CN108366054A - A kind of data distribution, retransmission method and device - Google Patents
A kind of data distribution, retransmission method and device Download PDFInfo
- Publication number
- CN108366054A CN108366054A CN201810095513.3A CN201810095513A CN108366054A CN 108366054 A CN108366054 A CN 108366054A CN 201810095513 A CN201810095513 A CN 201810095513A CN 108366054 A CN108366054 A CN 108366054A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- ciphertext
- recipient
- check number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data distributing methods, including:It is encrypted using at least one key during encrypted to data, obtains data ciphertext;By the first key and the common first recipient's public key encryption of the first check number at least one key, the first ciphertext of first key is obtained;Distribute to server-side transmission data and ask, includes at least the first recipient mark, the first ciphertext of first recipient's public key, the first check number and first key in the data distribution request, wherein the first ciphertext of first key is for verifying the first recipient;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.The invention also discloses corresponding data forwarding method and data distribution/retransmission units.Data distribution through the invention/forwarding scheme can effectively improve safety of the data in transmission process while improving user's convenience operationally when forwarding data.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of data distribution, retransmission method and device.
Background technology
In internet, high development is current, and more and more data contents need to send by network.If by data
Transmission is easy to be intercepted and captured by hacker content in a network in plain text, can when data are sent or are forwarded in order to improve the safety of data
To use Digital Envelope Technology.
Digital Envelope Technology uses two layers of encryption system, digital envelope to include the content being encrypted and be used for content-encrypt
Content key (CEK) ciphertext.Sender is generally close to be encrypted to obtain content to content key using recipient's public key
Key ciphertext, but content key can also be encrypted using the symmetric key that sender and recipient negotiate in advance.When connecing
It when debit receives digital envelope, needs first to decrypt to obtain content key with the ciphertext of key pair content key, then with content key pair
Content ciphertext decrypts to obtain content original text.Digital Envelope Technology combines that asymmetric key algorithm is safe and symmetric key is calculated
The fireballing advantage of method, it can be ensured that confidentiality of the data in transmission process can simultaneously prevent data to be tampered.
Currently, the data forwarding technology based on digital envelope improve Information Security and forwarding convenience in terms of there is also
Room for improvement.
Invention content
In view of this, the embodiment of the present invention proposes a kind of safety based on improved Digital Envelope Technology and convenience
Higher data distribution, forwarding scheme.
For this purpose, an embodiment of the present invention provides a kind of data distributing method, it is applied to sender's client, the method packet
It includes:It is encrypted using at least one key during encrypted to data, obtains data ciphertext;It will be described at least one close
First key in key and the common first recipient's public key encryption of the first check number, obtain the first ciphertext of first key;To clothes
End transmission data of being engaged in distribution request, included at least in data distribution request the first recipient mark, first recipient's public key,
The first ciphertext of first check number and first key, wherein the first ciphertext of the first key is for testing the first recipient
Card;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.
Preferably, by the first key and the common first recipient's public key encryption of the first check number, first is obtained
The first ciphertext of key, including:The first check number and the first key are merged into the first verification number based on predetermined merging rule
According to being used in combination the first recipient public key to encrypt to obtain the first ciphertext of the first key to first verification data.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes:First verification data is split as multiple portions and difference
It is inserted correspondingly into multiple pre-positions of the first key.
Preferably, further including the second key at least one key, the method further includes:It is close by described second
Key and the common first recipient's public key encryption of the first check number, obtain second the first ciphertext of key, wherein the data distribution
It further include first ciphertext of the second key in request.
Preferably, by second key and the common first recipient's public key encryption of the first check number, second is obtained
The first ciphertext of key, including:The first check number and second key are merged into the second verification number based on predetermined merging rule
According to being used in combination the second verify data of the first recipient public key pair to encrypt to obtain first ciphertext of the second key.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes:First verification data is split as multiple portions and difference
It is inserted correspondingly into multiple pre-positions of second key.
Preferably, second key is used for close from the first data by being generated to data encryption with first key
The first subdata extracted in text, which is encrypted, generates first the first ciphertext of subdata, further includes the in data distribution request
One the first ciphertext of subdata, the data ciphertext for being sent to the first recipient are by replacing the first data ciphertext with the second subdata
The second data ciphertext that Central Plains the first subdata position generates.
Preferably, the first key and the second key are for respectively carrying out the first part of data and second part
Encryption obtains the first data ciphertext and the second data ciphertext, and the data ciphertext for being sent to the first recipient includes the first data ciphertext
With the second data ciphertext.
Preferably, second key is used for the first data ciphertext by being generated to data encryption with first key
It is encrypted and generates the second data ciphertext, the data ciphertext for being sent to the first recipient is the second data ciphertext.
Preferably, the method further includes:Include the first record identification and the first recipient mark to server-side transmission
Data distribution revocation request, so as to server-side by the first recipient identify and with the first recipient mark associated storage letter
Breath is deleted.
The embodiment of the present invention additionally provides a kind of data delivery device, including processor, and the processor operation is scheduled
Computer instruction is to execute the data distributing method applied to sender's client of any of the above-described embodiment.
The embodiment of the present invention additionally provides a kind of data forwarding method, is applied to server-side, the method includes:From transmission
Side is received including at least the first recipient mark, first recipient's public key, the first check number and first key the first ciphertext
When data distribution is asked, the first record identification is returned to sender, wherein the first ciphertext of first key is by will carry out data
First key at least one key used during encrypted is added with first recipient's public key jointly with the first check number
It is close to obtain;It is recorded at least first by the first record identification and at least first key associated storage, and by the first recipient mark
Mark, the first ciphertext of first key, first recipient's public key and the first check number associated storage;From the first recipient receive including
First recipient identify and the first record identification data receiver request when, with the first recipient of the first ciphertext pair of first key into
Row first is verified, and such as the first recipient will be sent to the by the first verification after first recipient's public key encryption of first key
One recipient.
Preferably, with first key the first recipient of the first ciphertext pair carry out first verification include:By first key
One ciphertext is sent to the first recipient, is split out from the first verification data that the first recipient returns based on predetermined merging rule
Second check number and third key data, by the second check number and third key data respectively with the first check number of storage and institute
First key is stated to be compared.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes:First check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in the first key with answering.
Preferably, the data distribution request further includes second the first ciphertext of key, second the first ciphertext of key passes through
Second key is obtained with first recipient's public key encryption jointly with the first check number, the method further includes:First is received
Also with second key the first ciphertext associated storage, the first record identification is also stored with the second cipher key associated for side's mark;From first
It is also close with the second key first when recipient receives the data receiver request including the first recipient mark and the first record identification
The first recipient of text pair carries out the second verification, will be corresponding to the data of the second verification when the first recipient verifies by second
It is sent to the first recipient.
Preferably, with second key the first recipient of the first ciphertext pair carry out second verification include:By the second key
One ciphertext is sent to the first recipient, is split out from the second verify data that the first recipient returns based on predetermined merging rule
Second check number and the 4th key data, by the second check number and the 4th key data respectively with the first check number of storage and institute
The second key is stated to be compared.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes:First check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in second key with answering.
Preferably, further include first the first ciphertext of subdata in data distribution request, first subdata the
One ciphertext by extracted from the first data ciphertext by being generated to data encryption with first key with the second key pair
Generation is encrypted in one subdata, and the method further includes:By first record identification also with first the first ciphertext of subdata
Associated storage;When the first recipient verifies by second, the is obtained using second secret key decryption the first ciphertext of the first subdata
One subdata, and it is sent to first after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Recipient.
Preferably, the method further includes:When the first recipient verifies by second, the second key is connect with first
The first recipient is sent to after debit's public key encryption.
Preferably, the method further includes:Receive the data including the first record identification and the first recipient mark
When distribution revocation request, the first recipient is identified to and is identified with the first recipient the information deletion of associated storage.
The embodiment of the present invention additionally provides a kind of data forwarding device, including processor, and the processor operation is scheduled
Computer instruction is to execute the data forwarding method applied to server-side of any of the above-described embodiment.
The embodiment of the present invention additionally provides a kind of data forwarding method, is applied to recipient's client, the method includes:
Include the first recipient mark and first to server-side transmission when receiving data ciphertext and the first record identification from data sender
The data receiver of record identification is asked;The first key for carrying out the first verification to the first recipient is received from server-side
When one ciphertext, the first ciphertext of first key is decrypted using first recipient's private key, and obtain first is decrypted
As a result it is sent to server-side, such as first is verified, first key is obtained from server-side, and data ciphertext is being decrypted
First key is used in the process, wherein the first ciphertext of first key passes through first key and the first check number is common with first
Recipient's public key encryption generates.
Preferably, the first ciphertext of first key specifically by based on predetermined merging rule by the first check number with it is described
First key merges into first verification data, and the first recipient public key is used in combination to encrypt to obtain to first verification data.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes:First check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in the first key with answering.
Preferably, the method further includes:It is received from server-side for carrying out the second verification to the first recipient
When second the first ciphertext of key, it is decrypted using first recipient's private key pair the first ciphertext of the second key, and will obtain
The second decrypted result be sent to server-side;Be verified such as second, from server-side obtain the data corresponding to the second verification with
It is used during data ciphertext is decrypted.
Preferably, second the first ciphertext of key is specifically by regular by the first check number and second based on predetermined merging
Key merges into the second verify data, and the second verify data of the first recipient public key pair is used in combination to encrypt to obtain.
Preferably, the predetermined merging rule includes:It is inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes:First check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in second key with answering.
Preferably, the method further includes:If second is verified, it is close to obtain the first subdata second from server-side
Text, second ciphertext of the first subdata are generated by server-side using first the first subdata of recipient's public key encryption, and described the
One subdata is obtained by server-side using second secret key decryption the first ciphertext of the first subdata, first ciphertext of the first subdata
By data sender by being extracted from the first data ciphertext obtained to data encryption through first key with the second key pair
First subdata encrypts to obtain, and the data ciphertext received from data sender with the second subdata by replacing the first data ciphertext
The position of the first subdata of Central Plains and generate.
Preferably, the method further includes:Be verified such as second, the second key obtained from server-side, and to from
The data ciphertext that data sender receives uses the second key during being decrypted.
The embodiment of the present invention additionally provides a kind of data forwarding device, including processor, and the processor operation is scheduled
Computer instruction is to execute the data forwarding method applied to recipient's client of any of the above-described embodiment.
Data distribution through the embodiment of the present invention/forwarding scheme can operated improving user when forwarding data
On convenience while, effectively improve safety of the data in transmission process.
Description of the drawings
Fig. 1 is the schematic flow chart of one embodiment of the data distributing method of the present invention;
Fig. 2 is the schematic flow chart of another embodiment of the data distributing method of the present invention;
Fig. 3 is the schematic flow chart of one embodiment of the data forwarding method of the present invention;
Fig. 4 is the schematic flow chart of another embodiment of the data forwarding method of the present invention;
Fig. 5 is the schematic flow chart of the further embodiment of the data forwarding method of the present invention;
Fig. 6 is the schematic flow chart of one embodiment of the data forwarding method of the present invention;
Fig. 7 is the schematic flow chart of another embodiment of the data forwarding method of the present invention;
Fig. 8 is the schematic flow chart of the further embodiment of the data forwarding method of the present invention.
Specific implementation mode
The each embodiment of the present invention is described in detail with reference to the accompanying drawings.
Fig. 1 is the schematic flow chart of one embodiment of the data distributing method of the present invention, the number of the embodiment of the present invention
It is applied to sender's client according to distribution method.
As shown in Figure 1, the data distributing method of the embodiment of the present invention includes:
S310, it is encrypted in the process using at least one key to data are encrypted, obtains data ciphertext;
S311, by the common first recipient's public key encryption of first key and the first check number at least one key,
Obtain the first ciphertext of first key;
S312, distribute to server-side transmission data and ask, the first recipient mark, the are included at least in data distribution request
The first ciphertext of one recipient's public key, the first check number and first key, the first ciphertext of first key be used for the first recipient into
Row verification;
S313, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to
First recipient.
In embodiments of the present invention, sender has used when treating transmission data and being encrypted including first key
At least one key, first key can be that sender is the random number that the first recipient generates, can also be sender by
Self-defined mode is any character string that the first recipient generates.
The embodiment of the present invention for example can be to the cipher mode of data:It is direct that transmission data encryption is treated with first key
Generate data ciphertext;First with after the data encryption to be sent of other key pairs again with first key encrypt generate data ciphertext;First use
First key encrypts generation data ciphertext with other keys again after treating transmission data encryption;With first key and other key pairs
The different piece of data to be sent is encrypted etc..Here other keys for example can be the public key of the first recipient, or
The symmetric key that person sender negotiates in advance with the first recipient.
It is similar with preceding sections embodiment, it is also generated for server-side for being connect to first by sender in the embodiment of the present invention
The verify data ciphertext that debit is verified, specially with first recipient's public key to merging first key with the first check number
Obtained first verification data is encrypted to obtain the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client
In the state of end first key is generated in server-side.When first key generates in sender's client, sender is also with hair
The key pair first key encryption that the side of sending negotiates with server-side generates the second ciphertext of first key and asks to send with data distribution
To server-side, when server-side carries out authentication using first key the first recipient of the first ciphertext pair, arranging key can be used
The second ciphertext of first key is decrypted to obtain first key to examine the verify data that the first recipient returns whether correct.When
When one key is generated by sender in the state of login service end, first key is preserved by server-side, sender and clothes is used in combination
It is sent to sender's client, the corresponding arranging key of sender's client after the key pair first key encryption that business end is negotiated
It decrypts to obtain first key to it, and uses first key and right in the data encryption to being sent to the first recipient
First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request
It is stored after the information such as knowledge, the first ciphertext of first recipient's public key, the first check number and first key and data, and accordingly
The first record identification is created, the first record identification is then returned into sender's client.Sender's client is from server-side
After receiving the first record identification, corresponding data ciphertext and the first record identification are sent to the first recipient.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit identifies to server-side and asks first key, and server-side is sent to the when receiving request, by the first ciphertext of first key
One recipient, and examine and whether come to first comprising first key and the first check number in the verify data of the first recipient return
Recipient verifies.When the first recipient passes through verification, server-side will be after first recipient's public key encryption of first key
It is sent to the first recipient, the first recipient can use first key during being decrypted to data ciphertext as a result,.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold the management in verification and calculated load.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data return server-side way in intercepted and captured by others' if can not obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be advance when first key and the first check number are merged into first verification data
Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and it includes first that the merging rule, which is not,
Known to any recipient including recipient.In embodiments of the present invention, only sender and server-side understand merging rule, clothes
Business end can be based on the conjunction when receiving the verify data obtained after being decrypted to the first ciphertext of first key from the first recipient
And rule and determine whether the verify data is first verification data according to first key and the first check number, to confirm first
The identity of recipient.Through the embodiment of the present invention, it when the verify data for returning to the first recipient is verified, needs to check
Whether the various pieces in the verify data meet scheduled merging rule, further improve the safety of data.
In an embodiment of the invention, make a reservation for merge rule be at least one pre-position of first key
It is inserted into the first check number.For example, the first check number is inserted into the front, middle part and rear portion in first key respectively, in the embodiment
Under, to improve Information Security, the first check number can have less digit, such as include one-bit digital or two digits.
In an alternative embodiment of the invention, make a reservation for merge rule be that the first verification data is split as multiple portions simultaneously
Respectively correspondingly it is inserted into multiple pre-positions of first key.For example, the first check number of 20 bit lengths is sequentially split
At respectively 2,5,3,4,65 character strings, and 5 positions are arbitrarily determined in first key, by this 5
Character string is inserted respectively.In this embodiment, it is difficult to crack out first key from first verification data, has very high
Information Security.
Fig. 2 is the schematic flow chart of another embodiment of the data distributing method of the present invention.
As shown in Fig. 2, the data distributing method of the embodiment of the present invention includes:
S320, it is encrypted in the process using at least one key to data are encrypted, obtains data ciphertext, this is at least
One key includes first key and the second key;
S321, by first key and the first check number, common with first recipient's public key encryption to obtain first key first close
Second key and the common first recipient's public key encryption of the first check number are obtained second the first ciphertext of key by text;
S322, distribute to server-side transmission data and ask, the first recipient mark, the are included at least in data distribution request
One recipient's public key, the first check number, the first ciphertext of first key and second the first ciphertext of key;
S323, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to
First recipient.
In embodiments of the present invention, sender has used when the data for being sent to the first recipient are encrypted
One key and the second key, and the sender in data distribution request is used to carry out the first recipient for what server-side generated
The verify data ciphertext of verification includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close
Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number,
Second the first ciphertext of key verifies number with first recipient's public key to merge the second key with the first check number first
According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender
Client logs on to is generated and returned to client in the state of server-side in server-side, and server-side holds the second key.
Generate the first check number used when the first ciphertext of first key and the first verification used when generating second the first ciphertext of key
Number can be identical or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit, which identifies to server-side, asks first key and the second key, server-side when receiving request, first key first is close
Text and second the first ciphertext of key are sent to the first recipient and carry out the first verification and the second verification, and the first recipient is examined to return
The first verification data returned and first key and the first check number, the second key and the whether are separately included in the second verify data
One check number verifies the first recipient.When the first recipient is verified by two, server-side by first key and
It is sent to the first recipient after second key, first recipient's public key encryption, the first recipient can be to data ciphertext as a result,
First key and the second key are used during decryption.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or with the relevant data of the second key, server-side is directed to that first key and the second key are independent to be received to first respectively
Fang Jinhang authentications further improve the safety of data ciphertext and key.
Sender can negotiate the second key and the first check number merging into the second verify data in advance with server-side
Merge rule.It is scheduled merge rule can be the second key at least one pre-position insertion the first check number, or
First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions of the second key by person.
When sender has used first key and second close when the data for being sent to the first recipient are encrypted
When key, encrypted mode can there are many.
In an embodiment of the invention, it first is encrypted to obtain to sent data clear text using first key
Then first data ciphertext extracts the first subdata from the predetermined portions in the first data ciphertext, the is replaced with the second subdata
The position of one the first subdata of data ciphertext Central Plains generates the second data ciphertext, is used in combination the second key to encrypt the first subdata and obtains
To first the first ciphertext of subdata.In embodiments of the present invention, sender also needs close to the first subdata first of server-side transmission
Text, and the second data ciphertext and the first record identification are sent to the first recipient.
In another embodiment, sender is when being encrypted data, first by clear data to be sent
The first data and the second data are split as, are encrypted to obtain the first data ciphertext using the first data of first key pair, are used
Second the second data of key pair are encrypted to obtain the second data ciphertext, and by the first data ciphertext and the second data ciphertext and the
One record identification is sent to the first recipient together.
In further embodiment of the present invention, sender first uses first key to pending when data are encrypted
It send data clear text to be encrypted to obtain the first data ciphertext, reuses second key pair the first data ciphertext and be encrypted to obtain
Two data ciphertexts, and the second data ciphertext and the first record identification are sent to the first recipient.
Fig. 3 is the schematic flow chart of one embodiment of the data forwarding method of the present invention, application of the embodiment of the present invention
In server-side.
As shown in figure 3, the data forwarding method of the embodiment of the present invention includes:
S330, from sender receive including at least the first recipient mark, first recipient's public key, the first check number and
When the data distribution request of the first ciphertext of first key, the first record identification is returned to sender;
S331, it is identified and at least the by the first record identification and at least first key associated storage, and by the first recipient
One record identification, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
S332, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verification is carried out with first key the first recipient of the first ciphertext pair, such as the first recipient is by the first verification, by first
It is sent to the first recipient after first recipient's public key encryption of key.
In embodiments of the present invention, it is verification number of the server-side generation for being verified to the first recipient by sender
According to ciphertext, specially with first recipient's public key to the first verification data that merges first key with the first check number into
Row encryption obtains the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client
In the state of end first key is generated in server-side.When first key generates in sender's client, sender is also with hair
The key pair first key encryption that the side of sending negotiates with server-side generates the second ciphertext of first key and asks to send with data distribution
To server-side, when server-side carries out authentication using first key the first recipient of the first ciphertext pair, arranging key can be used
The second ciphertext of first key is decrypted to obtain first key to examine the verify data that the first recipient returns whether correct.When
When one key is generated by sender in the state of login service end, first key is preserved by server-side, sender and clothes is used in combination
It is sent to sender's client, the corresponding arranging key of sender's client after the key pair first key encryption that business end is negotiated
It decrypts to obtain first key to it, and uses first key and right in the data encryption to being sent to the first recipient
First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request
Know, the first ciphertext of first recipient's public key, the first check number and first key, first is accordingly created for data distribution request
Record identification is individual data point by the first record identification and with the relevant first key associated storage of the decryption of data ciphertext
Hair record individually creates a forwarding record for the first recipient mark, and the first record identification, the first check number and first is close
The first ciphertext of key and the first recipient mark etc. are stored in the relevant data of the first recipient in this forwarding record, and by the
One record identification returns to sender's client.
First recipient can rely on the first record identification after receiving the first record identification and data ciphertext from recipient
It is identified to server-side with the first recipient and asks first key, server-side is when receiving request, by the first ciphertext of first key
It is sent to the first recipient, and whether examine in the verify data of the first recipient return includes first key and the first check number
To be verified to the first recipient.When the first recipient passes through verification, server-side is public with the first recipient by first key
It is sent to the first recipient after key encryption, the first recipient can be close using first during being decrypted to data ciphertext as a result,
Key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold the management in verification and calculated load.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data return server-side way in intercepted and captured by others' if can not obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be advance when first key and the first check number are merged into first verification data
Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and merging rule is also to test first simultaneously
Card data therefrom split out the fractionation rule of key and check number when testing.Server-side from the first recipient receive through
When the first verification data obtained after being decrypted to the first ciphertext of first key, the merging rule can be based on from first verification data
The second check number and third key data are split out, the second check number and third key data are verified with the first of storage respectively
Number and first key are compared to the identity of the first recipient of verification.Scheduled merging rule can be first key extremely
The first check number is inserted into a few pre-position, or the first check number is split as multiple portions and is respectively correspondingly inserted into
Multiple pre-positions in first key.
Fig. 4 is the schematic flow chart of another embodiment of the data forwarding method of the present invention.
As shown in figure 4, the data forwarding method of the embodiment of the present invention includes:
S340, from sender receive including at least the first recipient mark, first recipient's public key, the first check number,
When the data distribution of the first ciphertext of first key and second the first ciphertext of key is asked, the first record identification is returned to sender;
S341, the first record identification and at least first key and the second cipher key associated are stored, and the first recipient is marked
Know and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, first recipient's public key and first
Check number associated storage;
S342, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verification is carried out with first key the first recipient of the first ciphertext pair, with second key the first recipient of the first ciphertext pair
Carry out the second verification;
S343, the first recipient will be sent to the by the first verification after first recipient's public key encryption of first key
One recipient when the first recipient verifies by second, will be sent to the first recipient corresponding to the data of the second verification.
In embodiments of the present invention, sender has used when the data for being sent to the first recipient are encrypted
One key and the second key, and the sender in data distribution request is used to carry out the first recipient for what server-side generated
The verify data ciphertext of verification includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close
Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number,
Second the first ciphertext of key verifies number with first recipient's public key to merge the second key with the first check number first
According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender
Client logs on to is generated and returned to client in the state of server-side in server-side, and server-side holds the second key.
Generate the first check number used when the first ciphertext of first key and the first verification used when generating second the first ciphertext of key
Number can be identical or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit, which identifies to server-side, asks first key and the second key, server-side when receiving request, first key first is close
Text and second the first ciphertext of key are sent to the first recipient, and examine in two verify datas that the first recipient returns whether
First key and the first check number, the second key and the first check number are separately included to be verified to the first recipient.
When one recipient is verified by two, server-side will be sent to after first recipient's public key encryption of first key and the second key
First recipient, as a result, the first recipient first key and the second key can be used during being decrypted to data ciphertext.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or with the relevant data of the second key, server-side is directed to that first key and the second key are independent to be received to first respectively
Fang Jinhang authentications further improve the safety of data ciphertext and key.
Sender can negotiate the second key and the first check number merging into the second verify data in advance with server-side
Merging rule can be based on scheduled when second the first ciphertext of key is sent to the first recipient the second verification of progress by server-side
Merge rule and splits out check number and key data from the second verify data that the first recipient returns and with the first of storage
Check number and the second key are compared.Scheduled merging rule can be inserted at least one pre-position of the second key
Enter the first check number, or the first check number is split as multiple portions and is respectively correspondingly inserted into the multiple predetermined of the second key
At position.
Fig. 5 is the schematic flow chart of the further embodiment of the data forwarding method of the present invention.
As shown in figure 5, the data forwarding method of the embodiment of the present invention includes:
S350, from sender receive including at least the first recipient mark, first recipient's public key, the first check number,
When the data distribution request of the first ciphertext of first key, second the first ciphertext of key and first the first ciphertext of subdata, to transmission
Side returns to the first record identification;
S351, the first record identification is associated with and is deposited at least first key, the second key and first the first ciphertext of subdata
Storage, and by the first recipient mark and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, the
One recipient's public key and the first check number associated storage;
S352, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verification is carried out with first key the first recipient of the first ciphertext pair, with second key the first recipient of the first ciphertext pair
Carry out the second verification;
S353, the first recipient will be sent to the by the first verification after first recipient's public key encryption of first key
One recipient obtains first when the first recipient verifies by second using second secret key decryption the first ciphertext of the first subdata
Subdata, and obtain being sent to first after first the second ciphertext of subdata using first the first subdata of recipient's public key encryption and connect
Debit.
In embodiments of the present invention, sender has first used first key to pending when data clear text is encrypted
The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext
One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and
The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side
The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification being received from the first recipient
Similar with embodiment illustrated in fig. 4 to the verification process of the first recipient when asking, difference is when the first recipient is by second
When verification, server-side obtains the first subdata using second secret key decryption the first ciphertext of the first subdata, and is received using first
The first subdata of square public key encryption is sent to the first recipient after obtaining first the second ciphertext of subdata.
Through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side
First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when being decrypted to the data ciphertext obtained from sender
Shi Chiyou first keys and the second key could be completed to decrypt, and the first recipient tests by the first verification of server-side and second
When card, first key and the second key are sent to the first recipient by server-side with first recipient's public key encryption.The present invention
Embodiment can improve data ciphertext by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption
Safety.
Fig. 6 is the schematic flow chart of one embodiment of the data forwarding method of the present invention, application of the embodiment of the present invention
In recipient's client.
As shown in fig. 6, the data forwarding method of the embodiment of the present invention includes:
S360, data ciphertext is received from data sender and when the first record identification, include first connecing to server-side transmission
Debit identifies and the data receiver of the first record identification is asked;
S361, from server-side receive for the first recipient carry out first verification the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, and the first obtained decrypted result is sent to
Server-side;
S362, such as first are verified, and obtain first key from server-side, and in the process that data ciphertext is decrypted
It is middle to use first key.
In embodiments of the present invention, the first recipient is from recipient after receiving the first record identification and data ciphertext,
The first record identification and the first recipient can be relied on to identify to server-side and ask first key, server-side when receiving request,
The first ciphertext of first key is sent to the first recipient, and whether is examined in the verify data that the first recipient returns comprising the
One key and the first check number verify the first recipient.When the first recipient passes through verification, server-side is by first
It is sent to the first recipient after first recipient's public key encryption of key, the first recipient can decrypt to data ciphertext as a result,
During use first key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold the management in verification and calculated load.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data return server-side way in intercepted and captured by others' if can not obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be advance when first key and the first check number are merged into first verification data
Setting merges rule, and the first check number and first key are merged into first verification data by being based on the predetermined rule that merges, and
First verification data is encrypted with first recipient's public key to obtain the first ciphertext of first key.It is predetermined merge rule by sender with
Server-side negotiates to determine in advance, and the merging rule is not known to any recipient including the first recipient.It is predetermined
Merging rule may include:It is inserted into the first check number at least one pre-position of first key;Or by the first check number
It is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in first key.
Fig. 7 is the schematic flow chart of another embodiment of the data forwarding method of the present invention.
As shown in fig. 7, the data forwarding method of the embodiment of the present invention includes:
S370, data ciphertext is received from data sender and when the first record identification, include first connecing to server-side transmission
Debit identifies and the data receiver of the first record identification is asked;
S371, from server-side receive for the first recipient carry out first verification the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes
It is engaged in end, such as first being verified, first key is obtained from server-side, and use the during data ciphertext is decrypted
One key;
S372, from server-side receive for the first recipient carry out second verification second the first ciphertext of key when,
It is decrypted using first recipient's private key pair the first ciphertext of the second key, the second obtained decrypted result is sent to clothes
It is engaged in end, such as second being verified, data corresponding to the second verification is obtained so that data ciphertext to be decrypted from server-side
It uses in the process.
In embodiments of the present invention, the first recipient is after receiving the first record identification and data ciphertext, can rely on the
One record identification and the first recipient, which identify to server-side, asks first key and the second key, server-side receiving request
When, the first ciphertext of first key and second the first ciphertext of key are sent to the first recipient, and the first recipient is examined to return
Two verify datas in whether separately include first key and the first check number, the second key and the first check number comes to first
Recipient verifies.When the first recipient is verified by two, server-side connects first key and the second key with first
The first recipient is sent to after debit's public key encryption, the first recipient can use during being decrypted to data ciphertext as a result,
First key and the second key.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or with the relevant data of the second key, server-side is directed to that first key and the second key are independent to be received to first respectively
Fang Jinhang authentications further improve the safety of data ciphertext and key.
It in embodiments of the present invention, also can be pre- when the second key and the first check number are merged into the second verify data
First setting merges rule, and the first check number and the second key are merged into the second verify data by being based on the predetermined rule that merges,
It is used in combination first the second verify data of recipient's public key pair to encrypt to obtain second the first ciphertext of key.The predetermined rule that merges is by sender
Negotiate to determine in advance with server-side, and the merging rule is not known to any recipient including the first recipient.In advance
Merging rule calmly may include:It is inserted into the first check number at least one pre-position of the second key;Or first is verified
Number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in the second key.
Fig. 8 is the schematic flow chart of the further embodiment of the data forwarding method of the present invention.
As shown in figure 8, the data forwarding method of the embodiment of the present invention includes:
S380, data ciphertext is received from data sender and when the first record identification, include first connecing to server-side transmission
Debit identifies and the data receiver of the first record identification is asked;
S381, from server-side receive for the first recipient carry out first verification the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes
It is engaged in end, such as first being verified, first key is obtained from server-side, and use the during data ciphertext is decrypted
One key;
S382, from server-side receive for the first recipient carry out second verification second the first ciphertext of key when,
It is decrypted using first recipient's private key pair the first ciphertext of the second key, the second obtained decrypted result is sent to clothes
It is engaged in end, such as second being verified, first the second ciphertext of subdata being obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
In embodiments of the present invention, sender has first used first key to pending when data clear text is encrypted
The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext
One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and
The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side
The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification being received from the first recipient
When asking, the first verification and the second verification are carried out to the first recipient, when the first recipient verifies by second, server-side uses
Second secret key decryption the first ciphertext of the first subdata obtains the first subdata, and the first subdata is returned to the first reception in plain text
Side, or it is sent to the first reception after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Side.
First recipient is after server-side obtains the first subdata, with the reservations in the first subdata replacement data ciphertext
Get another data ciphertext, then another data ciphertext is decrypted to obtain data clear text with first key.
Through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side
First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when being decrypted to the data ciphertext obtained from sender
Shi Chiyou first keys and the second key could be completed to decrypt, at this moment, the first recipient by server-side first verification and
When the second verification, first key and the second key are sent to the first recipient by server-side with first recipient's public key encryption.
The embodiment of the present invention can improve number by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption
According to the safety of ciphertext.
In any of the above-described embodiment of the present invention, server-side is receiving letter of the sender with data distribution request transmission
These information and data can be identified as index with the first recipient therein and stored by breath and when data, and with distributed
The first record identification associated storage.The dependency number for asking server-side to forward when sender wishes to cancel for the first recipient
According to when, sender can include data distribution revocation that the first record identification and the first recipient identify by being sent to server-side
It asks to ask server-side that the first recipient is identified to and identified with the first recipient the information deletion of associated storage.Server-side
Divide receiving the data identified including the first record identification and the first recipient that sender sends for the first recipient
When hair revocation request, it can will be identified including the first recipient and identify the individual of the information of associated storage with the first recipient
Forward record deletion.After the information that server-side deletes the first recipient mark and associated storage, first receives direction server-side
When transmission includes the data receiver request of the first recipient mark, server-side will can not find the first recipient and identify relevant forwarding
Record realizes transmission to return to the decryption data such as first key to the first recipient in response to receiving request
The square timely revocation to having distributed data.Meanwhile server-side will include that the first recipient identifies and identified with the first recipient
The individual forwarding record deletion of the information of associated storage does not influence to include the first record identification and the second sub-key ciphertext etc.
Individual data distribution record can send to server-side and wrap if sender needs to restore the data distribution for the first recipient
The data redistribution for including the information such as the first recipient mark, first the first ciphertext of sub-key, first recipient's public key and data is asked
It asks, these information and data can be stored as individually forwarding record by server-side again, to which the first recipient can be from service
End obtains data needed for decryption.
The embodiment of the present invention additionally provides a kind of data distribution/retransmission unit, can be by including end of processor and memory
End equipment realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute above-mentioned
Data distribution/retransmission method applied to sender's client in one embodiment.
The embodiment of the present invention additionally provides a kind of data forwarding device, can be by including processor and memory and being used as service
The terminal device of device realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute
The data forwarding method applied to server-side in any of the above-described embodiment.
The embodiment of the present invention additionally provides a kind of data forwarding device, can be by including the terminal device of processor and memory
It realizes, processor is configurable to the scheduled computer instruction stored in run memory to execute any of the above-described implementation
The data forwarding method applied to recipient's client in example.
Due to impossible exhaustive all embodiments in the application, it is also not possible to all combinations between limit technical characteristic
Mode, therefore these specific embodiments that the present invention is not limited to be provided, those skilled in the art are in reality disclosed herein
On the basis of applying example, it is fully able to carry out a variety of modifications to these embodiments in the case where not departing from spirit of that invention and design
And modification, the embodiments of these variants and modifications should all fall into the application it is claimed within the scope of.
Claims (36)
1. a kind of data distributing method is applied to sender's client, the method includes:
It is encrypted using at least one key during encrypted to data, obtains data ciphertext;
By the common first recipient's public key encryption of first key and the first check number at least one key, the is obtained
One the first ciphertext of key;
Distribute to server-side transmission data and ask, is connect including at least the first recipient mark, first in the data distribution request
The first ciphertext of debit's public key, the first check number and first key, wherein the first ciphertext of the first key is used to receive to first
Fang Jinhang is verified;
The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first reception
Side.
2. the method for claim 1, wherein by the common first recipient public affairs of the first key and the first check number
Key is encrypted, and the first ciphertext of first key is obtained, including:
The first check number and the first key are merged into first verification data based on predetermined merging rule, are used in combination described first
Recipient's public key encrypts first verification data to obtain the first ciphertext of the first key.
3. method as claimed in claim 2, wherein the predetermined merging rule includes:
It is inserted into first check number at least one pre-position of the first key.
4. method as claimed in claim 2, wherein the predetermined merging rule includes:
First verification data is split as multiple portions and is respectively correspondingly inserted into multiple pre-determined bits of the first key
Set place.
5. the method as described in any one of claim 1-4, wherein further include the second key at least one key,
The method further includes:
By second key and the common first recipient's public key encryption of the first check number, second the first ciphertext of key is obtained,
Wherein, further include first ciphertext of the second key in the data distribution request.
6. method as claimed in claim 5, wherein by the common first recipient public affairs of second key and the first check number
Key is encrypted, and second the first ciphertext of key is obtained, including:
The first check number and second key are merged into the second verify data based on predetermined merging rule, are used in combination described first
The second verify data of recipient's public key pair encrypts to obtain first ciphertext of the second key.
7. method as claimed in claim 6, wherein the predetermined merging rule includes:
It is inserted into first check number at least one pre-position of second key.
8. method as claimed in claim 6, wherein the predetermined merging rule includes:
First verification data is split as multiple portions and is respectively correspondingly inserted into multiple pre-determined bits of second key
Set place.
9. the method as described in any one of claim 5-8, wherein
Second key be used for extracted from the first data ciphertext by being generated to data encryption with first key the
One subdata, which is encrypted, generates first the first ciphertext of subdata,
Further include first the first ciphertext of subdata in the data distribution request,
The data ciphertext for being sent to the first recipient is by replacing first the first subnumber of data ciphertext Central Plains with the second subdata
The the second data ciphertext generated according to position.
10. the method as described in any one of claim 5-8, wherein
The first key and the second key to the first part of data and second part for being encrypted to obtain first respectively
Data ciphertext and the second data ciphertext,
The data ciphertext for being sent to the first recipient includes the first data ciphertext and the second data ciphertext.
11. the method as described in any one of claim 5-8, wherein
Second key is used for by the way that generation is encrypted to the first data ciphertext that data encryption generates with first key
Second data ciphertext,
The data ciphertext for being sent to the first recipient is the second data ciphertext.
12. the method as described in any one of claim 1-11, further includes:
It includes the first record identification and the data distribution revocation request that the first recipient identifies to be sent to server-side, so as to server-side
First recipient is identified to and is identified with the first recipient the information deletion of associated storage.
13. a kind of data delivery device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data distributing method as described in any one of claim 1-5.
14. a kind of data forwarding method is applied to server-side, the method includes:
It is received from sender including at least the first recipient mark, first recipient's public key, the first check number and first key
First ciphertext data distribution request when, to sender return the first record identification, wherein the first ciphertext of first key pass through by
First key at least one key used during data are encrypted is connect with first jointly with the first check number
Debit's public key encryption obtains;
It is marked by the first record identification and at least first key associated storage, and by the first recipient mark and at least first record
Knowledge, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
It is close with first when receiving the data receiver request including the first recipient mark and the first record identification from the first recipient
Key the first recipient of the first ciphertext pair carries out the first verification, and such as the first recipient is by the first verification, by first key with first
The first recipient is sent to after recipient's public key encryption.
15. method as claimed in claim 14, carrying out the first verification with first key the first recipient of the first ciphertext pair includes:
The first ciphertext of first key is sent to the first recipient, based on predetermined first for merging rule and being returned from the first recipient
The second check number and third key data are split out in verify data, by the second check number and third key data respectively with storage
The first check number and the first key be compared.
16. method as claimed in claim 15, wherein the predetermined merging rule includes:
It is inserted into first check number at least one pre-position of the first key.
17. method as claimed in claim 15, wherein the predetermined merging rule includes:
First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-determined bits in the first key
Set place.
18. the method as described in any one of claim 14-17, the data distribution request further includes that the second key first is close
Text, second the first ciphertext of key with first recipient's public key encryption by obtaining the second key with the first check number jointly, institute
The method of stating further includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key
Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second
Key the first recipient of the first ciphertext pair carries out the second verification, when the first recipient verifies by second, will correspond to second
The data of verification are sent to the first recipient.
19. method as claimed in claim 18, wherein carry out the second verification with second key the first recipient of the first ciphertext pair
Including:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and being returned from the first recipient
The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage
The first check number and second key be compared.
20. method as claimed in claim 19, wherein the predetermined merging rule includes:
It is inserted into first check number at least one pre-position of second key.
21. method as claimed in claim 19, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key
Set place.
22. the method as described in any one of claim 18-21, wherein further include the first son in the data distribution request
The first ciphertext of data, first ciphertext of the first subdata by with the second key pair from by with first key to data encryption
Generation is encrypted in the first subdata extracted in the first data ciphertext generated,
The method further includes:
By first record identification also with first subdata the first ciphertext associated storage;
When the first recipient verifies by second, the first subnumber is obtained using second secret key decryption the first ciphertext of the first subdata
According to, and it is sent to the first reception after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Side.
23. the method as described in any one of claim 18-21, further includes:
When the first recipient verifies by second, the first reception will be sent to after first recipient's public key encryption of the second key
Side.
24. the method as described in any one of claim 14-23, further includes:
When receiving the data distribution revocation request including the first record identification and the first recipient mark, the first recipient is marked
Know and identified with the first recipient the information deletion of associated storage.
25. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data forwarding method as described in any one of claim 14-24.
26. a kind of data forwarding method is applied to recipient's client, the method includes:
Receive data ciphertext from data sender and when the first record identification, to server-side transmission include the first recipient mark with
The data receiver of first record identification is asked;
When receiving the first ciphertext of first key for carrying out the first verification to the first recipient from server-side, connect using first
The first ciphertext of first key is decrypted in debit's private key, and the first obtained decrypted result is sent to server-side, such as
First is verified, and obtains first key from server-side, and first key is used during data ciphertext is decrypted,
Wherein, the first ciphertext of first key with first recipient's public key encryption by giving birth to first key and the first check number jointly
At.
27. method as claimed in claim 26, wherein the first ciphertext of first key is specifically by based on predetermined merging rule
First check number and the first key are merged into first verification data, the first recipient public key pair first is used in combination to verify
Data encryption obtains.
28. method as claimed in claim 27, wherein the predetermined merging rule includes:The first key at least
First check number is inserted into one pre-position.
29. method as claimed in claim 27, wherein the predetermined merging rule includes:First check number is split
It is inserted into for multiple portions and respectively correspondingly multiple pre-positions in the first key.
30. the method as described in any one of claim 26-29, further includes:
When receiving second the first ciphertext of key for carrying out the second verification to the first recipient from server-side, connect using first
Debit's private key pair the first ciphertext of the second key is decrypted, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verification are obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
31. method as claimed in claim 30, wherein second the first ciphertext of key is specifically by based on predetermined merging rule
First check number and the second key are merged into the second verify data, the second verify data of the first recipient public key pair is used in combination
Encryption obtains.
32. method as claimed in claim 31, wherein the predetermined merging rule includes:Second key at least
First check number is inserted into one pre-position.
33. method as claimed in claim 32, wherein the predetermined merging rule includes:First check number is split
It is inserted into for multiple portions and respectively correspondingly multiple pre-positions in second key.
34. the method as described in any one of claim 30-33, further includes:
If second is verified, first the second ciphertext of subdata is obtained from server-side,
First subdata, second ciphertext is generated by server-side using first the first subdata of recipient's public key encryption, and described the
One subdata is obtained by server-side using second secret key decryption the first ciphertext of the first subdata,
First subdata, first ciphertext by data sender by with the second key pair from through first key to data encryption
The first subdata extracted in the first obtained data ciphertext encrypts to obtain,
The data ciphertext received from data sender with the second subdata by replacing first the first subdata of data ciphertext Central Plains
Position and generate.
35. the method as described in any one of claim 30-33, further includes:
If second is verified, the second key is obtained from server-side, and carry out to the data ciphertext received from data sender
The second key is used during decryption.
36. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data forwarding method as described in any one of claim 26-35.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810095513.3A CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810095513.3A CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108366054A true CN108366054A (en) | 2018-08-03 |
| CN108366054B CN108366054B (en) | 2019-06-11 |
Family
ID=63007563
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810095513.3A Active CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108366054B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854241A (en) * | 2009-03-30 | 2010-10-06 | 上海聚力传媒技术有限公司 | Method and device for verifying data block transmitted in network |
| CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
| CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
| CN105635141A (en) * | 2015-12-29 | 2016-06-01 | 沈文策 | Information transmission method and device |
| CN106788991A (en) * | 2016-12-05 | 2017-05-31 | 北京中交兴路信息科技有限公司 | A kind of method and device of data transfer |
| CN107086976A (en) * | 2016-02-14 | 2017-08-22 | 广州市动景计算机科技有限公司 | The method of data check, device and system |
-
2018
- 2018-01-31 CN CN201810095513.3A patent/CN108366054B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854241A (en) * | 2009-03-30 | 2010-10-06 | 上海聚力传媒技术有限公司 | Method and device for verifying data block transmitted in network |
| CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
| CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
| CN105635141A (en) * | 2015-12-29 | 2016-06-01 | 沈文策 | Information transmission method and device |
| CN107086976A (en) * | 2016-02-14 | 2017-08-22 | 广州市动景计算机科技有限公司 | The method of data check, device and system |
| CN106788991A (en) * | 2016-12-05 | 2017-05-31 | 北京中交兴路信息科技有限公司 | A kind of method and device of data transfer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108366054B (en) | 2019-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6915434B1 (en) | Electronic data storage apparatus with key management function and electronic data storage method | |
| CN109962784B (en) | Data encryption, decryption and recovery method based on multiple digital envelope certificates | |
| CN105553662B (en) | Dynamic digital copyright protection method and system based on id password | |
| CA1292790C (en) | Controlled use of cryptographic keys via generating station establishedcontrol values | |
| CN108243197B (en) | A kind of data distribution, retransmission method and device | |
| CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
| CN109981255B (en) | Method and system for updating key pool | |
| CN107948736A (en) | A kind of audio and video preservation of evidence method and system | |
| CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN116670673A (en) | Transferring cryptocurrency from a remote limited access wallet | |
| JP2000124887A (en) | Enciphering/decoding method for group unit, and method and device for signature | |
| CN106104562A (en) | Safety of secret data stores and recovery system and method | |
| JPH10508438A (en) | System and method for key escrow and data escrow encryption | |
| CN108173649A (en) | A kind of message authentication method and system based on quantum key card | |
| CN105745861A (en) | Information delivery system | |
| WO2007092588A2 (en) | Secure digital content management using mutating identifiers | |
| CN108768653A (en) | Identity authorization system based on quantum key card | |
| CN109033808B (en) | Game experience method and account server | |
| CN107070879A (en) | Data guard method and system | |
| CN106911663A (en) | One kind sells bank's full message encryption system and method for mixed mode directly to households | |
| CN108809636A (en) | The communication system and communication means of message authentication between member are realized based on group's type quantum key card | |
| CN108200085A (en) | A kind of data distribution, retransmission method and device | |
| CN108199838A (en) | A kind of data guard method and device | |
| CN108600152A (en) | Modified Kerberos identity authorization systems based on quantum communication network and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |