CN108366054B - A kind of data distribution, retransmission method and device - Google Patents
A kind of data distribution, retransmission method and device Download PDFInfo
- Publication number
- CN108366054B CN108366054B CN201810095513.3A CN201810095513A CN108366054B CN 108366054 B CN108366054 B CN 108366054B CN 201810095513 A CN201810095513 A CN 201810095513A CN 108366054 B CN108366054 B CN 108366054B
- Authority
- CN
- China
- Prior art keywords
- key
- data
- ciphertext
- recipient
- check number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data distributing methods, comprising: is encrypted during to data encryption using at least one key, obtains data ciphertext;First key at least one key is used into first recipient's public key encryption with the first check number jointly, obtains the first ciphertext of first key;Data distribution request is sent to server-side, includes at least the first recipient mark, the first ciphertext of first recipient's public key, the first check number and first key in the data distribution request, wherein the first ciphertext of first key is for verifying the first recipient;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.The invention also discloses corresponding data forwarding method and data distribution/retransmission units.Data distribution through the invention/forwarding scheme can effectively improve safety of the data in transmission process while improving user's convenience operationally when forwarding data.
Description
Technical field
The present invention relates to information security field, in particular to a kind of data distribution, retransmission method and device.
Background technique
In internet, high development is current, and more and more data contents need to send by network.If by data
Transmission is easy to be intercepted and captured by hacker content in a network in plain text, can when data are sent or are forwarded in order to improve the safety of data
To use Digital Envelope Technology.
Digital Envelope Technology uses two layers of encryption system, and digital envelope includes encrypted content and is used for content-encrypt
Content key (CEK) ciphertext.Sender is generally close to be encrypted to obtain content to content key using recipient's public key
Key ciphertext, but the symmetric key that sender and recipient negotiate in advance can be used also to encrypt to content key.When connecing
It when debit receives digital envelope, needs first to decrypt to obtain content key with the ciphertext of key pair content key, then with content key pair
Content ciphertext decrypts to obtain content original text.Digital Envelope Technology combines that asymmetric key algorithm is highly-safe and symmetric key is calculated
The fireballing advantage of method, it can be ensured that confidentiality of the data in transmission process can simultaneously prevent data to be tampered.
Currently, the data forwarding technology based on digital envelope improve Information Security and forwarding convenience in terms of there is also
Room for improvement.
Summary of the invention
In view of this, the embodiment of the present invention proposes a kind of safety and convenience based on improved Digital Envelope Technology
Higher data distribution, forwarding scheme.
For this purpose, being applied to sender's client, the method packet the embodiment of the invention provides a kind of data distributing method
It includes: being encrypted during to data encryption using at least one key, obtain data ciphertext;At least one is close by described in
First key and the first check number in key use first recipient's public key encryption jointly, obtain the first ciphertext of first key;To clothes
End of being engaged in sends data distribution request, included at least in data distribution request the first recipient mark, first recipient's public key,
The first ciphertext of first check number and first key, wherein first ciphertext of first key is for testing the first recipient
Card;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.
Preferably, the first key and the first check number are used first recipient's public key encryption jointly, first is obtained
The first ciphertext of key, comprising: the first check number and the first key are merged by the first verifying number based on predetermined merging rule
According to, and first verification data is encrypted with the first recipient public key to obtain first ciphertext of first key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes: that the first verification data are split as multiple portions and difference
It is inserted correspondingly into multiple pre-positions of the first key.
Preferably, further include the second key at least one described key, the method also includes: it is close by described second
Key and the first check number use first recipient's public key encryption jointly, obtain second the first ciphertext of key, wherein the data distribution
It further include first ciphertext of the second key in request.
Preferably, second key and the first check number are used first recipient's public key encryption jointly, second is obtained
The first ciphertext of key, comprising: the first check number and second key are merged by the second verifying number based on predetermined merging rule
According to, and the second verify data is encrypted with the first recipient public key to obtain first ciphertext of the second key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes: that the first verification data are split as multiple portions and difference
It is inserted correspondingly into multiple pre-positions of second key.
Preferably, second key is used for close from the first data by being generated with first key to data encryption
The first subdata extracted in text carries out encryption and generates first the first ciphertext of subdata, further includes the in data distribution request
One the first ciphertext of subdata, the data ciphertext for being sent to the first recipient is by replacing the first data ciphertext with the second subdata
The second data ciphertext that Central Plains the first subdata position generates.
Preferably, the first key and the second key are for respectively carrying out the first part of data and second part
Encryption obtains the first data ciphertext and the second data ciphertext, and the data ciphertext for being sent to the first recipient includes the first data ciphertext
With the second data ciphertext.
Preferably, second key is used for the first data ciphertext by being generated with first key to data encryption
It carries out encryption and generates the second data ciphertext, the data ciphertext for being sent to the first recipient is the second data ciphertext.
Preferably, the method also includes: sending to server-side includes that the first record identification and the first recipient identify
Data distribution cancel request, so as to server-side by the first recipient identify and with the first recipient mark associated storage letter
Breath is deleted.
The embodiment of the invention also provides a kind of data delivery device, including processor, the processor operation is scheduled
Computer instruction is to execute the data distributing method applied to sender's client of any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding methods, are applied to server-side, which comprises from transmission
Side is received including at least the first recipient mark, first recipient's public key, the first check number and first key the first ciphertext
When data distribution is requested, the first record identification is returned to sender, wherein the first ciphertext of first key will be by that will carry out data
The first key at least one key used during encryption uses first recipient's public key to add jointly with the first check number
It is close to obtain;It is recorded by the first record identification and at least first key associated storage, and by the first recipient mark at least first
Mark, the first ciphertext of first key, first recipient's public key and the first check number associated storage;From the first recipient receive including
First recipient mark and the first record identification data receiver request when, with the first ciphertext of first key to the first recipient into
Row first is verified, and such as the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key
One recipient.
Preferably, carrying out the first verifying to the first recipient with the first ciphertext of first key includes: by first key the
One ciphertext is sent to the first recipient, is split out from the first verification data that the first recipient returns based on predetermined merging rule
Second check number and third key data, by the second check number and third key data respectively with the first check number of storage and institute
First key is stated to be compared.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in the first key with answering.
Preferably, the data distribution request further includes second the first ciphertext of key, second the first ciphertext of key passes through
Second key is obtained with first recipient's public key encryption jointly with the first check number, the method also includes: first is received
Also with second key the first ciphertext associated storage, the first record identification is also stored with the second cipher key associated for side's mark;From first
It is also close with the second key first when recipient receives the data receiver request including the first recipient mark and the first record identification
Text carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to the data of the second verifying
It is sent to the first recipient.
Preferably, carrying out the second verifying to the first recipient with second the first ciphertext of key includes: by the second key the
One ciphertext is sent to the first recipient, is split out from the second verify data that the first recipient returns based on predetermined merging rule
Second check number and the 4th key data, by the second check number and the 4th key data respectively with the first check number of storage and institute
The second key is stated to be compared.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in second key with answering.
Preferably, further include first the first ciphertext of subdata in data distribution request, first subdata the
One ciphertext by extracted from the first data ciphertext by being generated with first key to data encryption with the second key pair
One subdata carries out encryption generation, the method also includes: by first record identification also with first the first ciphertext of subdata
Associated storage;When the first recipient is by the second verifying, first the first ciphertext of subdata is decrypted using the second key and obtains the
One subdata, and first is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Recipient.
Preferably, the method also includes: when the first recipient is by the second verifying, the second key is connect with first
The first recipient is sent to after debit's public key encryption.
Preferably, the method also includes: receive the data including the first record identification and the first recipient mark
When distribution revocation request, the first recipient is identified to and is identified with the first recipient the information deletion of associated storage.
The embodiment of the invention also provides a kind of data forwarding device, including processor, the processor operation is scheduled
Computer instruction is to execute the data forwarding method applied to server-side of any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding methods, are applied to recipient's client, which comprises
When receiving data ciphertext and the first record identification from data sender, sending to server-side includes the first recipient mark and first
The data receiver of record identification is requested;The first key for carrying out the first verifying to the first recipient is received from server-side
When one ciphertext, the first ciphertext of first key is decrypted using first recipient's private key, and obtain first is decrypted
As a result it is sent to server-side, such as first is verified, obtains first key from server-side, and data ciphertext is being decrypted
First key is used in the process, wherein the first ciphertext of first key by using first for first key and the first check number jointly
Recipient's public key encryption generates.
Preferably, the first ciphertext of first key specifically by based on it is predetermined merge rule by the first check number with it is described
First key merges into first verification data, and encrypts to obtain to first verification data with the first recipient public key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key
First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in the first key with answering.
Preferably, the method also includes: it receives from server-side for carrying out the second verifying to the first recipient
When second the first ciphertext of key, second the first ciphertext of key is decrypted using first recipient's private key, and will obtain
The second decrypted result be sent to server-side;Be verified such as second, from server-side obtain the data corresponding to the second verifying with
It is used during data ciphertext is decrypted.
Preferably, second the first ciphertext of key is specifically by regular by the first check number and second based on predetermined merging
Key merges into the second verify data, and encrypts to obtain to the second verify data with the first recipient public key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key
First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively
It is inserted into multiple pre-positions in second key with answering.
Preferably, the method also includes: if second is verified, it is close to obtain the first subdata second from server-side
Text, second ciphertext of the first subdata are generated by server-side using first the first subdata of recipient's public key encryption, and described the
One subdata is decrypted first the first ciphertext of subdata using the second key by server-side and is obtained, first ciphertext of the first subdata
By data sender by being extracted from the first data ciphertext obtained through first key to data encryption with the second key pair
First subdata encrypts to obtain, from the received data ciphertext of data sender by replacing the first data ciphertext with the second subdata
The position of the first subdata of Central Plains and generate.
Preferably, the method also includes: be verified such as second, obtain the second key from server-side, and to from
The received data ciphertext of data sender uses the second key during being decrypted.
The embodiment of the invention also provides a kind of data forwarding device, including processor, the processor operation is scheduled
Computer instruction is to execute the data forwarding method applied to recipient's client of any of the above-described embodiment.
Data distribution through the embodiment of the present invention/forwarding scheme can operated improving user when forwarding data
On convenience while, effectively improve safety of the data in transmission process.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of data distributing method of the invention;
Fig. 2 is the schematic flow chart of another embodiment of data distributing method of the invention;
Fig. 3 is the schematic flow chart of one embodiment of data forwarding method of the invention;
Fig. 4 is the schematic flow chart of another embodiment of data forwarding method of the invention;
Fig. 5 is the schematic flow chart of the further embodiment of data forwarding method of the invention;
Fig. 6 is the schematic flow chart of one embodiment of data forwarding method of the invention;
Fig. 7 is the schematic flow chart of another embodiment of data forwarding method of the invention;
Fig. 8 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
Specific embodiment
The each embodiment of the present invention is described in detail with reference to the accompanying drawings.
Fig. 1 is the schematic flow chart of one embodiment of data distributing method of the invention, the number of the embodiment of the present invention
It is applied to sender's client according to distribution method.
As shown in Figure 1, the data distributing method of the embodiment of the present invention includes:
S310, it is encrypted during to data encryption using at least one key, obtains data ciphertext;
S311, the first key at least one key is used into first recipient's public key encryption with the first check number jointly,
Obtain the first ciphertext of first key;
S312, data distribution request is sent to server-side, the first recipient mark, the are included at least in data distribution request
The first ciphertext of one recipient's public key, the first check number and first key, the first ciphertext of first key be used for the first recipient into
Row verifying;
S313, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to
First recipient.
In embodiments of the present invention, sender has used including first key when encrypting to data to be sent
At least one key, first key can be sender be the first recipient generate random number, be also possible to sender by
Customized mode is any character string that the first recipient generates.
The embodiment of the present invention for example may is that the cipher mode of data direct to data encryption to be sent with first key
Generate data ciphertext;First with after the data encryption to be sent of other key pairs again with first key encrypt generate data ciphertext;First use
First key to after data encryption to be sent again with other keys encrypt generate data ciphertext;With first key and other key pairs
The different piece of data to be sent encrypt etc..Here other keys for example can be the public key of the first recipient, or
The symmetric key that person sender and the first recipient negotiate in advance.
It is similar with preceding sections embodiment, it is also generated for server-side for being connect to first by sender in the embodiment of the present invention
The verify data ciphertext that debit is verified specially is merged to by first key with the first check number with first recipient's public key
Obtained first verification data is encrypted to obtain the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client
First key is generated in server-side in the state of end.When first key generates in sender's client, sender is also with hair
The key pair first key encryption that the side of sending and server-side are negotiated generates the second ciphertext of first key and requests to send with data distribution
To server-side, when server-side carries out authentication to the first recipient using the first ciphertext of first key, arranging key can be used
The second ciphertext of first key is decrypted to obtain first key to examine the verify data of the first recipient return whether correct.When
When one key is generated in the state of login service end by sender, first key is saved by server-side, and with sender and take
Sender's client, the corresponding arranging key of sender's client are sent to after the key pair first key encryption that business end is negotiated
It is decrypted to obtain first key, and uses first key and right when to the data encryption for being sent to the first recipient
First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request
It is stored after the information such as knowledge, the first ciphertext of first recipient's public key, the first check number and first key and data, and accordingly
The first record identification is created, the first record identification is then returned into sender's client.Sender's client is from server-side
After receiving the first record identification, corresponding data ciphertext and the first record identification are sent to the first recipient.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit identifies to server-side and requests first key, and server-side is sent to the when receiving request, by the first ciphertext of first key
One recipient, and whether come comprising first key and the first check number to first in the verify data for examining the first recipient to return
Recipient verifies.When the first recipient passes through verifying, server-side will be after first recipient's public key encryption of first key
It is sent to the first recipient, the first recipient can use first key during decrypting to data ciphertext as a result,.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data
Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and it includes first that the merging rule, which is not,
Known to any recipient including recipient.In embodiments of the present invention, only sender and server-side understand merging rule, clothes
Business end can be based on the conjunction when receiving the verify data obtained after to the decryption of the first ciphertext of first key from the first recipient
And rule and determine whether the verify data is first verification data according to first key and the first check number, thus confirmation first
The identity of recipient.Through the embodiment of the present invention, it when the verify data for returning to the first recipient is verified, needs to check
Whether the various pieces in the verify data meet scheduled merging rule, further improve the safety of data.
In an embodiment of the invention, make a reservation for merge regular can be at least one pre-position of first key
It is inserted into the first check number.For example, the first check number is inserted into the front, middle part and rear portion in first key respectively, in the embodiment
Under, to improve Information Security, the first check number can have less digit, such as include one-bit digital or two digits.
In an alternative embodiment of the invention, predetermined merging rule, which can be, is split as multiple portions simultaneously for the first verification data
Respectively correspondingly it is inserted into multiple pre-positions of first key.For example, the first check number of 20 bit lengths is sequentially split
At respectively 2,5,3,4,65 character strings, and 5 positions are arbitrarily determined in first key, by this 5
Character string is inserted respectively.In this embodiment, it is difficult to crack out first key from first verification data, has very high
Information Security.
Fig. 2 is the schematic flow chart of another embodiment of data distributing method of the invention.
As shown in Fig. 2, the data distributing method of the embodiment of the present invention includes:
S320, it is encrypted during to data encryption using at least one key, obtains data ciphertext, this is at least
One key includes first key and the second key;
S321, that first key with the first check number is obtained first key first with first recipient's public key encryption jointly is close
Second key and the first check number are used first recipient's public key encryption by text jointly, obtain second the first ciphertext of key;
S322, data distribution request is sent to server-side, the first recipient mark, the are included at least in data distribution request
One recipient's public key, the first check number, the first ciphertext of first key and second the first ciphertext of key;
S323, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to
First recipient.
In embodiments of the present invention, sender has used when encrypting to the data for being sent to the first recipient
One key and the second key, and the sender in data distribution request is server-side generation for carrying out to the first recipient
The verify data ciphertext of verifying includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close
Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number,
Second the first ciphertext of key is with first recipient's public key to the first verifying number for merging the second key with the first check number
According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender
Client, which logs on to, is generated and returned to client in server-side in the state of server-side, and server-side holds the second key.
The first verification used when second the first ciphertext of key of the first check number and generation used when generating the first ciphertext of first key
Number can be same or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit, which identifies to server-side, requests first key and the second key, server-side when receiving request, first key first is close
Text and second the first ciphertext of key are sent to the first recipient and carry out the first verifying and the second verifying, and the first recipient is examined to return
The first verification data returned and first key and the first check number, the second key and the whether are separately included in the second verify data
One check number verifies the first recipient.The first recipient pass through two verifyings when, server-side by first key with
It is sent to the first recipient after second key, first recipient's public key encryption, the first recipient can be to data ciphertext as a result,
First key and the second key are used during decryption.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception
Fang Jinhang authentication further improves the safety of data ciphertext and key.
Sender and server-side can negotiate the second key and the first check number merging into the second verify data in advance
Merge rule.The scheduled rule that merges can be in the first check number of at least one pre-position of the second key insertion, or
First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions of the second key by person.
When sender has used first key and second close when encrypting to the data for being sent to the first recipient
When key, the mode of encryption can there are many.
In an embodiment of the invention, it first is encrypted to obtain to sent data clear text using first key
Then first data ciphertext extracts the first subdata from the predetermined portions in the first data ciphertext, with the second subdata replacement the
The position of one the first subdata of data ciphertext Central Plains generates the second data ciphertext, and encrypts the first subdata with the second key and obtain
To first the first ciphertext of subdata.In embodiments of the present invention, sender also needs close to the first subdata first of server-side transmission
Text, and the second data ciphertext and the first record identification are sent to the first recipient.
In another embodiment, sender is when encrypting data, first by clear data to be sent
The first data and the second data are split as, the first data are encrypted using first key to obtain the first data ciphertext, are used
Second the second data of key pair are encrypted to obtain the second data ciphertext, and by the first data ciphertext and the second data ciphertext and the
One record identification is sent to the first recipient together.
In further embodiment of the present invention, sender is when encrypting data, first using first key to pending
It send data clear text to be encrypted to obtain the first data ciphertext, reuses second key pair the first data ciphertext and encrypted to obtain
Two data ciphertexts, and the second data ciphertext and the first record identification are sent to the first recipient.
Fig. 3 is the schematic flow chart of one embodiment of data forwarding method of the invention, application of the embodiment of the present invention
In server-side.
As shown in figure 3, the data forwarding method of the embodiment of the present invention includes:
S330, from sender receive including at least the first recipient mark, first recipient's public key, the first check number and
When the data distribution request of the first ciphertext of first key, the first record identification is returned to sender;
S331, it is identified and at least the by the first record identification and at least first key associated storage, and by the first recipient
One record identification, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
S332, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verifying is carried out to the first recipient with the first ciphertext of first key, such as the first recipient is by the first verifying, by first
The first recipient is sent to after first recipient's public key encryption of key.
It in embodiments of the present invention, is verifying number of the server-side generation for being verified to the first recipient by sender
According to ciphertext, specially with first recipient's public key to the first verification data for merging first key with the first check number into
Row encryption obtains the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client
First key is generated in server-side in the state of end.When first key generates in sender's client, sender is also with hair
The key pair first key encryption that the side of sending and server-side are negotiated generates the second ciphertext of first key and requests to send with data distribution
To server-side, when server-side carries out authentication to the first recipient using the first ciphertext of first key, arranging key can be used
The second ciphertext of first key is decrypted to obtain first key to examine the verify data of the first recipient return whether correct.When
When one key is generated in the state of login service end by sender, first key is saved by server-side, and with sender and take
Sender's client, the corresponding arranging key of sender's client are sent to after the key pair first key encryption that business end is negotiated
It is decrypted to obtain first key, and uses first key and right when to the data encryption for being sent to the first recipient
First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request
Know, the first ciphertext of first recipient's public key, the first check number and first key, accordingly creates first for data distribution request
First record identification and first key associated storage relevant to the decryption of data ciphertext are individual data point by record identification
Hair record, it is for one forwarding record of the independent creation of the first recipient mark, the first record identification, the first check number and first is close
The data relevant to the first recipient such as the first ciphertext of key and the first recipient mark are stored in this forwarding record, and by the
One record identification returns to sender's client.
First recipient can rely on the first record identification after receiving the first record identification and data ciphertext from recipient
It identifies with the first recipient to server-side and requests first key, server-side is when receiving request, by the first ciphertext of first key
It is sent to the first recipient, and whether includes first key and the first check number in the verify data for examining the first recipient to return
To be verified to the first recipient.When the first recipient passes through verifying, server-side is public with the first recipient by first key
It is sent to the first recipient after key encryption, the first recipient can be close using first during decrypting to data ciphertext as a result,
Key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data
Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and merging rule is also to test first simultaneously
Card data therefrom split out the fractionation rule of key and check number when testing.Server-side from the first recipient receive through
It, can be based on the merging rule from first verification data when to the first verification data obtained after the decryption of the first ciphertext of first key
The second check number and third key data are split out, the second check number and third key data are verified with the first of storage respectively
Several and first key is compared to the identity of the first recipient of verifying.Scheduled merging rule can be first key extremely
The first check number is inserted into a few pre-position, or the first check number is split as multiple portions and is respectively correspondingly inserted into
Multiple pre-positions in first key.
Fig. 4 is the schematic flow chart of another embodiment of data forwarding method of the invention.
As shown in figure 4, the data forwarding method of the embodiment of the present invention includes:
S340, from sender receive including at least the first recipient mark, first recipient's public key, the first check number,
When the data distribution of the first ciphertext of first key and second the first ciphertext of key is requested, the first record identification is returned to sender;
S341, the first record identification and at least first key and the second cipher key associated are stored, and the first recipient is marked
Know and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, first recipient's public key and first
Check number associated storage;
S342, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verifying is carried out to the first recipient with the first ciphertext of first key, with second the first ciphertext of key to the first recipient
Carry out the second verifying;
S343, the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key
The data for corresponding to the second verifying when the first recipient is by the second verifying, are sent to the first recipient by one recipient.
In embodiments of the present invention, sender has used when encrypting to the data for being sent to the first recipient
One key and the second key, and the sender in data distribution request is server-side generation for carrying out to the first recipient
The verify data ciphertext of verifying includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close
Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number,
Second the first ciphertext of key is with first recipient's public key to the first verifying number for merging the second key with the first check number
According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender
Client, which logs on to, is generated and returned to client in server-side in the state of server-side, and server-side holds the second key.
The first verification used when second the first ciphertext of key of the first check number and generation used when generating the first ciphertext of first key
Number can be same or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first
Debit, which identifies to server-side, requests first key and the second key, server-side when receiving request, first key first is close
Text and second the first ciphertext of key are sent to the first recipient, and in two verify datas for examining the first recipient to return whether
First key and the first check number, the second key and the first check number are separately included to verify to the first recipient.?
When one recipient passes through two verifyings, server-side will be sent to after first recipient's public key encryption of first key and the second key
First recipient, the first recipient can use first key and the second key during decrypting to data ciphertext as a result,.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception
Fang Jinhang authentication further improves the safety of data ciphertext and key.
Sender and server-side can negotiate the second key and the first check number merging into the second verify data in advance
Merging rule can be based on scheduled when second the first ciphertext of key is sent to the first recipient the second verifying of progress by server-side
Merge rule from the first recipient return the second verify data in split out check number and key data and with storage first
Check number and the second key are compared.Scheduled merging rule can be inserts at least one pre-position of the second key
Enter the first check number, or the first check number is split as multiple portions and is respectively correspondingly inserted into the multiple predetermined of the second key
At position.
Fig. 5 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
As shown in figure 5, the data forwarding method of the embodiment of the present invention includes:
S350, from sender receive including at least the first recipient mark, first recipient's public key, the first check number,
When the data distribution request of the first ciphertext of first key, second the first ciphertext of key and first the first ciphertext of subdata, to transmission
Side returns to the first record identification;
S351, the first record identification is associated with and is deposited at least first key, the second key and first the first ciphertext of subdata
Storage, and by the first recipient mark and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, the
One recipient's public key and the first check number associated storage;
S352, the data receiver request including the first recipient mark and the first record identification is received from the first recipient
When, the first verifying is carried out to the first recipient with the first ciphertext of first key, with second the first ciphertext of key to the first recipient
Carry out the second verifying;
S353, the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key
One recipient when the first recipient is by the second verifying, decrypts first the first ciphertext of subdata using the second key and obtains first
Subdata, and obtain being sent to first after first the second ciphertext of subdata using first the first subdata of recipient's public key encryption and connect
Debit.
In embodiments of the present invention, sender has first used first key to pending when encrypting to data clear text
The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext
One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and
The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side
The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification receiving from the first recipient
Similar with embodiment illustrated in fig. 4 to the verification process of the first recipient when asking, difference is when the first recipient is by second
When verifying, server-side decrypts first the first ciphertext of subdata using the second key and obtains the first subdata, and receives using first
Square the first subdata of public key encryption is sent to the first recipient after obtaining first the second ciphertext of subdata.
It through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side
First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when decrypting to the data ciphertext obtained from sender
Shi Chiyou first key and the second key could be completed to decrypt, and the first recipient tests by the first verifying of server-side and second
When card, first key and the second key are sent to the first recipient with first recipient's public key encryption by server-side.The present invention
Embodiment can be improved data ciphertext by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption
Safety.
Fig. 6 is the schematic flow chart of one embodiment of data forwarding method of the invention, application of the embodiment of the present invention
In recipient's client.
As shown in fig. 6, the data forwarding method of the embodiment of the present invention includes:
S360, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing
The data receiver of debit's mark and the first record identification is requested;
S361, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, and the first obtained decrypted result is sent to
Server-side;
S362, such as first are verified, and obtain first key from server-side, and in the process that data ciphertext is decrypted
It is middle to use first key.
In embodiments of the present invention, the first recipient is after receiving the first record identification and data ciphertext from recipient,
Can be identified by the first record identification and the first recipient to server-side and request first key, server-side when receiving request,
Whether include the in the verify data for being sent to the first recipient, and the first recipient is examined to return the first ciphertext of first key
One key and the first check number verify the first recipient.When the first recipient passes through verifying, server-side is by first
It is sent to the first recipient after first recipient's public key encryption of key, the first recipient can decrypt to data ciphertext as a result,
During use first key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext
Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service
Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key
Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first
Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data
It sets and merges rule, by the way that the first check number and first key are merged into first verification data based on predetermined merging rule, and
First verification data is encrypted with first recipient's public key to obtain the first ciphertext of first key.It is predetermined merge rule by sender with
Server-side negotiates to determine in advance, and the merging rule is not known to any recipient including the first recipient.It is predetermined
Merging rule may include: to be inserted into the first check number at least one pre-position of first key;Or by the first check number
It is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in first key.
Fig. 7 is the schematic flow chart of another embodiment of data forwarding method of the invention.
As shown in fig. 7, the data forwarding method of the embodiment of the present invention includes:
S370, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing
The data receiver of debit's mark and the first record identification is requested;
S371, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes
It is engaged in end, such as first being verified, obtaining first key from server-side, and uses the during data ciphertext is decrypted
One key;
S372, from server-side receive for the first recipient carry out second verifying second the first ciphertext of key when,
Second the first ciphertext of key is decrypted using first recipient's private key, the second obtained decrypted result is sent to clothes
It is engaged in end, such as second being verified, obtains data corresponding to the second verifying from server-side data ciphertext to be decrypted
It uses in the process.
In embodiments of the present invention, the first recipient is after receiving the first record identification and data ciphertext, can be by the
One record identification and the first recipient identify to server-side and request first key and the second key, and server-side is receiving request
When, the first ciphertext of first key and second the first ciphertext of key are sent to the first recipient, and the first recipient is examined to return
Two verify datas in whether separately include first key and the first check number, the second key and the first check number come to first
Recipient verifies.When the first recipient passes through two verifyings, server-side connects first key and the second key with first
The first recipient is sent to after debit's public key encryption, the first recipient can use during decrypting to data ciphertext as a result,
First key and the second key.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the
Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception
Fang Jinhang authentication further improves the safety of data ciphertext and key.
It in embodiments of the present invention, can also be pre- when the second key and the first check number are merged into the second verify data
It first sets and merges rule, by the way that the first check number and the second key are merged into the second verify data based on predetermined merging rule,
And the second verify data is encrypted with first recipient's public key to obtain second the first ciphertext of key.The predetermined rule that merges is by sender
Negotiate to determine in advance with server-side, and the merging rule is not known to any recipient including the first recipient.In advance
The fixed rule that merges may include: to be inserted into the first check number at least one pre-position of the second key;Or first is verified
Number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in the second key.
Fig. 8 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
As shown in figure 8, the data forwarding method of the embodiment of the present invention includes:
S380, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing
The data receiver of debit's mark and the first record identification is requested;
S381, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when,
The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes
It is engaged in end, such as first being verified, obtaining first key from server-side, and uses the during data ciphertext is decrypted
One key;
S382, from server-side receive for the first recipient carry out second verifying second the first ciphertext of key when,
Second the first ciphertext of key is decrypted using first recipient's private key, the second obtained decrypted result is sent to clothes
It is engaged in end, such as second being verified, obtaining first the second ciphertext of subdata in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
In embodiments of the present invention, sender has first used first key to pending when encrypting to data clear text
The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext
One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and
The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side
The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification receiving from the first recipient
When asking, the first verifying and the second verifying are carried out to the first recipient, when the first recipient is by the second verifying, server-side is used
Second key decrypts first the first ciphertext of subdata and obtains the first subdata, and the first subdata is returned to the first reception in plain text
Side, or the first reception is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Side.
After first recipient obtains the first subdata from server-side, with the reservations in the first subdata replacement data ciphertext
Get another data ciphertext, then another data ciphertext is decrypted to obtain data clear text with first key.
It through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side
First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when decrypting to the data ciphertext obtained from sender
Shi Chiyou first key and the second key could be completed to decrypt, at this moment, the first recipient by server-side first verifying and
When the second verifying, first key and the second key are sent to the first recipient with first recipient's public key encryption by server-side.
The embodiment of the present invention can be improved number by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption
According to the safety of ciphertext.
In any of the above-described embodiment of the invention, server-side is receiving sender with the letter of data distribution request transmission
These information and data can be identified as index with the first recipient therein and stored by breath and when data, and with distributed
The first record identification associated storage.When sender wishes the dependency number that revocation requests server-side to forward for the first recipient
According to when, sender can pass through that send to server-side include data distribution revocation that the first record identification and the first recipient identify
It requests to request server-side that the first recipient is identified to and identified with the first recipient the information deletion of associated storage.Server-side
Divide receiving the data identified including the first record identification and the first recipient that sender sends for the first recipient
It can will include that the first recipient identifies and identifies the individual of the information of associated storage with the first recipient when hair revocation request
Forward record deletion.After the information that server-side deletes the first recipient mark and associated storage, the first receiving direction server-side
When sending the data receiver request including the first recipient mark, server-side will can not find the first recipient and identify relevant forwarding
Record realizes transmission so that the decryption data such as first key will not be returned to the first recipient in response to receiving request
Timely revocation of the side to data have been distributed.Meanwhile server-side will include that the first recipient identifies and identifies with the first recipient
The individual forwarding record deletion of the information of associated storage does not influence to include the first record identification and the second sub-key ciphertext etc.
Individual data distribution record can send to server-side and wrap such as the data distribution that sender needs to restore to be directed to the first recipient
The data redistribution for including the information such as the first recipient mark, first the first ciphertext of sub-key, first recipient's public key and data is asked
It asks, these information and data can be stored as individually forwarding record by server-side again, so that the first recipient can be from service
End, which obtains, decrypts required data.
The embodiment of the invention also provides a kind of data distribution/retransmission units, can be by the end including processor and memory
End equipment realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute above-mentioned
Data distribution/retransmission method applied to sender's client in one embodiment.
The embodiment of the invention also provides a kind of data forwarding devices, can be by including processor and memory and being used as service
The terminal device of device realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute
The data forwarding method applied to server-side in any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding devices, can be by the terminal device including processor and memory
It realizes, processor is configurable to the scheduled computer instruction stored in run memory to execute any of the above-described implementation
The data forwarding method applied to recipient's client in example.
Due to all embodiments of exhaustion impossible in the application, it is also not possible to all combinations between exhaustive technical characteristic
Mode, therefore the present invention is not limited to these provided specific embodiments, those skilled in the art are in reality disclosed herein
On the basis of applying example, it is fully able to carry out a variety of modifications to these embodiments in the case where not departing from spirit of that invention and design
And modification, the embodiment of these variants and modifications should all fall into the application it is claimed within the scope of.
Claims (72)
1. a kind of data distributing method is applied to sender's client, which comprises
It is encrypted during to data encryption using at least one key, obtains data ciphertext;
By at least one described key first key and the first check number use first recipient's public key encryption jointly, obtain the
One the first ciphertext of key;
Data distribution request is sent to server-side, is connect in the data distribution request including at least the first recipient mark, first
The first ciphertext of debit's public key, the first check number and first key, wherein first ciphertext of first key is used to receive to first
Fang Jinhang verifying;
The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first reception
Side, wherein first record identification be server-side be storage from the data distribution request in the information extracted and data and
Accordingly create.
2. the method for claim 1, wherein using the first recipient public jointly the first key and the first check number
Key encryption, obtains the first ciphertext of first key, comprising:
The first check number and the first key are merged into first verification data based on predetermined merging rule, and with described first
Recipient's public key encrypts first verification data to obtain first ciphertext of first key.
3. method according to claim 2, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of the first key.
4. method according to claim 2, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of the first key
Set place.
5. further including the method for claim 1, wherein the second key at least one described key, the method is also
Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
6. method according to claim 2, wherein further include the second key at least one described key, the method is also
Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
7. method as claimed in claim 3, wherein further include the second key at least one described key, the method is also
Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
8. method as claimed in claim 4, wherein further include the second key at least one described key, the method is also
Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
9. method as claimed in claim 5, wherein use the first recipient public jointly second key and the first check number
Key encryption, obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first
Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
10. method as claimed in claim 6, wherein second key and the first check number are used the first recipient jointly
Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first
Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
11. the method for claim 7, wherein second key and the first check number are used the first recipient jointly
Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first
Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
12. method according to claim 8, wherein second key and the first check number are used the first recipient jointly
Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first
Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
13. method as claimed in claim 9, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
14. method as claimed in claim 10, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
15. method as claimed in claim 11, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
16. method as claimed in claim 12, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
17. method as claimed in claim 9, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key
Set place.
18. method as claimed in claim 10, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key
Set place.
19. method as claimed in claim 11, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key
Set place.
20. method as claimed in claim 12, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key
Set place.
21. the method as described in any one of claim 5-20, wherein
Second key is used for the extracted from the first data ciphertext by being generated with first key to data encryption
One subdata carries out encryption and generates first the first ciphertext of subdata,
It further include first the first ciphertext of subdata in the data distribution request,
The data ciphertext for being sent to the first recipient is by replacing first the first subnumber of data ciphertext Central Plains with the second subdata
The the second data ciphertext generated according to position.
22. the method as described in any one of claim 5-20, wherein
The first key and the second key to the first part of data and second part for being encrypted to obtain first respectively
Data ciphertext and the second data ciphertext,
The data ciphertext for being sent to the first recipient includes the first data ciphertext and the second data ciphertext.
23. the method as described in any one of claim 5-20, wherein
Second key is used for by carrying out encryption generation to the first data ciphertext that data encryption generates with first key
Second data ciphertext,
The data ciphertext for being sent to the first recipient is the second data ciphertext.
24. the method as described in any one of claim 1-20, further includes:
Sending to server-side includes the first record identification and the data distribution revocation request that the first recipient identifies, so as to server-side
First recipient is identified to and is identified with the first recipient the information deletion of associated storage.
25. a kind of data delivery device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data distributing method as described in any one of claim 1-24.
26. a kind of data forwarding method is applied to server-side, which comprises
It receives from sender including at least the first recipient mark, first recipient's public key, the first check number and first key
When the data distribution request of the first ciphertext, information is extracted from data distribution request and data carry out storage and are storage
The first record identification of information and data creation returns to the first record identification to sender, wherein the first ciphertext of first key passes through
The first key at least one key used during encrypting to data uses first with the first check number jointly
Recipient's public key encryption obtains;
It is marked by the first record identification and at least first key associated storage, and by the first recipient mark and at least first record
Knowledge, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
It is close with first when receiving the data receiver request including the first recipient mark and the first record identification from the first recipient
The first ciphertext of key carries out the first verifying to the first recipient, and such as the first recipient is by the first verifying, by first key with first
The first recipient is sent to after recipient's public key encryption.
27. method as claimed in claim 26, carrying out the first verifying to the first recipient with the first ciphertext of first key includes:
The first ciphertext of first key is sent to the first recipient, based on predetermined first for merging rule and returning from the first recipient
The second check number and third key data are split out in verify data, by the second check number and third key data respectively with storage
The first check number and the first key be compared.
28. method as claimed in claim 27, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of the first key.
29. method as claimed in claim 27, wherein the predetermined merging rule includes:
First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-determined bits in the first key
Set place.
30. method as claimed in claim 26, the data distribution request further includes second the first ciphertext of key, the second key
First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method
It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key
Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second
The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second
The data of verifying are sent to the first recipient.
31. method as claimed in claim 27, the data distribution request further includes second the first ciphertext of key, the second key
First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method
It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key
Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second
The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second
The data of verifying are sent to the first recipient.
32. method as claimed in claim 28, the data distribution request further includes second the first ciphertext of key, the second key
First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method
It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key
Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second
The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second
The data of verifying are sent to the first recipient.
33. method as claimed in claim 29, the data distribution request further includes second the first ciphertext of key, the second key
First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method
It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key
Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second
The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second
The data of verifying are sent to the first recipient.
34. method as claimed in claim 30, wherein carry out the second verifying to the first recipient with second the first ciphertext of key
Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient
The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage
The first check number and second key be compared.
35. method as claimed in claim 31, wherein carry out the second verifying to the first recipient with second the first ciphertext of key
Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient
The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage
The first check number and second key be compared.
36. method as claimed in claim 32, wherein carry out the second verifying to the first recipient with second the first ciphertext of key
Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient
The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage
The first check number and second key be compared.
37. method as claimed in claim 33, wherein carry out the second verifying to the first recipient with second the first ciphertext of key
Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient
The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage
The first check number and second key be compared.
38. method as claimed in claim 34, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
39. method as claimed in claim 35, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
40. method as claimed in claim 36, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
41. method as claimed in claim 37, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
42. method as claimed in claim 34, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key
Set place.
43. method as claimed in claim 35, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key
Set place.
44. method as claimed in claim 36, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key
Set place.
45. method as claimed in claim 37, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key
Set place.
46. the method as described in any one of claim 30-45, wherein further include the first son in the data distribution request
The first ciphertext of data, first ciphertext of the first subdata by with the second key pair from by with first key to data encryption
The first subdata extracted in the first data ciphertext generated carries out encryption generation,
The method also includes:
By first record identification also with first subdata the first ciphertext associated storage;
When the first recipient is by the second verifying, first the first ciphertext of subdata is decrypted using the second key and obtains the first subnumber
According to, and the first reception is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption
Side.
47. the method as described in any one of claim 30-45, further includes:
When the first recipient is by the second verifying, the first reception will be sent to after first recipient's public key encryption of the second key
Side.
48. the method as described in any one of claim 26-45, further includes:
When receiving the data distribution revocation request including the first record identification and the first recipient mark, the first recipient is marked
Know and identify with the first recipient the information deletion of associated storage.
49. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data forwarding method as described in any one of claim 26-48.
50. a kind of data forwarding method is applied to recipient's client, which comprises
Receive data ciphertext from data sender and when the first record identification, sent to server-side include the first recipient mark and
The data receiver of first record identification is requested, and first record identification is that server-side is received right from data sender to store
Data ciphertext is decrypted required data and information and is distributed;
When receiving the first ciphertext of first key for carrying out the first verifying to the first recipient from server-side, connect using first
The first ciphertext of first key is decrypted in debit's private key, and the first obtained decrypted result is sent to server-side, such as
First is verified, and obtains first key from server-side, and first key is used during data ciphertext is decrypted,
Wherein, the first ciphertext of first key by using first recipient's public key encryption raw first key and the first check number jointly
At.
51. method as claimed in claim 50, wherein the first ciphertext of first key merges rule specifically by based on predetermined
First check number and the first key are merged into first verification data, and verified with the first recipient public key to first
Data encryption obtains.
52. method as claimed in claim 51, wherein the predetermined merging rule include: the first key at least
First check number is inserted into one pre-position.
53. method as claimed in claim 51, wherein the predetermined merging rule includes: to split first check number
For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in the first key.
54. method as claimed in claim 50, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first
Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
55. method as claimed in claim 51, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first
Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
56. method as claimed in claim 52, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first
Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
57. method as claimed in claim 53, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first
Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side
It is used in journey.
58. method as claimed in claim 54, wherein second the first ciphertext of key merges rule specifically by based on predetermined
First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data
Encryption obtains.
59. method as claimed in claim 55, wherein second the first ciphertext of key merges rule specifically by based on predetermined
First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data
Encryption obtains.
60. method as claimed in claim 56, wherein second the first ciphertext of key merges rule specifically by based on predetermined
First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data
Encryption obtains.
61. method as claimed in claim 57, wherein second the first ciphertext of key merges rule specifically by based on predetermined
First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data
Encryption obtains.
62. method as claimed in claim 58, wherein the predetermined merging rule include: second key at least
First check number is inserted into one pre-position.
63. method as claimed in claim 59, wherein the predetermined merging rule include: second key at least
First check number is inserted into one pre-position.
64. method as claimed in claim 60, wherein the predetermined merging rule include: second key at least
First check number is inserted into one pre-position.
65. method as claimed in claim 61, wherein the predetermined merging rule include: second key at least
First check number is inserted into one pre-position.
66. method as claimed in claim 62, wherein the predetermined merging rule includes: to split first check number
For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
67. the method as described in claim 63, wherein the predetermined merging rule includes: to split first check number
For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
68. the method as described in claim 64, wherein the predetermined merging rule includes: to split first check number
For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
69. the method as described in claim 65, wherein the predetermined merging rule includes: to split first check number
For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
70. the method as described in any one of claim 54-69, further includes:
If second is verified, first the second ciphertext of subdata is obtained from server-side,
First subdata, second ciphertext is generated by server-side using first the first subdata of recipient's public key encryption, and described the
One subdata is decrypted first the first ciphertext of subdata using the second key by server-side and is obtained,
First subdata, first ciphertext by data sender by with the second key pair from through first key to data encryption
The first subdata extracted in the first obtained data ciphertext encrypts to obtain,
From the received data ciphertext of data sender by replacing first the first subdata of data ciphertext Central Plains with the second subdata
Position and generate.
71. the method as described in any one of claim 54-69, further includes:
If second is verified, the second key is obtained from server-side, and carry out to from the received data ciphertext of data sender
The second key is used during decryption.
72. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction
To execute the data forwarding method as described in any one of claim 50-71.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810095513.3A CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810095513.3A CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108366054A CN108366054A (en) | 2018-08-03 |
CN108366054B true CN108366054B (en) | 2019-06-11 |
Family
ID=63007563
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810095513.3A Active CN108366054B (en) | 2018-01-31 | 2018-01-31 | A kind of data distribution, retransmission method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108366054B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101854241A (en) * | 2009-03-30 | 2010-10-06 | 上海聚力传媒技术有限公司 | Method and device for verifying data block transmitted in network |
CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
CN105635141A (en) * | 2015-12-29 | 2016-06-01 | 沈文策 | Information transmission method and device |
CN106788991A (en) * | 2016-12-05 | 2017-05-31 | 北京中交兴路信息科技有限公司 | A kind of method and device of data transfer |
CN107086976A (en) * | 2016-02-14 | 2017-08-22 | 广州市动景计算机科技有限公司 | The method of data check, device and system |
-
2018
- 2018-01-31 CN CN201810095513.3A patent/CN108366054B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101854241A (en) * | 2009-03-30 | 2010-10-06 | 上海聚力传媒技术有限公司 | Method and device for verifying data block transmitted in network |
CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
CN105245337A (en) * | 2015-10-30 | 2016-01-13 | 南京未来网络产业创新有限公司 | Improved file encryption and decryption method |
CN105635141A (en) * | 2015-12-29 | 2016-06-01 | 沈文策 | Information transmission method and device |
CN107086976A (en) * | 2016-02-14 | 2017-08-22 | 广州市动景计算机科技有限公司 | The method of data check, device and system |
CN106788991A (en) * | 2016-12-05 | 2017-05-31 | 北京中交兴路信息科技有限公司 | A kind of method and device of data transfer |
Also Published As
Publication number | Publication date |
---|---|
CN108366054A (en) | 2018-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6915434B1 (en) | Electronic data storage apparatus with key management function and electronic data storage method | |
CN109962784B (en) | Data encryption, decryption and recovery method based on multiple digital envelope certificates | |
KR100753932B1 (en) | contents encryption method, system and method for providing contents through network using the encryption method | |
CN107948736A (en) | A kind of audio and video preservation of evidence method and system | |
CN102484638B (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
CN109981255B (en) | Method and system for updating key pool | |
CN108243197B (en) | A kind of data distribution, retransmission method and device | |
US8396218B2 (en) | Cryptographic module distribution system, apparatus, and program | |
US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
CN103516516B (en) | file security sharing method, system | |
CN105745861A (en) | Information delivery system | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
JP2000124887A (en) | Enciphering/decoding method for group unit, and method and device for signature | |
CN108768653A (en) | Identity authorization system based on quantum key card | |
CN105049877A (en) | Encryption method and device for live and recorded broadcast interaction system | |
CN108200085B (en) | A kind of data distribution, retransmission method and device | |
CN106899610A (en) | A kind of checking code verification method without storage | |
CN106911663A (en) | One kind sells bank's full message encryption system and method for mixed mode directly to households | |
CN108199838A (en) | A kind of data guard method and device | |
CN105119719B (en) | A kind of key management method of safe storage system | |
CN108366054B (en) | A kind of data distribution, retransmission method and device | |
CN108243198B (en) | A kind of data distribution, retransmission method and device | |
JP2001344214A (en) | Method for certifying terminal and cipher communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |