CN107659397B - Sensitive information transmission method and system - Google Patents
Sensitive information transmission method and system Download PDFInfo
- Publication number
- CN107659397B CN107659397B CN201710691022.0A CN201710691022A CN107659397B CN 107659397 B CN107659397 B CN 107659397B CN 201710691022 A CN201710691022 A CN 201710691022A CN 107659397 B CN107659397 B CN 107659397B
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- module
- encryption
- field
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The present application relates to the field of sensitive information transmission technologies, and in particular, to a method and a system for transmitting sensitive information. The sensitive information transmission method comprises the following steps: the method comprises the steps that a client side carries out AES encryption on original sensitive information through an AES key to form a first encryption field; carrying out RSA encryption on the AES secret key through an RSA public key to form a second encryption field; transmitting the second encrypted field and the first encrypted field to a server; obtaining an RSA private key corresponding to the RSA public key through a server, and decrypting a second encrypted field through the RSA private key to obtain an AES key; and decrypting the first encrypted field by the AES key to obtain the original sensitive information. According to the method and the device, the client side encrypts the sensitive information for the first time by using the symmetric encryption technology AES algorithm, and then encrypts the key encrypted by the AES algorithm for the second time by using the asymmetric encryption technology RSA algorithm, so that the safety intensity of the ciphertext is enhanced, and the problem of plaintext transmission of the sensitive information in the data transmission process is solved.
Description
Technical Field
The present application relates to the field of sensitive information transmission technologies, and in particular, to a method and a system for transmitting sensitive information.
Background
A Payment Gateway (Payment Gateway) is a set of servers that connect the banking network to the Internet. The main function is to complete the communication and protocol conversion between the two, and to transmit and decrypt sensitive information, so as to protect the safety inside the bank.
At present, most sensitive information transmission modes adopt a plaintext mode, and are encrypted and transmitted through an HTTPs (Hyper text transfer Protocol over Secure Socket Layer, which is an HTTP channel aiming at security). However, the existing https encryption mode cannot completely solve the plaintext transmission problem of sensitive information in the data transmission process, and once important sensitive information is intercepted by a third party in some specific data transmission processes, adverse effects can be generated on a system and consumers. Therefore, it is necessary to provide a more secure encryption method to ensure the security of data transmission.
Disclosure of Invention
The present application provides a method and a system for transmitting sensitive information, which aim to solve at least one of the above technical problems in the prior art to a certain extent.
In order to solve the above problems, the present application provides the following technical solutions:
a sensitive information transmission method, comprising:
step a: carrying out AES encryption on the original sensitive information at the client through an AES key to form a first encryption field;
step b: carrying out RSA encryption on the AES secret key through an RSA public key to form a second encryption field;
step c: transmitting the second encrypted field and the first encrypted field to a server;
step d: obtaining an RSA private key corresponding to the RSA public key through a server, and decrypting a second encrypted field through the RSA private key to obtain an AES key;
step e: and decrypting the first encrypted field by the AES key to obtain the original sensitive information.
The technical scheme adopted by the embodiment of the application further comprises the following steps: in the step a, the AES encrypting the original sensitive information by the AES key specifically includes:
step a 1: collecting original sensitive information through a JS program, and storing the original sensitive information as a JSON object in a standard JSON format;
step a 2: generating a random number, and storing the random number in a JSON object;
step a 3: converting the JSON object into a JSON character string;
step a 4: and taking the random number as an AES key, and carrying out AES encryption on the JSON character string.
The technical scheme adopted by the embodiment of the application further comprises the following steps: in the step c, the transmitting the second encrypted field and the first encrypted field to the server specifically includes:
step c 1: splicing the program version number, the second encryption field and the first encryption field in sequence to generate encrypted content;
step c 2: creating a hidden field of a page form, and setting the value of the hidden field as encrypted content;
step c 3: and submitting the form and transmitting the encrypted content to a server.
The technical scheme adopted by the embodiment of the application further comprises the following steps: in step d, the obtaining, by the server, the RSA private key corresponding to the RSA public key, and the decrypting, by the RSA private key, the second encrypted field specifically includes:
step d 1: receiving encrypted content through a server, and verifying the legality of the encrypted content;
step d 2: judging whether the received encrypted content is empty, and if not, executing step d 3; if the received encrypted content is empty, performing step d 6;
step d 3: splitting the received encrypted content, judging whether the split data is three segments, and if the split data is three segments, executing step d 4; if the split data is not three, go to step d 6;
step d 4: judging whether the program version number is correct according to the first segment of split data, and if the program version number is correct, executing step d 5; if the program version number is incorrect, executing step d 6;
step d 5: acquiring an RSA private key corresponding to the RSA public key of the client, and decrypting the second segment of split data through the acquired RSA private key to acquire an AES key;
step d 6: and ending the decryption.
The technical scheme adopted by the embodiment of the application further comprises the following steps: in the step e, the decrypting the first encrypted field by using the AES key to obtain the original sensitive information specifically includes:
step e 1: judging whether the obtained AES key is empty, and if not, executing the step e 2; if the AES key is empty, go to step e 7;
step e 2: decrypting the third segment of split data by using the obtained AES key, judging whether the decrypted content of the third segment of split data is empty, and executing the step e3 if the decrypted content is not empty; if the decrypted content is empty, go to step e 6;
step e 3: acquiring a JSON character string, and installing the JSON character string back to a JSON object;
step e 4: judging whether the random number in the JSON object is consistent with the AES key acquired in the step d5, and if so, executing a step e 5; if not, go to step e 6;
step e 5: acquiring original sensitive information of a client, and setting the original sensitive information into a gateway program;
step e 6: and ending the decryption.
Another technical scheme adopted by the embodiment of the application is as follows: a sensitive information transmission system comprises a client and a server,
the client comprises:
a first encryption module: the device comprises a first encryption field, a second encryption field and a third encryption field, wherein the first encryption field is used for carrying out AES encryption on original sensitive information through an AES key;
a second encryption module: the encryption device is used for carrying out RSA encryption on the AES key through the RSA public key to form a second encryption field;
a data transmission module: for transmitting the second encrypted field and the first encrypted field to a server;
the server includes:
a first decryption module: the system comprises an RSA private key, an AES private key and a public RSA key, wherein the RSA private key is used for acquiring the RSA private key corresponding to the RSA public key, and the second encrypted field is decrypted through the RSA private key to acquire the AES key;
a second decryption module: for decrypting a first encrypted field by the AES key:
a data acquisition module: for obtaining the original sensitive information after the decryption is completed.
The technical scheme adopted by the embodiment of the application further comprises the following steps: the client further comprises:
an information collection module: the method comprises the steps of collecting original sensitive information through a JS program, and storing the original sensitive information as a JSON object in a standard JSON format;
a random number generation module: the device is used for generating a random number and storing the random number in a JSON object;
the data conversion module: the first encryption module is used for converting the JSON object into a JSON character string, and the random number is used as an AES key to carry out AES encryption on the JSON character string.
The technical scheme adopted by the embodiment of the application further comprises the following steps: the client further comprises:
a data splicing module: the second encryption field is used for sequentially splicing the program version number, the second encryption field and the first encryption field to generate encrypted content;
hidden field setting module: the data transmission module is used for creating a hidden field of the page form, setting the value of the hidden field as encrypted content, submitting the form and transmitting the encrypted content to the server.
The technical scheme adopted by the embodiment of the application further comprises the following steps: the server further comprises:
a data receiving module: the system comprises a receiver, a processor and a controller, wherein the receiver is used for receiving encrypted content and verifying the legality of the encrypted content;
a first judgment module: the data splitting module is used for judging whether the received encrypted content is empty or not, and splitting the encrypted content through the data splitting module if the received encrypted content is not empty; if the received encrypted content is empty, the decryption is finished;
a data splitting module: the version number verifying module is used for verifying whether the version number is correct or not; if the split data is not three sections, the decryption is finished;
and a version number verification module: the first decryption module is used for decrypting the encrypted content if the program version number is correct; and if the program version number is incorrect, the decryption is finished.
The technical scheme adopted by the embodiment of the application further comprises the following steps: the server further comprises:
a second judging module: the second decryption module is used for decrypting the third segment of split data through the obtained AES key and judging whether the decrypted content of the third segment of split data is empty or not if the obtained AES key is not empty, and acquiring a JSON character string and installing the JSON character string back to the JSON object if the decrypted content is not empty; if the decrypted content is empty, the decryption is finished;
AES key judges the module: the system comprises a data acquisition module, a gateway program and a data processing module, wherein the data acquisition module is used for acquiring the original sensitive information of a client and setting the original sensitive information into the gateway program; if not, the decryption is finished.
Compared with the prior art, the embodiment of the application has the advantages that: before data is transmitted, the sensitive information is firstly encrypted by a client side through an AES (advanced encryption standard) algorithm, then the key encrypted by the AES is encrypted for the second time through an RSA (rivest-Shamir-Adleman) algorithm, only the encrypted value is transmitted in the data transmission process, an https (hypertext transfer protocol) safety transmission mode is adopted, the safety of transmission content is guaranteed on the protocol, the safety strength of a ciphertext is enhanced, and the problem of sensitive information plaintext transmission in the data transmission process is solved.
Drawings
Fig. 1 is a flowchart of a sensitive information transmission method according to an embodiment of the present application;
fig. 2 is a flowchart of a client data transmission method according to an embodiment of the present application;
FIG. 3 is a flow chart of a server data decryption method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a sensitive information transmission system according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Before data transmission, the sensitive information transmission method and system in the embodiment of the application firstly encrypt the sensitive information by using a symmetric Encryption technology AES (Advanced Encryption Standard, a symmetric Encryption algorithm, Encryption and decryption only needs a same key) algorithm through a client, secondly encrypt a key encrypted by the AES through an asymmetric Encryption technology RSA (Rivest ShamirAdleman, an asymmetric Encryption algorithm, a pair of keys, public key Encryption and private key decryption) algorithm, and only transmit the encrypted value in the data transmission process, so that the security strength of a ciphertext is enhanced.
The invention is suitable for sensitive information transmission based on the Internet gateway, such as a protocol gateway, an application gateway, a security gateway and the like. In the following embodiments, the present application specifically describes only the sensitive information transmission of the payment gateway as an example.
Please refer to fig. 1, which is a flowchart illustrating a sensitive information transmission method according to an embodiment of the present application. The sensitive information transmission method of the embodiment of the application comprises the following steps:
step a: the method comprises the steps that a client side carries out AES encryption on original sensitive information through an AES key to form a first encryption field;
step b: carrying out RSA encryption on the AES key through the RSA public key to form a second encryption field;
step c: transmitting the second encrypted field and the first encrypted field to the server;
step d: obtaining an RSA private key corresponding to the RSA public key through a server, and decrypting a second encrypted field through the RSA private key to obtain an AES key;
step e: and decrypting the first encrypted field by the AES key to obtain the original sensitive information.
Specifically, please refer to fig. 2, which is a flowchart illustrating a method for transmitting sensitive information of a client according to an embodiment of the present application. The client sensitive information transmission method comprises the following steps:
step 100: configuring an RSA public key on a front-end page, and embedding a JS (JavaScript, a front-end scripting language capable of being executed in a browser) program for encryption in the front-end page;
in step 100, the RSA public key is provided by the server; through the embedded JS encryption program in the front-end page, the user first refers to the JS encryption program for encryption before initiating a transaction.
Step 101: collecting original sensitive information needing to be encrypted of a front-end page through a JS encryption program, and storing the collected original sensitive information as a JSON Object in a standard JSON (JavaScript Object Notation, a data transmission format corresponding to key values) format;
in step 101, for the sensitive information transmission of the payment gateway, the collected original sensitive information includes, but is not limited to, the card number valid year and month, the payment method, and other fields.
Step 102: generating a 16-bit random number, and storing the random number in a JSON object;
step 103: converting the JSON object into a JSON character string;
step 104: taking the generated random number as an AES key, and carrying out AES encryption on the JSON character string to form a first encrypted field encrypted 1;
step 105: carrying out RSA encryption on the AES key through the configured RSA public key to form a second encrypted field encrypted 2;
step 106: splicing the program version number, the second encryption field and the first encryption field in sequence to generate encrypted content to be transmitted;
in step 106, the encrypted content splicing format is: version + "$" + encrypted2+ "$" + encrypted1, where the program version number version is provided by the JS encryption program.
Step 107: creating a hidden field of a page form, and setting the value of the hidden field as encrypted content;
step 108: and submitting the form and transmitting the encrypted content to the server.
In step 108, for sensitive information transmission of the payment gateway, the server is a PG server.
Please refer to fig. 3, which is a flowchart illustrating a server data decryption method according to an embodiment of the present application. The server data decryption method in the embodiment of the application comprises the following steps:
step 200: receiving the encrypted content transmitted by the client through the PG server, and checking the legality of the encrypted content;
step 201: judging whether the received encrypted content is empty, if not, executing step 202; if the received encrypted content is empty, go to step 212;
step 202: splitting the received encrypted content according to the logic of the client during encryption by special accordance with "$", judging whether the split data is three segments, and if the split data is three segments, executing step 203; if the split data is not three segments, go to step 212;
step 203: judging whether the program version number version used by the client is correct or not according to the first segment of split data, and executing step 204 if the program version number version used by the client is correct; if the program version number version used by the client is incorrect, go to step 212;
in step 203, the first segment of split data is the program version number version in the client encrypted content.
Step 204: acquiring an RSA private key corresponding to the RSA public key of the client, and decrypting the second segment of split data through the acquired RSA private key to acquire an AES key;
in step 204, the second segment of split data is the encrypted second field encrypted2 in the encrypted content of the client.
Step 205: judging whether the obtained AES key is empty, if not, executing step 206; if the AES key is empty, indicating that decryption failed, go to step 212;
step 206: decrypting the third section of split data through the obtained AES key;
in step 206, the third piece of split data is the first encrypted field encrypted1 in the client encrypted content.
Step 207: judging whether the decrypted content of the third section of split data is empty, if not, executing the step 208; if the decrypted content is empty, indicating that the decryption failed, go to step 212;
step 208: acquiring a JSON character string, and installing the JSON character string back to a JSON object;
step 209: judging whether the random number (namely the AES key) in the JSON object is consistent with the AES key acquired in the step 204, if so, executing the step 210: if not, indicating that the decryption is failed, executing step 211;
step 210: after decryption is completed, acquiring all original sensitive information of the client before encryption, and setting the original sensitive information into a gateway program;
in step 210, the gateway program is the PG program.
Step 211: and ending the decryption.
Please refer to fig. 4, which is a schematic structural diagram of a sensitive information transmission system according to an embodiment of the present application. The sensitive information transmission system comprises the client and the server, wherein the client encrypts sensitive information for the first time by using an AES algorithm, then encrypts a key encrypted by the AES algorithm for the second time by using the RSA algorithm, and only transmits the encrypted value in the data transmission process, so that the security strength of a ciphertext is enhanced.
Specifically, the client comprises a page configuration module, an information collection module, a random number generation module, a data conversion module, a first encryption module, a second encryption module, a data splicing module, a hidden domain setting module and a data transmission module;
a page configuration module: the system comprises a front-end page and a front-end server, wherein the front-end page is used for configuring an RSA public key and embedding a JS program for encryption in the front-end page; wherein, RSA public key is provided by server; through the embedded JS encryption program in the front-end page, the user first refers to the JS encryption program for encryption before initiating a transaction.
An information collection module: the method comprises the steps of collecting original sensitive information needing to be encrypted of a front-end page through a JS encryption program, and storing the collected original sensitive information as a JSON object in a standard JSON format; the application takes the sensitive information transmission of the payment gateway as an example, and the collected original sensitive information includes, but is not limited to, card number validity year and month, payment mode and other fields.
A random number generation module: the system is used for generating a 16-bit random number and storing the random number in a JSON object;
the data conversion module: the JSON object is used for converting the JSON object into a JSON character string;
a first encryption module: the method is used for carrying out AES encryption on the JSON character string by taking a random number stored in the JSON object as an AES key to form a first encrypted field encrypted 1;
a second encryption module: the system comprises a page configuration module, an AES key and a second encrypted field encrypted2, wherein the page configuration module is used for carrying out RSA encryption on the AES key through an RSA public key configured by the page configuration module to form the second encrypted field encrypted 2;
a data splicing module: the device comprises a program version number, a second encryption field and a first encryption field, wherein the program version number, the second encryption field and the first encryption field are sequentially spliced to generate encrypted content to be transmitted; the splicing format of the encrypted content is as follows: version + "$" + encrypted2+ "$" + encrypted1, where the program version number version is provided by the JS encryption program.
Hidden field setting module: the method comprises the steps of creating a hidden field of a page form, and setting the value of the hidden field as encrypted content;
a data transmission module: for submitting the form, transmitting the encrypted content to the server.
The application takes sensitive information transmission of a payment gateway as an example, and the server is a PG server. Specifically, the PG server comprises a data receiving module, a first judging module, a data splitting module, a version number verifying module, a first decrypting module, a second judging module, a second decrypting module, an AES key judging module and a data obtaining module;
a data receiving module: the system comprises a client, a server and a server, wherein the client is used for receiving encrypted content transmitted by the client and checking the legality of the encrypted content;
a first judgment module: the data splitting module is used for judging whether the received encrypted content is empty or not, and splitting the encrypted content through the data splitting module if the received encrypted content is not empty; if the received encrypted content is empty, the decryption is finished;
a data splitting module: the version number verification module is used for splitting the received encrypted content according to the logic of the client during encryption and according to the special match "$", judging whether the split data is three sections or not, and verifying whether the version number is correct or not through the version number verification module if the split data is three sections; if the split data is not three sections, the decryption is finished;
and a version number verification module: the first decryption module is used for decrypting the encrypted content if the program version number version used by the client is correct; if the version of the program version number used by the client is incorrect, the decryption is finished; the first segment of split data is the program version number version in the client encrypted content.
A first decryption module: the system comprises a client, an RSA private key and an AES private key, wherein the RSA private key is used for acquiring the RSA private key corresponding to the RSA public key of the client, and decrypting the second section of split data through the acquired RSA private key to acquire the AES private key; the second segment of split data is the second encrypted field encrypted2 in the client encrypted content.
A second judging module: the second decryption module is used for decrypting the encrypted content for the second time if the obtained AES key is not empty; if the AES key is empty, the decryption is finished;
a second decryption module: the system is used for decrypting the third segment of split data through the obtained AES key, judging whether the decrypted content of the third segment of split data is empty or not, if the decrypted content is not empty, obtaining a JSON character string, and loading the JSON character string back to the JSON object; if the decrypted content is empty, the decryption is finished; the third segment of split data is the first encrypted field encrypted1 in the client encrypted content.
AES key judges the module: the system is used for judging whether the random number in the JSON object acquired by the second decryption module is consistent with the AES key acquired by the first decryption module, and if so, acquiring sensitive information before client encryption through the data acquisition module: if not, the decryption is finished;
a data acquisition module: the system comprises a gateway program and a client, wherein the gateway program is used for acquiring all original sensitive information of the client before encryption after decryption is finished and setting the original sensitive information into the gateway program; wherein, the gateway program is a PG program.
Before data is transmitted, the sensitive information is firstly encrypted by a client side through an AES (advanced encryption standard) algorithm, then the key encrypted by the AES is encrypted for the second time through an RSA (rivest-Shamir-Adleman) algorithm, only the encrypted value is transmitted in the data transmission process, an https (hypertext transfer protocol) safety transmission mode is adopted, the safety of transmission content is guaranteed on the protocol, the safety strength of a ciphertext is enhanced, and the problem of sensitive information plaintext transmission in the data transmission process is solved.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method for sensitive information transmission, comprising:
step a: carrying out AES encryption on the original sensitive information at the client through an AES key to form a first encryption field;
step b: carrying out RSA encryption on the AES secret key through an RSA public key to form a second encryption field;
step c: transmitting the second encrypted field and the first encrypted field to a server;
step d: obtaining an RSA private key corresponding to the RSA public key through a server, and decrypting a second encrypted field through the RSA private key to obtain an AES key;
step e: decrypting the first encrypted field through the AES key to obtain original sensitive information;
in the step a, the AES encrypting the original sensitive information by the AES key specifically includes:
step a 1: collecting original sensitive information through a JS program, and storing the original sensitive information as a JSON object in a standard JSON format;
step a 2: generating a random number, and storing the random number in a JSON object;
step a 3: converting the JSON object into a JSON character string;
step a 4: and taking the random number as an AES key, and carrying out AES encryption on the JSON character string.
2. The sensitive information transmission method according to claim 1, wherein in the step c, the transmitting the second encrypted field and the first encrypted field to the server specifically includes:
step c 1: splicing the program version number, the second encryption field and the first encryption field in sequence to generate encrypted content;
step c 2: creating a hidden field of a page form, and setting the value of the hidden field as encrypted content;
step c 3: and submitting the form and transmitting the encrypted content to a server.
3. The method according to claim 2, wherein in the step d, the obtaining, by the server, the RSA private key corresponding to the RSA public key, and the decrypting, by the RSA private key, the second encrypted field specifically includes:
step d 1: receiving encrypted content through a server, and verifying the legality of the encrypted content;
step d 2: judging whether the received encrypted content is empty, and if not, executing step d 3; if the received encrypted content is empty, performing step d 6;
step d 3: splitting the received encrypted content, judging whether the split data is three segments, and if the split data is three segments, executing step d 4; if the split data is not three, go to step d 6;
step d 4: judging whether the program version number is correct according to the first segment of split data, and if the program version number is correct, executing step d 5; if the program version number is incorrect, executing step d 6;
step d 5: acquiring an RSA private key corresponding to the RSA public key of the client, and decrypting the second segment of split data through the acquired RSA private key to acquire an AES key;
step d 6: and ending the decryption.
4. The sensitive information transmission method according to claim 3, wherein in the step e, the decrypting the first encrypted field by the AES key to obtain the original sensitive information specifically includes:
step e 1: judging whether the obtained AES key is empty, and if not, executing the step e 2; if the AES key is empty, go to step e 6;
step e 2: decrypting the third segment of split data by using the obtained AES key, judging whether the decrypted content of the third segment of split data is empty, and executing the step e3 if the decrypted content is not empty; if the decrypted content is empty, go to step e 6;
step e 3: acquiring a JSON character string, and installing the JSON character string back to a JSON object;
step e 4: judging whether the random number in the JSON object is consistent with the AES key acquired in the step d5, and if so, executing a step e 5; if not, go to step e 6;
step e 5: acquiring original sensitive information of a client, and setting the original sensitive information into a gateway program;
step e 6: and ending the decryption.
5. A sensitive information transmission system comprises a client and a server, and is characterized in that:
the client comprises:
a first encryption module: the device comprises a first encryption field, a second encryption field and a third encryption field, wherein the first encryption field is used for carrying out AES encryption on original sensitive information through an AES key;
a second encryption module: the encryption device is used for carrying out RSA encryption on the AES key through the RSA public key to form a second encryption field;
a data transmission module: for transmitting the second encrypted field and the first encrypted field to a server;
the server includes:
a first decryption module: the system comprises an RSA private key, an AES private key and a public RSA key, wherein the RSA private key is used for acquiring the RSA private key corresponding to the RSA public key, and the second encrypted field is decrypted through the RSA private key to acquire the AES key;
a second decryption module: for decrypting a first encrypted field by the AES key:
a data acquisition module: the system is used for acquiring original sensitive information after decryption is finished;
the client further comprises:
an information collection module: the method comprises the steps of collecting original sensitive information through a JS program, and storing the original sensitive information as a JSON object in a standard JSON format;
a random number generation module: the device is used for generating a random number and storing the random number in a JSON object;
the data conversion module: the first encryption module is used for converting the JSON object into a JSON character string, and the random number is used as an AES key to carry out AES encryption on the JSON character string.
6. The sensitive information transmission system of claim 5, wherein the client further comprises:
a data splicing module: the second encryption field is used for sequentially splicing the program version number, the second encryption field and the first encryption field to generate encrypted content;
hidden field setting module: the data transmission module is used for creating a hidden field of the page form, setting the value of the hidden field as encrypted content, submitting the form and transmitting the encrypted content to the server.
7. The sensitive information transmission system of claim 6, wherein the server further comprises:
a data receiving module: the system comprises a receiver, a processor and a controller, wherein the receiver is used for receiving encrypted content and verifying the legality of the encrypted content;
a first judgment module: the data splitting module is used for judging whether the received encrypted content is empty or not, and splitting the encrypted content through the data splitting module if the received encrypted content is not empty; if the received encrypted content is empty, the decryption is finished;
a data splitting module: the version number verifying module is used for verifying whether the version number is correct or not; if the split data is not three sections, the decryption is finished;
and a version number verification module: the first decryption module is used for decrypting the encrypted content if the program version number is correct; and if the program version number is incorrect, the decryption is finished.
8. The sensitive information transmission system of claim 7, wherein the server further comprises:
a second judging module: the second decryption module is used for decrypting the third segment of split data through the obtained AES key and judging whether the decrypted content of the third segment of split data is empty or not if the obtained AES key is not empty, and acquiring a JSON character string and installing the JSON character string back to the JSON object if the decrypted content is not empty; if the decrypted content is empty, the decryption is finished;
AES key judges the module: the system comprises a data acquisition module, a gateway program and a data processing module, wherein the data acquisition module is used for acquiring the original sensitive information of a client and setting the original sensitive information into the gateway program; if not, the decryption is finished.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691022.0A CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691022.0A CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107659397A CN107659397A (en) | 2018-02-02 |
| CN107659397B true CN107659397B (en) | 2020-09-25 |
Family
ID=61127844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710691022.0A Active CN107659397B (en) | 2017-08-11 | 2017-08-11 | Sensitive information transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107659397B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537314A (en) * | 2018-03-27 | 2018-09-14 | 中国工商银行股份有限公司 | Product marketing system and method based on Quick Response Code |
| CN108847930A (en) * | 2018-06-05 | 2018-11-20 | 深圳市中电数通智慧安全科技股份有限公司 | A kind of data transmission method, device and fire-fighting system |
| CN110753321A (en) * | 2018-07-24 | 2020-02-04 | 上汽通用五菱汽车股份有限公司 | Safe communication method for vehicle-mounted TBOX and cloud server |
| CN109005027B (en) * | 2018-08-16 | 2021-09-14 | 成都映潮科技股份有限公司 | Random data encryption and decryption method, device and system |
| CN109672523B (en) * | 2018-09-25 | 2023-02-14 | 平安科技(深圳)有限公司 | Information encryption method, device and equipment based on filter and readable storage medium |
| CN109493023B (en) * | 2018-10-17 | 2022-01-25 | 珠海横琴井通容智科技信息有限公司 | Mobile payment settlement method based on tamper-proof encryption algorithm |
| CN109450615A (en) * | 2018-11-16 | 2019-03-08 | 重庆邮电大学 | A kind of efficient OPC UA client and server data transfer encryption method |
| CN112332919B (en) * | 2019-01-25 | 2022-02-11 | 长沙天仪空间科技研究院有限公司 | Laser broadcast communication system |
| CN109981266B (en) * | 2019-03-14 | 2022-05-13 | 杭州当贝网络科技有限公司 | Method and device for storing and reading key and sensitive information |
| CN110198320B (en) * | 2019-06-03 | 2021-10-26 | 恒宝股份有限公司 | Encrypted information transmission method and system |
| EP4080471A4 (en) * | 2020-01-22 | 2022-12-21 | Huawei Technologies Co., Ltd. | Charging method and communication apparatus |
| CN113545022A (en) * | 2020-05-27 | 2021-10-22 | 深圳市大疆创新科技有限公司 | Data processing method, data encryption method, data decryption method, data encryption equipment, data decryption equipment and storage medium |
| CN112019541B (en) * | 2020-08-27 | 2022-10-04 | 平安国际智慧城市科技股份有限公司 | Data transmission method and device, computer equipment and storage medium |
| CN112887311A (en) * | 2021-01-26 | 2021-06-01 | 北京高因科技有限公司 | Safety encryption method and device based on data transmission process |
| CN114338239B (en) * | 2022-03-03 | 2023-09-01 | 福建天晴数码有限公司 | Method and system for data encryption transmission |
| CN116933297B (en) * | 2023-09-18 | 2023-11-17 | 深圳迅策科技有限公司 | Financial sensitive risk data security protection method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753292A (en) * | 2008-12-15 | 2010-06-23 | 汤姆森许可贸易公司 | Methods and devices for a chained encryption mode |
| CN105162599A (en) * | 2015-08-12 | 2015-12-16 | 上海众人网络安全技术有限公司 | Data transmission system and data transmission method |
| CN106325202A (en) * | 2016-09-29 | 2017-01-11 | 深圳市合信自动化技术有限公司 | Subroutine encrypting method, verifying method and corresponding PLC programming system |
| CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1993255B1 (en) * | 2007-05-18 | 2009-04-15 | Sap Ag | Method and system for protecting a message from an XML attack when being exchanged in a distributed and decentralized network system |
-
2017
- 2017-08-11 CN CN201710691022.0A patent/CN107659397B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753292A (en) * | 2008-12-15 | 2010-06-23 | 汤姆森许可贸易公司 | Methods and devices for a chained encryption mode |
| CN105162599A (en) * | 2015-08-12 | 2015-12-16 | 上海众人网络安全技术有限公司 | Data transmission system and data transmission method |
| CN106325202A (en) * | 2016-09-29 | 2017-01-11 | 深圳市合信自动化技术有限公司 | Subroutine encrypting method, verifying method and corresponding PLC programming system |
| CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107659397A (en) | 2018-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107659397B (en) | Sensitive information transmission method and system | |
| US11855983B1 (en) | Biometric electronic signature authenticated key exchange token | |
| US10237064B2 (en) | Using everyday objects as cryptographic keys | |
| EP3318043B1 (en) | Mutual authentication of confidential communication | |
| US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
| US10951595B2 (en) | Method, system and apparatus for storing website private key plaintext | |
| CN107248075B (en) | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment | |
| US20150089241A1 (en) | Image Sensor and Payment Authentication Method | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| TW201540040A (en) | Service Authorization using Auxiliary Device | |
| CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
| KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
| CN104038486A (en) | System and method for realizing user login identification based on identification type codes | |
| CN102694780A (en) | Digital signature authentication method, payment method containing the same and payment system | |
| CN104394172A (en) | Single sign-on device and method | |
| EP2758922A2 (en) | Securing transactions against cyberattacks | |
| CN110336832B (en) | Information encryption and decryption methods, devices and terminals | |
| CN110149354A (en) | A kind of encryption and authentication method and device based on https agreement | |
| US11405387B1 (en) | Biometric electronic signature authenticated key exchange token | |
| KR101746102B1 (en) | User authentication method for integrity and security enhancement | |
| KR101348079B1 (en) | System for digital signing using portable terminal | |
| WO2017107733A1 (en) | Off-line payment method, terminal device, background payment apparatus and off-line payment system | |
| CN113079002B (en) | Data encryption method, data decryption method, key management method, medium, and device | |
| CN109981667B (en) | User data transmission method and device | |
| CN113822664B (en) | Method, device, system, terminal, server and medium for opening offline payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |