CN106789060B - Data transmission method and device, data processing method and device, and data transmission system - Google Patents

Data transmission method and device, data processing method and device, and data transmission system Download PDF

Info

Publication number
CN106789060B
CN106789060B CN201611019447.9A CN201611019447A CN106789060B CN 106789060 B CN106789060 B CN 106789060B CN 201611019447 A CN201611019447 A CN 201611019447A CN 106789060 B CN106789060 B CN 106789060B
Authority
CN
China
Prior art keywords
key
digital certificate
rsa digital
client
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611019447.9A
Other languages
Chinese (zh)
Other versions
CN106789060A (en
Inventor
尹明君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHANJET INFORMATION TECHNOLOGY CO LTD
Original Assignee
CHANJET INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHANJET INFORMATION TECHNOLOGY CO LTD filed Critical CHANJET INFORMATION TECHNOLOGY CO LTD
Priority to CN201611019447.9A priority Critical patent/CN106789060B/en
Publication of CN106789060A publication Critical patent/CN106789060A/en
Application granted granted Critical
Publication of CN106789060B publication Critical patent/CN106789060B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention provides a data transmission method and device, a data processing method and device and a data transmission system. The data transmission method comprises the following steps: detecting whether a client has a first key and an RSA digital certificate corresponding to the first key; under the condition that a client side has a first secret key and an RSA digital certificate corresponding to the first secret key, acquiring data to be transmitted; generating a second key, and encrypting Data by using a 3DES (Triple Data Encryption Standard) method to serve as message main body information; encrypting a first secret key and a second secret key through a public key of an RSA digital certificate to serve as challenge code information; and sending the ID of the RSA digital certificate, the message body information and the challenge code information to the server so as to enable the server to process data. According to the technical scheme, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, so that confidentiality and integrity of a large amount of data with various types in the internet in the transmission process are achieved.

Description

Data transmission method and device, data processing method and device, and data transmission system
Technical Field
The invention relates to the technical field of data security, in particular to a data transmission method and device, a data processing method and device, and a data transmission system.
Background
The characteristics of the internet platform for receiving data are as follows: data access is interactive through a public network environment, and interactive data often needs to go through a plurality of intermediate links, so that great hidden dangers are faced while people enjoy convenience and quickness brought by the network, and the data security problem is more serious.
Therefore, how to provide a resource information security protection mechanism for an internet platform to solve the confidentiality and integrity of a large amount of and various types of data in the internet during transmission is a problem to be solved urgently at present.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art or the related art.
To this end, it is an object of the invention to propose a data transmission method.
Another object of the present invention is to provide a data processing method.
The invention also aims to provide a data transmission device, a data processing device and a data transmission system.
In view of this, the present invention provides a data transmission method for a client, where the data transmission method includes: detecting whether a client has a first key and an RSA digital certificate corresponding to the first key; under the condition that a client side has a first secret key and an RSA digital certificate corresponding to the first secret key, acquiring data to be transmitted; generating a second key, and encrypting Data by using a 3DES (Triple Data Encryption Standard) method to serve as message main body information; encrypting a first secret key and a second secret key through a public key of an RSA digital certificate to serve as challenge code information; and sending the ID of the RSA digital certificate, the message body information and the challenge code information to the server so as to enable the server to process data.
According to the data transmission method, on the premise that the client side is provided with the RSA digital certificate, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm, so that the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and confidentiality and integrity of a large amount of and various types of data in the internet in the transmission process are realized.
In addition, the data transmission method according to the present invention may further have the following additional technical features:
in the above technical solution, preferably, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the client sends the basic information of the client and the first key application request to the server; and receiving a first secret key and an RSA digital certificate corresponding to the first secret key sent by the server.
In the technical scheme, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate are obtained by sending basic information of the client and a first key application request to the server, so that the interactive client is identified, RSA authorization is performed on the client, dispersion of security risks is facilitated, and data are safer in a network transmission process.
In the above technical solution, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this regard, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above technical solution, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, the skilled person will understand that the basic information includes, but is not limited to, at least one or a combination of the following: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
The invention also provides a data processing method, which is used for a server and is matched with the data transmission method of any technical scheme for use, and the data processing method comprises the following steps: receiving ID, message body information and challenge code information of an RSA digital certificate sent by a client; judging whether the ID of the RSA digital certificate is legal or not; if the ID of the RSA digital certificate is legal, a private key corresponding to the RSA digital certificate is obtained, and the challenge code information is decrypted through the private key corresponding to the RSA digital certificate; judging whether the first key has the authorization of the RSA digital certificate; if the first key has the authorization of the RSA digital certificate, the message main body information is decrypted through the second key; and processing the decrypted information and sending a processing result to the client.
According to the data processing method, the ID legality of the RSA digital certificate is checked, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm under the condition that the RSA digital certificate is legal, whether the first secret key has the authorization of the RSA digital certificate or not is judged, so that the interactive client side is identified, the security risk is dispersed, the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and the confidentiality and the integrity of a large amount of and various types of data of the internet in the transmission process are realized.
In addition, the data processing method according to the present invention may further include the following additional features:
in the above technical solution, preferably, if the ID of the RSA digital certificate is illegal or the first key does not have the authority of the RSA digital certificate, an error prompt is sent to the client, and data processing is ended.
In the technical scheme, when the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate, the client performing data interaction with the server at present is not a legally authenticated client, if network data transmission is continued, a safety risk exists, at the moment, an error prompt is sent to the client and data processing is finished, so that data is effectively prevented from being stolen or tampered by a third party in the transmission process, and confidentiality and integrity of a large amount of and various types of data of the internet in the transmission process are achieved.
In the above technical solution, preferably, the basic information and the first key application request sent by the client are received; generating a first key and an RSA digital certificate corresponding to the first key according to the basic information; and sending the first key and the RSA digital certificate corresponding to the first key to the client.
In the technical scheme, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate corresponding to the first key are generated by receiving the basic information and the first key application request sent by the client, so that the interactive client is identified, the client is authorized by RSA, the security risk is favorably dispersed, and the data is safer in the network transmission process.
In the above technical solution, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this regard, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above technical solution, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, the skilled person will understand that the basic information includes, but is not limited to, at least one or a combination of the following: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
The invention also provides a data transmission device for a client, comprising: the detection module is used for detecting whether the client side has a first secret key and an RSA digital certificate corresponding to the first secret key; the acquisition module is used for acquiring data to be transmitted under the condition that the client side has a first secret key and an RSA digital certificate corresponding to the first secret key; the 3DES encryption module is used for generating a second key and encrypting data by a 3DES method to serve as message main body information; the RSA encryption module is used for encrypting a first secret key and a second secret key through a public key of an RSA digital certificate to serve as challenge code information; and the sending module is used for sending the ID of the RSA digital certificate, the message body information and the challenge code information to the server so as to enable the server to process data.
According to the data transmission device, on the premise that the client side is provided with the RSA digital certificate, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm, so that the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and confidentiality and integrity of a large amount of and various types of data in the internet in the transmission process are achieved.
In addition, the data transmission device according to the present invention may further have the following additional features:
in the above technical solution, preferably, the sending module is further configured to send the basic information of the client and the first key application request to the server when the client does not have the first key and the RSA digital certificate corresponding to the first key; and the receiving module is also used for receiving the first secret key sent by the server and the RSA digital certificate corresponding to the first secret key.
In the technical scheme, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate are obtained by sending basic information of the client and a first key application request to the server, so that the interactive client is identified, RSA authorization is performed on the client, dispersion of security risks is facilitated, and data are safer in a network transmission process.
In the above technical solution, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this regard, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above technical solution, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, the skilled person will understand that the basic information includes, but is not limited to, at least one or a combination of the following: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
The present invention also provides a data processing apparatus, for a server, for use with the data transmission apparatus of any of the above technical solutions, the data processing apparatus comprising: the receiving module is used for receiving the ID, the message body information and the challenge code information of the RSA digital certificate sent by the client; the judging module is used for judging whether the ID of the RSA digital certificate is legal or not; the acquisition module is used for acquiring a private key corresponding to the RSA digital certificate; the RSA decryption module is used for decrypting the challenge code information through a private key corresponding to the RSA digital certificate if the ID of the RSA digital certificate is legal; the judging module is also used for judging whether the first secret key has the authorization of the RSA digital certificate; the 3DES decryption module is used for decrypting the message main body information through the second secret key if the first secret key has the authorization of the RSA digital certificate; and the sending module is used for processing the decrypted information and sending a processing result to the client.
According to the data processing device, the ID legality of the RSA digital certificate is checked, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm under the condition that the RSA digital certificate is legal, whether the first secret key has the authorization of the RSA digital certificate or not is judged, so that the interactive client side is identified, the security risk is dispersed, the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and the confidentiality and the integrity of a large amount of and various types of data of the internet in the transmission process are realized.
In addition, the data processing apparatus according to the present invention may further include the following additional features:
in the above technical solution, preferably, the sending module is further configured to send an error prompt to the client and end information exchange if the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate.
In the technical scheme, when the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate, the client performing data interaction with the server at present is not a legally authenticated client, if network data transmission is continued, a safety risk exists, at the moment, an error prompt is sent to the client and data processing is finished, so that data is effectively prevented from being stolen or tampered by a third party in the transmission process, and confidentiality and integrity of a large amount of and various types of data of the internet in the transmission process are achieved.
In the above technical solution, preferably, the receiving module is further configured to receive basic information and a first key application request sent by the client; the generating module is used for generating a first key and an RSA digital certificate corresponding to the first key according to the basic information; and the sending module is used for sending the first key and the RSA digital certificate corresponding to the first key to the client.
In the technical scheme, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate corresponding to the first key are generated by receiving the basic information and the first key application request sent by the client, so that the interactive client is identified, the client is authorized by RSA, the security risk is favorably dispersed, and the data is safer in the network transmission process.
In the above technical solution, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this regard, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above technical solution, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, the skilled person will understand that the basic information includes, but is not limited to, at least one or a combination of the following: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
The invention also provides a data transmission system, which comprises the data transmission device and the data processing device in any technical scheme. The data transmission system is combined with a 3DES symmetric encryption algorithm through an RSA asymmetric encryption mode, transmitted data are safely processed, interactive clients are identified, and therefore the data transmission system is beneficial to dispersing security risks, enables the data to be safer in a network transmission process, effectively prevents the data from being stolen or tampered by a third party in the transmission process, and achieves confidentiality and integrity of a large amount of and various types of data in the internet in the transmission process.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 shows a schematic flow diagram of a data transmission method according to an embodiment of the invention;
FIG. 2 shows a flow diagram of a data transmission method according to yet another embodiment of the invention;
FIG. 3 shows a flow diagram of a data processing method according to an embodiment of the invention;
FIG. 4 shows a flow diagram of a data processing method according to yet another embodiment of the invention;
FIG. 5 shows a flow diagram of a data processing method according to yet another embodiment of the invention;
FIG. 6 is a flow diagram illustrating a data transmission and processing method for client-server interaction according to an embodiment of the present invention;
FIG. 7 is a flow diagram illustrating a data transmission and processing method for client-server interaction according to yet another embodiment of the invention;
FIG. 8 shows a schematic block diagram of a data transmission apparatus according to an embodiment of the present invention;
FIG. 9 shows a schematic block diagram of a data transmission apparatus according to an embodiment of the present invention;
FIG. 10 shows a schematic block diagram of a data transmission arrangement according to yet another embodiment of the present invention;
fig. 11 shows a schematic block diagram of a data transmission system according to an embodiment of the invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
As shown in fig. 1, a flow diagram of a data transmission method according to an embodiment of the present invention is shown:
102, detecting whether a client has a first key and an RSA digital certificate corresponding to the first key;
104, acquiring data to be transmitted under the condition that the client has a first key and an RSA digital certificate corresponding to the first key;
step 106, generating a second key, and encrypting data by using a 3DES method to serve as message main body information;
step 108, encrypting the first key and the second key by the public key of the RSA digital certificate as challenge code information;
and step 110, sending the ID of the RSA digital certificate, the message body information and the challenge code information to a server so that the server can process data.
In the embodiment, on the premise that the client has the RSA digital certificate, the transmitted data is safely processed by combining the RSA asymmetric encryption mode and the 3DES symmetric encryption algorithm, so that the data is safer in the network transmission process, and the data is effectively prevented from being stolen or tampered by a third party in the transmission process, thereby realizing confidentiality and integrity of a large amount of and various types of data of the internet in the transmission process.
As shown in fig. 2, a flow chart of a data transmission method according to still another embodiment of the present invention is schematically shown:
step 202, detecting whether the client has a first key and an RSA digital certificate corresponding to the first key;
step 204, acquiring data to be transmitted under the condition that the client has a first key and an RSA digital certificate corresponding to the first key;
step 206, generating a second key, and encrypting Data by using a 3DES (Triple Data Encryption Standard) method as message body information;
step 208, encrypting the first key and the second key by the public key of the RSA digital certificate as challenge code information;
step 210, sending the ID of the RSA digital certificate, the message body information, and the challenge code information to a server for the server to process data;
step 212, sending the basic information of the client and the first key application request to the server under the condition that the client does not have the first key and the RSA digital certificate corresponding to the first key;
step 214, receiving the first key and the RSA digital certificate corresponding to the first key sent by the server.
In this embodiment, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate are obtained by sending the basic information of the client and the first key application request to the server, so as to identify the interactive client and authorize the client by RSA, which is beneficial to dispersing security risks, thereby making data more secure in the network transmission process.
In the above embodiment, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this embodiment, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above embodiment, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, one skilled in the art should understand that the basic information includes, but is not limited to, at least one of the following or a combination thereof: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
As shown in fig. 3, a flow diagram of a data processing method according to an embodiment of the invention is as follows:
step 302, receiving an ID, message body information and challenge code information of an RSA digital certificate sent by a client;
step 304, judging whether the ID of the RSA digital certificate is legal or not;
step 306, if the ID of the RSA digital certificate is legal, obtaining a private key corresponding to the RSA digital certificate, and decrypting the challenge code information through the private key corresponding to the RSA digital certificate;
step 308, determining whether the first key has the authorization of the RSA digital certificate;
step 310, if the first key has the authorization of the RSA digital certificate, the message body information is decrypted through the second key;
step 312, process the decrypted information, and send the processing result to the client.
In the embodiment, the ID legitimacy of the RSA digital certificate is checked, and under the condition that the RSA digital certificate is legal, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm, whether the first secret key has the authorization of the RSA digital certificate is judged, so that the interactive client is identified, the security risk is favorably dispersed, the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and the confidentiality and the integrity of a large amount of and various types of data of the internet in the transmission process are realized.
As shown in fig. 4, a flow chart of a data processing method according to still another embodiment of the invention is schematically shown:
step 402, receiving ID, message body information and challenge code information of RSA digital certificate sent by a client;
step 404, judging whether the ID of the RSA digital certificate is legal;
step 406, if the ID of the RSA digital certificate is legal, obtaining a private key corresponding to the RSA digital certificate, and decrypting the challenge code information through the private key corresponding to the RSA digital certificate;
step 408, judging whether the first key has the authorization of the RSA digital certificate;
step 410, if the first key has the authorization of the RSA digital certificate, decrypting the message body information through the second key;
step 412, processing the decrypted information, and sending a processing result to the client;
and step 414, if the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate, sending an error prompt to the client, and ending the data processing.
In this embodiment, when the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate, it indicates that the client currently performing data interaction with the server is not a legally authenticated client, and if network data transmission is continued, there is a security risk, at this time, by sending an error prompt to the client and ending data processing, it is effectively avoided that data is stolen or tampered by a third party during transmission, thereby achieving confidentiality and integrity of a large amount of and various types of data of the internet during transmission.
As shown in fig. 5, a flow chart of a data processing method according to another embodiment of the invention is schematically shown:
step 502, receiving basic information and a first key application request sent by a client;
step 504, generating a first key and an RSA digital certificate corresponding to the first key according to the basic information;
step 506, the first key and the RSA digital certificate corresponding to the first key are sent to the client.
In this embodiment, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the RSA digital certificate corresponding to the first key and the first key is generated by receiving the basic information and the first key application request sent by the client, so as to identify the interactive client and perform RSA authorization on the client, which is beneficial to dispersing security risks, thereby making data safer in the network transmission process.
In the above embodiment, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this embodiment, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above embodiment, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, one skilled in the art should understand that the basic information includes, but is not limited to, at least one of the following or a combination thereof: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
As shown in fig. 6, a flow chart of a data transmission and processing method for client-server interaction according to an embodiment of the present invention is shown:
step 602, including step 6022, of sending the basic information of the client and an app-Key (interface Key) application request to the server; step 6024, receiving the app-key and the corresponding RSA digital certificate sent by the server;
step 604, including step 6042, receiving the basic information and the first key application request sent by the client; step 6044, generating app-key and RSA digital certificate corresponding to the app-key according to the basic information; step 6046, send the app-key and the RSA digital certificate corresponding to the app-key to the client.
In the embodiment, when the client does not have the app-key and the RSA digital certificate corresponding to the app-key, the client obtains the app-key and the RSA digital certificate by sending the basic information of the client and an app-key application request to the server; the server generates the app-key and the RSA digital certificate corresponding to the app-key by receiving the basic information and the app-key application request sent by the client, realizes identification of the interactive client, performs RSA authorization on the client, is beneficial to dispersing security risks, and enables data to be safer in a network transmission process. The method and the system realize the identification of the interactive client and the RSA authorization of the client, are beneficial to dispersing the security risk, and therefore, the data is safer in the network transmission process.
As shown in fig. 7, a flowchart of a data transmission and processing method for client-server interaction according to still another embodiment of the present invention is shown:
step 702, including step 7022, acquiring data to be transmitted when the client has an app-key and an RSA digital certificate corresponding to the app-key; step 7024, generating a session key, encrypting data by a 3DES method, as messageBody information; step 7026, encrypt app-key and session key with the public key of RSA digital certificate as challenge code information; step 7028, send the ID of the RSA digital certificate, the message body information, and the challenge code information to the server for the server to process the data; step 7030, receiving a processing result;
step 704, including step 7042, receiving ID, messageBody information, challingcode information of RSA digital certificate sent by client; step 7044, determine whether the ID of the RSA digital certificate is legal; if so, go to step 7046, otherwise go to step 7054; step 7046, if the ID of the RSA digital certificate is legal, obtaining a private key corresponding to the RSA digital certificate, and decrypting the challingcode information through the private key corresponding to the RSA digital certificate; step 7048, whether the app-key has authorization of an RSA digital certificate; if so, go to step 7050, otherwise go to step 7054; step 7050, if the app-key has the authorization of the RSA digital certificate, decrypting the message body information through the session key; and step 7052, processing the decrypted information, and sending a processing result to the client.
In the embodiment, on the premise that the client has the RSA digital certificate, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm; the server verifies the ID validity of the RSA digital certificate, performs security processing on the transmitted data under the condition that the RSA digital certificate is legal, and judges whether the first secret key has the authorization of the RSA digital certificate or not so as to identify the interactive client, thereby being beneficial to dispersing security risks, ensuring that the data is safer in the network transmission process, effectively avoiding the data from being stolen or falsified by a third party in the transmission process, and further realizing the confidentiality and the integrity of a large amount of and various types of data of the internet in the transmission process.
As shown in fig. 8, a schematic block diagram of a data transmission apparatus according to an embodiment of the present invention:
a detection module 802, configured to detect whether the client has a first key and an RSA digital certificate corresponding to the first key;
an obtaining module 804, configured to obtain data to be transmitted when the client has a first key and an RSA digital certificate corresponding to the first key;
a 3DES encryption module 806, configured to generate a second key, and encrypt data by using a 3DES method as message body information;
an RSA encryption module 808, configured to encrypt the first key and the second key as challenge code information through a public key of an RSA digital certificate;
the sending module 810 is configured to send the ID of the RSA digital certificate, the message body information, and the challenge code information to the server, so that the server processes data.
In the embodiment, on the premise that the client has the RSA digital certificate, the transmitted data is safely processed by combining the RSA asymmetric encryption mode and the 3DES symmetric encryption algorithm, so that the data is safer in the network transmission process, and the data is effectively prevented from being stolen or tampered by a third party in the transmission process, thereby realizing confidentiality and integrity of a large amount of and various types of data of the internet in the transmission process.
In the foregoing embodiment, preferably, the sending module is further configured to send the basic information of the client and the first key application request to the server when the client does not have the first key and the RSA digital certificate corresponding to the first key; and the receiving module is also used for receiving the first secret key sent by the server and the RSA digital certificate corresponding to the first secret key.
In this embodiment, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the first key and the RSA digital certificate are obtained by sending the basic information of the client and the first key application request to the server, so as to identify the interactive client and authorize the client by RSA, which is beneficial to dispersing security risks, thereby making data more secure in the network transmission process.
In the above embodiment, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this embodiment, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above embodiment, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, one skilled in the art should understand that the basic information includes, but is not limited to, at least one of the following or a combination thereof: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
As shown in fig. 9, a schematic block diagram of a data transmission apparatus according to an embodiment of the present invention:
a receiving module 902, configured to receive an ID of an RSA digital certificate, message body information, and challenge code information sent by a client;
a judging module 904, configured to judge whether the ID of the RSA digital certificate is legal;
an obtaining module 906, configured to obtain a private key corresponding to the RSA digital certificate;
the RSA decryption module 908 is configured to decrypt the challenge code information through a private key corresponding to the RSA digital certificate if the ID of the RSA digital certificate is legal;
the judging module 904 is further configured to judge whether the first key has authorization of an RSA digital certificate; the 3DES decryption module is used for decrypting the message main body information through the second secret key if the first secret key has the authorization of the RSA digital certificate;
and a sending module 910, configured to process the decrypted information, and send a processing result to the client.
In the embodiment, the ID legitimacy of the RSA digital certificate is checked, and under the condition that the RSA digital certificate is legal, the transmitted data is safely processed by combining an RSA asymmetric encryption mode and a 3DES symmetric encryption algorithm, whether the first secret key has the authorization of the RSA digital certificate is judged, so that the interactive client is identified, the security risk is favorably dispersed, the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and the confidentiality and the integrity of a large amount of and various types of data of the internet in the transmission process are realized.
In the above embodiment, preferably, the sending module is further configured to send an error prompt to the client and end the information exchange if the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate.
In this embodiment, when the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate, it indicates that the client currently performing data interaction with the server is not a legally authenticated client, and if network data transmission is continued, there is a security risk, at this time, by sending an error prompt to the client and ending data processing, it is effectively avoided that data is stolen or tampered by a third party during transmission, thereby achieving confidentiality and integrity of a large amount of and various types of data of the internet during transmission.
As shown in fig. 10, a schematic block diagram of a data transmission apparatus according to still another embodiment of the present invention:
a receiving module 1002, configured to receive an ID of an RSA digital certificate, message body information, and challenge code information sent by a client;
the judging module 1004 is used for judging whether the ID of the RSA digital certificate is legal or not;
an obtaining module 1006, configured to obtain a private key corresponding to an RSA digital certificate;
the RSA decryption module 1008 is used for decrypting the challenge code information through a private key corresponding to the RSA digital certificate if the ID of the RSA digital certificate is legal;
the judging module 1004 is further configured to judge whether the first key has authorization of an RSA digital certificate; the 3DES decryption module is used for decrypting the message main body information through the second secret key if the first secret key has the authorization of the RSA digital certificate;
a sending module 1010, configured to process the decrypted information, and send a processing result to the client;
the receiving module 1002 is further configured to receive basic information and a first key application request sent by a client;
a generating module 1012, configured to generate a first key and an RSA digital certificate corresponding to the first key according to the basic information;
the sending module 1010 is further configured to send the first key and the RSA digital certificate corresponding to the first key to the client.
In this embodiment, when the client does not have the first key and the RSA digital certificate corresponding to the first key, the RSA digital certificate corresponding to the first key and the first key is generated by receiving the basic information and the first key application request sent by the client, so as to identify the interactive client and perform RSA authorization on the client, which is beneficial to dispersing security risks, thereby making data safer in the network transmission process.
In the above embodiment, preferably, the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
In this embodiment, those skilled in the art will appreciate that the RSA digital certificate includes, but is not limited to, at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date. The authorization of the RSA of the client is realized through the information such as the certificate ID, the public key, the issuing mechanism, the owner, the validity period and the like, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
In the above embodiment, preferably, the basic information includes at least one of the following or a combination thereof: user code, company name, contact address.
In this embodiment, one skilled in the art should understand that the basic information includes, but is not limited to, at least one of the following or a combination thereof: user code, company name, contact address. By providing basic information used for identity authentication such as client user codes, company names and contact ways, the server is convenient to conduct RSA authorization for the client, so that the client can be conveniently identified in the data transmission process, the dispersed security risk is facilitated, and the data is safer in the network transmission process.
As shown in fig. 11, a schematic block diagram of a data transmission system according to one embodiment of the present invention: including the data transmission device 1102 and the data processing device 1104 of any of the above embodiments. The data transmission system 1100 combines the RSA asymmetric encryption mode and the 3DES symmetric encryption algorithm to safely process transmitted data, and realizes the identification of interactive clients, so that the security risk is dispersed, the data is safer in the network transmission process, the data is effectively prevented from being stolen or tampered by a third party in the transmission process, and the confidentiality and the integrity of a large amount of and various types of data in the internet in the transmission process are realized.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (11)

1. A data processing method for a server, the data processing method comprising:
receiving ID, message body information and challenge code information of an RSA digital certificate sent by a client;
judging whether the ID of the RSA digital certificate is legal or not;
if the ID of the RSA digital certificate is legal, a private key corresponding to the RSA digital certificate is obtained, and the challenge code information is decrypted through the private key corresponding to the RSA digital certificate;
judging whether the first key has the authorization of the RSA digital certificate;
if the first key has the authorization of the RSA digital certificate, decrypting the message body information through a second key;
processing the decrypted information and sending a processing result to the client;
under the condition that the client side has the first secret key and the RSA digital certificate corresponding to the first secret key, the client side obtains data to be transmitted, generates the second secret key, and encrypts the data through a 3DES method to serve as the message main body information; and
and encrypting the first secret key and the second secret key through a public key of the RSA digital certificate to serve as the challenge code information.
2. The data processing method of claim 1, for a server,
and if the ID of the RSA digital certificate is illegal or the first secret key does not have the authorization of the RSA digital certificate, sending an error prompt to the client, and finishing the data processing.
3. The data processing method of claim 2, for a server,
receiving basic information and the first key application request sent by the client;
generating the first key and an RSA digital certificate corresponding to the first key according to the basic information;
and sending the first key and the RSA digital certificate corresponding to the first key to the client.
4. The data processing method according to any one of claims 1 to 3, for a server,
the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
5. The data processing method of claim 3,
the basic information comprises at least one or a combination of the following: user code, company name, contact address.
6. A data processing apparatus for a server, the data processing apparatus comprising:
the receiving module is used for receiving the ID, the message body information and the challenge code information of the RSA digital certificate sent by the client;
the judging module is used for judging whether the ID of the RSA digital certificate is legal or not;
the acquisition module is used for acquiring a private key corresponding to the RSA digital certificate;
the RSA decryption module is used for decrypting the challenge code information through a private key corresponding to the RSA digital certificate if the ID of the RSA digital certificate is legal;
the judging module is also used for judging whether the first secret key has the authorization of the RSA digital certificate;
the 3DES decryption module is used for decrypting the message body information through a second key if the first key has the authorization of the RSA digital certificate;
the sending module is used for processing the decrypted information and sending the processing result to the client;
under the condition that the client side has the first secret key and the RSA digital certificate corresponding to the first secret key, the client side obtains data to be transmitted, generates the second secret key, and encrypts the data through a 3DES method to serve as the message main body information; and
and encrypting the first secret key and the second secret key through a public key of the RSA digital certificate to serve as the challenge code information.
7. The data processing apparatus of claim 6, for a server,
the sending module is further configured to send an error prompt to the client and end the information exchange if the ID of the RSA digital certificate is illegal or the first key does not have the authorization of the RSA digital certificate.
8. The data processing apparatus of claim 7, for a server,
the receiving module is further configured to receive the basic information and the first key application request sent by the client;
the generating module is used for generating the first secret key and an RSA digital certificate corresponding to the first secret key according to the basic information;
the sending module is used for sending the first key and the RSA digital certificate corresponding to the first key to the client.
9. The data processing apparatus of any of claims 6 to 8, for a server,
the RSA digital certificate includes at least one of the following or a combination thereof: ID. Public key, issuing authority, owner, expiration date.
10. The data processing apparatus of claim 8, for a server,
the basic information comprises at least one or a combination of the following: user code, company name, contact address.
11. A data transmission system comprising a data processing apparatus as claimed in any one of claims 6 to 10.
CN201611019447.9A 2016-11-18 2016-11-18 Data transmission method and device, data processing method and device, and data transmission system Active CN106789060B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611019447.9A CN106789060B (en) 2016-11-18 2016-11-18 Data transmission method and device, data processing method and device, and data transmission system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611019447.9A CN106789060B (en) 2016-11-18 2016-11-18 Data transmission method and device, data processing method and device, and data transmission system

Publications (2)

Publication Number Publication Date
CN106789060A CN106789060A (en) 2017-05-31
CN106789060B true CN106789060B (en) 2020-04-21

Family

ID=58969511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611019447.9A Active CN106789060B (en) 2016-11-18 2016-11-18 Data transmission method and device, data processing method and device, and data transmission system

Country Status (1)

Country Link
CN (1) CN106789060B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109559796B (en) * 2018-11-30 2020-12-08 苏州东巍网络科技有限公司 Intermittent training data acquisition request and authentication system and method
CN112100606B (en) * 2020-09-28 2021-12-17 武汉厚溥数字科技有限公司 Online education processing method based on cloud big data calculation and online education platform

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035135A (en) * 2007-04-27 2007-09-12 清华大学 Digital certificate system applicable to the no/weak local storage client system
CN101388771B (en) * 2007-09-10 2010-12-15 捷德(中国)信息科技有限公司 Method and system for downloading digital certificate
CN101216923A (en) * 2008-01-07 2008-07-09 中国工商银行股份有限公司 A system and method to enhance the data security of e-bank dealings
JP5452099B2 (en) * 2009-07-01 2014-03-26 株式会社日立製作所 Certificate validity checking method, certificate verification server, program, and storage medium
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
CN103684794B (en) * 2013-12-25 2017-08-25 华南理工大学 A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
US9231925B1 (en) * 2014-09-16 2016-01-05 Keypasco Ab Network authentication method for secure electronic transactions
CN105634737B (en) * 2014-10-31 2020-03-20 腾讯科技(深圳)有限公司 Data transmission method, terminal and system
CN105681263B (en) * 2014-11-20 2019-02-12 广东华大互联网股份有限公司 A kind of secrete key of smart card remote application method and application system
CN106067878A (en) * 2016-05-31 2016-11-02 国网山东省电力公司寿光市供电公司 A kind of network data encryption transmission method
CN106059747A (en) * 2016-08-09 2016-10-26 成都蓝海贝信息技术有限公司 Reusable public key certificate scheme based on public key infrastructure

Also Published As

Publication number Publication date
CN106789060A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
CN109410406B (en) Authorization method, device and system
CN112861089B (en) Authorization authentication method, resource server, resource user, equipment and medium
JP2005102163A (en) Equipment authentication system, server, method and program, terminal and storage medium
CN107733636B (en) Authentication method and authentication system
CN106549926B (en) method, device and system for authorizing account use permission
CN113204760B (en) Method and system for establishing secure channel for software cryptographic module
CN111031061A (en) Verification method and gateway equipment
US20090276622A1 (en) Secret authentication system
CN114553441B (en) Electronic contract signing method and system
CN106789060B (en) Data transmission method and device, data processing method and device, and data transmission system
CN113242238B (en) Secure communication method, device and system
JPH11353280A (en) Identity confirmation method and system by means of encipherment of secret data
JP2008234143A (en) Subject limited mail opening system using biometrics, method therefor, and program therefor
CN114338201B (en) Data processing method and device, electronic equipment and storage medium
CN115225286A (en) Application access authentication method and device
CN112769759B (en) Information processing method, information gateway, server and medium
JP6723422B1 (en) Authentication system
KR20150005789A (en) Method for Authenticating by using Certificate
JP2006126891A (en) Biological information registration method, information providing system using biological information, terminal and server
CN112702170A (en) Management method, management system, viewing method and viewing terminal for vehicle data
CN111193718A (en) Safe login method and system based on third party authorization
CN111181722A (en) Authentication method and system
CN111865956A (en) System, method, device and storage medium for preventing service hijacking
KR100559152B1 (en) Method and apparatus for maintaining the security of contents
CN113672898B (en) Service authorization method, authorization device, system, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant