CN107733841B - Message transmission method and device based on multiple encryption - Google Patents

Message transmission method and device based on multiple encryption Download PDF

Info

Publication number
CN107733841B
CN107733841B CN201610665182.3A CN201610665182A CN107733841B CN 107733841 B CN107733841 B CN 107733841B CN 201610665182 A CN201610665182 A CN 201610665182A CN 107733841 B CN107733841 B CN 107733841B
Authority
CN
China
Prior art keywords
encryption
communication
party
message
decryption module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610665182.3A
Other languages
Chinese (zh)
Other versions
CN107733841A (en
Inventor
罗锋
赵璐
喻莉英
叶严杰
陈再翔
吴忠谦
林录生
李政甫
周吉莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610665182.3A priority Critical patent/CN107733841B/en
Publication of CN107733841A publication Critical patent/CN107733841A/en
Application granted granted Critical
Publication of CN107733841B publication Critical patent/CN107733841B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Abstract

The application provides a message transmission method and a device based on multiple encryption, and the method can comprise the following steps: acquiring message content generated by a local communication party on a local client of a preset communication application; carrying out multiple encryption on message contents according to a predefined encryption sequence through a built-in encryption and decryption module and a third-party encryption and decryption module in the client side to obtain an encrypted communication message; the built-in encryption and decryption module is provided by a preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application; and sending the encrypted communication message to a server corresponding to the preset communication application, and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message through a built-in encryption and decryption module and a third-party encryption and decryption module contained in the opposite-end client to obtain message content. According to the technical scheme, the safety of the message content in the communication process can be improved.

