Disclosure of Invention
The invention mainly aims to provide a terminal, a data transmission method and a computer readable storage medium, aiming at solving the problem that the property of a user has potential safety hazard due to low data safety.
In order to achieve the above object, the present invention provides a data transmission method, which includes the following steps:
a first terminal determines target data to be sent and randomly generates key information corresponding to the target data, wherein the key information comprises a random key and a random number;
encrypting the target data according to the key information to obtain encrypted target data, and generating signature information according to the key information and the target data;
and generating target encrypted data according to the key information, the encrypted target data and the signature information, and transmitting the target encrypted data to a second terminal.
In an embodiment, the encrypting the target data according to the key information to obtain encrypted target data, and generating signature information according to the key information and the target data includes:
acquiring a preset field to generate target data to be processed according to the preset field and the target data;
calculating the first random key, the random number and the target data to be processed by adopting a signature algorithm to generate signature information;
and encrypting the target data to be processed by adopting a first random key to obtain encrypted target data.
In one embodiment, the random key further comprises a second random key comprising a second random private key, and the step of generating target encrypted data from the key information, the encrypted target data, and the signature information comprises:
encrypting the first random key and the random number according to the second random private key to obtain encryption key information;
encrypting the signature information to obtain encrypted signature information;
and generating the target encrypted data according to the encryption key information, the encryption signature information and the encrypted target data.
In an embodiment, the second random key further includes a second random public key paired with the second random private key, and after the step of randomly generating the key information corresponding to the target data, the method further includes:
and sending the second random public key to the second terminal, wherein the first terminal is a server, the second terminal is a mobile terminal, or the second terminal is a server, the first terminal is a mobile terminal, and the mobile terminal loads an application program associated with the server.
In order to achieve the above object, the present invention further provides a data transmission method, where the data decryption method includes the following steps:
the second terminal receives the target encrypted data sent by the first terminal;
decrypting the target encrypted data to obtain a first random key, a random number, signature information and target data to be processed;
verifying the signature information according to the first random key, the random number and the target data to be processed;
and after the verification is successful, acquiring target data according to the target data to be processed.
In an embodiment, the step of verifying the signature information according to the first random key, the random number, and the target data to be processed includes:
generating verification signature information according to the first random key, the random number and the target data to be processed;
and judging whether the verification signature information is matched with the signature information, wherein when the verification signature information is matched with the signature information, the verification is judged to be successful.
In an embodiment, the step of decrypting the target encrypted data to obtain the first random key, the random number, the signature information, and the target data to be processed includes:
analyzing the target encrypted data to obtain encrypted signature information, encrypted key information and encrypted target data;
decrypting the encrypted signature information to obtain signature information, and decrypting the encrypted key information by adopting a second random public key to obtain a first random key and a random number;
and decrypting the encrypted target data by adopting the first random key to obtain the target data to be processed.
To achieve the above object, the present invention also provides a terminal including a processor, a memory, and a data processing program stored on the memory and operable on the processor, the data processing program, when executed by the processor, implementing the steps of the data transmission method as described above.
In an embodiment, the terminal is a server or a mobile terminal, and the mobile terminal is loaded with an application program associated with the server.
To achieve the above object, the present invention also provides a computer-readable storage medium storing a data processing program that implements the steps of the data processing method as above when executed by the processor.
According to the terminal, the data transmission method and the computer readable storage medium provided by the invention, the first terminal acquires target data to be transmitted, randomly generates key information of the target data, encrypts the target data according to the key information, generates signature information according to the key information and the target data, generates target encrypted data according to the signature information, the encrypted target data and the key information, and transmits the target encrypted data to the second terminal; the first terminal encrypts the data by adopting the random key and the random number when sending the data, so that the condition that illegal molecules fraudulently cheat the client by acquiring the unencrypted data is avoided, the data security is improved, the property security of a user is ensured, meanwhile, the first terminal generates signature information by adopting the random key, the target data and the random number, the encrypted data needs to be signed and verified by the second terminal, the condition that the second terminal leaks the data due to the fact that the second terminal receives the tampered data is avoided, and the data security is further improved.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: a first terminal determines target data to be sent and randomly generates key information corresponding to the target data, wherein the key information comprises a random key and a random number; encrypting the target data according to the key information to obtain encrypted target data, and generating signature information according to the key information and the target data; and generating target encrypted data according to the key information, the encrypted target data and the signature information, and transmitting the target encrypted data to a second terminal.
The first terminal encrypts the data by adopting the random key and the random number when sending the data, so that the condition that illegal molecules fraudulently cheat the client by acquiring the unencrypted data is avoided, the data security is improved, the property security of a user is ensured, meanwhile, the first terminal generates signature information by adopting the random key, the target data and the random number, the encrypted data needs to be signed and verified by the second terminal, the condition that the second terminal leaks the data due to the fact that the second terminal receives the tampered data is avoided, and the data security is further improved.
As an implementation, the terminal may be as shown in fig. 1.
The embodiment of the invention relates to a terminal, which can be a mobile terminal or a server, wherein the mobile terminal loads an application program associated with the server, and the terminal comprises: a processor 101, e.g. a CPU, a memory 102, a communication bus 103. Wherein a communication bus 103 is used for enabling the connection communication between these components.
The memory 102 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). As shown in fig. 1, a memory 102, which is a kind of computer-readable storage medium, may include therein a data processing program; and the processor 101 may be configured to call the data processing program stored in the memory 102 and perform the following operations:
a first terminal determines target data to be sent and randomly generates key information corresponding to the target data, wherein the key information comprises a random key and a random number;
encrypting the target data according to the key information to obtain encrypted target data, and generating signature information according to the key information and the target data;
and generating target encrypted data according to the key information, the encrypted target data and the signature information, and transmitting the target encrypted data to a second terminal.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
acquiring a preset field to generate target data to be processed according to the preset field and the target data;
calculating the first random key, the random number and the target data to be processed by adopting a signature algorithm to generate signature information;
and encrypting the target data to be processed by adopting a first random key to obtain encrypted target data.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
encrypting the first random key and the random number according to the second random private key to obtain encryption key information;
encrypting the signature information to obtain encrypted signature information;
and generating the target encrypted data according to the encryption key information, the encryption signature information and the encrypted target data.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
and sending the second random public key to the second terminal, wherein the first terminal is a server, the second terminal is a mobile terminal, or the second terminal is a server, the first terminal is a mobile terminal, and the mobile terminal loads an application program associated with the server.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
the second terminal receives the target encrypted data sent by the first terminal;
decrypting the target encrypted data to obtain a first random key, a random number, signature information and target data to be processed;
verifying the signature information according to the first random key, the random number and the target data to be processed;
and after the verification is successful, acquiring target data according to the target data to be processed.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
generating verification signature information according to the first random key, the random number and the target data to be processed;
and judging whether the verification signature information is matched with the signature information, wherein when the verification signature information is matched with the signature information, the verification is judged to be successful.
In one embodiment, the processor 101 may be configured to call a data handler stored in the memory 102 and perform the following operations:
analyzing the target encrypted data to obtain encrypted signature information, encrypted key information and encrypted target data;
decrypting the encrypted signature information to obtain signature information, and decrypting the encrypted key information by adopting a second random public key to obtain a first random key and a random number;
and decrypting the encrypted target data by adopting the first random key to obtain the target data to be processed.
According to the scheme, the first terminal acquires target data to be sent, randomly generates key information of the target data, encrypts the target data according to the key information, generates signature information according to the key information and the target data, generates target encrypted data according to the signature information, the encrypted target data and the key information, and sends the target encrypted data to the second terminal; the first terminal encrypts the data by adopting the random key and the random number when sending the data, so that the condition that illegal molecules fraudulently cheat the client by acquiring the unencrypted data is avoided, the data security is improved, the property security of a user is ensured, meanwhile, the first terminal generates signature information by adopting the random key, the target data and the random number, the encrypted data needs to be signed and verified by the second terminal, the condition that the second terminal leaks the data due to the fact that the second terminal receives the tampered data is avoided, and the data security is further improved.
Based on the hardware architecture of the terminal, the embodiment of the data transmission method is provided.
Referring to fig. 2, fig. 2 is a diagram of an embodiment of a data transmission method according to the present invention, where the data transmission method includes the following steps:
step S10, the first terminal determines target data to be sent and randomly generates key information corresponding to the target data, wherein the key information comprises a random key and a random number;
in this embodiment, the execution subject is a first terminal, the first terminal is a server or a mobile terminal, and the mobile terminal is loaded with an application program associated with the server.
When the first terminal needs to send data (target data to be sent) to the second terminal, key information is randomly generated, the key information includes a random key and a random number, the random key includes a first random key and a second random key, the second random key is a symmetric key, that is, the second random key includes a second random public key and a second random private key.
In addition, the first terminal and the second terminal are in the relationship between the server and the client, so that after the first terminal generates the second random public key, the first terminal can transmit the second random public key to the second terminal through the serial port without publishing the second random public key.
It should be noted that, when the first terminal is a server and the first terminal receives the communication request, it needs to determine whether the terminal sending the communication request is the second terminal, that is, determine whether the second terminal loads an Application (APP) associated with the server, and if the second terminal loads the APP associated with the server, it may determine that the terminal is the second terminal, and at this time, the first terminal may agree that the second terminal communicates with the first terminal.
Step S20, encrypting the target data according to the key information to obtain encrypted target data, and generating signature information according to the key information and the target data;
when the first terminal generates the key information, the first terminal encrypts the target data according to the key information, and generates the signature information according to the key information and the target data, specifically, referring to fig. 3, step S20 includes:
step S21, acquiring a preset field, and generating target data to be processed according to the preset field and the target data;
step S22, calculating the first random key, the random number and the target data to be processed by a signature algorithm to generate signature information;
and step S23, encrypting the target data to be processed by adopting a first random key to obtain encrypted target data.
The first terminal places target data in a data field (preset field) to obtain a target data field (target data to be processed), performs base64 encoding on the target data field, and encrypts the encoded target data field by using a generated first random key to obtain encrypted target data; the first terminal places the generated first random key in the key field to obtain a target key field, places the generated random number in the salt field to obtain a target salt field, and then calculates the target key field, the target salt field and the target date field by adopting a preset algorithm (signature algorithm) so as to generate a sign field, wherein the sign field is signature information.
Step S30, generating target encrypted data according to the key information, the encrypted target data, and the signature information, and transmitting the target encrypted data to a second terminal.
After the first terminal obtains the signature information, the first terminal may generate the target encrypted data according to the signature information, the encrypted target data, and the key information, specifically, referring to fig. 4, that is, step S30 includes:
step S31, encrypting the first random key and the random number according to the second random private key to obtain encryption key information;
the first terminal performs base64 encoding on the target key field and the target salt field, and encrypts the encoded target key field and the encoded target salt field by using a second random private key, so as to obtain encryption key information.
Step S32, encrypting the signature information to obtain encrypted signature information;
the second terminal performs base64 encoding on the sign field, and encrypts the encoded sign field to obtain an encrypted sign field, namely encrypted signature information
Step S33, generating the target encrypted data according to the encryption key information, the encryption signature information, and the encrypted target data.
After the first terminal obtains the encrypted signature information and the encrypted key information, the encrypted signature information, the encrypted key information and the encrypted target data can be packaged, so that target encrypted data is generated, and then the target encrypted data is sent to the second terminal.
When the first terminal is a mobile terminal, the second terminal is a server; if the first terminal is a server, the second terminal is a mobile terminal, that is, the first terminal and the second terminal are in a relationship between a server and a client.
It should be noted that, in the present invention, the first terminal encrypts the first random key and the random number by using the first encryption algorithm, encrypts the target data to be processed by using the second encryption algorithm, and encrypts the signature information by using the third encryption algorithm, where the first, second, and third encryption algorithms may be the same or different, and all use the private key of the encryption algorithm to encrypt, and publish the corresponding public key.
After the second terminal receives the target encrypted data, analyzing the target encrypted data to obtain encrypted signature information, encrypted key information and encrypted target data; the second terminal decrypts the encrypted signature information through a public key corresponding to a third encryption algorithm to obtain signature information; decrypting the encrypted key information by using a public key corresponding to a first encryption algorithm to obtain a first random key and a random number, decrypting the encrypted target data by using the first random key to obtain target data to be processed, and generating verification signature information by using a signature algorithm on the first random key, the random number and the target data to be processed; the second terminal judges whether the verification signature information is consistent with the signature information obtained by decryption; if yes, the second terminal extracts target data from the target data to be processed; if the target data is inconsistent with the target data transmitted by the first terminal, the second terminal judges that the target data transmitted by the first terminal is tampered, and at the moment, the second terminal sends prompt information to the first terminal, so that the first terminal can know that the data is stolen, and measures are taken in time to avoid potential safety hazards of the data.
In the invention, all data are encrypted and transmitted in the whole communication process of the mobile phone APP and the service end, and only the communication request initiated by the mobile phone APP is accepted and processed by the service end, thereby preventing the attack. Data privacy security of the client using the APP is guaranteed to the maximum extent.
In the technical scheme provided by this embodiment, a first terminal acquires target data to be transmitted, randomly generates key information of the target data, encrypts the target data according to the key information, generates signature information according to the key information and the target data, generates target encrypted data according to the signature information, the encrypted target data and the key information, and transmits the target encrypted data to a second terminal; the first terminal encrypts the data by adopting the random key and the random number when sending the data, so that the condition that illegal molecules fraudulently cheat the client by acquiring the unencrypted data is avoided, the data security is improved, the property security of a user is ensured, meanwhile, the first terminal generates signature information by adopting the random key, the target data and the random number, the encrypted data needs to be signed and verified by the second terminal, the condition that the second terminal leaks the data due to the fact that the second terminal receives the tampered data is avoided, and the data security is further improved.
Referring to fig. 5, fig. 5 is another embodiment of the data transmission method of the present invention, where the data transmission method includes the following steps:
step S100, a second terminal receives target encrypted data sent by a first terminal;
in this embodiment, the second terminal is an execution main body, the second terminal is a server or a mobile terminal, the mobile terminal is loaded with an application program associated with the server, and when the second terminal is the server, the first terminal is the mobile terminal; and when the second terminal is a mobile terminal, the first terminal is a server.
Step S200, decrypting the target encrypted data to obtain a first random key, a random number, signature information and target data to be processed;
after the second terminal receives the target encrypted data sent by the first terminal, the second terminal decrypts the target encrypted data, specifically, referring to fig. 6, that is, step S200 includes:
step S210, analyzing the target encrypted data to obtain encrypted signature information, encrypted key information and encrypted target data;
step S220, decrypting the encrypted signature information to obtain signature information, and decrypting the encrypted key information by adopting a second random public key to obtain a first random key and a random number;
step S230, decrypting the encrypted target data by using the first random key to obtain the target data to be processed.
The second terminal analyzes the target encrypted data to obtain encrypted signature information, encrypted key information and encrypted target data; the second terminal analyzes the encrypted signature information by adopting a public key corresponding to a third encryption algorithm to obtain signature information, namely a sign field;
the first terminal generates a second random public key and a second random private key, then sends the second random public key to the second terminal, the second terminal can decrypt the encrypted key information by adopting the second random public key to obtain a first random secret key and a random number, namely a target salt field and a target key field, and then the second terminal extracts the random number in the target salt field and extracts the first random secret key in the target key field; then, the encrypted target data is decrypted by adopting the first random key, so that target data to be processed, namely a target date field is obtained
Step S300, verifying the signature information according to the first random key, the random number and the target data to be processed;
after obtaining the first random key, the target data to be processed, the random number, and the signature information, the second terminal may perform signature verification on the signature information according to the first random key, the target data to be processed, and the random number, specifically, referring to fig. 7, that is, step S300 includes:
step S310, generating verification signature information according to the first random key, the random number and the target data to be processed;
step S320, determining whether the verification signature information matches with the signature information, wherein when the verification signature information matches with the signature information, it is determined that the verification is successful.
The second terminal calculates the target date field, the target key field and the target salt field by adopting a signature algorithm to obtain a verification sign field, namely verification signature information; the second terminal judges whether the sign field is matched with the verification sign field, if the sign field is consistent with the verification sign field, the signature is successfully verified, namely the target encrypted data is not tampered; and when the sign field is inconsistent with the verification sign field, the signature verification fails, the target encrypted data is tampered, and at the moment, the second terminal sends prompt information to the first terminal, so that the first terminal knows that the potential safety hazard of data transmission exists, and corresponding measures such as virus killing and the like are adopted in time.
And step S400, after the verification is successful, acquiring target data according to the target data to be processed.
After the signature verification is successful, the second terminal can extract the target data from the target data.
In the technical scheme provided by this embodiment, after receiving target encrypted data sent by a first terminal, a second terminal decrypts the target encrypted data to obtain a first random key, a random number, signature information and target data to be processed, so as to verify the signature information according to the first random key, the random number and the target data to be processed, and if verification is successful, extract the target data from the target data to be processed; the second terminal verifies the signature of the target encrypted data, so that the second terminal can find out whether the data sent by the first terminal is tampered or not in time, and the security of the data is improved.
The present invention also provides a terminal comprising a processor, a memory and a data processing program stored on the memory and operable on the processor, the data processing program, when executed by the processor, implementing the steps of the data transmission method according to the above embodiments.
In an embodiment, the terminal is a server or a mobile terminal, and the mobile terminal is loaded with an application program associated with the server.
The present invention also provides a computer-readable storage medium storing a data processing program which, when executed by the processor, implements the steps of the data transmission method according to the above embodiment.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.