WO2021196915A1 - Encryption and decryption operation-based data transmission methods and systems, and computer device - Google Patents

Encryption and decryption operation-based data transmission methods and systems, and computer device Download PDF

Info

Publication number
WO2021196915A1
WO2021196915A1 PCT/CN2021/077390 CN2021077390W WO2021196915A1 WO 2021196915 A1 WO2021196915 A1 WO 2021196915A1 CN 2021077390 W CN2021077390 W CN 2021077390W WO 2021196915 A1 WO2021196915 A1 WO 2021196915A1
Authority
WO
WIPO (PCT)
Prior art keywords
token information
message
encryption
encrypted message
mobile terminal
Prior art date
Application number
PCT/CN2021/077390
Other languages
French (fr)
Chinese (zh)
Inventor
郝国钦
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021196915A1 publication Critical patent/WO2021196915A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • the embodiments of the present application relate to the field of blockchain and data transmission, and in particular to a data transmission method, system, computer device, and computer-readable storage medium based on encryption and decryption operations.
  • the issue of Internet information security has attracted more and more attention.
  • the application system is docked with the outside, the data is vulnerable to risks such as data leakage, data tampering, traffic hijacking, and phishing attacks.
  • the encryption of the message is very important.
  • the existing gateway system can perform a simple one-time encryption operation according to the request of all parties, and then forward it. The inventor realizes that this simple single encryption operation will cause a great risk once the key is leaked.
  • One of the purposes of the embodiments of the present application is to provide a data transmission method, system, computer equipment, and computer-readable storage medium based on encryption and decryption operations, so as to solve the relatively high data security risks of current messages in the circulation of multiple systems.
  • an embodiment of the present application provides a data transmission method based on an encryption operation, the method includes:
  • an embodiment of the present application provides a data transmission method based on a decryption operation, and the method includes:
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • an embodiment of the present application provides a data transmission system based on a decryption operation, including:
  • the request receiving module is used to receive the access request sent by the mobile terminal
  • the request response module is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can respond according to the first
  • the token information converts the message to be sent into the target encrypted message
  • a ciphertext receiving module configured to receive the target encrypted message sent by the mobile terminal
  • a ciphertext decryption module configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information
  • the same judging module is used to judge whether the first token information and the second token information are the same;
  • the message forwarding module is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • a computer program stored in the memory and capable of running on the processor.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and running on the processor.
  • a computer program stored in the memory and running on the processor.
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • the embodiments of the present application provide a computer-readable storage medium.
  • the computer-readable storage medium may be non-volatile or volatile.
  • the computer-readable storage medium stores a computer program. Realized when executed by the processor:
  • the embodiments of the present application provide a computer-readable storage medium.
  • the computer-readable storage medium may be non-volatile or volatile.
  • the computer-readable storage medium stores a computer program, and the computer program Realized when executed by the processor:
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • the embodiments of this application have the following beneficial effects: the data transmission methods, systems, computer equipment, and computer-readable storage media based on encryption and decryption operations provided by the embodiments of this application perform the Twice encryption improves the security during data transmission and avoids the problem of message leakage or garbled Chinese characters caused by a single encryption; by encrypting the second key once, the problem is reduced. There is a risk of the second secret key being leaked during the transmission process; gateway authentication is performed through the token information, which ensures the accuracy of data transmission and avoids the problem of incorrect transmission and wrong transmission of messages.
  • FIG. 1 is a schematic flowchart of a data transmission method based on an encryption operation in Embodiment 1 of this application.
  • FIG. 2 is a schematic flowchart of a data transmission method based on a decryption operation in Embodiment 2 of this application.
  • FIG. 3 is a schematic diagram of the specific flow of step S206 in the data transmission method based on the decryption operation in the second embodiment of the application.
  • FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application.
  • Fig. 5 is a schematic diagram of the hardware structure of the fourth embodiment of the computer equipment of this application.
  • FIG. 1 shows a flowchart of the steps of a data transmission method based on an encryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps.
  • the following is an exemplary description with a mobile terminal as an execution subject.
  • the mobile terminal is a data sending end and can perform an encryption operation on data. details as follows.
  • Step S100 Send an access request to the gateway system, so that the gateway system returns token information according to the access request.
  • the mobile terminal serves as a data encryption party, and the gateway system serves as a data decryption party.
  • the mobile terminal may be a device with a data transmission function, such as a mobile phone, a tablet personal computer, or a laptop computer.
  • An access request is sent to the gateway system through the mobile terminal correlation, and the gateway system generates a unique token (token) information corresponding to the mobile terminal according to the access request, and sends the token information back to all The mobile terminal; wherein the token information is used to identify an identity, and is a unique identifier that proves the identity of the data transmitter during data transmission.
  • token unique token
  • Step S102 Receive the token information returned by the gateway system.
  • the mobile terminal After receiving the token information returned by the gateway system, the mobile terminal will store the token information in the information to be sent, and send the token information together with the information to be sent for the decryption party The identity of the mobile terminal is confirmed and verified through the token information to ensure the accuracy of data transmission.
  • Step S104 Perform a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, where the token information is located in the header of the first encrypted message.
  • the encryption algorithm used by the encryption method of the first encryption operation is an asymmetric encryption algorithm, and the asymmetric encryption algorithm may encrypt the message to be sent according to the first secret key.
  • the so-called asymmetric encryption algorithm requires two secret keys: a public key (publickey public key) and a private key (privatekey private key); among them, the public key and the private key are a pair. If the public key is used to encrypt data, only Use the corresponding private key to decrypt. Because encryption and decryption use two different secret keys, this algorithm is called an asymmetric encryption algorithm.
  • the gateway system will generate a public key and a private key in advance according to an asymmetric encryption algorithm, the gateway system will save the private key, and the public key will be pre-allocated to the mobile terminal.
  • the first secret key is the public key pre-allocated by the gateway system.
  • the encryption method of the first encryption operation may be an RSA (asymmetric encryption) algorithm, an Elgamal algorithm, a knapsack algorithm, a Rabin algorithm, a D-H algorithm, an ECC (elliptic curve encryption algorithm) algorithm, or an SM2 algorithm.
  • the asymmetric encryption algorithm is preferably the RSA algorithm; that is, the RSA encryption operation is performed on the message to be sent according to the first secret key to generate the first encrypted message.
  • the header of the first encrypted message also carries the token information, which is used by the decryption party to perform verification on the identity of the mobile terminal through the token information. Confirmation and verification.
  • Step S106 Perform a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
  • the encryption algorithm used in the encryption method of the second encryption operation is a symmetric encryption algorithm, and the symmetric encryption algorithm may encrypt the first encrypted message according to the second secret key.
  • the so-called symmetric encryption algorithm refers to an encryption algorithm that uses the same secret key for encryption and decryption. It is also called a traditional encryption algorithm.
  • the encryption key can be calculated from the decryption key, and the decryption key can also be calculated from the encryption key. come out.
  • the encryption key and decryption key of a general symmetric algorithm are the same, so this encryption algorithm is also called a secret key algorithm or a single key algorithm.
  • the encryption method of the second encryption operation may be DES algorithm, 3DES algorithm, TDEA (Triple Data Encryption Algorithm Triple data encryption algorithm) algorithm, Blowfish algorithm, RC5 algorithm, AES (symmetric encryption) algorithm or XOR encryption algorithm, etc.
  • the first symmetric encryption algorithm is preferably the AES algorithm. That is, perform an AES encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
  • Step S108 Perform a third encryption operation on the second secret key to generate an encryption secret key string.
  • this embodiment will perform a third encryption operation to generate an encryption key string.
  • the step S108 may further include: performing an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
  • the BASE64 encoding method is used as the encryption method of the third encryption operation.
  • the so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters
  • the second secret key is BASE64 encoded. Operation to convert the second secret key into the encryption key string, so as to reduce the risk of leakage of the second secret key during transmission.
  • Step S110 Send the encryption key string and the second encrypted message to the gateway system for the gateway system to perform an authentication operation on the second encrypted message and in the case of successful authentication Forward the decrypted decrypted message to the target terminal.
  • the mobile terminal After the mobile terminal obtains the encryption key string and the second encrypted message, it can send the encryption key string and the second encrypted message to the gateway system through the gateway system Perform a decryption operation and an authentication operation on the second encrypted message.
  • the decryption operation is to decrypt the second encrypted message through the gateway system.
  • the authentication operation is to verify the decryption result.
  • authentication can be performed based on the token information. For example, the original token information in the gateway system and the token information in the decryption result can be compared. If the two are the same, the authentication is successful.
  • the decrypted decrypted message is forwarded to the target terminal; if the two are different, the authentication fails, the authentication failure information is sent to the mobile terminal, and the decrypted result is deleted.
  • This embodiment designs three encryption operations. By encrypting the message to be encrypted twice, the security during data transmission is improved, and the problem of data leakage caused by a single encryption is eliminated; by performing the second secret key One-time encryption reduces the risk of leakage of the second secret key during transmission.
  • the token information is authenticated to ensure the accuracy of data transmission and avoid problems such as mis-sending and wrong-sending of messages. .
  • FIG. 2 shows a flowchart of the steps of a data transmission method based on a decryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps.
  • the following is an exemplary description with a gateway system as the executive body.
  • the gateway system is a data forwarding terminal that can decrypt data and can authenticate data. details as follows.
  • Step S200 Receive an access request sent by a mobile terminal.
  • the gateway system will receive an access request sent from the mobile terminal.
  • the gateway system can also be called an internet connector or a protocol converter, and is a computer system or device that can serve as an important task of conversion.
  • the gateway can realize network interconnection on the transport layer. It is a complex network interconnection device, which can be used for wide area network interconnection and local area network interconnection.
  • the gateway system is used to decrypt, authenticate, and forward the transmitted data.
  • Step S202 In response to the access request, allocate first token information to the mobile terminal, and send the first token information to the mobile terminal, so that the mobile terminal will The message to be sent is converted into a target encrypted message.
  • the gateway system After receiving the access request sent by the mobile terminal, the gateway system will allocate a unique first token information corresponding to the mobile terminal to the mobile terminal, and send the first token information to the mobile terminal.
  • Mobile terminal wherein, the first token information is used to identify the identity of the mobile terminal, and is a unique identifier that proves the identity of the data transmitter during data transmission.
  • the mobile terminal After receiving the first token information, the mobile terminal encrypts the message to be sent according to the first token information to obtain a target encrypted message.
  • Step S204 Receive the target encrypted message sent by the mobile terminal.
  • the step S204 may further include: receiving an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
  • the AES key is encrypted by the BASE64 encoding method to obtain an encryption key string.
  • the so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters. Perform a BASE64 encoding operation to convert the AES key into the encryption key string, so as to reduce the risk of the AES key being leaked during transmission.
  • the step S204 may further include: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  • the message to be sent is first encrypted according to the RSA public key and the asymmetric encryption algorithm, and then the first round of encryption is performed according to the AES key and the symmetric encryption algorithm. Encrypted.
  • the asymmetric encryption algorithm is the RSA algorithm
  • the symmetric encryption algorithm is the AES algorithm.
  • the RSA public key is generated by the gateway system in advance according to an asymmetric encryption algorithm and distributed to the mobile terminal.
  • Step S206 Decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
  • the step S206 may further include:
  • Step S206a Decrypt the encryption key string through BASE64 to obtain the AES key.
  • the encryption key string BASE64 encoding method is a predetermined decryption method, and the encryption key string is decrypted by the encryption key string BASE64 encoding method to obtain the AES key.
  • the encryption key string obtained by the BASE64 encoding method can be decoded according to the BASE64 encoding method to obtain the corresponding AES key.
  • Step S206b Perform a decryption operation on the target encrypted message using the AES key to obtain an intermediate encrypted message.
  • the target encrypted message is obtained by encrypting the intermediate encrypted message using the AES algorithm according to the AES key, so decrypting the target encrypted message is also performed using the AES key. Because the AES algorithm is a symmetric algorithm, the encryption key and the decryption key are the same key, that is, both are ASE keys.
  • Step S206c Perform a decryption operation on the intermediate encrypted message using the RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  • the intermediate encrypted message is obtained by encrypting the decrypted message using the RSA algorithm according to the RSA public key, so to decrypt the target encrypted message, the RSA corresponding to the RSA public key Private key.
  • the RSA public key and the RSA private key are a pair of different but corresponding secret keys, wherein the RSA public key and the RSA private key are obtained by the gateway system through the RSA algorithm in advance, and the RSA public key Assigned to the mobile terminal by the gateway system, the RSA private key is used to decrypt the encrypted message sent by the mobile terminal.
  • the decrypted message also carries second token information, and the second token information is generated by the mobile terminal according to the first token information.
  • Step S208 It is judged whether the first token information and the second token information are the same, and if the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
  • the gateway system may authenticate the decrypted file according to the first token information and the second token information, that is, by comparing the first token information and the second token information, when the first token information is If the first token information is the same as the second token information, the authentication succeeds and the decrypted message is forwarded to the target terminal.
  • the step S208 may further include: if the first token information and the second token information are not the same, sending an authentication failure signal to the mobile terminal and stopping subsequent operations.
  • the gateway system sends an authentication failure signal to the mobile terminal and stops subsequent operations.
  • the mobile terminal Upon receiving the authentication failure signal, the mobile terminal will verify the data again, perform an encryption operation on the verified data, and send the new target encrypted message and the new encryption key string to the gateway system again.
  • FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application.
  • the data transmission system 20 based on the decryption operation may include or be divided into one or more program modules.
  • the one or more program modules are stored in a storage medium and executed by one or more processors to complete this application. And can realize the above-mentioned data transmission method based on decryption operation.
  • the program module referred to in the embodiments of the present application refers to a series of computer program instruction segments capable of completing specific functions, and is more suitable for describing the execution process of the data transmission system 20 based on the decryption operation in the storage medium than the program itself. The following description will specifically introduce the functions of each program module in this embodiment:
  • the request receiving module 200 is configured to receive an access request sent by a mobile terminal.
  • the request response module 202 is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can be A token information converts the message to be sent into a target encrypted message.
  • the ciphertext receiving module 204 is configured to receive the target encrypted message sent by the mobile terminal;
  • the ciphertext receiving module 204 is further configured to receive an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
  • the ciphertext receiving module 204 is further configured to: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  • the ciphertext decryption module 206 is configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
  • the ciphertext decryption module 206 is further configured to: decrypt the encryption key string through BASE64 to obtain the AES secret key; and perform a decryption operation on the target encrypted message through the AES secret key to Obtain an intermediate encrypted message; perform a decryption operation on the intermediate encrypted message with an RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  • the same judging module 208 is used to judge whether the first token information and the second token information are the same.
  • the message forwarding module 210 is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
  • the message forwarding module 210 is further configured to: if the first token information and the second token information are not the same, send an authentication failure signal to the mobile terminal and stop subsequent operations.
  • the computer device 2 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions.
  • the computer device 2 may be a rack server, a blade server, a tower server, or a cabinet server (including an independent server or a server cluster composed of multiple servers).
  • the computer device 2 at least includes, but is not limited to, a memory 21, a processor 22, a network interface 23, and a data transmission system (not shown) based on encryption operations that can communicate with each other through a system bus (not shown) or Data transmission system 20 for decryption operation.
  • the memory 21 includes at least one type of computer-readable storage medium.
  • the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory ( RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
  • the memory 21 may be an internal storage unit of the computer device 2, for example, a hard disk or a memory of the computer device 2.
  • the memory 21 may also be an external storage device of the computer device 2, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc.
  • the memory 21 may also include both the internal storage unit of the computer device 2 and its external storage device.
  • the memory 21 is generally used to store an operating system and various application software installed in the computer device 2, such as a data transmission system based on an encryption operation (not shown) or a data transmission system based on a decryption operation in the third embodiment. 20 program code and so on.
  • the memory 21 can also be used to temporarily store various types of data that have been output or will be output.
  • the processor 22 may be a central processing unit (Central Processing Unit) in some embodiments. Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip.
  • the processor 22 is generally used to control the overall operation of the computer device 2.
  • the processor 22 is used to run program codes or process data stored in the memory 21, for example, to run a data transmission system (not shown) based on an encryption operation or a data transmission system 20 based on a decryption operation to implement the embodiment The first data transmission method based on encryption operation or the second embodiment data transmission method based on decryption operation.
  • the network interface 23 may include a wireless network interface or a wired network interface, and the network interface 23 is generally used to establish a communication connection between the computer device 2 and other electronic devices.
  • the network interface 23 is used to connect the computer device 2 with an external terminal through a network, and establish a data transmission channel and a communication connection between the computer device 2 and the external terminal.
  • the network may be an intranet (Intranet), the Internet (Internet), a global system of mobile communication (GSM), a wideband code division multiple access (WCDMA), 4G network, 5G Network, Bluetooth (Bluetooth), Wi-Fi and other wireless or wired networks.
  • FIG. 5 only shows the computer device 2 with the components 20-23, but it should be understood that it is not required to implement all the components shown, and more or fewer components may be implemented instead.
  • the data transmission system 20 based on the decryption operation stored in the memory 21 can also be divided into one or more program modules, and the one or more program modules are stored in the memory 21 and consist of one Or executed by multiple processors (in this embodiment, the processor 22) to complete the application.
  • FIG. 4 shows a schematic diagram of the program modules of the data transmission system 20 based on the decryption operation described in the third embodiment of the present application.
  • the data transmission system 20 based on the decryption operation can be divided into request receiving The module 200, the request response module 202, the ciphertext receiving module 204, the ciphertext decryption module 206, the same judgment module 208, and the message forwarding module 210.
  • the program module referred to in this application refers to a series of computer program instruction segments that can complete specific functions, and is more suitable than a program to describe the execution process of the data transmission system 20 based on the decryption operation in the computer device 2.
  • the specific functions of the program modules 200-210 have been described in detail in the third embodiment, and will not be repeated here.
  • This embodiment also provides a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Readable memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc.
  • a computer-readable storage medium such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Readable memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc.
  • the computer-readable storage medium can be It is non-volatile or volatile, and a computer program is stored thereon, and the program realizes the corresponding function when executed by the processor.
  • the computer-readable storage medium of this embodiment is used in a data transmission system based on an encryption operation (not shown) or a data transmission system 20 based on a decryption operation.
  • the data transmission based on an encryption operation in the first embodiment can be realized.
  • the method or the data transmission method based on the decryption operation of the second embodiment can be realized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiments of the present application provide encryption and decryption operation-based data transmission methods. The encryption operation-based data transmission method comprises: sending an access request to a gateway system, so that the gateway system returns token information according to the access request; receiving the token information returned by the gateway system; performing, according to a first key, a first encryption operation on a message to be sent, so as to generate a first encrypted message, the token information being located in a message header of the first encrypted message; performing a second encryption operation on the first encrypted message according to a second key, so as to generate a second encrypted message; performing a third encryption operation on the second key, so as to generate an encrypted key string; and sending the encrypted key string and the second encrypted message to the gateway system, so that the gateway system performs an authentication operation on the second encrypted message and forwards a decrypted message after decryption to a target terminal in cases of successful authentication. The embodiments of the present application reduce the dependence of gateway authentication on keys, and improve the security and integrity of message transmission.

Description

基于加密、解密操作的数据传输方法、系统和计算机设备Data transmission method, system and computer equipment based on encryption and decryption operations
本申请要求于2020年04月02日在中华人民共和国国家知识产权局专利局提交的、申请号为202010253249.9、发明名称为“基于加密、解密操作的数据传输方法、系统和计算机设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires a Chinese patent filed at the Patent Office of the State Intellectual Property Office of the People's Republic of China on April 2, 2020, with the application number 202010253249.9 and the invention title "Data transmission method, system and computer equipment based on encryption and decryption operations" The priority of the application, the entire content of which is incorporated in this application by reference.
技术领域Technical field
本申请实施例涉及区块链和数据传输领域,尤其涉及一种基于加密、解密操作的数据传输方法、系统、计算机设备及计算机可读存储介质。The embodiments of the present application relate to the field of blockchain and data transmission, and in particular to a data transmission method, system, computer device, and computer-readable storage medium based on encryption and decryption operations.
背景技术Background technique
随着人们对互联网越来越依赖,互联网信息安全问题越来越受到大家的重视。目前,应用系统在和外部进行对接时,数据在流转很容易受到数据泄露、数据篡改、流量劫持、钓鱼攻击等风险。在这样的情况下,对报文的加密就至关重要。现有的网关系统可以根据各方请求,进行简单的单次加密操作,进而进行转发。发明人意识到,这种简单的单次加密操作,一旦密钥泄露,造成很大的风险;同时报文的中文在多系统流转的多次序列化中容易造成中文乱码的问题,使得下游系统无法正常解析报文;另外现有网关通过密钥进行鉴权的简单方式太依赖密钥本身。As people rely more and more on the Internet, the issue of Internet information security has attracted more and more attention. At present, when the application system is docked with the outside, the data is vulnerable to risks such as data leakage, data tampering, traffic hijacking, and phishing attacks. In this case, the encryption of the message is very important. The existing gateway system can perform a simple one-time encryption operation according to the request of all parties, and then forward it. The inventor realizes that this simple single encryption operation will cause a great risk once the key is leaked. At the same time, the Chinese language of the message is likely to cause the problem of Chinese garbled in the multiple serialization of the multi-system circulation, which makes the downstream system The message cannot be parsed normally; in addition, the simple way that the existing gateway uses the key to authenticate is too dependent on the key itself.
因此,如何使报文在多系统流转时可以在保证数据安全性的同时进一步提高数据完整性,以及如何降低网关鉴权对密钥的依赖成为了当前要解决的技术问题之一。Therefore, how to ensure data security while further improving data integrity when messages are transferred in multiple systems, and how to reduce the reliance of gateway authentication on keys has become one of the current technical problems to be solved.
技术问题technical problem
本申请实施例的目的之一在于:提供了一种基于加密、解密操作的数据传输方法、系统、计算机设备及计算机可读存储介质,以解决当前报文在多系统流转时数据安全性隐患较大、容易造成中文乱码、网关鉴权对密钥的依赖太大等技术问题。One of the purposes of the embodiments of the present application is to provide a data transmission method, system, computer equipment, and computer-readable storage medium based on encryption and decryption operations, so as to solve the relatively high data security risks of current messages in the circulation of multiple systems. Large, easy to cause technical problems such as Chinese garbled, and the gateway authentication relies too much on the key.
技术解决方案Technical solutions
第一方面,本申请实施例提供了一种基于加密操作的数据传输方法,方法包括:In the first aspect, an embodiment of the present application provides a data transmission method based on an encryption operation, the method includes:
向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
第二方面,本申请实施例提供了一种基于解密操作的数据传输方法,方法包括:In the second aspect, an embodiment of the present application provides a data transmission method based on a decryption operation, and the method includes:
接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
第三方面,本申请实施例提供了一种基于解密操作的数据传输系统,包括:In the third aspect, an embodiment of the present application provides a data transmission system based on a decryption operation, including:
请求接收模块,用于接收移动终端发送的访问请求;The request receiving module is used to receive the access request sent by the mobile terminal;
请求响应模块,用于响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;The request response module is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can respond according to the first The token information converts the message to be sent into the target encrypted message;
密文接收模块,用于接收所述移动终端发送的所述目标加密报文;A ciphertext receiving module, configured to receive the target encrypted message sent by the mobile terminal;
密文解密模块,用于解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;A ciphertext decryption module, configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information;
相同判断模块,用于判断所述第一token信息和所述第二token信息是否相同;The same judging module is used to judge whether the first token information and the second token information are the same;
报文转发模块,用于如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。The message forwarding module is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
第四方面,本申请实施例提供了一种计算机设备,包括存储器、处理器以及存储在存储器中并可在处理器上运行的计算机程序,所述处理器执行计算机程序时实现:In a fourth aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor. When the processor executes the computer program, the following is achieved:
向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
第五方面,本申请实施例提供了一种计算机设备,包括存储器、处理器以及存储在存储器中并可在处理器上运行的计算机程序,所述处理器执行计算机程序时实现:In a fifth aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and running on the processor. When the processor executes the computer program, the following is achieved:
接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
第六方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质可以是非易失性,也可以是易失性,计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现:In the sixth aspect, the embodiments of the present application provide a computer-readable storage medium. The computer-readable storage medium may be non-volatile or volatile. The computer-readable storage medium stores a computer program. Realized when executed by the processor:
向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
第七方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质可以是非易失性,也可以是易失性,计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现:In a seventh aspect, the embodiments of the present application provide a computer-readable storage medium. The computer-readable storage medium may be non-volatile or volatile. The computer-readable storage medium stores a computer program, and the computer program Realized when executed by the processor:
接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
有益效果Beneficial effect
本申请实施例与现有技术相比存在的有益效果是:本申请实施例提供的基于加密、解密操作的数据传输方法、系统、计算机设备及计算机可读存储介质,通过对待加密报文进行的两次加密,提高了在数据传输时的安全性,避免了因单次加密造成的报文泄露问题或报文中文乱码的问题;通过对所述第二秘钥进行一次加密,降低了所述第二秘钥在传输过程中泄露的风险;通过所述token信息进行网关鉴权,确保了数据传输的准确性,避免出现报文误发、错发的问题证鉴权。Compared with the prior art, the embodiments of this application have the following beneficial effects: the data transmission methods, systems, computer equipment, and computer-readable storage media based on encryption and decryption operations provided by the embodiments of this application perform the Twice encryption improves the security during data transmission and avoids the problem of message leakage or garbled Chinese characters caused by a single encryption; by encrypting the second key once, the problem is reduced. There is a risk of the second secret key being leaked during the transmission process; gateway authentication is performed through the token information, which ensures the accuracy of data transmission and avoids the problem of incorrect transmission and wrong transmission of messages.
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或示范性技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly describe the technical solutions in the embodiments of the present application, the following will briefly introduce the accompanying drawings that need to be used in the embodiments or exemplary technical descriptions. Obviously, the accompanying drawings in the following description are only of the present application. For some embodiments, those of ordinary skill in the art can obtain other drawings based on these drawings without creative work.
图1为本申请实施例一中基于加密操作的数据传输方法的流程示意图。FIG. 1 is a schematic flowchart of a data transmission method based on an encryption operation in Embodiment 1 of this application.
图2为本申请实施例二中基于解密操作的数据传输方法的流程示意图。FIG. 2 is a schematic flowchart of a data transmission method based on a decryption operation in Embodiment 2 of this application.
图3为本申请实施例二中基于解密操作的数据传输方法中步骤S206的具体流程示意图。FIG. 3 is a schematic diagram of the specific flow of step S206 in the data transmission method based on the decryption operation in the second embodiment of the application.
图4为本申请基于解密操作的数据传输系统实施例三的程序模块示意图。FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application.
图5为本申请计算机设备实施例四的硬件结构示意图。Fig. 5 is a schematic diagram of the hardware structure of the fourth embodiment of the computer equipment of this application.
本发明的实施方式Embodiments of the present invention
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of this application clearer and clearer, the following further describes the application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions related to "first", "second", etc. in this application are only for descriptive purposes, and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of indicated technical features . Therefore, the features defined with "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on what can be achieved by a person of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be achieved, it should be considered that such a combination of technical solutions does not exist. , Is not within the scope of protection required by this application.
实施例一Example one
参阅图1,示出了本申请实施例之基于加密操作的数据传输方法的步骤流程图。可以理解,本方法实施例中的流程图不用于对执行步骤的顺序进行限定。下面以移动终端为执行主体进行示例性描述,所述移动终端为数据发送端,可以对数据进行加密操作。具体如下。Referring to FIG. 1, it shows a flowchart of the steps of a data transmission method based on an encryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps. The following is an exemplary description with a mobile terminal as an execution subject. The mobile terminal is a data sending end and can perform an encryption operation on data. details as follows.
步骤S100,向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息。Step S100: Send an access request to the gateway system, so that the gateway system returns token information according to the access request.
所述移动终端作为数据加密方,所述网关系统为数据解密方。所述移动终端可以是移动电话、平板个人计算机(tablet personal computer)、膝上型计算机(laptop computer)等具有数据传输功能的设备。通过所述移动终端相关向所述网关系统发送一个访问请求,所述网关系统根据该访问请求生成一个对应于所述移动终端的唯一token(令牌)信息,并将所述token信息发送回所述移动终端;其中,所述token信息用于标识身份,是在数据传输时是证明数据传输者身份的唯一身份标识符。The mobile terminal serves as a data encryption party, and the gateway system serves as a data decryption party. The mobile terminal may be a device with a data transmission function, such as a mobile phone, a tablet personal computer, or a laptop computer. An access request is sent to the gateway system through the mobile terminal correlation, and the gateway system generates a unique token (token) information corresponding to the mobile terminal according to the access request, and sends the token information back to all The mobile terminal; wherein the token information is used to identify an identity, and is a unique identifier that proves the identity of the data transmitter during data transmission.
步骤S102,接收所述网关系统返回的token信息。Step S102: Receive the token information returned by the gateway system.
接收到所述网关系统返回的token信息后,所述移动终端会将所述token信息存放至待发送的信息中,将所述token信息与所述待发送的信息一起发送出去,以供解密方通过所述token信息对所述移动终端的身份进行确认与核实,以确保的数据传输的准确性。After receiving the token information returned by the gateway system, the mobile terminal will store the token information in the information to be sent, and send the token information together with the information to be sent for the decryption party The identity of the mobile terminal is confirmed and verified through the token information to ensure the accuracy of data transmission.
步骤S104,根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部。Step S104: Perform a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, where the token information is located in the header of the first encrypted message.
所述第一加密操作的加密方法使用的加密算法是非对称加密算法,所述非对称加密算法可以根据所述第一秘钥对所述对待发送报进行加密。The encryption algorithm used by the encryption method of the first encryption operation is an asymmetric encryption algorithm, and the asymmetric encryption algorithm may encrypt the message to be sent according to the first secret key.
所谓非对称加密算法需要两个秘钥:公开秘钥(publickey 公钥)和私有秘钥(privatekey 私钥);其中,公钥与私钥是一对,如果用公钥对数据进行加密,只有用对应的私钥才能解密。正因为加密和解密使用的是两个不同的秘钥,所以这种算法叫作非对称加密算法。其中,所述网关系统会预先根据非对称加密算法生成公钥和私钥,所述网关系统会将所述私钥保存,而所述公钥则会预先分配给所述移动终端的。所述第一秘钥就是所述网关系统预先分配的公钥。在一些实施例中,所述第一加密操作的加密方法可以是RSA(非对称加密)算法、Elgamal算法、背包算法、Rabin算法、D-H算法、ECC(椭圆曲线加密算法)算法或者SM2算法等。在本实施例中,所述非对称加密算法优选为RSA算法;即,根据第一秘钥对待发送报文进行RSA加密操作以生成第一加密报文。The so-called asymmetric encryption algorithm requires two secret keys: a public key (publickey public key) and a private key (privatekey private key); among them, the public key and the private key are a pair. If the public key is used to encrypt data, only Use the corresponding private key to decrypt. Because encryption and decryption use two different secret keys, this algorithm is called an asymmetric encryption algorithm. Wherein, the gateway system will generate a public key and a private key in advance according to an asymmetric encryption algorithm, the gateway system will save the private key, and the public key will be pre-allocated to the mobile terminal. The first secret key is the public key pre-allocated by the gateway system. In some embodiments, the encryption method of the first encryption operation may be an RSA (asymmetric encryption) algorithm, an Elgamal algorithm, a knapsack algorithm, a Rabin algorithm, a D-H algorithm, an ECC (elliptic curve encryption algorithm) algorithm, or an SM2 algorithm. In this embodiment, the asymmetric encryption algorithm is preferably the RSA algorithm; that is, the RSA encryption operation is performed on the message to be sent according to the first secret key to generate the first encrypted message.
为了确保的数据传输的准确性与安全性,所述第一加密报文的报文头部还携带有所述token信息,用于供解密方通过所述token信息对所述移动终端的身份进行确认与核实。In order to ensure the accuracy and security of data transmission, the header of the first encrypted message also carries the token information, which is used by the decryption party to perform verification on the identity of the mobile terminal through the token information. Confirmation and verification.
步骤S106,根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文。Step S106: Perform a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
所述第二加密操作的加密方法使用的加密算法是对称加密算法,所述对称加密算法可以根据所述第二秘钥对对所述第一加密报文进行加密。The encryption algorithm used in the encryption method of the second encryption operation is a symmetric encryption algorithm, and the symmetric encryption algorithm may encrypt the first encrypted message according to the second secret key.
所谓对称加密算法是指密和解密使用相同秘钥的加密算法,也被称为传统密码算法,就是加密秘钥能够从解密秘钥中推算出来,同时解密秘钥也可以从加密秘钥中推算出来。而一般对称算法的加密秘钥和解密秘钥是相同的,所以也称这种加密算法为秘密秘钥算法或单秘钥算法。在一些实施例中,所述第二加密操作的加密方法可以是DES算法,3DES算法,TDEA(Triple Data Encryption Algorithm 三重数据加密算法)算法,Blowfish算法,RC5算法,AES(对称加密)算法或者为异或加密算法等。在本实施例中,所述第一对称加密算法优选为AES算法。即,根据所述第二秘钥对所述第一加密报文进行AES加密操作以生成第二加密报文。The so-called symmetric encryption algorithm refers to an encryption algorithm that uses the same secret key for encryption and decryption. It is also called a traditional encryption algorithm. The encryption key can be calculated from the decryption key, and the decryption key can also be calculated from the encryption key. come out. The encryption key and decryption key of a general symmetric algorithm are the same, so this encryption algorithm is also called a secret key algorithm or a single key algorithm. In some embodiments, the encryption method of the second encryption operation may be DES algorithm, 3DES algorithm, TDEA (Triple Data Encryption Algorithm Triple data encryption algorithm) algorithm, Blowfish algorithm, RC5 algorithm, AES (symmetric encryption) algorithm or XOR encryption algorithm, etc. In this embodiment, the first symmetric encryption algorithm is preferably the AES algorithm. That is, perform an AES encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
步骤S108,对第二秘钥进行第三加密操作以生成加密秘钥串。Step S108: Perform a third encryption operation on the second secret key to generate an encryption secret key string.
由于对称算法的加密秘钥和解密秘钥是同一个秘钥,所以若是秘钥泄漏就意味着任何人都可以对他们发送或接收的消息解密,所以秘钥的保密性对通信的安全性至关重要。因此,本实施例将会进行第三加密操作以生成加密秘钥串。Since the encryption key and the decryption key of the symmetric algorithm are the same secret key, if the secret key is leaked, it means that anyone can decrypt the messages they send or receive. Therefore, the confidentiality of the secret key is essential to the security of communication. Important. Therefore, this embodiment will perform a third encryption operation to generate an encryption key string.
示例性的,所述步骤S108可以进一步包括:根据BASE64对所述第二秘钥进行加密操作,以得到所述加密秘钥串。Exemplarily, the step S108 may further include: performing an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
在本实施例中,以BASE64编码方法作为所述第三加密操作的加密方法,所谓BASE64编码方法是基于64个可打印字符来表示二进制数据的方法,通过对所述第二秘钥进行BASE64编码操作,以将所述第二秘钥转换为所述加密秘钥串,以降低所述第二秘钥在传输过程中泄露的风险。In this embodiment, the BASE64 encoding method is used as the encryption method of the third encryption operation. The so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters, and the second secret key is BASE64 encoded. Operation to convert the second secret key into the encryption key string, so as to reduce the risk of leakage of the second secret key during transmission.
步骤S110,将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Step S110: Send the encryption key string and the second encrypted message to the gateway system for the gateway system to perform an authentication operation on the second encrypted message and in the case of successful authentication Forward the decrypted decrypted message to the target terminal.
所述移动终端在得到所述加密秘钥串和第二加密报文后,即可将所述加密秘钥串和所述第二加密报文发送到所述网关系统中,通过所述网关系统对所述第二加密报文进行解密操作和鉴权操作,所述解密操作即是通过网关系统对第二加密报文进行解密,所述鉴权操作为对所述解密结果进行核实,在本实施中,可以根据所述token信息进行鉴权,例如,对比网关系统中的原始token信息和所述解密结果中的token信息,如果二者相同则鉴权成功,在鉴权成功的情形下将解密后的解密报文转发至目标终端中;如果二者不同则鉴权失败,则给所述移动终端发送鉴权失败信息,并删除解密结果。After the mobile terminal obtains the encryption key string and the second encrypted message, it can send the encryption key string and the second encrypted message to the gateway system through the gateway system Perform a decryption operation and an authentication operation on the second encrypted message. The decryption operation is to decrypt the second encrypted message through the gateway system. The authentication operation is to verify the decryption result. During implementation, authentication can be performed based on the token information. For example, the original token information in the gateway system and the token information in the decryption result can be compared. If the two are the same, the authentication is successful. The decrypted decrypted message is forwarded to the target terminal; if the two are different, the authentication fails, the authentication failure information is sent to the mobile terminal, and the decrypted result is deleted.
本实施例设计了三次加密操作,通过对待加密报文进行的两次加密,提高了在数据传输时的安全性,杜绝因为单次加密造成数据泄露的问题;通过对所述第二秘钥进行一次加密,降低了所述第二秘钥在传输过程中泄露的风险,对所述token信息进行鉴权,确保了数据传输的准确性,避免出现报文误发、错发的问题证鉴权。This embodiment designs three encryption operations. By encrypting the message to be encrypted twice, the security during data transmission is improved, and the problem of data leakage caused by a single encryption is eliminated; by performing the second secret key One-time encryption reduces the risk of leakage of the second secret key during transmission. The token information is authenticated to ensure the accuracy of data transmission and avoid problems such as mis-sending and wrong-sending of messages. .
实施例二Example two
参阅图2,示出了本申请实施例之基于解密操作的数据传输方法的步骤流程图。可以理解,本方法实施例中的流程图不用于对执行步骤的顺序进行限定。下面以网关系统为执行主体进行示例性描述,该网关系统为数据转发端可以对数据进行解密操作以及可以数据进行认证。具体如下。Referring to FIG. 2, it shows a flowchart of the steps of a data transmission method based on a decryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps. The following is an exemplary description with a gateway system as the executive body. The gateway system is a data forwarding terminal that can decrypt data and can authenticate data. details as follows.
步骤S200,接收移动终端发送的访问请求。Step S200: Receive an access request sent by a mobile terminal.
所述网关系统会接收来自所述移动终端发送的访问请求。所述网关(Gateway)系统也可以称之为网间连接器、协议转换器,是一种可以充当转换重任的计算机系统或设备。网关在传输层上可以实现网络互连,是一种复杂的网络互连设备,可用于广域网互连,也可用于局域网互连。在本实施例中,所述网关系统用于对传输的数据进行解密、认证以及转发等操作。The gateway system will receive an access request sent from the mobile terminal. The gateway system can also be called an internet connector or a protocol converter, and is a computer system or device that can serve as an important task of conversion. The gateway can realize network interconnection on the transport layer. It is a complex network interconnection device, which can be used for wide area network interconnection and local area network interconnection. In this embodiment, the gateway system is used to decrypt, authenticate, and forward the transmitted data.
步骤S202,响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文。Step S202: In response to the access request, allocate first token information to the mobile terminal, and send the first token information to the mobile terminal, so that the mobile terminal will The message to be sent is converted into a target encrypted message.
在接收到所述移动终端发送的访问请求后,所述网关系统会为所述移动终端分配一个对应于所述移动终端的唯一第一token信息,并将所述第一token信息发送到所述移动终端;其中,所述第一token信息用于标识所述移动终端的身份,是在数据传输时是证明数据传输者身份的唯一身份标识符。所述移动终端在接收到所述第一token信息后,会根据第一token信息对所述待发送报文加密以得到目标加密报文。After receiving the access request sent by the mobile terminal, the gateway system will allocate a unique first token information corresponding to the mobile terminal to the mobile terminal, and send the first token information to the mobile terminal. Mobile terminal; wherein, the first token information is used to identify the identity of the mobile terminal, and is a unique identifier that proves the identity of the data transmitter during data transmission. After receiving the first token information, the mobile terminal encrypts the message to be sent according to the first token information to obtain a target encrypted message.
步骤S204,接收所述移动终端发送的所述目标加密报文。Step S204: Receive the target encrypted message sent by the mobile terminal.
示例性的,所述步骤S204可以进一步包括:接收所述移动终端提供的加密秘钥串,所述加密秘钥串是通过BSAE64对AES秘钥加密得到的。Exemplarily, the step S204 may further include: receiving an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
在本实施例中,通过BASE64编码方法对所述AES秘钥进行加密以得到加密秘钥串,所谓BASE64编码方法是基于64个可打印字符来表示二进制数据的方法,通过对所述AES秘钥进行BASE64编码操作,以将所述AES秘钥转换为所述加密秘钥串,以降低所述AES秘钥在传输过程中泄露的风险。In this embodiment, the AES key is encrypted by the BASE64 encoding method to obtain an encryption key string. The so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters. Perform a BASE64 encoding operation to convert the AES key into the encryption key string, so as to reduce the risk of the AES key being leaked during transmission.
示例性的,所述步骤S204可以进一步包括:所述目标加密报文是待发送报文经过RSA公钥和AES秘钥两轮加密得到的加密报文。Exemplarily, the step S204 may further include: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
在本实施例中,所述待发送报文先根据RSA公钥,并通过非对称加密算法进行第一轮加密,再根据所述AES秘钥并通过对称加密算法对所述第一轮加密结果进行加密。非对称加密算法为RSA算法,所述对称加密算法为AES算法。其中,所述RSA公钥为所述网关系统预先根据非对称加密算法生成并分配给所述移动终端的。In this embodiment, the message to be sent is first encrypted according to the RSA public key and the asymmetric encryption algorithm, and then the first round of encryption is performed according to the AES key and the symmetric encryption algorithm. Encrypted. The asymmetric encryption algorithm is the RSA algorithm, and the symmetric encryption algorithm is the AES algorithm. Wherein, the RSA public key is generated by the gateway system in advance according to an asymmetric encryption algorithm and distributed to the mobile terminal.
步骤S206,解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息。Step S206: Decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
示例性的,如图3所示,所述步骤S206可以进一步包括:Exemplarily, as shown in FIG. 3, the step S206 may further include:
步骤S206a,通过BASE64解密所述加密秘钥串以得到所述AES秘钥。Step S206a: Decrypt the encryption key string through BASE64 to obtain the AES key.
所述加密秘钥串BASE64编码方法为预先约定好的解密方法,通过所述加密秘钥串BASE64编码方法对所述加密秘钥串的解密,以得到所述AES秘钥。通过BASE64编码方法得到的加密秘钥串,可以根据BASE64编码方法进行解码以得到对应的AES秘钥。The encryption key string BASE64 encoding method is a predetermined decryption method, and the encryption key string is decrypted by the encryption key string BASE64 encoding method to obtain the AES key. The encryption key string obtained by the BASE64 encoding method can be decoded according to the BASE64 encoding method to obtain the corresponding AES key.
步骤S206b,通过所述AES秘钥对所述目标加密报文进行解密操作,以得到中间加密报文。Step S206b: Perform a decryption operation on the target encrypted message using the AES key to obtain an intermediate encrypted message.
所述目标加密报文是根据所述AES秘钥通过AES算法对所述中间加密报文加密得到的,所以对所述目标加密报文进行解密,也是通过所述AES秘钥进行的。因为所述AES算法是对称算法,所述加密秘钥和解密秘钥是同一个秘钥,即都是ASE秘钥。The target encrypted message is obtained by encrypting the intermediate encrypted message using the AES algorithm according to the AES key, so decrypting the target encrypted message is also performed using the AES key. Because the AES algorithm is a symmetric algorithm, the encryption key and the decryption key are the same key, that is, both are ASE keys.
步骤S206c,通过RSA私钥对所述中间加密报文进行解密操作,以得到所述解密报文,其中,所述解密报文中包括第二token信息。Step S206c: Perform a decryption operation on the intermediate encrypted message using the RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
所述中间加密报文是根据所述RSA公钥通过RSA算法对所述解密报文加密得到的,所以对所述目标加密报文进行解密,要通过与所述RSA公钥对应的所述RSA私钥进行的。所述RSA公钥和所述RSA私钥是一对不同但对应的秘钥,其中,所述RSA公钥和所述RSA私钥是所述网关系统预先通过RSA算法得到,所述RSA公钥被所述网关系统分配给移动终端,所述RSA私钥用于对所述移动终端发来的加密文报进行解密。The intermediate encrypted message is obtained by encrypting the decrypted message using the RSA algorithm according to the RSA public key, so to decrypt the target encrypted message, the RSA corresponding to the RSA public key Private key. The RSA public key and the RSA private key are a pair of different but corresponding secret keys, wherein the RSA public key and the RSA private key are obtained by the gateway system through the RSA algorithm in advance, and the RSA public key Assigned to the mobile terminal by the gateway system, the RSA private key is used to decrypt the encrypted message sent by the mobile terminal.
其中,所述解密报文中还携带有第二token信息,所述第二token信息是所述移动终端根据所述第一token信息生成的。Wherein, the decrypted message also carries second token information, and the second token information is generated by the mobile terminal according to the first token information.
步骤S208,判断所述第一token信息和所述第二token信息是否相同,如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。Step S208: It is judged whether the first token information and the second token information are the same, and if the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
所述网关系统可以根据所述第一token信息和所述第二token信息对所述解密文件进行鉴权,即,通过对比所述第一token信息和所述第二token信息,当所述第一token信息和所述第二token信息相同,则鉴权成功并将所述解密报文转发至目标终端中。The gateway system may authenticate the decrypted file according to the first token information and the second token information, that is, by comparing the first token information and the second token information, when the first token information is If the first token information is the same as the second token information, the authentication succeeds and the decrypted message is forwarded to the target terminal.
示例性的,所述步骤S208可以进一步包括:如果所述第一token信息和所述第二token信息不相同,则向所述移动终端发送鉴权失败信号并停止后续操作。Exemplarily, the step S208 may further include: if the first token information and the second token information are not the same, sending an authentication failure signal to the mobile terminal and stopping subsequent operations.
当所述第一token信息和所述第二token信息不相同,则鉴权失败,这时网关系统则向所述移动终端发送鉴权失败信号并停止后续操作。所述移动终端在接收到鉴权失败信号会再次核实数据,并对所述核实数据的进行加密操作,再次将得到新的目标加密报文和新的加密秘钥串发送至网关系统。When the first token information and the second token information are not the same, the authentication fails. At this time, the gateway system sends an authentication failure signal to the mobile terminal and stops subsequent operations. Upon receiving the authentication failure signal, the mobile terminal will verify the data again, perform an encryption operation on the verified data, and send the new target encrypted message and the new encryption key string to the gateway system again.
实施例三Example three
图4为本申请基于解密操作的数据传输系统实施例三的程序模块示意图。基于解密操作的数据传输系统20可以包括或被分割成一个或多个程序模块,一个或者多个程序模块被存储于存储介质中,并由一个或多个处理器所执行,以完成本申请,并可实现上述基于解密操作的数据传输方法。本申请实施例所称的程序模块是指能够完成特定功能的一系列计算机程序指令段,比程序本身更适合于描述基于解密操作的数据传输系统20在存储介质中的执行过程。以下描述将具体介绍本实施例各程序模块的功能:FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application. The data transmission system 20 based on the decryption operation may include or be divided into one or more program modules. The one or more program modules are stored in a storage medium and executed by one or more processors to complete this application. And can realize the above-mentioned data transmission method based on decryption operation. The program module referred to in the embodiments of the present application refers to a series of computer program instruction segments capable of completing specific functions, and is more suitable for describing the execution process of the data transmission system 20 based on the decryption operation in the storage medium than the program itself. The following description will specifically introduce the functions of each program module in this embodiment:
请求接收模块200,用于接收移动终端发送的访问请求。The request receiving module 200 is configured to receive an access request sent by a mobile terminal.
请求响应模块202,用于响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文。The request response module 202 is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can be A token information converts the message to be sent into a target encrypted message.
密文接收模块204,用于接收所述移动终端发送的所述目标加密报文;The ciphertext receiving module 204 is configured to receive the target encrypted message sent by the mobile terminal;
示例性的,所述密文接收模块204还用于:接收所述移动终端提供的加密秘钥串,所述加密秘钥串是通过BSAE64对AES秘钥加密得到的。Exemplarily, the ciphertext receiving module 204 is further configured to receive an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
示例性的,所述密文接收模块204还用于:所述目标加密报文是待发送报文经过RSA公钥和AES秘钥两轮加密得到的加密报文。Exemplarily, the ciphertext receiving module 204 is further configured to: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
密文解密模块206,用于解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息。The ciphertext decryption module 206 is configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
示例性的,所述密文解密模块206还用于:通过BASE64解密所述加密秘钥串以得到所述AES秘钥;通过所述AES秘钥对所述目标加密报文进行解密操作,以得到中间加密报文;通过RSA私钥对所述中间加密报文进行解密操作,以得到所述解密报文,其中,所述解密报文中包括第二token信息。Exemplarily, the ciphertext decryption module 206 is further configured to: decrypt the encryption key string through BASE64 to obtain the AES secret key; and perform a decryption operation on the target encrypted message through the AES secret key to Obtain an intermediate encrypted message; perform a decryption operation on the intermediate encrypted message with an RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
相同判断模块208,用于判断所述第一token信息和所述第二token信息是否相同。The same judging module 208 is used to judge whether the first token information and the second token information are the same.
报文转发模块210,用于如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。The message forwarding module 210 is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
示例性的,所述报文转发模块210还用于:如果所述第一token信息和所述第二token信息不相同,则向所述移动终端发送鉴权失败信号并停止后续操作。Exemplarily, the message forwarding module 210 is further configured to: if the first token information and the second token information are not the same, send an authentication failure signal to the mobile terminal and stop subsequent operations.
实施例四Example four
参阅图5,是本申请实施例四之计算机设备的硬件架构示意图。本实施例中,所述计算机设备2是一种能够按照事先设定或者存储的指令,自动进行数值计算和/或信息处理的设备。该计算机设备2可以是机架式服务器、刀片式服务器、塔式服务器或机柜式服务器(包括独立的服务器,或者多个服务器所组成的服务器集群)等。如图所示,所述计算机设备2至少包括,但不限于,可通过系统总线相互通信连接存储器21、处理器22、网络接口23、以及基于加密操作的数据传输系统(未图示)或基于解密操作的数据传输系统20。Refer to FIG. 5, which is a schematic diagram of the hardware architecture of the computer device according to the fourth embodiment of the present application. In this embodiment, the computer device 2 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. The computer device 2 may be a rack server, a blade server, a tower server, or a cabinet server (including an independent server or a server cluster composed of multiple servers). As shown in the figure, the computer device 2 at least includes, but is not limited to, a memory 21, a processor 22, a network interface 23, and a data transmission system (not shown) based on encryption operations that can communicate with each other through a system bus (not shown) or Data transmission system 20 for decryption operation.
本实施例中,存储器21至少包括一种类型的计算机可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,存储器21可以是计算机设备2的内部存储单元,例如该计算机设备2的硬盘或内存。在另一些实施例中,存储器21也可以是计算机设备2的外部存储设备,例如该计算机设备2上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。当然,存储器21还可以既包括计算机设备2的内部存储单元也包括其外部存储设备。本实施例中,存储器21通常用于存储安装于计算机设备2的操作系统和各类应用软件,例如基于加密操作的数据传输系统(未图示)或实施例三的基于解密操作的数据传输系统20的程序代码等。此外,存储器21还可以用于暂时地存储已经输出或者将要输出的各类数据。In this embodiment, the memory 21 includes at least one type of computer-readable storage medium. The readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory ( RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc. In some embodiments, the memory 21 may be an internal storage unit of the computer device 2, for example, a hard disk or a memory of the computer device 2. In other embodiments, the memory 21 may also be an external storage device of the computer device 2, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc. Of course, the memory 21 may also include both the internal storage unit of the computer device 2 and its external storage device. In this embodiment, the memory 21 is generally used to store an operating system and various application software installed in the computer device 2, such as a data transmission system based on an encryption operation (not shown) or a data transmission system based on a decryption operation in the third embodiment. 20 program code and so on. In addition, the memory 21 can also be used to temporarily store various types of data that have been output or will be output.
处理器22在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器22通常用于控制计算机设备2的总体操作。本实施例中,处理器22用于运行存储器21中存储的程序代码或者处理数据,例如运行基于加密操作的数据传输系统(未图示)或基于解密操作的数据传输系统20,以实现实施例一的基于加密操作的数据传输或实施例二的基于解密操作的数据传输方法。The processor 22 may be a central processing unit (Central Processing Unit) in some embodiments. Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip. The processor 22 is generally used to control the overall operation of the computer device 2. In this embodiment, the processor 22 is used to run program codes or process data stored in the memory 21, for example, to run a data transmission system (not shown) based on an encryption operation or a data transmission system 20 based on a decryption operation to implement the embodiment The first data transmission method based on encryption operation or the second embodiment data transmission method based on decryption operation.
所述网络接口23可包括无线网络接口或有线网络接口,该网络接口23通常用于在所述计算机设备2与其他电子装置之间建立通信连接。例如,所述网络接口23用于通过网络将所述计算机设备2与外部终端相连,在所述计算机设备2与外部终端之间的建立数据传输通道和通信连接等。所述网络可以是企业内部网(Intranet)、互联网(Internet)、全球移动通讯系统(Global System of Mobile communication,GSM)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、4G网络、5G网络、蓝牙(Bluetooth)、Wi-Fi等无线或有线网络。The network interface 23 may include a wireless network interface or a wired network interface, and the network interface 23 is generally used to establish a communication connection between the computer device 2 and other electronic devices. For example, the network interface 23 is used to connect the computer device 2 with an external terminal through a network, and establish a data transmission channel and a communication connection between the computer device 2 and the external terminal. The network may be an intranet (Intranet), the Internet (Internet), a global system of mobile communication (GSM), a wideband code division multiple access (WCDMA), 4G network, 5G Network, Bluetooth (Bluetooth), Wi-Fi and other wireless or wired networks.
需要指出的是,图5仅示出了具有部件20-23的计算机设备2,但是应理解的是,并不要求实施所有示出的部件,可以替代的实施更多或者更少的部件。It should be pointed out that FIG. 5 only shows the computer device 2 with the components 20-23, but it should be understood that it is not required to implement all the components shown, and more or fewer components may be implemented instead.
在本实施例中,存储于存储器21中的基于解密操作的数据传输系统20还可以被分割为一个或者多个程序模块,所述一个或者多个程序模块被存储于存储器21中,并由一个或多个处理器(本实施例为处理器22)所执行,以完成本申请。In this embodiment, the data transmission system 20 based on the decryption operation stored in the memory 21 can also be divided into one or more program modules, and the one or more program modules are stored in the memory 21 and consist of one Or executed by multiple processors (in this embodiment, the processor 22) to complete the application.
例如,图4示出了本申请实施例三之所述实现基于解密操作的数据传输系统20的程序模块示意图,该实施例中,所述基于解密操作的数据传输系统20可以被划分为请求接收模块200、请求响应模块202、密文接收模块204、密文解密模块206、相同判断模块208和报文转发模块210。其中,本申请所称的程序模块是指能够完成特定功能的一系列计算机程序指令段,比程序更适合于描述所述基于解密操作的数据传输系统20在所述计算机设备2中的执行过程。所述程序模块200-210的具体功能在实施例三中已有详细描述,在此不再赘述。For example, FIG. 4 shows a schematic diagram of the program modules of the data transmission system 20 based on the decryption operation described in the third embodiment of the present application. In this embodiment, the data transmission system 20 based on the decryption operation can be divided into request receiving The module 200, the request response module 202, the ciphertext receiving module 204, the ciphertext decryption module 206, the same judgment module 208, and the message forwarding module 210. Among them, the program module referred to in this application refers to a series of computer program instruction segments that can complete specific functions, and is more suitable than a program to describe the execution process of the data transmission system 20 based on the decryption operation in the computer device 2. The specific functions of the program modules 200-210 have been described in detail in the third embodiment, and will not be repeated here.
实施例五Example five
本实施例还提供一种计算机可读存储介质,如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘、服务器、App应用商城等等,该计算机可读存储介质可以是非易失性,也可以是易失性,其上存储有计算机程序,程序被处理器执行时实现相应功能。本实施例的计算机可读存储介质用于基于加密操作的数据传输系统(未图示)或基于解密操作的数据传输系统20,被处理器执行时可以实现实施例一的基于加密操作的数据传输方法或实施例二的基于解密操作的数据传输方法。This embodiment also provides a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Readable memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc., the computer-readable storage medium can be It is non-volatile or volatile, and a computer program is stored thereon, and the program realizes the corresponding function when executed by the processor. The computer-readable storage medium of this embodiment is used in a data transmission system based on an encryption operation (not shown) or a data transmission system 20 based on a decryption operation. When executed by a processor, the data transmission based on an encryption operation in the first embodiment can be realized. The method or the data transmission method based on the decryption operation of the second embodiment.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are for description only, and do not represent the superiority or inferiority of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of the application, and do not limit the scope of the patent for this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of the application, or directly or indirectly applied to other related technical fields , The same reason is included in the scope of patent protection of this application.

Claims (20)

  1. 一种基于加密操作的数据传输方法,其中,包括: A data transmission method based on encryption operation, which includes:
    向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
    接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
    根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
    根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
    对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
    将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
  2. 如权利要求1所述的基于加密操作的数据传输方法,其中,对第二秘钥进行第三加密操作以生成加密秘钥串的步骤,包括: The data transmission method based on an encryption operation according to claim 1, wherein the step of performing a third encryption operation on the second key to generate an encryption key string comprises:
    根据BASE64对所述第二秘钥进行加密操作,以得到所述加密秘钥串。Perform an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
  3. 一种基于解密操作的数据传输方法,其中,包括: A data transmission method based on decryption operation, which includes:
    接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
    响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
    接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
    解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
    判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
    如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
  4. 如权利要求3所述的基于解密操作的数据传输方法,其中,还包括接收所述移动终端提供的加密秘钥串,所述加密秘钥串是通过BSAE64对AES秘钥加密得到的。 The data transmission method based on a decryption operation according to claim 3, further comprising receiving an encryption key string provided by the mobile terminal, the encryption key string being obtained by encrypting the AES key through BSAE64.
  5. 如权利要求4所述的基于解密操作的数据传输方法,其中,所述目标加密报文是待发送报文经过RSA公钥和AES秘钥两轮加密得到的加密报文。 The data transmission method based on a decryption operation according to claim 4, wherein the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  6. 如权利要求5所述的基于解密操作的数据传输方法,其中,解密所述目标加密报文以得到解密报文的步骤,包括: The data transmission method based on a decryption operation according to claim 5, wherein the step of decrypting the target encrypted message to obtain the decrypted message comprises:
    通过BASE64解密所述加密秘钥串以得到所述AES秘钥;Decrypt the encryption key string by BASE64 to obtain the AES key;
    通过所述AES秘钥对所述目标加密报文进行解密操作,以得到中间加密报文;Performing a decryption operation on the target encrypted message by using the AES key to obtain an intermediate encrypted message;
    通过RSA私钥对所述中间加密报文进行解密操作,以得到所述解密报文,其中,所述解密报文中包括第二token信息。A decryption operation is performed on the intermediate encrypted message using the RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  7. 如权利要求4所述的基于解密操作的数据传输方法,其中,所述方法还包括:如果所述第一token信息和所述第二token信息不相同,则向所述移动终端发送鉴权失败信号并停止后续操作。 The data transmission method based on a decryption operation according to claim 4, wherein the method further comprises: if the first token information and the second token information are not the same, sending an authentication failure to the mobile terminal Signal and stop subsequent operations.
  8. 一种基于解密操作的数据传输系统,其中,包括: A data transmission system based on decryption operation, which includes:
    请求接收模块,用于接收移动终端发送的访问请求;The request receiving module is used to receive the access request sent by the mobile terminal;
    请求响应模块,用于响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;The request response module is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can respond according to the first The token information converts the message to be sent into the target encrypted message;
    密文接收模块,用于接收所述移动终端发送的所述目标加密报文;A ciphertext receiving module, configured to receive the target encrypted message sent by the mobile terminal;
    密文解密模块,用于解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;A ciphertext decryption module, configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information;
    相同判断模块,用于判断所述第一token信息和所述第二token信息是否相同;The same judging module is used to judge whether the first token information and the second token information are the same;
    报文转发模块,用于如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。The message forwarding module is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
  9. 一种计算机设备,其中,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现: A computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the computer program:
    向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
    接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
    根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
    根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
    对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
    将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
  10. 如权利要求9所述的计算机设备,其中,所述处理器执行所述计算机程序时还实现: 9. The computer device according to claim 9, wherein the processor further implements when the computer program is executed:
    根据BASE64对所述第二秘钥进行加密操作,以得到所述加密秘钥串。Perform an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
  11. 一种计算机设备,其中,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现: A computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the computer program:
    接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
    响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
    接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
    解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
    判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
    如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
  12. 如权利要求11所述的计算机设备,其中,所述处理器执行所述计算机程序时还实现: The computer device according to claim 11, wherein, when the processor executes the computer program, it further implements:
    接收所述移动终端提供的加密秘钥串,所述加密秘钥串是通过BSAE64对AES秘钥加密得到的。An encryption key string provided by the mobile terminal is received, where the encryption key string is obtained by encrypting the AES key through BSAE64.
  13. 如权利要求12所述的计算机设备,其中,所述处理器执行所述计算机程序时还实现: The computer device according to claim 12, wherein, when the processor executes the computer program, it further implements:
    所述目标加密报文是待发送报文经过RSA公钥和AES秘钥两轮加密得到的加密报文。The target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  14. 如权利要求13所述的计算机设备,其中,所述处理器执行所述计算机程序时还实现: The computer device according to claim 13, wherein, when the processor executes the computer program, it further implements:
    通过BASE64解密所述加密秘钥串以得到所述AES秘钥;Decrypt the encryption key string by BASE64 to obtain the AES key;
    通过所述AES秘钥对所述目标加密报文进行解密操作,以得到中间加密报文;Performing a decryption operation on the target encrypted message by using the AES key to obtain an intermediate encrypted message;
    通过RSA私钥对所述中间加密报文进行解密操作,以得到所述解密报文,其中,所述解密报文中包括第二token信息。A decryption operation is performed on the intermediate encrypted message using the RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  15. 如权利要求12所述的计算机设备,其中,所述处理器执行所述计算机程序时还实现: The computer device according to claim 12, wherein, when the processor executes the computer program, it further implements:
    如果所述第一token信息和所述第二token信息不相同,则向所述移动终端发送鉴权失败信号并停止后续操作。If the first token information and the second token information are not the same, an authentication failure signal is sent to the mobile terminal and subsequent operations are stopped.
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其中,所述计算机程序被处理器执行时实现: A computer-readable storage medium storing a computer program, wherein the computer program is executed by a processor to realize:
    向网关系统发送访问请求,以使所述网关系统根据所述访问请求返回token信息;Sending an access request to the gateway system, so that the gateway system returns token information according to the access request;
    接收所述网关系统返回的token信息;Receiving token information returned by the gateway system;
    根据第一秘钥对待发送报文进行第一加密操作以生成第一加密报文,其中,所述token信息位于所述第一加密报文的报文头部;Performing a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, wherein the token information is located in the header of the first encrypted message;
    根据所述第二秘钥对所述第一加密报文进行第二加密操作以生成第二加密报文;Performing a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message;
    对第二秘钥进行第三加密操作以生成加密秘钥串;Perform a third encryption operation on the second secret key to generate an encryption secret key string;
    将所述加密秘钥串和第二加密报文发送到所述网关系统中,以供所述网关系统对所述第二加密报文进行鉴权操作并在鉴权成功的情形下将解密后的解密报文转发至目标终端中。Send the encryption key string and the second encrypted message to the gateway system, so that the gateway system can perform an authentication operation on the second encrypted message and decrypt it if the authentication is successful The decrypted message is forwarded to the target terminal.
  17. 如权利要求16所述的计算机可读存储介质,其中,所述计算机程序被处理器执行时还实现: 15. The computer-readable storage medium of claim 16, wherein the computer program, when executed by the processor, further implements:
    根据BASE64对所述第二秘钥进行加密操作,以得到所述加密秘钥串。Perform an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
  18. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其中,所述计算机程序被处理器执行时实现: A computer-readable storage medium storing a computer program, wherein the computer program is executed by a processor to realize:
    接收移动终端发送的访问请求;Receive an access request sent by a mobile terminal;
    响应于所述访问请求,为所述移动终端分配第一token信息,并将所述第一token信息发送至所述移动终端,以使所述移动终端根据所述第一token信息将待发送报文转换为目标加密报文;In response to the access request, first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information. The text is converted into the target encrypted message;
    接收所述移动终端发送的所述目标加密报文;Receiving the target encrypted message sent by the mobile terminal;
    解密所述目标加密报文以得到解密报文,所述解密报文中包括第二token信息;Decrypting the target encrypted message to obtain a decrypted message, the decrypted message including the second token information;
    判断所述第一token信息和所述第二token信息是否相同;Judging whether the first token information and the second token information are the same;
    如果所述第一token信息和所述第二token信息相同,则将所述解密报文转发至目标终端中。If the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
  19. 如权利要求18所述的计算机可读存储介质,其中,所述计算机程序被处理器执行时还实现: 18. The computer-readable storage medium of claim 18, wherein the computer program, when executed by the processor, further implements:
    接收所述移动终端提供的加密秘钥串,所述加密秘钥串是通过BSAE64对AES秘钥加密得到的。An encryption key string provided by the mobile terminal is received, where the encryption key string is obtained by encrypting the AES key through BSAE64.
  20. 如权利要求19所述的计算机可读存储介质,其中,所述计算机程序被处理器执行时还实现: The computer-readable storage medium according to claim 19, wherein, when the computer program is executed by the processor, it further implements:
    所述目标加密报文是待发送报文经过RSA公钥和AES秘钥两轮加密得到的加密报文。The target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
PCT/CN2021/077390 2020-04-02 2021-02-23 Encryption and decryption operation-based data transmission methods and systems, and computer device WO2021196915A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010253249.9A CN111556025B (en) 2020-04-02 2020-04-02 Data transmission method, system and computer equipment based on encryption and decryption operations
CN202010253249.9 2020-04-02

Publications (1)

Publication Number Publication Date
WO2021196915A1 true WO2021196915A1 (en) 2021-10-07

Family

ID=72007325

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/077390 WO2021196915A1 (en) 2020-04-02 2021-02-23 Encryption and decryption operation-based data transmission methods and systems, and computer device

Country Status (2)

Country Link
CN (1) CN111556025B (en)
WO (1) WO2021196915A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992413A (en) * 2021-10-28 2022-01-28 中国银行股份有限公司 Message encryption and decryption method and device for hybrid application
CN114189394A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Data decryption method and device, electronic equipment and storage medium
CN114222005A (en) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 Request processing method, device, equipment, computer readable storage medium and product
CN114268449A (en) * 2021-11-02 2022-04-01 浙江零跑科技股份有限公司 Important CAN encryption method
CN114268467A (en) * 2021-12-03 2022-04-01 中国联合网络通信集团有限公司 Key updating processing method, device, system, equipment and storage medium
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN114520740A (en) * 2022-02-16 2022-05-20 慕思健康睡眠股份有限公司 Encryption method, device, equipment and storage medium
CN114567557A (en) * 2022-03-07 2022-05-31 上海数禾信息科技有限公司 Message processing method and device, computer equipment and storage medium
CN115023920A (en) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 Method and device for data processing in stock right incentive system
CN115296852A (en) * 2022-07-08 2022-11-04 珠海市小源科技有限公司 Data encryption and decryption method and device and data encryption and decryption system
CN115378743A (en) * 2022-10-25 2022-11-22 北京国电通网络技术有限公司 Information encryption transmission method, device, equipment and medium
CN115952518A (en) * 2022-12-27 2023-04-11 元心信息科技集团有限公司 Data request method and device, electronic equipment and storage medium
CN116318876A (en) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 Special security gateway system for information board information release and operation method thereof
CN116938603A (en) * 2023-09-15 2023-10-24 杭州安恒信息技术股份有限公司 Traffic transmission method, device, equipment and storage medium based on stealth gateway
WO2023216531A1 (en) * 2022-05-10 2023-11-16 中移(上海)信息通信科技有限公司 Communication authentication processing method and apparatus, device and computer readable storage medium

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556025B (en) * 2020-04-02 2023-06-02 深圳壹账通智能科技有限公司 Data transmission method, system and computer equipment based on encryption and decryption operations
CN112235261B (en) * 2020-09-26 2023-04-07 建信金融科技有限责任公司 Message encryption and decryption method and device, electronic equipment and readable storage medium
CN112235299A (en) * 2020-10-14 2021-01-15 杭州海康威视数字技术股份有限公司 Data encryption and decryption method, device, equipment, system and medium
CN114531235B (en) * 2022-03-01 2023-06-13 中国科学院软件研究所 Communication method and system for end-to-end encryption
CN115001762A (en) * 2022-05-20 2022-09-02 平安资产管理有限责任公司 Data security transmission method and system
CN115022000B (en) * 2022-05-27 2023-12-01 北京交大微联科技有限公司 Communication method and device of railway signal system and electronic equipment
CN115208626B (en) * 2022-06-02 2023-12-01 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612691A (en) * 2017-11-07 2018-01-19 世纪龙信息网络有限责任公司 Authentication information transmission method and device and user information authentication system
CN108347419A (en) * 2017-01-24 2018-07-31 腾讯科技(深圳)有限公司 Data transmission method and device
CN109936524A (en) * 2017-12-15 2019-06-25 深圳市伍壹卡科技有限公司 A kind of smart phone flow agent management system and method
US20190273613A1 (en) * 2018-03-05 2019-09-05 International Business Machines Corporation Distributed encryption keys for tokens in a cloud environment
CN111556025A (en) * 2020-04-02 2020-08-18 深圳壹账通智能科技有限公司 Data transmission method, system and computer equipment based on encryption and decryption operations

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429753A (en) * 2015-12-30 2016-03-23 宇龙计算机通信科技(深圳)有限公司 Voice data method for improving security of VoLTE communication, system and mobile terminal
CN107666383B (en) * 2016-07-29 2021-06-18 阿里巴巴集团控股有限公司 Message processing method and device based on HTTPS (hypertext transfer protocol secure protocol)
CN111585749B (en) * 2016-10-26 2023-04-07 创新先进技术有限公司 Data transmission method, device, system and equipment
CN106685969A (en) * 2016-12-29 2017-05-17 武汉华安科技股份有限公司 Hybrid-encrypted information transmission method and transmission system
CN109802825A (en) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 A kind of data encryption, the method for decryption, system and terminal device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347419A (en) * 2017-01-24 2018-07-31 腾讯科技(深圳)有限公司 Data transmission method and device
CN107612691A (en) * 2017-11-07 2018-01-19 世纪龙信息网络有限责任公司 Authentication information transmission method and device and user information authentication system
CN109936524A (en) * 2017-12-15 2019-06-25 深圳市伍壹卡科技有限公司 A kind of smart phone flow agent management system and method
US20190273613A1 (en) * 2018-03-05 2019-09-05 International Business Machines Corporation Distributed encryption keys for tokens in a cloud environment
CN111556025A (en) * 2020-04-02 2020-08-18 深圳壹账通智能科技有限公司 Data transmission method, system and computer equipment based on encryption and decryption operations

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992413A (en) * 2021-10-28 2022-01-28 中国银行股份有限公司 Message encryption and decryption method and device for hybrid application
CN114268449A (en) * 2021-11-02 2022-04-01 浙江零跑科技股份有限公司 Important CAN encryption method
CN114268449B (en) * 2021-11-02 2023-08-29 浙江零跑科技股份有限公司 Important CAN encryption method
CN115023920B (en) * 2021-11-05 2024-01-19 富途网络科技(深圳)有限公司 Method and device for data processing in a equity incentive system
CN115023920A (en) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 Method and device for data processing in stock right incentive system
CN114285593A (en) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN114285593B (en) * 2021-11-08 2024-03-29 深圳市联洲国际技术有限公司 Method, device, equipment and storage medium for constructing secure local area network protocol
CN114268467A (en) * 2021-12-03 2022-04-01 中国联合网络通信集团有限公司 Key updating processing method, device, system, equipment and storage medium
CN114268467B (en) * 2021-12-03 2023-09-05 中国联合网络通信集团有限公司 Key updating processing method, device, system, equipment and storage medium
CN114222005A (en) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 Request processing method, device, equipment, computer readable storage medium and product
CN114222005B (en) * 2021-12-14 2024-04-26 中国建设银行股份有限公司 Request processing method, apparatus, device, computer readable storage medium and product
CN114189394A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 Data decryption method and device, electronic equipment and storage medium
CN114520740A (en) * 2022-02-16 2022-05-20 慕思健康睡眠股份有限公司 Encryption method, device, equipment and storage medium
CN114567557A (en) * 2022-03-07 2022-05-31 上海数禾信息科技有限公司 Message processing method and device, computer equipment and storage medium
WO2023216531A1 (en) * 2022-05-10 2023-11-16 中移(上海)信息通信科技有限公司 Communication authentication processing method and apparatus, device and computer readable storage medium
CN115296852B (en) * 2022-07-08 2023-09-01 珠海市小源科技有限公司 Data encryption and decryption methods, devices and data encryption and decryption system
CN115296852A (en) * 2022-07-08 2022-11-04 珠海市小源科技有限公司 Data encryption and decryption method and device and data encryption and decryption system
CN115378743A (en) * 2022-10-25 2022-11-22 北京国电通网络技术有限公司 Information encryption transmission method, device, equipment and medium
CN115952518B (en) * 2022-12-27 2023-08-15 元心信息科技集团有限公司 Data request method, device, electronic equipment and storage medium
CN115952518A (en) * 2022-12-27 2023-04-11 元心信息科技集团有限公司 Data request method and device, electronic equipment and storage medium
CN116318876A (en) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 Special security gateway system for information board information release and operation method thereof
CN116318876B (en) * 2023-02-16 2023-09-12 江苏特视智能科技有限公司 Special security gateway system for information board information release
CN116938603B (en) * 2023-09-15 2023-12-05 杭州安恒信息技术股份有限公司 Traffic transmission method, device, equipment and storage medium based on stealth gateway
CN116938603A (en) * 2023-09-15 2023-10-24 杭州安恒信息技术股份有限公司 Traffic transmission method, device, equipment and storage medium based on stealth gateway

Also Published As

Publication number Publication date
CN111556025A (en) 2020-08-18
CN111556025B (en) 2023-06-02

Similar Documents

Publication Publication Date Title
WO2021196915A1 (en) Encryption and decryption operation-based data transmission methods and systems, and computer device
WO2019174187A1 (en) Blockchain-based method for message communication between multiple terminals, terminal and storage medium
US10693848B2 (en) Installation of a terminal in a secure system
US9137223B2 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
US9838870B2 (en) Apparatus and method for authenticating network devices
US8745394B1 (en) Methods and systems for secure electronic communication
CN107404472B (en) Method and apparatus for migration of encryption keys
EP3205048B1 (en) Generating a symmetric encryption key
CN106357690B (en) data transmission method, data sending device and data receiving device
US10356090B2 (en) Method and system for establishing a secure communication channel
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
US10511596B2 (en) Mutual authentication
WO2015161689A1 (en) Data processing method based on negotiation key
US10733309B2 (en) Security through authentication tokens
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN112866237A (en) Data communication method, device, equipment and storage medium
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN111294203A (en) Information transmission method
CN112689014A (en) Double-full-duplex communication method and device, computer equipment and storage medium
CN114142995B (en) Key security distribution method and device for block chain relay communication network
WO2022042198A1 (en) Identity authentication method and apparatus, computer device, and storage medium
WO2015158173A1 (en) Agreement key-based data processing method
US11170094B2 (en) System and method for securing a communication channel
CN111836260A (en) Authentication information processing method, terminal and network equipment
CN113381855B (en) Communication method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21779611

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/01/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21779611

Country of ref document: EP

Kind code of ref document: A1