CN110149312B - Data processing method, device, system and computer readable storage medium - Google Patents
Data processing method, device, system and computer readable storage medium Download PDFInfo
- Publication number
- CN110149312B CN110149312B CN201910282103.4A CN201910282103A CN110149312B CN 110149312 B CN110149312 B CN 110149312B CN 201910282103 A CN201910282103 A CN 201910282103A CN 110149312 B CN110149312 B CN 110149312B
- Authority
- CN
- China
- Prior art keywords
- client
- algorithm
- data
- preset
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data processing method, a device, a system and a computer readable storage medium, wherein the method comprises the following steps: the client sends a data request to the server, wherein the data request comprises client ID information; the server generates a client white box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information; the server responds to the data request and sends a client white box algorithm to the client; the client receives a client white box algorithm confused with client ID information; and the client processes the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data. The invention avoids plaintext storage of the preset key at the client side, and improves the security of the key stored at the client side.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data processing method, apparatus, system, and computer-readable storage medium.
Background
At present, in order to ensure the safe use of data, data needs to be encrypted and decrypted.
The server may distribute the device key to the mobile terminal to facilitate the mobile terminal to perform an encryption or decryption operation on the data using the device key.
However, due to the particularity of the mobile terminal usage scenario and the open source operating system, the secret key stored in the mobile terminal side in the form of plaintext generally has a potential safety hazard, and in the scenario of the secret key being stored in the plaintext, data security problems such as the secret key being stolen and tampered are easily caused.
Disclosure of Invention
The invention provides a data processing method, a device, a system and a computer readable storage medium, which are used for solving the problem of low data security caused by storing a secret key in a clear text form on a client side in the related art.
In order to solve the above problem, according to a first aspect of the present invention, the present invention discloses a data processing method applied to a system including a server and a client, the method including:
the client sends a data request to the server, wherein the data request comprises client ID information;
the server generates a client white box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
the server responds to the data request and sends the client white-box algorithm to a client;
the client receives a client white-box algorithm confused with the client ID information;
and the client processes the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
According to a second aspect of the present invention, the present invention discloses a data processing method, applied to a server, the method comprising:
receiving a data request, wherein the data request comprises client ID information;
generating a client white-box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
and sending the client white-box algorithm in response to the data request.
According to a third aspect of the present invention, the present invention discloses a data processing method, applied to a client, the method comprising:
sending a data request, wherein the data request comprises client ID information;
receiving a client white-box algorithm confused with the client ID information, wherein the client white-box algorithm is an algorithm generated by utilizing a preset secret key, a preset processing algorithm and a preset obfuscation strategy according to the client ID information;
and processing the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
According to a fourth aspect of the present invention, there is disclosed a data processing system comprising a client and a server;
the client is used for sending a data request to the server, and the data request comprises client ID information;
the server is used for generating a client white box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
the server is used for responding to the data request and sending the client white-box algorithm to a client;
the client is used for receiving a client white-box algorithm confused with the client ID information;
and the client is used for processing data to be processed according to the client ID information and the client white box algorithm to obtain processed data.
According to a fifth aspect of the present invention, the present invention discloses a data processing apparatus applied to a server, the apparatus comprising:
a receiving module, configured to receive a data request, where the data request includes client ID information;
the generating module is used for generating a client white box algorithm confused with the client ID information by utilizing a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
and the response module is used for responding to the data request and sending the client white-box algorithm.
According to a sixth aspect of the present invention, the present invention discloses a data processing apparatus, applied to a client, the apparatus comprising:
a sending module, configured to send a data request, where the data request includes client ID information;
the receiving module is used for receiving a client white box algorithm confused with the client ID information, wherein the client white box algorithm is an algorithm generated by utilizing a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
and the processing module is used for processing the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
According to a seventh aspect of the present invention, there is disclosed a server comprising: memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method as applied to a server as described above.
According to an eighth aspect of the present invention, the present invention discloses a client, comprising: a memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method as described above for the application client.
According to a ninth aspect of the present invention, there is disclosed a computer-readable storage medium having stored thereon a data processing program which, when executed by a processor, implements the steps in the data processing method as described above as applied to a client, or the steps of the data processing method as described above as applied to a server.
Compared with the prior art, the invention has the following advantages:
therefore, in the embodiment of the invention, in order to avoid that the data key is stored in the client in a plaintext, the server can confuse the preset key and the preset processing algorithm according to the client ID and the preset obfuscating strategy to generate the client white-box algorithm confusing the client ID, and distribute the client white-box algorithm to the client, so that the plaintext storage of the preset key in the client is avoided, and the security of the key stored at the client side is improved. In addition, because the client white-box algorithm adopts client ID information for confusion instead of client ID ciphertext, the client does not need to request a key corresponding to the client ID ciphertext from the server, so that the request times of the client to the server are reduced, and the data processing efficiency is improved.
Drawings
FIG. 1 is one of a flow chart of the steps of a data processing method embodiment of the present invention;
FIG. 2 is a schematic diagram of a data processing process according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating the steps of an embodiment of a data processing method of the present invention;
FIG. 4 is a flowchart illustrating the steps of an embodiment of a data processing method according to the present invention;
FIG. 5 is a flow chart of the steps of a data processing method embodiment of the present invention;
FIG. 6 is a block diagram of a data processing system embodiment of the present invention;
FIG. 7 is a block diagram of an embodiment of a data processing apparatus of the present invention;
FIG. 8 is a block diagram of another data processing apparatus embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
In order to avoid the problem of low data security caused by storing a key in a clear text form on the client side, the invention provides a data processing method, which can be applied to a system comprising a client and a server, wherein the server can generate a client white-box algorithm by using a preset key, a preset processing algorithm (such as a preset encryption algorithm or a preset decryption algorithm) and a preset obfuscation strategy according to a client ID, so that the client white-box algorithm is subjected to external obfuscation processing of the client ID. The client receives the client white-box algorithm to process the data, and the client side does not store any key clearly, but only stores the client white-box algorithm after the client ID is confused, so that the safety of the preset key corresponding to the client white-box algorithm is ensured. And the client white-box algorithm is confused by the client ID, so that the binding of the client ID and the client white-box algorithm is realized, and only a client with an accurate client ID can use the client white-box algorithm to encrypt or decrypt data. The above-mentioned data processing method is specifically described below.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, and is applied to a system including a server and a client, where the method may specifically include the following steps:
step 101, the client sends a data request to the server, wherein the data request comprises client ID information;
wherein the data request may be a white-box request.
The client may request the server for a key for encrypting or decrypting the data, so as to perform an encryption or decryption processing operation on the data, and in order to avoid a data security problem caused by the explicit existence of the key at the client, the server distributes the key and the processing algorithm (i.e. the preset key and the preset processing algorithm described in step 102) in a white box manner when distributing the key, so that the processing algorithm and the complete key do not appear in a plaintext manner, but are obfuscated in a plurality of tables, and the client may perform the encryption or decryption operation on the data in a table lookup manner. Whereas, to ensure binding of the white-box to the client, i.e., that only the client having the client ID can use the white-box, the data request sent by the client to the server may include client ID information.
102, the server generates a client white-box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
in order to distribute the preset key and the preset processing algorithm to the client and ensure that the preset key is not stored in a plaintext at the client side, the server side needs to generate the client white-box algorithm by using the preset key and the preset processing algorithm; in addition, in order to ensure that the generated client white-box algorithm can be bound with the client ID, when the client white-box algorithm is generated, the client ID and a preset obfuscating policy are also used for performing external obfuscation on a preset key and a preset processing algorithm, so that only the client with the client ID can have the right to use the client white-box algorithm.
When the preset processing algorithm is the preset encryption algorithm, the generated client white box algorithm is used for encrypting data, and the encryption implementation process is to encrypt the data to be processed by adopting the preset encryption algorithm and a preset key; similarly, when the preset processing algorithm is the preset decryption algorithm, the generated client white-box algorithm is used for decrypting the data, and the decryption is implemented by decrypting the data to be processed by using the preset decryption algorithm and the preset key.
In addition, the invention does not limit the algorithm type of the preset processing algorithm, and can be any symmetric algorithm.
Optionally, when step 102 is executed, the server may generate at least one obfuscation algorithm according to the client ID information by using a preset obfuscation policy; and then, the server generates a client white-box algorithm confused with the client ID information according to a preset secret key, a preset processing algorithm and the at least one obfuscation algorithm.
Wherein, the structure of the obfuscation algorithm may be a matrix queue.
The preset obfuscation policy may be to obtain a hash value, and when the server generates at least one obfuscation algorithm by using the preset obfuscation policy according to the client ID, the server may perform a hash operation on the client ID to obtain a hash value of the client ID, and then use the hash value of the client ID as the obfuscation algorithm, for example, the obfuscation matrix C1;
alternatively, the preset obfuscation policy may be to generate a random number using a seed of a random function, and when the server generates at least one obfuscation algorithm using the preset obfuscation policy according to the client ID, the server may generate a random number a using the seed as the seed of the random function with the client ID information, and then use the generated random number a as the obfuscation algorithm, for example, the obfuscation matrix C2.
The server performs external obfuscation on the preset key and the preset processing algorithm by using not only the preset key and the preset processing algorithm but also at least one obfuscation algorithm generated based on the client ID when generating the client white-box algorithm, so that the generated client white-box algorithm can be bound with the client ID.
It should be noted that white-box encryption and white-box decryption belong to symmetric algorithm technologies, and are a special encryption method capable of resisting attacks in a white-box environment. Therefore, the preset processing algorithm is a symmetric algorithm, such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard). Wherein the preset encryption algorithm and the preset decryption algorithm are reciprocal processes.
The core idea of white-box encryption/decryption is confusion, i.e. mixing plaintext into characters that cannot be directly recognized, so to speak, encryption is hidden information, and confusion refers to disturbing information.
In order to further ensure the security of the key stored at the client, the technical scheme provided by the embodiment of the invention adopts a white-box encryption/decryption mode to encapsulate the confusion algorithm, the encryption/decryption algorithm and the preset key. So that the pre-set key can be hidden in the client white-box algorithm.
The client white-box algorithm is generated correspondingly based on a client ID sent by the client, and may include at least one obfuscation algorithm, and a obfuscated preset key and a white-box table corresponding to a preset processing algorithm.
The at least one obfuscation algorithm is generated based on an obfuscation policy, for example, a obfuscation matrix may be generated by a preset specific method according to the client ID. For example, a hash value of the client ID may be used as the confusion matrix; or a random number generated by the client ID is used as a confusion matrix; or expanding the client ID to generate a confusion matrix, so that each client white-box algorithm can only be applied to the corresponding client.
In the embodiment of the present invention, when the preset key, the preset processing algorithm, and the at least one confusion matrix are used to generate the client white-box algorithm, a mode of confusing the preset key and the preset processing algorithm by using the matrix in the conventional technology may be used to generate the client white-box algorithm.
In the client white-box algorithm which is generated by the traditional technology and is not subjected to external confusion, the matrix used is only a matrix generated by a random number without any rule, and in the embodiment of the invention, the matrix used is a confusion matrix generated by confusing the client ID by using a preset confusion strategy, and the confusion matrix is related to the client ID so that a certain rule exists and is a random matrix generated by the random number without any rule, so that the client white-box algorithm generated by the embodiment of the invention can be bound with the client ID.
103, the server responds to the data request and sends the client white-box algorithm to the client;
after the server side generates the client white-box algorithm, the server side can respond to a data request of the client to send the client white-box algorithm subjected to client ID confusion to the client. So that the client can encrypt (including sign) or decrypt the data downloaded from the server.
For the use mode of the client for the client white-box algorithm, if the client white-box algorithm is generated based on a preset encryption algorithm, the client white-box algorithm can be used for encrypting data (including signatures); and if the client side white-box algorithm is generated based on a preset decryption algorithm, the client side white-box algorithm is used for carrying out data decryption on the data ciphertext downloaded from the server.
Of course, in other embodiments, the generated white-box table in the client-side white-box algorithm may also be based on a preset encryption algorithm and a preset decryption algorithm, and two sets of keys respectively corresponding to the two algorithms. The client can be used for various operations of data encryption, data signing and data decryption by using the client white-box algorithm.
104, the client receives a client white-box algorithm confused with the client ID information;
and 105, processing the data to be processed by the client according to the client ID information and the client white box algorithm to obtain the processed data.
Since the client whitebox algorithm is obfuscated by the client ID, and the client has accurate client ID information, the client ID and the client whitebox algorithm can be used to encrypt or decrypt data to be processed.
As described above, what kind of processing is performed on the data to be processed depends on whether the preset algorithm used for generating the client white-box algorithm is the preset encryption algorithm or the preset decryption algorithm. If the encryption algorithm is the preset encryption algorithm, the client side white-box algorithm is a white-box encryption algorithm and can perform encryption processing (including signature processing) on data to be processed, wherein the encryption key can be used for encrypting the data to obtain a data ciphertext; the encryption key can also be used for signing data, specifically, the digest of the data can be encrypted by adopting the encryption key to obtain the signature of the client, and the signature is spliced to the suffix part of the data; if the decryption algorithm is the preset decryption algorithm, the client-side white-box algorithm is a white-box decryption algorithm and can decrypt the data to be processed, wherein the data to be processed can be encrypted data ciphertext downloaded from the server.
Optionally, as described above, the client white-box algorithm comprises at least one obfuscation algorithm.
The number of the confusion algorithms in the client white-box algorithm is one or two, and the number of the confusion algorithms is the same as the number of the inverse confusion algorithms generated by the client. That is, when an obfuscation algorithm is included in the client white-box algorithm, the client needs to generate an inverse obfuscation algorithm on the client when using the client white-box algorithm.
Taking the client white-box algorithm as the white-box encryption algorithm as an example, the obfuscating algorithm may be located after the encryption algorithm (i.e. for obfuscating the encrypted data) or located before the encryption algorithm (i.e. for obfuscating the data before encryption) in the client white-box algorithm. The preferred embodiment provided by the invention is that the two confusion algorithms are respectively arranged before and after the encryption algorithm, and when the client needs to use the client white-box algorithm, two inverse confusion algorithms are generated at the client so as to counteract the effect of two confusion processes.
In executing step 105, it can be realized through S21 and S22:
s21, the client generates at least one inverse confusion algorithm corresponding to the at least one confusion algorithm by using the preset confusion strategy according to the client ID information;
when the client generates the inverse confusion algorithm, the principle of the inverse confusion algorithm is the same as that of the server, and the structure of the inverse confusion algorithm is also a matrix queue. The client side is pre-configured with the same preset obfuscation policy as the server, so that at least one inverse obfuscation algorithm corresponding to the at least one obfuscation algorithm can be generated by using the preset obfuscation policy according to the client ID.
For example, as shown in FIG. 2, the client white-box algorithm includes a first obfuscation algorithm located before the encryption algorithm portion and a second obfuscation algorithm located after the encryption algorithm portion. For example, if the first obfuscation algorithm is the obfuscation matrix C1 and the second obfuscation algorithm is the obfuscation matrix C2, the step may calculate a hash value of the client ID ciphertext, and use the hash value matrix as the obfuscation matrix C1, and then calculate an inverse obfuscation matrix C1 to obtain an inverse obfuscation matrix C3 (i.e., an inverse obfuscation algorithm); similarly, a confusion matrix C2 is generated by using the random number a generated by using the client ID information ciphertext as a seed of the random function, and then the inverse of the confusion matrix C2 is calculated to obtain an inverse confusion matrix C4 (i.e., another inverse confusion algorithm). The confusion matrix C1 and the inverse confusion matrix C3 are inverse matrixes, and the confusion matrix C2 and the inverse confusion matrix C4 are inverse matrixes.
And S22, the client root processes the data to be processed by utilizing the at least one inverse confusion algorithm and the client white-box algorithm to obtain the processed data.
Taking the client white-box algorithm as the white-box encryption algorithm for example, when the client uses the client white-box algorithm to encrypt the data to be processed, if the generated at least one inverse confusion algorithm is not used, the data to be processed input into the client white-box algorithm is subjected to confusion processing by the confusion matrix C1 before data encryption, is subjected to data encryption after the confusion processing, is subjected to confusion processing by the confusion matrix C2 on the data ciphertext, and finally is output as the data subjected to the confusion processing. The processed data is not a data ciphertext encrypted by the preset key and the preset encryption algorithm, but the data encrypted before and after encryption is subjected to obfuscation processing, which causes a problem of data encryption and decryption error, and the purpose of accurately encrypting the data to be processed by accurately using the preset key and the preset encryption algorithm is difficult to achieve.
Therefore, in this step, in order to counteract the confusion processing of the data to be processed in the client white-box algorithm and only perform the encryption processing of the data separately, the client may perform the encryption processing on the data to be processed by using the at least one inverse confusion algorithm and the client white-box algorithm to obtain the processed data.
Thus, when the client white-box algorithm subjected to external confusion is used for data encryption or decryption, at least one inverse confusion algorithm corresponding to at least one confusion algorithm in the client white-box algorithm is generated according to the client ID and by using the preset confusion strategy consistent with the server side, and the data to be processed is encrypted or decrypted by using the at least one inverse confusion algorithm and the client white-box algorithm, so that the confusion processing of the data to be processed by the at least one confusion algorithm in the client white-box algorithm can be counteracted, the data output by the client white-box algorithm is only processed by the preset key and the preset processing algorithm, and the accurate use of the encryption algorithm or the decryption algorithm corresponding to the client white-box algorithm is ensured while the binding of the client white-box algorithm and the client is realized.
Optionally, when the client white-box algorithm comprises a first obfuscation algorithm and a second obfuscation algorithm, the at least one inverse obfuscation algorithm comprises a first inverse obfuscation algorithm corresponding to the first obfuscation algorithm, and a second inverse obfuscation algorithm corresponding to the second obfuscation algorithm.
As shown in fig. 2, the client side generates a first inverse obfuscation algorithm corresponding to the first obfuscation algorithm and a second inverse obfuscation algorithm corresponding to the second obfuscation algorithm.
Then when executing S22, it is realized by S31 to S33:
s31, the client performs confusion processing on the data to be processed according to the first inverse confusion algorithm;
wherein, as shown in fig. 2, before the data to be processed (e.g. 7) is input to the client white-box algorithm, 7 is first changed to 6 by the first inverse obfuscation algorithm.
S32, the client side utilizes the client side white box algorithm to process the data to be processed after the confusion processing of the first inverse confusion algorithm, and generates encrypted data or decrypted data after the confusion of the second confusion algorithm;
in this step, the client inputs 6 after the obfuscation process to the client white-box algorithm, and a first obfuscation algorithm in the client white-box algorithm performs the obfuscation process on 6, so as to cancel the obfuscation operation of the first inverse obfuscation algorithm, that is, to restore 6 to 7; then, encrypting 7 by an encryption algorithm part (a white box table obtained by mixing an encryption key with a preset encryption algorithm) in the client white box algorithm to generate 12; the encrypted data is then obfuscated using a second obfuscation algorithm, where 12 is obfuscated to 15; and finally, the client side white-box algorithm outputs the encrypted data 15 after being obfuscated by the second obfuscation algorithm.
And S33, the client performs de-obfuscation processing on the encrypted data or the decrypted data obfuscated by the second obfuscating algorithm according to the second inverse obfuscating algorithm to generate data processed by the preset processing algorithm and the preset key.
In this step, the client performs a second confusion process on the encrypted data 15 output by the client white-box algorithm and subjected to confusion by the second confusion algorithm, so as to cancel the confusion process of the second confusion algorithm on the encrypted data 12 in the client white-box algorithm, that is, the encrypted data 15 is restored to 12, so that the finally generated encrypted data 12 is a result of the encryption operation performed only by using the preset encryption algorithm and the preset key corresponding to the client white-box algorithm.
Here, the description is given by taking the client white-box algorithm as the white-box encryption algorithm as an example, and if the client white-box algorithm is the white-box decryption algorithm, the method is similar, and is not described herein again.
In this way, in the method of the embodiment of the present invention, in order to accurately use the encryption algorithm or the decryption algorithm corresponding to the client white-box algorithm when the client white-box algorithm includes the first obfuscating algorithm and the second obfuscating algorithm, a first inverse obfuscating algorithm that is inverse to the first obfuscating algorithm and a second inverse obfuscating algorithm that is inverse to the second obfuscating algorithm may be generated, and the first inverse obfuscating algorithm is used to perform obfuscating processing on the data to be processed before being input to the client white-box algorithm, so that the obfuscating processing of the first obfuscating algorithm can be cancelled by using the first inverse obfuscating algorithm; after the client-side white-box algorithm outputs the encrypted or decrypted data subjected to the confusion processing by the second confusion algorithm, the method of the embodiment of the invention can also utilize the second inverse confusion algorithm to counteract the second confusion algorithm, so that a data ciphertext or a data plaintext processed only by the preset processing algorithm in the client-side white-box algorithm and the preset key is generated, and the accurate encryption or decryption processing of the data to be processed by the preset processing algorithm and the preset key in the client-side white-box algorithm is ensured.
In addition, if the client does not have the correct client ID, an accurate inverse obfuscation algorithm may not be generated, so that an obfuscation algorithm in the client white-box algorithm (i.e., an external obfuscation encoding based on the client ID) may not be cancelled using the accurate inverse obfuscation algorithm, so that when data is encrypted or decrypted using the client white-box algorithm, correct encryption or decryption processing may not be completed. In this way, the binding of the client white-box algorithm to the client ID can be ensured.
Referring to fig. 3, the present invention provides another alternative embodiment based on the embodiment shown in fig. 1, and the data processing method includes the steps of:
step 101, the client sends a data request to the server, wherein the data request comprises client ID information and a data ID;
wherein, the data ID is the ID of the data requested to be processed by the client. The data is typically server-side stored data. The client here is a data request for requesting a client white-box algorithm bound to the data ID and to the client ID.
Alternatively, before step 101, the client may identify the manner in which the client ID information is obtained, for example, which function the client ID information is passed through, and identify the obtained client ID information. Then, when sending the data request, the client may load not only the client ID information and the data ID into the data request, but also the manner of obtaining the client ID information (e.g., the function name of the function that passed the client ID information) into the data request.
Therefore, the embodiment of the invention can enable the server to judge the legality of the client ID by loading the acquisition mode of the client ID information into the data request, so as to avoid the condition that the client illegally steals the client ID bound with the client white-box algorithm, and sends the data request by the stolen client ID, so as to request the client white-box algorithm, and avoid the client white-box algorithm bound with the client ID from being used by the illegal client stealing the client ID.
Optionally, in order to avoid a situation that an illegal client steals an ID of a client with a right to send a data request, in an embodiment of the present invention, the data request may further include an obtaining manner of client ID information, and before step 102 (or step 106), the method according to an embodiment of the present invention may further include: the server judges whether the acquisition mode of the ID information of the client is a preset acquisition mode or not;
if the obtaining mode of the client ID information is a preset obtaining mode, execute step 102.
Specifically, the server side may set in advance what is the legal client ID acquisition method, for example, functions 1 and 2 are legal, and other functions are not illegal. After receiving the data request of the client, the server side may analyze the data request to obtain an obtaining manner of the client ID information, and determine whether the obtaining manner is a preset obtaining manner, where it is determined whether the function name is a preset function name, if so, it indicates that the client is the client with the client ID information, and execute step 301 (or step 102) to generate a client white-box algorithm bound to the client; on the contrary, if no, it is indicated that the client ID information sent by the client may not be the actual client ID information of the client, and may be client ID information stolen from other authorized clients, then step 301 (or step 102) may not be executed in order to improve the security of the distributed key, or a false key is used to generate the client white-box algorithm, so that the client cannot perform operations such as accurate encryption/decryption/signature on data even if receiving the client white-box algorithm.
Step 106, the server acquires a preset secret key and a preset processing algorithm which are matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm;
on the server side, after receiving the data request, step 106 may be performed.
Specifically, the method of the embodiment of the present invention may configure a key for encryption or decryption and a processing algorithm for encryption or decryption for each data stored on the server side, respectively.
The present invention does not limit the type of data stored on the server side, such as video data, audio data, document data, and the like. The data is data that the server can distribute to the client, and the client side can encrypt or decrypt the data received from the server. In most scenarios, the data sent by the server to the client is a data ciphertext, and the client side needs to use the client white-box algorithm sent by the server in the method of the embodiment of the present invention to decrypt the data ciphertext.
Taking video data as an example, the server side may assign a fixed key and a processing algorithm (encryption algorithm or decryption algorithm) to each video, so that a certain video can only be encrypted or decrypted by using the key corresponding to the video and a client white-box algorithm generated by the processing algorithm.
After the video data storage at the server side is completed, the method of the embodiment of the invention can set a key and a processing algorithm corresponding to each video ID, so as to generate a preset corresponding relationship between the video ID and the key and the processing algorithm. For example, video 1 corresponds to key 1 and the AES encryption algorithm; video 2 corresponds to key 2 and the DES decryption algorithm.
Then, when generating the client white-box algorithm, the method according to the embodiment of the present invention may obtain the preset key and the preset processing algorithm corresponding to the video ID in the data request according to the corresponding relationship.
After step 106, the server executes step 102, and the server generates a client white-box algorithm obfuscated with the client ID information according to the client ID information by using the preset key, the preset processing algorithm and a preset obfuscation policy;
and the preset key and the preset processing algorithm corresponding to the client white box algorithm are a key and an algorithm matched with the data ID.
Since the preset key and the preset processing algorithm are bound to the data ID, the client white-box algorithm generated here is specifically used for performing encryption, signature, or decryption processing on the data with the data ID.
103, the server responds to the data request and sends the client white-box algorithm to the client;
104, the client receives a client white-box algorithm confused with the client ID information;
and 105, processing the data to be processed by the client according to the client ID information and the client white box algorithm to obtain the processed data.
In this way, the server in the embodiment of the present invention assigns a key and a processing algorithm to each data ID in advance, so as to generate a corresponding relationship between the data ID and the key and the processing algorithm, and when a data request sent from a client to the server includes the data ID, the server may obtain, according to the corresponding relationship, a preset key bound to the data ID in the data request and a preset processing algorithm, and generate, according to the client ID, a client white-box algorithm obfuscated with the client ID by using the preset key, the preset processing algorithm, and a preset obfuscation policy. The generated client white-box algorithm can be bound with the client ID and the data ID, so that only the client with the accurate client ID can use the client white-box algorithm to encrypt, sign or decrypt the data to be processed with the data ID. The method and the device realize the simultaneous binding of the client white-box algorithm, the client and the data to be processed, and ensure the independent encryption and decryption of the data.
Referring to fig. 4, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, and the method is applied to a server, and specifically may include the following steps:
Therefore, in the embodiment of the invention, in order to avoid that the data key is stored in the client in a plaintext, the server can confuse the preset key and the preset processing algorithm according to the client ID and the preset obfuscating strategy to generate the client white-box algorithm confusing the client ID, and distribute the client white-box algorithm to the client, so that the plaintext storage of the preset key in the client is avoided, and the security of the key stored at the client side is improved. In addition, because the client white-box algorithm adopts client ID information for confusion instead of client ID ciphertext, the client does not need to request a key corresponding to the client ID ciphertext from the server, so that the request times of the client to the server are reduced, and the data processing efficiency is improved.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 4, when performing step 402, at least one obfuscation algorithm may be first generated by using a preset obfuscation policy according to the client ID information; and then, generating a client white-box algorithm confused with the client ID information according to a preset secret key, a preset processing algorithm and the at least one obfuscating algorithm.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 4, the data request further includes a data ID; before performing step 402, the method according to an embodiment of the present invention may further include: and acquiring a preset secret key and a preset processing algorithm matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 4, the data request further includes an obtaining manner of the client ID information, and before performing step 402, the method according to the embodiment of the present invention may further include: judging whether the acquisition mode of the ID information of the client is a preset acquisition mode or not; then, if the obtaining manner of the client ID information is a preset obtaining manner, step 402 is executed.
Referring to fig. 5, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, and the method is applied to a client, and specifically may include the following steps:
In this way, in order to avoid that the data key is stored in the client in a plaintext, the client can receive a client white-box algorithm confused with the client ID, wherein the client white-box algorithm is a client white-box algorithm generated by confusing the preset key and the preset processing algorithm according to the client ID and a preset obfuscating policy, so that the plaintext storage of the preset key in the client is avoided, and the security of the key stored at the client side is improved; since the client is required to have the client ID bound to the client white-box algorithm when the client white-box algorithm is used, it is possible to ensure safe use of the client white-box algorithm.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 5, the client white-box algorithm comprises at least one obfuscation algorithm; then, in step 503, at least one inverse obfuscating algorithm corresponding to the at least one obfuscating algorithm may be generated by using the preset obfuscating policy according to the client ID information; and then, processing the data to be processed by utilizing the at least one inverse confusion algorithm and the client white box algorithm to obtain the processed data.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 5, when the client white-box algorithm comprises a first obfuscating algorithm and a second obfuscating algorithm, the at least one inverse obfuscating algorithm comprises a first inverse obfuscating algorithm corresponding to the first obfuscating algorithm, and a second inverse obfuscating algorithm corresponding to the second obfuscating algorithm;
then in step 503, the data to be processed may be obfuscated according to the first inverse obfuscation algorithm; then, processing the data to be processed after the confusion processing of the first inverse confusion algorithm by using the client white box algorithm to generate data after the confusion processing of the second confusion algorithm; and finally, performing de-obfuscation processing on the data obfuscated by the second obfuscating algorithm according to the second inverse obfuscating algorithm to generate data processed by the preset processing algorithm and the preset key.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 5, when the data request further includes a data ID, the preset key and the preset processing algorithm corresponding to the client white-box algorithm are a key and a processing algorithm matching the data ID.
Optionally, in another optional embodiment provided based on the embodiment shown in fig. 5, before step 501, the method according to the embodiment of the present invention may further include: identifying an acquisition mode of the client ID information, and identifying the acquired client ID information; then, in step 501, the client ID information and the obtaining manner may be loaded into a data request, and the data request may be sent.
For the single-side data processing method provided in the embodiments shown in fig. 4 and fig. 5, reference is specifically made to the corresponding descriptions and explanations in the embodiments shown in fig. 1 to fig. 3, and details are not repeated here.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Corresponding to the data processing method applied to the system including the server and the client provided by the embodiment of the present invention, referring to fig. 6, a block diagram of a data processing system embodiment of the present invention is shown, which may specifically include the client and the server;
the client is used for sending a data request to the server, and the data request comprises client ID information;
the server is used for generating a client white box algorithm confused with the client ID information by using a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
the server is used for responding to the data request and sending the client white-box algorithm to a client;
the client is used for receiving a client white-box algorithm confused with the client ID information;
and the client is used for processing data to be processed according to the client ID information and the client white box algorithm to obtain processed data.
Corresponding to the data processing method applied to the server provided by the embodiment of the present invention, referring to fig. 7, a block diagram of a data processing apparatus embodiment of the present invention is shown, which is applied to the server, and specifically includes the following modules:
a first receiving module 701, configured to receive a data request, where the data request includes client ID information;
a generating module 702, configured to generate, according to the client ID information, a client white-box algorithm obfuscated with the client ID information by using a preset key, a preset processing algorithm, and a preset obfuscation policy;
a response module 703, configured to send the client white-box algorithm in response to the data request.
Optionally, the generating module 702 includes:
the first generation submodule is used for generating at least one confusion algorithm by utilizing a preset confusion strategy according to the ID information of the client;
and the second generation submodule is used for generating a client white-box algorithm confused with the client ID information according to a preset secret key, a preset processing algorithm and the at least one obfuscation algorithm.
Optionally, the apparatus further comprises:
and the obtaining module is used for obtaining a preset secret key and a preset processing algorithm which are matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm if the data request further comprises the data ID.
Optionally, the apparatus further comprises:
the judging module is used for judging whether the obtaining mode of the ID information of the client is a preset obtaining mode or not if the data request further comprises the obtaining mode of the ID information of the client;
the generating module 702 is further configured to, if the determining module determines that the obtaining manner of the client ID information is a preset obtaining manner, generate a client white-box algorithm confused with the client ID information according to the client ID information by using a preset key, a preset processing algorithm, and a preset obfuscating policy.
Corresponding to the data processing method applied to the client terminal provided by the embodiment of the present invention, referring to fig. 8, a structural block diagram of an embodiment of a data processing apparatus of the present invention is shown, which is applied to the client terminal, and specifically includes the following modules:
a sending module 801, configured to send a data request, where the data request includes client ID information;
a second receiving module 802, configured to receive a client white-box algorithm obfuscated with the client ID information, where the client white-box algorithm is an algorithm generated by using a preset key, a preset processing algorithm, and a preset obfuscation policy according to the client ID information;
and the processing module 803 is configured to process data to be processed according to the client ID information and the client white box algorithm, so as to obtain processed data.
Optionally, the processing module 803 includes:
a third generation sub-module, configured to generate, according to the client ID information and by using the preset obfuscation policy, at least one inverse obfuscation algorithm corresponding to the at least one obfuscation algorithm, if the client white-box algorithm includes at least one obfuscation algorithm;
and the processing submodule is used for processing the data to be processed by utilizing the at least one inverse confusion algorithm and the client white box algorithm to obtain the processed data.
Optionally, the client white-box algorithm comprises a first obfuscation algorithm and a second obfuscation algorithm, wherein the at least one inverse obfuscation algorithm comprises a first inverse obfuscation algorithm corresponding to the first obfuscation algorithm, and a second inverse obfuscation algorithm corresponding to the second obfuscation algorithm;
the processing submodule comprises:
the confusion unit is used for carrying out confusion processing on the data to be processed according to the first inverse confusion algorithm;
the first processing unit is used for processing the data to be processed after the confusion processing of the first inverse confusion algorithm by utilizing the client white-box algorithm to generate data after the confusion processing of the second confusion algorithm;
and the second processing unit is used for performing de-obfuscating processing on the data obfuscated by the second obfuscating algorithm according to the second inverse obfuscating algorithm to generate data processed by the preset processing algorithm and the preset key.
Optionally, when the data request further includes a data ID, the preset key and the preset processing algorithm corresponding to the client white-box algorithm are a key and a processing algorithm matched with the data ID.
Optionally, the apparatus further comprises:
the identification module is used for identifying the acquisition mode of the client ID information and identifying the acquired client ID information;
the sending module 801 is further configured to load the client ID information and the obtaining manner into a data request, and send the data request.
For the device embodiments, since they are substantially similar to the corresponding method embodiments, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the corresponding method embodiments.
According to still another embodiment of the present invention, there is also provided a server including: a memory, a processor and a data processing program stored on the memory and operable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method applied to the server as described in any one of the above embodiments.
According to another embodiment of the present invention, the present invention further provides a client, including: the data processing method comprises a memory, a processor and a data processing program stored on the memory and capable of running on the processor, wherein when the data processing program is executed by the processor, the steps of the data processing method applied to the client side are realized according to any one of the embodiments.
According to still another embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a data processing program which, when executed by a processor, implements the steps in the data processing method applied to a server as described in any one of the above embodiments, or implements the steps in the data processing method applied to a client as described in any one of the above embodiments.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The data processing method, the data processing apparatus, the data processing system, the server, the client, and the computer-readable storage medium provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (21)
1. A data processing method is applied to a system comprising a server and a client, and comprises the following steps:
the client sends a data request to the server, wherein the data request comprises client ID information and an acquisition mode of the client ID information;
judging whether the acquisition mode of the ID information of the client is a preset acquisition mode or not;
if the acquisition mode of the client ID information is a preset acquisition mode, the server generates a client white box algorithm confused with the client ID information by using a preset key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
the server responds to the data request and sends the client white-box algorithm to a client;
the client receives a client white-box algorithm confused with the client ID information;
and the client processes the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
2. A data processing method is applied to a server, and the method comprises the following steps:
receiving a data request, wherein the data request comprises client ID information and an acquisition mode of the client ID information;
judging whether the acquisition mode of the ID information of the client is a preset acquisition mode or not;
if the client ID information is acquired in the preset acquisition mode, generating a client white box algorithm confused with the client ID information by using a preset key, a preset processing algorithm and a preset confusion strategy according to the client ID information;
and sending the client white-box algorithm in response to the data request.
3. The method according to claim 2, wherein the generating a client white-box algorithm obfuscated with the client ID information according to the client ID information by using the preset key, the preset processing algorithm, and the preset obfuscation policy comprises:
generating at least one confusion algorithm by utilizing the preset confusion strategy according to the ID information of the client;
and generating a client white-box algorithm confused with the client ID information according to the preset secret key, the preset processing algorithm and the at least one obfuscating algorithm.
4. The method of claim 2, wherein the data request further comprises a data ID;
before generating, according to the client ID information, a client white-box algorithm obfuscated with the client ID information by using the preset key, the preset processing algorithm, and the preset obfuscation policy, the method further includes:
and acquiring the preset secret key and the preset processing algorithm matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm.
5. A data processing method is applied to a client, and the method comprises the following steps:
sending a data request, wherein the data request comprises client ID information and an acquisition mode of the client ID information;
receiving a client white-box algorithm confused with the client ID information, wherein the client white-box algorithm is an algorithm generated by utilizing a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information when the server judges that the acquisition mode of the client ID information is a preset acquisition mode;
and processing the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
6. The method of claim 5, wherein the client white-box algorithm comprises at least one obfuscation algorithm;
the processing the data to be processed according to the client ID information and the client white-box algorithm to obtain the processed data comprises the following steps:
generating at least one inverse confusion algorithm corresponding to the at least one confusion algorithm by utilizing the preset confusion strategy according to the client ID information;
and processing the data to be processed by utilizing the at least one inverse confusion algorithm and the client white box algorithm to obtain the processed data.
7. The method of claim 6, wherein when the client white-box algorithm comprises a first obfuscation algorithm and a second obfuscation algorithm, the at least one inverse obfuscation algorithm comprises a first inverse obfuscation algorithm corresponding to the first obfuscation algorithm, and a second inverse obfuscation algorithm corresponding to the second obfuscation algorithm;
the processing the data to be processed by using the at least one inverse confusion algorithm and the client white-box algorithm to obtain the processed data comprises the following steps:
performing confusion processing on the data to be processed according to the first inverse confusion algorithm;
processing the data to be processed after the confusion processing of the first inverse confusion algorithm by using the client white box algorithm to generate data which is processed by the first confusion algorithm, the preset secret key and the preset processing algorithm and is subjected to the confusion processing of the second confusion algorithm;
and performing de-obfuscation processing on the data obfuscated by the second obfuscating algorithm according to the second inverse obfuscating algorithm to generate data processed by the preset processing algorithm and the preset key.
8. The method of claim 5, wherein when the data request further includes a data ID, the preset key and the preset processing algorithm corresponding to the client white-box algorithm are a key and a processing algorithm matching the data ID.
9. The method of claim 5,
before the sending the data request, the method further includes: identifying an acquisition mode of the client ID information, and identifying the acquired client ID information;
the sending data request comprises: and loading the client ID information and the acquisition mode into a data request, and sending the data request.
10. A data processing system comprising a client and a server;
the client is used for sending a data request to the server, wherein the data request comprises client ID information and an acquisition mode of the client ID information;
the server is used for judging whether the acquisition mode of the ID information of the client is a preset acquisition mode or not;
the server is used for generating a client white box algorithm confused with the client ID information by utilizing a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information if the acquisition mode of the client ID information is a preset acquisition mode;
the server is used for responding to the data request and sending the client white-box algorithm to a client;
the client is used for receiving a client white-box algorithm confused with the client ID information;
and the client is used for processing data to be processed according to the client ID information and the client white box algorithm to obtain processed data.
11. A data processing apparatus, applied to a server, the apparatus comprising:
the receiving module is used for receiving a data request, wherein the data request comprises client ID information and an acquisition mode of the client ID information;
the judging module is used for judging whether the obtaining mode of the ID information of the client is a preset obtaining mode or not;
the generating module is used for generating a client white box algorithm confused with the client ID information by utilizing a preset secret key, a preset processing algorithm and a preset confusion strategy according to the client ID information if the judging module judges that the acquisition mode of the client ID information is a preset acquisition mode;
and the response module is used for responding to the data request and sending the client white-box algorithm.
12. The apparatus of claim 11, wherein the generating module comprises:
the first generation submodule is used for generating at least one confusion algorithm by utilizing a preset confusion strategy according to the ID information of the client;
and the second generation submodule is used for generating a client white-box algorithm confused with the client ID information according to a preset secret key, a preset processing algorithm and the at least one obfuscation algorithm.
13. The apparatus of claim 11, further comprising:
and the obtaining module is used for obtaining a preset secret key and a preset processing algorithm which are matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm if the data request further comprises the data ID.
14. A data processing apparatus, applied to a client, the apparatus comprising:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a data request, and the data request comprises client ID information and an acquisition mode of the client ID information;
the receiving module is used for receiving a client white-box algorithm confused with the client ID information, wherein the client white-box algorithm is an algorithm generated by utilizing a preset secret key, a preset processing algorithm and a preset obfuscating strategy according to the client ID information when the server judges that the acquisition mode of the client ID information is a preset acquisition mode;
and the processing module is used for processing the data to be processed according to the client ID information and the client white box algorithm to obtain the processed data.
15. The apparatus of claim 14, wherein the processing module comprises:
the generating submodule is used for generating at least one inverse confusion algorithm corresponding to the at least one confusion algorithm by utilizing the preset confusion strategy according to the client ID information if the client white-box algorithm comprises at least one confusion algorithm;
and the processing submodule is used for processing the data to be processed by utilizing the at least one inverse confusion algorithm and the client white box algorithm to obtain the processed data.
16. The apparatus of claim 15, wherein the client white-box algorithm comprises a first obfuscation algorithm and a second obfuscation algorithm, wherein the at least one inverse obfuscation algorithm comprises a first inverse obfuscation algorithm corresponding to the first obfuscation algorithm and a second inverse obfuscation algorithm corresponding to the second obfuscation algorithm;
the processing submodule comprises:
the confusion unit is used for carrying out confusion processing on the data to be processed according to the first inverse confusion algorithm;
the first processing unit is used for processing the data to be processed after the confusion processing of the first inverse confusion algorithm by utilizing the client white box algorithm to generate data which is processed by the first confusion algorithm, the preset secret key and the preset processing algorithm and is subjected to the confusion processing of the second confusion algorithm;
and the second processing unit is used for performing de-obfuscating processing on the data obfuscated by the second obfuscating algorithm according to the second inverse obfuscating algorithm to generate data processed by the preset processing algorithm and the preset key.
17. The apparatus of claim 14, wherein when the data request further includes a data ID, the preset key and the preset processing algorithm corresponding to the client white-box algorithm are a key and a processing algorithm matching the data ID.
18. The apparatus of claim 14, further comprising:
the identification module is used for identifying the acquisition mode of the client ID information and identifying the acquired client ID information;
the sending module is further configured to load the client ID information and the obtaining manner into a data request, and send the data request.
19. A server, comprising: memory, processor and data processing program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the data processing method according to any one of claims 2 to 4.
20. A client, comprising: memory, processor and data processing program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the data processing method according to any of claims 5 to 9.
21. A computer-readable storage medium, characterized in that a data processing program is stored thereon, which when executed by a processor implements the steps in the data processing method of any one of claims 2 to 4, or the steps of the data processing method of any one of claims 5 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282103.4A CN110149312B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282103.4A CN110149312B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110149312A CN110149312A (en) | 2019-08-20 |
| CN110149312B true CN110149312B (en) | 2021-10-15 |
Family
ID=67588656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910282103.4A Active CN110149312B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110149312B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112543167B (en) * | 2019-09-20 | 2023-07-14 | 天翼电子商务有限公司 | Communication encryption method, system, medium and device |
| CN111737689B (en) * | 2020-06-10 | 2023-07-14 | 北京奇艺世纪科技有限公司 | Data processing method, processor, electronic device and storage medium |
| CN115085974A (en) * | 2022-05-20 | 2022-09-20 | 武汉虹旭信息技术有限责任公司 | Flow confusion method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681025A (en) * | 2016-01-29 | 2016-06-15 | 中国科学院信息工程研究所 | Security white box realizing method and device for national cipher standard algorithm SM4 |
| CN107809313A (en) * | 2017-10-31 | 2018-03-16 | 北京三未信安科技发展有限公司 | A kind of whitepack crypto-operation method and system |
| CN107968793A (en) * | 2017-12-29 | 2018-04-27 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack key |
| CN108111622A (en) * | 2017-12-29 | 2018-06-01 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack library file |
| CN108134673A (en) * | 2017-12-29 | 2018-06-08 | 北京梆梆安全科技有限公司 | A kind of method and device for generating whitepack library file |
| CN109002708A (en) * | 2017-06-06 | 2018-12-14 | 恩智浦有限公司 | Method for distributing the software application and encipheror of whitepack embodiment |
| CN109728914A (en) * | 2019-01-23 | 2019-05-07 | 北京奇艺世纪科技有限公司 | Digital signature authentication method, system, device and computer readable storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9342592B2 (en) * | 2013-07-29 | 2016-05-17 | Workday, Inc. | Method for systematic mass normalization of titles |
| CN107861833B (en) * | 2017-10-30 | 2020-01-21 | 平安科技(深圳)有限公司 | Method and device for generating identification code, computer equipment and readable storage medium |
| CN108566476B (en) * | 2018-03-30 | 2020-11-03 | 新沂市摩尔网络科技有限公司 | Information processing method, terminal and computer readable storage medium |
-
2019
- 2019-04-09 CN CN201910282103.4A patent/CN110149312B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681025A (en) * | 2016-01-29 | 2016-06-15 | 中国科学院信息工程研究所 | Security white box realizing method and device for national cipher standard algorithm SM4 |
| CN109002708A (en) * | 2017-06-06 | 2018-12-14 | 恩智浦有限公司 | Method for distributing the software application and encipheror of whitepack embodiment |
| CN107809313A (en) * | 2017-10-31 | 2018-03-16 | 北京三未信安科技发展有限公司 | A kind of whitepack crypto-operation method and system |
| CN107968793A (en) * | 2017-12-29 | 2018-04-27 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack key |
| CN108111622A (en) * | 2017-12-29 | 2018-06-01 | 北京梆梆安全科技有限公司 | A kind of method, apparatus and system for downloading whitepack library file |
| CN108134673A (en) * | 2017-12-29 | 2018-06-08 | 北京梆梆安全科技有限公司 | A kind of method and device for generating whitepack library file |
| CN109728914A (en) * | 2019-01-23 | 2019-05-07 | 北京奇艺世纪科技有限公司 | Digital signature authentication method, system, device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110149312A (en) | 2019-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10826708B2 (en) | Authenticating nonces prior to encrypting and decrypting cryptographic keys | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN112514321B (en) | Shared secret establishment | |
| CA3008199C (en) | Securing webpages, webapps and applications | |
| CN110177073B (en) | Data processing method, device, system and computer readable storage medium | |
| CN105915342A (en) | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method | |
| CN110149312B (en) | Data processing method, device, system and computer readable storage medium | |
| EP3169017B1 (en) | Split-and-merge approach to protect against dfa attacks | |
| CN105577379A (en) | Information processing method and apparatus thereof | |
| CN113128999B (en) | Block chain privacy protection method and device | |
| CN108111622B (en) | Method, device and system for downloading white box library file | |
| CN108134673B (en) | Method and device for generating white box library file | |
| US7805616B1 (en) | Generating and interpreting secure and system dependent software license keys | |
| CN110049032A (en) | A kind of the data content encryption method and device of two-way authentication | |
| CN108183796A (en) | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN110636067A (en) | Data encryption method, data decryption method and device | |
| CN110166425B (en) | Data processing method, device, system and computer readable storage medium | |
| CN110149311B (en) | Data processing method, device, server and readable storage medium | |
| CN117436043A (en) | Method and device for verifying source of file to be executed and readable storage medium | |
| EP3238365B1 (en) | Cryptographic system and method | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| CN116204903A (en) | Financial data security management method and device, electronic equipment and storage medium | |
| WO2021129676A1 (en) | Uri construction method and apparatus, and medium and device | |
| WO2021129681A1 (en) | Scheduling method and apparatus, and medium and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |