CN108366054B - A kind of data distribution, retransmission method and device - Google Patents

A kind of data distribution, retransmission method and device Download PDF

Info

Publication number
CN108366054B
CN108366054B CN201810095513.3A CN201810095513A CN108366054B CN 108366054 B CN108366054 B CN 108366054B CN 201810095513 A CN201810095513 A CN 201810095513A CN 108366054 B CN108366054 B CN 108366054B
Authority
CN
China
Prior art keywords
key
data
ciphertext
recipient
check number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810095513.3A
Other languages
Chinese (zh)
Other versions
CN108366054A (en
Inventor
孙吉平
张树勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN201810095513.3A priority Critical patent/CN108366054B/en
Publication of CN108366054A publication Critical patent/CN108366054A/en
Application granted granted Critical
Publication of CN108366054B publication Critical patent/CN108366054B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data distributing methods, comprising: is encrypted during to data encryption using at least one key, obtains data ciphertext;First key at least one key is used into first recipient's public key encryption with the first check number jointly, obtains the first ciphertext of first key;Data distribution request is sent to server-side, includes at least the first recipient mark, the first ciphertext of first recipient's public key, the first check number and first key in the data distribution request, wherein the first ciphertext of first key is for verifying the first recipient;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.The invention also discloses corresponding data forwarding method and data distribution/retransmission units.Data distribution through the invention/forwarding scheme can effectively improve safety of the data in transmission process while improving user's convenience operationally when forwarding data.

Description

A kind of data distribution, retransmission method and device
Technical field
The present invention relates to information security field, in particular to a kind of data distribution, retransmission method and device.
Background technique
In internet, high development is current, and more and more data contents need to send by network.If by data Transmission is easy to be intercepted and captured by hacker content in a network in plain text, can when data are sent or are forwarded in order to improve the safety of data To use Digital Envelope Technology.
Digital Envelope Technology uses two layers of encryption system, and digital envelope includes encrypted content and is used for content-encrypt Content key (CEK) ciphertext.Sender is generally close to be encrypted to obtain content to content key using recipient's public key Key ciphertext, but the symmetric key that sender and recipient negotiate in advance can be used also to encrypt to content key.When connecing It when debit receives digital envelope, needs first to decrypt to obtain content key with the ciphertext of key pair content key, then with content key pair Content ciphertext decrypts to obtain content original text.Digital Envelope Technology combines that asymmetric key algorithm is highly-safe and symmetric key is calculated The fireballing advantage of method, it can be ensured that confidentiality of the data in transmission process can simultaneously prevent data to be tampered.
Currently, the data forwarding technology based on digital envelope improve Information Security and forwarding convenience in terms of there is also Room for improvement.
Summary of the invention
In view of this, the embodiment of the present invention proposes a kind of safety and convenience based on improved Digital Envelope Technology Higher data distribution, forwarding scheme.
For this purpose, being applied to sender's client, the method packet the embodiment of the invention provides a kind of data distributing method It includes: being encrypted during to data encryption using at least one key, obtain data ciphertext;At least one is close by described in First key and the first check number in key use first recipient's public key encryption jointly, obtain the first ciphertext of first key;To clothes End of being engaged in sends data distribution request, included at least in data distribution request the first recipient mark, first recipient's public key, The first ciphertext of first check number and first key, wherein first ciphertext of first key is for testing the first recipient Card;The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first recipient.
Preferably, the first key and the first check number are used first recipient's public key encryption jointly, first is obtained The first ciphertext of key, comprising: the first check number and the first key are merged by the first verifying number based on predetermined merging rule According to, and first verification data is encrypted with the first recipient public key to obtain first ciphertext of first key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key First check number.
Preferably, the predetermined merging rule includes: that the first verification data are split as multiple portions and difference It is inserted correspondingly into multiple pre-positions of the first key.
Preferably, further include the second key at least one described key, the method also includes: it is close by described second Key and the first check number use first recipient's public key encryption jointly, obtain second the first ciphertext of key, wherein the data distribution It further include first ciphertext of the second key in request.
Preferably, second key and the first check number are used first recipient's public key encryption jointly, second is obtained The first ciphertext of key, comprising: the first check number and second key are merged by the second verifying number based on predetermined merging rule According to, and the second verify data is encrypted with the first recipient public key to obtain first ciphertext of the second key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key First check number.
Preferably, the predetermined merging rule includes: that the first verification data are split as multiple portions and difference It is inserted correspondingly into multiple pre-positions of second key.
Preferably, second key is used for close from the first data by being generated with first key to data encryption The first subdata extracted in text carries out encryption and generates first the first ciphertext of subdata, further includes the in data distribution request One the first ciphertext of subdata, the data ciphertext for being sent to the first recipient is by replacing the first data ciphertext with the second subdata The second data ciphertext that Central Plains the first subdata position generates.
Preferably, the first key and the second key are for respectively carrying out the first part of data and second part Encryption obtains the first data ciphertext and the second data ciphertext, and the data ciphertext for being sent to the first recipient includes the first data ciphertext With the second data ciphertext.
Preferably, second key is used for the first data ciphertext by being generated with first key to data encryption It carries out encryption and generates the second data ciphertext, the data ciphertext for being sent to the first recipient is the second data ciphertext.
Preferably, the method also includes: sending to server-side includes that the first record identification and the first recipient identify Data distribution cancel request, so as to server-side by the first recipient identify and with the first recipient mark associated storage letter Breath is deleted.
The embodiment of the invention also provides a kind of data delivery device, including processor, the processor operation is scheduled Computer instruction is to execute the data distributing method applied to sender's client of any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding methods, are applied to server-side, which comprises from transmission Side is received including at least the first recipient mark, first recipient's public key, the first check number and first key the first ciphertext When data distribution is requested, the first record identification is returned to sender, wherein the first ciphertext of first key will be by that will carry out data The first key at least one key used during encryption uses first recipient's public key to add jointly with the first check number It is close to obtain;It is recorded by the first record identification and at least first key associated storage, and by the first recipient mark at least first Mark, the first ciphertext of first key, first recipient's public key and the first check number associated storage;From the first recipient receive including First recipient mark and the first record identification data receiver request when, with the first ciphertext of first key to the first recipient into Row first is verified, and such as the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key One recipient.
Preferably, carrying out the first verifying to the first recipient with the first ciphertext of first key includes: by first key the One ciphertext is sent to the first recipient, is split out from the first verification data that the first recipient returns based on predetermined merging rule Second check number and third key data, by the second check number and third key data respectively with the first check number of storage and institute First key is stated to be compared.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively It is inserted into multiple pre-positions in the first key with answering.
Preferably, the data distribution request further includes second the first ciphertext of key, second the first ciphertext of key passes through Second key is obtained with first recipient's public key encryption jointly with the first check number, the method also includes: first is received Also with second key the first ciphertext associated storage, the first record identification is also stored with the second cipher key associated for side's mark;From first It is also close with the second key first when recipient receives the data receiver request including the first recipient mark and the first record identification Text carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to the data of the second verifying It is sent to the first recipient.
Preferably, carrying out the second verifying to the first recipient with second the first ciphertext of key includes: by the second key the One ciphertext is sent to the first recipient, is split out from the second verify data that the first recipient returns based on predetermined merging rule Second check number and the 4th key data, by the second check number and the 4th key data respectively with the first check number of storage and institute The second key is stated to be compared.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively It is inserted into multiple pre-positions in second key with answering.
Preferably, further include first the first ciphertext of subdata in data distribution request, first subdata the One ciphertext by extracted from the first data ciphertext by being generated with first key to data encryption with the second key pair One subdata carries out encryption generation, the method also includes: by first record identification also with first the first ciphertext of subdata Associated storage;When the first recipient is by the second verifying, first the first ciphertext of subdata is decrypted using the second key and obtains the One subdata, and first is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption Recipient.
Preferably, the method also includes: when the first recipient is by the second verifying, the second key is connect with first The first recipient is sent to after debit's public key encryption.
Preferably, the method also includes: receive the data including the first record identification and the first recipient mark When distribution revocation request, the first recipient is identified to and is identified with the first recipient the information deletion of associated storage.
The embodiment of the invention also provides a kind of data forwarding device, including processor, the processor operation is scheduled Computer instruction is to execute the data forwarding method applied to server-side of any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding methods, are applied to recipient's client, which comprises When receiving data ciphertext and the first record identification from data sender, sending to server-side includes the first recipient mark and first The data receiver of record identification is requested;The first key for carrying out the first verifying to the first recipient is received from server-side When one ciphertext, the first ciphertext of first key is decrypted using first recipient's private key, and obtain first is decrypted As a result it is sent to server-side, such as first is verified, obtains first key from server-side, and data ciphertext is being decrypted First key is used in the process, wherein the first ciphertext of first key by using first for first key and the first check number jointly Recipient's public key encryption generates.
Preferably, the first ciphertext of first key specifically by based on it is predetermined merge rule by the first check number with it is described First key merges into first verification data, and encrypts to obtain to first verification data with the first recipient public key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of the first key First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively It is inserted into multiple pre-positions in the first key with answering.
Preferably, the method also includes: it receives from server-side for carrying out the second verifying to the first recipient When second the first ciphertext of key, second the first ciphertext of key is decrypted using first recipient's private key, and will obtain The second decrypted result be sent to server-side;Be verified such as second, from server-side obtain the data corresponding to the second verifying with It is used during data ciphertext is decrypted.
Preferably, second the first ciphertext of key is specifically by regular by the first check number and second based on predetermined merging Key merges into the second verify data, and encrypts to obtain to the second verify data with the first recipient public key.
Preferably, the predetermined rule that merges includes: to be inserted at least one pre-position of second key First check number.
Preferably, the predetermined merging rule includes: that first check number is split as multiple portions and right respectively It is inserted into multiple pre-positions in second key with answering.
Preferably, the method also includes: if second is verified, it is close to obtain the first subdata second from server-side Text, second ciphertext of the first subdata are generated by server-side using first the first subdata of recipient's public key encryption, and described the One subdata is decrypted first the first ciphertext of subdata using the second key by server-side and is obtained, first ciphertext of the first subdata By data sender by being extracted from the first data ciphertext obtained through first key to data encryption with the second key pair First subdata encrypts to obtain, from the received data ciphertext of data sender by replacing the first data ciphertext with the second subdata The position of the first subdata of Central Plains and generate.
Preferably, the method also includes: be verified such as second, obtain the second key from server-side, and to from The received data ciphertext of data sender uses the second key during being decrypted.
The embodiment of the invention also provides a kind of data forwarding device, including processor, the processor operation is scheduled Computer instruction is to execute the data forwarding method applied to recipient's client of any of the above-described embodiment.
Data distribution through the embodiment of the present invention/forwarding scheme can operated improving user when forwarding data On convenience while, effectively improve safety of the data in transmission process.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of data distributing method of the invention;
Fig. 2 is the schematic flow chart of another embodiment of data distributing method of the invention;
Fig. 3 is the schematic flow chart of one embodiment of data forwarding method of the invention;
Fig. 4 is the schematic flow chart of another embodiment of data forwarding method of the invention;
Fig. 5 is the schematic flow chart of the further embodiment of data forwarding method of the invention;
Fig. 6 is the schematic flow chart of one embodiment of data forwarding method of the invention;
Fig. 7 is the schematic flow chart of another embodiment of data forwarding method of the invention;
Fig. 8 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
Specific embodiment
The each embodiment of the present invention is described in detail with reference to the accompanying drawings.
Fig. 1 is the schematic flow chart of one embodiment of data distributing method of the invention, the number of the embodiment of the present invention It is applied to sender's client according to distribution method.
As shown in Figure 1, the data distributing method of the embodiment of the present invention includes:
S310, it is encrypted during to data encryption using at least one key, obtains data ciphertext;
S311, the first key at least one key is used into first recipient's public key encryption with the first check number jointly, Obtain the first ciphertext of first key;
S312, data distribution request is sent to server-side, the first recipient mark, the are included at least in data distribution request The first ciphertext of one recipient's public key, the first check number and first key, the first ciphertext of first key be used for the first recipient into Row verifying;
S313, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to First recipient.
In embodiments of the present invention, sender has used including first key when encrypting to data to be sent At least one key, first key can be sender be the first recipient generate random number, be also possible to sender by Customized mode is any character string that the first recipient generates.
The embodiment of the present invention for example may is that the cipher mode of data direct to data encryption to be sent with first key Generate data ciphertext;First with after the data encryption to be sent of other key pairs again with first key encrypt generate data ciphertext;First use First key to after data encryption to be sent again with other keys encrypt generate data ciphertext;With first key and other key pairs The different piece of data to be sent encrypt etc..Here other keys for example can be the public key of the first recipient, or The symmetric key that person sender and the first recipient negotiate in advance.
It is similar with preceding sections embodiment, it is also generated for server-side for being connect to first by sender in the embodiment of the present invention The verify data ciphertext that debit is verified specially is merged to by first key with the first check number with first recipient's public key Obtained first verification data is encrypted to obtain the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client First key is generated in server-side in the state of end.When first key generates in sender's client, sender is also with hair The key pair first key encryption that the side of sending and server-side are negotiated generates the second ciphertext of first key and requests to send with data distribution To server-side, when server-side carries out authentication to the first recipient using the first ciphertext of first key, arranging key can be used The second ciphertext of first key is decrypted to obtain first key to examine the verify data of the first recipient return whether correct.When When one key is generated in the state of login service end by sender, first key is saved by server-side, and with sender and take Sender's client, the corresponding arranging key of sender's client are sent to after the key pair first key encryption that business end is negotiated It is decrypted to obtain first key, and uses first key and right when to the data encryption for being sent to the first recipient First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request It is stored after the information such as knowledge, the first ciphertext of first recipient's public key, the first check number and first key and data, and accordingly The first record identification is created, the first record identification is then returned into sender's client.Sender's client is from server-side After receiving the first record identification, corresponding data ciphertext and the first record identification are sent to the first recipient.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first Debit identifies to server-side and requests first key, and server-side is sent to the when receiving request, by the first ciphertext of first key One recipient, and whether come comprising first key and the first check number to first in the verify data for examining the first recipient to return Recipient verifies.When the first recipient passes through verifying, server-side will be after first recipient's public key encryption of first key It is sent to the first recipient, the first recipient can use first key during decrypting to data ciphertext as a result,.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and it includes first that the merging rule, which is not, Known to any recipient including recipient.In embodiments of the present invention, only sender and server-side understand merging rule, clothes Business end can be based on the conjunction when receiving the verify data obtained after to the decryption of the first ciphertext of first key from the first recipient And rule and determine whether the verify data is first verification data according to first key and the first check number, thus confirmation first The identity of recipient.Through the embodiment of the present invention, it when the verify data for returning to the first recipient is verified, needs to check Whether the various pieces in the verify data meet scheduled merging rule, further improve the safety of data.
In an embodiment of the invention, make a reservation for merge regular can be at least one pre-position of first key It is inserted into the first check number.For example, the first check number is inserted into the front, middle part and rear portion in first key respectively, in the embodiment Under, to improve Information Security, the first check number can have less digit, such as include one-bit digital or two digits.
In an alternative embodiment of the invention, predetermined merging rule, which can be, is split as multiple portions simultaneously for the first verification data Respectively correspondingly it is inserted into multiple pre-positions of first key.For example, the first check number of 20 bit lengths is sequentially split At respectively 2,5,3,4,65 character strings, and 5 positions are arbitrarily determined in first key, by this 5 Character string is inserted respectively.In this embodiment, it is difficult to crack out first key from first verification data, has very high Information Security.
Fig. 2 is the schematic flow chart of another embodiment of data distributing method of the invention.
As shown in Fig. 2, the data distributing method of the embodiment of the present invention includes:
S320, it is encrypted during to data encryption using at least one key, obtains data ciphertext, this is at least One key includes first key and the second key;
S321, that first key with the first check number is obtained first key first with first recipient's public key encryption jointly is close Second key and the first check number are used first recipient's public key encryption by text jointly, obtain second the first ciphertext of key;
S322, data distribution request is sent to server-side, the first recipient mark, the are included at least in data distribution request One recipient's public key, the first check number, the first ciphertext of first key and second the first ciphertext of key;
S323, the first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to First recipient.
In embodiments of the present invention, sender has used when encrypting to the data for being sent to the first recipient One key and the second key, and the sender in data distribution request is server-side generation for carrying out to the first recipient The verify data ciphertext of verifying includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number, Second the first ciphertext of key is with first recipient's public key to the first verifying number for merging the second key with the first check number According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender Client, which logs on to, is generated and returned to client in server-side in the state of server-side, and server-side holds the second key. The first verification used when second the first ciphertext of key of the first check number and generation used when generating the first ciphertext of first key Number can be same or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first Debit, which identifies to server-side, requests first key and the second key, server-side when receiving request, first key first is close Text and second the first ciphertext of key are sent to the first recipient and carry out the first verifying and the second verifying, and the first recipient is examined to return The first verification data returned and first key and the first check number, the second key and the whether are separately included in the second verify data One check number verifies the first recipient.The first recipient pass through two verifyings when, server-side by first key with It is sent to the first recipient after second key, first recipient's public key encryption, the first recipient can be to data ciphertext as a result, First key and the second key are used during decryption.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception Fang Jinhang authentication further improves the safety of data ciphertext and key.
Sender and server-side can negotiate the second key and the first check number merging into the second verify data in advance Merge rule.The scheduled rule that merges can be in the first check number of at least one pre-position of the second key insertion, or First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions of the second key by person.
When sender has used first key and second close when encrypting to the data for being sent to the first recipient When key, the mode of encryption can there are many.
In an embodiment of the invention, it first is encrypted to obtain to sent data clear text using first key Then first data ciphertext extracts the first subdata from the predetermined portions in the first data ciphertext, with the second subdata replacement the The position of one the first subdata of data ciphertext Central Plains generates the second data ciphertext, and encrypts the first subdata with the second key and obtain To first the first ciphertext of subdata.In embodiments of the present invention, sender also needs close to the first subdata first of server-side transmission Text, and the second data ciphertext and the first record identification are sent to the first recipient.
In another embodiment, sender is when encrypting data, first by clear data to be sent The first data and the second data are split as, the first data are encrypted using first key to obtain the first data ciphertext, are used Second the second data of key pair are encrypted to obtain the second data ciphertext, and by the first data ciphertext and the second data ciphertext and the One record identification is sent to the first recipient together.
In further embodiment of the present invention, sender is when encrypting data, first using first key to pending It send data clear text to be encrypted to obtain the first data ciphertext, reuses second key pair the first data ciphertext and encrypted to obtain Two data ciphertexts, and the second data ciphertext and the first record identification are sent to the first recipient.
Fig. 3 is the schematic flow chart of one embodiment of data forwarding method of the invention, application of the embodiment of the present invention In server-side.
As shown in figure 3, the data forwarding method of the embodiment of the present invention includes:
S330, from sender receive including at least the first recipient mark, first recipient's public key, the first check number and When the data distribution request of the first ciphertext of first key, the first record identification is returned to sender;
S331, it is identified and at least the by the first record identification and at least first key associated storage, and by the first recipient One record identification, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
S332, the data receiver request including the first recipient mark and the first record identification is received from the first recipient When, the first verifying is carried out to the first recipient with the first ciphertext of first key, such as the first recipient is by the first verifying, by first The first recipient is sent to after first recipient's public key encryption of key.
It in embodiments of the present invention, is verifying number of the server-side generation for being verified to the first recipient by sender According to ciphertext, specially with first recipient's public key to the first verification data for merging first key with the first check number into Row encryption obtains the first ciphertext of first key as verify data ciphertext.
Sender can generate first key in sender's client, can also be in the service of logging on to of sender's client First key is generated in server-side in the state of end.When first key generates in sender's client, sender is also with hair The key pair first key encryption that the side of sending and server-side are negotiated generates the second ciphertext of first key and requests to send with data distribution To server-side, when server-side carries out authentication to the first recipient using the first ciphertext of first key, arranging key can be used The second ciphertext of first key is decrypted to obtain first key to examine the verify data of the first recipient return whether correct.When When one key is generated in the state of login service end by sender, first key is saved by server-side, and with sender and take Sender's client, the corresponding arranging key of sender's client are sent to after the key pair first key encryption that business end is negotiated It is decrypted to obtain first key, and uses first key and right when to the data encryption for being sent to the first recipient First key and the encryption of the first check number generate the first ciphertext of first key.
Server-side extracts the first recipient mark when receiving data distribution request from sender from data distribution request Know, the first ciphertext of first recipient's public key, the first check number and first key, accordingly creates first for data distribution request First record identification and first key associated storage relevant to the decryption of data ciphertext are individual data point by record identification Hair record, it is for one forwarding record of the independent creation of the first recipient mark, the first record identification, the first check number and first is close The data relevant to the first recipient such as the first ciphertext of key and the first recipient mark are stored in this forwarding record, and by the One record identification returns to sender's client.
First recipient can rely on the first record identification after receiving the first record identification and data ciphertext from recipient It identifies with the first recipient to server-side and requests first key, server-side is when receiving request, by the first ciphertext of first key It is sent to the first recipient, and whether includes first key and the first check number in the verify data for examining the first recipient to return To be verified to the first recipient.When the first recipient passes through verifying, server-side is public with the first recipient by first key It is sent to the first recipient after key encryption, the first recipient can be close using first during decrypting to data ciphertext as a result, Key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data Setting merges rule, merges rule and negotiates to determine in advance with server-side by sender, and merging rule is also to test first simultaneously Card data therefrom split out the fractionation rule of key and check number when testing.Server-side from the first recipient receive through It, can be based on the merging rule from first verification data when to the first verification data obtained after the decryption of the first ciphertext of first key The second check number and third key data are split out, the second check number and third key data are verified with the first of storage respectively Several and first key is compared to the identity of the first recipient of verifying.Scheduled merging rule can be first key extremely The first check number is inserted into a few pre-position, or the first check number is split as multiple portions and is respectively correspondingly inserted into Multiple pre-positions in first key.
Fig. 4 is the schematic flow chart of another embodiment of data forwarding method of the invention.
As shown in figure 4, the data forwarding method of the embodiment of the present invention includes:
S340, from sender receive including at least the first recipient mark, first recipient's public key, the first check number, When the data distribution of the first ciphertext of first key and second the first ciphertext of key is requested, the first record identification is returned to sender;
S341, the first record identification and at least first key and the second cipher key associated are stored, and the first recipient is marked Know and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, first recipient's public key and first Check number associated storage;
S342, the data receiver request including the first recipient mark and the first record identification is received from the first recipient When, the first verifying is carried out to the first recipient with the first ciphertext of first key, with second the first ciphertext of key to the first recipient Carry out the second verifying;
S343, the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key The data for corresponding to the second verifying when the first recipient is by the second verifying, are sent to the first recipient by one recipient.
In embodiments of the present invention, sender has used when encrypting to the data for being sent to the first recipient One key and the second key, and the sender in data distribution request is server-side generation for carrying out to the first recipient The verify data ciphertext of verifying includes the first ciphertext of first key and second the first ciphertext of key, wherein first key first is close Text is encrypted to obtain with first recipient's public key to the first verification data for merging first key with the first check number, Second the first ciphertext of key is with first recipient's public key to the first verifying number for merging the second key with the first check number According to being encrypted to obtain.Similar with first key, the second key can generate in sender's client, can also be in sender Client, which logs on to, is generated and returned to client in server-side in the state of server-side, and server-side holds the second key. The first verification used when second the first ciphertext of key of the first check number and generation used when generating the first ciphertext of first key Number can be same or different.
First recipient can connect after receiving the first record identification and data ciphertext by the first record identification and first Debit, which identifies to server-side, requests first key and the second key, server-side when receiving request, first key first is close Text and second the first ciphertext of key are sent to the first recipient, and in two verify datas for examining the first recipient to return whether First key and the first check number, the second key and the first check number are separately included to verify to the first recipient.? When one recipient passes through two verifyings, server-side will be sent to after first recipient's public key encryption of first key and the second key First recipient, the first recipient can use first key and the second key during decrypting to data ciphertext as a result,.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception Fang Jinhang authentication further improves the safety of data ciphertext and key.
Sender and server-side can negotiate the second key and the first check number merging into the second verify data in advance Merging rule can be based on scheduled when second the first ciphertext of key is sent to the first recipient the second verifying of progress by server-side Merge rule from the first recipient return the second verify data in split out check number and key data and with storage first Check number and the second key are compared.Scheduled merging rule can be inserts at least one pre-position of the second key Enter the first check number, or the first check number is split as multiple portions and is respectively correspondingly inserted into the multiple predetermined of the second key At position.
Fig. 5 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
As shown in figure 5, the data forwarding method of the embodiment of the present invention includes:
S350, from sender receive including at least the first recipient mark, first recipient's public key, the first check number, When the data distribution request of the first ciphertext of first key, second the first ciphertext of key and first the first ciphertext of subdata, to transmission Side returns to the first record identification;
S351, the first record identification is associated with and is deposited at least first key, the second key and first the first ciphertext of subdata Storage, and by the first recipient mark and at least the first record identification, the first ciphertext of first key and second the first ciphertext of key, the One recipient's public key and the first check number associated storage;
S352, the data receiver request including the first recipient mark and the first record identification is received from the first recipient When, the first verifying is carried out to the first recipient with the first ciphertext of first key, with second the first ciphertext of key to the first recipient Carry out the second verifying;
S353, the first recipient will be sent to the by the first verifying after first recipient's public key encryption of first key One recipient when the first recipient is by the second verifying, decrypts first the first ciphertext of subdata using the second key and obtains first Subdata, and obtain being sent to first after first the second ciphertext of subdata using first the first subdata of recipient's public key encryption and connect Debit.
In embodiments of the present invention, sender has first used first key to pending when encrypting to data clear text The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification receiving from the first recipient Similar with embodiment illustrated in fig. 4 to the verification process of the first recipient when asking, difference is when the first recipient is by second When verifying, server-side decrypts first the first ciphertext of subdata using the second key and obtains the first subdata, and receives using first Square the first subdata of public key encryption is sent to the first recipient after obtaining first the second ciphertext of subdata.
It through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when decrypting to the data ciphertext obtained from sender Shi Chiyou first key and the second key could be completed to decrypt, and the first recipient tests by the first verifying of server-side and second When card, first key and the second key are sent to the first recipient with first recipient's public key encryption by server-side.The present invention Embodiment can be improved data ciphertext by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption Safety.
Fig. 6 is the schematic flow chart of one embodiment of data forwarding method of the invention, application of the embodiment of the present invention In recipient's client.
As shown in fig. 6, the data forwarding method of the embodiment of the present invention includes:
S360, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing The data receiver of debit's mark and the first record identification is requested;
S361, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when, The first ciphertext of first key is decrypted using first recipient's private key, and the first obtained decrypted result is sent to Server-side;
S362, such as first are verified, and obtain first key from server-side, and in the process that data ciphertext is decrypted It is middle to use first key.
In embodiments of the present invention, the first recipient is after receiving the first record identification and data ciphertext from recipient, Can be identified by the first record identification and the first recipient to server-side and request first key, server-side when receiving request, Whether include the in the verify data for being sent to the first recipient, and the first recipient is examined to return the first ciphertext of first key One key and the first check number verify the first recipient.When the first recipient passes through verifying, server-side is by first It is sent to the first recipient after first recipient's public key encryption of key, the first recipient can decrypt to data ciphertext as a result, During use first key.
Through the embodiment of the present invention, close based on first by sender as the first ciphertext of first key of verify data ciphertext Key and the first check number generate, and verify data ciphertext directly can be sent to recipient and verified by server-side, alleviate service Hold management and calculated load in verifying.Meanwhile can not to directly obtain first after decryption close for the first ciphertext of first key Key but contain noise, even if first verification data is intercepted and captured in the way for returning to server-side by others, can not also obtain first Key, it is ensured that the safety of first key and data ciphertext.
It in embodiments of the present invention, can be preparatory when first key and the first check number are merged into first verification data It sets and merges rule, by the way that the first check number and first key are merged into first verification data based on predetermined merging rule, and First verification data is encrypted with first recipient's public key to obtain the first ciphertext of first key.It is predetermined merge rule by sender with Server-side negotiates to determine in advance, and the merging rule is not known to any recipient including the first recipient.It is predetermined Merging rule may include: to be inserted into the first check number at least one pre-position of first key;Or by the first check number It is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in first key.
Fig. 7 is the schematic flow chart of another embodiment of data forwarding method of the invention.
As shown in fig. 7, the data forwarding method of the embodiment of the present invention includes:
S370, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing The data receiver of debit's mark and the first record identification is requested;
S371, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when, The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes It is engaged in end, such as first being verified, obtaining first key from server-side, and uses the during data ciphertext is decrypted One key;
S372, from server-side receive for the first recipient carry out second verifying second the first ciphertext of key when, Second the first ciphertext of key is decrypted using first recipient's private key, the second obtained decrypted result is sent to clothes It is engaged in end, such as second being verified, obtains data corresponding to the second verifying from server-side data ciphertext to be decrypted It uses in the process.
In embodiments of the present invention, the first recipient is after receiving the first record identification and data ciphertext, can be by the One record identification and the first recipient identify to server-side and request first key and the second key, and server-side is receiving request When, the first ciphertext of first key and second the first ciphertext of key are sent to the first recipient, and the first recipient is examined to return Two verify datas in whether separately include first key and the first check number, the second key and the first check number come to first Recipient verifies.When the first recipient passes through two verifyings, server-side connects first key and the second key with first The first recipient is sent to after debit's public key encryption, the first recipient can use during decrypting to data ciphertext as a result, First key and the second key.
In the embodiment of the present invention, the first recipient is in ciphertext data ciphertext other than needing first key, it is also necessary to the Two keys or data relevant to the second key, server-side is directed to first key respectively and the second key is independent to the first reception Fang Jinhang authentication further improves the safety of data ciphertext and key.
It in embodiments of the present invention, can also be pre- when the second key and the first check number are merged into the second verify data It first sets and merges rule, by the way that the first check number and the second key are merged into the second verify data based on predetermined merging rule, And the second verify data is encrypted with first recipient's public key to obtain second the first ciphertext of key.The predetermined rule that merges is by sender Negotiate to determine in advance with server-side, and the merging rule is not known to any recipient including the first recipient.In advance The fixed rule that merges may include: to be inserted into the first check number at least one pre-position of the second key;Or first is verified Number is split as multiple portions and is respectively correspondingly inserted into multiple pre-positions in the second key.
Fig. 8 is the schematic flow chart of the further embodiment of data forwarding method of the invention.
As shown in figure 8, the data forwarding method of the embodiment of the present invention includes:
S380, data ciphertext is received from data sender and when the first record identification, sending to server-side includes first connecing The data receiver of debit's mark and the first record identification is requested;
S381, from server-side receive for the first recipient carry out first verifying the first ciphertext of first key when, The first ciphertext of first key is decrypted using first recipient's private key, the first obtained decrypted result is sent to clothes It is engaged in end, such as first being verified, obtaining first key from server-side, and uses the during data ciphertext is decrypted One key;
S382, from server-side receive for the first recipient carry out second verifying second the first ciphertext of key when, Second the first ciphertext of key is decrypted using first recipient's private key, the second obtained decrypted result is sent to clothes It is engaged in end, such as second being verified, obtaining first the second ciphertext of subdata in the mistake that data ciphertext is decrypted from server-side It is used in journey.
In embodiments of the present invention, sender has first used first key to pending when encrypting to data clear text The data clear text sent is encrypted to obtain the first data ciphertext, then extracts the from the predetermined portions in the first data ciphertext One subdata replaces the position of first the first subdata of data ciphertext Central Plains with the second subdata, generates the second data ciphertext, and The first subdata, which is encrypted, with the second key obtains first the first ciphertext of subdata.Therefore, sender also sends first to server-side The first ciphertext of subdata, and what sender was sent to the first recipient is the second data ciphertext and the first record identification.
Server-side is asked including the first recipient mark and the data receiver of the first record identification receiving from the first recipient When asking, the first verifying and the second verifying are carried out to the first recipient, when the first recipient is by the second verifying, server-side is used Second key decrypts first the first ciphertext of subdata and obtains the first subdata, and the first subdata is returned to the first reception in plain text Side, or the first reception is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption Side.
After first recipient obtains the first subdata from server-side, with the reservations in the first subdata replacement data ciphertext Get another data ciphertext, then another data ciphertext is decrypted to obtain data clear text with first key.
It through the embodiment of the present invention, include noise in the ciphertext data that the first recipient obtains, it is necessary to be obtained from server-side First subdata ability ciphertext data ciphertext, can be effectively prevented Brute Force, improve the safety of data ciphertext.
In another embodiment of the present invention, the first recipient needs same when decrypting to the data ciphertext obtained from sender Shi Chiyou first key and the second key could be completed to decrypt, at this moment, the first recipient by server-side first verifying and When the second verifying, first key and the second key are sent to the first recipient with first recipient's public key encryption by server-side. The embodiment of the present invention can be improved number by can just obtain data clear text after making recipient that need to obtain two key pair ciphertext decryption According to the safety of ciphertext.
In any of the above-described embodiment of the invention, server-side is receiving sender with the letter of data distribution request transmission These information and data can be identified as index with the first recipient therein and stored by breath and when data, and with distributed The first record identification associated storage.When sender wishes the dependency number that revocation requests server-side to forward for the first recipient According to when, sender can pass through that send to server-side include data distribution revocation that the first record identification and the first recipient identify It requests to request server-side that the first recipient is identified to and identified with the first recipient the information deletion of associated storage.Server-side Divide receiving the data identified including the first record identification and the first recipient that sender sends for the first recipient It can will include that the first recipient identifies and identifies the individual of the information of associated storage with the first recipient when hair revocation request Forward record deletion.After the information that server-side deletes the first recipient mark and associated storage, the first receiving direction server-side When sending the data receiver request including the first recipient mark, server-side will can not find the first recipient and identify relevant forwarding Record realizes transmission so that the decryption data such as first key will not be returned to the first recipient in response to receiving request Timely revocation of the side to data have been distributed.Meanwhile server-side will include that the first recipient identifies and identifies with the first recipient The individual forwarding record deletion of the information of associated storage does not influence to include the first record identification and the second sub-key ciphertext etc. Individual data distribution record can send to server-side and wrap such as the data distribution that sender needs to restore to be directed to the first recipient The data redistribution for including the information such as the first recipient mark, first the first ciphertext of sub-key, first recipient's public key and data is asked It asks, these information and data can be stored as individually forwarding record by server-side again, so that the first recipient can be from service End, which obtains, decrypts required data.
The embodiment of the invention also provides a kind of data distribution/retransmission units, can be by the end including processor and memory End equipment realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute above-mentioned Data distribution/retransmission method applied to sender's client in one embodiment.
The embodiment of the invention also provides a kind of data forwarding devices, can be by including processor and memory and being used as service The terminal device of device realizes that processor is configurable to the scheduled computer instruction stored in run memory to execute The data forwarding method applied to server-side in any of the above-described embodiment.
The embodiment of the invention also provides a kind of data forwarding devices, can be by the terminal device including processor and memory It realizes, processor is configurable to the scheduled computer instruction stored in run memory to execute any of the above-described implementation The data forwarding method applied to recipient's client in example.
Due to all embodiments of exhaustion impossible in the application, it is also not possible to all combinations between exhaustive technical characteristic Mode, therefore the present invention is not limited to these provided specific embodiments, those skilled in the art are in reality disclosed herein On the basis of applying example, it is fully able to carry out a variety of modifications to these embodiments in the case where not departing from spirit of that invention and design And modification, the embodiment of these variants and modifications should all fall into the application it is claimed within the scope of.

Claims (72)

1. a kind of data distributing method is applied to sender's client, which comprises
It is encrypted during to data encryption using at least one key, obtains data ciphertext;
By at least one described key first key and the first check number use first recipient's public key encryption jointly, obtain the One the first ciphertext of key;
Data distribution request is sent to server-side, is connect in the data distribution request including at least the first recipient mark, first The first ciphertext of debit's public key, the first check number and first key, wherein first ciphertext of first key is used to receive to first Fang Jinhang verifying;
The first record identification returned is received from server-side, and data ciphertext and the first record identification are sent to the first reception Side, wherein first record identification be server-side be storage from the data distribution request in the information extracted and data and Accordingly create.
2. the method for claim 1, wherein using the first recipient public jointly the first key and the first check number Key encryption, obtains the first ciphertext of first key, comprising:
The first check number and the first key are merged into first verification data based on predetermined merging rule, and with described first Recipient's public key encrypts first verification data to obtain first ciphertext of first key.
3. method according to claim 2, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of the first key.
4. method according to claim 2, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of the first key Set place.
5. further including the method for claim 1, wherein the second key at least one described key, the method is also Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
6. method according to claim 2, wherein further include the second key at least one described key, the method is also Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
7. method as claimed in claim 3, wherein further include the second key at least one described key, the method is also Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
8. method as claimed in claim 4, wherein further include the second key at least one described key, the method is also Include:
Second key and the first check number are used into first recipient's public key encryption jointly, obtain second the first ciphertext of key,
It wherein, further include first ciphertext of the second key in the data distribution request.
9. method as claimed in claim 5, wherein use the first recipient public jointly second key and the first check number Key encryption, obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
10. method as claimed in claim 6, wherein second key and the first check number are used the first recipient jointly Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
11. the method for claim 7, wherein second key and the first check number are used the first recipient jointly Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
12. method according to claim 8, wherein second key and the first check number are used the first recipient jointly Public key encryption obtains second the first ciphertext of key, comprising:
The first check number and second key are merged into the second verify data based on predetermined merging rule, and with described first Recipient's public key encrypts the second verify data to obtain first ciphertext of the second key.
13. method as claimed in claim 9, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
14. method as claimed in claim 10, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
15. method as claimed in claim 11, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
16. method as claimed in claim 12, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
17. method as claimed in claim 9, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key Set place.
18. method as claimed in claim 10, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key Set place.
19. method as claimed in claim 11, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key Set place.
20. method as claimed in claim 12, wherein the predetermined merging rule includes:
The first verification data are split as multiple portions and are respectively correspondingly inserted into multiple pre-determined bits of second key Set place.
21. the method as described in any one of claim 5-20, wherein
Second key is used for the extracted from the first data ciphertext by being generated with first key to data encryption One subdata carries out encryption and generates first the first ciphertext of subdata,
It further include first the first ciphertext of subdata in the data distribution request,
The data ciphertext for being sent to the first recipient is by replacing first the first subnumber of data ciphertext Central Plains with the second subdata The the second data ciphertext generated according to position.
22. the method as described in any one of claim 5-20, wherein
The first key and the second key to the first part of data and second part for being encrypted to obtain first respectively Data ciphertext and the second data ciphertext,
The data ciphertext for being sent to the first recipient includes the first data ciphertext and the second data ciphertext.
23. the method as described in any one of claim 5-20, wherein
Second key is used for by carrying out encryption generation to the first data ciphertext that data encryption generates with first key Second data ciphertext,
The data ciphertext for being sent to the first recipient is the second data ciphertext.
24. the method as described in any one of claim 1-20, further includes:
Sending to server-side includes the first record identification and the data distribution revocation request that the first recipient identifies, so as to server-side First recipient is identified to and is identified with the first recipient the information deletion of associated storage.
25. a kind of data delivery device, including processor, which is characterized in that the processor runs scheduled computer instruction To execute the data distributing method as described in any one of claim 1-24.
26. a kind of data forwarding method is applied to server-side, which comprises
It receives from sender including at least the first recipient mark, first recipient's public key, the first check number and first key When the data distribution request of the first ciphertext, information is extracted from data distribution request and data carry out storage and are storage The first record identification of information and data creation returns to the first record identification to sender, wherein the first ciphertext of first key passes through The first key at least one key used during encrypting to data uses first with the first check number jointly Recipient's public key encryption obtains;
It is marked by the first record identification and at least first key associated storage, and by the first recipient mark and at least first record Knowledge, the first ciphertext of first key, first recipient's public key and the first check number associated storage;
It is close with first when receiving the data receiver request including the first recipient mark and the first record identification from the first recipient The first ciphertext of key carries out the first verifying to the first recipient, and such as the first recipient is by the first verifying, by first key with first The first recipient is sent to after recipient's public key encryption.
27. method as claimed in claim 26, carrying out the first verifying to the first recipient with the first ciphertext of first key includes:
The first ciphertext of first key is sent to the first recipient, based on predetermined first for merging rule and returning from the first recipient The second check number and third key data are split out in verify data, by the second check number and third key data respectively with storage The first check number and the first key be compared.
28. method as claimed in claim 27, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of the first key.
29. method as claimed in claim 27, wherein the predetermined merging rule includes:
First check number is split as multiple portions and is respectively correspondingly inserted into multiple pre-determined bits in the first key Set place.
30. method as claimed in claim 26, the data distribution request further includes second the first ciphertext of key, the second key First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second The data of verifying are sent to the first recipient.
31. method as claimed in claim 27, the data distribution request further includes second the first ciphertext of key, the second key First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second The data of verifying are sent to the first recipient.
32. method as claimed in claim 28, the data distribution request further includes second the first ciphertext of key, the second key First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second The data of verifying are sent to the first recipient.
33. method as claimed in claim 29, the data distribution request further includes second the first ciphertext of key, the second key First ciphertext by obtaining the second key with first recipient's public key encryption jointly with the first check number, also wrap by the method It includes:
By the first recipient mark also with second key the first ciphertext associated storage, the first record identification is also closed with the second key Connection storage;
When receiving the data receiver request including the first recipient mark and the first record identification from the first recipient, also with second The first ciphertext of key carries out the second verifying to the first recipient, when the first recipient is by the second verifying, will correspond to second The data of verifying are sent to the first recipient.
34. method as claimed in claim 30, wherein carry out the second verifying to the first recipient with second the first ciphertext of key Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage The first check number and second key be compared.
35. method as claimed in claim 31, wherein carry out the second verifying to the first recipient with second the first ciphertext of key Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage The first check number and second key be compared.
36. method as claimed in claim 32, wherein carry out the second verifying to the first recipient with second the first ciphertext of key Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage The first check number and second key be compared.
37. method as claimed in claim 33, wherein carry out the second verifying to the first recipient with second the first ciphertext of key Include:
Second the first ciphertext of key is sent to the first recipient, based on predetermined second for merging rule and returning from the first recipient The second check number and the 4th key data are split out in verify data, by the second check number and the 4th key data respectively with storage The first check number and second key be compared.
38. method as claimed in claim 34, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
39. method as claimed in claim 35, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
40. method as claimed in claim 36, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
41. method as claimed in claim 37, wherein the predetermined merging rule includes:
First check number is inserted at least one pre-position of second key.
42. method as claimed in claim 34, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key Set place.
43. method as claimed in claim 35, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key Set place.
44. method as claimed in claim 36, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key Set place.
45. method as claimed in claim 37, wherein the predetermined merging rule includes:
Multiple pre-determined bits that first check number is split as multiple portions and is respectively correspondingly inserted into second key Set place.
46. the method as described in any one of claim 30-45, wherein further include the first son in the data distribution request The first ciphertext of data, first ciphertext of the first subdata by with the second key pair from by with first key to data encryption The first subdata extracted in the first data ciphertext generated carries out encryption generation,
The method also includes:
By first record identification also with first subdata the first ciphertext associated storage;
When the first recipient is by the second verifying, first the first ciphertext of subdata is decrypted using the second key and obtains the first subnumber According to, and the first reception is sent to after obtaining first the second ciphertext of subdata using first the first subdata of recipient's public key encryption Side.
47. the method as described in any one of claim 30-45, further includes:
When the first recipient is by the second verifying, the first reception will be sent to after first recipient's public key encryption of the second key Side.
48. the method as described in any one of claim 26-45, further includes:
When receiving the data distribution revocation request including the first record identification and the first recipient mark, the first recipient is marked Know and identify with the first recipient the information deletion of associated storage.
49. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction To execute the data forwarding method as described in any one of claim 26-48.
50. a kind of data forwarding method is applied to recipient's client, which comprises
Receive data ciphertext from data sender and when the first record identification, sent to server-side include the first recipient mark and The data receiver of first record identification is requested, and first record identification is that server-side is received right from data sender to store Data ciphertext is decrypted required data and information and is distributed;
When receiving the first ciphertext of first key for carrying out the first verifying to the first recipient from server-side, connect using first The first ciphertext of first key is decrypted in debit's private key, and the first obtained decrypted result is sent to server-side, such as First is verified, and obtains first key from server-side, and first key is used during data ciphertext is decrypted,
Wherein, the first ciphertext of first key by using first recipient's public key encryption raw first key and the first check number jointly At.
51. method as claimed in claim 50, wherein the first ciphertext of first key merges rule specifically by based on predetermined First check number and the first key are merged into first verification data, and verified with the first recipient public key to first Data encryption obtains.
52. method as claimed in claim 51, wherein the predetermined merging rule include: the first key at least First check number is inserted into one pre-position.
53. method as claimed in claim 51, wherein the predetermined merging rule includes: to split first check number For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in the first key.
54. method as claimed in claim 50, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side It is used in journey.
55. method as claimed in claim 51, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side It is used in journey.
56. method as claimed in claim 52, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side It is used in journey.
57. method as claimed in claim 53, further includes:
When receiving second the first ciphertext of key for carrying out the second verifying to the first recipient from server-side, connect using first Second the first ciphertext of key is decrypted in debit's private key, and the second obtained decrypted result is sent to server-side;
If second is verified, the data corresponding to the second verifying are obtained in the mistake that data ciphertext is decrypted from server-side It is used in journey.
58. method as claimed in claim 54, wherein second the first ciphertext of key merges rule specifically by based on predetermined First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data Encryption obtains.
59. method as claimed in claim 55, wherein second the first ciphertext of key merges rule specifically by based on predetermined First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data Encryption obtains.
60. method as claimed in claim 56, wherein second the first ciphertext of key merges rule specifically by based on predetermined First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data Encryption obtains.
61. method as claimed in claim 57, wherein second the first ciphertext of key merges rule specifically by based on predetermined First check number and the second key are merged into the second verify data, and with the first recipient public key to the second verify data Encryption obtains.
62. method as claimed in claim 58, wherein the predetermined merging rule include: second key at least First check number is inserted into one pre-position.
63. method as claimed in claim 59, wherein the predetermined merging rule include: second key at least First check number is inserted into one pre-position.
64. method as claimed in claim 60, wherein the predetermined merging rule include: second key at least First check number is inserted into one pre-position.
65. method as claimed in claim 61, wherein the predetermined merging rule include: second key at least First check number is inserted into one pre-position.
66. method as claimed in claim 62, wherein the predetermined merging rule includes: to split first check number For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
67. the method as described in claim 63, wherein the predetermined merging rule includes: to split first check number For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
68. the method as described in claim 64, wherein the predetermined merging rule includes: to split first check number For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
69. the method as described in claim 65, wherein the predetermined merging rule includes: to split first check number For multiple portions and respectively correspondingly it is inserted into multiple pre-positions in second key.
70. the method as described in any one of claim 54-69, further includes:
If second is verified, first the second ciphertext of subdata is obtained from server-side,
First subdata, second ciphertext is generated by server-side using first the first subdata of recipient's public key encryption, and described the One subdata is decrypted first the first ciphertext of subdata using the second key by server-side and is obtained,
First subdata, first ciphertext by data sender by with the second key pair from through first key to data encryption The first subdata extracted in the first obtained data ciphertext encrypts to obtain,
From the received data ciphertext of data sender by replacing first the first subdata of data ciphertext Central Plains with the second subdata Position and generate.
71. the method as described in any one of claim 54-69, further includes:
If second is verified, the second key is obtained from server-side, and carry out to from the received data ciphertext of data sender The second key is used during decryption.
72. a kind of data forwarding device, including processor, which is characterized in that the processor runs scheduled computer instruction To execute the data forwarding method as described in any one of claim 50-71.
CN201810095513.3A 2018-01-31 2018-01-31 A kind of data distribution, retransmission method and device Active CN108366054B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810095513.3A CN108366054B (en) 2018-01-31 2018-01-31 A kind of data distribution, retransmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810095513.3A CN108366054B (en) 2018-01-31 2018-01-31 A kind of data distribution, retransmission method and device

Publications (2)

Publication Number Publication Date
CN108366054A CN108366054A (en) 2018-08-03
CN108366054B true CN108366054B (en) 2019-06-11

Family

ID=63007563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810095513.3A Active CN108366054B (en) 2018-01-31 2018-01-31 A kind of data distribution, retransmission method and device

Country Status (1)

Country Link
CN (1) CN108366054B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854241A (en) * 2009-03-30 2010-10-06 上海聚力传媒技术有限公司 Method and device for verifying data block transmitted in network
CN105245337A (en) * 2015-10-30 2016-01-13 南京未来网络产业创新有限公司 Improved file encryption and decryption method
CN105553926A (en) * 2015-06-30 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Authentication method, server, and terminal
CN105635141A (en) * 2015-12-29 2016-06-01 沈文策 Information transmission method and device
CN106788991A (en) * 2016-12-05 2017-05-31 北京中交兴路信息科技有限公司 A kind of method and device of data transfer
CN107086976A (en) * 2016-02-14 2017-08-22 广州市动景计算机科技有限公司 The method of data check, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854241A (en) * 2009-03-30 2010-10-06 上海聚力传媒技术有限公司 Method and device for verifying data block transmitted in network
CN105553926A (en) * 2015-06-30 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Authentication method, server, and terminal
CN105245337A (en) * 2015-10-30 2016-01-13 南京未来网络产业创新有限公司 Improved file encryption and decryption method
CN105635141A (en) * 2015-12-29 2016-06-01 沈文策 Information transmission method and device
CN107086976A (en) * 2016-02-14 2017-08-22 广州市动景计算机科技有限公司 The method of data check, device and system
CN106788991A (en) * 2016-12-05 2017-05-31 北京中交兴路信息科技有限公司 A kind of method and device of data transfer

Also Published As

Publication number Publication date
CN108366054A (en) 2018-08-03

Similar Documents

Publication Publication Date Title
US6915434B1 (en) Electronic data storage apparatus with key management function and electronic data storage method
CN109962784B (en) Data encryption, decryption and recovery method based on multiple digital envelope certificates
KR100753932B1 (en) contents encryption method, system and method for providing contents through network using the encryption method
CN107948736A (en) A kind of audio and video preservation of evidence method and system
CN102484638B (en) Layered protection and validation of identity data delivered online via multiple intermediate clients
CN109981255B (en) Method and system for updating key pool
CN108243197B (en) A kind of data distribution, retransmission method and device
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN103516516B (en) file security sharing method, system
CN105745861A (en) Information delivery system
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
JP2000124887A (en) Enciphering/decoding method for group unit, and method and device for signature
CN108768653A (en) Identity authorization system based on quantum key card
CN105049877A (en) Encryption method and device for live and recorded broadcast interaction system
CN108200085B (en) A kind of data distribution, retransmission method and device
CN106899610A (en) A kind of checking code verification method without storage
CN106911663A (en) One kind sells bank's full message encryption system and method for mixed mode directly to households
CN108199838A (en) A kind of data guard method and device
CN105119719B (en) A kind of key management method of safe storage system
CN108366054B (en) A kind of data distribution, retransmission method and device
CN108243198B (en) A kind of data distribution, retransmission method and device
JP2001344214A (en) Method for certifying terminal and cipher communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder