CN114417369A - File transmission method and device, electronic equipment and computer readable medium - Google Patents

File transmission method and device, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN114417369A
CN114417369A CN202111590677.1A CN202111590677A CN114417369A CN 114417369 A CN114417369 A CN 114417369A CN 202111590677 A CN202111590677 A CN 202111590677A CN 114417369 A CN114417369 A CN 114417369A
Authority
CN
China
Prior art keywords
key
secret key
file
ciphertext
symmetric
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111590677.1A
Other languages
Chinese (zh)
Inventor
王振生
陈大平
程明远
樊广源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202111590677.1A priority Critical patent/CN114417369A/en
Publication of CN114417369A publication Critical patent/CN114417369A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file transmission method, a file transmission device, electronic equipment and a computer readable medium, and relates to the technical field of big data privacy protection. One embodiment of the method comprises: receiving a secret key acquisition request sent by a user side; generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric key; encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext; sending the first secret key ciphertext to the user side; sending a key acquisition request to the user side; receiving a second secret key ciphertext returned by the user side; and decrypting the second secret key ciphertext to obtain a second SM2 public key. The implementation mode can solve the technical problem that the safety requirement between the user system and the bank system cannot be met.

Description

File transmission method and device, electronic equipment and computer readable medium
Technical Field
The invention relates to the technical field of big data privacy protection, in particular to a file transmission method, a file transmission device, electronic equipment and a computer readable medium.
Background
With the rapid development of the internet, an original bank-enterprise non-direct connection cooperation mode, such as a business process of using an online banking system B/S mode of a bank or performing manual landing and docking processing with an enterprise financial system after performing enterprise financial processing through bank outlets, will cause inconsistent enterprise business processing, low work efficiency, and risk in ensuring the financial consistency between the bank system and the enterprise financial system.
Meanwhile, the bank-enterprise direct connection system provides uninterrupted bank service for users by utilizing a mature encryption technology, and realizes 7-24 continuity and accounting consistency of business operation of enterprise ERP or financial systems.
However, the existing bank-enterprise direct connection system directly pushes data, and lacks security measures in aspects of identity authentication, security encryption, digital signature and the like, so that the security requirement between a user system and a bank system cannot be met.
Disclosure of Invention
In view of this, embodiments of the present invention provide a file transmission method, an apparatus, an electronic device, and a computer-readable medium, so as to solve the technical problem that the security requirement between a user system and a bank system cannot be met.
In order to achieve the above object, according to an aspect of the embodiments of the present invention, there is provided a file transmission method applied to a bank end, including:
receiving a secret key acquisition request sent by a user side;
generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric key;
encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext;
sending the first secret key ciphertext to the user side;
sending a key acquisition request to the user side;
receiving a second secret key ciphertext returned by the user side;
and decrypting the second secret key ciphertext to obtain a second SM2 public key.
Optionally, encrypting the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext includes:
assembling a first encryption parameter according to the user identifier of the user side and a preset parameter;
and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext.
Optionally, decrypting the second secret key ciphertext to obtain a second SM2 public key, including:
assembling a first decryption parameter according to the user identification and the preset parameter of the bank end;
and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key.
Optionally, after the decrypting the second secret key ciphertext to obtain the second SM2 public key, the method further includes:
receiving a file acquisition request sent by a user side;
performing signature verification and decryption on the file acquisition request to obtain information of the file to be transmitted;
encrypting the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext;
performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature;
and sending the file signature to the user side.
Optionally, the verifying and decrypting the file obtaining request includes:
adopting a second SM2 public key to check the file acquisition request;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted.
In addition, according to another aspect of the embodiments of the present invention, there is provided a file transmission method, applied to a user side, including:
sending a secret key acquisition request to a bank end;
receiving a first secret key ciphertext returned by the bank end;
decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key;
receiving a secret key acquisition request sent by the bank end;
generating a second SM2 public key and its corresponding second SM2 private key;
encrypting the second SM2 public key to obtain a second secret key ciphertext;
and sending the second secret key ciphertext to the bank end.
Optionally, decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric key, includes:
assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter;
and decrypting the first secret key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric secret key.
Optionally, encrypting the second SM2 public key to obtain a second secret key ciphertext, where the encrypting includes:
assembling a second encryption parameter according to the user identification and the preset parameter of the bank end;
and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext.
Optionally, after the decrypting the first secret key ciphertext to obtain the first SM2 public key and the SM4 symmetric key, the method further includes:
generating a message according to the information of the file to be transmitted;
encrypting the message by using the second SM2 private key to obtain a message ciphertext;
performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature;
and sending a file acquisition request to the bank terminal, wherein the file acquisition request carries the message signature.
Optionally, after sending the file obtaining request to the bank end, the method further includes:
receiving a file signature returned by the bank end;
verifying the file signature by using the first SM2 public key;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the file.
In addition, according to another aspect of the embodiments of the present invention, there is provided a file transfer apparatus, disposed at a bank end, including:
the first receiving module is used for receiving a secret key obtaining request sent by a user side; receiving a second secret key ciphertext returned by the user side;
the first secret key module is used for generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric secret key;
the first encryption module is configured to encrypt the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext;
the first sending module is used for sending the first secret key ciphertext to the user side; sending a key acquisition request to the user side;
and the first decryption module is used for decrypting the second secret key ciphertext to obtain a second SM2 public key.
Optionally, the first encryption module is further configured to:
assembling a first encryption parameter according to the user identifier of the user side and a preset parameter;
and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext.
Optionally, the first decryption module is further configured to:
assembling a first decryption parameter according to the user identification and the preset parameter of the bank end;
and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key.
Optionally, the first receiving module is further configured to receive a file obtaining request sent by a user side;
the first decryption module is further used for carrying out signature verification and decryption on the file acquisition request to obtain information of the file to be transmitted;
the first encryption module is further configured to encrypt the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext; performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature;
the first sending module is further configured to send the file signature to the user side.
Optionally, the first decryption module is further configured to:
adopting a second SM2 public key to check the file acquisition request;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted.
In addition, according to another aspect of the embodiments of the present invention, there is provided a file transmission device, disposed at a user side, including:
the second sending module is used for sending a secret key obtaining request to the bank end; sending the second secret key ciphertext to the bank end;
the second receiving module is used for receiving a first secret key ciphertext returned by the bank end; receiving a secret key acquisition request sent by the bank end;
the second decryption module is used for decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key;
the second secret key module is used for generating a second SM2 public key and a corresponding second SM2 private key;
and the second encryption module is used for encrypting the second SM2 public key to obtain a second secret key ciphertext.
Optionally, the second decryption module is further configured to:
assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter;
and decrypting the first secret key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric secret key.
Optionally, the second encryption module is further configured to:
assembling a second encryption parameter according to the user identification and the preset parameter of the bank end;
and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext.
Optionally, the second encryption module is further configured to: generating a message according to the information of the file to be transmitted; encrypting the message by using the second SM2 private key to obtain a message ciphertext; performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature;
the second sending module is further configured to send a file obtaining request to the bank end, where the file obtaining request carries the message signature.
Optionally, the second receiving module is further configured to receive a file signature returned by the bank end;
the second decryption module is further configured to: verifying the file signature by using the first SM2 public key; and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the file.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method of any of the embodiments described above.
According to another aspect of the embodiments of the present invention, there is also provided a computer readable medium, on which a computer program is stored, which when executed by a processor implements the method of any of the above embodiments.
According to another aspect of the embodiments of the present invention, there is also provided a computer program product comprising a computer program which, when executed by a processor, implements the method of any of the above embodiments.
One embodiment of the above invention has the following advantages or benefits: because the technical means of generating the first SM2 public key, the corresponding first SM2 private key and the SM4 symmetric secret key, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain the first secret key ciphertext and then sending the first secret key ciphertext to the user side is adopted, the technical problem that the safety requirement between a user system and a bank system cannot be met in the prior art is solved. On the basis of the bank-enterprise direct connection system, the bank base provides security requirements of identity authentication security, security encryption, digital signature and the like for the user based on SM4 symmetric encryption and decryption and SM2 digital signature algorithm, and the security requirements between the user system and the bank system are met.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic view of a main flow of a file transfer method according to a first embodiment of the present invention;
fig. 2 is a schematic diagram of key interaction between a bank end and a user end according to the present invention;
fig. 3 is a schematic view of a main flow of a file transfer method according to a second embodiment of the present invention;
fig. 4 is a schematic view of a main flow of a file transfer method according to a fourth embodiment of the present invention;
fig. 5 is a schematic view of a main flow of a file transfer method according to a fifth embodiment of the present invention;
fig. 6 is a schematic diagram of the main modules of a document transporting apparatus according to a first embodiment of the present invention;
fig. 7 is a schematic diagram of main modules of a document transporting apparatus according to a second embodiment of the present invention;
FIG. 8 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 9 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
According to the technical scheme, the data acquisition, storage, use, processing and the like meet relevant regulations of national laws and regulations.
Fig. 1 is a schematic diagram of a main flow of a file transfer method according to a first embodiment of the present invention. As an embodiment of the present invention, as shown in fig. 1, the file transmission method is applied to a bank end, and may include:
step 101, receiving a key obtaining request sent by a user side.
In order to check and decrypt the data sent by the bank end, the user end needs to obtain the secret key from the bank end. Therefore, the user end sends the key acquisition request to the bank end, and the bank end receives the key acquisition request sent by the user end.
Step 102, generating a first SM2 public key and a corresponding first SM2 private key, and generating an SM4 symmetric key.
After receiving a key acquisition request sent by a user terminal, a bank terminal generates a first SM2 public key and a corresponding first SM2 private key, and an SM4 symmetric key.
The SM2 algorithm is called SM2 elliptic curve public key cryptographic algorithm, and comprises an SM2-1 elliptic curve digital signature algorithm, an SM2-2 elliptic curve key exchange protocol and an SM2-3 elliptic curve public key cryptographic algorithm, which are respectively used for realizing functions of digital signature key negotiation, data encryption and the like. The SM2 algorithm differs from the RSA algorithm in that the SM2 algorithm is based on the discrete logarithm problem of point clusters on an elliptic curve, and compared with the RSA algorithm, the SM2 cipher strength of 256 bits is already higher than that of 2048 bits.
The SM4 algorithm is called SM4 block symmetric cryptographic algorithm, and is used for realizing encryption/decryption operation of data to ensure confidentiality of data and information. The SM4 algorithm has the same key length packet length of 128 bits as the AES algorithm, and thus is higher in security than the 3DES algorithm.
Step 103, encrypting the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext.
In order to securely transmit the first SM2 public key and the SM4 symmetric key, the bank end needs to encrypt the generated first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext.
Optionally, step 103 may comprise: assembling a first encryption parameter according to the user identifier of the user side and a preset parameter; and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext. In the embodiment of the present invention, the user identifier and the parameter generation rule of the user side are agreed in advance by the bank side and the user side, so that the preset parameter can be generated according to the parameter generation rule agreed in advance, and the user identifier and the preset parameter of the user side are assembled into the first encryption parameter, and then the first SM2 public key and the SM4 symmetric secret key are encrypted by using a symmetric encryption algorithm (for example, DES algorithm) based on the generated first encryption parameter, so as to obtain the first secret key ciphertext.
It should be noted that the first SM2 public key and the SM4 symmetric key may be encrypted together, or the first SM2 public key and the SM4 symmetric key may be encrypted separately (the encryption methods are the same), and the embodiment of the present invention is not limited to this.
Step 104, sending the first secret key ciphertext to the user side.
As shown in fig. 2, the server sends the encrypted first secret key ciphertext to the user, and the user decrypts the first secret key ciphertext, so as to obtain the first SM2 public key and the SM4 symmetric secret key of the bank.
Step 105, sending a key obtaining request to the user side.
In order to check and decrypt the data sent by the user side, the bank side needs to obtain the secret key from the user side. Therefore, the bank end sends the key acquisition request to the user end, and the user end receives the key acquisition request sent by the bank end.
Step 106, receiving a second secret key ciphertext returned by the user side.
And the user side generates a second secret key ciphertext, then the second secret key ciphertext is returned to the bank side, and the bank side receives the second secret key ciphertext returned by the user side.
Step 107, decrypting the second secret key ciphertext to obtain a second SM2 public key.
In order to ensure the security of key transmission, the user terminal also encrypts the key, so that after receiving the second secret key ciphertext returned by the user terminal, the banking terminal needs to decrypt the second secret key ciphertext to obtain the second SM2 public key.
Optionally, step 107 may comprise: assembling a first decryption parameter according to the user identification and the preset parameter of the bank end; and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key. In the embodiment of the present invention, the user identifier and the parameter generation rule of the bank end are agreed in advance by the bank end and the user end, so that the preset parameter can be generated according to the parameter generation rule agreed in advance, so as to assemble the user identifier and the preset parameter of the bank end into the first decryption parameter, and then decrypt the second secret key ciphertext by using a symmetric encryption algorithm (such as DES algorithm) based on the generated first decryption parameter, so as to obtain the second SM2 public key, as shown in fig. 2.
According to the various embodiments described above, it can be seen that the technical problem that the security requirement between the user system and the bank system cannot be met in the prior art is solved by the technical means of generating the first SM2 public key, the corresponding first SM2 private key thereof and the SM4 symmetric key, then encrypting the first SM2 public key and the SM4 symmetric key to obtain the first secret key ciphertext, and then sending the first secret key ciphertext to the user side in the embodiments of the present invention. On the basis of the bank-enterprise direct connection system, the bank end provides identity authentication security for the user based on SM4 symmetric encryption and decryption and an SM2 digital signature algorithm, and the security requirement between the user system and the bank system is met.
Fig. 3 is a schematic diagram of a main flow of a file transfer method according to a second embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 3, the file transmission method applied to the bank end may include:
step 301, receiving a file acquisition request sent by a user side.
When the user terminal needs to acquire the file from the bank terminal, the file acquisition request can be sent to the bank terminal, and the bank terminal receives the file acquisition request sent by the user terminal.
And 302, checking and decrypting the file acquisition request to obtain the information of the file to be transmitted.
The bank side checks and decrypts the file acquisition request sent by the user side, so that information of the file to be transmitted, such as the name of the file to be transmitted, is obtained.
Optionally, step 302 may include: adopting a second SM2 public key to check the file acquisition request; and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted. The user side carries out digital signature on the file by adopting an SM2 algorithm and encrypts the message by adopting an SM4 algorithm, so that the bank side firstly adopts a second SM2 public key to check the signature of the file acquisition request sent by the user side, and if the signature passes, the SM4 symmetric secret key is adopted to decrypt the signature result to obtain the information of the file to be transmitted, such as the name of the file to be transmitted; if the verification label is not passed, the result that the verification label is not passed can be returned to the user side.
It should be noted that the bank side may also transmit the file to the user side book by using a push method, the user side subscribes to the related subject in advance, once the related file is generated, the file is the file to be transmitted, such as a receipt file, an account arrival notice, and the like, and the file may be transmitted to the user side by using an active push method.
And step 303, encrypting the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext.
In order to ensure the security of file transmission, the bank terminal encrypts the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext.
And step 304, performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature.
In order to perform identity authentication, the bank end needs to perform digital signature on the file ciphertext by using a first SM2 private key to obtain a file signature.
Step 305, sending the file signature to the user side.
And finally, the bank end sends the file signature to the user end.
Therefore, on the basis of the bank-enterprise direct connection system, the bank base provides security requirements of identity authentication security, security encryption, digital signature and the like for the user based on the SM4 symmetric encryption and decryption and the SM2 digital signature algorithm, and the security requirements between the user system and the bank system are met.
Fig. 4 is a schematic diagram of a main flow of a file transfer method according to a third embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 4, the file transmission method applied to the user side may include:
step 401, sending a key obtaining request to a bank end.
In order to check and decrypt the data sent by the bank end, the user end needs to obtain the secret key from the bank end. Therefore, the user end sends the key acquisition request to the bank end, and the bank end receives the key acquisition request sent by the user end.
Step 402, receiving a first secret key ciphertext returned by the bank end.
After receiving a secret key acquisition request sent by a user side, a bank side generates a first SM2 public key, a first SM2 private key corresponding to the public key and an SM4 symmetric secret key, encrypts the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext, and finally returns the first secret key ciphertext to the user side. And the user end receives the first secret key ciphertext returned by the cashier side.
Step 403, decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key.
And the user terminal decrypts the first secret key ciphertext returned by the bank terminal to obtain a first SM2 public key and an SM4 symmetric secret key. Optionally, step 403 may include: assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter; and decrypting the key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric key. In the embodiment of the present invention, the user identifier and the parameter generation rule of the user side are agreed in advance by the bank side and the user side, so that the preset parameter can be generated according to the parameter generation rule agreed in advance, and the user identifier and the preset parameter of the user side are assembled into the second decryption parameter, and then the first secret key ciphertext is decrypted based on the generated second decryption parameter and by using a symmetric encryption algorithm (for example, DES algorithm), so as to obtain the first SM2 public key and the SM4 symmetric secret key, as shown in fig. 2.
Step 404, receiving a key obtaining request sent by the bank end.
In order to check and decrypt the data sent by the user side, the bank side needs to obtain the secret key from the user side. Therefore, the bank end sends the key acquisition request to the user end, and the user end receives the key acquisition request sent by the bank end.
Step 405, generate a second SM2 public key and its corresponding second SM2 private key.
And after receiving the key acquisition request sent by the bank end, the user end generates a second SM2 public key and a corresponding second SM2 private key.
Step 406, encrypt the second SM2 public key to obtain a second secret key ciphertext.
In order to securely transmit the second SM2 public key, the user side needs to encrypt the generated second SM2 public key to obtain a second secret key ciphertext.
Optionally, step 406 may include: assembling a second encryption parameter according to the user identification and the preset parameter of the bank end; and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext. In the embodiment of the invention, the user identifier and the parameter generation rule of the bank end are agreed in advance by the bank end and the user end, so that the preset parameters can be generated according to the parameter generation rule agreed in advance, the user identifier and the preset parameters of the bank end are assembled into the second encryption parameter, and then the second SM2 public key is encrypted by adopting a symmetric encryption algorithm (such as a DES algorithm) based on the generated second encryption parameter to obtain the second secret cipher key.
Step 407, sending the second secret key ciphertext to the bank end.
As shown in fig. 2, the user side sends the encrypted second secret key ciphertext to the user side, and the bank side decrypts the second secret key ciphertext to obtain the second SM2 public key of the user side.
Therefore, on the basis of the bank-enterprise direct connection system, the bank base provides security requirements of identity authentication security, security encryption, digital signature and the like for the user based on the SM4 symmetric encryption and decryption and the SM2 digital signature algorithm, and the security requirements between the user system and the bank system are met. Fig. 5 is a schematic diagram of a main flow of a file transfer method according to a fourth embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 5, the file transmission method applied to the user side may include:
step 501, generating a message according to the information of the file to be transmitted.
When the user needs to obtain the file from the bank end, a message may be generated according to the information of the file to be transmitted (such as the name of the file to be transmitted).
Step 502, encrypting the message by using the second SM2 private key to obtain a message ciphertext.
In order to ensure the security, the user side encrypts the message by using a second SM2 private key to obtain a message ciphertext.
Step 503, performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature.
In order to perform identity verification, the user side further needs to perform digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature.
Step 504, sending a file acquisition request to the bank terminal, where the file acquisition request carries the message signature.
And step 505, receiving a file signature returned by the bank end.
Step 506, the first SM2 public key is adopted to verify the file signature.
And 507, if the signature verification passes, decrypting the signature verification result by using the SM4 symmetric key to obtain a file.
Fig. 6 is a schematic diagram of main modules of a file transfer apparatus according to a first embodiment of the present invention. As shown in fig. 6, the file transmission apparatus 600 is disposed at the bank end, and includes a first receiving module 601, a first secret key module 602, a first encryption module 603, a first sending module 604, and a first decryption module 605; the first receiving module 601 is configured to receive a key obtaining request sent by a user side; receiving a second secret key ciphertext returned by the user side; the first secret key module 602 is configured to generate a first SM2 public key and a corresponding first SM2 private key, and generate an SM4 symmetric secret key; a first encryption module 603, configured to encrypt the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext; the first sending module 604 is configured to send the first secret key ciphertext to the user side; sending a key acquisition request to the user side; the first decryption module 605 is configured to decrypt the second secret key ciphertext to obtain a second SM2 public key.
Optionally, the first encryption module 603 is further configured to:
assembling a first encryption parameter according to the user identifier of the user side and a preset parameter;
and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext.
Optionally, the first decryption module 605 is further configured to:
assembling a first decryption parameter according to the user identification and the preset parameter of the bank end;
and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key.
Optionally, the first receiving module 601 is further configured to receive a file obtaining request sent by a user side;
the first decryption module is further used for carrying out signature verification and decryption on the file acquisition request to obtain information of the file to be transmitted;
the first encryption module 603 is further configured to encrypt the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext; performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature;
the first sending module 604 is further configured to send the file signature to the user side.
Optionally, the first decryption module is further configured to:
adopting a second SM2 public key to check the file acquisition request;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted.
It should be noted that, in the implementation of the document transmission device of the present invention, the document transmission method has been described in detail above, and therefore, the repeated content herein is not described again.
Fig. 7 is a schematic diagram of main blocks of a file transfer apparatus according to a first embodiment of the present invention. As shown in fig. 7, the file transmission apparatus 700 is disposed at a user end, and includes a second sending module 701, a second receiving module 702, a second decrypting module 703, a second secret key module 704, and a second encrypting module 705; the second sending module 701 is configured to send a key obtaining request to a bank end; sending the second secret key ciphertext to the bank end; the second receiving module 702 is configured to receive a first secret key ciphertext returned by the bank end; receiving a secret key acquisition request sent by the bank end; the second decryption module 703 is configured to decrypt the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key; the second secret key module 704 is configured to generate a second SM2 public key and a corresponding second SM2 private key; the second encryption module 705 is configured to encrypt the second SM2 public key to obtain a second secret key ciphertext.
Optionally, the second decryption module 703 is further configured to:
assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter;
and decrypting the first secret key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric secret key.
Optionally, the second encryption module 705 is further configured to:
assembling a second encryption parameter according to the user identification and the preset parameter of the bank end;
and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext.
Optionally, the second encryption module 705 is further configured to: generating a message according to the information of the file to be transmitted; encrypting the message by using the second SM2 private key to obtain a message ciphertext; performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature;
the second sending module 701 is further configured to send a file obtaining request to the bank end, where the file obtaining request carries the message signature.
Optionally, the second receiving module 702 is further configured to receive a file signature returned by the bank end;
the second decryption module 703 is further configured to: verifying the file signature by using the first SM2 public key; and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the file.
It should be noted that, in the implementation of the document transmission device of the present invention, the document transmission method has been described in detail above, and therefore, the repeated content herein is not described again.
Fig. 8 shows an exemplary system architecture 800 of a file transfer method or a file transfer apparatus to which an embodiment of the present invention may be applied.
As shown in fig. 8, the system architecture 800 may include terminal devices 801, 802, 803, a network 804, and a server 805. The network 804 serves to provide a medium for communication links between the terminal devices 801, 802, 803 and the server 805. Network 804 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 801, 802, 803 to interact with a server 805 over a network 804 to receive or send messages or the like. The terminal devices 801, 802, 803 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 801, 802, 803 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 805 may be a server that provides various services, such as a back-office management server (for example only) that supports shopping-like websites browsed by users using the terminal devices 801, 802, 803. The background management server can analyze and process the received data such as the article information query request and feed back the processing result to the terminal equipment.
It should be noted that the file transfer method provided by the embodiment of the present invention is generally executed by the server 805, and accordingly, the file transfer apparatus is generally disposed in the server 805.
It should be understood that the number of terminal devices, networks, and servers in fig. 8 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 9, shown is a block diagram of a computer system 900 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 9, the computer system 900 includes a Central Processing Unit (CPU)901 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data necessary for the operation of the system 900 are also stored. The CPU 901, ROM 902, and RAM903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The above-described functions defined in the system of the present invention are executed when the computer program is executed by a Central Processing Unit (CPU) 901.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer programs according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a first receiving module, a first secret key module, a first encryption module, and a first sending module, where the names of the modules do not in some cases constitute a limitation on the modules themselves.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a second sending module, a second receiving module and a second decryption module, wherein the names of the modules do not in some cases constitute a limitation of the modules themselves.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: receiving a secret key acquisition request sent by a user side; generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric key; encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext; and sending the first secret key ciphertext to the user side.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: sending a secret key acquisition request to a bank end; receiving a first secret key ciphertext returned by the bank end; and decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key.
As another aspect, an embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the method described in any of the above embodiments.
According to the technical scheme of the embodiment of the invention, the technical means that the first SM2 public key, the corresponding first SM2 private key and the SM4 symmetric secret key are generated, then the first SM2 public key and the SM4 symmetric secret key are encrypted to obtain the first secret key ciphertext, and then the first secret key ciphertext is sent to the user side is adopted, so that the technical problem that the safety requirement between a user system and a bank system cannot be met in the prior art is solved. On the basis of the bank-enterprise direct connection system, the bank base provides security requirements of identity authentication security, security encryption, digital signature and the like for the user based on SM4 symmetric encryption and decryption and SM2 digital signature algorithm, and the security requirements between the user system and the bank system are met.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (23)

1. A file transmission method is applied to a bank end and comprises the following steps:
receiving a secret key acquisition request sent by a user side;
generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric key;
encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext;
sending the first secret key ciphertext to the user side;
sending a key acquisition request to the user side;
receiving a second secret key ciphertext returned by the user side;
and decrypting the second secret key ciphertext to obtain a second SM2 public key.
2. The method of claim 1, wherein encrypting the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext comprises:
assembling a first encryption parameter according to the user identifier of the user side and a preset parameter;
and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext.
3. The method of claim 1, wherein decrypting the second secret key ciphertext to obtain a second SM2 public key comprises:
assembling a first decryption parameter according to the user identification and the preset parameter of the bank end;
and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key.
4. The method of claim 1, wherein after decrypting the second secret key ciphertext to obtain a second SM2 public key, further comprising:
receiving a file acquisition request sent by a user side;
performing signature verification and decryption on the file acquisition request to obtain information of the file to be transmitted;
encrypting the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext;
performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature;
and sending the file signature to the user side.
5. The method of claim 4, wherein signing and decrypting the file retrieval request comprises:
adopting a second SM2 public key to check the file acquisition request;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted.
6. A file transmission method is applied to a user side and comprises the following steps:
sending a secret key acquisition request to a bank end;
receiving a first secret key ciphertext returned by the bank end;
decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key;
receiving a secret key acquisition request sent by the bank end;
generating a second SM2 public key and its corresponding second SM2 private key;
encrypting the second SM2 public key to obtain a second secret key ciphertext;
and sending the second secret key ciphertext to the bank end.
7. The method of claim 6, wherein decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric key comprises:
assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter;
and decrypting the first secret key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric secret key.
8. The method of claim 6, wherein encrypting the second SM2 public key to obtain a second secret key ciphertext comprises:
assembling a second encryption parameter according to the user identification and the preset parameter of the bank end;
and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext.
9. The method of claim 6, wherein after decrypting the first secret key ciphertext to obtain the first SM2 public key and the SM4 symmetric key, further comprising:
generating a message according to the information of the file to be transmitted;
encrypting the message by using the second SM2 private key to obtain a message ciphertext;
performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature;
and sending a file acquisition request to the bank terminal, wherein the file acquisition request carries the message signature.
10. The method according to claim 9, after sending the file acquisition request to the bank terminal, further comprising:
receiving a file signature returned by the bank end;
verifying the file signature by using the first SM2 public key;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the file.
11. The utility model provides a file transmission device which characterized in that sets up in bank end, includes:
the first receiving module is used for receiving a secret key obtaining request sent by a user side; receiving a second secret key ciphertext returned by the user side;
the first secret key module is used for generating a first SM2 public key and a corresponding first SM2 private key thereof, and generating an SM4 symmetric secret key;
the first encryption module is configured to encrypt the first SM2 public key and the SM4 symmetric key to obtain a first secret key ciphertext;
the first sending module is used for sending the first secret key ciphertext to the user side; sending a key acquisition request to the user side;
and the first decryption module is used for decrypting the second secret key ciphertext to obtain a second SM2 public key.
12. The apparatus of claim 11, wherein the first encryption module is further configured to:
assembling a first encryption parameter according to the user identifier of the user side and a preset parameter;
and based on the first encryption parameter and by adopting a symmetric encryption algorithm, encrypting the first SM2 public key and the SM4 symmetric secret key to obtain a first secret key ciphertext.
13. The apparatus of claim 11, wherein the first decryption module is further configured to:
assembling a first decryption parameter according to the user identification and the preset parameter of the bank end;
and decrypting the second secret key ciphertext by adopting a symmetric encryption algorithm based on the first decryption parameter to obtain a second SM2 public key.
14. The apparatus according to claim 11, wherein the first receiving module is further configured to receive a file obtaining request sent by a user side;
the first decryption module is further used for carrying out signature verification and decryption on the file acquisition request to obtain information of the file to be transmitted;
the first encryption module is further configured to encrypt the file to be transmitted by using the SM4 symmetric key to obtain a file ciphertext; performing digital signature on the file ciphertext by using the first SM2 private key to obtain a file signature;
the first sending module is further configured to send the file signature to the user side.
15. The apparatus of claim 14, wherein the first decryption module is further configured to:
adopting a second SM2 public key to check the file acquisition request;
and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the information of the file to be transmitted.
16. The utility model provides a file transmission device which characterized in that sets up in the user side, includes:
the second sending module is used for sending a secret key obtaining request to the bank end; sending the second secret key ciphertext to the bank end;
the second receiving module is used for receiving a first secret key ciphertext returned by the bank end; receiving a secret key acquisition request sent by the bank end;
the second decryption module is used for decrypting the first secret key ciphertext to obtain a first SM2 public key and an SM4 symmetric secret key;
the second secret key module is used for generating a second SM2 public key and a corresponding second SM2 private key;
and the second encryption module is used for encrypting the second SM2 public key to obtain a second secret key ciphertext.
17. The apparatus of claim 16, wherein the second decryption module is further configured to:
assembling into a second decryption parameter according to the user identifier of the user side and a preset parameter;
and decrypting the first secret key ciphertext by adopting a symmetric encryption algorithm based on the second decryption parameter to obtain a first SM2 public key and an SM4 symmetric secret key.
18. The apparatus of claim 16, wherein the second encryption module is further configured to:
assembling a second encryption parameter according to the user identification and the preset parameter of the bank end;
and encrypting the second SM2 public key based on the second encryption parameter by adopting a symmetric encryption algorithm to obtain a second secret key ciphertext.
19. The apparatus of claim 16, wherein the second encryption module is further configured to: generating a message according to the information of the file to be transmitted; encrypting the message by using the second SM2 private key to obtain a message ciphertext; performing digital signature verification on the message ciphertext by using the SM4 symmetric key to obtain a message signature;
the second sending module is further configured to send a file obtaining request to the bank end, where the file obtaining request carries the message signature.
20. The apparatus according to claim 19, wherein the second receiving module is further configured to receive a file signature returned by the bank end;
the second decryption module is further configured to: verifying the file signature by using the first SM2 public key; and if the signature passes the verification, decrypting the signature verification result by using the SM4 symmetric key to obtain the file.
21. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
the one or more programs, when executed by the one or more processors, implement the method of any of claims 1-10.
22. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-10.
23. A computer program product comprising a computer program, characterized in that the computer program realizes the method according to any of claims 1-10 when executed by a processor.
CN202111590677.1A 2021-12-23 2021-12-23 File transmission method and device, electronic equipment and computer readable medium Pending CN114417369A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111590677.1A CN114417369A (en) 2021-12-23 2021-12-23 File transmission method and device, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111590677.1A CN114417369A (en) 2021-12-23 2021-12-23 File transmission method and device, electronic equipment and computer readable medium

Publications (1)

Publication Number Publication Date
CN114417369A true CN114417369A (en) 2022-04-29

Family

ID=81268160

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111590677.1A Pending CN114417369A (en) 2021-12-23 2021-12-23 File transmission method and device, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN114417369A (en)

Similar Documents

Publication Publication Date Title
CN104917741B (en) A kind of plain text document public network secure transmission system based on USBKEY
CN113347206A (en) Network access method and device
CN112437044B (en) Instant messaging method and device
CN111784887A (en) Authorization releasing method, device and system for user access
US10063655B2 (en) Information processing method, trusted server, and cloud server
CN109257347A (en) Communication means and relevant apparatus, storage medium suitable for data interaction between bank
CN113193961B (en) Digital certificate management method and device
CN112131599A (en) Method, device, equipment and computer readable medium for checking data
CN111181920A (en) Encryption and decryption method and device
CN111698264A (en) Method and apparatus for maintaining user authentication sessions
CN112966287B (en) Method, system, device and computer readable medium for acquiring user data
CN111416788B (en) Method and device for preventing transmission data from being tampered
CN114037447A (en) Method and device for off-line transaction
CN113468580A (en) Multi-party collaborative signature method and system
CN113206746A (en) Digital certificate management method and device
CN114584355B (en) Security authentication method, device and system for digital currency transaction
CN114650181B (en) E-mail encryption and decryption method, system, equipment and computer readable storage medium
CN113422832B (en) File transmission method, device, equipment and storage medium
CN115567263A (en) Data transmission management method, data processing method and device
CN114417369A (en) File transmission method and device, electronic equipment and computer readable medium
CN109639409B (en) Key initialization method, key initialization device, electronic equipment and computer-readable storage medium
CN113626848A (en) Sample data generation method and device, electronic equipment and computer readable medium
CN110166226B (en) Method and device for generating secret key
CN113179169A (en) Digital certificate management method and device
CN110619236A (en) File authorization access method, device and system based on file credential information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination