CN109450881B - A kind of data transmission system, method and device - Google Patents

A kind of data transmission system, method and device Download PDF

Info

Publication number
CN109450881B
CN109450881B CN201811259224.9A CN201811259224A CN109450881B CN 109450881 B CN109450881 B CN 109450881B CN 201811259224 A CN201811259224 A CN 201811259224A CN 109450881 B CN109450881 B CN 109450881B
Authority
CN
China
Prior art keywords
key
data
data transmission
ciphertext
secrete
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811259224.9A
Other languages
Chinese (zh)
Other versions
CN109450881A (en
Inventor
安晓江
胡伯良
蒋红宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Haitai Fangyuan Technology Co Ltd
Original Assignee
Tianjin Haitai Fangyuan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Haitai Fangyuan Technology Co Ltd filed Critical Tianjin Haitai Fangyuan Technology Co Ltd
Priority to CN201811259224.9A priority Critical patent/CN109450881B/en
Publication of CN109450881A publication Critical patent/CN109450881A/en
Application granted granted Critical
Publication of CN109450881B publication Critical patent/CN109450881B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Abstract

The invention discloses a kind of data transmission system, method and device, be applied to technical field of data transmission, to solve the problems, such as communication data easily reveal, key maintenance cost it is high.Specifically: first data transmission client encrypts communication data using data encryption key to obtain ciphertext data, after data encryption key is converted to secrete key, data transport service end is sent by ciphertext data and secrete key by digital envelope, the second data transmission client is forwarded to by data transport service end;After secrete key is reduced into data encryption key by the second data transmission client, the first ciphertext data are decrypted to obtain communication data using data encryption key.In this way, data transport service end can only obtain secrete key, and communication data can not be decrypted using secrete key, ensure that the safety of communication data, moreover, a large amount of shared key of data transmission client Maintenance free, thereby reduces key maintenance cost.

Description

A kind of data transmission system, method and device
Technical field
The present invention relates to Data Encryption Transmission technical field more particularly to a kind of data transmission systems, method and device.
Background technique
Currently, for encrypted transmission there are mainly two types of the method for communication data:
(1) based on the encrypted transmission method of digital envelope.Specifically, data transmission client is using symmetric key to communication Data are encrypted, and obtain the ciphertext data of communication data, and using the service public key at data transport service end to symmetric key It is encrypted, obtains the ciphertext data of symmetric key, by the ciphertext number of the ciphertext data of obtained communication data and symmetric key According to data transport service end is sent to, target data transmission client is transmitted to by data transport service end.
Obviously, in this encrypted transmission method based on digital envelope, data transport service end can decrypt all Communication data, it is understood that there may be the security risk that communication data is leaked.
(2) based on the encrypted transmission method of shared key.Specifically, data transmission client is using shared key to communication Data are encrypted, and after obtaining the ciphertext data of communication data, the ciphertext data of shared key and communication data are sent together Data transport service end is given, data transport service end relays to the target data transmission client.
Obviously, in the encrypted transmission method based on shared key, as long as having cracked shared key, anyone can be solved Close communication data out, to cause the leakage of communication data.Moreover, data transmission client need safeguard largely share it is close Key can carry out data transmission from different target data transmission clients, to increase the maintenance cost of shared key.
Summary of the invention
The embodiment of the invention provides a kind of data transmission system, method, apparatus, equipment and media, existing to solve The encrypted transmission method based on digital envelope in technology exists since communication data is easy to be led by the decryption of data transport service end The problems such as causing communication data leakage, and there are communication datas easily to reveal, key dimension based on the encrypted transmission method of shared key Protect the problems such as at high cost.
Specific technical solution provided in an embodiment of the present invention is as follows:
A kind of data transmission system, comprising: first data transmission client, data transport service end and the second data Transmission client, wherein
First data transmission client for obtaining communication data, and generates data encryption key;It is close using data encryption Key encrypts communication data, obtains the first ciphertext data;Key conversion processing is carried out to data encryption key, is hidden Key, and using the service public key at data transport service end, secrete key is encrypted, the second ciphertext data are obtained;By One ciphertext data and the second ciphertext data are sent to data transport service end;Wherein, secrete key is used in data transport service End carries out leakage-preventing protection to data encryption key;
Data transport service end, for receiving the first ciphertext data and the second ciphertext data;Utilize data transport service end Service private key, the second ciphertext data are decrypted, obtain secrete key, and utilize the communication of the second data transmission client Public key encrypts secrete key, obtains third ciphertext data;First ciphertext data and third ciphertext data are sent to Two data transmission clients;
Second data transmission client, for receiving the first ciphertext data and third ciphertext data;It is passed using the second data The communication private key of defeated client is decrypted third ciphertext data, obtains secrete key;Key recovery is carried out to secrete key Processing, is obtained data encryption key, and the first ciphertext data are decrypted using data encryption key, obtains communication data.
In data transmission system provided in an embodiment of the present invention, first data transmission client, for based on built-in Transition key carries out key conversion processing to data encryption key, obtains secrete key;
Second data transmission client, for carrying out key recovery processing to secrete key based on built-in transition key, Obtain data encryption key.
Data transmission system provided in an embodiment of the present invention further include: cipher key management services end, wherein
Cipher key management services end, for generating transition key;Using the communication public key of first data transmission client, to turning It changes key to be encrypted, obtains the first conversion ciphertext data, and the first conversion ciphertext data are sent to first data transmission visitor Family end;Using the communication public key of the second data transmission client, transition key is encrypted, obtains the second conversion ciphertext number According to, and the second conversion ciphertext data are sent to the second data transmission client;
First data transmission client, it is close to the first conversion for the communication private key using first data transmission client Literary data are decrypted, and obtain transition key;Based on the transition key decrypted, data encryption key is carried out at key conversion Reason, obtains secrete key;
Second data transmission client, it is close to the second conversion for the communication private key using the second data transmission client Literary data are decrypted, and obtain transition key;Based on the transition key decrypted, key recovery processing is carried out to secrete key, Obtain data encryption key.
In data transmission system provided in an embodiment of the present invention, first data transmission client, for data encryption Key and transition key carry out exclusive or processing, obtain secrete key;Alternatively, data encryption key and transition key are carried out or are located Reason, obtains secrete key;Alternatively, carried out to data encryption key and transition key and operation, hidden and key, and to hidden Hiding and key carry out Hash processing, obtain secrete key;
Second data transmission client obtains data encryption for carrying out exclusive or processing to secrete key and transition key Key;Alternatively, secrete key and transition key are carried out or handled, data encryption key is obtained;Alternatively, to secrete key and turning It changes key to carry out and operation, is restored and key, and Hash processing is carried out to reduction and key, obtain data encryption key.
In data transmission system provided in an embodiment of the present invention, first data transmission client is also used to if it is determined that logical Letter data corresponds to multiple second data transmission clients, then obtains the corresponding mark letter of multiple second data transmission clients Breath, and according to multiple corresponding identification informations of target data transmission client, user list is generated, and user is arranged Table, the first ciphertext data and the second ciphertext data are sent to data transport service end;
Data transport service end is also used to receive user list, the first ciphertext data and the second ciphertext data;Utilize data The service private key for transmitting server-side, is decrypted the second ciphertext data, after obtaining secrete key, records according in user list Multiple corresponding identification informations of second data transmission client, determine that multiple second data transmission clients respectively correspond to Communication public key, and utilize the corresponding communication public key of multiple second data transmission clients, secrete key is carried out respectively Encryption, obtains the corresponding third ciphertext data of multiple second data transmission clients;Multiple second data are transmitted into client Corresponding third ciphertext data and the first ciphertext data are held to be sent to corresponding second data transmission client.
A kind of data transmission method is applied to first data transmission client, comprising:
Communication data is obtained, and generates data encryption key;
Communication data is encrypted using data encryption key, obtains the first ciphertext data;
Key conversion processing is carried out to data encryption key, obtains secrete key, and utilize the clothes at data transport service end Business public key, encrypts secrete key, obtains the second ciphertext data;Wherein, secrete key is used at data transport service end Leakage-preventing protection is carried out to data encryption key;
First ciphertext data and the second ciphertext data are sent to data transport service end.
In data transmission method provided in an embodiment of the present invention, key conversion processing is carried out to data encryption key, is obtained To secrete key, comprising:
Read built-in transition key;
Based on transition key, key conversion processing is carried out to data encryption key, obtains secrete key.
In data transmission method provided in an embodiment of the present invention, key conversion processing is carried out to data encryption key, is obtained To secrete key, comprising:
Using the communication private key of first data transmission client, the first conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the first conversion ciphertext data are that cipher key management services end utilizes first data transmission The communication public key of client, encrypts the transition key of generation;
Based on transition key, key conversion processing is carried out to data encryption key, obtains secrete key.
In data transmission method provided in an embodiment of the present invention, it is based on transition key, data encryption key is carried out close Key conversion process, obtains secrete key, comprising:
Exclusive or processing is carried out to data encryption key and transition key, obtains secrete key;Alternatively,
Data encryption key and transition key are carried out or handled, secrete key is obtained;Alternatively,
Data encryption key and transition key are carried out and operation, hidden and key, and to hiding and key progress Hash processing, obtains secrete key.
In data transmission method provided in an embodiment of the present invention, however, it is determined that communication data corresponds to multiple second data transmission Client, then further include:
Obtain multiple corresponding identification informations of second data transmission client;
According to multiple corresponding identification informations of target data transmission client, user list is generated;
User list, the first ciphertext data and the second ciphertext data are sent to data transport service end.
A kind of data transmission method is applied to data transport service end, comprising:
Receive the first ciphertext data and the second ciphertext data that first data transmission client is sent;Wherein, the first ciphertext Data are first data transmission clients using the data encryption key generated, are encrypted to obtain to the communication data of acquisition 's;Second ciphertext data are that first data transmission client carries out key conversion processing to data encryption key, obtain hiding close Key, and secrete key is encrypted using the service public key at data transport service end;
Using the service private key at data transport service end, the second ciphertext data are decrypted, obtain secrete key, and benefit With the communication public key of the second data transmission client, secrete key is encrypted, obtains third ciphertext data;
First ciphertext data and third ciphertext data are sent to the second data transmission client.
In data transmission method provided in an embodiment of the present invention, the record of first data transmission client transmission is received There are user list, the first ciphertext data and the second ciphertext data of the identification information of multiple second data transmission clients, then also Include:
According to the multiple corresponding identification informations of second data transmission client recorded in user list, determine multiple The corresponding communication public key of second data transmission client;
Using the corresponding communication public key of multiple second data transmission clients, secrete key is encrypted respectively, Obtain the corresponding third ciphertext data of multiple second data transmission clients;
The corresponding third ciphertext data of multiple second data transmission clients and the first ciphertext data are sent to phase The the second data transmission client answered.
A kind of data transmission method is applied to the second data transmission client, comprising:
The the first ciphertext data for receiving the transmission of data transport service end and data transport service end are according to the second ciphertext number According to obtained third ciphertext data;Wherein, the first ciphertext data are that first data transmission client utilizes the data encryption generated Key encrypts the communication data of acquisition to obtain and be sent to data transport service end;Second ciphertext data are first Data transmission client carries out key conversion processing to data encryption key, after obtaining secrete key, utilizes data transport service The service public key at end encrypts secrete key to obtain and be sent to the data transport service end;Third ciphertext data are Data transport service end utilizes the service private key at data transport service end, is decrypted to the second ciphertext data, obtains hiding close Key, and using the communication public key of the second data transmission client, secrete key is encrypted;Wherein, secrete key For carrying out leakage-preventing protection to data encryption key at data transport service end;
Using the communication private key of the second data transmission client, third ciphertext data are decrypted, secrete key is obtained;
Key recovery processing is carried out to secrete key, obtains data encryption key, and using data encryption key to first Ciphertext data are decrypted, and obtain communication data.
In data transmission method provided in an embodiment of the present invention, key recovery processing is carried out to secrete key, is counted According to encryption key, comprising:
Read built-in transition key;
Based on transition key, key recovery processing is carried out to secrete key, obtains data encryption key.
In data transmission method provided in an embodiment of the present invention, key recovery processing is carried out to secrete key, is counted According to encryption key, comprising:
Using the communication private key of the second data transmission client, the second conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the second conversion ciphertext data are that cipher key management services end is transmitted using the second data The communication public key of client, encrypts the transition key of generation;
Based on transition key, key recovery processing is carried out to secrete key, obtains data encryption key.
In data transmission method provided in an embodiment of the present invention, it is based on transition key, key is carried out also to secrete key Original place reason, obtains data encryption key, comprising:
Exclusive or processing is carried out to secrete key and transition key, obtains data encryption key;Alternatively,
Secrete key and transition key are carried out or handled, data encryption key is obtained;Alternatively,
Secrete key and transition key are carried out and operation, restored and key, and Hash is carried out to reduction and key Processing, obtains data encryption key.
A kind of data transmission device is applied to first data transmission client, comprising:
Data capture unit, for obtaining communication data;
First encryption unit for generating data encryption key, and utilizes data encryption key, obtains to data capture unit The communication data obtained is encrypted, and the first ciphertext data are obtained;
Key converting unit, the data encryption key for generating to the first encryption unit carry out key conversion, obtain hidden Hide key;Wherein, secrete key is used to carry out leakage-preventing protection to data encryption key at data transport service end;
Second encryption unit, for the service public key using data transport service end, to the hidden of key converting unit conversion Hiding key is encrypted, and the second ciphertext data are obtained;
Data transmission unit, what the first ciphertext data and the second encryption unit for obtaining the first encryption unit obtained Second ciphertext data are sent to data transport service end.
A kind of data transmission device is applied to data transport service end, comprising:
Data receipt unit, for receiving the first ciphertext data and the second ciphertext number of the transmission of first data transmission client According to;Wherein, the first ciphertext data are first data transmission clients using the data encryption key generated, to the communication number of acquisition According to what is encrypted;Second ciphertext data are that first data transmission client carries out at key conversion data encryption key Reason, obtains secrete key, and secrete key is encrypted using the service public key at data transport service end;
Data encrypting and deciphering unit receives data receipt unit for the service private key using data transport service end The second ciphertext data be decrypted, secrete key is obtained, and using the communication public key of the second data transmission client, to hiding Key is encrypted, and third ciphertext data are obtained;
Data forwarding unit, the first ciphertext data and data encryption/decryption element for receiving data receipt unit obtain The third ciphertext data obtained are sent to the second data transmission client.
A kind of data transmission device is applied to the second data transmission client, comprising:
Data receipt unit transmits the first ciphertext data and data transport service that server-side is sent for receiving data Hold the third ciphertext data obtained according to the second ciphertext data;Wherein, the first ciphertext data are first data transmission client benefits With the data encryption key of generation, the communication data of acquisition is encrypted to obtain and be sent to the data transport service end 's;Second ciphertext data are that first data transmission client carries out key conversion processing to data encryption key, obtain hiding close After key, secrete key is encrypted to obtain and be sent to data transport service end using the service public key at data transport service end 's;Third ciphertext data be data transport service end utilize data transport service end service private key, to the second ciphertext data into Row decryption obtains secrete key, and using the communication public key of the second data transmission client, is encrypted to obtain to secrete key 's;Wherein, secrete key is used to carry out leakage-preventing protection to data encryption key at data transport service end;
First decryption unit receives data receipt unit for the communication private key using the second data transmission client To third ciphertext data be decrypted, obtain secrete key;
Key recovery unit, the secrete key for decrypting to the first decryption unit carry out key recovery processing, obtain Data encryption key;
Second decryption unit connects data receipt unit for the data encryption key using the reduction of key recovery unit The the first ciphertext data received are decrypted, and obtain communication data.
A kind of data transmission set, comprising: memory, the computer program of processor and storage on a memory, processing The step of device realizes data transmission method provided in an embodiment of the present invention when executing computer program.
A kind of computer storage medium, computer storage medium are stored with executable program, executable code processor Execute the step of realizing data transmission method provided in an embodiment of the present invention.
The embodiment of the present invention has the beneficial effect that:
In the embodiment of the present invention, since data encryption key is converted to secrete key by data transmission client, so, Even if data transport service end can using service private key the second ciphertext data are decrypted, be only able to get hide it is close Key, and the secrete key is not the key of coded communication data, data transport service end can not decrypt communication data, to the greatest extent may be used The easy leakage problem of communication data is avoided to energy, the safety of communication data has effectively been ensured, moreover, data transmission client The a large amount of shared key of Maintenance free, can also realize the secure encrypted transmission of communication data, significantly reduce key maintenance at This.
Detailed description of the invention
Figure 1A is a kind of system framework schematic diagram of the data transmission system provided in the embodiment of the present invention;
Figure 1B is the system framework schematic diagram of another data transmission system provided in the embodiment of the present invention;
Fig. 2 is the flow diagram of the data transmission method provided in the embodiment of the present invention;
Fig. 3 is to be provided in the embodiment of the present invention when with " data transmission system is that mailbox system, sender are objective by mailbox Family end A shows to the process that mailbox customer end B and mailbox client C mass-send data transmission method when file D " is concrete application scene It is intended to;
Fig. 4 is the function of the data transmission device applied to first data transmission client provided in the embodiment of the present invention Structural schematic diagram;
Fig. 5 is the function of the data transmission device applied to the second data transmission client provided in the embodiment of the present invention Structural schematic diagram;
Fig. 6 is the functional structure of the data transmission device applied to data transport service end provided in the embodiment of the present invention Schematic diagram;
Fig. 7 is the hardware structural diagram of the data transmission set provided in the embodiment of the present invention.
Specific embodiment
Exist to solve the encrypted transmission method based on digital envelope since communication data is easy by data transport service End decryption lead to problems such as communication data reveal and there are communication datas easily to reveal based on the encrypted transmission method of shared key, The problems such as key maintenance cost is high, inventors have seen that, data transmission client can use the data encryption of generation Cipher key pair communication data are encrypted, and are obtained the first ciphertext data, and carry out key conversion to the data encryption key of generation, are obtained To after secrete key, using the service public key at data transport service end, which is encrypted, obtains the second ciphertext number According to, and by the first ciphertext data and the second ciphertext data send data transport service end;It data transport service end can benefit With service private key, the second ciphertext data are decrypted, after obtaining secrete key, utilize the communication of target data transmission client Public key encrypts secrete key, obtains third ciphertext data, and the first ciphertext data and third ciphertext data are sent to Target data transmission client;Target data transmission client can use communication private key, and third ciphertext data are decrypted, After obtaining secrete key, key recovery processing is carried out to secrete key, obtains data encryption key, and is close using data encryption The first ciphertext data are decrypted in key, obtain communication data and are shown to user.In this way, since data transmission client will count It is converted to secrete key according to encryption key, so, even if data transport service end can be using service private key to the second ciphertext Data are decrypted, and are only able to get secrete key, and the secrete key is not the key of coded communication data, data Transmission server-side can not decrypt communication data, be avoided as much as the easy leakage problem of communication data, effectively ensure logical The safety of letter data, moreover, a large amount of shared key of data transmission client Maintenance free, can also realize the peace of communication data Full encrypted transmission significantly reduces key maintenance cost.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, is not whole embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
To facilitate the understanding of the present invention, portion of techniques term involved in the embodiment of the present invention is illustrated first.
Data transmission client is a kind of application software that can be transmitted data and can interact with user, such as: Mailbox, cloud storage software, communication software etc..
Data transport service end for that can safeguard the data that user is transmitted by data transmission client, and passes for data Defeated client provides the running background equipment of the functions such as memory space.
Cipher key management services end, for the communication public key of data transmission client and the clothes of data transmission server-side can be managed Business public key, and be the running background equipment of management data transmission client configuration transition key.
Data transmission set, to support wire communication and/or terminal, the server of wireless communication etc., such as: mobile phone is put down It plate computer, personal digital assistant (Personal Digital Assistant, PDA), computer or other can be realized The equipment etc. for stating function.
Data encryption key, the key for coded communication data generated at random for data transmission client.
Transition key, for be built in data transmission client or cipher key management services end be allocated to data transmit client The key for being converted to data encryption key at end.
Secrete key, to be used in data to what is obtained after data encryption key progress key conversion using transition key Transmission server-side carries out the key of leakage-preventing protection to data encryption key.
It should be noted that referenced herein " first ", " second " etc. are to be used to distinguish similar objects, without It is used to describe a particular order or precedence order.It should be understood that the data used in this way are interchangeable under appropriate circumstances, so as to The embodiments described herein can be implemented with the sequence other than the content for illustrating or describing herein.In addition, herein " multiple " referred to refer to two or more."and/or" describes the incidence relation of affiliated partner, indicates may exist three Kind relationship, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Character "/" typicallys represent the relationship that forward-backward correlation object is a kind of "or".
Secondly, data transmission system provided in an embodiment of the present invention is described in detail, specifically, A institute refering to fig. 1 Show, the data transmission system 100 of example embodiment of the present invention includes: first data transmission client 101, data transport service End 102 and the second data transmission client 103, wherein
First data transmission client 101 for obtaining communication data, and generates data encryption key;Using data plus Close cipher key pair communication data are encrypted, and the first ciphertext data are obtained;Key conversion processing is carried out to data encryption key, is obtained Secrete key, and using the service public key at data transport service end 102, secrete key is encrypted, the second ciphertext number is obtained According to;First ciphertext data and the second ciphertext data are sent to data transport service end 102;Wherein, secrete key is used in number Leakage-preventing protection is carried out to data encryption key according to transmission server-side 102;
Data transport service end 102, for receiving the first ciphertext data and the second ciphertext data;Utilize data transport service The service private key at end 102, is decrypted the second ciphertext data, obtains secrete key, and utilize the second data transmission client 103 communication public key, encrypts secrete key, obtains third ciphertext data;By the first ciphertext data and third ciphertext number According to being sent to the second data transmission client 103;
Second data transmission client 103, for receiving the first ciphertext data and third ciphertext data;Utilize the second data The communication private key of transmission client 103 is decrypted third ciphertext data, obtains secrete key;Secrete key is carried out close Key reduction treatment is obtained data encryption key, and the first ciphertext data is decrypted using data encryption key, is communicated Data.
In the data transmission system 100 of exemplary embodiment of the invention, first data transmission client 101 is used for Based on built-in transition key, key conversion processing is carried out to data encryption key, obtains secrete key;
Second data transmission client 103, for being carried out at key recovery to secrete key based on built-in transition key Reason, obtains data encryption key.
Refering to fig. 1 shown in B, the data transmission system 100 of exemplary embodiment of the invention further include: cipher key management services End 104, wherein
Cipher key management services end 104, for generating transition key;It is public using the communication of first data transmission client 101 Key encrypts transition key, obtains the first conversion ciphertext data, and the first conversion ciphertext data are sent to the first data Transmission client 101;Using the communication public key of the second data transmission client 103, transition key is encrypted, obtains second Ciphertext data are converted, and the second conversion ciphertext data are sent to the second data transmission client 103;
First data transmission client 101, for the communication private key using first data transmission client 101, to first Conversion ciphertext data are decrypted, and obtain transition key;Based on the transition key decrypted, key is carried out to data encryption key Conversion process obtains secrete key;
Second data transmission client 103, for the communication private key using the second data transmission client 103, to second Conversion ciphertext data are decrypted, and obtain transition key;Based on transition key is decrypted, secrete key is carried out at key recovery Reason, obtains data encryption key.
In the data transmission system 100 of exemplary embodiment of the invention, first data transmission client 101 is used for Exclusive or processing is carried out to data encryption key and transition key, obtains secrete key;Alternatively, to data encryption key and converting close Key carries out or processing, obtains secrete key;Alternatively, carried out to data encryption key and transition key and operation, obtain hiding and Key, and Hash processing is carried out to hiding and key, obtain secrete key;
Second data transmission client 103 obtains data and adds for carrying out exclusive or processing to secrete key and transition key Key;Alternatively, secrete key and transition key are carried out or handled, data encryption key is obtained;Alternatively, to secrete key and Transition key carries out and operation, is restored and key, and carries out Hash processing to reduction and key, and it is close to obtain data encryption Key.
In the data transmission system 100 of exemplary embodiment of the invention, first data transmission client 101 is also used In if it is determined that communication data corresponds to multiple second data transmission clients, then it is respectively right to obtain multiple second data transmission clients The identification information answered, and according to multiple corresponding identification informations of target data transmission client, user list is generated, and User list, the first ciphertext data and the second ciphertext data are sent to data transport service end 102;
Data transport service end 102 is also used to receive user list, the first ciphertext data and the second ciphertext data;It utilizes The service private key at data transport service end 102 is decrypted the second ciphertext data, after obtaining secrete key, is arranged according to user The multiple corresponding identification informations of second data transmission client recorded in table, determine multiple second data transmission clients Corresponding communication public key, and the corresponding communication public key of multiple second data transmission clients is utilized, to secrete key It is encrypted respectively, obtains the corresponding third ciphertext data of multiple second data transmission clients;By multiple second data The corresponding third ciphertext data of transmission client and the first ciphertext data are sent to corresponding second data transmission client.
Data transmission system 100 based on exemplary embodiment of the invention, the embodiment of the invention provides a kind of data Transmission method.Next, the data transmission method to exemplary embodiment of the invention is described in detail, as shown in fig.2, The process of the data transmission method of exemplary embodiment of the invention is as follows:
Step 201: first data transmission client 101 obtains communication data.
Step 202: first data transmission client 101 generates data encryption key.
Step 203: first data transmission client 101 encrypts communication data using data encryption key, obtains First ciphertext data.
Step 204: first data transmission client 101 carries out key conversion processing to data encryption key, is hidden Key.
In the specific implementation, first data transmission client 101 can use transition key and carry out change data encryption key. In practical applications, transition key can be built in first data transmission client 101, can also be by cipher key management services end 104 issue, specifically, cipher key management services end 104 can use but be not limited to following manner to come to first data transmission visitor Family end 101 issues transition key: cipher key management services end 104 generates transition key, and utilizes first data transmission client 101 Communication public key, transition key is encrypted, obtains the first conversion ciphertext data, and the first conversion ciphertext data are sent To first data transmission client 101.
It is corresponding, if transition key is built in first data transmission client 101, first data transmission client 101 are carrying out key conversion processing to data encryption key, and when obtaining secrete key, it is close that built-in conversion can be read directly Key, and the transition key based on reading carry out key conversion processing to data encryption key, obtain secrete key;If converting close Key is issued by cipher key management services end 104, then first data transmission client 101 is carrying out key change to data encryption key Processing is changed, can be first with communication private key when obtaining secrete key, the first conversion sent to cipher key management services end 104 is close Literary data are decrypted, and after obtaining transition key, then based on the transition key decrypted, carry out key change to data encryption key Processing is changed, secrete key is obtained.
Specifically, first data transmission client 101 is being based on transition key, key conversion is carried out to data encryption key Processing, when obtaining secrete key, can use but be not limited to following manner:
First way: first data transmission client 101 carries out exclusive or processing to data encryption key and transition key, Obtain secrete key.
The second way: first data transmission client 101 is carried out to data encryption key and transition key or processing, obtains To secrete key.
The third mode: first data transmission client 101 is to data encryption key and transition key carries out and operation, obtains Hash processing is carried out to hiding and key, and to hiding and key, obtains secrete key.
Step 205: first data transmission client 101 utilizes the service public key at data transport service end 102, close to hiding Key is encrypted, and the second ciphertext data are obtained.
Step 206: the first ciphertext data and the second ciphertext data are sent to data and passed by first data transmission client 101 Defeated server-side 102.
It is tellable to be, in the current encrypted transmission mode based on digital envelope, if first data transmission client 101 need to mass-send communication data to multiple second data transmission clients 103, then first data transmission client 101 needs A public key encryption operation is executed to communication data respectively for each second data transmission client 103, it is clear that this can be accounted for With a large amount of process resources of first data transmission client 101, moreover, data group volatility is also poor, for this purpose, the present invention shows In the data transmission method of example property embodiment, when first data transmission client 101 determines that communication data corresponds to multiple second When data transmission client 103, the corresponding identification information of available multiple second data transmission client 103, and According to the identification information of multiple second data transmission client 103, user list is generated, and by the user list and first Ciphertext data and the second ciphertext data are sent to data transport service end 102 together, by data transport service end 102 according to user The identification informations of the multiple second data transmission clients 103 recorded in list forwards communication data, even if in this way, needing group Communication data is sent out, first data transmission client 101 also only need to execute a public key encryption operation to communication data, be passed by data Defeated server-side 102 forwards communication according to the identification information for the multiple second data transmission clients 103 recorded in user list Data, can be realized the mass-sending of communication data, to improve data group volatility.
Step 207: data transport service end 102 receives the first ciphertext data that first data transmission client 101 is sent With the second ciphertext data.
Step 208: data transport service end 102 utilizes the service private key at data transport service end 102, to the second ciphertext number According to being decrypted, secrete key is obtained.
Step 209: data transport service end 102 utilizes the communication public key of the second data transmission client 103, close to hiding Key is encrypted, and third ciphertext data are obtained.
Step 210: the first ciphertext data and third ciphertext data are sent to the second data and passed by data transport service end 102 Defeated client 103.
Tellable to be, data transport service end 102 can receive the of the transmission of first data transmission client 101 After one ciphertext data and the second ciphertext data, step 207- step 209 is executed immediately, can also be passed receiving the first data After the first ciphertext data and the second ciphertext data that defeated client 101 is sent, first save the first ciphertext data received and Second ciphertext data only send new receipts data prompts message to the second data transmission client 103, pass receiving the second data When the data that defeated client 103 is sent according to user instructions extract message, then step 207- step 209 is executed, concrete mode exists This is not especially limited.
It is corresponding, if data transport service end 102 receive first data transmission client 101 transmission record have it is multiple The user list of the identification information of second data transmission client 103, the first ciphertext data and the second ciphertext data, data transmission Server-side 102 is decrypted the second ciphertext data using private key is serviced, can also be according to user after obtaining secrete key The corresponding identification information of multiple second data transmission clients 103 recorded in list determines multiple second data transmission The corresponding communication public key of client 103.And it is public using the corresponding communication of multiple second data transmission clients 103 Key encrypts secrete key respectively, obtains the corresponding third ciphertext number of multiple second data transmission clients 103 According to, and, the corresponding third ciphertext data of multiple second data transmission clients 103 and the first ciphertext data are sent to Corresponding second data transmission client 103.
Step 211: the second data transmission client 103 receives the first ciphertext data that data transport service end 102 returns With third ciphertext data.
Step 212: the second data transmission client 103 is decrypted third ciphertext data, obtains using communication private key Secrete key.
Step 213: the second data transmission client 103 carries out key recovery processing to secrete key, obtains data encryption Key.
In the specific implementation, the second data transmission client 103 can use transition key to restore secrete key.Equally , transition key can be built in the second data transmission client 103, also, be built in the second data transmission client 103 In transition key it is identical as the transition key being built in first data transmission client 101, can also be taken by key management End 104 be engaged in issue, specifically, cipher key management services end 104 is issuing transition key to first data transmission client 101 Transition key is issued to the second data transmission client 103 at the same time it can also use but be not limited to following manner: key management Server-side 104 encrypts transition key, obtains the second conversion using the communication public key of the second data transmission client 103 Ciphertext data, and the second conversion ciphertext data are sent to the second data transmission client 103.In this way, the second data transmission visitor Family end 103 can restore secrete key in the way of transition key and key recovery.
It is corresponding, if transition key is built in the second data transmission client 103, the second data transmission client 103 can be read directly built-in transition key, and the transition key based on reading, carry out at key recovery to secrete key Reason, obtains data encryption key;If transition key is issued by cipher key management services end 104, the second data transmission client 103 can be decrypted the second conversion ciphertext data that cipher key management services end 104 is sent, obtain first with communication private key After transition key, then based on the transition key decrypted, key recovery processing is carried out to secrete key, it is close to obtain data encryption Key.
Specifically, the second data transmission client 103 is being based on transition key, secrete key is carried out at key recovery Reason, when obtaining data encryption key, can use but be not limited to following manner:
First way: the second data transmission client 103 carries out exclusive or processing to secrete key and transition key, obtains Data encryption key.
The second way: the second data transmission client 103 is carried out to secrete key and transition key or processing, is counted According to encryption key.
The third mode: the second data transmission client 103 is to secrete key and transition key carries out and operation, is gone back Former and key, and Hash processing is carried out to reduction and key, obtain data encryption key.
Step 214: the second data transmission client 103 is decrypted the first ciphertext data using data encryption key, Obtain communication data.
Below with " data transmission system be mailbox system, sender by mailbox customer end A to mailbox customer end B and postal It is concrete application scene that case client C, which mass-sends file D ", makees the data transmission method of exemplary embodiment of the invention into one Step is described in detail, as shown in fig.3, the process of the data transmission method of exemplary embodiment of the invention is as follows:
Step 301: mailbox customer end A is instructed according to the transmission of sender, and it is corresponding to obtain file D and file D to be sent Recipient identification " mailbox B and mailbox C ".
Step 302: mailbox customer end A generates data encryption key KD.
Step 303: mailbox customer end A encrypts file D using data encryption key KD, obtains the first ciphertext data EncD。
Step 304: mailbox customer end A carries out exclusive or processing to data encryption key KD and transition key K, obtains hiding close Key KD1
Wherein, transition key K, which can be, is built in mailbox customer end A, is also possible to cipher key management services end and issues , concrete mode repeats no more.
Step 305: mailbox customer end A utilizes the service public key SKpub at mailbox service end, to secrete key KD1Added It is close, obtain the second ciphertext data EncKD1
Step 306: mailbox customer end A generates recipient list according to recipient identification " mailbox B and mailbox C ".
Step 307: mailbox customer end A is by the first ciphertext data EncD, the second ciphertext data EncKD1And recipient list It is sent to mailbox service end.
Step 308: mailbox service end saves the first ciphertext data EncD, the second ciphertext data Enc KD received1With Recipient list.
Step 309: mailbox service end is according to the recipient identification " mailbox B and mailbox C " recorded in recipient list, respectively New receiving emails reminder message is sent to mailbox customer end B and mailbox client C.
Step 310: if mailbox customer end B and/or mailbox client C receive the Fileview instruction of addressee's initiation, File then, which is sent, to mailbox service end extracts request.
Step 311: the file extraction request that mailbox service termination receives mailbox customer end B and/or mailbox client C is sent When, using service private key SKpri, to the second ciphertext data EncKD1It is decrypted, obtains secrete key KD1
Step 312: mailbox service end is using the communication public key CKpub_B of mailbox customer end B to secrete key KD1Added It is close, obtain third ciphertext data EncKDB, and/or, using the communication public key CKpub_C of mailbox client C, to secrete key KD1 It is encrypted, obtains third ciphertext data EncKDc.
Step 313: mailbox service end is by the first ciphertext data EncD and third ciphertext data EncKDBIt is sent to mailbox visitor Family end B, and/or, the first ciphertext data EncD and EncKDc is sent to mailbox client C.
Step 314: mailbox customer end B is using communication private key CKpri_B, to third ciphertext data EncKDBIt is decrypted, Obtain secrete key KD1, and/or, mailbox client C is using communication private key CKpri_C, to third ciphertext data EncKDCIt carries out Decryption, obtains secrete key KD1
Step 315: mailbox customer end B and/or mailbox client C are to secrete key KD1It is carried out at exclusive or with transition key K Reason, obtains data encryption key KD.
Wherein, transition key K, which can be, is built in mailbox customer end B and/or mailbox client C, is also possible to close Key management server end issues, and concrete mode repeats no more.
Step 316: mailbox customer end B and/or mailbox client C utilize data encryption key KD, to the first ciphertext data EncD is decrypted, and obtains file D and is shown to addressee.
Based on the above embodiment, the embodiment of the invention provides a kind of numbers applied to first data transmission client 101 According to transmitting device, as shown in fig.4, the data transmission device 400 of exemplary embodiment of the invention includes at least:
Data capture unit 401, for obtaining communication data;
First encryption unit 402 for generating data encryption key, and utilizes data encryption key, to data acquisition list The communication data that member 401 obtains is encrypted, and the first ciphertext data are obtained;
Key converting unit 403, the data encryption key for generating to the first encryption unit 402 carry out key conversion, Obtain secrete key;Wherein, secrete key is used to carry out leakage-preventing guarantor to data encryption key at data transport service end 102 Shield;
Second encryption unit 404, for the service public key using data transport service end 102, to key converting unit 403 The secrete key of conversion is encrypted, and the second ciphertext data are obtained;
Data transmission unit 405, the first ciphertext data and the second encryption unit for obtaining the first encryption unit 402 404 the second ciphertext data obtained are sent to data transport service end 102.
In the data transmission device 400 of exemplary embodiment of the invention, key change is being carried out to data encryption key Processing is changed, when obtaining secrete key, key converting unit 403 is used for:
Read built-in transition key;
Based on transition key, key conversion processing is carried out to data encryption key, obtains secrete key.
In the data transmission device 400 of exemplary embodiment of the invention, key change is being carried out to data encryption key Processing is changed, when obtaining secrete key, key converting unit 403 is used for:
Using the communication private key of first data transmission client 101, the first conversion that cipher key management services end 104 is sent Ciphertext data are decrypted, and obtain transition key;Wherein, to be cipher key management services end 104 utilize the to the first conversion ciphertext data The communication public key of one data transmission client 101, encrypts the transition key of generation;
Based on transition key, key conversion processing is carried out to data encryption key, obtains secrete key.
In the data transmission device 400 of exemplary embodiment of the invention, it is being based on transition key, it is close to data encryption Key carries out key conversion processing, and when obtaining secrete key, key converting unit 403 is used for:
Exclusive or processing is carried out to data encryption key and transition key, obtains secrete key;Alternatively,
Data encryption key and transition key are carried out or handled, secrete key is obtained;Alternatively,
Data encryption key and transition key are carried out and operation, hidden and key, and to hiding and key progress Hash processing, obtains secrete key.
The data transmission device 400 of exemplary embodiment of the invention further include: list generation unit 406, wherein
List generation unit 406 is used to then obtain if it is determined that communication data corresponds to multiple second data transmission clients 103 The corresponding identification information of multiple second data transmission clients 103 is taken, and according to multiple target data transmission clients 103 Corresponding identification information generates user list;
Data transmission unit 405 is also used to user list, the first ciphertext data and the second ciphertext data being sent to data Transmit server-side 102.
In addition, the embodiment of the invention also provides a kind of data applied to the second data transmission client 103 to transmit dress It sets, as shown in fig.5, the data transmission device 500 of exemplary embodiment of the invention includes at least:
Data receipt unit 501 transmits the first ciphertext data and data biography that server-side 102 is sent for receiving data The third ciphertext data that defeated server-side 102 is obtained according to the second ciphertext data;Wherein, the first ciphertext data are first data transmissions Client 101 encrypts the communication data of acquisition to obtain and be sent to data transmission using the data encryption key generated Server-side 102;Second ciphertext data are that first data transmission client 101 carries out at key conversion data encryption key Reason, after obtaining secrete key, is encrypted to obtain and be sent using the service public key at data transport service end 102 to secrete key To data transport service end 102;Third ciphertext data are that data transport service end 102 utilizes data transport service end 102 Private key is serviced, the second ciphertext data are decrypted, obtains secrete key, and utilize the logical of the second data transmission client 103 Believe public key, secrete key is encrypted;Wherein, secrete key is for adding data at data transport service end 102 Key carries out leakage-preventing protection;
First decryption unit 502, for the communication private key using the second data transmission client 103, to data receiver list The third ciphertext data that member 501 receives are decrypted, and obtain secrete key;
Key recovery unit 503, the secrete key for decrypting to the first decryption unit 502 carry out at key recovery Reason, obtains data encryption key;
Second decryption unit 504, the data encryption key for being restored using key recovery unit 503, to data receiver The first ciphertext data that unit 501 receives are decrypted, and obtain communication data.
In the data transmission device 500 of exemplary embodiment of the invention, carried out at key recovery to secrete key Reason, when obtaining data encryption key, key recovery unit 503 is used for:
Read built-in transition key;
Based on transition key, key recovery processing is carried out to secrete key, obtains data encryption key.
In the data transmission device 500 of exemplary embodiment of the invention, carried out at key recovery to secrete key Reason, when obtaining data encryption key, key recovery unit 503 is used for:
Using the communication private key of the second data transmission client 103, the second conversion that cipher key management services end 104 is sent Ciphertext data are decrypted, and obtain transition key;Wherein, to be cipher key management services end 104 utilize the to the second conversion ciphertext data The communication public key of two data transmission clients 103, encrypts the transition key of generation;
Based on transition key, key recovery processing is carried out to secrete key, obtains data encryption key.
In the data transmission device 500 of exemplary embodiment of the invention, carried out at key recovery to secrete key Reason, when obtaining data encryption key, key recovery unit 503 is used for:
Exclusive or processing is carried out to secrete key and transition key, obtains data encryption key;Alternatively,
Secrete key and transition key are carried out or handled, data encryption key is obtained;Alternatively,
Secrete key and transition key are carried out and operation, restored and key, and Hash is carried out to reduction and key Processing, obtains data encryption key.
In addition, the embodiment of the invention also provides a kind of data transmission device applied to data transport service end 102, ginseng It reads shown in Fig. 6, the data transmission device 600 of exemplary embodiment of the invention includes at least:
Data receipt unit 601, for receiving the first ciphertext data and second of the transmission of first data transmission client 101 Ciphertext data;Wherein, the first ciphertext data are first data transmission clients 101 using the data encryption key generated, to obtaining What the communication data obtained was encrypted;Second ciphertext data are first data transmission clients 101 to data encryption key Key conversion processing is carried out, obtains secrete key, and carry out to secrete key using the service public key at data transport service end 102 What encryption obtained;
Data encrypting and deciphering unit 602, for the service private key using data transport service end 102, to data receipt unit 601 the second ciphertext data received are decrypted, and obtain secrete key, and utilize the logical of the second data transmission client 103 Believe public key, secrete key is encrypted, third ciphertext data are obtained;
Data forwarding unit 603, the first ciphertext data and data encrypting and deciphering for receiving data receipt unit 601 The third ciphertext data that unit 602 obtains are sent to the second data transmission client 103.
In data transmission device provided in an embodiment of the present invention, if data receipt unit 601 receives the first data biography The record that defeated client 101 is sent has the user list of the identification information of multiple second data transmission clients 103, the first ciphertext Data and the second ciphertext data, then:
Data encrypting and deciphering unit 602 is also used to according to the multiple second data transmission clients 103 recorded in user list Corresponding identification information determines the corresponding communication public key of multiple second data transmission clients 103, and, it utilizes The corresponding communication public key of multiple second data transmission clients 103, encrypts secrete key respectively, obtains multiple The corresponding third ciphertext data of two data transmission client 103;
Data forwarding unit 603 is also used to the corresponding third ciphertext number of multiple second data transmission clients 103 Corresponding second data transmission client 103 is sent to according to the first ciphertext data.
It should be noted that being asked since above-mentioned three kinds of data transmission devices of exemplary embodiment of the invention solve technology The principle of topic and the data transmission method of exemplary embodiment of the invention are similar, therefore, exemplary embodiment of the invention The implementation of above-mentioned three kinds of data transmission devices may refer to the implementation of the data transmission method of exemplary embodiment of the invention, weight Multiple place repeats no more.
After the data transmission system, method and relevant apparatus for describing exemplary embodiment of the invention, next, The data transmission set of exemplary embodiment of the invention is simply introduced.
As shown in fig.7, the data transmission set 700 of exemplary embodiment of the invention may include processor 71, deposit Reservoir 72 and the computer program being stored on memory 72, processor 71 realize that the present invention is exemplary when executing computer program Step in the data transmission method of embodiment.
It should be noted that data transmission set 700 shown in Fig. 7 is only an example, the present invention should not be implemented The function and use scope of example bring any restrictions.
The data transmission set 700 of exemplary embodiment of the invention can also include connecting (including the processing of different components Device 71 and memory 72) bus 73.Wherein, bus 73 indicates one of a few class bus structures or a variety of, including memory Bus, peripheral bus, local bus etc..
Memory 72 may include the readable medium of form of volatile memory, such as random access memory (Random Access Memory, RAM) 721 and/or cache memory 722, it can further include read-only memory (Read Only Memory, ROM) 723.
Memory 72 can also include the program means 725 with one group of (at least one) program module 724, program module 724 include but is not limited to: operational subsystems, one or more application program, other program modules and program data, these It may include the realization of network environment in each of example or certain combination.
Data transmission set 700 can also be communicated with one or more external equipments 74 (such as keyboard, remote controler etc.), also Can be enabled a user to one or more equipment interacted with data transmission set 700 communication, and/or with make the data Any equipment that transmission device 700 can be communicated with one or more of the other data transmission set 700 (such as router, adjust Modulator-demodulator etc.) communication.This communication can be carried out by input/output (Input/Output, I/O) interface 75.Also, Data transmission set 700 can also pass through network adapter 76 and one or more network (such as local area network (Local Area Network, LAN), wide area network (Wide Area Network, WAN) and/or public network, such as internet) communication.Such as Fig. 7 Shown, network adapter 76 is communicated by bus 73 with other modules of data transmission set 700.It will be appreciated that though in Fig. 7 It is not shown, other hardware and/or software module can be used with combined data transmission device 700, including but not limited to: microcode, Device driver, redundant processor, external disk drive array, disk array (Redundant Arrays of Independent Disks, RAID) subsystem, tape drive and data backup storage subsystem etc..
The non-volatile computer readable storage medium storing program for executing of exemplary embodiment of the invention is introduced below.The present invention Embodiment provides a kind of non-volatile computer readable storage medium storing program for executing, which is stored with Computer executable instructions, the executable code processor execute the transmission side data for realizing exemplary embodiment of the invention The step of method.Specifically, which can be built in data transmission set 700, in this way, data transmission set 700 It can be by executing the step of built-in executable program realizes the data transmission method of exemplary embodiment of the invention.
In addition, the data transmission method of exemplary embodiment of the invention is also implemented as a kind of program product, the journey Sequence product includes program code, and when the program product can be run on data transmission set 700, the program code is for making Data transmission set 700 executes the step of data transmission method of exemplary embodiment of the invention.
Program product provided in an embodiment of the present invention can be using any combination of one or more readable mediums, wherein Readable medium can be readable signal medium or readable storage medium storing program for executing, and readable storage medium storing program for executing can be but it is electric to be not limited to, Magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination is specifically, readable to deposit The more specific example (non exhaustive list) of storage media includes: electrical connection with one or more conducting wires, portable disc, hard Disk, RAM, ROM, erasable programmable read only memory (Erasable Programmable Read Only Memory, EPROM), optical fiber, portable compact disc read only memory (Compact Disc Read-Only Memory, CD-ROM), light are deposited Memory device, magnetic memory device or above-mentioned any appropriate combination.
Program product provided in an embodiment of the present invention can also be set using CD-ROM and including program code in calculating Standby upper operation.However, program product provided in an embodiment of the present invention is without being limited thereto, and in embodiments of the present invention, readable storage medium Matter can be any tangible medium for including or store program, which, which can be commanded execution system, device or device, makes With or it is in connection.Readable signal medium may include in a base band or the data as the propagation of carrier wave a part are believed Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism Signal, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be any other than readable storage medium storing program for executing Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Person's program in connection.The program code for including on readable medium can transmit with any suitable medium, including but It is not limited to wireless, wired, optical cable etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, described program design language include object oriented program language, Java, C++ etc., further include conventional mistake Formula programming language, such as " C " language or similar programming language.Program code can be fully in user equipment Upper execution, partly executes on a user device, executes as an independent software package, partially execute on a user device, Part executes on a remote computing, or executes in remote computing device or server completely.It is being related to remote computation In the situation of equipment, remote computing device can such as pass through LAN by the network connection of any kind to user calculating equipment Or WAN is connected to user calculating equipment;Or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
It should be noted that although being referred to several unit or sub-units of device in the above detailed description, this stroke It point is only exemplary not enforceable.In fact, embodiment according to the present invention, it is above-described two or more The feature and function of unit can embody in a unit.Conversely, the feature and function of an above-described unit can It is to be embodied by multiple units with further division.In addition, although describing the method for the present invention in the accompanying drawings with particular order Operation, still, this does not require that or implies must execute these operations in this particular order, or have to carry out complete Operation shown in portion is just able to achieve desired result.Additionally or alternatively, it is convenient to omit certain steps merge multiple steps It is executed for a step, and/or a step is decomposed into execution of multiple steps.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.Obviously, those skilled in the art can be to the present invention Embodiment carries out various modification and variations without departing from the spirit and scope of the embodiment of the present invention.In this way, if the present invention is implemented Within the scope of the claims of the present invention and its equivalent technology, then the present invention is also intended to encompass these modifications and variations of example Including these modification and variations.

Claims (29)

1. a kind of data transmission system characterized by comprising first data transmission client, data transport service end, and Second data transmission client, wherein
The first data transmission client, for obtaining communication data, and generates data encryption key;Added using the data Communication data described in close key pair is encrypted, and the first ciphertext data are obtained;Key conversion is carried out to the data encryption key Processing obtains secrete key, and using the service public key at the data transport service end, encrypts to the secrete key, Obtain the second ciphertext data;The first ciphertext data and the second ciphertext data are sent to the data transport service End;Wherein, the secrete key is used to carry out leakage-preventing protection to the data encryption key at the data transport service end;
The data transport service end, for receiving the first ciphertext data and the second ciphertext data;Utilize the number According to the service private key of transmission server-side, the second ciphertext data are decrypted, obtain the secrete key, and described in utilization The communication public key of second data transmission client, encrypts the secrete key, obtains third ciphertext data;By described One ciphertext data and the third ciphertext data are sent to the second data transmission client;
The second data transmission client, for receiving the first ciphertext data and the third ciphertext data;Using institute The communication private key for stating the second data transmission client is decrypted the third ciphertext data, obtains the secrete key;It is right The secrete key carries out key recovery processing, obtains the data encryption key, and using the data encryption key to institute It states the first ciphertext data to be decrypted, obtains the communication data.
2. data transmission system as described in claim 1, which is characterized in that
The first data transmission client, for carrying out key to the data encryption key based on built-in transition key Conversion process obtains the secrete key;
The second data transmission client, for carrying out key recovery to the secrete key based on built-in transition key Processing, obtains the data encryption key.
3. data transmission system as described in claim 1, which is characterized in that further include: cipher key management services end, wherein
The cipher key management services end, for generating transition key;Using the communication public key of the first data transmission client, The transition key is encrypted, obtains the first conversion ciphertext data, and the first conversion ciphertext data are sent to institute State first data transmission client;Using the communication public key of the second data transmission client, the transition key is carried out Encryption obtains the second conversion ciphertext data, and the second conversion ciphertext data is sent to second data and transmit client End;
The first data transmission client, for the communication private key using the first data transmission client, to described the One conversion ciphertext data are decrypted, and obtain the transition key;Based on the transition key decrypted, the data are added Key carries out key conversion processing, obtains the secrete key;
The second data transmission client, for the communication private key using the second data transmission client, to described the Two conversion ciphertext data are decrypted, and obtain the transition key;Based on the transition key decrypted, to it is described hide it is close Key carries out key recovery processing, obtains the data encryption key.
4. data transmission system as claimed in claim 3, which is characterized in that
The first data transmission client, for carrying out exclusive or processing to the data encryption key and the transition key, Obtain the secrete key;Alternatively, the data encryption key and the transition key are carried out or handled, described hide is obtained Key;Alternatively, carried out to the data encryption key and the transition key and operation, hidden and key, and to described It hides and key carries out Hash processing, obtain the secrete key;
The second data transmission client is obtained for carrying out exclusive or processing to the secrete key and the transition key The data encryption key;Alternatively, the secrete key and the transition key are carried out or handled, the data encryption is obtained Key;Alternatively, carried out to the secrete key and the transition key and operation, restored and key, and to the reduction Hash processing is carried out with key, obtains the data encryption key.
5. data transmission system according to any one of claims 1-4, which is characterized in that
The first data transmission client is also used to if it is determined that the communication data corresponds to multiple second data transmission clients End, then obtain the multiple corresponding identification information of second data transmission client, and according to the multiple second data The corresponding identification information of transmission client generates user list, and by the user list, the first ciphertext data The data transport service end is sent to the second ciphertext data;
The data transport service end is also used to receive the user list, the first ciphertext data and second ciphertext Data;Using the service private key at the data transport service end, the second ciphertext data are decrypted, obtain described hide After key, according to the multiple corresponding identification information of second data transmission client recorded in the user list, It determines the corresponding communication public key of the multiple second data transmission client, and transmits visitor using the multiple second data The corresponding communication public key in family end, encrypts the secrete key respectively, obtains the multiple second data transmission visitor The corresponding third ciphertext data in family end;By the corresponding third ciphertext data of the multiple second data transmission client Corresponding second data transmission client is sent to the first ciphertext data.
6. a kind of data transmission method is applied to first data transmission client characterized by comprising
Communication data is obtained, and generates data encryption key;
The communication data is encrypted using the data encryption key, obtains the first ciphertext data;
Key conversion processing is carried out to the data encryption key, obtains secrete key, and utilize the clothes at data transport service end Business public key, encrypts the secrete key, obtains the second ciphertext data;Wherein, the secrete key is used in the number Leakage-preventing protection is carried out to the data encryption key according to transmission server-side;
The first ciphertext data and the second ciphertext data are sent to the data transport service end.
7. data transmission method as claimed in claim 6, which is characterized in that carry out key conversion to the data encryption key Processing, obtains secrete key, comprising:
Read built-in transition key;
Based on the transition key, key conversion processing is carried out to the data encryption key, obtains the secrete key.
8. data transmission method as claimed in claim 6, which is characterized in that carry out key conversion to the data encryption key Processing, obtains secrete key, comprising:
Using the communication private key of the first data transmission client, the first conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the first conversion ciphertext data are described in the cipher key management services end utilizes The communication public key of first data transmission client, encrypts the transition key of generation;
Based on the transition key, key conversion processing is carried out to the data encryption key, obtains the secrete key.
9. data transmission method as claimed in claim 8, which is characterized in that be based on the transition key, add to the data Key carries out key conversion processing, obtains the secrete key, comprising:
Exclusive or processing is carried out to the data encryption key and the transition key, obtains the secrete key;Alternatively,
The data encryption key and the transition key are carried out or handled, the secrete key is obtained;Alternatively,
The data encryption key and the transition key are carried out and operation, are hidden and key, and to it is described hide with Key carries out Hash processing, obtains the secrete key.
10. data transmission method as claim in any one of claims 6-9, which is characterized in that if it is determined that the communication data pair Multiple second data transmission clients are answered, then further include:
Obtain the multiple corresponding identification information of second data transmission client;
According to the multiple corresponding identification information of second data transmission client, user list is generated;
The user list, the first ciphertext data and the second ciphertext data are sent to the data transport service End.
11. a kind of data transmission method is applied to data transport service end characterized by comprising
Receive the first ciphertext data and the second ciphertext data that first data transmission client is sent;Wherein, first ciphertext Data are the first data transmission clients using the data encryption key generated, encrypt to the communication data of acquisition It arrives;The second ciphertext data are that the first data transmission client carries out at key conversion the data encryption key Reason, obtains secrete key, and encrypted to obtain to the secrete key using the service public key at the data transport service end 's;
Using the service private key at the data transport service end, the second ciphertext data are decrypted, obtain described hide Key, and using the communication public key of the second data transmission client, the secrete key is encrypted, third ciphertext number is obtained According to;
The first ciphertext data and the third ciphertext data are sent to the second data transmission client.
12. data transmission method as claimed in claim 11, which is characterized in that if receiving the first data transmission client The record that end is sent has user list, the first ciphertext data and the institute of the identification information of multiple second data transmission clients The second ciphertext data are stated, then further include:
According to the multiple corresponding identification information of second data transmission client recorded in the user list, determine The multiple corresponding communication public key of second data transmission client;
Using the corresponding communication public key of the multiple second data transmission client, the secrete key is added respectively It is close, obtain the corresponding third ciphertext data of the multiple second data transmission client;
The corresponding third ciphertext data of the multiple second data transmission client and the first ciphertext data are sent To corresponding second data transmission client.
13. a kind of data transmission method is applied to the second data transmission client characterized by comprising
The the first ciphertext data for receiving the transmission of data transport service end and the data transport service end are according to the second ciphertext number According to obtained third ciphertext data;Wherein, the first ciphertext data are that first data transmission client utilizes the data generated Encryption key encrypts the communication data of acquisition to obtain and be sent to the data transport service end;Described second is close Literary data are that the first data transmission client carries out key conversion to the data encryption key, after obtaining secrete key, The secrete key is encrypted to obtain and be sent to the data biography using the service public key at the data transport service end Defeated server-side;The third ciphertext data are that the data transport service end is private using the service at the data transport service end The second ciphertext data are decrypted in key, obtain the secrete key, and utilize the second data transmission client Public key is communicated, the secrete key is encrypted;Wherein, the secrete key is used in the data transport service End carries out leakage-preventing protection to the data encryption key;
Using the communication private key of the second data transmission client, the third ciphertext data are decrypted, are obtained described Secrete key;
Key recovery processing is carried out to the secrete key, obtains the data encryption key, and close using the data encryption The first ciphertext data are decrypted in key, obtain the communication data.
14. data transmission method as claimed in claim 13, which is characterized in that carried out at key recovery to the secrete key Reason, obtains the data encryption key, comprising:
Read built-in transition key;
Based on the transition key, key recovery processing is carried out to the secrete key, obtains the data encryption key.
15. data transmission method as claimed in claim 13, which is characterized in that carried out at key recovery to the secrete key Reason, obtains the data encryption key, comprising:
Using the communication private key of the second data transmission client, the second conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the second conversion ciphertext data are described in the cipher key management services end utilizes The communication public key of second data transmission client, encrypts the transition key of generation;
Based on the transition key, key recovery processing is carried out to the secrete key, obtains the data encryption key.
16. the data transmission method as described in claims 14 or 15, which is characterized in that the transition key is based on, to described Secrete key carries out key recovery processing, obtains the data encryption key, comprising:
Exclusive or processing is carried out to the secrete key and the transition key, obtains the data encryption key;Alternatively,
The secrete key and the transition key are carried out or handled, the data encryption key is obtained;Alternatively,
The secrete key and the transition key are carried out and operation, restored and key, and to the reduction and key Hash processing is carried out, the data encryption key is obtained.
17. a kind of data transmission device is applied to first data transmission client characterized by comprising
Data capture unit, for obtaining communication data;
First encryption unit for generating data encryption key, and utilizes the data encryption key, to the data acquisition list The communication data that member obtains is encrypted, and the first ciphertext data are obtained;
Key converting unit, the data encryption key for generating to first encryption unit carry out at key conversion Reason, obtains secrete key;Wherein, the secrete key be used for the data transport service end to the data encryption key into The leakage-preventing protection of row;
Second encryption unit, for the service public key using data transport service end, to the institute of key converting unit conversion It states secrete key to be encrypted, obtains the second ciphertext data;
Data transmission unit, the first ciphertext data and second encryption for obtaining first encryption unit are single The second ciphertext data that member obtains are sent to the data transport service end.
18. data transmission device as claimed in claim 17, which is characterized in that carrying out key to the data encryption key Conversion process, when obtaining secrete key, the key converting unit is used for:
Read built-in transition key;
Based on the transition key, key conversion processing is carried out to the data encryption key, obtains the secrete key.
19. data transmission device as claimed in claim 17, which is characterized in that carrying out key to the data encryption key Conversion process, when obtaining secrete key, the key converting unit is used for:
Using the communication private key of the first data transmission client, the first conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the first conversion ciphertext data are described in the cipher key management services end utilizes The communication public key of first data transmission client, encrypts the transition key of generation;
Based on the transition key, key conversion processing is carried out to the data encryption key, obtains the secrete key.
20. data transmission device as claimed in claim 19, which is characterized in that the transition key is being based on, to the number Key conversion processing is carried out according to encryption key, when obtaining the secrete key, the key converting unit is used for:
Exclusive or processing is carried out to the data encryption key and the transition key, obtains the secrete key;Alternatively,
The data encryption key and the transition key are carried out or handled, the secrete key is obtained;Alternatively,
The data encryption key and the transition key are carried out and operation, are hidden and key, and to it is described hide with Key carries out Hash processing, obtains the secrete key.
21. such as the described in any item data transmission devices of claim 17-20, which is characterized in that further include: list generates single Member, wherein
The list generation unit is used to then obtain if it is determined that the communication data corresponds to multiple second data transmission clients The multiple corresponding identification information of second data transmission client, and according to the multiple second data transmission client Corresponding identification information generates user list;
The data transmission unit, for sending out the user list, the first ciphertext data and the second ciphertext data It send to the data transport service end.
22. a kind of data transmission device is applied to data transport service end characterized by comprising
Data receipt unit, for receiving the first ciphertext data and the second ciphertext data of the transmission of first data transmission client; Wherein, the first ciphertext data are the first data transmission clients using the data encryption key generated, to acquisition What communication data was encrypted;The second ciphertext data are the first data transmission clients to the data encryption Key carries out key conversion processing, obtains secrete key, and using the service public key at data transport service end to it is described hide it is close What key was encrypted;
Data encrypting and deciphering unit connects the data receipt unit for the service private key using the data transport service end The the second ciphertext data received are decrypted, and obtain the secrete key, and utilize the logical of the second data transmission client Believe public key, the secrete key is encrypted, third ciphertext data are obtained;
Data forwarding unit, the first ciphertext data and the data for receiving the data receipt unit add solution The third ciphertext data that close unit obtains are sent to the second data transmission client.
23. data transmission device as claimed in claim 22, which is characterized in that if receiving the first data transmission client The record that end is sent has user list, the first ciphertext data and the institute of the identification information of multiple second data transmission clients State the second ciphertext data, then:
The data encrypting and deciphering unit is also used to transmit client according to the multiple second data recorded in the user list Corresponding identification information is held, determines the corresponding communication public key of the multiple second data transmission client, and, benefit With the corresponding communication public key of the multiple second data transmission client, the secrete key is encrypted respectively, is obtained To the corresponding third ciphertext data of the multiple second data transmission client;
The data forwarding unit is also used to the corresponding third ciphertext data of the multiple second data transmission client Corresponding second data transmission client is sent to the first ciphertext data.
24. a kind of data transmission device is applied to the second data transmission client characterized by comprising
Data receipt unit transmits the first ciphertext data and the data transport service that server-side is sent for receiving data Hold the third ciphertext data obtained according to the second ciphertext data;Wherein, the first ciphertext data are first data transmission clients End encrypts the communication data of acquisition to obtain and be sent to the data transport service using the data encryption key generated End;The second ciphertext data are that the first data transmission client carries out at key conversion the data encryption key Reason, after obtaining secrete key, is encrypted to obtain using the service public key at the data transport service end to the secrete key And it is sent to the data transport service end;The third ciphertext data are that the data transport service end utilizes the data The service private key for transmitting server-side, is decrypted the second ciphertext data, obtains the secrete key, and utilizes described the The communication public key of two data transmission clients, encrypts the secrete key;Wherein, the secrete key is used for Leakage-preventing protection is carried out to the data encryption key at the data transport service end;
First decryption unit, for the communication private key using the second data transmission client, to the data receipt unit The third ciphertext data received are decrypted, and obtain the secrete key;
Key recovery unit, the secrete key for decrypting to first decryption unit carry out key recovery processing, Obtain the data encryption key;
Second decryption unit connects the data for the data encryption key using key recovery unit reduction It receives the first ciphertext data that unit receives to be decrypted, obtains the communication data.
25. data transmission device as claimed in claim 24, which is characterized in that carrying out key recovery to the secrete key Processing, when obtaining the data encryption key, the key recovery unit is used for:
Read built-in transition key;
Based on the transition key, key recovery processing is carried out to the secrete key, obtains the data encryption key.
26. data transmission device as claimed in claim 24, which is characterized in that carrying out key recovery to the secrete key Processing, when obtaining the data encryption key, the key recovery unit is used for:
Using the communication private key of the second data transmission client, the second conversion ciphertext number that cipher key management services end is sent According to being decrypted, transition key is obtained;Wherein, the second conversion ciphertext data are described in the cipher key management services end utilizes The communication public key of second data transmission client, encrypts the transition key of generation;
Based on the transition key, key recovery processing is carried out to the secrete key, obtains the data encryption key.
27. the data transmission device as described in claim 25 or 26, which is characterized in that the transition key is being based on, to institute It states secrete key and carries out key recovery processing, when obtaining the data encryption key, the key recovery unit is used for:
Exclusive or processing is carried out to the secrete key and the transition key, obtains the data encryption key;Alternatively,
The secrete key and the transition key are carried out or handled, the data encryption key is obtained;Alternatively,
The secrete key and the transition key are carried out and operation, restored and key, and to the reduction and key Hash processing is carried out, the data encryption key is obtained.
28. a kind of data transmission set characterized by comprising memory, processor and the meter being stored on the memory Calculation machine program, the processor are realized when executing the computer program such as the described in any item data transmission of claim 6-16 The step of method.
29. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with executable program, described The step of data transmission methods as described in any item such as claim 6-16 are realized when executable code processor executes.
CN201811259224.9A 2018-10-26 2018-10-26 A kind of data transmission system, method and device Active CN109450881B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811259224.9A CN109450881B (en) 2018-10-26 2018-10-26 A kind of data transmission system, method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811259224.9A CN109450881B (en) 2018-10-26 2018-10-26 A kind of data transmission system, method and device

Publications (2)

Publication Number Publication Date
CN109450881A CN109450881A (en) 2019-03-08
CN109450881B true CN109450881B (en) 2019-10-15

Family

ID=65547583

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811259224.9A Active CN109450881B (en) 2018-10-26 2018-10-26 A kind of data transmission system, method and device

Country Status (1)

Country Link
CN (1) CN109450881B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962784B (en) * 2019-03-22 2021-04-02 西安电子科技大学 Data encryption, decryption and recovery method based on multiple digital envelope certificates
CN110795743B (en) * 2019-09-12 2022-03-25 连连银通电子支付有限公司 Data writing, reading and encrypting method and device and data transmission system
CN111192473A (en) * 2019-11-14 2020-05-22 晏子俊 Private parking space sharing method
CN111865561B (en) * 2020-06-28 2023-10-13 深圳市七星电气与智能化工程科技有限公司 Data encryption and decryption method and device and electronic equipment
CN112616139B (en) * 2020-12-14 2023-02-10 Oppo广东移动通信有限公司 Data transmission method, electronic equipment and computer readable storage medium
CN113572604B (en) * 2021-07-22 2023-05-23 航天信息股份有限公司 Method, device and system for sending secret key and electronic equipment
CN115842679B (en) * 2022-12-30 2023-05-05 江西曼荼罗软件有限公司 Data transmission method and system based on digital envelope technology

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100611867B1 (en) * 1998-01-26 2006-08-11 마츠시타 덴끼 산교 가부시키가이샤 Method and system for data recording/reproducing, apparatus for recording/reproducing, and media for recording program
US20010056541A1 (en) * 2000-05-11 2001-12-27 Natsume Matsuzaki File management apparatus
WO2002069087A2 (en) * 2001-02-22 2002-09-06 Bea Systems, Inc. System and method for message encryption and signing in a transaction processing system
US7660421B2 (en) * 2002-06-28 2010-02-09 Hewlett-Packard Development Company, L.P. Method and system for secure storage, transmission and control of cryptographic keys
CN101593332A (en) * 2008-05-28 2009-12-02 北京邮电大学 A kind of electronic contract management system and its implementation
CN102611552B (en) * 2011-01-24 2016-10-12 必拓电子商务有限公司 There are the read-write terminal of valency information recording medium, system
CN102609841B (en) * 2012-01-13 2015-02-25 东北大学 Remote mobile payment system based on digital certificate and payment method
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
CN103812871B (en) * 2014-02-24 2017-03-22 北京明朝万达科技股份有限公司 Development method and system based on mobile terminal application program security application
CN104298896B (en) * 2014-09-30 2017-09-26 广州星汇文化发展有限公司 Digital copyright protecting and distribution method and system
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN106330435A (en) * 2015-07-02 2017-01-11 中兴通讯股份有限公司 Key transformation method and device, and terminal
CN108270565A (en) * 2016-12-30 2018-07-10 广东精点数据科技股份有限公司 A kind of data mixing encryption method
CN107480477A (en) * 2017-07-21 2017-12-15 四川长虹电器股份有限公司 Mobile terminal product copy-right protection method based on html5 technologies
CN108243197B (en) * 2018-01-31 2019-03-08 北京深思数盾科技股份有限公司 A kind of data distribution, retransmission method and device

Also Published As

Publication number Publication date
CN109450881A (en) 2019-03-08

Similar Documents

Publication Publication Date Title
CN109450881B (en) A kind of data transmission system, method and device
CN103729942B (en) Transmission security key is transferred to the method and system of key server from terminal server
CN103107995B (en) A kind of cloud computing environment date safety storing system and method
WO2019140464A1 (en) Internet of things devices for use with an encryption service
CN107590396B (en) Data processing method and device, storage medium and electronic equipment
CN103458382A (en) Hardware encryption transmission and storage method and system of mobile phone private short messages
CN101867898A (en) Short message encrypting communication system, method and secret key center
CN104365127B (en) Method for following the trail of mobile device in remote display unit
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
CN109040076A (en) A kind of data processing method, system, device, equipment and medium
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN103475474B (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
CN109886692A (en) Data transmission method, device, medium and electronic equipment based on block chain
CN112400299B (en) Data interaction method and related equipment
CN102045159A (en) Decryption processing method and device thereof
CN112437044B (en) Instant messaging method and device
CN108199838A (en) A kind of data guard method and device
CN103973713A (en) Transfer method, extraction method and processing system for electronic mail information
CN111181920A (en) Encryption and decryption method and device
CN106973040A (en) A kind of smart mobile phone secret short message security system and secret short message transmission method
CN109491591A (en) A kind of information diffusion method suitable for cloudy storage system
CN113468582A (en) Anti-quantum computing encryption communication method
CN102739719A (en) User information synchronization method and system thereof
CN116049851B (en) Ciphertext processing system and method based on full homomorphic encryption
CN109241759B (en) Data processing method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant