CN109120576B - Data sharing method and device, computer equipment and storage medium - Google Patents

Data sharing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN109120576B
CN109120576B CN201710488308.9A CN201710488308A CN109120576B CN 109120576 B CN109120576 B CN 109120576B CN 201710488308 A CN201710488308 A CN 201710488308A CN 109120576 B CN109120576 B CN 109120576B
Authority
CN
China
Prior art keywords
sharing
ciphertext
data
preset application
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710488308.9A
Other languages
Chinese (zh)
Other versions
CN109120576A (en
Inventor
蔡元锋
刘友学
钱成
姜鑫磊
李杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201710488308.9A priority Critical patent/CN109120576B/en
Publication of CN109120576A publication Critical patent/CN109120576A/en
Application granted granted Critical
Publication of CN109120576B publication Critical patent/CN109120576B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

A data sharing method and device run on a sharing sending end and comprise the following steps: receiving a sharing instruction for sharing the shared data to a preset application on a third-party application; acquiring a public key of a preset application from a third-party application according to a sharing instruction; determining ciphertext information according to the public key and the shared data, and jumping to a preset application; receiving a sharing object input instruction through a sharing object receiving interface; the sharing object is determined according to the sharing object input instruction, the ciphertext information is sent to the sharing object through the preset application, and the security is high. The invention also provides a data sharing method and a data sharing device corresponding to the method and the device, which are operated at the sharing receiving end and have higher safety performance. Correspondingly, the invention also provides computer equipment and a storage medium which correspond to the data sharing method and device and have high safety performance.

Description

Data sharing method and device, computer equipment and storage medium
Technical Field
The present invention relates to the field of information sharing technologies, and in particular, to a data sharing method and apparatus, a computer device, and a storage medium.
Background
The URL Scheme (uniform resource locator sharing mode) is a solution for cross-application sharing provided by an operating system, has the characteristics of simplicity and easy use, is popular with developers, and is widely used in various popular applications. Generally speaking, a receiver of the URL Scheme completely trusts data of a transmitter, and a hacker can forge a third-party application to send malicious information to the receiver and send well-constructed malicious data to the receiver to achieve the purpose of destroying a normal business processing flow of the receiver.
Therefore, the security of data sharing across applications is low.
Disclosure of Invention
Therefore, it is necessary to provide a data sharing method and apparatus, a computer device, and a storage medium with high security for solving the problem of low security of cross-application data sharing.
A data sharing method, which runs on a sharing sending end, comprises the following steps:
receiving a sharing instruction for sharing the shared data to a preset application on a third-party application;
acquiring a public key of the preset application from the third-party application according to the sharing instruction;
determining ciphertext information according to the public key and the shared data, and skipping to the preset application;
receiving a sharing object input instruction through the preset application;
and determining a sharing object according to the sharing object input instruction, and sending the ciphertext information to the sharing object through the preset application.
A data sharing device operates at a sharing transmitting end and comprises:
the instruction receiving module is used for receiving a sharing instruction for sharing the shared data to the preset application on the third-party application;
the public key acquisition module is used for acquiring a public key of the preset application from the third-party application according to the sharing instruction;
the ciphertext determining module is used for determining ciphertext information according to the public key and the shared data and skipping to the preset application;
the object receiving module is used for receiving a sharing object input instruction through the preset application;
and the ciphertext sending module is used for determining the sharing object according to the sharing object input instruction and sending the ciphertext information to the sharing object through the preset application.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to the sharing object determined by receiving the sharing object input instruction through the preset application. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the method and the device are high in safety.
A data sharing method runs at a sharing receiving end and comprises the following steps:
receiving and sharing ciphertext information sent by a sending end through a preset application;
when shared data are determined according to the private key of the preset application and the ciphertext information, displaying the shared data in the preset application; the private key corresponds to a public key adopted by the sharing sending end to determine the ciphertext information, the public key is a secret key which is obtained by the sharing sending end according to a sharing instruction and is disclosed to an authorized third application, and the sharing instruction is an instruction which is received by the sharing sending end on the third-party application and shares the shared data to the preset application.
A data sharing device, operating at a sharing receiving end, comprises:
the ciphertext receiving module is used for receiving and sharing ciphertext information sent by the sending end through a preset application;
the data display module is used for displaying the shared data in the preset application when the shared data is determined according to the private key of the preset application and the ciphertext information; the private key corresponds to a public key adopted by the sharing sending end to determine the ciphertext information, the public key is a secret key which is obtained by the sharing sending end according to a sharing instruction and is disclosed to an authorized third application, and the sharing instruction is an instruction which is received by the sharing sending end on the third-party application and shares the shared data to the preset application.
Before displaying the shared data, the ciphertext information sent by the sharing sending end needs to be received through a preset application, and when the shared data is determined according to the private key of the preset application and the ciphertext information, the shared data is displayed in the preset application, so that the business related to the shared data can be executed, and therefore the method and the device are high in safety.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the data sharing method when executing the computer program.
A computer storage medium having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of the data sharing method described above.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to the sharing object determined by receiving the sharing object input instruction through the preset application. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the computer equipment and the storage medium have higher safety.
Drawings
Fig. 1 is a schematic diagram of an application environment of a data sharing method and apparatus according to an embodiment;
FIG. 2 is a diagram illustrating an internal structure of an execution terminal according to an embodiment;
FIG. 3 is a flow chart of a data sharing method according to an embodiment;
FIG. 4 is a detailed flowchart of a step of the data sharing method of FIG. 3;
fig. 5 is a flowchart of a data sharing method according to another embodiment, which is executed at a sharing transmitting end;
FIG. 6 is a flowchart of a data sharing method according to an embodiment of the present invention;
FIG. 7 is a detailed flow chart of a step of the data sharing method of FIG. 6;
FIG. 8 is a block diagram of a data sharing apparatus according to an embodiment;
FIG. 9 is a detailed block diagram of one module of the data sharing apparatus of FIG. 8;
fig. 10 is a block diagram of a data sharing apparatus according to another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Fig. 1 is a schematic view of an application environment of a data sharing method with high security according to an embodiment. As shown in fig. 1, the application environment includes a sharing sender 110, a network 120, and a sharing receiver 130, where the sharing sender 110 and the sharing receiver 130 are connected through the network 120. The sharing sending terminal 110 or the sharing receiving terminal 130 may be a mobile phone, a tablet computer, a personal digital assistant, a wearable device, or the like. In one embodiment, the data sharing method is executed in the sharing sending end 110; in another embodiment, the data sharing method is executed in the sharing receiver 130. It should be further noted that, in some embodiments, the sharing transmitter 110 and the sharing receiver 130 may be disposed on the same execution terminal.
Fig. 2 is a schematic diagram of an internal structure of an execution terminal in an embodiment, where the execution terminal may be the sharing sending terminal 110 or the sharing receiving terminal 130. As shown in fig. 2, the execution terminal includes a processor, a storage medium, an internal memory, a network interface, an output device, and an input device, which are connected through a system bus. The storage medium of the execution terminal stores an operating system and a computer program of the data sharing device, and when the computer program of the data sharing device is executed by the processor, the data sharing method is realized. The processor is used for providing calculation and control capability and supporting the operation of the whole execution terminal. The internal memory of the execution terminal provides an environment for the data sharing device in the storage medium to operate, and the internal memory can store computer readable instructions, and when the computer readable instructions are executed by the processor, the processor can be caused to execute a data sharing method. The network interface of the executive terminal is used for accessing the network, such as network communication with another corresponding executive terminal. The output device of the execution terminal comprises a display screen, wherein the display screen can be a liquid crystal display screen or an electronic ink display screen; the input device of the execution terminal may be a touch layer covered on a display screen, a key, a track ball or a touch pad arranged on a shell of the user terminal, or an external keyboard, a touch pad or a mouse. It will be understood by those skilled in the art that the structure shown in fig. 2 is a block diagram of only a portion of the structure associated with the inventive arrangements, and does not constitute a limitation on the implementation terminal to which the inventive arrangements are applied, and that a particular implementation terminal may include more or less components than those shown in the drawings, or may combine certain components, or have a different arrangement of components.
Referring to fig. 3, in an embodiment, a data sharing method is provided, where the method operates in the sharing transmitting end shown in fig. 1, and the method includes the following steps:
s310: and receiving a sharing instruction for sharing the shared data to the preset application on the third-party application.
The third-party application is an application program which is not a preset application and can provide shared data. Optionally, the shared data may specifically include shared content to be shared, such as an article, a picture, a news, and the like; the content may also be linked to a link address, such as a URL (Uniform Resource Locator). In order to save resources, in a preferred embodiment, the shared data is a link address linking the shared content.
The sharing instruction for sharing the shared data to the preset application can be received on an interactive interface of the third-party application, and the sharing instruction for sharing the shared data to the preset application can also be received in a shortcut key mode. The interaction interface of the third-party application may specifically be a sharing interaction interface. In one embodiment, the sharing interactive interface includes an icon that can be shared to a sharing platform; each sharing platform can correspond to an application, for example, the sharing platform can be shared to a friend of WeChat, at this moment, the application corresponding to the sharing platform is WeChat, and for example, the sharing platform can be shared to a friend circle, at this moment, the application corresponding to the sharing platform is also WeChat. In a specific embodiment, when a command for sharing to the sharing platform input by a user is received, a sharing instruction for sharing to a preset application corresponding to the sharing platform may be generated, so that the sharing instruction for sharing the shared data to the preset application is received on a third-party application.
S330: and acquiring a public key of the preset application from the third-party application according to the sharing instruction.
In this embodiment, when the execution terminal, i.e., the sharing sending terminal, receives the sharing instruction, the encryption operation is triggered. The encryption operation is executed by first acquiring the secret key, and therefore, the public key of the preset application is acquired from the third-party application. It should be noted that the public key of the preset application is used for applying for the sharing right from the server side of the preset application in advance when the third-party application obtains the sharing right, and the server side of the preset application sends the sharing right to the third-party application. Specifically, the server side of the preset application sends the public key of the preset application to the third-party application in the form of an SDK (Software Development Kit).
S340: and determining ciphertext information according to the public key and the shared data, and jumping to a preset application.
In one embodiment, the shared data may be directly encrypted by the public key to obtain the ciphertext information. It is understood that in other embodiments, the ciphertext information may be determined in other manners according to the public key and the shared data.
In this embodiment, after determining the ciphertext information, a jump is made to a predetermined application. The method comprises the steps of jumping to a sharing object receiving interface of a preset application, wherein the sharing object receiving interface is an interactive interface which is provided by the preset application and used for receiving a sharing object input instruction, and the sharing object receiving interface can receive the sharing object input instruction so as to determine a sharing object. The sharing object may be a sharing platform of a user corresponding to the sharing sending end on a preset application, or may be another user or users, a user group, or a user group different from the user corresponding to the sharing sending end.
S350: and receiving a sharing object input instruction through a preset application.
The sharing object input instruction input by the user can be received on the preset application through a sharing object receiving interface of the preset application. The sharing object input instruction may be input to the execution terminal by selecting one or more sharing objects on a sharing object receiving interface of the preset application. It is to be understood that the sharing object input instruction may also be input to the execution terminal by directly inputting the sharing object on the sharing object receiving interface of the preset application or by other manners.
S360: and determining the sharing object according to the sharing object input instruction, and sending the ciphertext information to the sharing object through a preset application.
After receiving the sharing object input instruction, the sharing object can be determined according to the sharing object input instruction, and then the determined ciphertext information is sent to the sharing object through the preset application. The ciphertext information can be sent to the sharing receiving end where the sharing object is located. The sharing object is a receiver of data sharing.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to a sharing object determined by the sharing object input instruction through a sharing object receiving interface. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the security is high.
Referring to fig. 4, in order to further improve the security of data sharing, in one embodiment, the step of determining the ciphertext information according to the public key and the shared data, that is, the step S340, includes:
s341: a symmetric key is obtained.
The method can directly acquire the symmetric key randomly generated by the sharing sending end, and also can acquire the symmetric key generated by the sharing sending end according to the preset rule. It should be noted that the sharing receiving end cannot acquire the symmetric key before receiving the ciphertext information.
S343: and symmetrically encrypting the shared data by adopting a symmetric key to obtain a symmetric ciphertext.
And symmetrically encrypting the shared data through the symmetric key to obtain a symmetric ciphertext. Therefore, after the sharing receiving end acquires the symmetric key, the sharing receiving end decrypts the symmetric cipher text through the symmetric key to obtain the shared data. In one embodiment, to further improve the security of sharing data, the symmetric encryption may be AES (advanced encryption Standard) encryption.
S345: and carrying out asymmetric encryption on the symmetric key according to the public key to obtain an asymmetric ciphertext, and forming the symmetric ciphertext and the asymmetric ciphertext into ciphertext information.
And carrying out asymmetric encryption on the symmetric key used for encrypting the shared data by using the public key of the preset application acquired from the third-party application to obtain an asymmetric ciphertext, and forming the symmetric ciphertext and the asymmetric ciphertext into ciphertext information, thereby further improving the security of the shared data. In one embodiment, to further improve the security of the fractional data, the asymmetric encryption may be RSA encryption (an asymmetric encryption method).
Further, in order to further improve the security of the shared data, the step of obtaining the symmetric key, i.e. step S341, includes:
(a) and acquiring application information of the third-party application.
The application information of the third-party application is related information of the third-party application, such as developer information.
(b) And acquiring the current timestamp according to the sharing instruction and acquiring the random number.
When a sharing instruction is received, the current timestamp can be obtained in a mode of obtaining the current time and determining the current timestamp, and the random number can be obtained through a random function.
(c) And generating a symmetric key according to the application information, the current timestamp and the random number.
After the application information, the current timestamp, and the random number are obtained, a symmetric key may be generated according to at least one of the application information, the current timestamp, and the random number. Optionally, in order to further improve the security of the shared data, a symmetric key is generated according to the application information, the current timestamp, and the random number. Specifically, a random password may be calculated according to the application information, the current timestamp, and the random number, and the random password may be used as a symmetric key; in order to further improve the security of the shared data, the random password may be subjected to MD5(Message-Digest Algorithm 5) hash calculation to obtain a calculation result, and the calculation result may be used as a symmetric key.
Referring to fig. 5, in an embodiment, before the step of obtaining the public key of the preset application from the third-party application according to the sharing instruction, that is, before step S330, the method further includes:
s320: and sending the shared data to a server of a preset application for verification.
The verification mode may be that the server analyzes the current operation and the previous related operation according to the shared data to determine the security of the current shared data. And when the verification is passed, executing a subsequent instruction for acquiring the public key of the preset application from the third-party application according to the sharing instruction. Otherwise, data sharing is stopped. The server needs to analyze the shared data and determines the security of the current shared data, so that the security is higher.
Referring to fig. 6, the present invention further provides a data sharing method corresponding to the above method, which is executed at a sharing receiving end, and includes:
s610: and receiving and sharing the ciphertext information sent by the sending end through the preset application.
The sharing receiving terminal is a terminal where the sharing object is located, and the sharing object is an object to be shared which is determined by the sharing sending terminal according to the sharing object input instruction after the sharing sending terminal receives the sharing object input instruction through the sharing object receiving interface.
S620: and when the shared data is determined according to the private key and the ciphertext information of the preset application, displaying the shared data in the preset application.
Since the sharing sending end determines the ciphertext information according to the public key and the sharing data, if the sharing receiving end receives the sharing initiated by the third-party application authorized by the preset application, the sharing data can be determined by the private key of the preset application and the received ciphertext information. When it can be determined that the sharing receiving end can determine the shared data, it is indicated that the shared data is the legal shared data initiated by the third-party application authorized by the preset application, and therefore, the shared data can be displayed in the preset application. The sharing data interface can be a dialog box for chatting with a user of the sharing sending terminal; the data sharing interface can also be used for sharing a publishing preview or a publishing result of a data publishing platform.
It should be noted that, in this embodiment, the private key corresponds to a public key used by the sharing sending end to determine the ciphertext information, the public key is a secret key of the preset application and is public to an authorized third application, which is obtained by the sharing sending end according to the sharing instruction, and the sharing instruction is an instruction received by the sharing sending end on the third-party application to share the shared data to the preset application.
Before the shared data is displayed, the ciphertext information sent by the sharing sending end needs to be received through the preset application, and when the shared data is determined according to the private key and the ciphertext information of the preset application, the shared data is displayed in the preset application, and then the business related to the shared data can be executed, so that the safety is high.
Further, when the shared data is determined according to the private key and the ciphertext information of the preset application, the step of displaying the shared data in the preset application, that is, the step S620 includes:
(I) and when the asymmetric ciphertext of the ciphertext information is decrypted according to the preset applied private key to obtain the symmetric key, decrypting the symmetric ciphertext of the ciphertext information according to the symmetric key.
It is to be understood that, in the present embodiment, the ciphertext information includes a symmetric ciphertext and an asymmetric ciphertext. The symmetric cipher text is obtained by symmetrically encrypting the shared data through a symmetric key; the asymmetric ciphertext is a ciphertext obtained by asymmetrically encrypting a symmetric key through a public key.
And (II) when the symmetric cipher text of the cipher text information is decrypted according to the symmetric key to obtain shared data, displaying the shared data in the preset application.
If the ciphertext information received by the sharing receiving end is sent by the preset application authorized third-party application initiating sharing, the asymmetric ciphertext can be decrypted according to the private key of the preset application to obtain the symmetric key, and then the symmetric ciphertext can be decrypted according to the symmetric key to obtain the shared data. When the sharing receiving end can obtain the shared data, the shared data is the sharing initiated by the third-party application authorized by the preset application and is legal shared data, and therefore the shared data can be displayed in the preset application. For example, the shared data can be displayed in a shared data interface of a default application.
The following is a description of a specific implementation.
Since enterprise IM software (software for providing instant messaging service to employees of the same enterprise) has a higher requirement on security of shared data, the default application is preferably enterprise IM software in this embodiment.
When enterprise employees find valuable information in third-party application through the sharing sending end, the valuable information can be shared to clients or colleagues through calling the enterprise IM software, the requirement of the enterprise IM software on the safety is higher, when the enterprise employees share the information in the enterprise IM software through the third-party application, the third-party application of the sharing sending end needs to encrypt shared data, the encryption process does not need user intervention, and user experience cannot be influenced. It should be noted that the third party application may encrypt the shared data by loading the SDK provided by the enterprise IM software when authorized for it. In a specific embodiment, as shown in fig. 7, the system architecture of the third-party application is that an SDK is embedded in the third-party application, and the SDK specifically includes an AES module and an RSA module. And the AES module is used for generating a symmetric key and encrypting the shared data to be shared by adopting the symmetric key to obtain a symmetric ciphertext, such as a URL. The purpose of encrypting the URL is to prevent the URL from being forged by malicious tampering, which poses a security threat to the normal business of the enterprise IM software. And the RSA module is used for encrypting the symmetric key and ensuring that the symmetric key cannot be stolen in the transmission process. The RSA algorithm can ensure that the information encrypted by the public key can only be decrypted by a party holding the private key, the RSA public key is embedded in the SDK when the SDK is distributed to the third party application, and the third party application can acquire the SDK and share data to the enterprise IM software only through the verification of the enterprise IM software.
In order to ensure that the URL shared by the third-party application to the enterprise IM software is not tampered with, the third-party application needs to encrypt the original URL (shared data) using the AES module provided by the SDK. Since the symmetric key is generated by the third-party application, the enterprise IM software needs to decrypt the original URL by using the symmetric key. In order to ensure the transmission security of the symmetric key, in the embodiment, the symmetric key is asymmetrically encrypted by the RSA module embedded in the SDK. The third party application transmits the URL (symmetric ciphertext) encrypted by the AES module and the symmetric key (asymmetric ciphertext) encrypted by the RSA module to enterprise IM software of the sharing receiving end together, the enterprise IM software of the sharing receiving end obtains the share from the third party application, the symmetric key can be obtained by decrypting the asymmetric ciphertext through the private key, and then the symmetric key decrypts the symmetric ciphertext to obtain the original URL (shared data).
The invention also provides a data sharing device corresponding to the data sharing method running on the sharing sending end. A data sharing apparatus according to an embodiment operates at a sharing transmitting end, as shown in fig. 8, and includes:
the instruction receiving module 810 is configured to receive, on a third-party application, a sharing instruction for sharing shared data to a preset application;
the public key obtaining module 830 is configured to obtain a public key of a preset application from a third-party application according to a sharing instruction;
the ciphertext determining module 840 is configured to determine ciphertext information according to the public key and the shared data, and skip to a preset application;
an object receiving module 850, configured to receive a sharing object input instruction through a sharing object receiving interface;
and the ciphertext sending module 860 is configured to determine the sharing object according to the sharing object input instruction, and send the ciphertext information to the sharing object through a preset application.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to a sharing object determined by the sharing object input instruction through a sharing object receiving interface. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the security is high.
Referring to fig. 9, in order to further improve the security of data sharing, in one embodiment, the ciphertext determining module includes:
a key obtaining unit 841, configured to obtain a symmetric key;
a symmetric encryption unit 843, configured to symmetrically encrypt the shared data with a symmetric key to obtain a symmetric ciphertext;
and a ciphertext forming unit 845, configured to perform asymmetric encryption on the symmetric key according to the public key to obtain an asymmetric ciphertext, and form the symmetric ciphertext and the asymmetric ciphertext into ciphertext information.
Referring to fig. 9, in order to further improve the security of the shared data, the key obtaining unit 841 includes:
a first obtaining subunit 841a, configured to obtain application information of a third-party application;
the second obtaining subunit 841b is configured to obtain the current timestamp according to the sharing instruction, and obtain a random number;
and a key generation subunit 841c, configured to generate a symmetric key according to the application information, the current timestamp, and the random number.
Referring to fig. 8, in one embodiment, the system further includes a verification sending module 820;
a verification sending module 820, configured to send the shared data to a server of a preset application for verification;
the public key obtaining module 830 is configured to obtain, according to the sharing instruction, a public key of the preset application from the third-party application when the verification is passed.
The invention also provides a data sharing device corresponding to the data sharing method running at the sharing receiving end. An embodiment of a data sharing apparatus, operating on a sharing receiving end, as shown in fig. 10, includes:
the ciphertext receiving module 910 is configured to receive, through a preset application, ciphertext information sent by a sharing sending end;
a data display module 930, configured to display the shared data in the preset application when the shared data is determined according to the private key and the ciphertext information of the preset application; the private key corresponds to a public key adopted by the sharing sending end for determining the ciphertext information, the public key is a secret key which is obtained by the sharing sending end according to a sharing instruction and is used for a preset application and is disclosed for an authorized third application, and the sharing instruction is an instruction which is received by the sharing sending end on a third-party application and is used for sharing the shared data to the preset application.
Before the shared data is displayed, the ciphertext information sent by the sharing sending end needs to be received through the preset application, and when the shared data is determined according to the private key and the ciphertext information of the preset application, the shared data is displayed in the preset application, and then the business related to the shared data can be executed, so that the safety is high.
Continuing to refer to fig. 10, in one embodiment, the system further includes a key decryption module 920;
the key decryption module 920 is configured to decrypt the symmetric ciphertext of the ciphertext information according to the symmetric key when the asymmetric ciphertext of the ciphertext information is decrypted according to the preset applied private key to obtain the symmetric key;
the data display module 930 is configured to display the shared data in the preset application when the key decryption module 920 decrypts the symmetric ciphertext of the ciphertext information according to the symmetric key to obtain the shared data.
The invention also provides computer equipment corresponding to the data sharing method and device running on the sharing sending end, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the step of the data sharing method of the sharing sending end when executing the computer program.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to the sharing object determined by receiving the sharing object input instruction through the sharing object receiving interface. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the computer equipment is high in safety.
The invention also provides a computer storage medium corresponding to the data sharing method and device running on the sharing sending end, wherein a computer program is stored on the computer storage medium, and when the computer program is executed by a processor, the steps of the data sharing method of the sharing sending end are realized.
Before sending the shared data, the public key of the preset application needs to be obtained from the third-party application according to the sharing instruction, and the ciphertext information is determined according to the public key and the shared data. And finally, sending the ciphertext information to the sharing object determined by receiving the sharing object input instruction through the sharing object receiving interface. Therefore, the sharing receiving terminal can display the shared data at the sharing receiving terminal after the ciphertext information is accurately decrypted, and then the business related to the shared data is executed, so that the computer storage medium is high in safety.
The invention also provides computer equipment corresponding to the data sharing method and device running at the sharing receiving end, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the step of the data sharing method at the sharing receiving end when executing the computer program.
Before displaying the shared data, the ciphertext information sent by the sharing sending end needs to be received through a preset application, and when the shared data is determined according to the private key of the preset application and the ciphertext information, the shared data is displayed in the preset application, so that the related business of the shared data can be executed, and therefore the safety of the computer equipment is high.
The invention also provides a computer storage medium corresponding to the data sharing method and device running at the sharing receiving end, wherein a computer program is stored on the computer storage medium, and when the computer program is executed by a processor, the steps of the data sharing method at the sharing receiving end are realized.
Before displaying the shared data, the ciphertext information sent by the sharing sending end needs to be received through a preset application, and when the shared data is determined according to the private key of the preset application and the ciphertext information, the shared data is displayed in the preset application, so that the business related to the shared data can be executed, and therefore the computer storage medium is high in safety.
Since the data sharing device operating at the sharing transmitting end or the sharing receiving end corresponds to the data sharing method, detailed technical features of the device corresponding to the method are not described herein. The computer device and the computer storage medium are corresponding to the data sharing method one to one, and the technical features of the computer device and the storage medium corresponding to the method are not described herein again.
It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, and the program may be stored in a non-volatile computer readable storage medium, and in the embodiments of the present invention, the program may be stored in a storage medium of a computer system and executed by at least one processor in the computer system, so as to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (14)

1. A data sharing method is characterized in that the method operates on a sharing sending end and comprises the following steps:
receiving a sharing instruction for sharing the shared data to a preset application on a third-party application;
acquiring a public key of the preset application from the third-party application according to the sharing instruction;
determining ciphertext information according to the public key and the shared data, and skipping to the preset application;
receiving a sharing object input instruction through the preset application;
determining a sharing object according to the sharing object input instruction, sending the ciphertext information to the sharing object through the preset application, enabling the sharing object to receive the ciphertext information through the preset application, and displaying the sharing data in the preset application when determining the sharing data according to the private key of the preset application and the ciphertext information; the private key corresponds to the public key.
2. The data sharing method according to claim 1, wherein the step of determining ciphertext information according to the public key and the shared data comprises:
obtaining a symmetric key;
symmetrically encrypting the shared data by adopting the symmetric key to obtain a symmetric ciphertext;
and carrying out asymmetric encryption on the symmetric key according to the public key to obtain an asymmetric ciphertext, and forming the symmetric ciphertext and the asymmetric ciphertext into ciphertext information.
3. The data sharing method according to claim 2, wherein the step of obtaining the symmetric key comprises:
acquiring application information of the third-party application;
acquiring a current timestamp according to the sharing instruction, and acquiring a random number;
and generating a symmetric key according to the application information, the current timestamp and the random number.
4. The data sharing method according to claim 1, wherein before the step of obtaining the public key of the preset application from the third-party application according to the sharing instruction, the method further includes:
and sending the shared data to the server of the preset application for verification.
5. A data sharing method is characterized in that the method runs at a sharing receiving end and comprises the following steps:
receiving and sharing ciphertext information sent by a sending end through a preset application;
when shared data are determined according to the private key of the preset application and the ciphertext information, displaying the shared data in the preset application; the private key corresponds to a public key adopted by the sharing sending end to determine the ciphertext information, the public key is a secret key which is obtained by the sharing sending end according to a sharing instruction and is disclosed to an authorized third-party application, and the sharing instruction is an instruction which is received by the sharing sending end on the third-party application and shares the shared data to the preset application.
6. The data sharing method according to claim 5, wherein the step of displaying the shared data in the preset application when the shared data is determined according to the private key of the preset application and the ciphertext information includes:
when the asymmetric ciphertext of the ciphertext information is decrypted according to the preset applied private key to obtain a symmetric key, the symmetric ciphertext of the ciphertext information is decrypted according to the symmetric key;
and when the symmetric cipher text of the cipher text information is decrypted according to the symmetric key to obtain shared data, displaying the shared data in the preset application.
7. The utility model provides a data sharing device, its characterized in that, operate in sharing the sending end, include:
the instruction receiving module is used for receiving a sharing instruction for sharing the shared data to the preset application on the third-party application;
the public key acquisition module is used for acquiring a public key of the preset application from the third-party application according to the sharing instruction;
the ciphertext determining module is used for determining ciphertext information according to the public key and the shared data and skipping to the preset application;
the object receiving module is used for receiving a sharing object input instruction through the preset application;
the ciphertext sending module is used for determining a sharing object according to the sharing object input instruction, sending the ciphertext information to the sharing object through the preset application so that the sharing object receives the ciphertext information through the preset application, and displaying the sharing data in the preset application when the sharing data is determined according to a private key of the preset application and the ciphertext information; the private key corresponds to the public key.
8. The data sharing apparatus according to claim 7, wherein the ciphertext determination module includes:
a key obtaining unit for obtaining a symmetric key;
the symmetric encryption unit is used for symmetrically encrypting the shared data by adopting the symmetric key to obtain a symmetric ciphertext;
and the ciphertext forming unit is used for asymmetrically encrypting the symmetric key according to the public key to obtain an asymmetric ciphertext and forming the symmetric ciphertext and the asymmetric ciphertext into ciphertext information.
9. The data sharing apparatus according to claim 8, wherein the key obtaining unit includes:
the first acquisition subunit is used for acquiring the application information of the third-party application;
the second obtaining subunit is used for obtaining the current timestamp according to the sharing instruction and obtaining a random number;
and the key generation subunit is used for generating a symmetric key according to the application information, the current timestamp and the random number.
10. The data sharing apparatus according to claim 7, further comprising a verification sending module;
the verification sending module is used for sending the shared data to the server of the preset application for verification;
and the public key acquisition module is used for acquiring the public key of the preset application from the third-party application according to the sharing instruction when the verification is passed.
11. A data sharing apparatus, operating at a sharing receiving end, comprising:
the ciphertext receiving module is used for receiving and sharing ciphertext information sent by the sending end through a preset application;
the data display module is used for displaying the shared data in the preset application when the shared data is determined according to the private key of the preset application and the ciphertext information; the private key corresponds to a public key adopted by the sharing sending end to determine the ciphertext information, the public key is a secret key which is obtained by the sharing sending end according to a sharing instruction and is disclosed to an authorized third-party application, and the sharing instruction is an instruction which is received by the sharing sending end on the third-party application and shares the shared data to the preset application.
12. The data sharing apparatus according to claim 11, further comprising a key decryption module;
the key decryption module is used for decrypting the symmetric cipher text of the cipher text information according to the symmetric key when the asymmetric cipher text of the cipher text information is decrypted according to the preset applied private key to obtain the symmetric key;
and the data display module is used for displaying the shared data in the preset application when the key decryption module decrypts the symmetric ciphertext of the ciphertext information according to the symmetric key to obtain the shared data.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the data sharing method according to any one of claims 1 to 6 when executing the computer program.
14. A computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the data sharing method of any one of claims 1-6.
CN201710488308.9A 2017-06-23 2017-06-23 Data sharing method and device, computer equipment and storage medium Active CN109120576B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710488308.9A CN109120576B (en) 2017-06-23 2017-06-23 Data sharing method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710488308.9A CN109120576B (en) 2017-06-23 2017-06-23 Data sharing method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109120576A CN109120576A (en) 2019-01-01
CN109120576B true CN109120576B (en) 2020-11-03

Family

ID=64733321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710488308.9A Active CN109120576B (en) 2017-06-23 2017-06-23 Data sharing method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109120576B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981655B (en) * 2019-03-29 2022-03-01 富士胶片实业发展(上海)有限公司 Method and device for transmitting and receiving information
CN112769569B (en) * 2021-03-04 2023-02-07 北京德风新征程科技有限公司 Internet of things equipment secure communication method and equipment
CN113032810A (en) * 2021-04-07 2021-06-25 工银科技有限公司 Information processing method, information processing apparatus, electronic device, information processing medium, and program product

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101466094A (en) * 2007-12-18 2009-06-24 郭诺 Method, server and deciphering device for protecting digital contents of mobile communication application
CN101771532A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method, device and system for realizing resource sharing
CN101989992A (en) * 2009-07-31 2011-03-23 中国移动通信集团公司 Downloading method, system and relevant device of wireless application protocol (WAP) services
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN103442059A (en) * 2013-08-27 2013-12-11 华为终端有限公司 File sharing method and device
CN103973736A (en) * 2013-01-30 2014-08-06 华为终端有限公司 Data sharing method and device
CN105025019A (en) * 2015-07-07 2015-11-04 深圳奥联信息安全技术有限公司 Data safety sharing method
CN105208007A (en) * 2015-08-26 2015-12-30 中标软件有限公司 Data sharing system
CN106789008A (en) * 2016-12-16 2017-05-31 北京瑞卓喜投科技发展有限公司 Method, the apparatus and system being decrypted to sharable encryption data

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150052253A1 (en) * 2014-09-22 2015-02-19 Weaved, Inc. Multi-server fractional subdomain dns protocol

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101466094A (en) * 2007-12-18 2009-06-24 郭诺 Method, server and deciphering device for protecting digital contents of mobile communication application
CN101771532A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method, device and system for realizing resource sharing
CN101989992A (en) * 2009-07-31 2011-03-23 中国移动通信集团公司 Downloading method, system and relevant device of wireless application protocol (WAP) services
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN103973736A (en) * 2013-01-30 2014-08-06 华为终端有限公司 Data sharing method and device
CN103442059A (en) * 2013-08-27 2013-12-11 华为终端有限公司 File sharing method and device
CN105025019A (en) * 2015-07-07 2015-11-04 深圳奥联信息安全技术有限公司 Data safety sharing method
CN105208007A (en) * 2015-08-26 2015-12-30 中标软件有限公司 Data sharing system
CN106789008A (en) * 2016-12-16 2017-05-31 北京瑞卓喜投科技发展有限公司 Method, the apparatus and system being decrypted to sharable encryption data

Also Published As

Publication number Publication date
CN109120576A (en) 2019-01-01

Similar Documents

Publication Publication Date Title
US9413754B2 (en) Authenticator device facilitating file security
US11716197B2 (en) System and method for generating a cryptographic key
KR101572799B1 (en) Secure printing between printer and print client device
EP3324572B1 (en) Information transmission method and mobile device
EP3299990A1 (en) Electronic device server and method for communicating with server
KR101777698B1 (en) User terminal, method and computer for receiving and sending messages
CN107733639B (en) Key management method, device and readable storage medium
CN110519268B (en) Voting method, device, equipment, system and storage medium based on block chain
CN109726571B (en) Electronic signature method and device for document, storage medium and electronic equipment
CN113553572B (en) Resource information acquisition method, device, computer equipment and storage medium
CN109981576B (en) Key migration method and device
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN112287372A (en) Method and apparatus for protecting clipboard privacy
CN105871805A (en) Anti-stealing-link method and device
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN113422679B (en) Key generation method, device and system, encryption method, electronic device and computer readable storage medium
CN108900553B (en) Communication method, device and computer readable storage medium
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
Fahl et al. Trustsplit: usable confidentiality for social network messaging
WO2021226596A1 (en) Using keyboard app to encrypt e-mail and other digital data
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN108055271B (en) Encryption and decryption method for electronic mail, storage medium and electronic equipment
CN113243093A (en) System and method for message transmission and retrieval using blockchains
US9537842B2 (en) Secondary communications channel facilitating document security
KR101933444B1 (en) Message server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant