CN113438210B - Data transmission processing method and device and electronic equipment - Google Patents
Data transmission processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN113438210B CN113438210B CN202110626280.7A CN202110626280A CN113438210B CN 113438210 B CN113438210 B CN 113438210B CN 202110626280 A CN202110626280 A CN 202110626280A CN 113438210 B CN113438210 B CN 113438210B
- Authority
- CN
- China
- Prior art keywords
- content
- information
- encrypted
- hash
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The embodiment of the specification provides a data transmission processing method, a sender performs hash processing on first content to be sent to obtain content hash, asymmetric encryption is performed on the content hash information by using a public key of a receiver to obtain first-encrypted content hash information, the first content is symmetrically encrypted by using the first content hash information, the first-encrypted content hash information is secondarily encrypted by using a public key of the receiver, the secondary-encrypted content hash information is signed by using a private key of the sender, only the receiver can restore a symmetric key by using the private key of the receiver, the confidentiality of the content to be sent is ensured, and the efficiency is high because the symmetric encryption is adopted in an encryption process of the first content. And finally, the encrypted first content, the signing result and the twice encrypted content hash information are sent to a receiving party, and the receiving party only needs to decrypt the twice encrypted content hash to obtain the hash value of the content, so that the hash value can be compared with the hash value of the decrypted first content, and the correctness and the integrity of the first content are verified.
Description
Technical Field
The present application relates to the field of internet, and in particular, to a data transmission processing method and apparatus, and an electronic device.
Background
When communication is performed between execution entities in the internet, data transmission is often required. For confidential and private data, encryption protection is required to prevent data and information from being leaked. Therefore, a symmetric encryption and decryption algorithm appears in the industry at first, and the currently common algorithm is asymmetric encryption and decryption, and the specific mode is that a sender encrypts content to be transmitted by using a public key of a receiver, and the receiver decrypts the content by using a private key in an asymmetric mode to restore the original content.
However, this method has low processing efficiency, and it is necessary to provide an efficient transmission processing method.
The analysis of the prior art shows that asymmetric encryption is often used in the industry because, although the symmetric encryption and decryption algorithm has lower efficiency than the asymmetric encryption and decryption algorithm, the symmetric encryption and decryption algorithm easily leaks a secret key in a channel transmission process, and has poor confidentiality, and for the sake of confidentiality, the asymmetric encryption is used.
Disclosure of Invention
The embodiment of the specification provides a data transmission processing method and device and electronic equipment, and is used for improving data processing efficiency.
An embodiment of the present specification provides a data transmission processing method, including:
a sender performs hash processing on first content to be sent to obtain content hash information, asymmetric encryption is performed on the content hash information by using a public key of a receiver to obtain first-time encrypted content hash information, and the first content is symmetrically encrypted by using the first-time encrypted content hash information to obtain encrypted first content;
performing secondary encryption on the primary encrypted content hash information by using the public key of the receiver to obtain secondary encrypted content hash information, and signing the secondary encrypted content hash information by using the private key of the sender;
and sending the encrypted first content, the signing result and the twice encrypted content hash information to the receiver.
Optionally, the method further comprises:
the sender and the receiver respectively generate an asymmetric key pair and acquire a public key of the other party.
Optionally, the method further comprises:
and constructing a password manager, wherein the password manager generates a key value pair generation data table by taking the content hash information as a key name and the secondarily encrypted content hash information as a key value.
Optionally, the method further comprises:
and respectively generating description information for each key value pair in the data table.
Optionally, the hash processing on the first content to be sent by the sender includes:
and setting a hash rule according to the key name attribute information, and performing hash processing on the first content to be sent according to the set hash rule.
Optionally, the method further comprises:
and constructing a data management system with a plurality of nodes, wherein the nodes comprise a plurality of node sender nodes and a plurality of node receiver nodes, and the nodes are communicated through a network channel.
Optionally, the method further comprises:
the receiver acquires the content to be decrypted, the signing result and the secondary encrypted content hash information of the sender, uses the public key of the sender to sign off the signing result to obtain the signing off result information, and compares the signing off result information with the secondary encrypted content hash information to verify the authenticity of the identity of the sender of the signing off result;
carrying out first asymmetric decryption on the information of the result of the de-signing by using a private key of a receiving party; symmetrically decrypting the content to be decrypted by taking the primary decryption result information as a secret key to restore the content information, and secondarily decrypting the primary decryption result information by using a private key of a receiving party to obtain secondary decryption result information;
and carrying out Hash processing on the restored content information, comparing the Hash processing with the secondary decryption result information, verifying the restored content information, and judging whether the restored content information is the first content provided by the sender.
Optionally, the verifying the authenticity of the sender identity of the signing result according to the signing result information includes:
and comparing the information of the label-removing result with the hash information of the secondarily encrypted content, and if the information of the label-adding result is consistent with the hash information of the secondarily encrypted content, judging that the identity of a sender of the label-adding result is true.
Optionally, the method further comprises:
and after the restored content information is verified, sending response information to the sender.
An embodiment of this specification further provides a data transmission processing apparatus, including:
the encryption module is used for carrying out Hash processing on first content to be sent by a sender to obtain content Hash information, carrying out asymmetric encryption on the content Hash information by using a public key of a receiver to obtain first-time encrypted content Hash information, and carrying out symmetric encryption on the first content by using the first-time encrypted content Hash information to obtain encrypted first content;
performing secondary encryption on the primary encrypted content hash information by using the public key of the receiver to obtain secondary encrypted content hash information;
the signing module is used for signing the secondarily encrypted content hash information by utilizing a private key of the sender;
and the transmission module is used for sending the encrypted first content, the signing result and the secondary encrypted content hash information to the receiving party.
An embodiment of the present specification further provides an electronic device, where the electronic device includes:
a processor; and (c) a second step of,
a memory storing computer executable instructions that, when executed, cause the processor to perform any of the methods described above.
The present specification also provides a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement any of the above methods.
In the various technical schemes provided by the embodiment of the specification, the sender performs hash processing on first content to be sent to obtain content hash, the public key of the receiver is used for performing asymmetric encryption on the content hash information to obtain first-encrypted content hash information, the first content hash information is symmetrically encrypted by using the first content hash information, the public key of the receiver is used for performing secondary encryption on the first-encrypted content hash information, the private key of the sender is used for signing the second-encrypted content hash information, only the receiver can recover the symmetric key by using the private key of the receiver, the secrecy of the content to be sent is ensured, and the efficiency is high because the symmetric encryption is adopted in the encryption process of the first content. And finally, the encrypted first content, the signing result and the twice encrypted content hash information are sent to a receiving party, and the receiving party only needs to decrypt the twice encrypted content hash to obtain the hash value of the content, so that the hash value can be compared with the hash value of the decrypted first content, and the correctness and the integrity of the first content are verified.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a data transmission processing method provided in an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a data transmission processing apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
Detailed Description
Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.
Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.
In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.
The flowcharts shown in the figures are illustrative only and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of a data transmission processing method provided in an embodiment of the present specification, where the method may include:
s101: the method comprises the steps that a sender carries out Hash processing on first content to be sent to obtain content Hash information, asymmetric encryption is carried out on the content Hash information by using a public key of a receiver to obtain first-time encrypted content Hash information, and the first content is symmetrically encrypted by using the first-time encrypted content Hash information to obtain encrypted first content.
The method can be applied to a multi-node system to perform point-to-point data transmission.
To this end, in an embodiment of the present specification, the method may include:
and constructing a data management system with a plurality of nodes, wherein the nodes comprise a plurality of node sender nodes and a plurality of node receiver nodes, and the nodes are communicated through a network channel.
For the convenience of distinguishing, the content to be sent by the sender is referred to as the first content.
The first content may be in the form of text, images, instructions, etc., which are not specifically set forth or limited herein.
In the embodiment of the specification, all users can generate an asymmetric secret key pair (comprising a public key and a private key) and distribute the public key, so that asymmetric encryption and decryption processes can be realized, and the confidentiality is high because the private key does not need to be transmitted in a channel.
In the embodiment of the present specification, the method further includes:
the sender and the receiver respectively generate an asymmetric key pair and acquire a public key of the other party.
In this embodiment of the present specification, the performing, by the sender, hash processing on a first content to be sent includes:
and setting a hash rule according to the key name attribute information, and carrying out hash processing on the first content to be sent according to the set hash rule.
In consideration of the fact that in actual application, in order to enable a receiving party to judge whether certain content information acquired by the receiving party is one sent by a sending party, the content information is often required to be verified, and in order to avoid disclosing the content, the verification can be performed by using a hash comparison method, the first content is subjected to hash processing to obtain content hash information, which is equivalent to generating an identity certificate of the first content, or called a digital digest, and due to the irreversibility of the hash processing, the content hash information does not reveal the confidentiality of the first content, and the confidentiality is high.
For the content hash information, the symmetric key can be generated by using the content hash information, so that the data volume can be reduced and the transmission processing efficiency can be improved when the content hash information is transmitted and stored.
In order to prevent the symmetric key from being obtained or calculated by an unexpected node of the receiving party, the public key of the receiving party can be used to perform asymmetric encryption on the content hash information to obtain first-encrypted content hash information, and the first-encrypted content hash information is used as the symmetric key for encrypting the content.
After the symmetric key is obtained, the first content can be symmetrically encrypted by using the symmetric key to obtain the encrypted first content.
S102: and carrying out secondary encryption on the primary encrypted content hash information by using the public key of the receiver to obtain secondary encrypted content hash information, and signing the secondary encrypted content hash information by using the private key of the sender.
Since the first encrypted content hash is used as a symmetric key, it should be avoided that nodes other than the receiving party obtain and recover the symmetric key. Therefore, we encrypt the first encrypted content hash twice using the public key of the receiver.
In order to enable the receiver to verify whether the encrypted first content is actually sent by the sender and not forged by other nodes, the sender signs the encrypted first content by using a private key, so that the receiver compares the content before signing after carrying out the signature breaking on the encrypted first content, and if the content before signing is always shown to be actually sent by the sender.
Here, it is to be noted that, for an asymmetric key pair (a private key and a public key), after data a is processed by the private key, a is obtained, then a can be obtained by processing a by the public key, and similarly, after data a is processed by the public key, a can be obtained, then a can also be obtained by processing a by the private key, and an asymmetric encryption and decryption algorithm belongs to the prior art and is not specifically described herein.
S103: and sending the encrypted first content, the signing result and the twice encrypted content hash information to the receiver.
The method includes the steps that a sender conducts Hash processing on first content to be sent to obtain content Hash, asymmetric encryption is conducted on content Hash information through a public key of a receiver to obtain first-time-encrypted content Hash information, the first content is symmetrically encrypted through the first content Hash information, the first-time-encrypted content Hash information is secondarily encrypted through the public key of the receiver, the sender private key is used for signing the second-time-encrypted content Hash information, only the receiver can restore a symmetric key through the private key of the receiver, the secrecy of the content to be sent is guaranteed, and the efficiency is high due to the fact that symmetric encryption is adopted in the encryption process of the first content. And finally, the encrypted first content, the signing result and the secondarily encrypted content hash information are sent to a receiver, and the receiver only needs to decrypt the secondarily encrypted content hash twice to obtain the hash value of the content, so that the hash value can be compared with the hash value of the decrypted first content, and the correctness and the integrity of the first content are verified.
In the embodiment of this specification, still include:
and constructing a password manager, wherein the password manager generates a key value pair generation data table by taking the content hash information as a key name and the secondarily encrypted content hash information as a key value.
In a specific implementation, this may mean that information such as the encrypted symmetric key, the encrypted first content, and the public key may be hosted by the third party data platform.
In the embodiment of this specification, still include:
and respectively generating description information for each key value pair in the data table.
In this way, the index can be made with the keywords in the description information.
For the receiving party, the efficient decryption can be realized in a symmetric decryption mode, and particularly, the effect is more obvious when the amount of the encrypted content data is large.
Specifically, in this embodiment of the present specification, the processing procedure of the data by the receiving side may include:
firstly, a receiver acquires content to be decrypted, a signing result and secondary encrypted content hash information of a sender, and the public key of the sender is used for carrying out signing release on the signing result to obtain signing release result information.
And then, comparing the information of the label-removing result with the Hash information of the secondarily encrypted content to verify the authenticity of the identity of the sender of the label-adding result.
Then, the private key of the receiver is used for carrying out first asymmetric decryption on the information of the result of the decryption; symmetrically decrypting the content to be decrypted by taking the primary decryption result information as a secret key to restore the content information, and secondarily decrypting the primary decryption result information by using a private key of a receiving party to obtain secondary decryption result information;
and finally, carrying out Hash processing on the restored content information, comparing the Hash processing with the secondary decryption result information, verifying the restored content information, and judging whether the content information is the first content provided by the sender.
Wherein, the verifying the authenticity of the sender identity of the signing result according to the signing result information comprises the following steps:
and comparing the information of the label-removing result with the hash information of the secondarily encrypted content, and if the information of the label-adding result is consistent with the hash information of the secondarily encrypted content, judging that the identity of a sender of the label-adding result is true.
The second decryption is the second decryption rather than the first decryption, and similarly, the second encryption is the second encryption and the second encryption.
In the embodiment of the present specification, the method may further include:
and after the restored content information is verified, sending response information to the sender.
As an example, the content to be transmitted is a, the public key of the sender is S, the private key is S, the public key of the receiver is R, and the private key is R.
Firstly, a sender carries out Hash processing on A to obtain hash (A), then encrypts the hash (A) by using R to obtain Rhesh (A), then carries out symmetric encryption on the A by using the Rhesh (A) to obtain Am, then encrypts the Rhesh (A) by using R to obtain RRhash (A), and finally carries out signature adding on the RRhash (A) by using s to obtain sRRhash (A). Then Am, sRRhash (a) and RRhash (a) are sent to the recipient.
The encrypted content Cm to be verified, the proof of the key sRRhash (A) and the key RRhash (C) to be verified are obtained by the receiving party.
And (3) carrying out the label release on the sRRhash (A) by utilizing the S to obtain a result, comparing the result with the RRhash (C), and if the comparison is consistent, determining that the result is that the RRhash (C) is actually the RRhash (A) generated by the specific sender at that time, thus proving that the current sender is indeed the sender corresponding to the public key S.
Then, the receiver decrypts the RRhash (A) for the first time by using r, the obtained result is the symmetric key Rhash (A), then the Cm is decrypted by using the symmetric key Rhash (A), C is restored, in order to verify whether the C is the data content encrypted by the sender at that time, the C is subjected to hash processing and is compared with the hash (A), and if the comparison is consistent, the C is A, so that the data verification result is obtained.
Fig. 2 is a schematic structural diagram of a data transmission processing apparatus provided in an embodiment of this specification, where the apparatus may include:
the encryption module 201, a sender performs hash processing on a first content to be sent to obtain content hash information, performs asymmetric encryption on the content hash information by using a public key of a receiver to obtain first encrypted content hash information, and performs symmetric encryption on the first content by using the first encrypted content hash information to obtain encrypted first content;
performing secondary encryption on the primary encrypted content hash information by using the public key of the receiver to obtain secondary encrypted content hash information;
the signing module 202 is used for signing the secondarily encrypted content hash information by using a private key of a sender;
the transmission module 203 sends the encrypted first content, the signing result and the twice encrypted content hash information to the receiving party.
Optionally, the method further comprises:
the sender and the receiver respectively generate an asymmetric key pair and acquire a public key of the other party.
Optionally, the method further comprises:
and constructing a password manager, wherein the password manager generates a key value pair generation data table by taking the content hash information as a key name and the secondarily encrypted content hash information as a key value.
Optionally, the method further comprises:
and respectively generating description information for each key value pair in the data table.
Optionally, the hash processing on the first content to be sent by the sender includes:
and setting a hash rule according to the key name attribute information, and carrying out hash processing on the first content to be sent according to the set hash rule.
Optionally, the method further comprises:
and constructing a data management system with a plurality of nodes, wherein the nodes comprise a plurality of node sender nodes and a plurality of node receiver nodes, and the nodes are communicated through a network channel.
Optionally, the apparatus may further have a receiving module, configured to obtain, by the receiving party, the content to be decrypted, the signing result, and the twice-encrypted content hash information of the sending party;
the label-releasing module is used for releasing the label of the label-adding result by using a public key of the sender to obtain label-releasing result information;
the verification module is used for comparing the label-removing result information with the twice-encrypted content Hash information to verify the authenticity of the sender identity of the label-adding result;
the decryption module is used for carrying out first asymmetric decryption on the decryption result information by using a private key of a receiving party, carrying out symmetric decryption on the content to be decrypted by using the first decryption result information as a secret key, restoring content information, and carrying out secondary decryption on the first decryption result information by using the private key of the receiving party to obtain secondary decryption result information;
the verification module can also be used for carrying out Hash processing on the restored content information, comparing the Hash processing with the secondary decryption result information, verifying the restored content information and judging whether the restored content information is the first content provided by the sender.
It should be noted that the scheme implements a one-person-key and one-data-encryption principle, and the private key of each business party is only stored or used by the private key of the business party.
Optionally, the verifying the authenticity of the sender identity of the signing result according to the signing result information includes:
and comparing the information of the label-removing result with the hash information of the secondarily encrypted content, and if the information of the label-adding result is consistent with the hash information of the secondarily encrypted content, judging that the identity of a sender of the label-adding result is true.
Optionally, the method further comprises:
and after the restored content information is verified, sending response information to the sender.
The device sender carries out Hash processing on first content to be sent to obtain content Hash, asymmetric encryption is carried out on content Hash information by utilizing a public key of a receiver to obtain first-time encrypted content Hash information, the first content is symmetrically encrypted by utilizing the first-time encrypted content Hash information, secondary encryption is carried out on the first-time encrypted content Hash information by utilizing a public key of the receiver, the second-time encrypted content Hash information is signed by utilizing a private key of the sender, a symmetric key can be restored only by the receiver by utilizing the private key of the receiver, the secrecy of the content to be sent is ensured, and the efficiency is high because the symmetric encryption is adopted in the encryption process of the first content. And finally, the encrypted first content, the signing result and the secondarily encrypted content hash information are sent to a receiver, and the receiver only needs to decrypt the secondarily encrypted content hash twice to obtain the hash value of the content, so that the hash value can be compared with the hash value of the decrypted first content, and the correctness and the integrity of the first content are verified.
Based on the same inventive concept, the embodiment of the specification further provides the electronic equipment.
In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details not disclosed in the embodiments of the electronic device of the present invention, reference may be made to the above-described embodiments of the method or apparatus.
Fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure. An electronic device 300 according to this embodiment of the invention is described below with reference to fig. 3. The electronic device 300 shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 3, electronic device 300 is in the form of a general purpose computing device. The components of electronic device 300 may include, but are not limited to: at least one processing unit 310, at least one memory unit 320, a bus 330 connecting the various system components (including the memory unit 320 and the processing unit 310), a display unit 340, and the like.
Wherein the storage unit stores program code executable by the processing unit 310 to cause the processing unit 310 to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned processing method section of the present specification. For example, the processing unit 310 may perform the steps shown in fig. 1.
The storage unit 320 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM) 3201 and/or a cache storage unit 3202, and may further include a read only memory unit (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 300, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 300 to communicate with one or more other computing devices. Such communication may occur through input/output (I/O) interface 350. Also, the electronic device 300 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 360. Network adapter 360 may communicate with other modules of electronic device 300 via bus 330. It should be appreciated that although not shown in FIG. 3, other hardware and/or software modules may be used in conjunction with electronic device 300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAI D systems, tape drives, and data backup storage systems, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: such as the method shown in fig. 1.
Fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
A computer program implementing the method shown in fig. 1 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on a computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
While the foregoing detailed description has described in detail certain embodiments of the invention with reference to certain specific aspects, embodiments and advantages thereof, it should be understood that the invention is not limited to any particular computer, virtual machine, or electronic device, as various general purpose machines may implement the invention. The present invention is not limited to the above embodiments, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (12)
1. A data transmission processing method, comprising:
a sender performs hash processing on first content to be sent to obtain content hash information, asymmetric encryption is performed on the content hash information by using a public key of a receiver to obtain first-time encrypted content hash information, and the first content is symmetrically encrypted by using the first-time encrypted content hash information to obtain encrypted first content;
carrying out secondary encryption on the primary encrypted content hash information by using the public key of the receiver to obtain secondary encrypted content hash information, and signing the secondary encrypted content hash information by using the private key of the sender;
and sending the encrypted first content, the signing result and the secondarily encrypted content hash information to the receiving party.
2. The method of claim 1, further comprising:
the sender and the receiver respectively generate an asymmetric key pair and acquire a public key of the other party.
3. The method of claim 1, further comprising:
and constructing a password manager, wherein the password manager generates a key value pair generation data table by taking the content hash information as a key name and the secondarily encrypted content hash information as a key value.
4. The method of claim 3, further comprising:
and respectively generating description information for each key value pair in the data table.
5. The method according to claim 3, wherein the hashing the first content to be sent by the sender comprises:
and setting a hash rule according to the key name attribute information, and carrying out hash processing on the first content to be sent according to the set hash rule.
6. The method of claim 1, further comprising:
and constructing a data management system with a plurality of nodes, wherein the nodes comprise a plurality of node sender nodes and a plurality of node receiver nodes, and the nodes are communicated through a network channel.
7. The method of claim 1, further comprising:
the receiver acquires the content to be decrypted, the signing result and the secondary encrypted content hash information of the sender, uses the public key of the sender to perform the signing release on the signing result to obtain the signing release result information, and compares the signing release result information with the secondary encrypted content hash information to verify the authenticity of the identity of the sender of the signing result;
carrying out first asymmetric decryption on the information of the result of the de-signing by using a private key of a receiving party; symmetrically decrypting the content to be decrypted by taking the first decryption result information as a key to restore the content information, and secondarily decrypting the first decryption result information by using a private key of a receiving party to obtain secondary decryption result information;
and carrying out Hash processing on the restored content information, comparing the Hash processing with the secondary decryption result information, verifying the restored content information, and judging whether the restored content information is the first content provided by the sender.
8. The method as claimed in claim 7, wherein the comparing the de-signing result information with the twice-encrypted content hash information verifies whether the sender identity of the signing result is true or false, comprising:
and if the signature removal result information is consistent with the twice-encrypted content hash information, judging that the identity of a sender of the signature adding result is true.
9. The method of claim 7, further comprising:
and after the restored content information is verified, sending response information to the sender.
10. A data transmission processing apparatus, comprising:
the encryption module is used for carrying out Hash processing on first content to be sent by a sender to obtain content Hash information, carrying out asymmetric encryption on the content Hash information by using a public key of a receiver to obtain first-time encrypted content Hash information, and carrying out symmetric encryption on the first content by using the first-time encrypted content Hash information to obtain encrypted first content;
carrying out secondary encryption on the content hash information which is encrypted for the first time by using the public key of the receiver to obtain the content hash information which is encrypted for the second time;
the signing module is used for signing the secondarily encrypted content hash information by using a private key of a sender;
and the transmission module is used for sending the encrypted first content, the signing result and the secondary encrypted content hash information to the receiving party.
11. An electronic device, wherein the electronic device comprises:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-9.
12. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110626280.7A CN113438210B (en) | 2021-06-04 | 2021-06-04 | Data transmission processing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110626280.7A CN113438210B (en) | 2021-06-04 | 2021-06-04 | Data transmission processing method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113438210A CN113438210A (en) | 2021-09-24 |
| CN113438210B true CN113438210B (en) | 2023-04-07 |
Family
ID=77804019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110626280.7A Active CN113438210B (en) | 2021-06-04 | 2021-06-04 | Data transmission processing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113438210B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113794560A (en) * | 2021-11-05 | 2021-12-14 | 深邦智能科技(青岛)有限公司 | Super instrument data transmission encryption method and system |
| CN115174261A (en) * | 2022-08-02 | 2022-10-11 | 黄博暄 | Mixed encryption and decryption system and method based on hierarchical layer and secret-medium secret distribution |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014086166A1 (en) * | 2012-12-03 | 2014-06-12 | 厦门市美亚柏科信息股份有限公司 | Method and system for preventively preserving electronic data |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6983365B1 (en) * | 2000-05-05 | 2006-01-03 | Microsoft Corporation | Encryption systems and methods for identifying and coalescing identical objects encrypted with different keys |
| US7062490B2 (en) * | 2001-03-26 | 2006-06-13 | Microsoft Corporation | Serverless distributed file system |
| AU2004319170B2 (en) * | 2004-05-03 | 2008-05-01 | Blackberry Limited | System and method for generating reproducible session keys |
| WO2013097027A1 (en) * | 2011-12-28 | 2013-07-04 | Certicom Corp. | Generating digital signatures |
| CN105281909A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism |
-
2021
- 2021-06-04 CN CN202110626280.7A patent/CN113438210B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014086166A1 (en) * | 2012-12-03 | 2014-06-12 | 厦门市美亚柏科信息股份有限公司 | Method and system for preventively preserving electronic data |
Non-Patent Citations (1)
| Title |
|---|
| 浅谈数字签名与数字证书;杨文清;《计算机产品与流通》(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113438210A (en) | 2021-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371549B (en) | Message data transmission method, device and system | |
| US9800416B2 (en) | Distributed validation of digitally signed electronic documents | |
| US11930103B2 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| CN102577229B (en) | Key certification in one round trip | |
| US20130028419A1 (en) | System and a method for use in a symmetric key cryptographic communications | |
| CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
| CN113162752B (en) | Data processing method and device based on hybrid homomorphic encryption | |
| CN113438210B (en) | Data transmission processing method and device and electronic equipment | |
| WO2021103802A1 (en) | Methods and apparatuses for encrypting and decrypting data, storage medium and encrypted file | |
| US7894608B2 (en) | Secure approach to send data from one system to another | |
| CN114697040A (en) | Electronic signature method and system based on symmetric key | |
| CN112564906A (en) | Block chain-based data security interaction method and system | |
| JP2023533319A (en) | FIRMWARE DATA VERIFICATION APPARATUS AND METHOD AND FIRMWARE UPDATE APPARATUS, METHOD AND SYSTEM | |
| Kasodhan et al. | A new approach of digital signature verification based on BioGamal algorithm | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| CN103916237A (en) | Method and system for managing user encrypted-key retrieval | |
| Adokshaja et al. | Third party public auditing on cloud storage using the cryptographic algorithm | |
| US20210111906A1 (en) | Pseudonym credential configuration method and apparatus | |
| Bojanova et al. | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) | |
| CN114793220B (en) | Instant message communication method, device, program, medium, and apparatus | |
| CN113364762B (en) | Login authentication method, system, equipment and storage medium based on hybrid encryption | |
| CN113064761B (en) | Data recovery method, server, encryption device, terminal and medium | |
| CN110955883B (en) | Method, device, equipment and storage medium for generating user key | |
| CN114143026B (en) | Data security interface based on asymmetric and symmetric encryption and working method thereof | |
| CN113014375B (en) | Cross-organization processing method, related device and medium for network threat information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |