WO2021022701A1 - Information transmission method and apparatus, client terminal, server, and storage medium - Google Patents

Information transmission method and apparatus, client terminal, server, and storage medium Download PDF

Info

Publication number
WO2021022701A1
WO2021022701A1 PCT/CN2019/116768 CN2019116768W WO2021022701A1 WO 2021022701 A1 WO2021022701 A1 WO 2021022701A1 CN 2019116768 W CN2019116768 W CN 2019116768W WO 2021022701 A1 WO2021022701 A1 WO 2021022701A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
server
encrypted
aes key
key
Prior art date
Application number
PCT/CN2019/116768
Other languages
French (fr)
Chinese (zh)
Inventor
林伟彬
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021022701A1 publication Critical patent/WO2021022701A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Provided in the present application is an information transmission method, the method using an RSA public key to encrypt login information when a user logs in to a service system and then transmitting same to a server, and implementing information transmission after confirmation information is encrypted with a first AES key and original packets of a service request are encrypted with a second AES key, thereby implementing information transmission using a method of combined asymmetric (RSA) and symmetric (AES) encryption. The symmetric encryption is beneficial for increasing the speed of information transmission, and the asymmetric encryption ensures high information security. Thus, key information (such as the login information) can be transmitted by means of asymmetric encryption, and non-key information (such as the confirmation information) can be transmitted by means of symmetric encryption, achieving the effect of increasing information transmission efficiency and improving information security. Also provided in the present application are an information transmission apparatus, a client terminal, a server, and a storage medium.

Description

信息传输方法、装置、客户端、服务端及存储介质Information transmission method, device, client, server and storage medium
本申请要求于2019年08月08日提交中国专利局,申请号为201910729055.9申请名称为“信息传输方法、装置、客户端、服务端及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires priority to be submitted to the Chinese Patent Office on August 8, 2019. The application number is 201910729055.9. The application titled "Information Transmission Method, Device, Client, Server, and Storage Medium" is the priority of the Chinese patent application, all of which are approved The reference is incorporated in this application.
技术领域Technical field
本申请涉及计算机技术领域,具体涉及一种信息传输方法、装置、客户端、服务端及存储介质。This application relates to the field of computer technology, in particular to an information transmission method, device, client, server and storage medium.
背景技术Background technique
现有技术中,信息在网络中传输时面临传输速度慢与安全性低的双重问题。有时候为了兼顾信息传输的速度,会忽略信息传输的安全性,则容易出现被黑客监听传输内容的情况;有时又为了高安全性而忽略其传输的效率,给用户带来不好的体验。如此,无法实现在信息传输时既能保证安全性又能兼顾传输速度。In the prior art, when information is transmitted in a network, the dual problems of slow transmission speed and low security are faced. Sometimes in order to take into account the speed of information transmission, the security of information transmission is ignored, and the transmission content is easily monitored by hackers; sometimes the transmission efficiency is ignored for the sake of high security, which brings a bad experience to users. In this way, it is impossible to ensure both security and transmission speed during information transmission.
发明内容Summary of the invention
鉴于以上内容,有必要提出一种用于测试的信息传输方法、装置、客户端、服务端及存储介质,能够解决信息传输时无法保证安全性及传输速度的问题。In view of the above, it is necessary to propose an information transmission method, device, client, server, and storage medium for testing, which can solve the problem of security and transmission speed cannot be guaranteed during information transmission.
一种信息传输方法,应用于客户端中,所述客户端与服务端通信连接,所述方法包括:发送请求信息至服务端以获取RSA公钥;接收访问业务系统的登录信息,并生成第一AES密钥;通过所述RSA公钥对所述登录信息和第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;接收服务端发送的加密后的确认信息和第二AES密钥;通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;接收对所述业务系统访问的业务请求;通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。An information transmission method applied to a client, the client communicates with a server, and the method includes: sending request information to the server to obtain an RSA public key; receiving login information for accessing a business system, and generating a first An AES key; the login information and the first AES key are encrypted by the RSA public key, and the encrypted information is sent to the server, so that the server confirms that the login information is accurate Generate confirmation information and the second AES key; receive the encrypted confirmation information and the second AES key sent by the server; decrypt the encrypted confirmation information and the second AES key by the first AES key Obtain a second AES key; receive a service request for access to the service system; encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, The server generates a response message after processing the service request according to the original message.
一种信息传输方法,应用于服务端中,所述服务端与客户端通信连接,所述方法包括:接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;发送所述RSA公钥至所述 客户端;接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;通过所述RSA私钥解密所述登录信息和第一AES密钥;确认所述登录信息是否准确;当所述登录信息准确时生成确认信息和第二AES密钥;通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。An information transmission method applied to a server, the server communicates with a client, and the method includes: receiving request information sent by the client, and generating an RSA public key and an RSA private key; sending the RSA public key Key to the client; receive the login information and the first AES key encrypted by the RSA public key from the client; decrypt the login information and the first AES key by the RSA private key; confirm the Whether the login information is accurate; generate confirmation information and a second AES key when the login information is accurate; encrypt the confirmation information and the second AES key by the first AES key, and send the encrypted confirmation Information and the second AES key to the client; receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message; pass the second The AES key encrypts the response message, and sends the encrypted response message to the client.
一种信息传输装置,运行于客户端中,所述客户端与服务端通信连接,所述装置包括:发送模块,用于发送请求信息至服务端以获取RSA公钥;接收模块,用于接收访问业务系统的登录信息,并生成第一AES密钥;加密模块,用于通过所述RSA公钥对所述登录信息和第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;所述接收模块,还用于接收服务端发送的加密后的确认信息和第二AES密钥;解密模块,用于通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;所述接收模块,还用于接收对所述业务系统访问的业务请求;所述加密模块,还用于通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。An information transmission device, which runs in a client, and is connected to a server in communication. The device includes: a sending module for sending request information to the server to obtain an RSA public key; a receiving module for receiving Access the login information of the business system and generate the first AES key; the encryption module is used to encrypt the login information and the first AES key with the RSA public key, and send the encrypted information to the The server, which causes the server to generate confirmation information and a second AES key after confirming that the login information is accurate; the receiving module is also used to receive the encrypted confirmation information and the second AES key sent by the server; The decryption module is configured to decrypt the encrypted confirmation information and the second AES key using the first AES key to obtain a second AES key; the receiving module is also configured to receive access to the business system The service request; the encryption module is also used to encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, so that the server according to the The original message generates a response message after processing the service request.
一种信息传输装置,运行于服务端中,所述服务端与客户端通信连接,所述装置包括:接收模块,用于接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;发送模块,用于发送所述RSA公钥至所述客户端;所述接收模块,还用于接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;解密模块,用于通过所述RSA私钥解密所述登录信息和第一AES密钥;确认模块,用于确认所述登录信息是否准确;生成模块,用于当所述登录信息准确时生成确认信息和第二AES密钥;加密模块,用于通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;所述接收模块,还用于接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;所述发送模块,还用于通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。An information transmission device runs in a server, and the server is in communication connection with a client. The device includes a receiving module for receiving request information sent by the client and generating an RSA public key and an RSA private key; The sending module is used to send the RSA public key to the client; the receiving module is also used to receive the login information encrypted by the RSA public key and the first AES key sent by the client; the decryption module, It is used to decrypt the login information and the first AES key by the RSA private key; the confirmation module is used to confirm whether the login information is accurate; the generation module is used to generate the confirmation information and the first AES key when the login information is accurate. Two AES key; an encryption module for encrypting the confirmation information and the second AES key by the first AES key, and sending the encrypted confirmation information and the second AES key to the client The receiving module is also configured to receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message; the sending module also uses Yu encrypts the response message with the second AES key, and sends the encrypted response message to the client.
一种客户端,所述客户端与服务端通信连接,所述客户端包括处理器和存储器,所述处理器用于执行存储器中存储的至少一个计算机可读指令时实现以下步骤:发送请求信息至服务端以获取RSA公钥;接收访问业务系统的登录信息,并生成第一AES密钥;通过所述RSA 公钥对所述登录信息和所述第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;接收服务端发送的加密后的所述确认信息和第二AES密钥;通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;接收对所述业务系统访问的业务请求;通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。A client, the client is in communication connection with a server, the client includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps: send request information to The server obtains the RSA public key; receives the login information for accessing the business system and generates the first AES key; encrypts the login information and the first AES key by the RSA public key, and encrypts Send the information of, to the server, so that the server generates confirmation information and a second AES key after confirming that the login information is accurate; receives the encrypted confirmation information and the second AES key sent by the server; Use the first AES key to decrypt the encrypted confirmation information and the second AES key to obtain a second AES key; receive a service request for access to the service system; use the second AES key pair The original message of the service request is encrypted, and the encrypted original message is sent to the server, so that the server generates a response message after processing the service request according to the original message.
一种服务端,所述服务端与客户端通信连接,所述服务端包括处理器和存储器,所述处理器用于执行存储器中存储的至少一个计算机可读指令时实现以下步骤:接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;发送所述RSA公钥至所述客户端;接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;通过所述RSA私钥解密所述登录信息和第一AES密钥;确认所述登录信息是否准确;当所述登录信息准确时生成确认信息和第二AES密钥;通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。A server, the server is in communication connection with the client, the server includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps: And generate the RSA public key and the RSA private key; send the RSA public key to the client; receive the login information and the first AES key encrypted by the RSA public key from the client; The RSA private key decrypts the login information and the first AES key; confirms whether the login information is accurate; generates confirmation information and a second AES key when the login information is accurate; encrypts by the first AES key The confirmation information and the second AES key, and send the encrypted confirmation information and the second AES key to the client; receive the original message of the service request encrypted by the second AES key, according to The original message generates a response message after processing the service request; encrypts the response message with a second AES key, and sends the encrypted response message to the client.
一种非易失性可读存储介质,所述非易失性可读存储介质存储有至少一个计算机可读指令,所述至少一个计算机可读指令被处理器执行时实现以下步骤:发送请求信息至服务端以获取RSA公钥;接收访问业务系统的登录信息,并生成第一AES密钥;通过所述RSA公钥对所述登录信息和所述第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;接收服务端发送的加密后的所述确认信息和第二AES密钥;通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;接收对所述业务系统访问的业务请求;通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。A non-volatile readable storage medium, the non-volatile readable storage medium stores at least one computer readable instruction, and when the at least one computer readable instruction is executed by a processor, the following steps are implemented: sending request information To the server to obtain the RSA public key; receive the login information for accessing the business system, and generate the first AES key; encrypt the login information and the first AES key by the RSA public key, and encrypt The latter information is sent to the server, so that the server generates confirmation information and a second AES key after confirming that the login information is accurate; receives the encrypted confirmation information and the second AES key sent by the server Decrypt the encrypted confirmation information and the second AES key by the first AES key to obtain the second AES key; receive the service request for access to the service system; pass the second AES key Encrypt the original message of the service request, and send the encrypted original message to the server, so that the server generates a response message after processing the service request according to the original message.
一种非易失性可读存储介质,所述非易失性可读存储介质存储有至少一个计算机可读指令,所述至少一个计算机可读指令被处理器执行时实现以下步骤:A non-volatile readable storage medium storing at least one computer readable instruction, and when the at least one computer readable instruction is executed by a processor, the following steps are implemented:
接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;发送所述RSA公钥至所述客户端;接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;通过所述RSA私钥解密所述登录信息和第一AES密钥;确认所述登录信息是否准确; 当所述登录信息准确时生成确认信息和第二AES密钥;通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。Receive request information sent by the client, and generate an RSA public key and an RSA private key; send the RSA public key to the client; receive the login information encrypted by the RSA public key and the first AES secret sent by the client Key; decrypt the login information and the first AES key by the RSA private key; confirm whether the login information is accurate; generate the confirmation information and the second AES key when the login information is accurate; pass the first The AES key encrypts the confirmation information and the second AES key, and sends the encrypted confirmation information and the second AES key to the client; receiving the original service request encrypted by the second AES key Message, generating a response message after processing the service request according to the original message; encrypting the response message with a second AES key, and sending the encrypted response message to the client.
由以上技术方案可知,本申请提供的信息传输方法、装置、客户端、服务端及存储介质,先将关键信息(如登录信息)通过非对称加密后传送,后将非关键信息(如确认信息)通过对称加密方式传送,达到提高信息传送效率及提高信息安全性的效果。It can be seen from the above technical solutions that the information transmission method, device, client, server, and storage medium provided by this application first transmit key information (such as login information) through asymmetric encryption, and then transfer non-key information (such as confirmation information). ) Transmission through symmetric encryption, to achieve the effect of improving information transmission efficiency and improving information security.
附图说明Description of the drawings
图1是本申请实施例一提供信息传输方法的应用环境架构图。FIG. 1 is a diagram of the application environment architecture of the information transmission method provided in the first embodiment of the present application.
图2是本申请实施例二提供信息传输方法的流程图。Fig. 2 is a flowchart of a method for information transmission provided in the second embodiment of the present application.
图3是本申请实施例三提供信息传输方法的流程图。Fig. 3 is a flowchart of a method for information transmission provided in the third embodiment of the present application.
图4是本申请实施例四提供的信息传输装置的结构图。FIG. 4 is a structural diagram of an information transmission device provided by Embodiment 4 of the present application.
图5是本申请实施例五提供的信息传输装置的结构图。FIG. 5 is a structural diagram of an information transmission device provided in Embodiment 5 of the present application.
图6是本申请实施例六提供的客户端的示意图。FIG. 6 is a schematic diagram of a client provided in Embodiment 6 of the present application.
图7是本申请实施例七提供的服务端的示意图。FIG. 7 is a schematic diagram of a server provided by Embodiment 7 of the present application.
具体实施方式detailed description
实施例一Example one
参阅图1所示,为本申请实施例一提供的信息传输方法的应用环境架构图。Refer to FIG. 1, which is a structural diagram of the application environment of the information transmission method provided in Embodiment 1 of this application.
本申请的用于测试的信息传输方法应用在客户端1和服务端2构成的环境中。所述客户端1和服务端2之间通过有线或无线网络通信连接。该有线网络可以为传统有线通讯的任何类型,例如因特网、局域网。该无线网络可以为传统无线通讯的任何类型,例如无线电、无线保真(Wireless Fidelity,WIFI)、蜂窝、卫星、广播等。The information transmission method used for testing of this application is applied in the environment formed by the client 1 and the server 2. The client 1 and the server 2 are connected through a wired or wireless network communication. The wired network can be any type of traditional wired communication, such as the Internet and a local area network. The wireless network can be any type of traditional wireless communication, such as radio, wireless fidelity (Wireless Fidelity, WIFI), cellular, satellite, broadcast, etc.
所述客户端1可以包括个人计算机(Personal Computer,PC)、个人数字助理(Personal Digital Assistant,PDA)、无线手持设备、平板电脑(Tablet Computer)、智能手机等。上述客户端1仅是举例,而非穷举,包含但不限于上述终端。所述客户端1可以与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互。The client 1 may include a personal computer (Personal Computer, PC), a personal digital assistant (Personal Digital Assistant, PDA), a wireless handheld device, a tablet computer (Tablet Computer), a smart phone, etc. The foregoing client 1 is merely an example, not an exhaustive list, and includes but is not limited to the foregoing terminal. The client 1 can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device.
在本实施例中,所述客户端1上安装有业务系统,当用户需要通过该业务系统进行 业务处理时,所述客户端1可通过所述业务系统向服务端2发送业务请求。所述服务端2可以是银行系统服务端,如平安银行系统服务端。In this embodiment, a business system is installed on the client 1, and when a user needs to perform business processing through the business system, the client 1 can send a business request to the server 2 through the business system. The server 2 may be a banking system server, such as a Ping An Banking system server.
所述服务端2是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(应用程序lication Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。The server 2 is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, an application specific integrated circuit (application license Specific Integrated Circuit). , ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processor (Digital Signal Processor, DSP), embedded equipment, etc.
实施例二Example two
图2是本申请实施例二提供的信息传输方法的流程图。Fig. 2 is a flowchart of the information transmission method provided in the second embodiment of the present application.
在本实施例中,所述信息传输方法可以应用于客户端中,对于需要进行信息传输的客户端,可以直接在客户端上集成本申请的方法所提供的用于测试的多设备管理的功能,或者以软件开发工具包(Software Development Kit,SDK)的形式运行在客户端上。In this embodiment, the information transmission method can be applied to the client. For the client that needs to transmit information, the function of multi-device management for testing provided by the method of this application can be directly integrated on the client. , Or run on the client in the form of a software development kit (SDK).
如图2所示,所述信息传输方法具体包括以下步骤,根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。As shown in Figure 2, the information transmission method specifically includes the following steps. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
步骤S21、发送请求信息至服务端以获取RSA公钥。Step S21: Send the request information to the server to obtain the RSA public key.
在本实施方式中,所述客户端发送请求信息至所述服务端,所述服务端在接收到所述请求信息后生成RSA公钥和RSA私钥,并发送所述RSA公钥至所述客户端。In this embodiment, the client sends request information to the server, and the server generates an RSA public key and an RSA private key after receiving the request information, and sends the RSA public key to the Client.
在本实施方式中,所述RSA(Rivest Shamir Adleman)加密技术是一种非对称加密算法,需要一对密钥(公钥和私钥),公钥用于加密,私钥用于解密。所述RSA加密技术的密钥配发十分方便,用户的公用密钥可以像电话号码一样公开,使用方便。每个用户只需要只有一对密钥即可实现与网路中任何一个用户的保密通信。所述RSA加密技术的加密原理基于单向函数,非法接受者利用公用密钥不可能在有限的时间内推算出秘密密钥,保密性好。然而,RSA加密技术具有加密速度慢的缺陷。In this embodiment, the RSA (Rivest Shamir Adleman) encryption technology is an asymmetric encryption algorithm that requires a pair of keys (a public key and a private key), the public key is used for encryption, and the private key is used for decryption. The key distribution of the RSA encryption technology is very convenient, and the user's public key can be disclosed like a telephone number, which is convenient to use. Each user only needs a pair of keys to realize confidential communication with any user in the network. The encryption principle of the RSA encryption technology is based on a one-way function. It is impossible for an illegal receiver to use the public key to calculate the secret key within a limited time, and the confidentiality is good. However, RSA encryption technology has the disadvantage of slow encryption speed.
在本实施方式中,可以通过RSA加密技术加密关键信息,例如登录业务系统的登录信息等。In this embodiment, key information, such as login information for logging in to the business system, can be encrypted by RSA encryption technology.
步骤S22、接收访问业务系统的登录信息,并生成第一AES密钥。Step S22: Receive login information for accessing the service system, and generate a first AES key.
在本实施方式中,当用户在所述客户端中访问业务系统的时候,所述客户端接收用户访问所述业务系统的的登录信息。所述登录信息至少包括账号和密码等信息。所述用户在所述客户端中登录业务系统的时候,需要输入账号及密码,所述账号及密码为用户访问所述业务系统的关键信息。In this embodiment, when the user accesses the business system in the client, the client receives the login information of the user to access the business system. The login information includes at least information such as account number and password. When the user logs in to the business system in the client, he needs to enter an account and password, and the account and password are key information for the user to access the business system.
然而,为了克服RSA加密速度慢的缺陷,可以将关键信息通过RSA加密后传送, 将非关键信息通过AES加密后传送,从而可以提高信息传送效率及提高信息安全性。However, in order to overcome the shortcomings of RSA encryption speed, key information can be encrypted by RSA and then transmitted, and non-key information can be encrypted by AES and then transmitted, thereby improving information transmission efficiency and improving information security.
所述AES(Advanced Encryption Standard)为高级加密标准,是一种对称的加密算法。AES加密算法过程涉及到四种操作,分别是字节替代、行移位、列混淆和轮密钥加,其解密过程分别为对应的逆操作。由于每一步操作都是可逆的,按照相反的顺序进行解密即可恢复明文。所述AES具有加密速度快的优点。The AES (Advanced Encryption Standard) is an advanced encryption standard and a symmetric encryption algorithm. The AES encryption algorithm process involves four operations, namely byte substitution, row shift, column confusion, and round key addition. The decryption process is the corresponding inverse operation. Since each operation is reversible, the plaintext can be recovered by decrypting in the reverse order. The AES has the advantage of fast encryption speed.
在本实施方式中,通过保密性高的RSA加密技术加密所述关键信息,以防止所述关键信息在传输过程中被窃取。而对于其他非关键信息,则可以通过AES加密算法进行加密,从而提高加密速度。在用户每次访问业务系统时,所述客户端都会临时生成第一AES密钥。用户每一次登陆验证所述业务系统时,客户端都是随机生成所述第一AES密钥。从而可以防止所述第一AES秘钥的泄密,提高信息传输的安全性。In this embodiment, the key information is encrypted by RSA encryption technology with high confidentiality to prevent the key information from being stolen during transmission. As for other non-critical information, it can be encrypted with the AES encryption algorithm to increase the encryption speed. Each time the user accesses the business system, the client will temporarily generate the first AES key. Each time a user logs in to verify the service system, the client randomly generates the first AES key. Therefore, the leakage of the first AES key can be prevented, and the security of information transmission can be improved.
步骤S23、通过所述RSA公钥对所述登录信息和第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥。所述服务端随机生成所述第二AES密钥。Step S23: Encrypt the login information and the first AES key with the RSA public key, and send the encrypted information to the server, so that the server generates a confirmation after confirming that the login information is accurate Information and the second AES key. The server randomly generates the second AES key.
在网络传输中,所述登录信息(如账号与密码)一般不允许通过明文来传输。因此,在本方案中,通过RSA公钥对所述登录信息进行加密,再将加密后的信息发送至所述服务端。若在传输过程中被窃取了RSA加密后的所述登录信息,由于没有对应的RSA私钥,无法对所述加密后的所述登录信息进行RSA解密,也无法获取到所述登录信息。In network transmission, the login information (such as account number and password) is generally not allowed to be transmitted in plain text. Therefore, in this solution, the login information is encrypted by the RSA public key, and then the encrypted information is sent to the server. If the RSA-encrypted login information is stolen during the transmission process, because there is no corresponding RSA private key, the encrypted login information cannot be RSA decrypted, and the login information cannot be obtained.
所述服务端接收到客户端发送的通过RSA加密算法加密的所述登录信息和第一AES密钥后,通过对应的RSA私钥对加密后的所述登录信息和第一AES密钥进行解密,获取到对应加密前的信息(如第一AES密钥与账号、密码等)。After the server receives the login information and the first AES key encrypted by the RSA encryption algorithm sent by the client, it decrypts the encrypted login information and the first AES key by the corresponding RSA private key , To obtain the corresponding information before encryption (such as the first AES key and account number, password, etc.).
在一实施方式中,服务端在获取到解密后的登录信息(如账号密码)后,通过验证所述登录信息是否准确来校验用户的身份是否符合要求。当验证所述登录信息准确时,所述服务端会生成对应的第二AES密钥和确认信息。再通过之前从客户端接收的第一AES密钥,对需要返回至客户端的第二AES密钥与确认信息进行AES加密(对称加密),对称加密过程使用的都是同一的密钥。In one embodiment, after obtaining the decrypted login information (such as account password), the server verifies whether the user's identity meets the requirements by verifying whether the login information is accurate. When verifying that the login information is accurate, the server will generate the corresponding second AES key and confirmation information. Then use the first AES key previously received from the client to perform AES encryption (symmetric encryption) on the second AES key and confirmation information that needs to be returned to the client. The symmetric encryption process uses the same key.
需要说明的是,所述确认信息是在验证所述登录信息准确后生成的一个反馈信息。It should be noted that the confirmation information is a piece of feedback information generated after verifying that the login information is accurate.
具体地,所述服务端验证所述登录信息是否准确的步骤包括:Specifically, the step for the server to verify whether the login information is accurate includes:
比对所述登录信息与所述服务端保存的登录信息是否一致;Compare whether the login information is consistent with the login information saved by the server;
当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;When the login information is consistent with the login information saved by the server, confirm that the login information is accurate;
当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。 所述服务端还保存有与所述登录信息对应的用户信息,所述用户信息可以通过所述确认信息返回至所述客户端。因此,所述确认信息还可以包括用户信息,例如,用户姓名、所在部门等信息。When the login information is inconsistent with the login information saved by the server, it is confirmed that the login information is inaccurate. The server also stores user information corresponding to the login information, and the user information can be returned to the client through the confirmation information. Therefore, the confirmation information may also include user information, for example, user name, department and other information.
步骤S24、接收服务端发送的加密后的确认信息和第二AES密钥。Step S24: Receive the encrypted confirmation information and the second AES key sent by the server.
在本实施方式中,所述服务端在确认所述登录信息准确后,生成确认信息和第二AES密钥,再通过第一AES密钥对所述确认信息和第二AES密钥进行加密,并将加密后的所述确认信息和第二AES密钥发送至所述客户端。In this embodiment, after confirming that the login information is accurate, the server generates confirmation information and a second AES key, and then encrypts the confirmation information and the second AES key by the first AES key, And send the encrypted confirmation information and the second AES key to the client.
步骤S25、通过第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥。Step S25: Decrypt the encrypted confirmation information and the second AES key by the first AES key to obtain the second AES key.
在本实施方式中,所述客户端通过第一AES密钥进行AES解密,从而获取从所述服务端返回的第二AES密钥密钥与确认信息。从而通过所述第二AES密钥对业务请求过程中的信息进行加密,以提高信息传输速度。In this embodiment, the client uses the first AES key to perform AES decryption, thereby obtaining the second AES key key and confirmation information returned from the server. Therefore, the information in the service request process is encrypted by the second AES key, so as to increase the information transmission speed.
上述步骤S21-S25可以实现在用户登录业务系统的过程中,通过RSA加密关键的登录信息,可以保证登录信息的安全性,再通过AES加密非关键的确认信息,从而既保证客户端与服务端之间信息传输时的安全性,也可以兼顾信息传输的效率。The above steps S21-S25 can realize that when the user logs in to the business system, the key login information can be encrypted by RSA to ensure the security of the login information, and then the non-key confirmation information can be encrypted by AES to ensure both the client and the server The security of information transmission between the two can also take into account the efficiency of information transmission.
在后续用户在所述业务系统进行业务请求的过程中(如步骤S26-S28),可以仅通过服务端生成的正式AES加密秘钥对业务请求过程中参数进行加密并传输,避免采用加密速度慢的RSA加密,从而可以大大提高信息传输的速度。所述正式AES加密秘钥通过服务端生成,并可以随时更改。In the subsequent process of the user making a business request in the business system (such as steps S26-S28), the parameters in the business request process can be encrypted and transmitted only through the official AES encryption key generated by the server, avoiding slow encryption speed RSA encryption, which can greatly increase the speed of information transmission. The formal AES encryption key is generated by the server and can be changed at any time.
步骤S26、接收对所述业务系统访问的业务请求。Step S26: Receive a service request for access to the service system.
在本实施方式中,在用户安全登录所述业务系统后开始对所述业务系统进行业务请求。例如,用户在登录平安银行系统后,执行查询余额的业务请求。In this embodiment, after the user safely logs in to the service system, the service request to the service system is started. For example, after logging in to Ping An Bank's system, a user executes a business request for checking balance.
在本实施方式中,当用户在所述客户端对所述预设系统进行业务请求时,通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的信息至服务端。所述业务请求的一般为http请求,所述http请求中的请求参数通过URL或者request body等形式传输。但是由于http请求的开放性,使得请求参数很容易被拦截篡改。因此,需要对请求参数进行加签,然后在请求接受方(如服务端)对请求参数进行验签,确保两个签名是一样的,验签通过之后请求处理方就可以进行业务逻辑处理了。但是,加签和验签只能解决请求传输过程中参数篡改的问题,并不能解决敏感参数传输的安全性问题。故本案中通过所述第二AES密钥对所述业务请求的原始报文进行加密,以确保信息安全 性。In this embodiment, when the user makes a service request to the preset system at the client, the original message of the service request is encrypted by the second AES key, and the encrypted information is sent To the server. The service request is generally an http request, and the request parameters in the http request are transmitted in the form of URL or request body. However, due to the openness of http requests, request parameters are easily intercepted and tampered. Therefore, it is necessary to sign the request parameters, and then verify the request parameters at the request recipient (such as the server) to ensure that the two signatures are the same. After the verification is passed, the request processor can perform business logic processing. However, signing and verification can only solve the problem of parameter tampering during request transmission, and cannot solve the security problem of sensitive parameter transmission. Therefore, in this case, the original message of the service request is encrypted by the second AES key to ensure information security.
具体地,所述客户端通过一哈希函数从原始报文文本中生成报文摘要,然后用所述第二AES密钥对所述摘要进行加密,得到的就是所述原始报文对应的数字签名。通常来说,客户端会将所述数字签名和所述原始报文一并发送给服务端。Specifically, the client generates a message digest from the original message text through a hash function, and then encrypts the digest with the second AES key, and what is obtained is the number corresponding to the original message signature. Generally speaking, the client will send the digital signature and the original message to the server together.
优选地,所述客户端在对原始报文进行签名时,可以设置所述签名的有效性。例如,将所述签名设置成检验(验签)一次就失效,所以就算被中间人窃取到所述数字签名和所述原始报文也无法再次对服务端发起请求。Preferably, when the client signs the original message, the validity of the signature can be set. For example, if the signature is set to check (signature verification) once, it becomes invalid, so even if the digital signature and the original message are stolen by an intermediary, it is impossible to initiate a request to the server again.
步骤S27、通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。Step S27: Encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, so that the server processes the service request according to the original message. Generate a response message.
可以理解的是,所述服务端需要对所述原始报文进行验签。所述验签指服务端得到原始报文和数字签名后,用同一个哈希函数从所述原始报文中生成摘要A,另外,用所述服务端通过第二AES密钥对数字签名进行解密,得到摘要B,对比A和B是否相同,就可以得知所述原始报文有没有被篡改过。It is understandable that the server needs to verify the signature of the original message. The signature verification means that after the server obtains the original message and the digital signature, it uses the same hash function to generate digest A from the original message. In addition, the server uses the second AES key to perform digital signature After decryption, the digest B is obtained. By comparing whether A and B are the same, it can be known whether the original message has been tampered with.
步骤S28、接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。Step S28: Receive the encrypted response message sent by the server, and decrypt the encrypted response message by using the second AES key to obtain the response message.
从上述步骤S26-S28可知,最终客户端在接收到服务端发送的第二AES密钥后,所述服务端也有第二AES密钥。所述客户端与服务端之间的网络通讯就是对网络模块的信息进行AES加密与解密,在此过程中,通过AES加密与解密就能有效的保证传输信息的安全。网络模块中的签名和验签的过程为了保证传输的信息完整性,防止篡改。From the above steps S26-S28, it can be known that after the client finally receives the second AES key sent by the server, the server also has the second AES key. The network communication between the client and the server is to perform AES encryption and decryption on the information of the network module. In this process, the AES encryption and decryption can effectively ensure the security of the transmitted information. The signature and verification process in the network module is to ensure the integrity of the transmitted information and prevent tampering.
实施例三Example three
图3是本申请实施例三提供信息传输方法的流程图。Fig. 3 is a flowchart of a method for information transmission provided in the third embodiment of the present application.
在本实施例中,所述信息传输方法可以应用于服务端中,对于需要进行信息传输的服务端,可以直接在服务端上集成本申请的方法所提供的信息传输功能,或者以软件开发工具包(Software Development Kit,SDK)的形式运行在服务端上。In this embodiment, the information transmission method can be applied to the server. For the server that needs information transmission, the information transmission function provided by the method of this application can be directly integrated on the server, or a software development tool The package (Software Development Kit, SDK) runs on the server.
如图3所示,所述信息传输方法具体包括以下步骤,根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。As shown in FIG. 3, the information transmission method specifically includes the following steps. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
步骤S31、接收客户端发送的请求信息,并生成RSA公钥和RSA私钥。Step S31: Receive the request information sent by the client, and generate an RSA public key and an RSA private key.
在本实施方式中,当用户需要访问业务系统时,可以通过所述客户端发送请求信息至所述服务端,所述服务端在接收到所述请求信息后生成RSA公钥和RSA私钥,并发 送所述RSA公钥至所述客户端。In this embodiment, when the user needs to access the business system, the client can send request information to the server, and the server generates the RSA public key and the RSA private key after receiving the request information, And send the RSA public key to the client.
步骤S32、发送所述RSA公钥至所述客户端。Step S32: Send the RSA public key to the client.
在本实施方式中,所述客户端接收所述服务端发送的RSA公钥。在用户访问所述业务系统时,所述客户端接收用户输入的登录信息并生成第一AES密钥。所述RSA公钥用于对所述登录信息和第一AES密钥加密。In this embodiment, the client receives the RSA public key sent by the server. When the user accesses the business system, the client receives the login information input by the user and generates a first AES key. The RSA public key is used to encrypt the login information and the first AES key.
步骤S33、接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥。Step S33: Receive the login information encrypted by the RSA public key and the first AES key sent by the client.
在客户端通过RSA公钥对所述登录信息和第一AES密钥加密后,发送加密后的所述登录信息和第一AES密钥至所述服务端。After the client encrypts the login information and the first AES key with the RSA public key, it sends the encrypted login information and the first AES key to the server.
在网络传输中,所述登录信息(如账号与密码)一般不允许通过明文来传输。因此,在本方案中,通过RSA公钥对所述登录信息进行加密,再将加密后的信息发送至所述服务端。In network transmission, the login information (such as account number and password) is generally not allowed to be transmitted in plain text. Therefore, in this solution, the login information is encrypted by the RSA public key, and then the encrypted information is sent to the server.
步骤S34、通过所述RSA私钥解密所述登录信息和第一AES密钥。Step S34: Decrypt the login information and the first AES key by using the RSA private key.
所述服务端通过之前生成的RSA私钥对加密后的登录信息和第一AES密钥进行解密,以得到所述登录信息和第一AES密钥。The server decrypts the encrypted login information and the first AES key through the previously generated RSA private key to obtain the login information and the first AES key.
步骤S35、确认所述登录信息是否准确。当所述登录信息准确时,进入步骤S36;当所述登录信息不准确时,返回步骤S33。Step S35: Confirm whether the login information is accurate. When the login information is accurate, go to step S36; when the login information is inaccurate, go back to step S33.
所述服务端在获取到解密后的登录信息(如账号密码)后,通过验证所述登录信息是否准确来校验用户的身份是否符合要求。当验证所述登录信息准确时,所述服务端会生成对应的第二AES密钥和确认信息。再通过之前从客户端接收的第一AES密钥,对需要返回至客户端的第二AES密钥与确认信息进行AES加密(对称加密),对称加密过程使用的都是同一的密钥。After obtaining the decrypted login information (such as account password), the server verifies whether the user's identity meets the requirements by verifying whether the login information is accurate. When verifying that the login information is accurate, the server will generate the corresponding second AES key and confirmation information. Then use the first AES key previously received from the client to perform AES encryption (symmetric encryption) on the second AES key and confirmation information that needs to be returned to the client. The symmetric encryption process uses the same key.
在本实施方式中,确认信息还包括用户信息,例如,用户姓名、所在部门等信息。In this embodiment, the confirmation information also includes user information, for example, user name, department, and other information.
具体地,所述服务端验证所述登录信息是否准确的步骤包括:比对所述登录信息与所述服务端保存的登录信息是否一致;当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。Specifically, the step of verifying whether the login information is accurate by the server includes: comparing whether the login information is consistent with the login information saved by the server; when the login information is consistent with the login information saved by the server When they are consistent, confirm that the login information is accurate; when the login information is inconsistent with the login information saved by the server, confirm that the login information is inaccurate.
步骤S36、当所述登录信息准确时生成确认信息和第二AES密钥。Step S36: Generate confirmation information and a second AES key when the login information is accurate.
所述第二AES密钥用于加密客户端发送的业务请求的原始报文,从而可以对所述业务请求进行加密保护。The second AES key is used to encrypt the original message of the service request sent by the client, so that the service request can be encrypted and protected.
步骤S37、通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加 密后的所述确认信息和第二AES密钥至所述客户端。Step S37: Encrypt the confirmation information and the second AES key with the first AES key, and send the encrypted confirmation information and the second AES key to the client.
在本实施方式中,所述服务端在确认所述登录信息准确后,生成确认信息和第二AES密钥,再通过第一AES密钥对所述确认信息和第二AES密钥进行加密,并将加密后的所述确认信息和第二AES密钥发送至所述客户端。由此,完成了用户访问业务系统的流程。In this embodiment, after confirming that the login information is accurate, the server generates confirmation information and a second AES key, and then encrypts the confirmation information and the second AES key by the first AES key, And send the encrypted confirmation information and the second AES key to the client. As a result, the process for users to access the business system is completed.
在后续用户对所述业务系统进行业务请求的过程中,还可以继续对业务请求进行加密以保证业务请求的安全性。可以仅通过服务端生成的正式AES加密秘钥对业务请求过程中参数进行加密并传输,避免采用加密速度慢的RSA加密,从而可以大大提高信息传输的速度。所述正式AES加密秘钥通过服务端生成,并可以随时更改。In the subsequent process of the user making a service request to the service system, the service request can also be continuously encrypted to ensure the security of the service request. The parameters in the service request process can be encrypted and transmitted only through the official AES encryption key generated by the server, avoiding the use of RSA encryption with slow encryption speed, which can greatly improve the speed of information transmission. The formal AES encryption key is generated by the server and can be changed at any time.
步骤S38、接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文。Step S38: Receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message.
所述客户端接收对所述业务系统的业务请求,通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的信息至服务端。The client receives the service request for the service system, encrypts the original message of the service request by the second AES key, and sends the encrypted information to the server.
在本实施方式中,当用户在所述客户端对所述业务系统进行业务请求时,通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的信息至服务端。所述业务请求的一般为http请求,所述http请求中的请求参数通过URL或者request body等形式传输。但是由于http请求的开放性,使得请求参数很容易被拦截篡改。因此,需要对请求参数进行加签,然后在请求接受方(如服务端)对请求参数进行验签,确保两个签名是一样的,验签通过之后请求处理方就可以进行业务逻辑处理了。但是,加签和验签只能解决请求传输过程中参数篡改的问题,并不能解决敏感参数传输的安全性问题。故本案中通过所述第二AES密钥对所述业务请求的原始报文进行加密,以确保信息安全性。In this embodiment, when the user makes a service request to the service system at the client, the original message of the service request is encrypted by the second AES key, and the encrypted information is sent to Server. The service request is generally an http request, and the request parameters in the http request are transmitted in the form of URL or request body. However, due to the openness of http requests, request parameters are easily intercepted and tampered. Therefore, it is necessary to sign the request parameters, and then verify the request parameters at the request recipient (such as the server) to ensure that the two signatures are the same. After the verification is passed, the request processor can perform business logic processing. However, signature and verification can only solve the problem of parameter tampering during request transmission, and cannot solve the security problem of sensitive parameter transmission. Therefore, in this case, the original message of the service request is encrypted by the second AES key to ensure information security.
步骤S39,通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。Step S39: Encrypt the response message by using the second AES key, and send the encrypted response message to the client.
在本实施方式中,服务端通过第二AES密钥对所述加密后的信息进行解密得到所述原始报文,并根据所述原始报文执行业务处理,在业务处理完成后生成响应报文,再通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。In this embodiment, the server decrypts the encrypted information using the second AES key to obtain the original message, and executes service processing based on the original message, and generates a response message after the service processing is completed , Encrypt the response message with the second AES key, and send the encrypted response message to the client.
可以理解的是,所述服务端需要对所述原始报文进行验签。所述验签指服务端得到原始报文和数字签名后,用同一个哈希函数从所述原始报文中生成摘要A,另外,用所述服务端通过第二AES密钥对数字签名进行解密,得到摘要B,对比A和B是否相同, 就可以得知所述原始报文有没有被篡改过。It is understandable that the server needs to verify the signature of the original message. The signature verification means that after the server obtains the original message and the digital signature, it uses the same hash function to generate digest A from the original message. In addition, the server uses the second AES key to perform digital signature After decryption, digest B is obtained, and by comparing whether A and B are the same, it can be known whether the original message has been tampered with.
从上述步骤S38-S39可知,最终客户端在接收到服务端发送的第二AES密钥后,所述服务端也有第二AES密钥。所述客户端与服务端之间的网络通讯就是对网络模块的信息进行AES加密与解密,在此过程中,通过AES加密与解密就能有效的保证传输信息的安全。网络模块中的签名和验签的过程为了保证传输的信息完整性,防止篡改。It can be known from the above steps S38-S39 that after the client finally receives the second AES key sent by the server, the server also has the second AES key. The network communication between the client and the server is to perform AES encryption and decryption on the information of the network module. In this process, the AES encryption and decryption can effectively ensure the security of the transmitted information. The signature and verification process in the network module is to ensure the integrity of the transmitted information and prevent tampering.
综上所述,本申请实施例中所述的信息传输方法,通过RSA公钥对用户登录业务系统时的登录信息进行加密,而通过第一AES密钥加密确认信息及通过第二AES密钥加密业务请求的原始报文的加密方式。实现采用非对称(RSA)和对称(AES)加密方式组合进行信息传送。从而先将关键信息(如登录信息)通过非对称加密后传送,后将非关键信息(如确认信息)通过对称加密方式传送,达到提高信息传送效率及提高信息安全性的效果。In summary, the information transmission method described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key. Encryption mode of the original message requested by the encrypted service. Realize the combination of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to improve the efficiency of information transmission and the effect of improving information security.
实施例四Example four
参阅图4所示,是本申请实施例四提供的信息传输装置的结构图。Refer to FIG. 4, which is a structural diagram of an information transmission device provided in Embodiment 4 of the present application.
在一些实施例中,所述信息传输装置30运行于客户端中。所述客户端和服务端之间通过有线或无线网络通信连接。所述信息传输装置30可以包括多个由程序代码段所组成的功能模块。所述信息传输装置30中的各个程序段的程序代码可以存储于客户端的存储器中,并由所述至少一个处理器所执行,以执行信息安全传输。In some embodiments, the information transmission device 30 runs in the client. The client and the server are connected through a wired or wireless network communication. The information transmission device 30 may include multiple functional modules composed of program code segments. The program code of each program segment in the information transmission device 30 may be stored in the memory of the client and executed by the at least one processor to perform secure information transmission.
本实施例中,所述信息传输装置30根据其所执行的功能,可以被划分为多个功能模块。所述功能模块可以包括:发送模块301、接收模块302、加密模块303及解密模块304。本申请所称的模块是指一种能够被至少一个处理器所执行并且能够完成固定功能的一系列计算机可读指令段,其存储在存储器中。In this embodiment, the information transmission device 30 can be divided into multiple functional modules according to the functions it performs. The functional modules may include: a sending module 301, a receiving module 302, an encryption module 303, and a decryption module 304. The module referred to in this application refers to a series of computer-readable instruction segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory.
发送模块301用于发送请求信息至服务端以获取RSA公钥。The sending module 301 is used to send request information to the server to obtain the RSA public key.
接收模块302用于接收访问业务系统的登录信息,并生成第一AES密钥。The receiving module 302 is configured to receive login information for accessing the service system, and generate a first AES key.
加密模块303用于通过所述RSA公钥对所述登录信息和第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥。The encryption module 303 is configured to encrypt the login information and the first AES key using the RSA public key, and send the encrypted information to the server, so that the server confirms that the login information is accurate Generate confirmation information and the second AES key.
所述接收模块302还用于接收服务端发送的加密后的确认信息和第二AES密钥。The receiving module 302 is also configured to receive the encrypted confirmation information and the second AES key sent by the server.
解密模块304用于通过第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥。The decryption module 304 is configured to decrypt the encrypted confirmation information and the second AES key using the first AES key to obtain the second AES key.
所述接收模块302还用于接收对所述业务系统访问的业务请求。The receiving module 302 is further configured to receive a service request for access to the service system.
所述加密模块303还用于通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。The encryption module 303 is further configured to encrypt the original message of the service request using the second AES key, and send the encrypted original message to the server, so that the server processes the original message according to the original message. A response message is generated after the service request.
所述解密模块304还用于接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。The decryption module 304 is further configured to receive the encrypted response message sent by the server, and decrypt the encrypted response message using the second AES key to obtain the response message.
综上所述,本申请实施例中所述的信息传输装置,通过RSA公钥对用户登录业务系统时的登录信息进行加密,而通过第一AES密钥加密确认信息及通过第二AES密钥加密业务请求的原始报文的加密方式。实现采用非对称(RSA)和对称(AES)加密方式组合进行信息传送。从而先将关键信息(如登录信息)通过非对称加密后传送,后将非关键信息(如确认信息)通过对称加密方式传送,达到提高信息传送效率及提高信息安全性的效果。To sum up, the information transmission device described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key. Encryption mode of the original message requested by the encrypted service. Realize the combination of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to improve the efficiency of information transmission and the effect of improving information security.
实施例五Example five
参阅图5所示,是本申请实施例五提供的信息传输装置的结构图。Refer to FIG. 5, which is a structural diagram of an information transmission device provided in Embodiment 5 of the present application.
在一些实施例中,所述信息传输装置40运行于服务端中。所述服务端与客户端之间通过有线或无线网络通信连接。所述信息传输装置40可以包括多个由程序代码段所组成的功能模块。所述信息传输装置40中的各个程序段的程序代码可以存储于服务端的存储器中,并由所述至少一个处理器所执行,以执行信息安全传输。In some embodiments, the information transmission device 40 runs in a server. The server and the client are connected through wired or wireless network communication. The information transmission device 40 may include multiple functional modules composed of program code segments. The program code of each program segment in the information transmission device 40 may be stored in the memory of the server and executed by the at least one processor to perform secure information transmission.
本实施例中,所述信息传输装置40根据其所执行的功能,可以被划分为多个功能模块。所述功能模块可以包括:接收模块401、发送模块402、解密模块403、确认模块404、生成模块405及加密模块406。本申请所称的模块是指一种能够被至少一个处理器所执行并且能够完成固定功能的一系列计算机可读指令段,其存储在存储器中。In this embodiment, the information transmission device 40 can be divided into multiple functional modules according to the functions it performs. The functional modules may include: a receiving module 401, a sending module 402, a decryption module 403, a confirmation module 404, a generation module 405, and an encryption module 406. The module referred to in this application refers to a series of computer-readable instruction segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory.
接收模块401用于接收客户端发送的请求信息,并生成RSA公钥和RSA私钥。The receiving module 401 is configured to receive request information sent by the client, and generate an RSA public key and an RSA private key.
发送模块402用于发送所述RSA公钥至所述客户端。The sending module 402 is configured to send the RSA public key to the client.
接收模块401还用于接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥。The receiving module 401 is further configured to receive the login information encrypted by the RSA public key and the first AES key sent by the client.
解密模块403用于通过所述RSA私钥解密所述登录信息和第一AES密钥。The decryption module 403 is configured to decrypt the login information and the first AES key by using the RSA private key.
确认模块404用于确认所述登录信息是否准确。The confirmation module 404 is used to confirm whether the login information is accurate.
生成模块405用于当所述登录信息准确时生成确认信息和第二AES密钥。The generating module 405 is configured to generate confirmation information and a second AES key when the login information is accurate.
加密模块406用于通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端。The encryption module 406 is configured to encrypt the confirmation information and the second AES key by using the first AES key, and send the encrypted confirmation information and the second AES key to the client.
所述接收模块401还用于接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文。The receiving module 401 is further configured to receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message.
所述发送模块402还用于通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。The sending module 402 is further configured to encrypt the response message by using the second AES key, and send the encrypted response message to the client.
综上所述,本申请实施例中所述的信息传输装置,通过RSA公钥对用户登录业务系统时的登录信息进行加密,而通过第一AES密钥加密确认信息及通过第二AES密钥加密业务请求的原始报文的加密方式。实现采用非对称(RSA)和对称(AES)加密方式组合进行信息传送。从而先将关键信息(如登录信息)通过非对称加密后传送,后将非关键信息(如确认信息)通过对称加密方式传送,达到提高信息传送效率及提高信息安全性的效果。To sum up, the information transmission device described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key. Encryption mode of the original message requested by the encrypted service. Realize the use of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to achieve the effect of improving information transmission efficiency and improving information security.
实施例六Example Six
参阅图6所示,为本申请实施例六提供的客户端的结构示意图。在本申请较佳实施例中,所述客户端1包括存储器11、至少一个处理器12、存储在所述存储器11中并可在所述至少一个处理器12上运行的计算机可读指令14及至少一条通讯总线13。Refer to FIG. 6, which is a schematic structural diagram of a client provided in Embodiment 6 of this application. In a preferred embodiment of the present application, the client 1 includes a memory 11, at least one processor 12, computer-readable instructions 14 stored in the memory 11 and running on the at least one processor 12, and At least one communication bus 13.
本领域技术人员应该了解,图6示出的客户端可以包括比图示更多或更少的其他硬件或者软件,或者不同的部件布置。Those skilled in the art should understand that the client shown in FIG. 6 may include more or less other hardware or software, or different component arrangements than shown.
在一些实施例中,所述客户端1是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的终端,其硬件包括但不限于微处理器、专用集成电路、可编程门阵列、数字处理器及嵌入式设备等。所述客户端1还可包括客户设备,所述客户设备包括但不限于任何一种可与客户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、数码相机等。In some embodiments, the client 1 is a terminal that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. Its hardware includes but is not limited to a microprocessor, an application specific integrated circuit, Programmable gate arrays, digital processors and embedded devices, etc. The client 1 may also include client equipment, which includes, but is not limited to, any electronic product that can interact with the client through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, Personal computers, tablet computers, smart phones, digital cameras, etc.
需要说明的是,所述客户端1仅为举例,其他现有的或今后可能出现的电子产品如可适应于本申请,也应包含在本申请的保护范围以内,并以引用方式包含于此。It should be noted that the client 1 is only an example, and other existing or future electronic products that can be adapted to this application should also be included in the scope of protection of this application and included here by reference .
在一些实施例中,所述存储器11用于存储程序代码和各种数据,例如安装在所述客户端1中的信息传输装置30,并在客户端1的运行过程中实现高速、自动地完成程序或数据的存取。所述存储器11包括只读存储器(Read-Only Memory,ROM)、可编程只读存储器(Programmable Read-Only Memory,PROM)、可擦除可编程只读存储器(Erasable Programmable Read-Only Memory,EPROM)、一次可编程只读存储器(One-time Programmable Read-Only Memory,OTPROM)、电子擦除式可复写只读存储器(Electrically-Erasable Programmable Read-Only Memory,EEPROM)、只读光盘(Compact Disc Read-Only Memory, CD-ROM)或其他光盘存储器、磁盘存储器、磁带存储器、或者任何其他能够用于携带或存储数据的非易失性可读的存储介质。In some embodiments, the memory 11 is used to store program codes and various data, such as the information transmission device 30 installed in the client 1, and achieve high-speed and automatic completion during the operation of the client 1 Access to programs or data. The memory 11 includes Read-Only Memory (ROM), Programmable Read-Only Memory (PROM), and Erasable Programmable Read-Only Memory (EPROM) , One-time Programmable Read-Only Memory (OTPROM), Electronically-Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disk storage, magnetic disk storage, tape storage, or any other non-volatile readable storage medium that can be used to carry or store data.
在一些实施例中,所述至少一个处理器12可以由集成电路组成,例如可以由单个封装的集成电路所组成,也可以是由多个相同功能或不同功能封装的集成电路所组成,包括一个或者多个中央处理器(Central Processing unit,CPU)、微处理器、数字处理芯片、图形处理器及各种控制芯片的组合等。所述至少一个处理器12是所述客户端1的控制核心(Control Unit),利用各种接口和线路连接整个客户端1的各个部件,通过运行或执行存储在所述存储器11内的程序或者模块,以及调用存储在所述存储器11内的数据,以执行客户端1的各种功能和处理数据,例如执行信息安全传输的目的。In some embodiments, the at least one processor 12 may be composed of integrated circuits, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions, including one Or a combination of multiple central processing units (CPU), microprocessors, digital processing chips, graphics processors, and various control chips. The at least one processor 12 is the control core (Control Unit) of the client 1, which uses various interfaces and lines to connect the various components of the entire client 1, and runs or executes programs stored in the memory 11 or Modules, and call data stored in the memory 11 to perform various functions of the client 1 and process data, for example, for the purpose of secure information transmission.
在一些实施例中,所述至少一条通信总线13被设置为实现所述存储器11以及所述至少一个处理器12等之间的连接通信。In some embodiments, the at least one communication bus 13 is configured to implement connection and communication between the memory 11 and the at least one processor 12 and the like.
尽管未示出,所述客户端1还可以包括给各个部件供电的电源(比如电池),优选的,电源可以通过电源管理装置与所述至少一个处理器12逻辑相连,从而通过电源管理装置实现管理充电、放电、以及功耗管理等功能。电源还可以包括一个或一个以上的直流或交流电源、再充电装置、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。所述客户端1还可以包括多种传感器、蓝牙模块、Wi-Fi模块等,在此不再赘述。Although not shown, the client 1 may also include a power source (such as a battery) for supplying power to various components. Preferably, the power source may be logically connected to the at least one processor 12 through a power management device, thereby being implemented by the power management device Manage functions such as charging, discharging, and power management. The power supply may also include one or more DC or AC power supplies, recharging devices, power failure detection circuits, power converters or inverters, power supply status indicators and other arbitrary components. The client 1 may also include various sensors, Bluetooth modules, Wi-Fi modules, etc., which will not be repeated here.
上述以软件功能模块的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能模块存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,终端,或者网络设备等)或处理器(processor)执行本申请各个实施例所述方法的部分。The above-mentioned integrated unit implemented in the form of a software function module may be stored in a computer readable storage medium. The above-mentioned software function module is stored in a storage medium and includes several instructions to make a computer device (which may be a personal computer, a terminal, or a network device, etc.) or a processor execute the method described in each embodiment of the present application. section.
在进一步的实施例中,结合图4,所述至少一个处理器12可执行所述客户端1的操作装置以及安装的各类应用程序(如上所述的信息传输装置30)、程序代码等,例如,上述的各个模块。In a further embodiment, with reference to FIG. 4, the at least one processor 12 can execute the operating device of the client 1 and various installed applications (the information transmission device 30 described above), program codes, etc., For example, the various modules mentioned above.
所述存储器11中存储有计算机可读指令,且所述至少一个处理器12可调用所述存储器11中存储的计算机可读指令以执行相关的功能。例如,图4中所述的各个模块是存储在所述存储器11中的一系列计算机可读指令,并由所述至少一个处理器12所执行,从而实现所述各个模块的功能以达到信息安全传输的目的。The memory 11 stores computer-readable instructions, and the at least one processor 12 can call the computer-readable instructions stored in the memory 11 to perform related functions. For example, the various modules described in FIG. 4 are a series of computer-readable instructions stored in the memory 11 and executed by the at least one processor 12, so as to realize the functions of the various modules to achieve information security. The purpose of the transmission.
在本申请的一个实施例中,所述存储器11存储多个计算机可读指令,所述多个计算机可读指令被所述至少一个处理器12所执行以实现信息安全传输的目的。In an embodiment of the present application, the memory 11 stores multiple computer-readable instructions, and the multiple computer-readable instructions are executed by the at least one processor 12 to achieve the purpose of secure information transmission.
具体地,所述至少一个处理器12对上述指令的具体实现方法可参考图2对应实施例中相关步骤的描述,在此不赘述。Specifically, for the specific implementation method of the at least one processor 12 on the foregoing instructions, reference may be made to the description of the relevant steps in the embodiment corresponding to FIG. 2, which is not repeated here.
实施例七Example Seven
参阅图7所示,为本申请实施例七提供的服务端的结构示意图。在本申请较佳实施例中,所述服务端2包括存储器21、至少一个处理器22、存储在所述存储器21中并可在所述至少一个处理器22上运行的计算机可读指令24及至少一条通讯总线23。Refer to FIG. 7, which is a schematic structural diagram of the server provided in the seventh embodiment of this application. In a preferred embodiment of the present application, the server 2 includes a memory 21, at least one processor 22, computer-readable instructions 24 stored in the memory 21 and running on the at least one processor 22, and At least one communication bus 23.
本领域技术人员应该了解,图7示出的服务端2可以包括比图示更多或更少的其他硬件或者软件,或者不同的部件布置。Those skilled in the art should understand that the server 2 shown in FIG. 7 may include more or less other hardware or software, or different component arrangements than shown.
在一些实施例中,所述服务端2是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的终端,其硬件包括但不限于微处理器、专用集成电路、可编程门阵列、数字处理器及嵌入式设备等。所述服务端2还可包括客户设备,所述客户设备包括但不限于任何一种可与客户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、数码相机等。In some embodiments, the server 2 is a terminal that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes but is not limited to a microprocessor, an application specific integrated circuit, Programmable gate arrays, digital processors and embedded devices, etc. The server 2 may also include client equipment, which includes, but is not limited to, any electronic product that can interact with the client through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, Personal computers, tablet computers, smart phones, digital cameras, etc.
需要说明的是,所述服务端2仅为举例,其他现有的或今后可能出现的电子产品如可适应于本申请,也应包含在本申请的保护范围以内,并以引用方式包含于此。It should be noted that the server 2 is only an example, and other existing or future electronic products that can be adapted to this application should also be included in the scope of protection of this application and included here by reference .
在一些实施例中,所述存储器21用于存储程序代码和各种数据,例如安装在所述服务端2中的信息传输装置40,并在服务端2的运行过程中实现高速、自动地完成程序或数据的存取。所述存储器21包括只读存储器(Read-Only Memory,ROM)、可编程只读存储器(Programmable Read-Only Memory,PROM)、可擦除可编程只读存储器(Erasable Programmable Read-Only Memory,EPROM)、一次可编程只读存储器(One-time Programmable Read-Only Memory,OTPROM)、电子擦除式可复写只读存储器(Electrically-Erasable Programmable Read-Only Memory,EEPROM)、只读光盘(Compact Disc Read-Only Memory,CD-ROM)或其他光盘存储器、磁盘存储器、磁带存储器、或者任何其他能够用于携带或存储数据的非易失性可读的存储介质。In some embodiments, the memory 21 is used to store program codes and various data, such as the information transmission device 40 installed in the server 2, and achieve high-speed and automatic completion during the operation of the server 2 Access to programs or data. The memory 21 includes a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), and an Erasable Programmable Read-Only Memory (EPROM). , One-time Programmable Read-Only Memory (OTPROM), Electronically-Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disk storage, magnetic disk storage, tape storage, or any other non-volatile readable storage medium that can be used to carry or store data.
在一些实施例中,所述至少一个处理器22可以由集成电路组成,例如可以由单个封装的集成电路所组成,也可以是由多个相同功能或不同功能封装的集成电路所组成,包括一个或者多个中央处理器(Central Processing unit,CPU)、微处理器、数字处理芯片、图形处理器及各种控制芯片的组合等。所述至少一个处理器22是所述服务端2的控制核心(Control Unit),利用各种接口和线路连接整个服务端2的各个部件,通过运行或执行存储在所述存储器21内的程序或者模块,以及调用存储在所述存储器21内的数 据,以执行服务端2的各种功能和处理数据,例如执行信息安全传输的目的。In some embodiments, the at least one processor 22 may be composed of integrated circuits, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions, including one Or a combination of multiple central processing units (CPU), microprocessors, digital processing chips, graphics processors, and various control chips. The at least one processor 22 is the control core (Control Unit) of the server 2, which uses various interfaces and lines to connect the various components of the entire server 2, by running or executing programs stored in the memory 21 or Modules, and call data stored in the memory 21 to perform various functions of the server 2 and process data, for example, for the purpose of secure information transmission.
在一些实施例中,所述至少一条通信总线23被设置为实现所述存储器21以及所述至少一个处理器22等之间的连接通信。In some embodiments, the at least one communication bus 23 is configured to implement connection and communication between the memory 21 and the at least one processor 22 and the like.
尽管未示出,所述服务端2还可以包括给各个部件供电的电源(比如电池),优选的,电源可以通过电源管理装置与所述至少一个处理器22逻辑相连,从而通过电源管理装置实现管理充电、放电、以及功耗管理等功能。电源还可以包括一个或一个以上的直流或交流电源、再充电装置、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。所述服务端2还可以包括多种传感器、蓝牙模块、Wi-Fi模块等,在此不再赘述。Although not shown, the server 2 may also include a power source (such as a battery) for supplying power to various components. Preferably, the power source may be logically connected to the at least one processor 22 through a power management device, thereby being implemented by a power management device. Manage functions such as charging, discharging, and power management. The power supply may also include one or more DC or AC power supplies, recharging devices, power failure detection circuits, power converters or inverters, power supply status indicators and other arbitrary components. The server 2 may also include various sensors, Bluetooth modules, Wi-Fi modules, etc., which will not be repeated here.
上述以软件功能模块的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能模块存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,终端,或者网络设备等)或处理器(processor)执行本申请各个实施例所述方法的部分。The above-mentioned integrated unit implemented in the form of a software function module may be stored in a computer readable storage medium. The above-mentioned software function module is stored in a storage medium and includes several instructions to make a computer device (which may be a personal computer, a terminal, or a network device, etc.) or a processor execute the method described in each embodiment of the present application. section.
在进一步的实施例中,结合图5,所述至少一个处理器22可执行所述服务端2的操作装置以及安装的各类应用程序(如上所述的信息传输装置40)、程序代码等,例如,上述的各个模块。In a further embodiment, with reference to FIG. 5, the at least one processor 22 can execute the operating device of the server 2 and various installed applications (the information transmission device 40 described above), program codes, etc., For example, the various modules mentioned above.
所述存储器21中存储有计算机可读指令,且所述至少一个处理器22可调用所述存储器21中存储的计算机可读指令以执行相关的功能。例如,图5中所述的各个模块是存储在所述存储器21中的一系列计算机可读指令,并由所述至少一个处理器22所执行,从而实现所述各个模块的功能以达到信息安全传输的目的。The memory 21 stores computer readable instructions, and the at least one processor 22 can call the computer readable instructions stored in the memory 21 to perform related functions. For example, each module described in FIG. 5 is a series of computer-readable instructions stored in the memory 21 and executed by the at least one processor 22, so as to realize the functions of the various modules to achieve information security. The purpose of the transmission.
在本申请的一个实施例中,所述存储器21存储多个计算机可读指令,所述多个计算机可读指令被所述至少一个处理器22所执行以实现信息安全传输的目的。具体地,所述至少一个处理器22对上述指令的具体实现方法可参考图3对应实施例中相关步骤的描述,在此不赘述。In an embodiment of the present application, the memory 21 stores a plurality of computer readable instructions, and the plurality of computer readable instructions are executed by the at least one processor 22 to achieve the purpose of secure information transmission. Specifically, for the specific implementation method of the at least one processor 22 on the foregoing instructions, reference may be made to the description of the relevant steps in the embodiment corresponding to FIG. 3, which is not repeated here.
最后应说明的是,以上实施例仅用以说明本申请的技术方案而非限制,尽管参照较佳实施例对本申请进行了详细说明,本领域的普通技术人员应当理解,可以对本申请的技术方案进行修改或等同替换,而不脱离本申请技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the application and not to limit them. Although the application has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the application can be Make modifications or equivalent replacements without departing from the spirit and scope of the technical solution of the present application.

Claims (20)

  1. 一种信息传输方法,应用于客户端中,所述客户端与服务端通信连接,其特征在于,所述方法包括:An information transmission method, applied to a client, and the client communicates with a server, and is characterized in that the method includes:
    发送请求信息至服务端以获取RSA公钥;Send the request information to the server to obtain the RSA public key;
    接收访问业务系统的登录信息,并生成第一AES密钥;Receive login information for accessing the business system and generate the first AES key;
    通过所述RSA公钥对所述登录信息和所述第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;The login information and the first AES key are encrypted by the RSA public key, and the encrypted information is sent to the server, so that the server generates confirmation information after confirming that the login information is accurate And the second AES key;
    接收服务端发送的加密后的所述确认信息和第二AES密钥;Receiving the encrypted confirmation information and the second AES key sent by the server;
    通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;Decrypt the encrypted confirmation information and the second AES key by using the first AES key to obtain a second AES key;
    接收对所述业务系统访问的业务请求;Receiving a business request for access to the business system;
    通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。The original message of the service request is encrypted by the second AES key, and the encrypted original message is sent to the server, so that the server generates a response message after processing the service request according to the original message Text.
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, wherein the method further comprises:
    接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。Receiving the encrypted response message sent by the server, and decrypting the encrypted response message by using the second AES key to obtain the response message.
  3. 如权利要求1所述的方法,其特征在于,所述通过所述第二AES密钥对所述业务请求的原始报文进行加密的步骤包括:The method according to claim 1, wherein the step of encrypting the original message of the service request by the second AES key comprises:
    通过哈希函数从所述原始报文文本中生成报文摘要;Generating a message digest from the original message text through a hash function;
    通过所述第二AES密钥对所述摘要进行加密,得到所述原始报文对应的数字签名。The digest is encrypted by the second AES key to obtain the digital signature corresponding to the original message.
  4. 一种信息传输方法,应用于服务端中,所述服务端与客户端通信连接,其特征在于,所述方法包括:An information transmission method applied to a server, where the server communicates with a client, and is characterized in that the method includes:
    接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;Receive request information sent by the client and generate RSA public key and RSA private key;
    发送所述RSA公钥至所述客户端;Sending the RSA public key to the client;
    接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;Receiving the login information encrypted by the RSA public key and the first AES key sent by the client;
    通过所述RSA私钥解密所述登录信息和第一AES密钥;Decrypt the login information and the first AES key by using the RSA private key;
    确认所述登录信息是否准确;Confirm whether the login information is accurate;
    当所述登录信息准确时生成确认信息和第二AES密钥;Generating confirmation information and a second AES key when the login information is accurate;
    通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;Encrypt the confirmation information and the second AES key by the first AES key, and send the encrypted confirmation information and the second AES key to the client;
    接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;Receiving the original message of the service request encrypted by the second AES key, and generating a response message after processing the service request according to the original message;
    通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。The response message is encrypted by the second AES key, and the encrypted response message is sent to the client.
  5. 如权利要求4所述的方法,其特征在于,所述确认所述登录信息是否准确的步骤包括:The method according to claim 4, wherein the step of confirming whether the login information is accurate comprises:
    比对所述登录信息与所述服务端保存的登录信息是否一致;Compare whether the login information is consistent with the login information saved by the server;
    当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;When the login information is consistent with the login information saved by the server, confirm that the login information is accurate;
    当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。When the login information is inconsistent with the login information saved by the server, it is confirmed that the login information is inaccurate.
  6. 一种信息传输装置,运行于客户端中,所述客户端与服务端通信连接,其特征在于,所述装置包括:An information transmission device, which runs in a client, and the client is in communication connection with the server, characterized in that the device includes:
    发送模块,用于发送请求信息至服务端以获取RSA公钥;The sending module is used to send request information to the server to obtain the RSA public key;
    接收模块,用于接收访问业务系统的登录信息,并生成第一AES密钥;The receiving module is used to receive login information for accessing the business system and generate the first AES key;
    加密模块,用于通过所述RSA公钥对所述登录信息和第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;The encryption module is used to encrypt the login information and the first AES key using the RSA public key, and send the encrypted information to the server, so that the server confirms that the login information is accurate Generate confirmation information and the second AES key;
    所述接收模块,还用于接收服务端发送的加密后的确认信息和第二AES密钥;The receiving module is further configured to receive the encrypted confirmation information and the second AES key sent by the server;
    解密模块,用于通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;A decryption module, configured to decrypt the encrypted confirmation information and the second AES key using the first AES key to obtain a second AES key;
    所述接收模块,还用于接收对所述业务系统访问的业务请求;The receiving module is also used to receive a service request for access to the service system;
    所述加密模块,还用于通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。The encryption module is further configured to encrypt the original message of the service request using the second AES key, and send the encrypted original message to the server, so that the server processes the original message according to the original message A response message is generated after the service request.
  7. 如权利要求6所述的信息传输装置,其特征在于:8. The information transmission device of claim 6, wherein:
    所述接收模块,还用于接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。The receiving module is further configured to receive the encrypted response message sent by the server, and decrypt the encrypted response message using the second AES key to obtain the response message.
  8. 如权利要求6所述的信息传输装置,其特征在于:8. The information transmission device of claim 6, wherein:
    所述加密模块,还用于通过哈希函数从所述原始报文文本中生成报文摘要;及The encryption module is also used to generate a message digest from the original message text through a hash function; and
    通过所述第二AES密钥对所述摘要进行加密,得到所述原始报文对应的数字签名。The digest is encrypted by the second AES key to obtain the digital signature corresponding to the original message.
  9. 一种信息传输装置,运行于服务端中,所述服务端与客户端通信连接,其特征在于, 所述装置包括:An information transmission device that runs in a server, and the server is in a communication connection with a client, and is characterized in that the device includes:
    接收模块,用于接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;The receiving module is used to receive the request information sent by the client and generate RSA public key and RSA private key;
    发送模块,用于发送所述RSA公钥至所述客户端;A sending module, configured to send the RSA public key to the client;
    所述接收模块,还用于接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;The receiving module is further configured to receive the login information and the first AES key encrypted by the RSA public key sent by the client;
    解密模块,用于通过所述RSA私钥解密所述登录信息和第一AES密钥;A decryption module, configured to decrypt the login information and the first AES key through the RSA private key;
    确认模块,用于确认所述登录信息是否准确;The confirmation module is used to confirm whether the login information is accurate;
    生成模块,用于当所述登录信息准确时生成确认信息和第二AES密钥;A generating module, used for generating confirmation information and a second AES key when the login information is accurate;
    加密模块,用于通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;An encryption module, configured to encrypt the confirmation information and the second AES key using the first AES key, and send the encrypted confirmation information and the second AES key to the client;
    所述接收模块,还用于接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;The receiving module is further configured to receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message;
    所述发送模块,还用于通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。The sending module is further configured to encrypt the response message with a second AES key, and send the encrypted response message to the client.
  10. 如权利要求9所述的信息传输装置,其特征在于:The information transmission device according to claim 9, wherein:
    所述确认模块,还用于比对所述登录信息与所述服务端保存的登录信息是否一致;The confirmation module is also used to compare whether the login information is consistent with the login information saved by the server;
    当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;When the login information is consistent with the login information saved by the server, confirm that the login information is accurate;
    当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。When the login information is inconsistent with the login information saved by the server, it is confirmed that the login information is inaccurate.
  11. 一种客户端,所述客户端与服务端通信连接,其特征在于,所述客户端包括处理器和存储器,所述处理器用于执行存储器中存储的至少一个计算机可读指令时实现以下步骤:A client, which is in communication connection with a server, characterized in that the client includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps:
    发送请求信息至服务端以获取RSA公钥;Send the request information to the server to obtain the RSA public key;
    接收访问业务系统的登录信息,并生成第一AES密钥;Receive login information for accessing the business system and generate the first AES key;
    通过所述RSA公钥对所述登录信息和所述第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;The login information and the first AES key are encrypted by the RSA public key, and the encrypted information is sent to the server, so that the server generates confirmation information after confirming that the login information is accurate And the second AES key;
    接收服务端发送的加密后的所述确认信息和第二AES密钥;Receiving the encrypted confirmation information and the second AES key sent by the server;
    通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;Decrypt the encrypted confirmation information and the second AES key by using the first AES key to obtain a second AES key;
    接收对所述业务系统访问的业务请求;Receiving a business request for access to the business system;
    通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文 至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。The original message of the service request is encrypted by the second AES key, and the encrypted original message is sent to the server, so that the server generates a response message after processing the service request according to the original message Text.
  12. 如权利要求11所述的客户端,其特征在于,所述处理器用于执行存储器中存储的至少一个计算机可读指令时还实现以下步骤:The client according to claim 11, wherein the processor further implements the following steps when the processor is configured to execute at least one computer-readable instruction stored in the memory:
    接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。Receiving the encrypted response message sent by the server, and decrypting the encrypted response message by using the second AES key to obtain the response message.
  13. 如权利要求11所述的客户端,其特征在于,所述通过所述第二AES密钥对所述业务请求的原始报文进行加密时,所述处理器执行所述至少一个计算机可读指令以实现以下步骤:The client according to claim 11, wherein when the original message of the service request is encrypted by the second AES key, the processor executes the at least one computer-readable instruction To achieve the following steps:
    通过哈希函数从所述原始报文文本中生成报文摘要;Generating a message digest from the original message text through a hash function;
    通过所述第二AES密钥对所述摘要进行加密,得到所述原始报文对应的数字签名。The digest is encrypted by the second AES key to obtain the digital signature corresponding to the original message.
  14. 一种服务端,所述服务端与客户端通信连接,其特征在于,所述服务端包括处理器和存储器,所述处理器用于执行存储器中存储的至少一个计算机可读指令时实现以下步骤:A server, which is in communication connection with a client, is characterized in that the server includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps:
    接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;Receive request information sent by the client and generate RSA public key and RSA private key;
    发送所述RSA公钥至所述客户端;Sending the RSA public key to the client;
    接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;Receiving the login information encrypted by the RSA public key and the first AES key sent by the client;
    通过所述RSA私钥解密所述登录信息和第一AES密钥;Decrypt the login information and the first AES key by using the RSA private key;
    确认所述登录信息是否准确;Confirm whether the login information is accurate;
    当所述登录信息准确时生成确认信息和第二AES密钥;Generating confirmation information and a second AES key when the login information is accurate;
    通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;Encrypt the confirmation information and the second AES key by the first AES key, and send the encrypted confirmation information and the second AES key to the client;
    接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;Receiving the original message of the service request encrypted by the second AES key, and generating a response message after processing the service request according to the original message;
    通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。The response message is encrypted by the second AES key, and the encrypted response message is sent to the client.
  15. 如权利要求14所述的服务端,其特征在于,所述确认所述登录信息是否准确时,所述处理器执行所述至少一个计算机可读指令以实现以下步骤:The server according to claim 14, wherein the processor executes the at least one computer-readable instruction to implement the following steps when confirming whether the login information is accurate:
    比对所述登录信息与所述服务端保存的登录信息是否一致;Compare whether the login information is consistent with the login information saved by the server;
    当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;When the login information is consistent with the login information saved by the server, confirm that the login information is accurate;
    当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。When the login information is inconsistent with the login information saved by the server, it is confirmed that the login information is inaccurate.
  16. 一种非易失性可读存储介质,其特征在于,所述非易失性可读存储介质存储有至少一个计算机可读指令,所述至少一个计算机可读指令被处理器执行时实现以下步骤:A non-volatile readable storage medium, wherein the non-volatile readable storage medium stores at least one computer readable instruction, and the following steps are implemented when the at least one computer readable instruction is executed by a processor :
    发送请求信息至服务端以获取RSA公钥;Send the request information to the server to obtain the RSA public key;
    接收访问业务系统的登录信息,并生成第一AES密钥;Receive login information for accessing the business system and generate the first AES key;
    通过所述RSA公钥对所述登录信息和所述第一AES密钥进行加密,并将加密后的信息发送至所述服务端,使得所述服务端确认所述登录信息准确后生成确认信息和第二AES密钥;The login information and the first AES key are encrypted by the RSA public key, and the encrypted information is sent to the server, so that the server generates confirmation information after confirming that the login information is accurate And the second AES key;
    接收服务端发送的加密后的所述确认信息和第二AES密钥;Receiving the encrypted confirmation information and the second AES key sent by the server;
    通过所述第一AES密钥对所述加密后确认信息和第二AES密钥进行解密得到第二AES密钥;Decrypt the encrypted confirmation information and the second AES key by using the first AES key to obtain a second AES key;
    接收对所述业务系统访问的业务请求;Receiving a business request for access to the business system;
    通过所述第二AES密钥对所述业务请求的原始报文进行加密,并发送加密后的原始报文至服务端,使得服务端根据所述原始报文处理所述业务请求后生成响应报文。The original message of the service request is encrypted by the second AES key, and the encrypted original message is sent to the server, so that the server generates a response message after processing the service request according to the original message Text.
  17. 如权利要求16所述的存储介质,其特征在于,所述至少一个计算机可读指令被所述处理器执行时还用以实现以下步骤:The storage medium of claim 16, wherein the at least one computer readable instruction is further used to implement the following steps when executed by the processor:
    接收所述服务端发送的加密后的响应报文,并通过所述第二AES密钥解密所述加密后的响应报文,以得到所述响应报文。Receiving the encrypted response message sent by the server, and decrypting the encrypted response message by using the second AES key to obtain the response message.
  18. 如权利要求16所述的存储介质,其特征在于,所述通过所述第二AES密钥对所述业务请求的原始报文进行加密时,所述至少一个计算机可读指令被所述处理器执行以实现以下步骤:The storage medium according to claim 16, wherein when the original message of the service request is encrypted by the second AES key, the at least one computer-readable instruction is executed by the processor Perform the following steps:
    通过哈希函数从所述原始报文文本中生成报文摘要;Generating a message digest from the original message text through a hash function;
    通过所述第二AES密钥对所述摘要进行加密,得到所述原始报文对应的数字签名。The digest is encrypted by the second AES key to obtain the digital signature corresponding to the original message.
  19. 一种非易失性可读存储介质,其特征在于,所述非易失性可读存储介质存储有至少一个计算机可读指令,所述至少一个计算机可读指令被处理器执行时实现以下步骤:A non-volatile readable storage medium, wherein the non-volatile readable storage medium stores at least one computer readable instruction, and the following steps are implemented when the at least one computer readable instruction is executed by a processor :
    接收客户端发送的请求信息,并生成RSA公钥和RSA私钥;Receive request information sent by the client and generate RSA public key and RSA private key;
    发送所述RSA公钥至所述客户端;Sending the RSA public key to the client;
    接收客户端发送的通过所述RSA公钥加密的登录信息和第一AES密钥;Receiving the login information encrypted by the RSA public key and the first AES key sent by the client;
    通过所述RSA私钥解密所述登录信息和第一AES密钥;Decrypt the login information and the first AES key by using the RSA private key;
    确认所述登录信息是否准确;Confirm whether the login information is accurate;
    当所述登录信息准确时生成确认信息和第二AES密钥;Generating confirmation information and a second AES key when the login information is accurate;
    通过所述第一AES密钥加密所述确认信息和第二AES密钥,并发送加密后的所述确认信息和第二AES密钥至所述客户端;Encrypt the confirmation information and the second AES key by the first AES key, and send the encrypted confirmation information and the second AES key to the client;
    接收通过第二AES密钥加密后的业务请求的原始报文,根据所述原始报文处理所述业务请求后生成响应报文;Receiving the original message of the service request encrypted by the second AES key, and generating a response message after processing the service request according to the original message;
    通过第二AES密钥加密所述响应报文,并将加密后的响应报文发送至客户端。The response message is encrypted by the second AES key, and the encrypted response message is sent to the client.
  20. 如权利要求19所述的存储介质,其特征在于,所述确认所述登录信息是否准确时,所述至少一个计算机可读指令被所述处理器执行以实现以下步骤:18. The storage medium of claim 19, wherein when the at least one computer-readable instruction is executed by the processor to confirm whether the login information is accurate, the following steps are implemented:
    比对所述登录信息与所述服务端保存的登录信息是否一致;Compare whether the login information is consistent with the login information saved by the server;
    当所述登录信息与所述服务端保存的登录信息一致时,确认所述登录信息准确;When the login information is consistent with the login information saved by the server, confirm that the login information is accurate;
    当所述登录信息与所述服务端保存的登录信息不一致时,确认所述登录信息不准确。When the login information is inconsistent with the login information saved by the server, it is confirmed that the login information is inaccurate.
PCT/CN2019/116768 2019-08-08 2019-11-08 Information transmission method and apparatus, client terminal, server, and storage medium WO2021022701A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910729055.9A CN110460439A (en) 2019-08-08 2019-08-08 Information transferring method, device, client, server-side and storage medium
CN201910729055.9 2019-08-08

Publications (1)

Publication Number Publication Date
WO2021022701A1 true WO2021022701A1 (en) 2021-02-11

Family

ID=68485318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/116768 WO2021022701A1 (en) 2019-08-08 2019-11-08 Information transmission method and apparatus, client terminal, server, and storage medium

Country Status (2)

Country Link
CN (1) CN110460439A (en)
WO (1) WO2021022701A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408013A (en) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 Encryption and decryption chip framework with multiple algorithm rules mixed
CN113709217A (en) * 2021-08-11 2021-11-26 写逸网络科技(上海)有限公司 Security encryption method based on point-to-point communication software
CN113742752A (en) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 Unified authentication method and device for interface docking, computer equipment and storage medium
CN114024710A (en) * 2021-09-27 2022-02-08 中诚信征信有限公司 Data transmission method, device, system and equipment
CN114124557A (en) * 2021-11-30 2022-03-01 袁林英 Information security access control method based on big data
CN114218598A (en) * 2022-02-22 2022-03-22 北京指掌易科技有限公司 Service processing method, device, equipment and storage medium
CN114338091A (en) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114499837A (en) * 2021-12-29 2022-05-13 广州蚁比特区块链科技有限公司 Method, device, system and equipment for preventing leakage of message
CN114710409A (en) * 2022-03-24 2022-07-05 北京和利时电机技术有限公司 Software upgrading method and device, electronic equipment and readable storage medium
CN114826623A (en) * 2022-06-28 2022-07-29 云账户技术(天津)有限公司 Mock test message processing method and device
CN114912131A (en) * 2022-04-19 2022-08-16 山东鲸鲨信息技术有限公司 Data encryption method and system and electronic equipment
CN115225352A (en) * 2022-06-30 2022-10-21 厦门职行力信息科技有限公司 Hybrid encryption method and system
CN115473731A (en) * 2022-09-09 2022-12-13 北京融和友信科技股份有限公司 Method for obfuscating HTTP network protocol interface address
CN115695048A (en) * 2022-12-29 2023-02-03 南京马斯克信息技术有限公司 Secure network data processing method and system
CN115865532A (en) * 2023-02-27 2023-03-28 北京徐工汉云技术有限公司 Communication processing method and device for offline service data
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN114124557B (en) * 2021-11-30 2024-05-14 袁林英 Information security access control method based on big data

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107060B (en) * 2019-11-29 2022-11-29 视联动力信息技术股份有限公司 Login request processing method, server, electronic equipment and storage medium
CN110955542B (en) * 2019-12-11 2023-03-24 深圳盈佳信联科技有限公司 Data integration service platform
CN111400735B (en) * 2020-03-17 2023-06-16 阿波罗智联(北京)科技有限公司 Data transmission method, device, electronic equipment and computer readable storage medium
CN112153015A (en) * 2020-09-09 2020-12-29 杭州安恒信息技术股份有限公司 Multi-encryption interface authentication method, device, equipment and readable storage medium
CN112511514A (en) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 HTTP encrypted transmission method and device, computer equipment and storage medium
CN112713998B (en) * 2020-12-16 2022-10-18 华人运通(上海)云计算科技有限公司 Charging pile certificate application method, system, equipment and storage medium
CN112688949B (en) * 2020-12-25 2022-12-06 北京浪潮数据技术有限公司 Access method, device, equipment and computer readable storage medium
CN113573306A (en) * 2021-04-29 2021-10-29 中国南方电网有限责任公司 5G-fused heterogeneous networking gateway encryption method and system
CN113438083B (en) * 2021-06-22 2023-04-07 中国工商银行股份有限公司 Signature adding and checking method and device based on interface automatic test
CN113872979B (en) * 2021-09-29 2023-11-24 北京高途云集教育科技有限公司 Login authentication method, login authentication device, electronic equipment and computer readable storage medium
CN114124534A (en) * 2021-11-24 2022-03-01 航天信息股份有限公司 Data interaction system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111416A (en) * 2011-02-28 2011-06-29 南京邮电大学 Real time data encryption transmission method for voice over internet protocol (VoIP)
US20120321088A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellschaft Method And System For The Accelerated Decryption Of Cryptographically Protected User Data Units
CN108848091A (en) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 A kind of mixed encryption method for instant messaging
CN109639702A (en) * 2018-12-25 2019-04-16 歌尔科技有限公司 A kind of data communications method, system and electronic equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911663A (en) * 2016-11-16 2017-06-30 上海艾融软件股份有限公司 One kind sells bank's full message encryption system and method for mixed mode directly to households
CN108650208A (en) * 2018-03-05 2018-10-12 西安理工大学 A kind of construction method of the cloud print service platform of personal document's safe transmission
CN109362074B (en) * 2018-09-05 2022-12-06 福建福诺移动通信技术有限公司 Method for h5 and server side safety communication in mixed mode APP
CN109756343B (en) * 2019-01-31 2021-07-20 平安科技(深圳)有限公司 Authentication method and device for digital signature, computer equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120321088A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellschaft Method And System For The Accelerated Decryption Of Cryptographically Protected User Data Units
CN102111416A (en) * 2011-02-28 2011-06-29 南京邮电大学 Real time data encryption transmission method for voice over internet protocol (VoIP)
CN108848091A (en) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 A kind of mixed encryption method for instant messaging
CN109639702A (en) * 2018-12-25 2019-04-16 歌尔科技有限公司 A kind of data communications method, system and electronic equipment and storage medium

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408013A (en) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 Encryption and decryption chip framework with multiple algorithm rules mixed
CN113709217A (en) * 2021-08-11 2021-11-26 写逸网络科技(上海)有限公司 Security encryption method based on point-to-point communication software
CN113742752A (en) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 Unified authentication method and device for interface docking, computer equipment and storage medium
CN113742752B (en) * 2021-09-13 2024-03-26 杭州安恒信息技术股份有限公司 Unified authentication method, device, computer equipment and storage medium for interface docking
CN114024710A (en) * 2021-09-27 2022-02-08 中诚信征信有限公司 Data transmission method, device, system and equipment
CN114024710B (en) * 2021-09-27 2024-04-16 中诚信征信有限公司 Data transmission method, device, system and equipment
CN114124557A (en) * 2021-11-30 2022-03-01 袁林英 Information security access control method based on big data
CN114124557B (en) * 2021-11-30 2024-05-14 袁林英 Information security access control method based on big data
CN114338091A (en) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114338091B (en) * 2021-12-08 2024-05-07 杭州逗酷软件科技有限公司 Data transmission method, device, electronic equipment and storage medium
CN114499837B (en) * 2021-12-29 2023-09-26 广州蚁比特区块链科技有限公司 Message leakage prevention method, device, system and equipment
CN114499837A (en) * 2021-12-29 2022-05-13 广州蚁比特区块链科技有限公司 Method, device, system and equipment for preventing leakage of message
CN114218598A (en) * 2022-02-22 2022-03-22 北京指掌易科技有限公司 Service processing method, device, equipment and storage medium
CN114710409A (en) * 2022-03-24 2022-07-05 北京和利时电机技术有限公司 Software upgrading method and device, electronic equipment and readable storage medium
CN114912131A (en) * 2022-04-19 2022-08-16 山东鲸鲨信息技术有限公司 Data encryption method and system and electronic equipment
CN114826623A (en) * 2022-06-28 2022-07-29 云账户技术(天津)有限公司 Mock test message processing method and device
CN115225352B (en) * 2022-06-30 2024-04-23 厦门职行力信息科技有限公司 Hybrid encryption method and system
CN115225352A (en) * 2022-06-30 2022-10-21 厦门职行力信息科技有限公司 Hybrid encryption method and system
CN115473731B (en) * 2022-09-09 2023-09-19 北京融和友信科技股份有限公司 Method for confusing HTTP network protocol interface address
CN115473731A (en) * 2022-09-09 2022-12-13 北京融和友信科技股份有限公司 Method for obfuscating HTTP network protocol interface address
CN115695048A (en) * 2022-12-29 2023-02-03 南京马斯克信息技术有限公司 Secure network data processing method and system
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN115865532B (en) * 2023-02-27 2023-04-21 北京徐工汉云技术有限公司 Communication processing method and device for offline service data
CN115865532A (en) * 2023-02-27 2023-03-28 北京徐工汉云技术有限公司 Communication processing method and device for offline service data

Also Published As

Publication number Publication date
CN110460439A (en) 2019-11-15

Similar Documents

Publication Publication Date Title
WO2021022701A1 (en) Information transmission method and apparatus, client terminal, server, and storage medium
US11223485B2 (en) Verifiable encryption based on trusted execution environment
US10142107B2 (en) Token binding using trust module protected keys
CN109074449B (en) Flexibly provisioning attestation keys in secure enclaves
CN108667608B (en) Method, device and system for protecting data key
CN110492990B (en) Private key management method, device and system under block chain scene
TWI734854B (en) Information security verification method, device and system
CN1708942B (en) Secure implementation and utilization of device-specific security data
US7697691B2 (en) Method of delivering Direct Proof private keys to devices using an on-line service
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
WO2020042822A1 (en) Cryptographic operation method, method for creating work key, and cryptographic service platform and device
EP1763721A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
CN109309566B (en) Authentication method, device, system, equipment and storage medium
CN112003697B (en) Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
CN114629639A (en) Key management method and device based on trusted execution environment and electronic equipment
CN115348023A (en) Data security processing method and device
CN116599719A (en) User login authentication method, device, equipment and storage medium
WO2023019964A1 (en) Data security processing method and apparatus
WO2019242163A1 (en) Data security verification method, apparatus and system, and computer device and storage medium
US20240113898A1 (en) Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity
JP2019057827A (en) Distributed authentication system and program
CN114124440A (en) Secure transmission method, device, computer equipment and storage medium
CN112861156A (en) Secure communication method and device for display data, electronic equipment and storage medium
CN110601841B (en) SM2 collaborative signature and decryption method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19940629

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19940629

Country of ref document: EP

Kind code of ref document: A1