, described
Data transmission module submission form, by the encrypted content transfer to server.
The technical scheme that the embodiment of the present application is taken also includes:The server also includes:
Data reception module:For receiving encrypted content, and verify the legitimacy of the encrypted content;
First judge module:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky,
Module is split by data to split encrypted content;If the encrypted content received is sky, decryption terminates;
Data split module:For splitting the encrypted content of reception, and judge to split whether data are three sections, such as
It is three sections that fruit, which splits data, verifies whether version number is correct by version number's authentication module;If it is not three sections to split data, solution
Close end;
Version number's authentication module:Judge whether described program version number is correct for splitting data according to first paragraph, if
Described program version number is correct, and encrypted content is decrypted by first deciphering module;If described program version number
Incorrect, decryption terminates.
The technical scheme that the embodiment of the present application is taken also includes:The server also includes:
Second judge module:Whether the AES key for judging to obtain is empty, if AES key is not sky, described second
Deciphering module splits data to the 3rd section by the AES key of acquisition and is decrypted, and judges that the 3rd section splits in data deciphering
Whether be empty, if decryption content is not sky, obtains JSON character strings, JSON character strings are reinstalled into JSON objects if holding;If
Content is decrypted for sky, decryption to terminate;
AES key judge module:The AES got for judging the random number inside JSON objects and the first deciphering module
Whether key is consistent, if unanimously, the original sensitive information of client is obtained by data acquisition module, and original sensitivity is believed
Breath is set into gateway program;If inconsistent, decryption terminates.
Relative to prior art, beneficial effect caused by the embodiment of the present application is:The sensitive information of the embodiment of the present application
Transmission method and system before transmitting the data, are entered by client using symmetric cryptosystem aes algorithm to sensitive information first
Row is encrypted first, is then carried out secondary encryption to the key of AES encryption by asymmetric encryption techniques RSA Algorithm, is passed in data
The value after encryption is only transmitted during defeated, using https-secure transmission means, the safety of transferring content is ensure that in agreement
Property, the security intensity of ciphertext is strengthened, solves the problems, such as the sensitive information plaintext transmission in data transmission procedure.
Brief description of the drawings
Fig. 1 is the flow chart of the sensitive information transmission method of the embodiment of the present application;
Fig. 2 is the flow chart of the method for client data transmission of the embodiment of the present application;
Fig. 3 is the flow chart of the server data decryption method of the embodiment of the present application;
Fig. 4 is the structural representation of the sensitive information transmission system of the embodiment of the present application.
Embodiment
In order that the object, technical solution and advantage of the application are more clearly understood, it is right below in conjunction with drawings and Examples
The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, not
For limiting the application.
The sensitive information transmission method and system of the embodiment of the present application before transmitting the data, pass through client use pair first
Claim encryption technology AES (Advanced Encryption Standard, a kind of symmetric encipherment algorithm, encrypting and decrypting only need together
One key) algorithm encrypted first to sensitive information, then pass through asymmetric encryption techniques RSA (Rivest Shamir
Adleman, a kind of rivest, shamir, adelman is, it is necessary to a pair of secret keys, public key encryption, private key decryption) algorithm is to the key of AES encryption
Secondary encryption is carried out, the value after encryption is only transmitted in data transmission procedure, so as to strengthen the security intensity of ciphertext.
The present invention is applied to a variety of sensitive information transmission based on internet gateway, such as protocol gateway, application gateway, peace
Full gateway etc..In following examples, the application is only specifically described by taking the sensitive information transmission of payment gateway as an example.
Referring to Fig. 1, it is the flow chart of the sensitive information transmission method of the embodiment of the present application.The sensitivity of the embodiment of the present application
Information transferring method comprises the following steps:
Step a:Client carries out AES encryption by AES key to original sensitive information, forms the first encrypted fields;
Step b:Rsa encryption is carried out to AES key by RSA public keys, forms the second encrypted fields;
Step c:Second encrypted fields and the first encrypted fields are transmitted to server;
Step d:RSA private keys corresponding with the RSA public keys are obtained by server, by the RSA private keys to second
Encrypted fields are decrypted, and obtain AES key;
Step e:The first encrypted fields are decrypted by the AES key, obtain original sensitive information.
Specifically, it is the flow chart of the client sensitive information transmission method of the embodiment of the present application also referring to Fig. 2.
The client sensitive information transmission method of the embodiment of the present application comprises the following steps:
Step 100:RSA public keys, and the embedded JS for encrypting in front end page are configured in front end page
(JavaScript, a kind of front end script that can be performed in a browser) program;
In step 100, RSA public keys are provided by server;The JS encipherors being embedded in by front end page, user are sending out
JS encipherors encryption is first quoted before playing transaction.
Step 101:Collecting front end page by JS encipherors needs the original sensitive information encrypted, and by the original of collection
Beginning sensitive information is with standard JSON (JavaScript Object Notation, data transmission format corresponding to a kind of key assignments) lattice
Formula is stored as JSON objects;
In a step 101, transmitted for the sensitive information of payment gateway, the original sensitive information of collection includes but is not limited to
The fields such as card number, card number term of validity days, the means of payment.
Step 102:The random number of generation one 16, and the random number is stored in JSON objects;
Step 103:JSON objects are converted into JSON character strings;
Step 104:Using the random number of generation as AES key, AES encryption is carried out to JSON character strings, first is formed and adds
Close field encrypted1;
Step 105:Rsa encryption is carried out to AES key by the RSA public keys configured, forms the second encrypted fields
encrypted2;
Step 106:Program version number, the second encrypted fields and the first encrypted fields are spliced successively, generation is waiting for transmission
Encrypted content;
In step 106, encrypted content splicing form is:Version+ " $ "+encrypted2+ " $ "+encrypted1,
Wherein, program version version is provided by JS encipherors.
Step 107:Page table list Hidden field is created, and it is encrypted content to set the value of Hidden field;
Step 108:Submission form, by encrypted content transfer to server.
In step 108, transmitted for the sensitive information of payment gateway, server is page server.
Referring to Fig. 3, it is the flow chart of the server data decryption method of the embodiment of the present application.The clothes of the embodiment of the present application
Business device data decryption method comprises the following steps:
Step 200:The encrypted content of client transmissions is received by page server, and verifies the legitimacy of encrypted content;
Step 201:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky, performs step
202;If the encrypted content received is sky, step 212 is performed;
Step 202:Logic when being encrypted according to client, met with special " " encrypted content of reception is split,
And judge to split whether data are three sections, if it is three sections to split data, perform step 203;If it is not three sections to split data,
Perform step 212;
Step 203:Data are split according to first paragraph and judge whether the program version version that client uses is correct,
If the program version version that client uses is correct, step 204 is performed;If the program version number that client uses
Version is incorrect, performs step 212;
In step 203, it is the program version version in client encrypted content that first paragraph, which splits data,.
Step 204:Obtain corresponding with client RSA public keys RSA private keys, and by the RSA private keys of acquisition to second segment
Split data to be decrypted, obtain AES key;
In step 204, it is the second encrypted fields in client encrypted content that second segment, which splits data,
encrypted2。
Step 205:Whether the AES key for judging to obtain is empty, if AES key is not sky, performs step 206;If
AES key is sky, represents decryption failure, performs step 212;
Step 206:Data are split by the AES key of acquisition to the 3rd section to be decrypted;
In step 206, it is the first encrypted fields in client encrypted content that the 3rd section, which splits data,
encrypted1。
Step 207:Judge that the 3rd section splits whether data deciphering content is empty, if decryption content is not sky, performs step
Rapid 208;If content is decrypted as sky, then it represents that decryption failure, perform step 212;
Step 208:JSON character strings are obtained, JSON character strings are reinstalled into JSON objects;
Step 209:Judge the AES key got in random number (i.e. AES key) and step 204 inside JSON objects
It is whether consistent, if unanimously, performing step 210:If inconsistent, decryption failure is represented, performs step 211;
Step 210:Decryption is completed, and obtains the original sensitive information before all encryptions of client, and by original sensitive information
Set in gateway program;
In step 210, gateway program is PG programs.
Step 211:Decryption terminates.
Referring to Fig. 4, it is the structural representation of the sensitive information transmission system of the embodiment of the present application.The embodiment of the present application
Sensitive information transmission system includes client and server, and client is encrypted first using aes algorithm to sensitive information, so
Secondary encryption is carried out to the key of AES encryption by RSA Algorithm afterwards, the value after encryption is only transmitted in data transmission procedure, from
And strengthen the security intensity of ciphertext.
Specifically, client includes page configuration module, information collection module, random number generation module, data conversion mould
Block, the first encrypting module, the second encrypting module, data concatenation module, Hidden field setup module and data transmission module;
Page configuration module:For configuring RSA public keys, and the embedded JS for encrypting in front end page in front end page
Program;Wherein, RSA public keys are provided by server;The JS encipherors being embedded in by front end page, user is before initiating to merchandise
First quote JS encipherors encryption.
Information collection module:For the original sensitive information for needing to encrypt by JS encipherors collection front end page, and
The original sensitive information of collection is stored as JSON objects with standard JSON forms;Wherein, the application is with the sensitivity of payment gateway
Exemplified by information transfer, the original sensitive information of collection includes but is not limited to the words such as card number, card number term of validity days, the means of payment
Section.
Random number generation module:For generating the random number of one 16, and the random number is stored in JSON objects;
Data conversion module:For JSON objects to be converted into JSON character strings;
First encrypting module:Random number for being deposited using in JSON objects is carried out as AES key to JSON character strings
AES encryption, form the first encrypted fields encrypted1;
Second encrypting module:RSA public keys for being configured by page configuration module carry out rsa encryption, shape to AES key
Into the second encrypted fields encrypted2;
Data concatenation module:For program version number, the second encrypted fields and the first encrypted fields to be spliced successively, generation
Encrypted content waiting for transmission;Wherein, encrypted content splicing form is:version+”$”+encrypted2+”$”+
Encrypted1, wherein, program version version is provided by JS encipherors.
Hidden field setup module:For creating page table list Hidden field, and it is encrypted content to set the value of Hidden field;
Data transmission module:For submission form, by encrypted content transfer to server.
For the application by taking the sensitive information transmission of payment gateway as an example, server is page server.Specifically, page server bag
Include data reception module, the first judge module, data and split module, version number's authentication module, the first deciphering module, the second judgement
Module, the second deciphering module, AES key judge module and data acquisition module;
Data reception module:For receiving the encrypted content of client transmissions, and verify the legitimacy of encrypted content;
First judge module:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky,
Module is split by data to split encrypted content;If the encrypted content received is sky, decryption terminates;
Data split module:Logic during for being encrypted according to client, met with special " " to the encrypted content of reception
Split, and judge to split whether data are three sections, if it is three sections to split data, version is verified by version number's authentication module
Whether this number correct;If it is not three sections to split data, decryption terminates;
Version number's authentication module:For splitting the program version number that data judge that client uses according to first paragraph
Whether version is correct, if the program version version that client uses is correct, by the first deciphering module to encryption
Content is decrypted;If the program version version that client uses is incorrect, decryption terminates;Wherein, first paragraph is split
Data are the program version version in client encrypted content.
First deciphering module:For obtaining RSA private keys corresponding with client RSA public keys, and the RSA private keys for passing through acquisition
Data are split to second segment to be decrypted, and obtain AES key;Wherein, it is in client encrypted content that second segment, which splits data,
The second encrypted fields encrypted2.
Second judge module:Whether the AES key for judging to obtain is empty, if AES key is not sky, passes through second
Deciphering module carries out secondary decryption to encrypted content;If AES key is sky, decryption terminates;
Second deciphering module:Data are split to the 3rd section to be decrypted, and judge the 3rd for the AES key by acquisition
Section splits whether data deciphering content is empty, if decryption content is not sky, obtains JSON character strings, and JSON characters is in tandem
Return JSON objects;If decrypt content for sky, decryption to terminate;Wherein, it is in client encrypted content that the 3rd section, which splits data,
The first encrypted fields encrypted1.
AES key judge module:The random number inside JSON objects got for judging the second deciphering module and the
Whether the AES key that one deciphering module is got is consistent, if unanimously, before obtaining client encryption by data acquisition module
Sensitive information:If inconsistent, decryption terminates;
Data acquisition module:For after the completion of decryption, obtaining the original sensitive information before all encryptions of client, and will
Original sensitive information is set into gateway program;Wherein, gateway program is PG programs.
The sensitive information transmission method and system of the embodiment of the present application before transmitting the data, pass through client use pair first
Claim encryption technology aes algorithm to encrypt sensitive information first, then AES is added by asymmetric encryption techniques RSA Algorithm
Close key carries out secondary encryption, the value in data transmission procedure only after transmission encryption, using https-secure transmission means,
The security of transferring content is ensure that in agreement, strengthens the security intensity of ciphertext, is solved quick in data transmission procedure
Feel information plaintext transmission problem.
The foregoing description of the disclosed embodiments, professional and technical personnel in the field are enable to realize or using the application.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments in the case where not departing from spirit herein or scope.Therefore, the application
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (10)
- A kind of 1. sensitive information transmission method, it is characterised in that including:Step a:AES encryption is carried out to original sensitive information by AES key in client, forms the first encrypted fields;Step b:Rsa encryption is carried out to the AES key by RSA public keys, forms the second encrypted fields;Step c:Second encrypted fields and the first encrypted fields are transmitted to server;Step d:RSA private keys corresponding with the RSA public keys are obtained by server, encrypted by the RSA private keys to second Field is decrypted, and obtains AES key;Step e:The first encrypted fields are decrypted by the AES key, obtain original sensitive information.
- 2. sensitive information transmission method according to claim 1, it is characterised in that described to pass through in the step a AES key carries out AES encryption to original sensitive information and specifically included:Step a1:Original sensitive information is collected by JS programs, and the original sensitive information is stored with standard JSON forms For JSON objects;Step a2:Random number is generated, the random number is stored in JSON objects;Step a3:The JSON objects are converted into JSON character strings;Step a4:Using the random number as AES key, AES encryption is carried out to the JSON character strings.
- 3. sensitive information transmission method according to claim 2, it is characterised in that described by described in the step c Second encrypted fields and the first encrypted fields are transmitted to server and specifically included:Step c1:Program version number, the second encrypted fields and the first encrypted fields are spliced successively, generate encrypted content;Step c2:Page table list Hidden field is created, and it is encrypted content to set the value of Hidden field;Step c3:Submission form, by the encrypted content transfer to server.
- 4. sensitive information transmission method according to claim 3, it is characterised in that described to pass through clothes in the step d Business device obtains RSA private keys corresponding with the RSA public keys, and the second encrypted fields are decrypted by RSA private keys and specifically included:Step d1:Encrypted content is received by server, and verifies the legitimacy of the encrypted content;Step d2:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky, performs step d3;Such as The encrypted content that fruit receives is sky, performs step d6;Step d3:The encrypted content of reception is split, and judges to split whether data are three sections, if it is three to split data Section, perform step d4;If it is not three sections to split data, step d6 is performed;Step d4:Data are split according to first paragraph and judge whether described program version number is correct, if described program version number is just Really, step d5 is performed;If described program version number is incorrect, step d6 is performed;Step d5:RSA private keys corresponding with client RSA public keys are obtained, and number is split to second segment by the RSA private keys of acquisition According to being decrypted, AES key is obtained;Step d6:Decryption terminates.
- 5. sensitive information transmission method according to claim 4, it is characterised in that described to pass through in the step e First encrypted fields are decrypted AES key, obtain original sensitive information and specifically include:Step e1:Whether the AES key for judging to obtain is empty, if AES key is not sky, performs step e2;If AES key For sky, step e7 is performed;Step e2:Data are split to the 3rd section to be decrypted, and judge the 3rd section of fractionation data deciphering by the AES key of acquisition Whether content is empty, if decryption content is not sky, performs step e3;If decrypting content as sky, step e6 is performed;Step e3:JSON character strings are obtained, JSON character strings are reinstalled into JSON objects;Step e4:Judge whether random number inside JSON objects and the AES key got in step d5 are consistent, if one Cause, perform step e5;If inconsistent, step e6 is performed;Step e5:The original sensitive information of client is obtained, and original sensitive information is set into gateway program;Step e6:Decryption terminates.
- 6. a kind of sensitive information transmission system, including client and server, it is characterised in that:The client includes:First encrypting module:For carrying out AES encryption to original sensitive information by AES key, the first encrypted fields are formed;Second encrypting module:For carrying out rsa encryption to the AES key by RSA public keys, the second encrypted fields are formed;Data transmission module:For second encrypted fields and the first encrypted fields to be transmitted to server;The server includes:First deciphering module:For obtaining RSA private keys corresponding with the RSA public keys, encrypted by the RSA private keys to second Field is decrypted, and obtains AES key;Second deciphering module:For the first encrypted fields to be decrypted by the AES key:Data acquisition module:For obtaining original sensitive information after the completion of decryption.
- 7. sensitive information transmission system according to claim 6, it is characterised in that the client also includes:Information collection module:For collecting original sensitive information by JS programs, and by the original sensitive information with standard JSON forms are stored as JSON objects;Random number generation module:For generating random number, the random number is stored in JSON objects;Data conversion module:For the JSON objects to be converted into JSON character strings, first encrypting module will it is described with Machine number carries out AES encryption as AES key to the JSON character strings.
- 8. sensitive information transmission system according to claim 7, it is characterised in that the client also includes:Data concatenation module:For program version number, the second encrypted fields and the first encrypted fields to be spliced successively, generation encryption Content;Hidden field setup module:For creating page table list Hidden field, and it is encrypted content to set the value of Hidden field, the data Transport module submission form, by the encrypted content transfer to server.
- 9. sensitive information transmission system according to claim 8, it is characterised in that the server also includes:Data reception module:For receiving encrypted content, and verify the legitimacy of the encrypted content;First judge module:Whether the encrypted content for judging to receive is empty, if the encrypted content received is not sky, is passed through Data split module and encrypted content are split;If the encrypted content received is sky, decryption terminates;Data split module:For splitting the encrypted content of reception, and judge to split whether data are three sections, if torn open Divided data is three sections, verifies whether version number is correct by version number's authentication module;If it is not three sections to split data, decryption knot Beam;Version number's authentication module:Judge whether described program version number is correct for splitting data according to first paragraph, if described Program version number is correct, and encrypted content is decrypted by first deciphering module;If described program version number is not just Really, decryption terminates.
- 10. sensitive information transmission system according to claim 9, it is characterised in that the server also includes:Second judge module:Whether the AES key for judging to obtain is empty, if AES key is not sky, second decryption Module splits data to the 3rd section by the AES key of acquisition and is decrypted, and judges that the 3rd section of fractionation data deciphering content is No is sky, if decryption content is not sky, acquisition JSON character strings, JSON character strings is reinstalled into JSON objects;If decryption Content is sky, and decryption terminates;AES key judge module:The AES key got for judging the random number inside JSON objects and the first deciphering module It is whether consistent, if unanimously, the original sensitive information of client is obtained by data acquisition module, and original sensitive information is set Put in gateway program;If inconsistent, decryption terminates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691022.0A CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691022.0A CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107659397A true CN107659397A (en) | 2018-02-02 |
| CN107659397B CN107659397B (en) | 2020-09-25 |
Family
ID=61127844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710691022.0A Active CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107659397B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537314A (en) * | 2018-03-27 | 2018-09-14 | 中国工商银行股份有限公司 | Product marketing system and method based on Quick Response Code |
| CN108847930A (en) * | 2018-06-05 | 2018-11-20 | 深圳市中电数通智慧安全科技股份有限公司 | A kind of data transmission method, device and fire-fighting system |
| CN109005027A (en) * | 2018-08-16 | 2018-12-14 | 成都市映潮科技股份有限公司 | A kind of random data encryption and decryption method, apparatus and system |
| CN109450615A (en) * | 2018-11-16 | 2019-03-08 | 重庆邮电大学 | A kind of efficient OPC UA client and server data transfer encryption method |
| CN109493023A (en) * | 2018-10-17 | 2019-03-19 | 珠海横琴现联盛科技发展有限公司 | Mobile payment settle accounts calculation method based on anti-tamper Encryption Algorithm |
| CN109672523A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter |
| CN109921856A (en) * | 2019-01-25 | 2019-06-21 | 长沙天仪空间科技研究院有限公司 | A kind of low-speed communication method and system of the optical flare based on low orbit satellite |
| CN109981266A (en) * | 2019-03-14 | 2019-07-05 | 杭州当贝网络科技有限公司 | Method and device for storing and reading key and sensitive information |
| CN110198320A (en) * | 2019-06-03 | 2019-09-03 | 江苏恒宝智能系统技术有限公司 | A kind of ciphered information transmission method |
| CN110753321A (en) * | 2018-07-24 | 2020-02-04 | 上汽通用五菱汽车股份有限公司 | Safe communication method for vehicle-mounted TBOX and cloud server |
| CN112019541A (en) * | 2020-08-27 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Data transmission method and device, computer equipment and storage medium |
| CN112016113A (en) * | 2020-09-28 | 2020-12-01 | 同盾控股有限公司 | Data encryption and decryption method, device and system |
| CN112887311A (en) * | 2021-01-26 | 2021-06-01 | 北京高因科技有限公司 | Safety encryption method and device based on data transmission process |
| WO2021237542A1 (en) * | 2020-05-27 | 2021-12-02 | 深圳市大疆创新科技有限公司 | Data processing, encryption, and decryption methods, device, and storage medium |
| CN114338239A (en) * | 2022-03-03 | 2022-04-12 | 福建天晴数码有限公司 | Data encryption transmission method and system |
| CN114846525A (en) * | 2020-01-22 | 2022-08-02 | 华为技术有限公司 | Charging method and communication device |
| CN116933297A (en) * | 2023-09-18 | 2023-10-24 | 深圳迅策科技有限公司 | Financial sensitive risk data security protection method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080289039A1 (en) * | 2007-05-18 | 2008-11-20 | Sap Ag | Method and system for protecting a message from an xml attack when being exchanged in a distributed and decentralized network system |
| CN101753292A (en) * | 2008-12-15 | 2010-06-23 | 汤姆森许可贸易公司 | Methods and devices for a chained encryption mode |
| CN105162599A (en) * | 2015-08-12 | 2015-12-16 | 上海众人网络安全技术有限公司 | Data transmission system and data transmission method |
| CN106325202A (en) * | 2016-09-29 | 2017-01-11 | 深圳市合信自动化技术有限公司 | Subroutine encrypting method, verifying method and corresponding PLC programming system |
| CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
-
2017
- 2017-08-11 CN CN201710691022.0A patent/CN107659397B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080289039A1 (en) * | 2007-05-18 | 2008-11-20 | Sap Ag | Method and system for protecting a message from an xml attack when being exchanged in a distributed and decentralized network system |
| CN101753292A (en) * | 2008-12-15 | 2010-06-23 | 汤姆森许可贸易公司 | Methods and devices for a chained encryption mode |
| CN105162599A (en) * | 2015-08-12 | 2015-12-16 | 上海众人网络安全技术有限公司 | Data transmission system and data transmission method |
| CN106325202A (en) * | 2016-09-29 | 2017-01-11 | 深圳市合信自动化技术有限公司 | Subroutine encrypting method, verifying method and corresponding PLC programming system |
| CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537314A (en) * | 2018-03-27 | 2018-09-14 | 中国工商银行股份有限公司 | Product marketing system and method based on Quick Response Code |
| CN108847930A (en) * | 2018-06-05 | 2018-11-20 | 深圳市中电数通智慧安全科技股份有限公司 | A kind of data transmission method, device and fire-fighting system |
| CN110753321A (en) * | 2018-07-24 | 2020-02-04 | 上汽通用五菱汽车股份有限公司 | Safe communication method for vehicle-mounted TBOX and cloud server |
| CN109005027A (en) * | 2018-08-16 | 2018-12-14 | 成都市映潮科技股份有限公司 | A kind of random data encryption and decryption method, apparatus and system |
| CN109005027B (en) * | 2018-08-16 | 2021-09-14 | 成都映潮科技股份有限公司 | Random data encryption and decryption method, device and system |
| CN109672523A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter |
| CN109672523B (en) * | 2018-09-25 | 2023-02-14 | 平安科技(深圳)有限公司 | Information encryption method, device and equipment based on filter and readable storage medium |
| CN109493023A (en) * | 2018-10-17 | 2019-03-19 | 珠海横琴现联盛科技发展有限公司 | Mobile payment settle accounts calculation method based on anti-tamper Encryption Algorithm |
| CN109493023B (en) * | 2018-10-17 | 2022-01-25 | 珠海横琴井通容智科技信息有限公司 | Mobile payment settlement method based on tamper-proof encryption algorithm |
| CN109450615A (en) * | 2018-11-16 | 2019-03-08 | 重庆邮电大学 | A kind of efficient OPC UA client and server data transfer encryption method |
| CN109921856B (en) * | 2019-01-25 | 2021-01-15 | 长沙天仪空间科技研究院有限公司 | Low-speed communication method and system based on light flicker of low-orbit satellite |
| CN109921856A (en) * | 2019-01-25 | 2019-06-21 | 长沙天仪空间科技研究院有限公司 | A kind of low-speed communication method and system of the optical flare based on low orbit satellite |
| CN109981266A (en) * | 2019-03-14 | 2019-07-05 | 杭州当贝网络科技有限公司 | Method and device for storing and reading key and sensitive information |
| CN109981266B (en) * | 2019-03-14 | 2022-05-13 | 杭州当贝网络科技有限公司 | Method and device for storing and reading key and sensitive information |
| CN110198320B (en) * | 2019-06-03 | 2021-10-26 | 恒宝股份有限公司 | Encrypted information transmission method and system |
| CN110198320A (en) * | 2019-06-03 | 2019-09-03 | 江苏恒宝智能系统技术有限公司 | A kind of ciphered information transmission method |
| CN114846525A (en) * | 2020-01-22 | 2022-08-02 | 华为技术有限公司 | Charging method and communication device |
| CN114846525B (en) * | 2020-01-22 | 2023-10-20 | 华为技术有限公司 | Charging method and communication device |
| WO2021237542A1 (en) * | 2020-05-27 | 2021-12-02 | 深圳市大疆创新科技有限公司 | Data processing, encryption, and decryption methods, device, and storage medium |
| CN112019541A (en) * | 2020-08-27 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Data transmission method and device, computer equipment and storage medium |
| CN112016113A (en) * | 2020-09-28 | 2020-12-01 | 同盾控股有限公司 | Data encryption and decryption method, device and system |
| CN112016113B (en) * | 2020-09-28 | 2024-04-16 | 同盾控股有限公司 | Data encryption and decryption method, device and system |
| CN112887311A (en) * | 2021-01-26 | 2021-06-01 | 北京高因科技有限公司 | Safety encryption method and device based on data transmission process |
| CN114338239A (en) * | 2022-03-03 | 2022-04-12 | 福建天晴数码有限公司 | Data encryption transmission method and system |
| CN114338239B (en) * | 2022-03-03 | 2023-09-01 | 福建天晴数码有限公司 | Method and system for data encryption transmission |
| CN116933297A (en) * | 2023-09-18 | 2023-10-24 | 深圳迅策科技有限公司 | Financial sensitive risk data security protection method |
| CN116933297B (en) * | 2023-09-18 | 2023-11-17 | 深圳迅策科技有限公司 | Financial sensitive risk data security protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107659397B (en) | 2020-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107659397A (en) | A kind of sensitive information transmission method and system | |
| CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
| CN108347419A (en) | Data transmission method and device | |
| CN107197037B (en) | A kind of data access method and system with audit function based on Cloud Server | |
| CN105307165B (en) | Communication means, server-side and client based on mobile application | |
| CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
| CN102724041B (en) | Steganography-based key transmission and key updating method | |
| CN107124274A (en) | Digital signature method and device based on SM2 | |
| CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
| CN101631305B (en) | Encryption method and system | |
| CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN108494811A (en) | data transmission security authentication method and device | |
| CN107404469B (en) | Session safety processing system, device, apparatus and method | |
| KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
| CN106411926A (en) | Data encryption communication method and system | |
| EP3673610B1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN109068322A (en) | Decryption method, system, mobile terminal, server and storage medium | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN108199847A (en) | Security processing method, computer equipment and storage medium | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| JP5324813B2 (en) | Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program | |
| CN106302452A (en) | Data encryption and decryption method and apparatus | |
| CN104253692B (en) | Key management method and device based on SE |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |