CN110011958B - Information encryption method and device, computer equipment and storage medium - Google Patents

Information encryption method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN110011958B
CN110011958B CN201811526501.8A CN201811526501A CN110011958B CN 110011958 B CN110011958 B CN 110011958B CN 201811526501 A CN201811526501 A CN 201811526501A CN 110011958 B CN110011958 B CN 110011958B
Authority
CN
China
Prior art keywords
target
information
encrypted file
sent
secret key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811526501.8A
Other languages
Chinese (zh)
Other versions
CN110011958A (en
Inventor
彭光宗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811526501.8A priority Critical patent/CN110011958B/en
Publication of CN110011958A publication Critical patent/CN110011958A/en
Application granted granted Critical
Publication of CN110011958B publication Critical patent/CN110011958B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses an information encryption method, an information encryption device, computer equipment and a storage medium, wherein the information encryption method comprises the following steps: sending request information for requesting information interaction to a target service end so that a plurality of target service ends send the same target secret key to a sending end and a receiving end which participate in information interaction according to the request information; the sending end receives a target secret key sent by the target service end, and encrypts data information to be sent according to the target secret key to generate an encrypted file; and the receiving end receives a target secret key sent by the target service end, and performs reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information. By the method of issuing the same secret key in real time, the data verification process is integrated in the data decryption process, an independent verification center is not required to be arranged, distributed verification of data is achieved, verification efficiency is improved, verification cost is reduced, and safety of data verification is improved.

Description

Information encryption method and device, computer equipment and storage medium
Technical Field
The embodiment of the invention relates to the field of data encryption, in particular to an information encryption method, an information encryption device, computer equipment and a storage medium.
Background
Authentication (authentication) refers to verifying whether a user has the right to access a system. If the authentication function is not available, the mobile user can freely access and use any wireless network, the benefit of an operator cannot be guaranteed, and meanwhile, the safety of the user can be threatened. At the beginning of the development of mobile communication networks, this problem has been considered and solved: and identifying illegal users by adopting a user authentication mode. The user authentication is to authenticate the user trying to access the network and to check whether the user has the right to access the network.
In the prior art, when a mobile terminal performs multi-system server interaction through HTML5, authentication needs to be performed through a designated authentication center, after the authentication is completed, the authentication center notifies an authentication result to a target system accessed by the mobile terminal, and after receiving the authentication result, the target system determines whether to respond to a request of the mobile terminal.
The inventor of the invention finds in research that the authentication efficiency of the HTML5 authentication mode in the prior art is limited by the efficiency of the authentication center due to centralized authentication, and once the authentication center is abnormal or attacked, the authentication cannot be performed, thereby affecting the information interaction to be performed normally. Higher danger hidden danger exists in the authentication mode of the transitional dependence authentication center, and the authentication verification efficiency is also restricted.
Disclosure of Invention
The embodiment of the invention provides an information encryption method and device capable of performing autonomous authentication, computer equipment and a storage medium.
In order to solve the above technical problem, the embodiment of the present invention adopts a technical solution that: provided is an information encryption method including:
sending request information for requesting information interaction to a target service end so that a plurality of target service ends send the same target secret key to a sending end and a receiving end which participate in information interaction according to the request information;
the sending end receives a target secret key sent by the target service end, and encrypts data information to be sent according to the target secret key to generate an encrypted file;
and the receiving end receives a target secret key sent by the target service end, and performs reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information.
Optionally, the sending request information for requesting information interaction to the target service end, so that the sending of the same target key to the sending end and the receiving end participating in information interaction by the majority of target service ends according to the request information includes:
acquiring request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end;
randomly extracting a key message in a preset key message queue according to the request information to serve as a target key message, wherein the target key message comprises the target key;
and sending the target key message to the sending end and the receiving end according to the communication address so that the sending end and the receiving end obtain the target key.
Optionally, the data information includes: the sending end receives a target secret key sent by the target service end, and encrypts data information to be sent according to the target secret key to generate an encrypted file, wherein the encrypted file comprises:
the sending end obtains the target secret key sent and sent by the target service end;
and encrypting the interactive data, the first timestamp and the first associated field according to the target key to generate the encrypted file.
Optionally, the receiving end receives a target key sent by the target service end, and performs a reverse operation on the encrypted file sent by the sending end according to the target key to obtain the data information includes:
the receiving end acquires the target secret key sent and sent by the target service end;
decrypting the encrypted file sent by the sending end according to the target secret key, and if the target secret key completes decryption of the encrypted file, confirming that the encrypted file is correct and acquiring the data information; otherwise, confirming that the encrypted file is illegal and discarding the encrypted file.
Optionally, the encrypted file sent by the sending end is decrypted according to the target secret key, and if the target secret key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and the data information is acquired; otherwise, after confirming that the encrypted file is illegal and discarding the encrypted file, the method further includes:
the receiving end acquires a second time stamp when the encrypted file is decrypted;
calculating a time difference between the first timestamp and the second timestamp;
comparing the time difference value with a preset time threshold value, and if the time difference value is less than or equal to the time threshold value, determining that the data information passes the verification; otherwise, the data information is discarded.
Optionally, the time difference value is compared with a preset time threshold, and if the time difference value is less than or equal to the time threshold, it is determined that the data information passes verification; otherwise, after discarding the data information, the method further includes:
the receiving end acquires plaintext information sent by the sending end, wherein the plaintext information comprises a second associated field;
comparing the first associated field with the second associated field;
and when the first associated field is consistent with the second associated field, confirming that the data information is verified.
Optionally, the encrypted file sent by the sending end is decrypted according to the target secret key, and if the target secret key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and the data information is acquired; otherwise, after confirming that the encrypted file is illegal and discarding the encrypted file, the method further includes:
when the encrypted file is an illegal file, acquiring the IP address of the sending end;
and adding the IP address into a preset blacklist to refuse to access the request information carrying the IP address again.
In order to solve the above technical problem, an embodiment of the present invention further provides an information encryption apparatus, including:
the sending module is used for sending request information of request information interaction to the target service end so that most target service ends send the same target secret key to the sending end and the receiving end which participate in information interaction according to the request information;
the encryption module is used for the sending end to receive the target secret key sent by the target service end and encrypt the data information to be sent according to the target secret key to generate an encrypted file;
and the decryption module is used for the receiving end to receive the target secret key sent by the target service end and to perform reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information.
Optionally, the information encryption apparatus further includes:
the first obtaining submodule is used for obtaining request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end;
the first processing sub-module is used for randomly extracting a secret key message from a preset secret key message queue according to the request information to serve as a target secret key message, wherein the target secret key message comprises the target secret key;
and the first execution submodule is used for sending the target key message to the sending end and the receiving end according to the communication address so that the sending end and the receiving end can obtain the target key.
Optionally, the data information includes: the interactive data, the first timestamp and the first associated field, the information encryption apparatus further comprising:
a second obtaining submodule, configured to obtain, by the sending end, the target key sent and sent by the target service end;
and the first encryption submodule is used for encrypting the interactive data, the first timestamp and the first associated field according to the target secret key to generate the encrypted file.
Optionally, the information encryption apparatus further includes:
a third obtaining sub-module, configured to obtain, by the receiving end, the target key sent by the target service end;
the first decryption submodule is used for decrypting the encrypted file sent by the sending end according to the target secret key, and if the target secret key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and the data information is obtained; otherwise, confirming that the encrypted file is illegal and discarding the encrypted file.
Optionally, the information encryption apparatus further includes:
the fourth obtaining submodule is used for the receiving end to obtain a second timestamp when the encrypted file is decrypted;
a first calculation sub-module, configured to calculate a time difference between the first timestamp and the second timestamp;
the second execution submodule is used for comparing the time difference value with a preset time threshold value, and if the time difference value is smaller than or equal to the time threshold value, the data information is confirmed to pass the verification; otherwise, the data information is discarded.
Optionally, the information encryption apparatus further includes:
a fifth obtaining sub-module, configured to obtain, by the receiving end, plaintext information sent by the sending end, where the plaintext information includes a second associated field;
the first comparison submodule is used for comparing the first associated field with the second associated field;
and the second verification sub-module is used for confirming that the data information passes verification when the first associated field is consistent with the second associated field.
Optionally, the information encryption apparatus further includes:
a sixth obtaining sub-module, configured to obtain the IP address of the sending end when the encrypted file is an illegal file;
and the third execution submodule is used for adding the IP address into a preset blacklist so as to refuse to access the request information carrying the IP address again.
In order to solve the above technical problem, an embodiment of the present invention further provides a computer device, including a memory and a processor, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, cause the processor to execute the steps of the information encryption method.
To solve the above technical problem, an embodiment of the present invention further provides a storage medium storing computer-readable instructions, which, when executed by one or more processors, cause the one or more processors to perform the steps of the information encryption method.
The embodiment of the invention has the beneficial effects that: when a sending end and a receiving end which carry out data interaction request data interaction, request information is sent to a business server end, after the business server end receives the request information, a secret key is sent to the sending end and the receiving end which carry out information interaction at the same time, namely the secret key used for encrypting the data by the sending end is completely consistent with the secret key used for decrypting the data by the receiving end, therefore, the decryption process of the receiving end is a verification process for whether the data information is legal, and the data information which cannot be decrypted by the secret key is data which cannot be verified. By the method of issuing the same secret key in real time, the data verification process is integrated in the data decryption process, an independent verification center is not required to be arranged, distributed verification of data is achieved, verification efficiency is improved, verification cost is reduced, and safety of data verification is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a basic flow chart of an information encryption method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating a process of issuing a key through message middleware according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating a process of encrypting data information according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of authentication and verification of an encrypted file by decryption according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating an embodiment of the present invention for verifying the validity of a document by time stamping;
FIG. 6 is a flowchart illustrating authentication of validity of an encrypted file by an association field according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating the generation of a blacklist by an authentication result according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a basic structure of an information encryption apparatus according to an embodiment of the present invention;
FIG. 9 is a block diagram of a basic structure of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention.
In some flows described in the present specification and claims and above figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, with the order of the operations being given as 101, 102, etc. merely to distinguish between various operations, and the order of the operations itself does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by those skilled in the art, "terminal" as used herein includes both devices that are wireless signal receivers, devices that have only wireless signal receivers without transmit capability, and devices that include receive and transmit hardware, devices that have receive and transmit hardware capable of performing two-way communication over a two-way communication link. Such a device may include: a cellular or other communication device having a single line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (Personal Digital Assistant), which may include a radio frequency receiver, a pager, internet/intranet access, a web browser, a notepad, a calendar and/or a GPS (Global Positioning System) receiver; a conventional laptop and/or palmtop computer or other device having and/or including a radio frequency receiver. As used herein, a "terminal" or "terminal device" may be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. As used herein, a "terminal Device" may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, or a smart tv, a set-top box, etc.
Specifically, referring to fig. 1, fig. 1 is a basic flow chart of the information encryption method according to the present embodiment.
As shown in fig. 1, an information encryption method includes:
s1100, sending request information for requesting information interaction to a target service end so that a plurality of target service ends send the same target secret key to a sending end and a receiving end which participate in information interaction according to the request information;
in this embodiment, when determining to perform information interaction, the sending end of the information interaction sends request information to the target service end. The request information comprises IP addresses of the sending end and the receiving end, and the target service end sends a target secret key to the sending end and the receiving end according to the IP addresses.
The target service end is a message server, and the target secret key is sent in a message middleware mode. Message middleware is suitable for distributed environments where reliable data transfer is required. In the system adopting the message middleware mechanism, different objects activate the event of the other side by transmitting messages, and the corresponding operation is completed. The message server stores a plurality of secret key messages in a plurality of queues, and forwards the messages to the sending end and the receiving end when the request messages are obtained.
And simultaneously issuing the target key subjected to interactive verification to a sending end and a receiving end through the message middleware, wherein the issuing of the target key needs to be performed through continuous threads so as to ensure the issuing time of the key. After the secret key is issued, the sending end and the receiving end both obtain the same secret key.
In this embodiment, the sending end is a terminal or a server end that first sends data when performing interaction. However, the role of the sender is not constant, and in some embodiments, when the receiver returns data to the sender after receiving the data sent by the sender, the role of the sender becomes a data receiver.
In this embodiment, the sender can be all data senders participating in multi-system data interaction, and therefore, the sender's data is not limited to 1, and can be (without being limited to): 2, 3, 4 or more.
In this embodiment, the receiving end is a terminal or a server end that receives data information for the first time when performing data interaction. However, the role of the receiving end is not constant, and in some embodiments, when the receiving end receives the data transmitted by the transmitting end and performs data reply, the role of the receiving end is changed to the sender of the data.
In this embodiment, the receiving end can be all data receiving ends participating in multi-system data interaction, and therefore, the data of the receiving end is not limited to 1, and can be (without being limited to): 2, 3, 4 or more.
S1200, the sending end receives a target secret key sent by the target service end, and encrypts data information to be sent according to the target secret key to generate an encrypted file;
after receiving a target key sent by a target service end, a sending end encrypts data information to be transmitted according to the key to generate an encrypted file.
In this embodiment, the data information to be encrypted is interactive data that the sending end needs to perform data interaction. But the encrypted data information is not limited thereto, and in some embodiments, the data information further includes: a timestamp when the data information is encrypted, or an associated field (for example, a mobile phone number, a platform account number, or other agreed identity information characterizing the identity of the sending terminal) capable of identifying the identity of the sending terminal.
And after encrypting the data information, the sending end sends the generated encrypted file to the receiving end.
S1300, the receiving end receives the target secret key sent by the target service end, and performs reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information.
And the receiving end acquires the encrypted file sent by the sending end after receiving the target key sent by the target service end. And carrying out reverse operation on the encrypted file according to the received target secret key to decrypt the encrypted file, and obtaining the data information sent by the sending end after decryption. Thereby, decryption and verification of the sender data is completed. It should be noted that, since the sending end and the receiving end have the same key, the receiving end of the encrypted file sent by the sending end can decrypt the encrypted file without fail. However, if the sending end does not receive the target key or the receiving end cannot decrypt the data because the data is intercepted and dropped in the transmission process, the encrypted file is tampered and cannot pass the verification, and the encrypted file is determined to be an illegal file and should be discarded. The result of the decoding is thus in fact a process of verifying the authentication.
In the above embodiment, when a sending end and a receiving end performing data interaction request data interaction, request information is sent to a service server end, and after receiving the request information, the service server end sends a key to the sending end and the receiving end of the information interaction at the same time, that is, the key used by the sending end to encrypt the data is completely consistent with the key used by the receiving end to decrypt the data, so that the process of decrypting by the receiving end is a verification process of whether the data information is legal, and the data information that cannot be decrypted by the key is data that cannot be decrypted. By the method of issuing the same secret key in real time, the data verification process is integrated in the data decryption process, an independent verification center is not required to be arranged, distributed verification of data is achieved, verification efficiency is improved, verification cost is reduced, and safety of data verification is improved.
In some embodiments, the target service end sends the target key through the message middleware, so as to realize the timeliness of sending the key. Referring to fig. 2, fig. 2 is a schematic flow chart illustrating key issuing through message middleware according to the present embodiment.
As shown in fig. 2, S1100 includes:
s1111, acquiring request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end;
in this embodiment, when determining to perform information interaction, the sending end of the information interaction sends request information to the target service end. The request information includes IP addresses of the sending end and the receiving end, and the target service end sends a target secret key to the sending end and the receiving end according to the IP addresses.
S1112, randomly extracting a key message in a preset key message queue according to the request information to serve as a target key message, where the target key message includes the target key;
the target service end is a message server, and the target secret key is sent in a message middleware mode. The message server stores a plurality of secret key messages in a plurality of queues, and when request information is obtained, one secret key message is extracted in a random extraction mode to serve as a target secret key message, wherein the target secret key message comprises a target secret key.
It should be noted that, in some embodiments, in order to prevent the key from being decrypted and stolen, the target service end receives the request information sent by the sending end every time the information exchange between the sending end and the receiving end is performed, and therefore, the target service end sends the randomly selected target key information to the sending end and the receiving end every time the data interaction is performed.
And S1113, sending the target key message to the sending end and the receiving end according to the communication address, so that the sending end and the receiving end obtain the target key.
After the target key message is randomly selected and sent, the target service end sends the target key message to the sending end and the receiving end, so that the sending end and the receiving end can obtain the target key according to the target key message to carry out data encryption transmission and authentication verification.
In the embodiment, the message middleware can timely send the target secret key to the sending end and the receiving end, so that the random message is extracted, and the security of the secret key can be ensured.
In some embodiments, the data that needs to be encrypted by the sending end includes: interaction data, a first timestamp, and a first association field. The interactive data is used for a data request, the first timestamp is time information of the start of encryption extracted when a sending end encrypts data information, and the first associated field is a field formed by identity information representing the identity of the sending end, and includes (without being limited to): a mobile phone number, a platform account number or other agreed identity information representing the identity of the sending terminal. Referring to fig. 3, fig. 3 is a schematic flow chart illustrating a process of encrypting data information according to the present embodiment.
As shown in fig. 3, S1200 further includes:
s1211, the sending end obtains the target secret key sent and sent by the target service end;
and after receiving the target key message sent by the target service end, the sending end extracts the target key in the target key message.
S1212, encrypting the interactive data, the first timestamp and the first associated field according to the target key to generate the encrypted file.
The data that needs to be encrypted by the sending end includes: interaction data, a first timestamp, and a first association field. The interactive data is used for a data request, the first timestamp is time information of the start of encryption extracted when a sending end encrypts data information, and the first associated field is a field formed by identity information representing the identity of the sending end, and includes (without being limited to): a mobile phone number, a platform account number or other agreed identity information representing the identity of the sending terminal.
In some embodiments, the first timestamp and the first association field are used for further authentication verification.
And the sending end encrypts the interactive data, the first timestamp and the first associated field in sequence through the target secret key and packages the interactive data, the first timestamp and the first associated field into an encrypted file.
In some embodiments, the receiving end decrypts the encrypted file sent by the sending end by using the target key, and simultaneously authenticates the validity of the encrypted file. Referring to fig. 4, fig. 4 is a schematic diagram illustrating a process of performing authentication verification on an encrypted file by decryption according to the embodiment.
As shown in fig. 4, S1300 includes:
s1311, the receiving end obtains the target key sent by the target service end;
and after receiving the target key message sent by the target service end, the receiving end extracts the target key in the target key message.
S1312, decrypting the encrypted file sent by the sending end according to the target secret key, and if the target secret key completes decryption of the encrypted file, confirming that the encrypted file is correct and acquiring the data information; otherwise, confirming that the encrypted file is illegal and discarding the encrypted file.
And after receiving the target secret key, the receiving end receives the encrypted file sent by the sending end and decrypts the encrypted file. Specifically, the encrypted file is decrypted by performing reverse operation according to the received target key, and the data information sent by the sending end is obtained after decryption. Thereby, decryption and verification of the sender data is completed. Since the sending end and the receiving end have the same secret key, the receiving end of the encrypted file sent by the sending end can decrypt the encrypted file without fail. However, if the sending end does not receive the target key or the receiving end cannot decrypt the data due to packet interception and packet dropping in the transmission process, the encrypted file is tampered and cannot pass verification, and the encrypted file is determined to be an illegal file and should be discarded. The result of the decoding is thus in fact a procedure to verify the authentication. By unifying decryption and authentication verification, the efficiency of verification and authentication is improved, and the time of authentication is shortened.
In some embodiments, in order to avoid the encrypted file from being trapped and tampered during transmission, when the sending end generates the encrypted file, the time for starting encryption is sent to the receiving end as a first time stamp as part of the encrypted file. And after receiving the encrypted file, the receiving end acquires time information during receiving as a second time stamp, and judges whether the encrypted file is legal or not by calculating a time difference value between the first time stamp and the second time stamp. Referring to fig. 5, fig. 5 is a schematic flow chart illustrating a process of verifying the validity of a file by a timestamp according to the embodiment.
As shown in fig. 5, after S1312, the method further includes:
s1321, the receiving end obtains a second time stamp when the encrypted file is decrypted;
the receiving end acquires the time information locally even in the case where the time information is acquired after receiving the encrypted file, the time information being defined as a second time stamp.
S1322, calculating a time difference between the first timestamp and the second timestamp;
and calculating the time difference between the first time stamp and the second time stamp, wherein the encrypted data needs transmission time during network transmission, and the same time is also needed if a lawless person wants to intercept and modify the content of the encrypted file during transmission. Therefore, by calculating the time difference between the first time stamp and the second time stamp, it is possible to serve as a way of verifying whether the encrypted data is legitimate.
S1323, comparing the time difference value with a preset time threshold, and if the time difference value is smaller than or equal to the time threshold, determining that the data information passes the verification; otherwise, the data information is discarded.
Comparing the calculated time difference with a set time threshold, wherein the time threshold is a value set for judging whether the time difference reaches the standard, and the judgment standard is as follows: if the time difference is larger than the time threshold, the encrypted data is determined to be illegal and should be discarded; if the time difference is less than or equal to the time threshold, the encrypted data is judged to pass the verification legally. The time threshold can be set according to different application scenarios, and in some embodiments, the time threshold can be dynamic, and there is a direct relationship between the time threshold and the size of the encrypted file, and the time threshold is larger for the larger encrypted file, and is smaller for the smaller encrypted file.
The verification of the time threshold can effectively reduce the risk of tampering the encrypted file, improve the transmission safety of the encrypted file and simultaneously improve the safety level of verification authentication.
In some embodiments, in order to avoid the encrypted file content from being tampered, a clear text verification mode needs to be set for authentication. In the process of generating the encrypted file, writing the associated field into the encrypted file to form a member of the encrypted file, then, transmitting the plaintext information while transmitting the encrypted file, wherein the plaintext information records the same associated field as that in the encrypted information, and the legitimacy of the encrypted file is confirmed by comparing whether the associated fields are the same. Referring to fig. 6, fig. 6 is a schematic flowchart illustrating a process of authenticating the validity of an encrypted file through an association field according to the embodiment.
As shown in fig. 6, S1323 is followed by:
s1331, the receiving end obtains plaintext information sent by the sending end, wherein the plaintext information comprises a second associated field;
the sending end sends the encrypted information and simultaneously wants the receiving end to send the plaintext information, wherein the plaintext information is information which is not encrypted and can be directly read and identified. The plaintext information includes an associated field intended for expression in the encrypted information, and the associated field is defined as a second associated field.
In some embodiments, in order to enhance the security of data transmission, the plaintext information and the encrypted file are transmitted separately, that is, the encrypted file and the plaintext information are not transmitted in the same time domain, but are transmitted separately.
S1332, comparing the first associated field with the second associated field;
after receiving the plaintext information and the encrypted file, the receiving end decrypts the encrypted file to restore the data information, extracts a first associated field from the data information, compares the first associated field with a second associated field, and compares the first associated field with the second associated field through a Hamming distance or a Hamming distance.
S1333, confirming that the data information is verified when the first associated field is consistent with the second associated field.
And if the first associated field is inconsistent with the second associated field, the data information is changed into illegal data and should be discarded.
The verification of the associated field can effectively reduce the risk of tampering the encrypted file, improve the transmission safety of the encrypted file and simultaneously improve the safety level of verification authentication.
In some embodiments, processing pressure caused by continuous access of illegal files during data interaction of a malicious terminal is further avoided. After judging that the encrypted file sent by the sending end is illegal, the receiving end adds the IP address of the sending end into a blacklist, so that when the sending end sends data again, the sending end directly judges that the data is illegal or directly refuses the access of the terminal, and the operating pressure caused by decoding the file by the receiving end is reduced. Referring to fig. 7, fig. 7 is a schematic flowchart illustrating a process of generating a blacklist according to an authentication result in the present embodiment.
As shown in fig. 7, S1312 then includes:
s1341, when the encrypted file is an illegal file, acquiring the IP address of the sending end;
and when the encrypted file is judged to be an illegal file according to the authentication result, acquiring the IP address for sending the encrypted file. Since the transmitting side must attach its own IP address to the receiving side when receiving data, the receiving side can directly acquire the IP address of the transmitting side.
S1342, adding the IP address to a preset blacklist to refuse to access the request information carrying the IP address again.
And adding the acquired IP address into a pre-constructed blacklist, wherein the blacklist is used for intercepting data information which does not have data interaction authority but is sent to a terminal for sending data to a receiving terminal. The terminal sending the illegal encrypted file is recorded in the blacklist, which is beneficial to releasing the operation pressure of the receiving terminal and improving the processing speed of normal service.
In some embodiments, in order to satisfy the cautious obligation, the illegal files sent by the same terminal are counted, and when the counted number reaches a certain order of magnitude, the terminal is added to the blacklist.
In some embodiments, terminals that are identified as illegal files after S1323 and S1333 may also be recorded in the blacklist.
In order to solve the above technical problem, an embodiment of the present invention further provides an information encryption apparatus.
Specifically, referring to fig. 8, fig. 8 is a schematic diagram of a basic structure of the information encryption device according to the present embodiment.
As shown in fig. 8, an information encrypting apparatus includes: a transmission module 2100, an encryption module 2200, and a decryption module 2300. The sending module 2100 is configured to send request information for requesting information interaction to a target service end, so that a majority of target service ends send the same target key to a sending end and a receiving end participating in information interaction according to the request information; the encryption module 2200 is configured to receive, by the sending end, a target key sent by the target service end, and encrypt, according to the target key, data information to be sent to generate an encrypted file; the decryption module 2300 is configured to receive a target key sent by a target service end, and perform reverse operation on an encrypted file sent by a sending end according to the target key to obtain data information.
The information encryption device sends request information to the service server when a sending end and a receiving end which carry out data interaction request data interaction, and after receiving the request information, the service server simultaneously sends a secret key to the sending end and the receiving end which carry out information interaction, namely the secret key used for encrypting the data by the sending end is completely consistent with the secret key used for decrypting the data by the receiving end, so that the process of decrypting by the receiving end is the process of verifying whether the data information is legal, and the data information which can not be decrypted by the secret key is the data which can not be verified. By the method of issuing the same secret key in real time, the data verification process is integrated in the data decryption process, an independent verification center is not required to be arranged, distributed verification of data is achieved, verification efficiency is improved, verification cost is reduced, and safety of data verification is improved.
In some embodiments, the information encrypting apparatus further comprises: the device comprises a first acquisition submodule, a first processing submodule and a first execution submodule. The first obtaining submodule is used for obtaining request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end; the first processing sub-module is used for randomly extracting a secret key message from a preset secret key message queue according to the request information to serve as a target secret key message, wherein the target secret key message comprises a target secret key; the first execution submodule is used for sending the target key message to the sending end and the receiving end according to the communication address, so that the sending end and the receiving end obtain the target key.
In some embodiments, the data information comprises: the interactive data, the first timestamp and the first associated field, the information encryption apparatus further includes: the second acquisition submodule and the first encryption submodule. The second obtaining submodule is used for the sending end to obtain a target secret key sent and sent by the target service end; the first encryption submodule is used for encrypting the interactive data, the first timestamp and the first associated field according to the target secret key to generate an encrypted file.
In some embodiments, the information encryption apparatus further includes: a third obtaining submodule and a first decrypting submodule. The third obtaining submodule is used for the receiving end to obtain a target key sent and sent by the target service end; the first decryption submodule is used for decrypting the encrypted file sent by the sending end according to the target secret key, and if the target secret key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and data information is obtained; otherwise, the encrypted file is confirmed to be illegal and the encrypted file is discarded.
In some embodiments, the information encryption apparatus further includes: the device comprises a fourth obtaining submodule, a first calculating submodule and a second executing submodule. The fourth obtaining submodule is used for the receiving end to obtain a second time stamp when the encrypted file is decrypted; the first calculation submodule is used for calculating a time difference value between the first time stamp and the second time stamp; the second execution submodule is used for comparing the time difference value with a preset time threshold value, and if the time difference value is smaller than or equal to the time threshold value, the data information is confirmed to pass the verification; otherwise, the data information is discarded.
In some embodiments, the information encryption apparatus further includes: the device comprises a fifth obtaining submodule, a first comparison submodule and a second verification submodule. The fifth obtaining submodule is used for the receiving end to obtain the plaintext information sent by the sending end, wherein the plaintext information comprises a second associated field; the first comparison submodule is used for comparing the first associated field with the second associated field; and the second verification submodule is used for confirming that the data information passes the verification when the first associated field is consistent with the second associated field.
In some embodiments, the information encrypting apparatus further comprises: a sixth obtaining submodule and a third executing submodule. The sixth obtaining submodule is used for obtaining the IP address of the sending end when the encrypted file is an illegal file; and the third execution submodule is used for adding the IP address into a preset blacklist so as to refuse the access of the request information carrying the IP address again.
In order to solve the above technical problem, an embodiment of the present invention further provides a computer device. Referring to fig. 9 in particular, fig. 9 is a block diagram of a basic structure of a computer device according to the embodiment.
As shown in fig. 9, the internal structure of the computer device is schematically illustrated. The computer device includes a processor, a non-volatile storage medium, a memory, and a network interface connected by a system bus. The non-volatile storage medium of the computer device stores an operating system, a database and computer readable instructions, the database can store control information sequences, and the computer readable instructions can enable the processor to realize an information encryption method when being executed by the processor. The processor of the computer device is used for providing calculation and control capability and supporting the operation of the whole computer device. The memory of the computer device may have stored therein computer readable instructions that, when executed by the processor, may cause the processor to perform a method of encrypting information. The network interface of the computer device is used for connecting and communicating with the terminal. Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In this embodiment, the processor is configured to execute specific functions of the sending module 2100, the encrypting module 2200 and the decrypting module 2300 in fig. 8, and the memory stores program codes and various data required for executing the above modules. The network interface is used for data transmission to and from a user terminal or a server. The memory in this embodiment stores program codes and data required for executing all the sub-modules in the face image key point detection device, and the server can call the program codes and data of the server to execute the functions of all the sub-modules.
When a sending end and a receiving end which carry out data interaction request data interaction, the computer equipment sends request information to a service server end, and after receiving the request information, the service server end sends a key to the sending end and the receiving end which carry out information interaction simultaneously, namely the key used for encrypting data by the sending end is completely consistent with the key used for decrypting the data by the receiving end, so that the process of decrypting by the receiving end is a verification process for determining whether the data information is legal, and the data information which cannot be decrypted by the key is data which cannot be verified. By the method of issuing the same secret key in real time, the data verification process is integrated in the data decryption process, an independent verification center is not required to be arranged, distributed verification of data is achieved, verification efficiency is improved, verification cost is reduced, and safety of data verification is improved.
The present invention also provides a storage medium storing computer-readable instructions, which when executed by one or more processors, cause the one or more processors to perform the steps of any of the above-described embodiments of the information encryption method.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

Claims (9)

1. An information encryption method, comprising:
sending request information of request information interaction to a target service end so that a plurality of target service ends send the same target secret key to a sending end and a receiving end which participate in information interaction according to the request information, wherein the method comprises the following steps: acquiring request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end; randomly extracting a key message in a preset key message queue according to the request message to serve as a target key message, wherein the target key message comprises the target key, and the target service end sends the randomly selected target key message to the sending end and the receiving end every time data interaction is carried out; sending the target secret key message to the sending end and the receiving end according to the communication address so that the sending end and the receiving end can obtain the target secret key;
the sending end receives a target secret key sent by the target service end, and encrypts data information to be sent according to the target secret key to generate an encrypted file;
the receiving end receives a target secret key sent by the target service end, and performs reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information;
wherein the target key is sent in a message middleware manner.
2. The information encryption method according to claim 1, wherein the data information includes: the method comprises the following steps that interactive data, a first timestamp and a first associated field are received by the sending end, the target secret key sent by the target service end is received by the sending end, and data information to be sent is encrypted according to the target secret key to generate an encrypted file, wherein the encrypted file comprises the following steps:
the sending end obtains the target secret key sent by the target service end;
and encrypting the interactive data, the first timestamp and the first associated field according to the target key to generate the encrypted file.
3. The information encryption method according to claim 2, wherein the receiving end receives a target key sent by the target service end, and performs a reverse operation on the encrypted file sent by the sending end according to the target key to obtain the data information comprises:
the receiving end obtains the target key sent by the target service end;
decrypting the encrypted file sent by the sending end according to the target secret key, and if the target secret key completes decryption of the encrypted file, confirming that the encrypted file is correct and acquiring the data information; otherwise, confirming that the encrypted file is illegal and discarding the encrypted file.
4. The information encryption method according to claim 3, wherein the encrypted file sent by the sending end is decrypted according to the target key, and if the target key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and the data information is acquired; otherwise, after confirming that the encrypted file is illegal and discarding the encrypted file, the method further includes:
the receiving end acquires a second timestamp when the encrypted file is decrypted;
calculating a time difference between the first timestamp and the second timestamp;
comparing the time difference with a preset time threshold, and if the time difference is smaller than or equal to the time threshold, confirming that the data information passes verification; otherwise, the data information is discarded.
5. The information encryption method according to claim 4, wherein the time difference is compared with a preset time threshold, and if the time difference is smaller than or equal to the time threshold, the data information is confirmed to be verified; otherwise, after discarding the data information, the method further includes:
the receiving end acquires plaintext information sent by the sending end, wherein the plaintext information comprises a second associated field;
comparing the first associated field with the second associated field;
and when the first associated field is consistent with the second associated field, confirming that the data information is verified.
6. The information encryption method according to claim 3, wherein the encrypted file sent by the sending end is decrypted according to the target key, and if the target key completes decryption of the encrypted file, the encrypted file is confirmed to be correct and the data information is acquired; otherwise, after confirming that the encrypted file is illegal and discarding the encrypted file, the method further includes:
when the encrypted file is an illegal file, acquiring the IP address of the sending end;
and adding the IP address into a preset blacklist to refuse to access the request information carrying the IP address again.
7. An information encryption apparatus, comprising:
a sending module, configured to send request information for requesting information interaction to a target service end, so that a plurality of target service ends send the same target key to a sending end and a receiving end participating in information interaction according to the request information, where the sending module includes: acquiring request information sent by a sending end, wherein the request information comprises communication addresses of the sending end and a receiving end; randomly extracting a key message in a preset key message queue according to the request message to serve as a target key message, wherein the target key message comprises the target key, and the target service end sends the randomly selected target key message to the sending end and the receiving end every time data interaction is carried out by the target service end; sending the target secret key message to the sending end and the receiving end according to the communication address so that the sending end and the receiving end can obtain the target secret key;
the encryption module is used for the sending end to receive the target secret key sent by the target service end and encrypt the data information to be sent according to the target secret key to generate an encrypted file;
the decryption module is used for the receiving end to receive the target secret key sent by the target service end and to perform reverse operation on the encrypted file sent by the sending end according to the target secret key to obtain the data information;
wherein the target key is sent in a message middleware manner.
8. A computer device comprising a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to carry out the steps of the information encryption method of any one of claims 1 to 6.
9. A storage medium having stored thereon computer-readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the information encryption method of any one of claims 1 to 6.
CN201811526501.8A 2018-12-13 2018-12-13 Information encryption method and device, computer equipment and storage medium Active CN110011958B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811526501.8A CN110011958B (en) 2018-12-13 2018-12-13 Information encryption method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811526501.8A CN110011958B (en) 2018-12-13 2018-12-13 Information encryption method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110011958A CN110011958A (en) 2019-07-12
CN110011958B true CN110011958B (en) 2023-04-07

Family

ID=67165130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811526501.8A Active CN110011958B (en) 2018-12-13 2018-12-13 Information encryption method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110011958B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830930B (en) * 2019-11-19 2021-09-24 东北石油大学 Verification code anti-sniffing processing method and device
CN111585983A (en) * 2020-04-24 2020-08-25 苏州细无声信息科技服务有限公司 Intellectual property consulting information management method, device, computer and storage medium
CN111553447B (en) * 2020-04-26 2023-05-02 重庆蓝数软件有限公司 Communication data conversion method and device and data processing terminal
CN112688909B (en) * 2020-09-29 2021-09-21 北京海泰方圆科技股份有限公司 Data transmission system, method, device, medium and equipment
CN112491907A (en) * 2020-12-01 2021-03-12 珠海格力电器股份有限公司 Data transmission method, device, system, storage medium and electronic equipment
CN112463410B (en) * 2020-12-08 2024-05-28 中国人寿保险股份有限公司 Distributed message architecture management method, platform and electronic equipment
CN112669104B (en) * 2020-12-08 2023-07-28 上海钧正网络科技有限公司 Data processing method of leasing equipment
CN113837735B (en) * 2021-08-20 2023-11-07 中国人民银行数字货币研究所 Transaction method and device for digital currency chip card
CN114338113B (en) * 2021-12-09 2023-08-01 安天科技集团股份有限公司 Data encryption and decryption methods and devices, electronic equipment and storage medium
CN116743461B (en) * 2023-06-15 2023-12-22 上海银满仓数字科技有限公司 Commodity data encryption method and device based on time stamp

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1432180A (en) * 2000-04-07 2003-07-23 通用器材公司 Method and appts. for secure transmission of data
CN107306261A (en) * 2016-04-22 2017-10-31 中兴通讯股份有限公司 A kind of encryption communication method and device, system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1432180A (en) * 2000-04-07 2003-07-23 通用器材公司 Method and appts. for secure transmission of data
CN107306261A (en) * 2016-04-22 2017-10-31 中兴通讯股份有限公司 A kind of encryption communication method and device, system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device

Also Published As

Publication number Publication date
CN110011958A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN110011958B (en) Information encryption method and device, computer equipment and storage medium
CN109243045B (en) Voting method, voting device, computer equipment and computer readable storage medium
CN114726643B (en) Data storage and access methods and devices on cloud platform
CN109218825B (en) Video encryption system
CN109829269A (en) Method, apparatus and system based on E-seal authenticating electronic documents
EP2278513A1 (en) Method for preventing the use of a cloned user unit communicating with a server
CN111835774B (en) Data processing method, device, equipment and storage medium
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN105812366A (en) Server, anti-crawler system and anti-crawler verification method
CN113472793A (en) Personal data protection system based on hardware password equipment
Karimi et al. Enhancing security and confidentiality in location-based data encryption algorithms
CN115473655A (en) Terminal authentication method, device and storage medium for access network
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
US20240106633A1 (en) Account opening methods, systems, and apparatuses
CN113726743A (en) Method, device, equipment and medium for detecting network replay attack
CN109492359B (en) Secure network middleware for identity authentication and implementation method and device thereof
CN109450643B (en) Signature verification method realized on Android platform based on native service
CN109120621B (en) Data processor
CN110996132A (en) Video image splitting, encrypting and transmitting method, device and system
CN114726606B (en) User authentication method, client, gateway and authentication server
CN113672955B (en) Data processing method, system and device
US9652621B2 (en) Electronic transmission security process
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN113938878A (en) Equipment identifier anti-counterfeiting method and device and electronic equipment
CN109214425B (en) Picture verification method, picture processing method, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant