CN115102768A - Data processing method and device and computer equipment - Google Patents
Data processing method and device and computer equipment Download PDFInfo
- Publication number
- CN115102768A CN115102768A CN202210730121.6A CN202210730121A CN115102768A CN 115102768 A CN115102768 A CN 115102768A CN 202210730121 A CN202210730121 A CN 202210730121A CN 115102768 A CN115102768 A CN 115102768A
- Authority
- CN
- China
- Prior art keywords
- message
- encrypted
- message body
- sender
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 13
- 238000000034 method Methods 0.000 claims abstract description 57
- 238000012795 verification Methods 0.000 claims abstract description 12
- 238000005538 encapsulation Methods 0.000 claims abstract description 8
- 238000012545 processing Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 9
- 238000013524 data verification Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 24
- 238000010586 diagram Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data processing method, a message to be sent is coded to enable the message to be in an unreadable state before a receiver decrypts the message, then asymmetric encryption is carried out on the message, only the receiver can decrypt a coded message body, then an encrypted character string obtained based on the encrypted message body is placed into a message header in an assembling process, it is ensured that data in the message body is not tampered, meanwhile, identification information is placed for verification, and finally, the message after encapsulation is symmetrically encrypted and sent to the receiver, so that the receiver can decrypt the original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the data validity can be verified.
Description
Technical Field
The present application relates to the field of secure communication technologies, and in particular, to a data processing method, an apparatus, and a computer device.
Background
At present, in daily life, complex business systems are supported behind businesses such as transfer, login, inquiry and the like every time, and the business systems are actually server clusters. The interior of the server cluster is not isolated from frequent mass data communication and data exchange. In the related art, a processing scheme for guaranteeing the data communication security of a server cluster generally encrypts data in a single encryption mode and transmits the encrypted data. However, such a method easily causes data to be cracked and tampered, and the security of the data is not strong.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data processing method, an apparatus, and a computer device, so as to solve the problem in the related art that data communicated in a server cluster is easily cracked and tampered.
In a first aspect, a data processing method provided in an embodiment of the present application is applied to a sender, and includes:
coding a message to be sent to obtain a coded message body;
carrying out asymmetric encryption on the encoded message body by using a public key of a receiver to obtain an encrypted message body; the receiving party holds an asymmetric encrypted private key;
obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
symmetrically encrypting the packaged message, and sending the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
In the implementation process, a message to be sent is encoded to enable the message to be in an unreadable state before being decrypted by a receiver, then asymmetric encryption is carried out on the message to enable only the receiver to decrypt the encoded message body, then in the assembly process, an encrypted character string obtained based on the encrypted message body is put into a message header to ensure that data in the message body is not tampered, meanwhile, identification information is put into the message header for verification, and finally, the message after encapsulation is symmetrically encrypted and sent to the receiver, so that the receiver can decrypt and obtain original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the data validity can be verified.
Further, in some embodiments, the encoding the packet to be sent includes:
and carrying out Base64 coding on the message to be sent.
In the implementation process, the Base64 coding is carried out on the message to be sent, so that the coded message body has no readability, and the message body can be read only after being decoded.
Further, in some embodiments, the asymmetric encryption employs the SM2 algorithm.
In the implementation process, compared with the traditional asymmetric encryption algorithm, the SM2 algorithm is adopted, so that the encryption complexity is higher, the processing speed is higher, and the machine performance consumption is lower.
Further, in some embodiments, the encrypted string is a hash value obtained by performing a hash algorithm on the encrypted packet body.
In the implementation process, the encrypted message body is processed based on the Hash algorithm, and the obtained encrypted character string is put into the message header, so that the data in the message body is ensured not to be tampered.
Further, in some embodiments, the identification information includes at least one of:
and sending the unique identification codes and the time stamps of the two parties.
In the implementation process, the unique identification codes and/or the timestamps of the two sending parties are/is put into the message header as identification information, so that the receiver can check the identity of the sending party to verify whether the message is falsified after being generated.
Further, in some embodiments, the symmetric encryption employs the SM4 algorithm.
In the implementation process, the SM4 algorithm is adopted, and compared with the traditional symmetric encryption algorithm, the security and the performance are improved to a certain extent.
In a second aspect, a data processing method provided in an embodiment of the present application is applied to a receiving side, and includes:
after receiving a message sent by a sender, decrypting the message by using a symmetric encrypted key to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
carrying out data consistency check on the encrypted message body by using the encrypted character string in the message header, and checking the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
after the verification is passed, decrypting the message body by using the asymmetric encrypted private key to obtain an encoded message body;
and decoding the coded message body to obtain message information.
In a third aspect, an embodiment of the present application provides a data processing apparatus, which is applied to a sender, and includes:
the message coding module is used for coding a message to be sent to obtain a coded message body;
the first encryption module is used for asymmetrically encrypting the encoded message body by using a public key of a receiver to obtain the encrypted message body; the receiving party holds an asymmetric encrypted private key;
the data encapsulation module is used for obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
the second encryption module is used for symmetrically encrypting the packaged message and sending the symmetrically encrypted message to the receiving party; the receiver also holds a symmetrically encrypted key.
In a fourth aspect, a data processing apparatus provided in an embodiment of the present application is applied to a receiving side, and includes:
the first decryption module is used for decrypting the message by using a symmetric encrypted key after receiving the message sent by the sender to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
the data verification module is used for verifying the data consistency of the encrypted message body by using the encrypted character string in the message header and verifying the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
the second decryption module is used for decrypting the message body by using the asymmetric encrypted private key after the verification is passed, so as to obtain the encoded message body;
and the message decoding module is used for decoding the coded message body to obtain message information.
In a fifth aspect, an electronic device provided in an embodiment of the present application includes: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to any of the first aspect when executing the computer program.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium having instructions stored thereon, which, when executed on a computer, cause the computer to perform the method according to any one of the first aspect.
In a seventh aspect, an embodiment of the present application provides a computer program product, which when run on a computer, causes the computer to execute the method according to any one of the first aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the above-described technology disclosed herein.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of a data processing method according to an embodiment of the present application;
fig. 2 is a flowchart of another data processing method provided in an embodiment of the present application;
fig. 3 is a schematic diagram of a data information encryption process of a sender according to an embodiment of the present application;
fig. 4 is a schematic diagram of a data information decryption process of a receiving party according to an embodiment of the present application;
fig. 5 is a block diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 6 is a block diagram of another data processing apparatus provided in an embodiment of the present application;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
In daily life, complex business systems are supported behind businesses such as transfer, login, inquiry and the like every time, and the business systems are actually server clusters. The interior of the server cluster is not isolated from frequent mass data communication and data exchange. In the related art, a processing scheme for ensuring the data communication security of a server cluster generally encrypts data in a single encryption mode and then transmits the encrypted data. However, such a method easily causes data to be cracked and tampered, and the security of the data is not strong.
Based on this, embodiments of the present application provide a data processing scheme to solve the above problems.
As shown in fig. 1, fig. 1 is a flowchart of a data processing method provided in an embodiment of the present application, where the method is applied to a sender, and the sender may be any node in a server cluster. Clusters (clusters), also referred to as clusters, are computer systems that utilize standard networks to connect various common servers together in a manner that provides the user with increased system computing capabilities and, in turn, with single system mapping capabilities.
In step 101, a message to be sent is encoded to obtain an encoded message body;
the message (message) is a data unit exchanged and transmitted in the network, and the message includes complete data information to be sent, and the length of the message is not limited and can be changed. In this embodiment, the data information to be sent to the receiver by the sender is transmitted in the form of a message, and specifically, a destination address pointing to the receiver is attached to the message, so that the network node can forward the message to the next node according to the destination address on the message, and forward the message to the receiver node by node.
In the step, the original data is coded once, so that the original data is unreadable before being decrypted by a receiving party. In some examples, this step is Base64 encoding of the message to be sent. Base64 is a method of representing binary data based on 64 printable characters, and its general encoding rule includes converting every three 8-Bit bytes into four 6-Bit bytes, and then adding two more high bits 0 to the 6-Bit bytes to form four 8-Bit bytes. By carrying out Base64 encoding on the message to be sent, the encoded message body has non-readability and can be read only after being decoded. Of course, in other embodiments, the sender may employ other types of encoding methods.
In step 102, the public key of the receiver is used for carrying out asymmetric encryption on the encoded message body to obtain an encrypted message body; the receiving party holds an asymmetric encrypted private key;
asymmetric encryption is one of encryption technologies, which requires two keys, a Public Key (Public Key) and a Private Key (Private Key) for encryption and decryption. The public key and the private key are a pair, and if the public key is used for encrypting data, the corresponding private key can be used for decrypting the data; accordingly, if data is encrypted with a private key, it can only be decrypted with the corresponding public key. The step is used for asymmetrically encrypting the encoded message body, so that only a receiving party with a private key can really decrypt the encoded message body, which is a key barrier in the whole encryption process.
The RSA algorithm is the most commonly used of the asymmetric encryption algorithms, but with the development of cryptographic technology and computer technology, the current RSA algorithm faces serious security threats. Thus, in some embodiments, the asymmetric encryption in this step employs the SM2 algorithm. The SM2 algorithm is an asymmetric encryption algorithm in national commercial cryptographic algorithms, and compared with the RSA algorithm, the SM2 algorithm has higher cryptographic complexity, faster processing speed and less machine performance consumption, so that the SM2 algorithm is a more advanced and secure algorithm. For a specific SM2 encryption and decryption process, reference may be made to descriptions in the related art, which are not described in detail in this embodiment.
In addition, the public key of the receiver may be sent by the receiver to each node in the cluster upon entering the system. The receiver stores the public key and private key of asymmetric encryption, after the receiver joins the cluster, the system authentication is needed to be carried out, after the authentication is passed, the receiver broadcasts the public key of asymmetric encryption to the server passing the whole network authentication, and then the server can carry out normal data message transmission. Of course, the obtaining manner of the asymmetric encryption key may also be set differently according to the requirements of other specific scenarios, which is not limited in this application.
In step 103, an encrypted character string is obtained based on the encrypted message body, and the encrypted character string and the identification information are encapsulated in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
the step is essentially a process of packaging data and assembling a message header, wherein an encrypted character string is obtained based on the encrypted message body and is put into the message header, so that the data in the message body is not tampered. In some embodiments, the encrypted string may be a Hash code value obtained by performing Hash algorithm processing on the encrypted packet body. The Hash algorithm is a compression mapping that can be used to compress messages of arbitrary length into a message digest of some fixed length.
Alternatively, the Hash Algorithm used may be a SHA (Secure Hash Algorithm) 256 Algorithm. For any length of message, the SHA256 algorithm generates a 256-bit hash value, called message digest, and the main processing procedure includes: performing bit-filling processing on the message to enable the final length to be a multiple of 512 bits; partitioning the message in units of 512 bits; each message block is processed one by one. Of course, in other embodiments, other types of hash algorithms may also be used, and the application is not limited thereto.
The step also puts identification information in the assembly process so that the receiver can check the identification information when decrypting. The identification information is information for checking data consistency, and optionally, the identification information may include at least one of the following: and sending the unique identification codes and the time stamps of the two parties. The Unique identification codes of the two sending parties refer to the Unique identification code of the sending party and the Unique identification code of the receiving party, the Unique identification codes can be server UUID (universal Unique Identifier), specifically, the Unique identification codes can be generated based on Media Access Control (MAC) addresses of corresponding devices, the Unique identification codes of the two sending parties are put into a message header, and the receiving party can authenticate the identity of the sending party after receiving the message, so that whether the message is tampered after being generated or not is verified; the time stamp is data generated by using a digital signature technology, and is put in a message header, so that a receiver can authenticate the generation time of the message by a certain technical means after receiving the message, and whether the message is falsified after being generated is verified. Of course, in other embodiments, the identification information may also include other types of information, such as a packet ID, where the packet ID is an identifier that uniquely distinguishes a packet from a packet, and the packet ID is placed in a packet header to prevent replay attack.
In step 104, symmetrically encrypting the encapsulated message, and sending the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
Symmetric encryption is also one of the encryption techniques, and, unlike asymmetric encryption, symmetric encryption uses the same key for encryption and decryption. The step symmetrically encrypts the packaged message, so that a receiver with a symmetric encryption key can decrypt the message to obtain the packaged message, and the packaged message is subjected to validity check.
In some embodiments, the symmetric encryption in this step uses the SM4 algorithm. The SM4 algorithm is a symmetric encryption algorithm in the national commercial cipher algorithm, which uses a 32-round nonlinear iteration structure and adds an inverse transformation after the last round of nonlinear iteration, so that the decryption algorithm in the SM4 can be consistent with the encryption algorithm as long as the decryption key is in the inverse order of the encryption key. Thus, certain improvements in security and performance can be achieved using the SM4 algorithm rather than the conventional symmetric encryption algorithm.
In addition, the key for the sending party to perform symmetric encryption can be acquired after the authentication is passed. After the sender joins the cluster, system authentication needs to be performed first, and after the authentication is passed, the sender can obtain the symmetric encrypted secret key. Alternatively, the key may be obtained from a central node, which may be considered as a node with public trust in the cluster, and the central node performs system authentication on the servers joining the cluster and sends a symmetric encrypted key to the authenticated servers. Of course, the obtaining manner of the symmetric encryption key may also be set differently according to the requirements of other specific scenarios, which is not limited in this application.
The data information encryption method of the embodiment of the application comprises the steps of firstly coding a message to be sent to enable the message to be in an unreadable state before a receiver decrypts the message, then asymmetrically encrypting the message to enable only the receiver to decrypt a coded message body, then putting an encrypted character string obtained based on the encrypted message body into a message header in an assembling process to ensure that data in the message body is not tampered, simultaneously putting identification information for verification, and finally symmetrically encrypting the packaged message and sending the encrypted message to the receiver, so that the receiver can decrypt the encrypted message to obtain original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the data validity can be verified.
Correspondingly to the encryption method, the application also provides an embodiment of the decryption method. As shown in fig. 2, fig. 2 is a flowchart of another data processing method shown in this embodiment, where the method is applied to a receiving side, and includes:
after receiving a message sent by a sender in step 201, decrypting the message by using a symmetric encrypted key to obtain a decrypted message, where the decrypted message includes a message header and an encrypted message body;
in step 202, the encrypted character string in the message header is used to check the data consistency of the encrypted message body, and the identification information in the message header is used to check the identity of the sender; the identification information is used for identifying the identity of the sender;
in step 203, after the verification is passed, the message body is decrypted by using the asymmetric encrypted private key to obtain an encoded message body;
in step 204, the encoded message body is decoded to obtain message information.
The decryption scheme of this embodiment corresponds to the encryption scheme of the embodiment in fig. 1, and therefore, the implementation process of each step in this embodiment may refer to the description of the embodiment in fig. 1, which is not described herein again. In addition, other improvements related to the embodiment of fig. 1 are also applicable to the embodiment of fig. 2.
To illustrate the data processing scheme of the present application in more detail, a specific embodiment is described as follows:
in this embodiment, data communication security of a server cluster (hereinafter referred to as a system) is realized, when each node enters the system, system authentication needs to be performed first, after the authentication is passed, a secret key of an SM4 algorithm and a private key of an SM2 algorithm are obtained, and meanwhile, a public key of an SM2 algorithm of the node is broadcast to other nodes which pass the whole network authentication, and then the node can perform normal data message transmission with other nodes. For convenience of distinction, a node that transmits a packet is hereinafter referred to as a sender, and a node that receives a packet is hereinafter referred to as a receiver.
As shown in fig. 3, fig. 3 is a schematic diagram of a data information encryption process of a sending party according to an embodiment of the present application. The encryption process comprises the following steps:
s301, when sending a message, firstly, encoding the original message 31 by using Base64 to obtain an encoded message body 32;
s302, asymmetrically encrypting the encoded message body 32 by using the SM2 public key of the receiver to obtain an encrypted message body 33;
s303, carrying out Hash25 algorithm processing on the encrypted message body 33 to obtain a HashCode value, putting the HashCode value and data such as unique identification codes, dates and the like of both sending parties into a message header to obtain an encapsulated message 34, wherein the message body of the encapsulated message 34 is the encrypted message body 33;
s304, encrypting the packaged message 34 by using an SM4 key to obtain a symmetrically encrypted message 35;
s305, the symmetrically encrypted message 35 is sent to a receiving party.
Correspondingly, as shown in fig. 4, fig. 4 is a schematic diagram of a data information decryption process of a receiving side according to an embodiment of the present application. The decryption process comprises:
s401, when the symmetrically encrypted message 35 is received, decrypting the symmetrically encrypted message 35 by using an SM4 key to obtain an encapsulated message 34;
s402, verifying data consistency based on HashCode values in a message header of the packaged message 34, verifying the identity of a sender based on data such as unique identification codes, dates and the like of the two senders in the message header, and acquiring a message body of the packaged message 34 as an encrypted message body 33 when verification is passed;
s403, decrypting the encrypted message body 33 by using an SM2 private key to obtain an encoded message body 32;
s404, carrying out Base64 decoding on the encoded message body 32 to obtain the original message 31 of the sender.
As can be seen from the above, in the scheme of this embodiment, the multiple encryption algorithm is used to process the data, so that on one hand, the security of the data is ensured, and on the other hand, the data verification and the identity verification are also implemented, thereby effectively preventing the data from being tampered.
Corresponding to the embodiment of the method, the application also provides an embodiment of the data processing device and a terminal applied by the data processing device.
As shown in fig. 5, fig. 5 is a block diagram of a data processing apparatus provided in an embodiment of the present application, where the data processing apparatus is applied to a sender, and includes:
a message encoding module 51, configured to encode a message to be sent to obtain an encoded message body;
the first encryption module 52 is configured to perform asymmetric encryption on the encoded message body by using the public key of the receiving party to obtain an encrypted message body; the receiving party holds an asymmetric encrypted private key;
a data encapsulation module 53, configured to obtain an encrypted character string based on the encrypted message body, and encapsulate the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
a second encryption module 54, configured to symmetrically encrypt the encapsulated packet and send the symmetrically encrypted packet to the receiving party; the receiver also holds a symmetrically encrypted key.
As shown in fig. 6, fig. 6 is a block diagram of another data processing apparatus provided in an embodiment of the present application, where the data processing apparatus is applied to a receiving side, and includes:
the first decryption module 61 is configured to decrypt, after receiving a message sent by a sender, the message by using a symmetric encrypted key to obtain a decrypted message, where the decrypted message includes a message header and an encrypted message body;
a data verification module 62, configured to perform data consistency verification on the encrypted packet body by using the encrypted character string in the packet header, and verify the identity of the sender by using the identification information in the packet header; the identification information is used for identifying the identity of the sender;
the second decryption module 63 is configured to decrypt the message body by using the asymmetric encrypted private key after the verification is passed, so as to obtain an encoded message body;
and a message decoding module 64, configured to decode the encoded message body to obtain message information.
Fig. 7 shows a block diagram of an electronic device according to an embodiment of the present disclosure, where fig. 7 is a block diagram of the electronic device. The electronic device may include a processor 710, a communication interface 720, a memory 730, and at least one communication bus 740. Wherein the communication bus 740 is used for realizing direct connection communication of these components. In this embodiment, the communication interface 720 of the electronic device is used for performing signaling or data communication with other node devices. Processor 710 may be an integrated circuit chip having signal processing capabilities.
The Processor 710 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 710 may be any conventional processor or the like.
The Memory 730 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Read Only Memory (EPROM), an electrically Erasable Read Only Memory (EEPROM), and the like. The memory 730 stores computer readable instructions, which when executed by the processor 710, enable the electronic device to perform the steps involved in the method embodiments of fig. 1-2.
Optionally, the electronic device may further include a memory controller, an input output unit.
The memory 730, the memory controller, the processor 710, the peripheral interface, and the input/output unit are electrically connected to each other directly or indirectly, so as to implement data transmission or interaction. For example, these components may be electrically coupled to each other via one or more communication buses 740. The processor 710 is configured to execute executable modules stored in the memory 730, such as software functional modules or computer programs included in the electronic device.
The input and output unit is used for providing a task for a user to create and start an optional time period or preset execution time for the task creation so as to realize the interaction between the user and the server. The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 7 or have a different configuration than shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present application further provides a storage medium, where the storage medium stores instructions, and when the instructions are run on a computer, when the computer program is executed by a processor, the method in the method embodiment is implemented, and in order to avoid repetition, details are not repeated here.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A data processing method, applied to a sender, includes:
coding a message to be sent to obtain a coded message body;
carrying out asymmetric encryption on the encoded message body by using a public key of a receiver to obtain an encrypted message body; the receiving party holds an asymmetric encrypted private key;
obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
symmetrically encrypting the packaged message, and sending the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
2. The method of claim 1, wherein encoding the packet to be transmitted comprises:
and carrying out Base64 coding on the message to be sent.
3. The method of claim 1, wherein the asymmetric encryption employs the SM2 algorithm.
4. The method of claim 1, wherein the encrypted string is a hash value obtained by performing a hash algorithm on the encrypted packet body.
5. The method of claim 1, wherein the identification information comprises at least one of:
and sending the unique identification codes and the time stamps of the two parties.
6. The method of claim 1, wherein the symmetric encryption employs the SM4 algorithm.
7. A data processing method, applied to a receiving side, includes:
after receiving a message sent by a sender, decrypting the message by using a symmetric encrypted key to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
carrying out data consistency check on the encrypted message body by using the encrypted character string in the message header, and checking the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
after the verification is passed, decrypting the message body by using the asymmetric encrypted private key to obtain an encoded message body;
and decoding the coded message body to obtain message information.
8. A data processing apparatus, applied to a sender, comprising:
the message coding module is used for coding a message to be sent to obtain a coded message body;
the first encryption module is used for asymmetrically encrypting the encoded message body by using a public key of a receiver to obtain the encrypted message body; the receiving party holds an asymmetric encrypted private key;
the data encapsulation module is used for obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
the second encryption module is used for symmetrically encrypting the packaged message and sending the symmetrically encrypted message to the receiving party; the receiver also holds a symmetrically encrypted key.
9. A data processing apparatus, applied to a receiving side, comprising:
the first decryption module is used for decrypting the message by using a symmetric encrypted key after receiving the message sent by the sender to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
the data verification module is used for verifying the data consistency of the encrypted message body by using the encrypted character string in the message header and verifying the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
the second decryption module is used for decrypting the message body by using the asymmetric encrypted private key after the verification is passed, so as to obtain the encoded message body;
and the message decoding module is used for decoding the coded message body to obtain message information.
10. A computer device, comprising: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730121.6A CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730121.6A CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115102768A true CN115102768A (en) | 2022-09-23 |
| CN115102768B CN115102768B (en) | 2024-03-19 |
Family
ID=83292261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210730121.6A Active CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115102768B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116612572A (en) * | 2023-06-14 | 2023-08-18 | 厦门万安智能有限公司 | Building access control management system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741552A (en) * | 2009-12-28 | 2010-06-16 | 华为技术有限公司 | Message transmitting method, equipment and system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN105119900A (en) * | 2015-07-17 | 2015-12-02 | 北京奇虎科技有限公司 | Information secure transmission method, network access method and corresponding terminals |
| CN105471827A (en) * | 2014-09-04 | 2016-04-06 | 华为技术有限公司 | Message transmission method and device |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN113037471A (en) * | 2020-12-19 | 2021-06-25 | 江苏云坤信息科技有限公司 | Cross-system and cross-department business cooperation information exchange method based on government affair field |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
-
2022
- 2022-06-24 CN CN202210730121.6A patent/CN115102768B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741552A (en) * | 2009-12-28 | 2010-06-16 | 华为技术有限公司 | Message transmitting method, equipment and system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN105471827A (en) * | 2014-09-04 | 2016-04-06 | 华为技术有限公司 | Message transmission method and device |
| CN105119900A (en) * | 2015-07-17 | 2015-12-02 | 北京奇虎科技有限公司 | Information secure transmission method, network access method and corresponding terminals |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN113037471A (en) * | 2020-12-19 | 2021-06-25 | 江苏云坤信息科技有限公司 | Cross-system and cross-department business cooperation information exchange method based on government affair field |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116612572A (en) * | 2023-06-14 | 2023-08-18 | 厦门万安智能有限公司 | Building access control management system |
| CN116612572B (en) * | 2023-06-14 | 2024-03-19 | 厦门万安智能有限公司 | Building access control management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115102768B (en) | 2024-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111079128B (en) | Data processing method and device, electronic equipment and storage medium | |
| Jones et al. | Json web encryption (jwe) | |
| CN109559122A (en) | Block chain data transmission method and block chain data transmission system | |
| CN112150147A (en) | Data security storage system based on block chain | |
| CN106973056B (en) | Object-oriented security chip and encryption method thereof | |
| CN107094108B (en) | Device connected to a data bus and method for implementing an encryption function in said device | |
| CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
| KR20010004791A (en) | Apparatus for securing user's informaton and method thereof in mobile communication system connecting with internet | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| CN111614621B (en) | Internet of things communication method and system | |
| SE538304C2 (en) | Improved installation of a terminal in a secure system | |
| KR101608815B1 (en) | Method and system for providing service encryption in closed type network | |
| CN111555872A (en) | Communication data processing method, device, computer system and storage medium | |
| CN114614994B (en) | Communication method, device, client and storage medium of API (application program interface) data | |
| US7894608B2 (en) | Secure approach to send data from one system to another | |
| CN111147245A (en) | Algorithm for encrypting by using national password in block chain | |
| JP2022521525A (en) | Cryptographic method for validating data | |
| CN112564906A (en) | Block chain-based data security interaction method and system | |
| CN110225028B (en) | Distributed anti-counterfeiting system and method thereof | |
| CN113591109B (en) | Method and system for communication between trusted execution environment and cloud | |
| CN115102768B (en) | Data processing method and device and computer equipment | |
| CN111490874A (en) | Distribution network safety protection method, system, device and storage medium | |
| CN114978769B (en) | Unidirectional leading-in device, unidirectional leading-in method, unidirectional leading-in medium and unidirectional leading-in equipment | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| Rajasekar et al. | Introduction to Classical Cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |