CN111212042B

CN111212042B - Data transmission method, device and system

Info

Publication number: CN111212042B
Application number: CN201911348740.3A
Authority: CN
Inventors: 印冬冬; 马翠华; 刘天鹏
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-12-24
Filing date: 2019-12-24
Publication date: 2021-09-17
Anticipated expiration: 2039-12-24
Also published as: CN111212042A

Abstract

The application provides a data transmission method, a data transmission device and a data transmission system. The method comprises the steps that service parameters and encrypted wind control parameters are sent to a third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to a verification background; receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by a verification background; and decrypting the encrypted verification result to obtain a verification result, and if the verification result meets a preset condition, performing data transmission with the third-party data platform based on the service parameters.

Description

Data transmission method, device and system

Technical Field

The present application relates to the field of computer and communications technologies, and in particular, to a data transmission method, apparatus, and system.

Background

In multi-party communication, when a third-party service provider performs data transmission with a terminal, the third-party service provider needs to be accessed to a background wind control system of one party to perform wind control verification on the third-party service provider, so that the safety of the data transmission process is ensured. The existing checking mode generally adopts an artificial agreement mode such as oral agreement or written agreement, whether a third-party service provider executes the checking mode is completely determined by the third-party service provider, and even if the third-party service provider does not access the wind control checking mode, the third-party service provider cannot detect the checking mode, so that certain risk and unreliability exist in data transmission in multi-party communication.

Disclosure of Invention

The application aims to provide a data transmission method, a data transmission device and a data transmission system, which can improve the reliability of data transmission.

According to an aspect of an embodiment of the present application, a data transmission method is provided, which is applied to a terminal and includes: the service parameters and the encrypted wind control parameters are sent to a third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to a verification background; receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by the verification background; and decrypting the encrypted verification result to obtain a verification result, and if the verification result meets a preset condition, performing data transmission with the third-party data platform based on the service parameters.

According to an aspect of the embodiments of the present application, there is provided a data transmission method applied to a third-party data platform, including: receiving a service parameter and an encrypted wind control parameter from a terminal; sending the encrypted wind control parameters to a verification background to obtain an encrypted verification result and an unencrypted verification result; and sending the encrypted verification result to the terminal so as to perform data transmission with the terminal based on the service parameters.

According to an aspect of the embodiments of the present application, there is provided a data transmission method applied to a check background, including: receiving encrypted wind control parameters sent by a third-party data platform, wherein the encrypted wind control parameters are sent to the third-party data platform by a terminal, and are generated by encrypting verification parameters in the terminal; decrypting the encrypted wind control parameters to obtain the verification parameters; verifying the verification parameters to obtain a verification result; encrypting the verification result by a symmetric key which is used for encrypting the verification parameters in the terminal; and sending the encrypted verification result to the third-party data platform so that the third-party data platform sends the encrypted verification result to the terminal, and the terminal performs data transmission with the third-party data platform based on the encrypted verification result.

According to an aspect of an embodiment of the present application, there is provided a data transmission apparatus, including: the terminal sending module is used for sending the service parameters and the encrypted wind control parameters to a third-party data platform so that the third-party data platform sends the encrypted wind control parameters to a verification background; the terminal receiving module is used for receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, and the encrypted verification result is sent to the third-party data platform by the verification background; and the terminal transmission module is used for decrypting the encrypted verification result to obtain a verification result, and if the verification result meets a preset condition, performing data transmission with the third-party data platform based on the service parameters.

In some embodiments of the present application, based on the foregoing solution, the data transmission apparatus further includes an encryption module, where the encryption module is configured to: generating a check parameter and the service parameter based on user information; randomly generating a symmetric key; encrypting the verification parameters through the symmetric key; encrypting the symmetric key; and generating the encrypted wind control parameters according to the encrypted verification parameters and the encrypted symmetric key.

In some embodiments of the present application, based on the foregoing solution, the terminal transmission module is configured to: decrypting the encrypted verification result by the symmetric key encrypting the verification parameter; if the decryption is successful, determining that the third-party data platform is accessed to the verification background; if the decrypted verification result does not meet the preset condition, executing a step corresponding to the verification result according to the decrypted verification result, and switching to a step of sending the service parameter and the encrypted wind control parameter to the third-party data platform; and if the decrypted verification result meets the preset condition, performing data transmission with the third-party data platform based on the service parameters.

According to an aspect of an embodiment of the present application, there is provided a data transmission apparatus, including: the third party receiving module is used for receiving the service parameters and the encrypted wind control parameters from the terminal; the third party sending module is used for sending the encrypted wind control parameters to a verification background to obtain an encrypted verification result and an unencrypted verification result; and the third-party transmission module is used for sending the encrypted verification result to the terminal so as to perform data transmission with the terminal based on the service parameters.

In some embodiments of the present application, based on the foregoing solution, the third-party transmission module is configured to: generating service data based on the service parameters when the non-encryption verification result meets a preset condition; and sending the service data and the encrypted verification result to the terminal for data transmission.

According to an aspect of an embodiment of the present application, there is provided a data transmission apparatus, including: the background receiving module is used for receiving encrypted wind control parameters sent by a third-party data platform, the encrypted wind control parameters are sent to the third-party data platform by a terminal, and the encrypted wind control parameters are generated by encrypting verification parameters in the terminal; the decryption module is used for decrypting the encrypted wind control parameters to obtain the verification parameters; the checking module is used for checking the checking parameters to obtain a checking result; the encryption module is used for encrypting the verification result through a symmetric key which is used for encrypting the verification parameters in the terminal; and the background sending module is used for sending the encrypted verification result to the third-party data platform so that the third-party data platform sends the encrypted verification result to the terminal, and the terminal performs data transmission with the third-party data platform based on the encrypted verification result.

According to an aspect of an embodiment of the present application, there is provided a data transmission system including: the terminal is used for sending the service parameters and the encrypted wind control parameters to a third-party data platform, receiving an encrypted verification result which is received by the third-party data platform from a verification background and returned based on the encrypted wind control parameters, decrypting the encrypted verification result to obtain a verification result, and if the verification result meets a preset condition, performing data transmission with the third-party data platform based on the service parameters; the third-party data platform is used for receiving the service parameters and the encrypted wind control parameters sent by the terminal, sending the encrypted wind control parameters to the verification background, receiving the encrypted verification result returned by the verification background based on the wind control parameters, and sending the encrypted verification result to the terminal so as to perform data transmission with the terminal based on the service parameters; the verification background is used for receiving the encrypted wind control parameters sent by the third-party data platform, decrypting the encrypted wind control parameters, verifying the encrypted wind control parameters to obtain the verification result, encrypting the verification result to obtain the encrypted verification result, and returning the encrypted verification result to the third-party data platform.

According to an aspect of embodiments of the present application, there is provided a computer-readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method of any one of the above.

According to an aspect of an embodiment of the present application, there is provided an electronic apparatus including: a processor; a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method of any of the above.

The technical scheme provided by the embodiment of the application can have the following beneficial effects:

in the technical solutions provided in some embodiments of the present application, the terminal sends the service parameters and the encrypted wind control parameters to the third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to the verification background, and the verification background decrypts the encrypted wind control parameters and then verifies the encrypted wind control parameters, thereby verifying whether the terminal meets the data transmission conditions. The terminal receives an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by the verification background; and decrypting the encrypted verification result to obtain a verification result, if the verification result meets the preset condition, confirming that the terminal meets the data transmission condition, and performing data transmission between the terminal and the third-party data platform based on the service parameters. The third-party data platform can obtain the encrypted verification result only when the third-party data platform is accessed to the verification background, and the terminal performs data transmission with the third-party data platform only after obtaining the verification result which meets the preset condition and is from the third-party data platform, so that the reliability of data transmission is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.

FIG. 1A shows a schematic diagram of an exemplary system architecture to which aspects of embodiments of the present application may be applied;

fig. 1B is a schematic diagram showing a data sharing system to which the technical solution of one embodiment of the present application can be applied;

FIG. 1C illustrates a block chain diagram to which one embodiment of the present application may be applied;

FIG. 1D is a diagram illustrating the generation of new tiles in a blockchain to which one embodiment of the present application may be applied;

FIG. 2 schematically illustrates a flow diagram of a data transmission method according to an embodiment of the present application;

FIG. 3 schematically shows a flow chart of a data transmission method according to an embodiment of the present application;

FIG. 4 schematically shows a flow chart of a data transmission method according to an embodiment of the present application;

FIG. 5 presents a schematic view of a terminal interface for running a transportation card applet according to one embodiment of the present application;

FIG. 6 schematically shows a timing diagram of a data transmission method according to an embodiment of the application;

FIG. 7A schematically illustrates a block diagram of a data transmission device according to one embodiment of the present application;

FIG. 7B schematically illustrates a block diagram of a data transmission device according to one embodiment of the present application;

FIG. 7C schematically illustrates a block diagram of a data transmission device according to an embodiment of the present application;

FIG. 8 is a hardware diagram illustrating an electronic device according to an example embodiment.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.

Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.

The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.

The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.

Fig. 1A shows a schematic diagram of an exemplary system architecture 100A to which the technical solutions of the embodiments of the present application may be applied.

As shown in fig. 1A, the system architecture 100A may include a terminal device 101A (which may be one or more of a smartphone, a tablet, a laptop, a desktop computer), a network 102A, a third party server 103A, and a verification server 104A. Network 102A is used to provide a medium for communication links between terminal device 101A, server 103A, and detection terminal 104A. Network 102A may include various connection types, such as wired communication links, wireless communication links, and so forth. The third-party server 103A is configured to provide a third-party data platform, so as to implement data transmission between the terminal and the third-party data platform. The verification server 104A is configured to provide a verification background, and is configured to verify a verification parameter generated by the terminal, and may also be configured to perform risk control on a third-party data platform.

It should be understood that the number of terminal devices 101A, networks 102A, third party servers 103A and verification servers 104A in fig. 1A are merely illustrative. There may be any number of terminal devices 101A, networks 102A, third party servers 103A and verification servers 104A, as desired for implementation. For example, the third-party server 103A or the verification server 104A may be a server cluster composed of a plurality of servers, and the like.

In an embodiment of the application, the terminal device 101A sends the service parameters and the encrypted wind control parameters to the third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to the verification background, and the verification background decrypts the encrypted wind control parameters and then verifies the encrypted wind control parameters, thereby verifying whether the terminal meets the data transmission conditions. The terminal receives an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by the verification background; and decrypting the encrypted verification result to obtain a verification result, if the verification result meets the preset condition, confirming that the terminal meets the data transmission condition, and performing data transmission between the terminal and the third-party data platform based on the service parameters. The third-party data platform can obtain the encrypted verification result only when the third-party data platform is accessed to the verification background, and the terminal performs data transmission with the third-party data platform only after obtaining the verification result which meets the preset condition and is from the third-party data platform, so that the reliability of data transmission is improved.

It should be noted that the data transmission method provided in the embodiment of the present application is generally executed by the terminal device 101A, and accordingly, the data transmission apparatus is generally disposed in the terminal device 101A. However, in other embodiments of the present application, a server, such as the third-party server 103A or the verification server 104A, may also have a similar function as the terminal device 101A, so as to execute the data transmission method provided in the embodiments of the present application.

In an embodiment of the application, a terminal in the data transmission system is configured to send the service parameters and the wind control parameters to a third-party data platform, receive a verification result returned by the third-party data platform based on the wind control parameters, and perform data transmission with the third-party data platform based on the service parameters if the verification result meets a preset condition, where the terminal may be a terminal device 101A. And a third-party data platform in the data transmission system is used for receiving the service parameters and the wind control parameters sent by the terminal, sending the wind control parameters to the verification background, receiving a verification result returned by the verification background based on the wind control parameters, and sending the verification result to the terminal so as to perform data transmission with the terminal based on the service parameters, wherein the third-party data platform can be a third-party server 103A. And the verification background in the data transmission system is used for receiving the wind control parameters sent by the third-party data platform, verifying the wind control parameters to obtain a verification result, and returning the verification result to the third-party data platform, wherein the verification background can be a verification server 104A.

Fig. 1B shows a schematic diagram of an exemplary data sharing system 100B to which the technical solution of the embodiment of the present invention can be applied.

Referring to the data sharing system 100B shown in fig. 1B, the data sharing system 100B is a system for performing data sharing between nodes, the data sharing system 100B may include a plurality of nodes 101B, the plurality of nodes 101B may refer to a plurality of terminal devices 101A in the system architecture 100A, the plurality of nodes 101B may refer to a third-party server 103A in the system architecture 100A, and the plurality of nodes 101B may refer to a check server 104A in the system architecture 100A. Each node 101B may receive input information during normal operation and maintain shared data within the data sharing system 100B based on the received input information. In order to ensure information interworking in the data sharing system 100B, an information connection may exist between each node 101B in the data sharing system 100B, and information transmission may be performed between the nodes 101B through the information connection. For example, when any node 101B in the data sharing system 100B receives the input information, the other nodes 101B in the data sharing system 100B acquire the input information according to the consensus algorithm, and store the input information as data in the shared data, so that the data stored on all nodes 101B in the data sharing system 100B are consistent.

Each node 101B in the data sharing system 100B has a node identifier corresponding thereto, and each node 101B in the data sharing system 100B may store the node identifiers of other nodes 101B in the data sharing system 100B, so that the generated block is broadcast to other nodes 101B in the data sharing system 100B according to the node identifiers of other nodes 101B. Each node 101B may maintain a node identifier list as shown in the following table, and store the node name and the node identifier in the node identifier list correspondingly. The node identifier may be an IP (Internet Protocol) address and any other information that can be used to identify the node, and table 1 only illustrates the IP address as an example.

Node name	Node identification
		Node 1	117.114.151.174
Node 2	117.116.189.145
		…	…
Node N	119.123.789.258

TABLE 1

FIG. 1C shows a schematic diagram of a blockchain to which one embodiment of the present application may be applied.

Each node in the data sharing system 100B stores one identical blockchain. The block chain is composed of a plurality of blocks, referring to fig. 1C, the block chain is composed of a plurality of blocks, the starting block includes a block header and a block main body, the block header stores an input information characteristic value, a version number, a timestamp and a difficulty value, and the block main body stores input information; the next block of the starting block takes the starting block as a parent block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the parent block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain is associated with the block data stored in the parent block, and the safety of the input information in the block is ensured.

Fig. 1D shows a schematic diagram of new block generation in a blockchain to which an embodiment of the present application may be applied.

When each block in the block chain is generated, referring to fig. 1D, when a node where the block chain is located receives input information, the input information is verified, after the verification is completed, the input information is stored in the memory pool, and the hash tree for recording the input information is updated; and then, updating the updating time stamp to the time when the input information is received, trying different random numbers, and calculating the characteristic value for multiple times, so that the calculated characteristic value can meet the following formula:

SHA256(SHA256(version+prev_hash+merkle_root+ntime+nbits+x))＜TARGET

wherein, SHA256 is a characteristic value algorithm used for calculating a characteristic value; version is version information of the relevant block protocol in the block chain; prev _ hash is a block head characteristic value of a parent block of the current block; merkle _ root is a characteristic value of the input information; ntime is the update time of the update timestamp; nbits is the current difficulty, is a fixed value within a period of time, and is determined again after exceeding a fixed time period; x is a random number; TARGET is a feature threshold, which can be determined from nbits.

Therefore, when the random number meeting the formula is obtained through calculation, the information can be correspondingly stored, and the block head and the block main body are generated to obtain the current block. Subsequently, the node where the block chain is located sends the newly generated blocks to other nodes 101B in the data sharing system 100B where the newly generated blocks are located respectively according to the node identifiers of the other nodes 101B in the data sharing system 100B, the newly generated blocks are checked by the other nodes 101B, and the newly generated blocks are added to the block chain stored in the newly generated blocks after the check is completed.

In an embodiment of the present application, the input information stored in the data sharing system 100B may be data transmitted between the terminal device 101A and the third-party server 103A, and may be a service parameter, a service data, a wind control parameter, a verification parameter, and the like.

In an embodiment of the application, the terminal and the third-party data platform may perform data transmission in an intelligent contract manner based on the service parameters, and may generate a data transmission record as input information in the block main body.

The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:

fig. 2 schematically shows a flowchart of a data transmission method according to an embodiment of the present application, where an execution subject of the data transmission method may be a terminal, such as the terminal device 101A shown in fig. 1A.

Referring to fig. 2, the data transmission method at least includes steps S210 to S230, which are described in detail as follows:

in step S210, the service parameter and the encrypted wind control parameter are sent to the third-party data platform, so that the third-party data platform sends the encrypted wind control parameter to the verification background.

In one embodiment of the present application, a data transmission request may be sent to a third-party data platform, where the data transmission request includes a service parameter and an encrypted wind control parameter.

In one embodiment of the present application, traffic parameters and wind control parameters may be generated based on user information.

In an embodiment of the present application, the user information may include a unique identification code of the terminal, where the unique identification code may be a Media Access Control (MAC) address of the user equipment, or may be a hash value obtained by performing hash calculation on the MAC address of the user equipment; the unique identification code of the user device may also be a random unique serial number.

In an embodiment of the present application, the user information may include a user ID, a user address, a positioning city code of a city where the user address is located, a ciphertext device ID, a ciphertext device environment, information of a third-party data platform obtained by the terminal, application information of an application used for accessing the third-party data platform, and the like.

In one embodiment of the present application, the user ID may be a unique ID used by the terminal equipment manufacturer to mark the user identity; the user ID may also be a user name or identification number. The user ID may also be registration information used when the user registers for accessing an application of the third party data platform, for example, the user ID may be a micro signal or a user nickname when the user accesses the third party data platform using micro letters.

In one embodiment of the present application, the city code may be set according to countries and cities in the countries, for example, the city code of shenzhen city in Guangdong province in China may be set as C0615, where C denotes that the territorial area of China is ranked third in all countries around the world, 06 denotes that Guangdong province is sixth in the sixth place when sorted by the first letter in provinces in China, and 15 denotes that shenzhen city is fifteenth in the fifteenth place when sorted by the first letter in cities in Guangdong province.

In an embodiment of the application, the ciphertext device ID and the ciphertext device environment may be obtained by encrypting the device ID and the device environment of the terminal with a session key (session _ key) of the terminal, where the session key is used for accessing the third-party data platform and is in a user login state.

In an embodiment of the application, the ciphertext device ID and the ciphertext device environment may be obtained from an application in the terminal for accessing the third-party data platform. When the user is in an application login state, the application in the terminal for accessing the third-party data platform acquires the equipment ID and the equipment environment of the terminal from the terminal, and encrypts the equipment ID and the equipment environment of the terminal by using a session key (session _ key) to obtain a ciphertext equipment ID and a ciphertext equipment environment. And the terminal obtains the ciphertext equipment ID and the ciphertext equipment environment from the application for accessing the third-party data platform.

In an embodiment of the application, if the third-party data platform is a wechat applet data platform, the ciphertext device ID and the ciphertext device environment may be obtained from wechat, the session key (session _ key) in a wechat user login state may be used to decrypt the ciphertext device ID and the ciphertext device environment, whether the device is replaced is determined according to the device ID obtained by decryption, and whether the terminal is obtained by ROOT is determined according to the device environment. If the terminal ROOT is detected, the user system authority is modified, and the unsafe environment of the terminal equipment can be confirmed; and if the terminal does not have the ROOT, the environmental security of the terminal equipment can be confirmed.

In an embodiment of the present application, the ciphertext device ID and the ciphertext device environment are obtained by encrypting the device ID and the device environment with a session key (session _ key) when the WeChat is in a user login state after the WeChat obtains the device ID and the device environment.

In an embodiment of the present application, when the third party data platform is an electronic card service provider, the information of the third party data platform obtained by the terminal may be an electronic card number, an electronic card balance, an electronic card transaction password, an electronic card consumption record, and the like bound to the terminal.

In an embodiment of the present application, when the electronic card service provider is a bank, the information of the third-party data platform obtained by the terminal may be a bank card number, a bank card balance, a bank card password, a bank card consumption record, and the like bound to the terminal.

In an embodiment of the present application, when the electronic card service provider is a transportation card service provider, the information of the third-party data platform obtained by the terminal may be a transportation card number, a transportation card balance, a transportation card transaction password, a transportation card consumption record, and the like.

In one embodiment of the present application, the application information may be an application login status, an application nickname, an application number, an application version number, an application code version number, a timestamp of an application accessing the third party data platform, and the like.

In one embodiment of the present application, the service parameters may include an electronic card number, a user ID, a location city code, a terminal model number, a terminal unique serial number, and the like.

In an embodiment of the present application, the wind control parameter may include an electronic card number, an application login status, a user ID, a ciphertext device environment, an application version number for accessing the third-party data platform, an application code version number, a timestamp when the application accesses the third-party data platform, and the like.

In an embodiment of the application, the wind control parameter may be obtained according to a verification parameter, and the verification parameter may be obtained according to user information. The verification parameters can be obtained according to the user information such as the electronic card number, the application login state, the user ID, the ciphertext equipment environment, the application version number for accessing the third-party data platform, the application code version number, the timestamp when the application accesses the third-party data platform and the like.

In this embodiment, the verification parameters include an application version number, an application code version number, and a timestamp for the application to access the third-party data platform, so that the verification platform can verify the verification parameters by checking whether the application version is an error-free version, whether the application code version is an error-free version, and whether the access time is the application uptime.

In one embodiment of the present application, the symmetric key may be randomly generated, and the wind control parameter may be generated through the symmetric key and the verification parameter. The encryption key and the decryption key of the symmetric key are the same key, and the wind control parameter obtained according to the symmetric key can be conveniently solved by using the symmetric key.

In an embodiment of the present application, the symmetric key may be related to a name of the third-party data platform, so that the verification background can distinguish which third-party data platform performs data transmission with the terminal.

In one embodiment of the present application, the verification parameter may be encrypted by using a symmetric key to obtain a wind control parameter.

In one embodiment of the present application, the verification parameters may be encrypted by a symmetric key; and encrypting the symmetric key, and generating a wind control parameter according to the encrypted verification parameter and the encrypted symmetric key. The symmetric key is placed in the wind control parameters and sent to the verification background, so that the step of storing the symmetric key in the verification background can be omitted, and the use space of the verification background can be saved.

In an embodiment of the present application, asymmetric encryption may be performed on the symmetric key, and the wind control parameter is generated according to the symmetrically encrypted verification parameter and the asymmetrically encrypted symmetric key. Asymmetric encryption may use public key encryption, private key decryption. The private key is stored in a verification background, the verification background firstly decrypts the encrypted symmetric key by using the private key to obtain a symmetric key, then decrypts the encrypted verification parameter by using the symmetric key to obtain a verification parameter, and verifies the verification parameter to obtain a verification result.

In this embodiment, the symmetric key used to decrypt the verification parameters is encrypted again, which may be better done to encrypt the verification parameters.

In one embodiment of the present application, the symmetric key may be an AES (Advanced Encryption Standard) symmetric key, and the asymmetric Encryption may use an RSA public key and an RSA private key to match. Namely, the AES symmetric key is used for encrypting the verification parameters, the RSA public key is used for encrypting the AES symmetric key used for decrypting the verification parameters, and the obtained ciphertext of the verification parameters and the ciphertext of the AES symmetric key are used as the wind control parameters.

In the embodiment, the RSA private key is stored in the verification background, and the terminal and the third-party data platform cannot decrypt the AES symmetric key encrypted by the RSA public key, so that the verification result can only be obtained through the verification background, and the terminal can perform data transmission with the third-party data platform after receiving the verification result, so as to achieve the effect of forcing the third-party data platform to access the verification background.

Continuing to refer to fig. 2, in step S220, an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter is received, and the encrypted verification result is sent to the third-party data platform by the verification background.

In one embodiment of the present application, the verification result may include passing the checksum and not passing the verification.

In one embodiment of the present application, the verification result may be a security index.

In step S230, the encrypted verification result is decrypted to obtain a verification result, and if the verification result meets a preset condition, data transmission is performed with the third-party data platform based on the service parameters.

In an embodiment of the application, if the verification result is that the verification is passed, it may be determined that the verification result satisfies the preset condition.

In an embodiment of the present application, if the safety index reaches the set threshold, it may be determined that the verification result satisfies the preset condition.

In an embodiment of the present application, the encrypted wind control parameter may be decrypted to obtain a verification parameter, and the verification parameter may be verified, where the verification parameter may include a login status of the user, a user ID, an electronic card number, a ciphertext device ID, a ciphertext device environment, and the like.

In an embodiment of the present application, before checking the checking parameter, a login state of the checking background may be detected, and when the login state of the checking background is valid, the checking parameter is checked. The preset conditions may include one or more of a login status of the user being valid, a user and card matching, a device being consistent with a previous use, and an end device environment security.

In an embodiment of the application, if the login state of the verification background is valid, the user is matched with the card, the equipment is consistent with the previous use, and the environment of the terminal equipment is safe, it is determined that the preset condition is met.

In one embodiment of the present application, it may be determined whether the user and the card match based on the user ID and the electronic card number.

In one embodiment of the present application, the encrypted verification result may be decrypted by a symmetric key that encrypts the verification parameter; and if the decryption is successful, determining that the third-party data platform is accessed to the verification background. If the decrypted verification result does not meet the preset condition, executing the corresponding step of the decrypted verification result according to the decrypted verification result, and switching to the step of sending the service parameters and the encrypted wind control parameters to the third-party data platform; and if the decrypted verification result meets the preset condition, performing data transmission with a third-party data platform based on the service parameters.

In an embodiment of the application, the step corresponding to the decrypted verification result may include prompting the user or terminating the connection between the terminal and the third-party data platform.

In an embodiment of the present application, if the decrypted verification result does not satisfy the preset condition, the prompting according to the decrypted verification result may include: if the decrypted verification result comprises that the login state of the verification background is invalid, prompting the user to log in the verification background again; if the decrypted verification result comprises that the user is not matched with the card, prompting abnormality in the terminal, and stopping connection between the terminal and the third-party data platform; if the decrypted verification result comprises that the equipment is inconsistent with the previous use, prompting a user to update the equipment; and if the decrypted verification result comprises that the environment of the terminal equipment is unsafe, prompting that the user equipment is unavailable, and terminating the connection between the terminal and the third-party data platform.

In an embodiment of the application, if the decrypted verification result does not meet the preset condition, executing a step corresponding to the decrypted verification result according to the decrypted verification result, and switching to a step of sending the service parameter and the encrypted wind control parameter to a third-party data platform, so that the third-party data platform sends the encrypted wind control parameter to a verification background; receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by a verification background; and decrypting the encrypted verification result to obtain a verification result, if the verification result does not meet the preset condition, switching to the step of sending the service parameter and the encrypted wind control parameter to the third-party data platform again, and transmitting data with the third-party data platform based on the service parameter until the verification result meets the preset condition.

In an embodiment of the application, if the terminal does not receive the encrypted verification result or the decryption fails, it can be confirmed that the third-party data platform is not accessed to the verification background or has other abnormalities, and the abnormality is prompted in the terminal, so that the connection between the terminal and the third-party data platform is terminated, and the unreliable data transmission is avoided.

In the embodiment of fig. 2, the terminal sends the service parameters and the encrypted wind control parameters to the third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to the verification background, and the verification background verifies the encrypted wind control parameters, thereby verifying whether the terminal meets the data transmission conditions. The terminal receives an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by the verification background; and decrypting the encrypted verification result to obtain a verification result, if the verification result meets the preset condition, confirming that the terminal meets the data transmission condition, and performing data transmission between the terminal and the third-party data platform based on the service parameters. The third-party data platform can obtain the encrypted verification result only when the third-party data platform is accessed to the verification background, and the terminal performs data transmission with the third-party data platform only after obtaining the verification result which meets the preset condition and is from the third-party data platform, so that the reliability of data transmission is improved.

Fig. 3 schematically shows a flowchart of a data transmission method according to an embodiment of the present application, where an execution subject of the data transmission method may be a third-party data platform, such as the third-party server 103A shown in fig. 1A.

Referring to fig. 3, the data transmission method at least includes steps S310 to S330, which are described in detail as follows:

in step S310, receiving a service parameter and an encrypted wind control parameter from a terminal;

in step S320, sending the encrypted wind control parameter to a verification background to obtain an encrypted verification result and an unencrypted verification result;

in step S330, the encrypted verification result is sent to the terminal for data transmission with the terminal based on the service parameter.

In an embodiment of the application, the obtained verification result may include an encrypted verification result and an unencrypted verification result, and the third-party data platform may generate the service data based on the service parameter when the unencrypted verification result meets a preset condition; and sending the service data and the check result to the terminal for data transmission.

In an embodiment of the present application, the service data may be generated by the third-party data platform based on the service parameter, and if the service parameter includes the card number, the service data may include a card balance, a card transaction record, a card password, and the like.

In an embodiment of the application, the obtained verification result may include an encrypted verification result and an unencrypted verification result, and if the verification result obtained by the third-party data platform passes the verification, the encrypted verification result and the service data corresponding to the service parameter are sent to the terminal, so that the terminal receives the service data after decrypting the encrypted verification result to realize data transmission; and if the third-party data platform acquires that the verification result is not verified, sending the encrypted verification result and error information corresponding to the reason of not passing the verification to the terminal so that the terminal corrects the verification parameters according to the error information and the corrected verification parameters can pass the verification.

In this embodiment, the third-party data platform obtains the unencrypted verification result, and can send the service data and the encrypted verification result to the terminal together based on the verification result when the verification result is passed, so that the data transmission process between the terminal and the third-party data platform is simplified, and the data transmission efficiency is improved.

In the embodiment of fig. 3, the third-party data platform obtains the service parameters and the encrypted wind control parameters from the terminal by receiving the data transmission request sent by the terminal, sends the encrypted wind control parameters to the verification background to obtain the encrypted verification result and the unencrypted verification result, and sends the encrypted verification result to the terminal, so that the terminal decrypts the encrypted verification result to obtain the verification result, so that the terminal determines whether to perform data transmission with the third-party data platform according to the verification result, and if it is determined to perform data transmission with the third-party data platform according to the verification result, performs data transmission with the terminal based on the service parameters. The third-party data platform can be in data connection with the terminal after sending the encrypted verification result of the verification background to the terminal, and if the third-party data platform is not connected to the verification background, the terminal cannot perform data transmission with the third-party data platform, so that the effect of performing data transmission between the terminal and the third-party data platform is achieved under the condition that only the third-party data platform is connected to the verification background, the forcing of the third-party data platform to be connected to the verification background is realized, and the reliability of data transmission is improved.

Fig. 4 schematically shows a flowchart of a data transmission method according to an embodiment of the present application, where an execution subject of the data transmission method may be a verification background, such as the verification server 104A shown in fig. 1A.

Referring to fig. 4, the data transmission method at least includes steps S410 to S440, which are described in detail as follows:

in step S410, the encrypted wind control parameter sent by the third-party data platform is received, the encrypted wind control parameter is sent by the terminal to the third-party data platform, and the encrypted wind control parameter is generated by encrypting the verification parameter in the terminal.

In step S420, the encrypted wind control parameter is decrypted to obtain a verification parameter.

In an embodiment of the present application, if the encryption process of the wind control parameter is: after the symmetric encryption of the verification parameters, the asymmetric encryption of the symmetric key of the verification parameters is performed, the verification parameters after the symmetric encryption and the symmetric key after the asymmetric encryption are combined into the wind control parameters, and then the decryption of the encrypted wind control parameters may include: the asymmetric decryption is carried out on the asymmetric encrypted symmetric secret key to obtain a symmetric secret key used for decrypting the verification parameters, and then the symmetric secret key is used for decrypting the verification parameters after symmetric encryption to obtain the verification parameters.

In an embodiment of the present application, if the verification parameter includes the ciphertext device ID and the ciphertext device environment, the session key in the user login state needs to be used to decrypt the ciphertext device ID and the ciphertext device environment, so as to obtain the device ID and the device environment.

In an embodiment of the present application, the session key in the user login state may be a session key (session _ key) in the user login state.

In an embodiment of the application, if the decryption of the wind control parameter fails, the system is prompted to be abnormal, and the connection between the third-party data platform and the terminal is terminated.

In an embodiment of the application, if a third-party data platform is connected with a terminal through a wechat applet, the wechat applet is terminated when the third-party data platform is connected with the terminal.

In step S430, the verification parameter is verified to obtain a verification result.

In an embodiment of the present application, the checking parameters may include checking a login status of a background, a login status of a user, a user ID, an electronic card number, a unique identifier of a terminal, whether a terminal device environment is secure, and the like.

In one embodiment of the present application, the checking parameters may include one or more of checking whether a login status of the checking background is valid, checking whether the user and the card are matched, checking whether the device is consistent with a previous use, and checking whether an environment of the terminal device is secure.

In an embodiment of the present application, the login status of the background, whether the check device is consistent with the previous device, whether the check user is matched with the card, whether the login status of the check user is valid, whether the environment of the terminal device is safe, and the like may be sequentially checked in order.

In an embodiment of the application, if the login state of the verification background is invalid, the verification result is to prompt the user to log in again, and whether the login state of the verification background is valid or not is checked until the login state of the verification background is checked to be consistent with the login state of the verification background. And if the equipment is inconsistent with the previous use, prompting the user to update the equipment according to the verification result, and checking whether the user is matched with the card or not until the login state of the verification background is checked to be effective and the equipment is consistent with the previous use. And if the user is not matched with the card, prompting that the user is not matched with the card according to the verification result until the login state of the verification background is checked to be effective, the equipment is consistent with the previous use, and the user is matched with the card, and checking whether the login state of the user is effective. And if the login state of the user is invalid, prompting the user to log in again by the verification result until the login state of the verification background is checked to be valid, the equipment is consistent with the previous use, the user is matched with the card, and the login state of the user is valid, and checking whether the environment of the terminal equipment is safe. If the terminal equipment is unsafe in environment, the verification result is that the connection between the third-party data platform and the terminal is terminated; and if the environment of the terminal equipment is unsafe, the verification result meets the preset condition, and the terminal and the third-party data platform perform data transmission.

With continued reference to fig. 4, in step S440, the verification result is encrypted by the symmetric key that is used in the terminal to encrypt the verification parameter.

In an embodiment of the present application, the number of keys stored in the terminal may be reduced by encrypting the verification result with the same symmetric key as the verification parameter to be verified. Meanwhile, the symmetric secret key which is the same as the verification parameter sent by the terminal is used, so that the terminal can be identified, and the wrong terminal sending is avoided.

In step S450, the encrypted verification result is sent to the third-party data platform, so that the third-party data platform sends the encrypted verification result to the terminal, so that the terminal performs data transmission with the third-party data platform based on the encrypted verification result.

In an embodiment of the application, only the encrypted verification result may be sent to the third-party data platform, a key of the verification result may be stored in the terminal, and the terminal decrypts the encrypted verification result to obtain the verification result, and then performs data transmission with the third-party data platform based on the verification result.

In an embodiment of the application, the key for decrypting the encrypted verification result may be stored in a third-party data platform, the third-party data platform decrypts the encrypted verification result and sends the decrypted verification result to the terminal, and the terminal performs data transmission with the third-party data platform based on the verification result.

In the embodiment of fig. 4, the verification background decrypts the wind control parameter by receiving the encrypted wind control parameter sent by the third-party data platform to obtain the verification parameter, verifies the verification parameter to obtain the verification result, encrypts the verification result and sends the verification result to the third-party data platform, so that the third-party data platform sends the encrypted verification result to the terminal, so that the terminal decrypts the encrypted verification result to obtain the verification result, and the terminal performs data transmission with the third-party data platform according to the verification result. The terminal only receives the verification result obtained by the third-party data platform from the verification background and then performs data transmission with the third-party data platform, so that the data transmission with the terminal can be ensured only after the third-party data platform is accessed into the verification background, and the reliability of data transmission can be improved.

In one embodiment of the application, the data transmission method of the application can be used for data transmission between a transportation card applet service provider and a terminal. The terminal sends a data transmission request to the traffic card service provider, the data transmission request comprises service parameters and encrypted wind control parameters, the traffic card service provider forwards the encrypted wind control parameters to a verification background, the verification background decrypts the encrypted wind control parameters to obtain verification parameters, the verification parameters are verified to obtain verification results, the verification results are transmitted to the terminal after being encrypted, the terminal decrypts the encrypted verification results to obtain verification results, and the terminal determines whether to perform data transmission with the traffic card service provider according to the verification results. If the terminal does not receive the verification result, the connection between the small traffic card program and the terminal is disconnected, and the small traffic card program exits; if the terminal receives the verification result but the verification fails, correspondingly prompting the terminal according to the reason that the verification fails; and if the terminal receives the verification result and the verification is passed, the terminal and the traffic card service provider perform data transmission, and a traffic card applet can be used in the terminal. Fig. 5 presents a schematic view of a terminal interface for running a transportation card applet according to an embodiment of the present application.

In an embodiment of the present application, the third-party data platform may be a third-party service provider, and fig. 6 schematically shows a timing chart of a data transmission method according to an embodiment of the present application. Firstly, a terminal sends service parameters, encrypted wind control parameters and an encrypted AES symmetric key to a third-party service provider, then the third-party service provider sends the encrypted wind control parameters and the encrypted AES symmetric key to a wind control background, the wind control background decrypts the data and then carries out wind control verification to obtain a verification result, then the unencrypted verification result and the encrypted verification result are sent to the third-party service provider, and if the verification result is passed, the third-party service provider sends the encrypted verification result and card data corresponding to the service parameters to the terminal; and if the verification result is that the verification result does not pass, the third-party service provider sends the encrypted verification result and the error information to the terminal. The terminal decrypts the encrypted verification result, and if decryption fails, an abnormal flow is entered; if the decryption is successful, and the verification result obtained by the decryption is verification passing, entering a normal flow; if the decryption is successful, the verification result obtained by the decryption is that the verification is failed, and then an abnormal flow is entered.

In this embodiment, the normal process performs data transmission for the terminal and the third-party service provider, and the abnormal process includes terminating the connection between the third-party service provider and the terminal and performing a corresponding prompt at the terminal corresponding to the reason for entering the abnormal process.

The following describes embodiments of an apparatus of the present application, which may be used to perform the data transmission method in the above embodiments of the present application. For details that are not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the data transmission method described above in the present application.

Fig. 7A schematically shows a block diagram of a data transmission device according to an embodiment of the present application.

Referring to fig. 7A, a data transmission apparatus 700A according to an embodiment of the present application includes a terminal sending module 701A, a terminal receiving module 702A, and a terminal transmission module 703A.

In some embodiments of the present application, based on the foregoing scheme, the terminal sending module 701A is configured to send the service parameter and the encrypted wind control parameter to a third-party data platform, so that the third-party data platform sends the encrypted wind control parameter to the verification background; the terminal receiving module 702A is configured to receive an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, where the encrypted verification result is sent to the third-party data platform by the verification background; the terminal transmission module 703A is configured to decrypt the encrypted verification result to obtain a verification result, and if the verification result meets a preset condition, perform data transmission with the third-party data platform based on the service parameter.

In some embodiments of the present application, based on the foregoing solution, the data transmission apparatus further includes an encryption module, where the encryption module is configured to: generating a check parameter and a service parameter based on the user information; randomly generating a symmetric key; encrypting the verification parameters through a symmetric key; encrypting the symmetric key; and generating an encrypted wind control parameter according to the encrypted verification parameter and the encrypted symmetric key.

In some embodiments of the present application, based on the foregoing scheme, the terminal transmission module 703A is configured to: decrypting the encrypted verification result through the symmetric key for encrypting the verification parameter; if the decryption is successful, determining that the third-party data platform is accessed to the verification background; if the decrypted verification result does not meet the preset condition, executing a step corresponding to the verification result according to the decrypted verification result, and switching to a step of sending the service parameters and the encrypted wind control parameters to a third-party data platform; and if the decrypted verification result meets the preset condition, performing data transmission with a third-party data platform based on the service parameters.

Fig. 7B schematically shows a block diagram of a data transmission device according to an embodiment of the present application.

Referring to fig. 7B, a data transmission apparatus 700B according to an embodiment of the present application includes a third-party receiving module 701B, a third-party sending module 702B, and a third-party transmitting module 703B.

In some embodiments of the present application, based on the foregoing solution, the third party receiving module 701B is configured to receive the service parameter and the encrypted wind control parameter from the terminal; the third party sending module 702B is configured to send the encrypted wind control parameter to the verification background to obtain an encrypted verification result and an unencrypted verification result; the third party transmission module 703B is configured to send the encrypted verification result to the terminal, so as to perform data transmission with the terminal based on the service parameter.

In some embodiments of the present application, based on the foregoing solution, the third-party transmission module 703B is configured to: generating service data based on the service parameters when the unencrypted verification result meets the preset condition; and sending the service data and the encrypted verification result to the terminal for data transmission.

Fig. 7C schematically shows a block diagram of a data transmission device according to an embodiment of the present application.

Referring to fig. 7C, a data transmission apparatus 700C according to an embodiment of the present application includes a background receiving module 701C, a decrypting module 702C, a verifying module 703C, an encrypting module 704C, and a background sending module 70C.

In some embodiments of the present application, based on the foregoing solution, the background receiving module 701C is configured to receive an encrypted wind control parameter sent by a third-party data platform, where the encrypted wind control parameter is sent to the third-party data platform by a terminal, and the encrypted wind control parameter is generated by encrypting a verification parameter in the terminal; the decryption module 702C is configured to decrypt the encrypted wind control parameter to obtain a verification parameter; the verification module 703C is configured to verify the verification parameter to obtain a verification result; the encryption module 704C is configured to encrypt the verification result by using a symmetric key for encrypting the verification parameter in the terminal; the background sending module 705C is configured to send the encrypted verification result to the third-party data platform, so that the third-party data platform sends the encrypted verification result to the terminal, so that the terminal performs data transmission with the third-party data platform based on the encrypted verification result.

As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

An electronic device 80 according to this embodiment of the present application is described below with reference to fig. 8. The electronic device 80 shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.

As shown in fig. 8, the electronic device 80 is in the form of a general purpose computing device. The components of the electronic device 80 may include, but are not limited to: the at least one processing unit 81, the at least one memory unit 82, a bus 83 connecting different system components (including the memory unit 82 and the processing unit 81), and a display unit 84.

Wherein the storage unit stores program code that can be executed by the processing unit 81 such that the processing unit 81 performs the steps according to various exemplary embodiments of the present application described in the section "example methods" above in this specification.

The storage unit 82 may include readable media in the form of volatile storage units, such as a random access storage unit (RAM)821 and/or a cache storage unit 822, and may further include a read only storage unit (ROM) 823.

The storage unit 82 may also include a program/utility 824 having a set (at least one) of program modules 825, such program modules 825 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 83 may be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 80 may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 80, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 80 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interfaces 85. Also, the electronic device 80 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 86. As shown, the network adapter 86 communicates with the other modules of the electronic device 80 via the bus 83. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 80, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a terminal device, or a network device, etc.) execute the method according to the embodiments of the present application.

There is also provided, in accordance with an embodiment of the present application, a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, various aspects of the present application may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present application described in the "exemplary methods" section above of this specification, when the program product is run on the terminal device.

In some embodiments of the present application, a program product for implementing the above method of embodiments of the present application is provided, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the present application, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.

It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims

1. A data transmission method is applied to a terminal, and is characterized by comprising the following steps:

the service parameters and the encrypted wind control parameters are sent to a third-party data platform, so that the third-party data platform sends the encrypted wind control parameters to a verification background;

receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, wherein the encrypted verification result is sent to the third-party data platform by the verification background;

decrypting the encrypted verification result;

if the encrypted verification result is successfully decrypted, determining that the third-party data platform is accessed to the verification background;

if the verification result obtained after the encrypted verification result is decrypted does not meet the preset condition, executing a step corresponding to the verification result according to the verification result obtained after the decryption, and switching to a step of sending the service parameter and the encrypted wind control parameter to the third-party data platform;

and if the verification result obtained after the encrypted verification result is decrypted meets the preset condition, performing data transmission with the third-party data platform based on the service parameters.

2. The data transmission method according to claim 1, wherein before the service parameters and the encrypted wind control parameters are sent to the third-party data platform, the method comprises:

generating a check parameter and the service parameter based on user information;

randomly generating a symmetric key;

encrypting the verification parameters through the symmetric key;

encrypting the symmetric key;

and generating the encrypted wind control parameters according to the encrypted verification parameters and the encrypted symmetric key.

3. The data transmission method according to claim 2, wherein the decrypting the encrypted verification result comprises:

decrypting the encrypted verification result by the symmetric key encrypting the verification parameter.

4. A data transmission method is applied to a check background, and is characterized by comprising the following steps:

receiving encrypted wind control parameters sent by a third-party data platform, wherein the encrypted wind control parameters are sent to the third-party data platform by a terminal, and are generated by encrypting verification parameters in the terminal;

decrypting the encrypted wind control parameters to obtain the verification parameters;

verifying the verification parameters to obtain a verification result;

encrypting the verification result through a symmetric key for encrypting the verification parameters in the terminal;

and sending the encrypted verification result to the third-party data platform so that the third-party data platform sends the encrypted verification result to the terminal, wherein the encrypted verification result is used for enabling the terminal to send the encrypted wind control parameters to the third-party data platform again when the verification result obtained by decryption does not meet the preset condition, and carrying out data transmission with the third-party data platform when the verification result obtained by decryption meets the preset condition.

5. A data transmission apparatus, comprising:

the terminal sending module is used for sending the service parameters and the encrypted wind control parameters to a third-party data platform so that the third-party data platform sends the encrypted wind control parameters to a verification background;

the terminal receiving module is used for receiving an encrypted verification result returned by the third-party data platform based on the encrypted wind control parameter, and the verification result is sent to the third-party data platform by the encrypted verification background;

the terminal transmission module is used for decrypting the encrypted verification result, and if the encrypted verification result is decrypted successfully, the third-party data platform is determined to be accessed to the verification background; if the verification result obtained after the encrypted verification result is decrypted does not meet the preset condition, executing the step corresponding to the verification result according to the verification result obtained after the decryption, and switching to the step of sending the service parameter and the encrypted wind control parameter to the third-party data platform, and if the verification result obtained after the encrypted verification result is decrypted meets the preset condition, performing data transmission with the third-party data platform based on the service parameter.

6. The data transmission apparatus according to claim 5, further comprising:

the encryption module is used for generating a verification parameter and the service parameter based on user information before sending the service parameter and the encrypted wind control parameter to a third-party data platform; randomly generating a symmetric key; encrypting the verification parameters through the symmetric key; encrypting the symmetric key; and generating the encrypted wind control parameters according to the encrypted verification parameters and the encrypted symmetric key.

7. The data transmission apparatus of claim 6, wherein the terminal transmission module is configured to: decrypting the encrypted verification result by the symmetric key encrypting the verification parameter.

8. A data transmission apparatus, comprising:

the background receiving module is used for receiving encrypted wind control parameters sent by a third-party data platform, the encrypted wind control parameters are sent to the third-party data platform by a terminal, and the encrypted wind control parameters are generated by encrypting verification parameters in the terminal;

the decryption module is used for decrypting the encrypted wind control parameters to obtain the verification parameters;

the checking module is used for checking the checking parameters to obtain a checking result;

the encryption module is used for encrypting the verification result through a symmetric key which is used for encrypting the verification parameters in the terminal;

and the background sending module is used for sending the encrypted verification result to the third-party data platform so as to enable the third-party data platform to send the encrypted verification result to the terminal, the encrypted verification result is used for enabling the terminal to send the encrypted wind control parameters to the third-party data platform again when the verification result obtained by decryption does not meet the preset condition, and data transmission is carried out between the terminal and the third-party data platform when the verification result obtained by decryption meets the preset condition.

9. A data transmission system, comprising:

the terminal is used for sending the service parameters and the encrypted wind control parameters to a third-party data platform, receiving an encrypted verification result which is received by the third-party data platform from a verification background and returned based on the encrypted wind control parameters, decrypting the encrypted verification result, and determining that the third-party data platform is accessed to the verification background if the encrypted verification result is decrypted successfully; if the verification result obtained after the encrypted verification result is decrypted does not meet the preset condition, executing a step corresponding to the verification result according to the verification result obtained after the decryption, and switching to a step of sending the service parameter and the encrypted wind control parameter to the third-party data platform; if the verification result obtained after the encrypted verification result is decrypted meets the preset condition, data transmission is carried out between the verification result and the third-party data platform based on the service parameters;

the third-party data platform is used for receiving the service parameters and the encrypted wind control parameters sent by the terminal, sending the encrypted wind control parameters to the verification background, receiving the encrypted verification result returned by the verification background based on the encrypted wind control parameters, and sending the encrypted verification result to the terminal to perform data transmission with the terminal based on the service parameters;

the verification background is used for receiving the encrypted wind control parameters sent by the third-party data platform, decrypting the encrypted wind control parameters, verifying the decrypted wind control parameters to obtain the verification result, encrypting the verification result to obtain the encrypted verification result, and returning the encrypted verification result to the third-party data platform.

10. A computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method of any of claims 1-4 above.

11. An electronic device, comprising:

a processor;

a memory having stored thereon computer readable instructions which, when executed by the processor, implement the method of any of claims 1-4.