Description

Message transmission method and device based on multiple encryption
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for message transmission based on multiple encryption.
Background
In the related art, the communication application provides the encryption and decryption module to perform encryption and decryption processing on communication, so that even if communication messages are leaked or stolen in the communication process, the safety of message contents can be still ensured.
However, since the encryption/decryption module is provided by the communication application, when the encrypted communication message is forwarded via the server corresponding to the communication application, the server has the capability of decrypting and reading the encrypted communication message, so that some users have a concern about message security.
Disclosure of Invention
In view of the above, the present application provides a message transmission method and device based on multiple encryption, which can improve the security of message content in the communication process.
In order to achieve the above purpose, the present application provides the following technical solutions:
according to a first aspect of the present application, a message transmission method based on multiple encryption is provided, including:
acquiring message content generated by a local communication party on a local client of a preset communication application;
performing multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption and decryption module and a third-party encryption and decryption module in the home terminal client to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and sending the encrypted communication message to a server corresponding to the preset communication application, and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message by the built-in encryption and decryption module and the third-party encryption and decryption module to obtain the message content.
According to a second aspect of the present application, a message transmission method based on multiple encryption is provided, which includes:
a local communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a local client of the preset communication application; the opposite-end client side carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message;
sequentially decrypting the encrypted communication messages according to a predefined decryption order through the built-in encryption and decryption module and the third party encryption and decryption module which are contained in the home terminal client to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and outputting the message content to the local communication party.
According to a third aspect of the present application, there is provided a message transmission apparatus based on multiple encryption, comprising:
the system comprises an acquisition unit, a communication unit and a communication unit, wherein the acquisition unit is used for acquiring message contents generated by a local communication party on a local client of a preset communication application;
the encryption unit is used for carrying out multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption and decryption module and a third party encryption and decryption module in the home terminal client so as to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and the sending unit is used for sending the encrypted communication message to a server corresponding to the preset communication application and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message by the contained built-in encryption and decryption module and the third-party encryption and decryption module to obtain the message content.
According to a fourth aspect of the present application, there is provided a message transmission apparatus based on multiple encryption, comprising:
the system comprises a receiving unit, a local communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a local client of the preset communication application; the opposite-end client side carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message;
the decryption unit is used for sequentially decrypting the encrypted communication messages according to a predefined decryption sequence through the built-in encryption and decryption module and the third-party encryption and decryption module which are contained in the home terminal client so as to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and the output unit outputs the message content to the local communication party.
According to the technical scheme, the built-in encryption and decryption module and the third party encryption and decryption module are introduced, and the third party encryption and decryption module is provided by a third party different from the communication application, so that when a server corresponding to the communication application receives the communication message encrypted by the third party encryption and decryption module, the communication message cannot be decrypted, the message content can be only checked by two communication parties, and the safety of the message content in the communication process is improved.
Drawings
Fig. 1 is a diagram illustrating encrypted communication in the related art.
Fig. 2 is a flowchart of a method for transmitting a message based on multiple encryption by a sender according to an exemplary embodiment of the present application.
Fig. 3 is a flowchart of a method for transmitting a message based on multiple encryption by a receiving party according to an exemplary embodiment of the present application.
Fig. 4 is a flowchart of a message transmission method based on multiple encryption according to an exemplary embodiment of the present application.
Fig. 5 is a schematic diagram of a multiple encryption-based communication process according to an exemplary embodiment of the present application.
Fig. 6-12 are schematic diagrams of an interface for message transmission with multiple encryption according to an exemplary embodiment of the present application.
Fig. 13 is a schematic structural diagram of an electronic device of a sender according to an exemplary embodiment of the present application.
Fig. 14 is a block diagram of a message transmission apparatus based on multiple encryption for a sender according to an exemplary embodiment of the present application.
Fig. 15 is a schematic structural diagram of an electronic device of a receiving party according to an exemplary embodiment of the present application.
Fig. 16 is a block diagram of a message transmission apparatus based on multiple encryption for a receiving party according to an exemplary embodiment of the present application.
Detailed Description
Fig. 1 is a diagram illustrating encrypted communication in the related art. As shown in fig. 1, for a communication application as an example, it is assumed that a user a inputs message content using a communication client 1 provided by the communication application, and a user B receives message content through a communication client 2 provided by the communication application.
After receiving the message content input by the user a, the communication client 1 stores the message content as a history message in the local database 1, and provides the message content to the built-in encryption and decryption module of the communication client 1, and the built-in encryption and decryption module encrypts the message content to obtain an encrypted communication message. The encrypted communication message is then sent by the communication client 1 to the communication server and forwarded by the communication server to the communication client 2 used by the user B.
The communication client 1 and the communication client 2 belong to the same communication application, and are installed in respective electronic devices by the user a and the user B, but the actual composition and function are the same. Therefore, the communication client 2 also includes the above-mentioned built-in encryption/decryption module, so that the built-in encryption/decryption module can decrypt the received encrypted communication message to obtain the corresponding message content. Then, on the one hand, the message content is stored in the local database 2 corresponding to the communication client 2, and on the other hand, the communication client 2 outputs the message content to the user B, thereby completing the transmission process of the message content.
The message content is processed into the encrypted communication message through the communication client 1, so that the message content is always transmitted between the user A and the user B in the form of the encrypted communication message, even if the encrypted communication message is leaked or stolen, the leaked or stolen encrypted communication message cannot be decrypted to obtain the message content because an encryption and decryption mechanism adopted by a built-in encryption and decryption module is not known, and the message security is ensured.
However, since the built-in encryption and decryption module is manufactured by the communication application developer, that is, the communication application developer knows the encryption and decryption mechanism adopted by the built-in encryption and decryption module, and the communication application developer also maintains the communication server, the communication server needs to receive and forward the encrypted communication message, so that the communication server has the capability of decrypting the encrypted communication message, and thus some users have some concerns about message security.
Therefore, the present application solves the above-mentioned problems in the related art by optimizing an encryption scheme in a message transmission process. For further explanation of the present application, the following examples are provided:
fig. 2 is a flowchart of a method for transmitting a message based on multiple encryption by a sender according to an exemplary embodiment of the present application. As shown in fig. 2, the method may include the steps of:
step 202, obtaining message content generated by the local communication party on the local client of the preset communication application.
In this embodiment, the preset communication application may be any type of communication application, such as an instant messaging application; for example, the predetermined communication application may be an Enterprise Instant Messaging application (EIM), such as "nail driving" (DING Talk), and the like, which is not limited in this application.
In this embodiment, the multiple encryption scheme of the present application may be applied to any type of message content, for example, the message content may be various data such as text, picture, table, video, voice, file, and the like, which is not limited in this application.
Step 204, performing multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption and decryption module and a third party encryption and decryption module in the home terminal client to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application.
In this embodiment, the preset communication application may be configured with a built-in encryption/decryption module and a third-party encryption/decryption module in advance in the client program, and open application permissions to the built-in encryption/decryption module and the third-party encryption/decryption module, so that all users who download and install the client program can use the built-in encryption/decryption module and the third-party encryption/decryption module to implement the multiple encryption scheme based on the application.
In this embodiment, the preset communication application may be configured with the built-in encryption/decryption module and the third-party encryption/decryption module in advance in the client program, but only opens the application permission of the built-in encryption/decryption module, and limits the application permission of the third-party encryption/decryption module, so that the user can only apply the multiple encryption scheme based on the present application when having the application permission of the third-party encryption/decryption module. Even, the preset communication application can only preset the built-in encryption and decryption module in the client program and does not have the built-in third party encryption and decryption module, so that the multiple encryption scheme based on the application can be downloaded, installed and used only when the user has the application right to the third party encryption and decryption module.
For example, in the above embodiment, in one case, the home and peer communicants may belong to the same group, and the home and peer communicants may be configured by an administrator of the group to have application authority for multiple encryption operations, so that the multiple encryption scheme described above can be implemented. In one case, the home-end communication party and the opposite-end communication party may belong to the same group, and an administrator of the group configures an application authority for the group for multiple encryption operation, so that the home-end communication party may send an encrypted communication message to the opposite-end communication party through a group chat window corresponding to the group, thereby implementing the multiple encryption scheme of the present application.
Step 206, sending the encrypted communication message to a server corresponding to the preset communication application, and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message by the built-in encryption and decryption module and the third-party encryption and decryption module included in the opposite-end client, so as to obtain the message content.
In this embodiment, operation prompt information about multiple encryption can be shown on the home terminal client in at least one of the following ways to help the home terminal communication party to know that a plurality of encryption schemes based on the present application are currently used: displaying a first type of operation prompt information in a communication window used for sending the encrypted communication message on the local client; displaying a second type of operation prompt information in an entrance area corresponding to the communication window in a message list page of the home client; adding a third type of operation prompt information and the like in the name area of the communication window; of course, this application is not so limited.
In this embodiment, the message content may also be stored in a plain text manner in a local encryption database created by the local client. On one hand, the security of the message content can be ensured through the encryption of the database; on the other hand, the message content is stored in a plaintext mode, so that the local encryption database supports a user to execute retrieval operation on the local client, and the communication message can be conveniently and quickly searched.
Accordingly, fig. 3 is a flowchart of a message transmission method based on multiple encryption for a receiving party according to an exemplary embodiment of the present application. As shown in fig. 3, the method may include the steps of:
step 302, a local communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a local client of the preset communication application; and the opposite-end client carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message.
304, sequentially decrypting the encrypted communication messages according to a predefined decryption order through the built-in encryption and decryption module and the third-party encryption and decryption module which are contained in the home client to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application.
Step 306, outputting the message content to the local communication party.
According to the technical scheme, the built-in encryption and decryption module and the third party encryption and decryption module are introduced, and the third party encryption and decryption module is provided by a third party different from the communication application, so that when a server corresponding to the communication application receives the communication message encrypted by the third party encryption and decryption module, the communication message cannot be decrypted, the message content can be only checked by two communication parties, and the safety of the message content in the communication process is improved.
The following describes the message interaction process between the two communication parties in detail with reference to fig. 4-5; fig. 4 is a flowchart of a message transmission method based on multiple encryption according to an exemplary embodiment of the present application, and fig. 5 is a schematic diagram of a communication process based on multiple encryption according to an exemplary embodiment of the present application. As shown in fig. 4, it is assumed that a user a serves as a message sender and a user B serves as a message receiver, the user a installs a nailing client 1 of an enterprise instant messaging application nailing (taking "nailing" as an example; certainly, any other preset communication application can be used) on the used electronic device, the user B installs a nailing client 2 of the enterprise instant messaging application nailing on the used electronic device, and then multiple encrypted message transmission based on the present application is realized among the nailing client 1, the nailing server and the nailing client 2; the method may comprise the steps of:
in step 402, the stapling client 1 obtains the message content.
In the present embodiment, as shown in fig. 6, it is assumed that the user a opens a single chat window with the user B on the nail, and the user a can perform message input through the single chat window to cause the client 1 to acquire the message content described above. The message content may be in any form, such as one or more of text, emoticons, audio, pictures, video, and the like, which is not limited in this application.
Of course, user a and user B are not limited to communicating using a single chat window. For example, as shown in fig. 7, when both the user a and the user B belong to a group such as "shift committee", the user a and the user B can communicate through a group chat window corresponding to the group, and then the client 1 can use the content input by the user a through the group chat window as the above-mentioned message content; certainly, at this time, the target correspondent party of the message content includes not only the user B but also other group members such as the user C, but the processes of receiving and processing the message corresponding to each group member are consistent, and here, the description is given only by taking the user B as an example, and the other users are not described any more.
In step 404, the nailing client 1 stores the message content in the local encryption database.
In the present embodiment, the nailing client 1 creates a local database 1 such as shown in fig. 5 locally, and the local database 1 is used for storing the contents of the sent and received messages, i.e. for storing historical messages, so that the user a can look over and use the messages afterwards.
Due to the large content of the history messages, the user a is likely to use a search function in the local database 1 to search for the history messages of interest. Therefore, the local database 1 may store all history messages in plaintext to support the retrieval function. Meanwhile, the local database 1 itself can be an encryption database, so that the local database 1 is equivalent to a 'safe' for the historical messages, and the historical messages are encrypted and protected, which is beneficial to improving the information security.
And step 406, the nailing client 1 encrypts through the nailing encryption and decryption module to obtain the intermediate encrypted data 1.
In this embodiment, the nail encryption/decryption module is equivalent to the built-in encryption/decryption module in the embodiment shown in fig. 2, and here, the nail is taken as an example, so the built-in encryption/decryption module may be specifically a nail encryption/decryption module. The nail encryption and decryption module is manufactured by developers who apply nails for enterprise instant messaging, and the aim is as follows: through the encryption processing of the message content, even if the encrypted communication message is leaked or stolen, the encrypted communication message cannot be decrypted because the outside does not know the encryption and decryption mechanism adopted by the nail encryption and decryption module, and the safety of the message content is ensured.
And step 408, the nailing client 1 encrypts through the third party encryption and decryption module and processes the intermediate encrypted data 1 into an encrypted communication message.
In this embodiment, the stapling encryption and decryption module encrypts the message content to obtain intermediate encrypted data, and the third party encryption and decryption module encrypts the intermediate encrypted data to obtain the final encrypted communication message. The sequence of the staple encryption and decryption module → the third party encryption and decryption module is determined by the sequence pre-configured by the staple client 1; in fact, the plurality of encryption and decryption modules may be configured in any order, as long as it is ensured that each encryption and decryption module is executed with at least one encryption process; for example, the third party encryption and decryption module may encrypt the message content to obtain intermediate encrypted data, and then the nail encryption and decryption module may encrypt the intermediate encrypted data to obtain the final encrypted communication message.
In this embodiment, an operation prompt message related to multiple encryption may be shown on the local client (i.e., the nailing client 1), so that the user a as the local communication party knows that the communication message is protected by multiple encryption and is in a very secure communication environment. The operation prompt information may be implemented in various ways, such as:
in one case, a type of operational cue may be shown in the messaging window on the home client for sending encrypted messaging messages. For example, in the single chat communication window shown in fig. 6 or the group chat communication window shown in fig. 7, it may be shown that prompt text such as "the message in this chat is to be encrypted by a third party, the encryption service … … is provided by XX key and nail together" as one type of operation prompt information; the 'XX dense shield' is different from a third party of the nail, and the 'XX dense shield' and the nail jointly realize various encryption processing on the communication message.
In another case, another type of operation prompt message may be added in the name area of the communication window. For example, in the communication window shown in fig. 6, a mark may be shown on the right side of the name "B" as the another type of operation prompt information; and, in the communication window shown in fig. 7, a logo may be shown on the right side of the name "shift committee" as the operation prompt information of the other type.
In step 410, the nailing client 1 sends the encrypted communication message to the nailing server.
In step 412, the nailing server forwards the encrypted communication message to the nailing client 2 used by the user B, and stores the encrypted communication message into the server encryption database.
In the embodiment, the third party encryption and decryption module is provided by a third party different from the nailing of the enterprise instant messaging application, and the term "different from" should be understood as follows: the nail client 1 or other nail clients use the SDK as the third-party encryption/decryption module by embedding an SDK (Software Development Kit) provided by a third party, so as to implement encryption processing (and subsequent decryption processing) based on the third-party encryption/decryption module, and the third party and the nail for the enterprise instant messaging application are independent from each other, and no matter a nail developer, a nail client, or a nail server, the encryption/decryption mechanism adopted by the third-party encryption/decryption module cannot be known.
Therefore, only the third-party encryption and decryption module can realize decryption processing, and the third-party encryption and decryption module is only configured in the nail client, for example, the nail client 2 used by the user B as the opposite communication party, so that the nail client 2 can decrypt the encrypted communication message to obtain the message content and provide the message content to the user B for viewing. Whereas for a stapling server, only: on one hand, the encrypted communication message is directly forwarded to an opposite communication party, for example, to a nailing client 2 used by a user B; on the other hand, the encrypted communication messages are stored, so that when the user A or the user B uses other electronic equipment, or the local database 1, the local database 2 and the like are emptied accidentally, the encrypted communication messages stored in the nail server can be downloaded, and recovery and checking of the historical messages can be realized.
And for the third party: on one hand, although the third party knows the encryption and decryption mechanism of the third party encryption and decryption module, the encrypted communication message is only transmitted between the nail client and the nail server, so that the third party cannot obtain the encrypted communication message, and cannot decrypt the encrypted communication message; on the other hand, even if the third party obtains the encrypted communication message, the third party does not know the encryption and decryption mechanism of the nail encryption and decryption module, so that the final message content cannot be obtained through decryption, and the information security of the message content is ensured.
Therefore, the encrypted communication message can be obtained only by the nail client used by the opposite communication party, and the third party encryption and decryption module and the nail encryption and decryption module are called to perform decryption processing to obtain the final message content; in addition, the encrypted communication message cannot be obtained, and even if the encrypted communication message is obtained, the encrypted communication message cannot be decrypted, so that the information security in the communication process is greatly improved.
In this embodiment, the communication process between the nail client and the nail server, for example, the process of sending the encrypted communication message from the nail client 1 to the nail server, the process of sending the encrypted communication message from the nail server to the nail client 2, and the like, may be transmitted through an encryption channel based on a secure protocol, for example, a private encryption channel based on a TLS (Transport Layer Security) protocol, so as to ensure that the encrypted communication message is not stolen by the outside during the transmission process, and further improve the communication Security.
And step 414, the nailing client 2 performs decryption processing through a third party encryption and decryption module to obtain the intermediate encrypted data 2. Wherein, when the decryption process proceeds smoothly, the intermediate encrypted data 2 should be identical to the above-described intermediate decrypted data 1.
And step 416, the nailing client 2 performs decryption processing through the nailing encryption and decryption module to obtain the message content.
In the present embodiment, the execution sequence of steps 414 and 416 is consistent with the execution sequence of steps 406 and 408, which depends on the pre-configured encryption or decryption sequence and is not described herein again.
In step 418, the nailing client 2 stores the message content in the local encryption database.
In this embodiment, the local encryption database may be the local database 2 shown in fig. 5, or the like. The local database 2 is similar to the local database 1 described above, and the communication message is stored in the local database 2 in a clear text manner, so as to support the retrieval behavior of the user B.
In step 420, the stapling client 2 outputs the message content to the user B.
In the present embodiment, in the communication window of the nailing client 2 shown in fig. 8, similarly to the communication window shown in fig. 7, it is also possible to prompt the user B of the opposite communication party to know that the current communication is in a secure environment by showing a prompt text such as "a message in this chat will be encrypted by a third party, an encryption service … … provided by XX key and nailing together", and a flag may be shown on the right side of the name "nail committee".
In addition, still another type of operation prompt information can be shown in an entrance area corresponding to the communication window in the message list page; for example, fig. 9 shows a message list page corresponding to the nailing client 2, and in the entry area of the communication window "nail shift committee", "C", etc., for example, on the right side of the name "nail shift committee", "C", etc., a flag may be shown as still another type of operation prompting information.
In this embodiment, after downloading and installing the nail client, both the user a and the user B (or the local communication party and the opposite communication party in other communication processes) can obtain the application authority of the built-in nail encryption and decryption module; for the application authority of the third party encryption and decryption module, there may be a plurality of situations:
under one condition, after the user A, the user B or any other user downloads and installs the nail client, the application authority of the third-party encryption and decryption module can be obtained, and therefore the multiple encryption scheme of the application is achieved.
In another case, the user a and the user B may be configured with the application authority of the third-party encryption and decryption module after downloading and installing the nailing client, rather than automatically acquiring the application authority. For example, when user a and user B belong to the same community "AA company", the administrator of the community may configure a third party encryption/decryption module provided by, for example, "XX crypt" for the community through an administration page such as that shown in fig. 10.
The administrator can configure the application authority of the third-party encryption and decryption module for the group members under the group 'AA company'. For example, the administrator may configure the application authority of the user a to the third-party encryption/decryption module through the chat setting page shown in fig. 11, for example, the "message third-party encryption" option in fig. 11 is displayed as "not turned on", which indicates that the user a does not have the application authority to the third-party encryption/decryption module at this time. Similarly, the administrator may also configure other members of the community, such as user B, and details thereof are not repeated here.
The administrator may also configure the application authority for the third party encryption and decryption module for a group under the community "AA company". For example, the administrator may configure the application authority of the group "nail executive" to the third-party encryption/decryption module through the group setup page shown in fig. 12, for example, the "message third-party encryption" option in fig. 12 is displayed as "turned on", which indicates that the group "nail executive" has the application authority to the third-party encryption/decryption module, and all communication messages transmitted through the group "nail executive" are transmitted securely by using the multiple encryption scheme of the basic application.
Of course, the administrator may also perform rights management through other dimensions, which is not limited in this application. For example, the authority may be given to some types of communication messages such as pictures, videos, and files, so that these types of communication messages are forcibly transmitted by communication using the multiple encryption scheme according to the present application, while the authority is not given to other types of communication messages such as texts, and only the encryption scheme in the related art (for example, only the built-in encryption/decryption module is applied) may be used for transmission by communication. For another example, in combination with organization structure information of the group, application permissions may be given only to some departments, such as "manager room", "development department", and the like, in the group, so that group employees of these departments forcibly adopt the multiple encryption scheme based on the present application for communication, and group employees of other departments do not give permissions.
FIG. 13 shows a schematic block diagram of an electronic device according to an example embodiment of the present application. Referring to fig. 13, at the hardware level, the electronic device includes a processor 1302, an internal bus 1304, a network interface 1306, a memory 1308, and a non-volatile memory 1310, but may also include other hardware required for services. The processor 1302 reads a corresponding computer program from the non-volatile memory 1310 to the memory 1308 and then runs, thereby forming a message transmission apparatus based on multiple encryption on a logical level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 14, in a software implementation, the message transmission apparatus based on multiple encryption may include an obtaining unit 1402, an encrypting unit 1404, and a sending unit 1406. Wherein:
an obtaining unit 1402, configured to obtain message content generated by a local communication party on a local client of a preset communication application;
an encryption unit 1404, configured to perform multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption/decryption module and a third-party encryption/decryption module in the home client, so as to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
the sending unit 1406 sends the encrypted communication message to a server corresponding to the preset communication application, and forwards the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, where the opposite-end client decrypts the encrypted communication message by the included built-in encryption and decryption module and the third-party encryption and decryption module to obtain the message content.
Optionally, the method further includes:
a prompt unit 1408 that shows operation prompt information on the multiple encryption on the home client by at least one of:
displaying a first type of operation prompt information in a communication window used for sending the encrypted communication message on the local client;
displaying a second type of operation prompt information in an entrance area corresponding to the communication window in a message list page of the home client;
and adding a third type of operation prompt information in the name area of the communication window.
Optionally, the local-end communication party and the opposite-end communication party belong to the same group, and the local-end communication party and the opposite-end communication party are configured by an administrator of the group to have application permission for the multiple encryption operation.
Optionally, the local-end communication party and the opposite-end communication party belong to the same group, and an administrator of the group configures the application authority for the multiple encryption operations for the group; and the encrypted communication message is sent to the opposite-end communication party by the local-end communication party through the group chat window corresponding to the group.
Optionally, the method further includes:
a storage unit 1410, storing the message content in a plain text manner in a local encryption database created by the local client.
FIG. 15 shows a schematic block diagram of an electronic device according to an example embodiment of the present application. Referring to fig. 15, at the hardware level, the electronic device includes a processor 1502, an internal bus 1504, a network interface 1506, a memory 1508, and a non-volatile storage 1510, although other hardware required for services may be included. The processor 1502 reads a corresponding computer program from the non-volatile memory 1510 into the memory 1508 and then runs the computer program, thereby forming a message transmission apparatus based on multiple encryption on a logical level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 16, in a software implementation, the multiple encryption based message transmission apparatus may include a receiving unit 1602, a decrypting unit 1604, and an outputting unit 1606. Wherein:
a receiving unit 1602, where a home-end communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a home-end client of the preset communication application; the opposite-end client side carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message;
a decryption unit 1604, configured to sequentially decrypt the encrypted communication messages according to a predefined decryption order through the built-in encryption/decryption module and the third-party encryption/decryption module included in the local client, so as to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and an output unit 1606 configured to output the message content to the local communication party.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (14)

1. A message transmission method based on multiple encryption, comprising:
acquiring message content generated by a local communication party on a local client of a preset communication application;
performing multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption and decryption module and a third-party encryption and decryption module in the home terminal client to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and sending the encrypted communication message to a server corresponding to the preset communication application, and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message by the built-in encryption and decryption module and the third-party encryption and decryption module to obtain the message content.
2. The method of claim 1, further comprising: displaying operation prompt information on the multiple encryption on the local client by at least one of the following methods:
displaying a first type of operation prompt information in a communication window used for sending the encrypted communication message on the local client;
displaying a second type of operation prompt information in an entrance area corresponding to the communication window in a message list page of the home client;
and adding a third type of operation prompt information in the name area of the communication window.
3. The method according to claim 1, wherein the home correspondent and the peer correspondent belong to the same community, and the home correspondent and the peer correspondent are configured by an administrator of the community to have application authority for the multiple encryption operations.
4. The method according to claim 1, wherein the local communication party and the opposite communication party belong to a same group, and an administrator of the group configures the group with application authority for the multiple encryption operations; and the encrypted communication message is sent to the opposite-end communication party by the local-end communication party through the group chat window corresponding to the group.
5. The method of claim 1, further comprising:
storing the message content in a local encryption database created by the local client in a clear text mode.
6. A message transmission method based on multiple encryption, comprising:
a local communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a local client of the preset communication application; the opposite-end client side carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message;
sequentially decrypting the encrypted communication messages according to a predefined decryption order through the built-in encryption and decryption module and the third party encryption and decryption module which are contained in the home terminal client to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and outputting the message content to the local communication party.
7. A message transmission apparatus based on multiple encryption, comprising:
the system comprises an acquisition unit, a communication unit and a communication unit, wherein the acquisition unit is used for acquiring message contents generated by a local communication party on a local client of a preset communication application;
the encryption unit is used for carrying out multiple encryption on the message content according to a predefined encryption sequence through a built-in encryption and decryption module and a third party encryption and decryption module in the home terminal client so as to obtain an encrypted communication message; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and the sending unit is used for sending the encrypted communication message to a server corresponding to the preset communication application and forwarding the encrypted communication message to an opposite-end client provided by the preset communication application to an opposite-end communication party by the server, wherein the opposite-end client decrypts the encrypted communication message by the contained built-in encryption and decryption module and the third-party encryption and decryption module to obtain the message content.
8. The apparatus of claim 7, further comprising:
a prompt unit that shows operation prompt information on the multiple encryption on the home client by at least one of:
displaying a first type of operation prompt information in a communication window used for sending the encrypted communication message on the local client;
displaying a second type of operation prompt information in an entrance area corresponding to the communication window in a message list page of the home client;
and adding a third type of operation prompt information in the name area of the communication window.
9. The apparatus of claim 7, wherein the home communicator and the peer communicator belong to a same community, and wherein the home communicator and the peer communicator are configured by an administrator of the community to have application authority for the multiple encryption operations.
10. The apparatus according to claim 7, wherein the local correspondent and the opposite correspondent belong to a same group, and an administrator of the group configures the group with application authority for the multiple encryption operations; and the encrypted communication message is sent to the opposite-end communication party by the local-end communication party through the group chat window corresponding to the group.
11. The apparatus of claim 7, further comprising:
and the storage unit stores the message content in a local encryption database created by the local client in a clear text manner.
12. A message transmission apparatus based on multiple encryption, comprising:
the system comprises a receiving unit, a local communication party receives an encrypted communication message from an opposite-end client provided by a preset communication application to an opposite-end communication party on a local client of the preset communication application; the opposite-end client side carries out various encryption through a built-in encryption and decryption module and a third-party encryption and decryption module to obtain the encrypted communication message;
the decryption unit is used for sequentially decrypting the encrypted communication messages according to a predefined decryption sequence through the built-in encryption and decryption module and the third-party encryption and decryption module which are contained in the home terminal client so as to obtain message contents; the built-in encryption and decryption module is provided by the preset communication application, and the third party encryption and decryption module is provided by a third party different from the preset communication application;
and the output unit outputs the message content to the local communication party.
13. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-6 by executing the executable instructions.
14. A computer-readable storage medium having stored thereon computer instructions, which, when executed by a processor, carry out the steps of the method according to any one of claims 1-6.
CN201610665182.3A 2016-08-12 2016-08-12 Message transmission method and device based on multiple encryption Active CN107733841B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610665182.3A CN107733841B (en) 2016-08-12 2016-08-12 Message transmission method and device based on multiple encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610665182.3A CN107733841B (en) 2016-08-12 2016-08-12 Message transmission method and device based on multiple encryption

Publications (2)

Publication Number Publication Date
CN107733841A CN107733841A (en) 2018-02-23
CN107733841B true CN107733841B (en) 2021-01-26

Family

ID=61201462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610665182.3A Active CN107733841B (en) 2016-08-12 2016-08-12 Message transmission method and device based on multiple encryption

Country Status (1)

Country Link
CN (1) CN107733841B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111368271A (en) * 2020-03-10 2020-07-03 山东汇贸电子口岸有限公司 Method and system for realizing password management based on multiple encryption
CN114978564B (en) * 2021-04-20 2023-07-14 中移互联网有限公司 Data transmission method and device based on multiple encryption
CN116112458A (en) * 2023-02-09 2023-05-12 网易(杭州)网络有限公司 Communication method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007254A (en) * 2014-04-17 2015-10-28 腾讯科技(深圳)有限公司 Data transmission method and system, and terminal
CN105262772A (en) * 2015-11-06 2016-01-20 腾讯科技(深圳)有限公司 Data transmission method, data transmission system and related apparatus for data transmission method and system
CN105281907A (en) * 2014-07-11 2016-01-27 腾讯科技(深圳)有限公司 Encrypted data processing method and apparatus
CN105635144A (en) * 2015-12-29 2016-06-01 普奥云信息科技(北京)有限公司 Cloud-platform-server-based data processing method and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141243A (en) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 Device and method for carrying out security check and content filtering on communication data
CN103258168B (en) * 2012-02-17 2016-08-10 西门子公司 The encryption system of programmable logic controller (PLC) and encryption method thereof
US8713311B1 (en) * 2012-11-07 2014-04-29 Google Inc. Encryption using alternate authentication key
CN103179114B (en) * 2013-03-15 2015-09-23 华中科技大学 Data fine-grained access control method during a kind of cloud stores
CN103152362B (en) * 2013-03-28 2015-09-16 胡祥义 Based on the large data files encrypted transmission method of cloud computing
CN104580086A (en) * 2013-10-17 2015-04-29 腾讯科技(深圳)有限公司 Information transmission method, client side, server and system
CN105847261B (en) * 2016-03-29 2019-01-29 江苏翔晟信息技术股份有限公司 A kind of electronic signature method based on the wireless encryption and decryption of bluetooth

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007254A (en) * 2014-04-17 2015-10-28 腾讯科技(深圳)有限公司 Data transmission method and system, and terminal
CN105281907A (en) * 2014-07-11 2016-01-27 腾讯科技(深圳)有限公司 Encrypted data processing method and apparatus
CN105262772A (en) * 2015-11-06 2016-01-20 腾讯科技(深圳)有限公司 Data transmission method, data transmission system and related apparatus for data transmission method and system
CN105635144A (en) * 2015-12-29 2016-06-01 普奥云信息科技(北京)有限公司 Cloud-platform-server-based data processing method and system

Also Published As

Publication number Publication date
CN107733841A (en) 2018-02-23

Similar Documents

Publication Publication Date Title
US10009321B2 (en) Method performed by at least one server for processing a data packet from a first computing device to a second computing device to permit end-to-end encryption communication
US9537864B2 (en) Encryption system using web browsers and untrusted web servers
US9767299B2 (en) Secure cloud data sharing
CN104917759B (en) Based on third-party secure file storage and shared system and method
US9078127B2 (en) Secure Communication Method
KR102066025B1 (en) Systems and methods for protecting data loss while protecting privacy
US10250385B2 (en) Customer call logging data privacy in cloud infrastructure
CN105743917B (en) Message transmission method and terminal
CN107733841B (en) Message transmission method and device based on multiple encryption
KR101379711B1 (en) Method for file encryption and decryption using telephone number
Michalas et al. Secgod google docs: Now i feel safer!
US11163892B2 (en) Buffering data until encrypted destination is unlocked
US20230208619A1 (en) Method to request sensitive data from a recipient and to establish a secure communication with the recipient
KR20170084802A (en) Methdo and system for transmitting secure data in a terminal
WO2015156145A1 (en) Re-encryption method, re-encryption system, and re-encryption device
WO2021129681A1 (en) Scheduling method and apparatus, and medium and device
US10263968B1 (en) Security measure for exchanging keys over networks
US9843563B2 (en) Securing relayed email communication
US9537842B2 (en) Secondary communications channel facilitating document security
CN110875820A (en) Management method and system for multimedia content protection key and key agent device
CN110417638B (en) Communication data processing method and device, storage medium and electronic device
CN110876071B (en) Method and system for managing multimedia content protection key
EP3557469B1 (en) System, method and computer program for secure data exchange
Aziz et al. SIMSSP: Secure Instant Messaging System for Smart Phones
Fernandes et al. Online conversation application with confidentiality, anonymity, and identity requirements

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1251369

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant