CN109981667A - A kind of user data transmission method and device - Google Patents
A kind of user data transmission method and device Download PDFInfo
- Publication number
- CN109981667A CN109981667A CN201910257966.6A CN201910257966A CN109981667A CN 109981667 A CN109981667 A CN 109981667A CN 201910257966 A CN201910257966 A CN 201910257966A CN 109981667 A CN109981667 A CN 109981667A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- ciphertext
- verification
- target user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Abstract
The present invention provides a kind of user data transmission method and device, the user data transmission method includes: to be handled based on engagement arithmetic and using data providing private key to target user data to obtain the first verification data;Target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data user, so that data user obtains target user data and the first verification data from the ciphertext based on data user private key and is verified using data providing public key to the first verification data.The embodiment of the present invention can effectively guarantee the transmission safety of user data.
Description
Technical field
The invention relates to the communications field, in particular to a kind of user data transmission method and device.
Background technique
More more and more universal in internet, also this is added in more and more numerous today, more and more people to Internet application
A trend, there are also unprincipled fellows to have smelt " business opportunity ", and the information of user is stolen by the various approach of internet, scheme
Take interests.
Currently, the very high information processing of security level needs hardware to participate in, such as bank, hardware cost is very high, opens
Sending out the period also can be elongated.User's access (is opened using OAuth (open to authenticate)+OpenId between most Internet company system
Put mark) mode, not only realize that this login authentication and identification mode need to put into many resources and time, and
And also produced many loopholes, such as influence it is bigger have " hidden redirection " loophole, although not being OAuth agreement itself
Problem, but need to agreement and it is various examine ripe again ripe, otherwise can leave security risk, cause unprincipled fellow is organic can
Multiply.
Apply for content
In view of this, the embodiment of the invention provides a kind of user data transmission method and device, it can be with easily side
The safety of formula guarantee user data transmission.
Thus, on the one hand, the embodiment of the present application provides a kind of user data transmission method, is applied to data providing,
It include: to be handled based on engagement arithmetic and using data providing private key to target user data to obtain the first verification data;
Target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data user, so as to data
User is based on data user private key and obtains target user data and the first verification data from the ciphertext and mentioned using data
Supplier's public key verifies the first verification data.
Optionally, target user data is handled to obtain first based on engagement arithmetic and using data providing private key
Verify data, comprising: to target user data handle based on agreement Digital Signature Algorithm and using data providing private key
The first digital signature is obtained as the first verification data.
Optionally, target user data is handled to obtain first based on engagement arithmetic and using data providing private key
Verify data, comprising: handled to obtain the second number using predetermined portions of the data providing private key to target user data
Signature is as the first verification data.
Optionally, target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data
User, comprising: target user data and the first verification data are encrypted and will be obtained using data user public key
Ciphertext is sent to data user.
Optionally, target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data
User, comprising: target user data and the first verification data are encrypted to obtain the first ciphertext using random key;It uses
Data user public key encrypts random key to obtain the second ciphertext;First ciphertext and the second ciphertext hair are pressed into predetermined format
Data user is given after being assembled.
Optionally, target user data is as obtained from assembling to following data: data user is in data
Unique application identities and user information data at provider;Or unique application identities, user information data and user data
At least one of protocol version, operation information code, timestamp these three data.
On the other hand, the embodiment of the invention provides a kind of subscriber data transmission apparatus, are applied to data providing, packet
Include: secure processing units, be configured to engagement arithmetic and using data providing private key to target user data at
Reason obtains the first verification data, and is encrypted to obtain ciphertext to target user data and the first verification data;Communication unit,
It is configured to the ciphertext being sent to data user, obtains target user so that data user is based on data user private key
Data and the first verification data simultaneously verify the first verification data using data providing public key.
In another aspect, it is applied to data providing the embodiment of the invention provides a kind of subscriber data transmission apparatus, including
Processor, the processor are configured to run scheduled computer instruction to execute mentioning applied to data for any of the above-described embodiment
The user data transmission method of supplier.
On the other hand, the embodiment of the invention provides a kind of user data transmission methods, are applied to data user, packet
Include: from data providing obtain data providing be based on engagement arithmetic and using data providing private key to target user data into
Row processing obtains the ciphertext generated after the first verification data to target user data and the first verification data encryption;Made based on data
Target user data and the first verification data are obtained from the ciphertext with square private key, and using data providing public key to the first school
Data are tested to be verified.
Optionally, the first verification data are digital signature, then are carried out using data providing public key to the first verification data
Verification, comprising: sign test is carried out to the first verification data based on target user data and using data providing public key.
Optionally, the first verification data are digital signature, then are carried out using data providing public key to the first verification data
Verification, comprising: the predetermined portions based on target user data simultaneously test the first verification data using data providing public key
Label.
Optionally, target user data and the first verification data, packet are obtained from the ciphertext based on data user private key
It includes: the ciphertext being decrypted using data user private key to obtain target user data and the first verification data.
Optionally, the ciphertext includes the first ciphertext and the second ciphertext, wherein based on data user private key from described close
Text obtains target user data and the first verification data, comprising: the second ciphertext is decrypted using data user private key
To random key;The first ciphertext is decrypted using random key to obtain target user data and the first verification data.
Optionally, target user data is as obtained from assembling to following data: data user is in data
Unique application identities and user information data at provider;Or unique application identities, user information data and user data
At least one of protocol version, operation information code, timestamp these three data.
In another aspect, being used as data user, the dress the embodiment of the invention provides a kind of subscriber data transmission apparatus
Setting includes: communication unit, is configured to obtain data providing from data providing based on engagement arithmetic and be provided using data
Square private key is handled to add target user data and the first verification data after obtaining the first verification data to target user data
It is dense at ciphertext;Processing unit, be configured to data user private key from the ciphertext obtain target user data and
First verification data, and the first verification data are verified using data providing public key.
On the other hand, the embodiment of the invention provides a kind of subscriber data transmission apparatus, are used as data user, described
Device includes processor, and the processor is configured to run application of the scheduled computer instruction to execute any of the above-described embodiment
In the user data transmission method of the data user as data user.
User data transmission method and device through the embodiment of the present invention, can using data providing public and private key and
The public and private key of data user carries out the verification and encrypted transmission of user data, realizes the bi-directional verification of user data transmission,
So as to effectively guarantee the transmission safety of user data.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of user data transmission method of the invention.
Fig. 2 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 3 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 4 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 5 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 6 A is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 6 B is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 6 C is the schematic flow chart of another embodiment of user data transmission method of the invention.
Fig. 7 is the schematic block diagram of one embodiment of subscriber data transmission apparatus of the invention.
Fig. 8 is the schematic block diagram of another embodiment of subscriber data transmission apparatus of the invention.
Fig. 9 is the schematic flow chart of one embodiment of user data transmission method of the invention.
Figure 10 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Figure 11 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Figure 12 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Figure 13 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Figure 14 is the schematic flow chart of another embodiment of user data transmission method of the invention.
Figure 15 is the schematic block diagram of another embodiment of subscriber data transmission apparatus of the invention.
Figure 16 is the schematic block diagram of another embodiment of subscriber data transmission apparatus of the invention.
Specific embodiment
In the following, being described in detail in conjunction with specific embodiment of the attached drawing to the application, but not as the restriction of the application.
It should be understood that various modifications can be made to disclosed embodiments.Therefore, following description should not regard
To limit, and only as the example of embodiment.Those skilled in the art will expect within the scope and spirit of this
Other modifications.
The attached drawing being included in the description and forms part of the description shows embodiment of the disclosure, and with it is upper
What face provided is used to explain the disclosure together to substantially description and the detailed description given below to embodiment of the disclosure
Principle.By the description of the preferred form with reference to the accompanying drawings to the embodiment for being given as non-limiting example, the application's
These and other characteristic will become apparent.
The specific embodiment of the disclosure is described hereinafter with reference to attached drawing;It will be appreciated, however, that the disclosed embodiments are only
Various ways implementation can be used in the example of the disclosure.Known and/or duplicate function and structure and be not described in detail to avoid
Unnecessary or extra details makes the disclosure smudgy.Therefore, specific structural and functionality disclosed herein is thin
Section is not intended to restrictions, but as just the basis of claim and representative basis be used to instructing those skilled in the art with
Substantially any appropriate detailed construction diversely uses the disclosure.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment
In " or " in other embodiments ", it can be referred to one or more of the identical or different embodiment according to the disclosure.
In the following, the embodiment of the present application is described in detail in conjunction with attached drawing.
Fig. 1 is the schematic flow chart of one embodiment of user data transmission method of the invention.The embodiment of the present invention
User data transmission method be applied to data providing.As shown in Figure 1, the user data transmission method packet of the embodiment of the present invention
It includes:
S11: based on engagement arithmetic and target user data is handled using data providing private key to obtain the first school
Test data;
S12: target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data to make
With side, target user data and the first verification data are obtained from ciphertext and make so that data user is based on data user private key
The first verification data are verified with data providing public key.
In an embodiment of the present invention, data providing can be the owning side of user data, and data user can be
The user of user data.As a specific embodiment, data user for example can be a server, and data provide
Side can be another server, and the two is operated by different operators.As another specific embodiment, data are used
Side can for example be mounted in the application on user terminal, which connect with the application server of data user, and data mention
Supplier can be another server and communicate with data user.
Before transmitting user data, data user needs pre-generated a pair of public and private key, and public key therein is submitted
To data providing;Data providing is also required to pre-generated a pair of public and private key, and generates or distribute one for data user
Unique identification to indicate to be which data user request using user data, and the public key and unique identification is submitted to
Data user.
User data may include unique identification and user information data of the data user at data providing.Work as number
It is in application, the unique identification can be unique application identities, such as AppId according to user.User information data for example can wrap
Include unique identification of the user at data providing, the unique identification can with log-on message of the user at data providing,
The associated storages such as digital resource, personal information information.For example, in the case where data providing is third party login server,
After data user obtains user information data, each user by logon data provider come logon data user when, number
It can be mentioned according to user by verifying the user information data sent from data providing to determine that user has already been through data
The login authentication of supplier, so that user enters logging state in data user.
In embodiments of the present invention, data providing is based on engagement arithmetic and using data providing private key to target user
Data are handled to obtain the first verification data, and the first verification data verify data providing for data user,
Because data user only could be verified the first verification data using correct data providing public key.Data
Provider encrypts the first verification data and target user data together to be obtained ciphertext and is sent to data user, is in order to right
Data user verifies, because only that specific data use private key needed for holding ciphertext decrypting process just now, ability
Target user data and the first verification data are obtained from ciphertext.In this way, realizing between data user and data providing
Bi-directional verification.
The public affairs that the user data transmission method of the embodiment of the present invention passes through public and private key and data user using provider
Private key realizes the verification and encrypted transmission of user data, the bi-directional verification of user data transmission is realized, so as to effective
The safety of ground guarantee user data.When the scheme of the embodiment of the present invention is applied to third party login, even if criminal cuts
User data has been obtained, since they are there is no the private key of data user, the plaintext number for obtaining user data can not be decrypted
According to, and user data can not be also tampered or counterfeit, to efficiently avoid criminal to " hidden redirection " loophole
Utilization.
Fig. 2 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in Fig. 2, this
The user data transmission method of inventive embodiments includes:
S21: based on agreement Digital Signature Algorithm and target user data handle using data providing private key
To the first digital signature as the first verification data.
S22: encrypting target user data and the first digital signature using data user public key and will obtain
Ciphertext is sent to data user, so as to data user be based on data user private key from ciphertext obtain target user data and
First digital signature simultaneously verifies the first digital signature using data providing public key.
In an embodiment of the present invention, data providing carries out target user data using the Digital Signature Algorithm of agreement
Digital signature handles to obtain the first digital signature.The Digital Signature Algorithm of agreement can be arbitrary, for example, DSA signature algorithm or
RSA signature algorithm etc..Then data providing is sent to data after encrypting to target user data and the first digital signature
User, for example, data providing can be used data user public key come to target user data and the first digital signature into
Data user is sent to after row encryption.After data user receives data ciphertext, can based on data user private key from
Data ciphertext obtains target user data and the first digital signature, so that data user can be based on target user data and make
The first digital signature is verified with data providing public key, if passed through to the first digital signature authentication, then it is assumed that target
User data is trust data, otherwise it is assumed that target user data is illegally distorted either counterfeit data, abandons the mesh
Mark user data.
Through the embodiment of the present invention, user data provider has carried out digital label to target user data with the private key of oneself
Name, data user can be used data providing public key and carry out sign test to digital signature, to ensure user data in any
Between be not tampered in transmission process.
Fig. 3 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 3, this
The user data transmission method of inventive embodiments includes:
S31: based on agreement Digital Signature Algorithm and target user data handle using data providing private key
To the first digital signature as the first verification data.
S32: target user data and the first verification data are encrypted to obtain the first ciphertext using random key;
S33: random key is encrypted using data user public key to obtain the second ciphertext;
S34: data user is sent to after the first ciphertext and the second ciphertext are assembled by predetermined format.
In an embodiment of the present invention, random key can be arbitrary, such as the pseudo-random key generated by machine.This
In inventive embodiments, target user data and the first verification data are encrypted to obtain the first ciphertext using random key, it can
To be arbitrary, such as it can be and target user data and the first verification data are encrypted as a whole, it can also be to therein
One or part are encrypted, and are then encrypted again to whole.Further, it is also possible to target user data and the first verification data
Predetermined portions repeatedly encrypted.In the embodiment of the present invention, random key encrypt using data user public key
To the second ciphertext, it is also possible to arbitrary mode, for example, encrypting using data user public key to random key, can be benefit
Partial encryption is carried out to random key with data user public key, whole encryptions can also be carried out to random key.
In embodiments of the present invention, data providing is sent out after being assembled the first ciphertext and the second ciphertext by predetermined format
Data user is given, data user is enabled therefrom to extract the first ciphertext and the second ciphertext according to predetermined format, from
And the second ciphertext is decrypted to obtain random key using the private key of data user.
In an embodiment of the invention, the first verification data can be digital signature.Target user data is in transmission
Before, data providing carries out safe handling to target user data in advance, is signed with the private key of oneself to target user data
Then name generates a random key as symmetric key, is encrypted " target user data+digital signature " with the key, so
Random key is encrypted with the public key of data user afterwards, then by the target user data of encryption, digital signature, key it is close
Text is packaged with according to predetermined format is sent to data user.
What the embodiment of the present invention equally realized between data providing and data user in this process two-way tests
Card, data providing sign to target user data with the private key of oneself, prevent target during any intermediate conveyor
User data is tampered, because only that data providing possesses this private key for signature;And data providing data
The public key of user has added close or public key with data user to for encrypting mesh target user data and digital signature
The key of mark user data is encrypted, and sees clear data so as to prevent from being decrypted in any intermediate conveyor approach,
Because only that data user possess decrypting process needed for private key.It ensure that data ciphertext in the process, can not be tampered,
Can not be counterfeit, the cleartext information of user data is also obtained less than even if being stolen, the safety of data is effectively guaranteed, avoids
Loopholes such as " hidden redirections ".
Fig. 4 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 4, this
The user data transmission method of inventive embodiments includes:
S41: it is handled to obtain the second number label using predetermined portions of the data providing private key to target user data
Name is as the first verification data.
S42: target user data and the first verification data are encrypted and will be obtained using data user public key
Ciphertext is sent to data user.
In an embodiment of the present invention, data providing is using data providing private key to the reservations of target user data
Point handled to obtain the second digital signature as the first verification data that wherein predetermined portions are arbitary conventions.Data user
After obtaining ciphertext, the predetermined portions based on target user data simultaneously test the second digital signature using data providing public key
Label.Specifically, data user can obtain target user data and the first school based on data user private key from ciphertext
After testing data, using data providing public key to first verification data be decrypted afterwards with the predetermined portions of target user data into
Row is relatively verified, and the target user data for then thinking that decryption obtains if the verification passes is legal, otherwise abandons the mesh that decryption obtains
Mark user data.
Fig. 5 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 5, this
The user data transmission method of inventive embodiments includes:
S51: it is handled to obtain the second number label using predetermined portions of the data providing private key to target user data
Name is as the first verification data.
S52: target user data and the first verification data are encrypted to obtain the first ciphertext using random key;
S53: random key is encrypted using data user public key to obtain the second ciphertext;
S54: data user is given after the first ciphertext and the second ciphertext hair are assembled by predetermined format.
The something in common of the embodiment of the present invention and embodiment illustrated in fig. 3 is, all employs random key to target user
Data and the first verification data are encrypted, and are encrypted using data receiver's public key to random key, difference
It is, the generating mode of the first verification data in the embodiment of the present invention is by the way of in embodiment as shown in Figure 4, specifically
Details are not described herein for process.
It should be noted that the first check number is accordingly for digital signature in above embodiments, however, the present invention is not limited thereto.
For example, the first verification data can also be and be carried out by using data providing private key to the key component in target user data
The data ciphertext generated after encryption, data user can be used will after the data ciphertext is decrypted in data providing public key
Decrypted result compares to complete to verify with the key component in target user data.
Fig. 6 A-6C is the schematic flow chart of another embodiment of user data transmission method of the invention.Such as Fig. 6 A institute
Show, the user data transmission method of the embodiment of the present invention includes:
S61: target user data is obtained by assembling to following data: unique application identities, user information number
Accordingly and at least one of User Data Protocol version, operation information code, timestamp these three data.
S62: based on engagement arithmetic and target user data is handled using data providing private key to obtain the first school
Test data;
S63: target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data to make
With side, target user data and the first verification data are obtained from ciphertext and make so that data user is based on data user private key
The first verification data are verified with data providing public key.
In an embodiment of the present invention, specifically:
One, before target user data transmission, the data user of target user data has following steps: generating a pair of public
Private key;Public key is submitted to the data providing of target user data.
Two, before target user data transmission, the provider of target user data has following steps: generating a pair of public and private
Key;A globally unique AppId (application identities) is generated for data user;Public key, AppId are submitted into target user's number
According to data user;Cryptographic algorithm (this hair for disclosing group packet protocol to the data user of target user data and using
Bright embodiment does not denote that the specific symmetrical and asymmetric arithmetic used, but both sides need to arrange mutually specifically used that is
Algorithm).
Three, the provider of target user data assembles target user data, has following steps (Fig. 6 B): assembling AppId is (only
One application identities)+UserInfo (user information data)+Version (User Data Protocol version)+Opcode (operation information
Code)+Timestamp (timestamp) obtains U;The owning side of user signs U to obtain SU with the private key of oneself;Generate one with
The symmetric key K encryption U+SU of machine obtains EU;K is encrypted with the public key of data user and obtains EK;EK+EU is formed into last number
The data user of target user data is sent to according to Data.
Four, after data user acquires data Data, there is following steps (Fig. 6 C): will be in the Data data packet that received
It dismantles, obtains EU and EK;Because the data providing of target user data is encrypted K using the public key of oneself, use
The private key of oneself decrypts EK to obtain symmetric key K;EU is decrypted with K and dismantles to obtain U and SU;With the public key of data providing
The signature SU for verifying target user data U, by verifying the user data Data for being then proved to be and being sent by other side, verifying does not pass through
Then it is considered to be abandoned by data that are counterfeit or distorting using U;If obtaining U, and disassemble obtained use by signature verification
Family information data.
Fig. 7 is the schematic block diagram of one embodiment of subscriber data transmission apparatus of the invention.The user data of Fig. 7 passes
Defeated device is applied to data providing, as shown in fig. 7, the subscriber data transmission apparatus of the embodiment of the present invention includes:
Secure processing units 71 are configured to engagement arithmetic and using data providing private key to target user data
It is handled to obtain the first verification data, and target user data and the first verification data is encrypted to obtain ciphertext,
Communication unit 72 is configured to for ciphertext to be sent to data user, so that data user is used based on data
Square private key obtains target user data and the first verification data and carries out school to the first verification data using data providing public key
It tests.
In an embodiment of the present invention, the operation and configuration of each unit of subscriber data transmission apparatus are applied to number with above-mentioned
It is corresponding according to the user data transmission method of provider.
Being described in module involved in the embodiment of the present application can be realized by way of hardware shown in Fig. 7,
It can be realized by way of software.Fig. 8 is the schematic frame of another embodiment of subscriber data transmission apparatus of the invention
Figure.The subscriber data transmission apparatus of Fig. 8 is applied to data providing, as shown in figure 8, the user data of the embodiment of the present invention passes
Defeated device includes processor 81 and memory 82, and memory 82 is configured to store scheduled computer instruction, and processor 81 configures
It is processed in embodiment according to fig. 1 to fig. 6 to execute for the scheduled computer instruction stored in run memory 82
Journey.
Fig. 9 is the schematic flow chart of one embodiment of user data transmission method of the invention.The user data of Fig. 9
Transmission method is applied to data user.As shown in figure 9, the user data transmission method of the embodiment of the present invention includes:
S91: data providing is obtained from data providing and is based on engagement arithmetic and using data providing private key to target
User data is handled to obtain the ciphertext for generating target user data and the first verification data encryption after the first verification data;
S92: target user data and the first verification data are obtained from ciphertext based on data user private key, and use data
Provider's public key verifies the first verification data.
In an embodiment of the present invention, data providing can be the owning side of user data, and data user can be
The user of user data.As a specific embodiment, data user for example can be a server, and data provide
Side can be another server, and the two is operated by different operators.As another specific embodiment, data are used
Side can for example be mounted in the application on user terminal, which connect with the application server of data user, and data mention
Supplier can be another server and communicate with data user.
Before transmitting user data, data user needs pre-generated a pair of public and private key, and public key therein is submitted
To data providing;Data providing is also required to pre-generated a pair of public and private key, and generates or distribute one for data user
Unique identification to indicate to be which data user request using user data, and the public key and unique identification is submitted to
Data user.
User data may include unique identification and user information data of the data user at data providing.Work as number
It is in application, the unique identification can be unique application identities, such as AppId according to user.User information data for example can wrap
Include unique identification of the user at data providing, the unique identification can with log-on message of the user at data providing,
The associated storages such as digital resource, personal information information.For example, in the case where data providing is third party login server,
After data user obtains user information data, each user by logon data provider come logon data user when, number
It can be mentioned according to user by verifying the user information data sent from data providing to determine that user has already been through data
The login authentication of supplier, so that user enters logging state in data user.
In embodiments of the present invention, data providing is based on engagement arithmetic and using data providing private key to target user
Data are handled to obtain the first verification data, and the first verification data verify data providing for data user,
Because data user only could be verified the first verification data using correct data providing public key.Data
Provider encrypts the first verification data and target user data together to be obtained ciphertext and is sent to data user, is in order to right
Data user verifies, because only that specific data use private key needed for holding ciphertext decrypting process just now, ability
Target user data and the first verification data are obtained from ciphertext.In this way, realizing between data user and data providing
Bi-directional verification.
The public affairs that the user data transmission method of the embodiment of the present invention passes through public and private key and data user using provider
Private key realizes the verification and encrypted transmission of user data, the bi-directional verification of user data transmission is realized, so as to effective
The safety of ground guarantee user data.When the scheme of the embodiment of the present invention is applied to third party login, even if criminal cuts
User data has been obtained, since they are there is no the private key of data user, the plaintext number for obtaining user data can not be decrypted
According to, and user data can not be also tampered or counterfeit, to efficiently avoid criminal to " hidden redirection " loophole
Utilization.
Figure 10 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in Figure 10,
The user data transmission method of the embodiment of the present invention includes:
S101: ciphertext is decrypted using data user private key to obtain target user data and the first verification data.
S102: sign test is carried out to the first verification data based on target user data and using data providing public key.
In an embodiment of the present invention, the first verification data are digital signature, and data user is based on target user data
And sign test is carried out to the first verification data using data providing public key.Specifically, data providing is about established rules using first
It has then used data providing private key to carry out processing to target user data and has generated the first verification data, and data user
Processing is carried out to target user data using the first treaty rule and generates the second verification data, and data user uses data
Provider's public key obtains third verification data to the first verification data deciphering, and the second verification data and third are then verified data
Compare, if comparing result be it is consistent, pass through verifying.
Such as data providing is digitally signed target user data using the Digital Signature Algorithm of agreement and handles
To the first digital signature.The Digital Signature Algorithm of agreement can be arbitrary, such as DSA signature algorithm or RSA signature algorithm etc..
Then data providing is sent to data user, such as data after encrypting to target user data and the first digital signature
The public key of data user can be used to be sent to after encrypting to target user data and the first digital signature in provider
Data user.After data user receives data ciphertext, mesh can be obtained from data ciphertext based on data user private key
User data and the first digital signature are marked, so that data user can be based on target user data and public using data providing
Key verifies the first digital signature, if passed through to the first digital signature authentication, then it is assumed that target user data is credible
Data abandon the target user data otherwise it is assumed that target user data is illegally distorted either counterfeit data.
Figure 11 is the schematic flow chart of another embodiment of user data transmission method of the invention.The number of users of Figure 11
Include: according to transmission method
S111: ciphertext is decrypted using data user private key to obtain target user data and the first verification data.
S112: the predetermined portions based on target user data simultaneously carry out the first verification data using data providing public key
Sign test.
In an embodiment of the present invention, data providing is using data providing private key to the reservations of target user data
Divide and is handled to obtain the second digital signature as the first verification data.After data user obtains ciphertext, used based on data
After obtaining target user data and the first verification data in ciphertext, the predetermined portions based on target user data simultaneously make square private key
Sign test is carried out to the first verification data with data providing public key, then thinks target user's number that decryption obtains if the verification passes
According to legal, the target user data that decryption obtains otherwise is abandoned.
Figure 12 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 12,
The user data transmission method of the embodiment of the present invention includes:
S121: the second ciphertext is decrypted to obtain random key using data user private key.
S122: the first ciphertext is decrypted using random key to obtain target user data and the first verification data;
S123: processing is carried out to target user data and generates the second verification data, based on the second verification data to by making
Sign test is carried out to the first verification data with data providing public key.
In an embodiment of the present invention, random key can be arbitrary, such as the pseudo-random key generated by machine.This
In inventive embodiments, target user data and the first verification data are encrypted to obtain the first ciphertext using random key, it can
To be arbitrary, such as it can be and target user data and the first verification data are encrypted as a whole, it can also be to therein
One or part are encrypted, and are then encrypted again to whole.Further, it is also possible to target user data and the first verification data
Predetermined portions repeatedly encrypted.In the embodiment of the present invention, random key encrypt using data user public key
To the second ciphertext, it is also possible to arbitrary mode, for example, encrypting using data user public key to random key, can be benefit
Partial encryption is carried out to random key with data user public key, can also carry out whole encryptions to random key, or can be with
It is the encryption that pre-determined number is carried out to random key.
In embodiments of the present invention, data providing is sent out after being assembled the first ciphertext and the second ciphertext by predetermined format
Data user is given, the first ciphertext and the second ciphertext can therefrom be extracted according to predetermined format by obtaining data user, thus
The second ciphertext is decrypted to obtain random key using the private key of data user, and then the first ciphertext is decrypted with random key
To target user data and the first verification data, then the first verification data are verified.Checking procedure is specifically as follows, right
Target user data carries out processing and generates the second verification data, based on the second verification data to by using data providing public key
Sign test is carried out to the first verification data.The rule for generating the second verification data generates the first verification data according to data providing
Rule determines, such as can be digital signature rule and generate the first verification data isotactic to the predetermined portions of target user data
Then.
Figure 13 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 13,
The user data transmission method of the embodiment of the present invention includes:
S131: the second ciphertext is decrypted to obtain random key using data user private key;
S132: the first ciphertext is decrypted using random key to obtain target user data and the first verification data;
S133: the predetermined portions based on target data simultaneously test the first verification data using data providing public key
Label.
In an embodiment of the present invention, predetermined portions are all arbitary conventions, in one embodiment, such as target are used
The various pieces of user data renumber.It is private based on data user after data user obtains the first ciphertext and the second ciphertext
Key obtained from ciphertext target user data and first verification data, and using data providing public key to first verification data into
Row decryption obtains the second verification data, the second verification data is compared verifying with the predetermined portions of target user data, such as
Fruit is verified, and the target user data for thinking that decryption obtains is legal, otherwise abandons the target user data that decryption obtains.
Figure 14 is the schematic flow chart of another embodiment of user data transmission method of the invention.As shown in figure 14,
The user data transmission method of the embodiment of the present invention includes:
S141: data providing is obtained from data providing and is based on engagement arithmetic and using data providing private key to target
User data is handled to obtain the ciphertext for generating target user data and the first verification data encryption after the first verification data;
S142: target user data and the first verification data are obtained from ciphertext based on data user private key, and use number
The first verification data are verified according to provider's public key;
S143: after verifying successfully, following data are extracted from target user data: unique application identities and user information number
According to;Or unique application identities, user information data and User Data Protocol version, operation information code, timestamp these three
At least one of data.
The specific implementation process of the embodiment of the present invention can be found in Fig. 6 A-6C illustrated embodiment, omits specifically describe herein.
Figure 15 is the schematic block diagram of another embodiment of subscriber data transmission apparatus of the invention.As shown in figure 15, originally
The subscriber data transmission apparatus of inventive embodiments, is applied to data user, which includes:
Communication unit 151 is configured to obtain data providing from data providing based on engagement arithmetic and uses data
Provider's private key handles to obtain after the first verification data to target user data and the first check number target user data
The ciphertext generated according to encryption;
Processing unit 152 is configured to data user private key from ciphertext and obtains target user data and the first school
Data are tested, and the first verification data are verified using data providing public key.
In an embodiment of the present invention, the operation and configuration of each unit of subscriber data transmission apparatus are applied to number with above-mentioned
It is corresponding according to the user data transmission method of user.
Being described in module involved in the embodiment of the present application can be realized by way of hardware shown in figure 15,
It can be realized by way of software.Figure 16 is the schematic frame of another embodiment of subscriber data transmission apparatus of the invention
Figure.The subscriber data transmission apparatus of Figure 16 is applied to data user, which includes 161 He of processor
Memory 162, memory 162 are configured to store scheduled computer instruction, and processor 161 is configured in run memory 162
The scheduled computer instruction of storage is to execute the treatment process according to Fig. 9 into embodiment illustrated in fig. 14.
It is apparent to those skilled in the art that for convenience and simplicity of description, the data of foregoing description
The electronic equipment that processing method is applied to, can be with reference to the corresponding description in before-mentioned products embodiment, and details are not described herein.
Above embodiments are only the exemplary embodiment of the application, are not used in limitation the application, the protection scope of the application
It is defined by the claims.Those skilled in the art can make respectively the application in the essence and protection scope of the application
Kind modification or equivalent replacement, this modification or equivalent replacement also should be regarded as falling within the scope of protection of this application.
Claims (16)
1. a kind of user data transmission method is applied to data providing, comprising:
Based on engagement arithmetic and target user data is handled using data providing private key to obtain the first verification data;
Target user data and the first verification data are encrypted to obtain ciphertext and ciphertext is sent to data user, so as to
Data user is based on data user private key and obtains target user data and the first verification data from the ciphertext and use number
The first verification data are verified according to provider's public key.
2. user data transmission method according to claim 1, which is characterized in that mentioned based on engagement arithmetic and using data
Supplier's private key handles target user data to obtain the first verification data, comprising:
Based on agreement Digital Signature Algorithm and target user data is handled using data providing private key to obtain the first number
Word signature is as the first verification data.
3. user data transmission method according to claim 1, which is characterized in that mentioned based on engagement arithmetic and using data
Supplier's private key handles target user data to obtain the first verification data, comprising:
Data providing private key is used to be handled to obtain the second digital signature as to the predetermined portions of target user data
One verification data.
4. user data transmission method according to any one of claim 1-3, which is characterized in that target user data
It is encrypted to obtain ciphertext with the first verification data and ciphertext is sent to data user, comprising:
Target user data and the first verification data are encrypted using data user public key and send obtained ciphertext
Give data user.
5. user data transmission method according to any one of claim 1-3, which is characterized in that target user data
It is encrypted to obtain ciphertext with the first verification data and ciphertext is sent to data user, comprising:
Target user data and the first verification data are encrypted to obtain the first ciphertext using random key;
Random key is encrypted using data user public key to obtain the second ciphertext;
Data user is sent to after first ciphertext and the second ciphertext are assembled by predetermined format.
6. user data transmission method according to any one of claims 1-5, which is characterized in that target user data is
As obtained from being assembled to following data: unique application identities and user letter of the data user at data providing
Cease data;Or unique application identities, user information data and User Data Protocol version, operation information code, timestamp this
At least one of three kinds of data.
7. a kind of subscriber data transmission apparatus is applied to data providing, comprising:
Secure processing units, be configured to engagement arithmetic and using data providing private key to target user data at
Reason obtains the first verification data, and is encrypted to obtain ciphertext to target user data and the first verification data;
Communication unit is configured to the ciphertext being sent to data user, so that data user is based on data user
Private key is obtained target user data and the first verification data and is verified using data providing public key to the first verification data.
8. a kind of subscriber data transmission apparatus is applied to data providing, including processor, which is characterized in that the processor
It is configured to run scheduled computer instruction to execute method according to claim 1 to 6.
9. a kind of user data transmission method is applied to data user, comprising:
Data providing, which is obtained, from data providing is based on engagement arithmetic and using data providing private key to target user data
It is handled to obtain the ciphertext for generating target user data and the first verification data encryption after the first verification data;
Target user data and the first verification data are obtained from the ciphertext based on data user private key, and is provided using data
Square public key verifies the first verification data.
10. user data transmission method according to claim 9, which is characterized in that the first verification data are digital signature,
Then the first verification data are verified using data providing public key, comprising:
Sign test is carried out to the first verification data based on target user data and using data providing public key.
11. user data transmission method according to claim 9, which is characterized in that the first verification data are digital signature,
Then the first verification data are verified using data providing public key, comprising:
Predetermined portions based on target user data simultaneously carry out sign test to the first verification data using data providing public key.
12. the user data transmission method according to any one of claim 9-11, which is characterized in that used based on data
Square private key obtains target user data and the first verification data from the ciphertext, comprising:
The ciphertext is decrypted using data user private key to obtain target user data and the first verification data.
13. the user data transmission method according to any one of claim 9-11, which is characterized in that the ciphertext includes
First ciphertext and the second ciphertext, wherein target user data and the first school are obtained from the ciphertext based on data user private key
Test data, comprising:
The second ciphertext is decrypted to obtain random key using data user private key;
The first ciphertext is decrypted using random key to obtain target user data and the first verification data.
14. the user data transmission method according to any one of claim 9-11, which is characterized in that target user data
It is as obtained from being assembled to following data: unique application identities and user of the data user at data providing
Information data;Or unique application identities, user information data and User Data Protocol version, operation information code, timestamp
At least one of these three data.
15. a kind of subscriber data transmission apparatus, is used as data user, which includes:
Communication unit is configured to obtain data providing from data providing based on engagement arithmetic and using data providing private
Key handles target user data to verify data encryption life to target user data and first after obtaining the first verification data
At ciphertext;
Processing unit is configured to data user private key from the ciphertext and obtains target user data and the first check number
According to, and the first verification data are verified using data providing public key.
16. a kind of subscriber data transmission apparatus is used as data user, described device includes processor, which is characterized in that institute
Processor is stated to be configured to run scheduled computer instruction to execute the method according to any one of claim 9-14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910257966.6A CN109981667B (en) | 2019-04-01 | 2019-04-01 | User data transmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910257966.6A CN109981667B (en) | 2019-04-01 | 2019-04-01 | User data transmission method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109981667A true CN109981667A (en) | 2019-07-05 |
| CN109981667B CN109981667B (en) | 2020-07-03 |
Family
ID=67082205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910257966.6A Active CN109981667B (en) | 2019-04-01 | 2019-04-01 | User data transmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109981667B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112367612A (en) * | 2020-11-06 | 2021-02-12 | 歌尔科技有限公司 | UWB-based positioning method, UWB device and positioning system |
| CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101668013A (en) * | 2009-03-30 | 2010-03-10 | 刘文祥 | Network connection technology and system thereof |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102006303A (en) * | 2010-12-06 | 2011-04-06 | 河海大学 | Method and terminal for increasing data transmission safety by using multi-encryption method |
| CN103684794A (en) * | 2013-12-25 | 2014-03-26 | 华南理工大学 | Communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm) encryption algorithms |
| US20170178271A1 (en) * | 2002-09-30 | 2017-06-22 | Myport Technologies, Inc. | Apparatus and method for embedding searchable information, encryption, transmission, storage and retrieval |
| CN108599950A (en) * | 2018-04-09 | 2018-09-28 | 北京无字天书科技有限公司 | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords |
| CN108809656A (en) * | 2018-07-18 | 2018-11-13 | 陕西师范大学 | A kind of Key Exchange Protocol building method based on double authentication protection signature |
| US20180332011A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Secure cryptlet tunnel |
| CN109245905A (en) * | 2018-11-01 | 2019-01-18 | 四川长虹电器股份有限公司 | The method that message is digitally signed and is encrypted based on RSA and aes algorithm |
| EP3435265A1 (en) * | 2017-07-25 | 2019-01-30 | Skidata Ag | Method for secure authentication for devices which can be connected to a server connectible devices, in particular for access control devices or payment or vending machine of an access control system |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
-
2019
- 2019-04-01 CN CN201910257966.6A patent/CN109981667B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170178271A1 (en) * | 2002-09-30 | 2017-06-22 | Myport Technologies, Inc. | Apparatus and method for embedding searchable information, encryption, transmission, storage and retrieval |
| CN101668013A (en) * | 2009-03-30 | 2010-03-10 | 刘文祥 | Network connection technology and system thereof |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102006303A (en) * | 2010-12-06 | 2011-04-06 | 河海大学 | Method and terminal for increasing data transmission safety by using multi-encryption method |
| CN103684794A (en) * | 2013-12-25 | 2014-03-26 | 华南理工大学 | Communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm) encryption algorithms |
| US20180332011A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Secure cryptlet tunnel |
| EP3435265A1 (en) * | 2017-07-25 | 2019-01-30 | Skidata Ag | Method for secure authentication for devices which can be connected to a server connectible devices, in particular for access control devices or payment or vending machine of an access control system |
| CN108599950A (en) * | 2018-04-09 | 2018-09-28 | 北京无字天书科技有限公司 | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords |
| CN108809656A (en) * | 2018-07-18 | 2018-11-13 | 陕西师范大学 | A kind of Key Exchange Protocol building method based on double authentication protection signature |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
| CN109245905A (en) * | 2018-11-01 | 2019-01-18 | 四川长虹电器股份有限公司 | The method that message is digitally signed and is encrypted based on RSA and aes algorithm |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
| CN112367612A (en) * | 2020-11-06 | 2021-02-12 | 歌尔科技有限公司 | UWB-based positioning method, UWB device and positioning system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109981667B (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309565B (en) | Security authentication method and device | |
| Shirey | RFC 4949: Internet Security Glossary, Version 2 | |
| US8051297B2 (en) | Method for binding a security element to a mobile device | |
| US8862889B2 (en) | Protocol for controlling access to encryption keys | |
| EP4016920A1 (en) | Confidential authentication and provisioning | |
| CN109075976A (en) | Certificate depending on key authentication is issued | |
| CN106790090A (en) | Communication means, apparatus and system based on SSL | |
| CN106790183A (en) | Logging on authentication method of calibration, device | |
| CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN106878245A (en) | The offer of graphic code information, acquisition methods, device and terminal | |
| CN101420302A (en) | Safe identification method and device | |
| CN111130799B (en) | Method and system for HTTPS protocol transmission based on TEE | |
| CN109981665A (en) | Resource provider method and device, resource access method and device and system | |
| CN107294964B (en) | Information transmission method | |
| Singh | Network Security and Management | |
| Alizai et al. | Key-based cookie-less session management framework for application layer security | |
| CN105657699A (en) | Safe data transmission method | |
| CN109981667A (en) | A kind of user data transmission method and device | |
| CN113630238B (en) | User request permission method and device based on password confusion | |
| US20060129812A1 (en) | Authentication for admitting parties into a network | |
| CA2553081C (en) | A method for binding a security element to a mobile device | |
| Suga | SSL/TLS status survey in Japan-transitioning against the renegotiation vulnerability and short RSA key length problem | |
| KR102308248B1 (en) | Encryption Gateway equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service between IoT device using the same | |
| Han et al. | Scalable and secure virtualization of hsm with scaletrust |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 124, 1 / F, building 2, yard 9, jiaogezhuang street, Nanfaxin Town, Shunyi District, Beijing Patentee after: Beijing Wikipedia Technology Co.,Ltd. Address before: 102200 No. 1, 120, Area C, 23 Qianqian Road, Changping Science and Technology Park, Beijing Patentee before: Beijing Wikipedia Technology Co.,Ltd. |