CN110505066A - A kind of data transmission method, device, equipment and storage medium - Google Patents
A kind of data transmission method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110505066A CN110505066A CN201910821041.XA CN201910821041A CN110505066A CN 110505066 A CN110505066 A CN 110505066A CN 201910821041 A CN201910821041 A CN 201910821041A CN 110505066 A CN110505066 A CN 110505066A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- key
- transmitted
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 76
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000008569 process Effects 0.000 claims abstract description 9
- 230000002194 synthesizing effect Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 150000003839 salts Chemical class 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Present disclose provides a kind of data transmission method, device, equipment and storage mediums, this method comprises: the be-encrypted data in identification data to be transmitted;The be-encrypted data is the partial data in the data to be transmitted;The be-encrypted data is encrypted using first key, obtains ciphertext;The first data message is transmitted to receiving device, includes the ciphertext and the first key after public key encryption in first data message.Pass through the be-encrypted data in identification data to be transmitted, only be-encrypted data can be encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, it is possible thereby to reduce encryption amount, and since the data volume after encryption is often greater than original data volume, by the way that only part be-encrypted data is encrypted, the data volume of data transmission procedure also can be effectively reduced, promote data transmission performance.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data transmission method, apparatus, device, and storage medium.
Background
In the data transmission process of the front-end and back-end equipment, if a plaintext transmission mode is adopted, the problem that the user data is intercepted by being attacked in the transmission process easily occurs, and the user data is leaked. Therefore, the encryption processing of the data in the data transmission process is particularly important. However, an improper data encryption manner may affect data transmission performance, for example, if the data after encryption processing is huge, transmission performance may be reduced, or, on the other hand, there may also be a problem that an encryption key is intercepted during transmission, thereby causing data leakage.
Disclosure of Invention
In view of this, an object of the embodiments of the present disclosure is to provide a data transmission method, apparatus, device and storage medium.
In a first aspect, the present disclosure provides a data transmission method, applied in a sending device, including:
identifying data to be encrypted in the data to be transmitted; the data to be encrypted is part of the data to be transmitted; encrypting the data to be encrypted by using a first key to obtain a ciphertext; and transmitting a first data message to a receiving device, wherein the first data message comprises the ciphertext and the first key encrypted by the public key.
By identifying the data to be encrypted in the data to be transmitted, the data to be encrypted can be encrypted to obtain a ciphertext, and the data to be encrypted which is not in the data to be transmitted can not be encrypted, so that the encryption processing amount can be reduced, and because the data amount after encryption processing is always larger than the original data amount, the data amount in the data transmission process can be effectively reduced by encrypting only part of the data to be encrypted, and the data transmission performance is improved. In addition, the first key for transmission is encrypted by using the public key, so that the first key can be effectively prevented from being stolen in the data transmission process, and the data transmission safety can be improved.
In a possible implementation manner, the first data message further includes unencrypted data, except for the identified data to be encrypted, in the data to be transmitted; or after the data to be encrypted in the data to be transmitted is identified, the method further includes: and transmitting a second data message to the receiving equipment, wherein the second data message comprises unencrypted data except the identified data to be encrypted.
By selectively transmitting unencrypted data through a plaintext message, the encryption processing amount can be effectively reduced, and the data transmission performance can be improved.
In a possible embodiment, the identifying data to be encrypted in the data to be transmitted includes: identifying at least one data attribute included in the data to be transmitted and an attribute value corresponding to each data attribute; screening out data attributes meeting encryption conditions from the at least one data attribute; and taking the attribute value corresponding to the data attribute meeting the encryption condition as the data to be encrypted.
In this embodiment, by splitting the data to be transmitted, the attribute value corresponding to the data attribute to be encrypted can be screened based on the data attribute obtained after splitting, so that the data to be encrypted can be effectively identified.
In a possible implementation manner, the first data packet further includes the unencrypted data attribute corresponding to the data to be encrypted.
In this embodiment, by carrying the data attribute corresponding to the data to be encrypted in the first data packet, the receiving device can directly identify the data attribute of the ciphertext after receiving the first data packet, without identifying the ciphertext after decrypting the ciphertext.
In a possible implementation manner, the first data packet further includes at least one of the following information: encryption algorithm identification information used for the encryption process, version information of the encryption algorithm, and data padding algorithm identification information.
In this embodiment, by carrying these pieces of information in the first data packet, the receiving device can determine the mode used for parsing the ciphertext conveniently, and the efficiency of parsing the ciphertext is improved.
In a possible embodiment, the first key is generated according to the following:
generating a random code and a current timestamp; and generating the first key according to the random code and the current timestamp.
In the embodiment, the first key is generated through the random code and the timestamp, and the first key has randomness, so that the difficulty of key cracking can be enhanced, and the safety performance of data transmission is improved.
In a second aspect, the present disclosure provides a data transmission method, applied in a receiving device, including:
receiving a first data message sent by a sending device, wherein the first data message comprises a first secret key encrypted by a public key and a ciphertext encrypted by the first secret key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key; decrypting the first key encrypted by the public key by using a private key matched with the public key to obtain the first key; and decrypting the ciphertext by using the first key to obtain part of decrypted data in the data to be transmitted.
The first key is analyzed by using the private key, the ciphertext is further analyzed by using the analyzed first key, and the decrypted data can be obtained through double analysis operation, so that the safety of data transmission can be improved.
In a possible implementation manner, the first data packet further includes unencrypted data in the data to be transmitted; after receiving the first data packet sent by the sending device, the method further includes: identifying the unencrypted data in the first data packet; after obtaining the decrypted partial data in the data to be transmitted, the method further includes: and synthesizing the decrypted partial data and the unencrypted data to obtain the data to be transmitted.
In a possible implementation manner, the first data packet further carries a data identifier, and the method further includes: receiving a second data message sent by the sending equipment; and after the data identification carried in the second data message is determined to be consistent with the data identification carried in the first data message, synthesizing the unencrypted data in the second data message with the decrypted partial data in the data to be transmitted to obtain the data to be transmitted.
In a third aspect, the present disclosure provides a data transmission apparatus, including:
the identification module is used for identifying data to be encrypted in the data to be transmitted; the data to be encrypted is part of the data to be transmitted; the encryption module is used for encrypting the data to be encrypted by using a first secret key to obtain a ciphertext; and the sending module is used for transmitting a first data message to the receiving equipment, wherein the first data message comprises the ciphertext and the first key encrypted by the public key.
In a possible implementation manner, the first data packet further includes unencrypted data, except for the identified data to be encrypted, in the data to be transmitted;
or, the sending module is further configured to: and transmitting a second data message to the receiving equipment, wherein the second data message comprises unencrypted data except the identified data to be encrypted.
In a possible implementation manner, when identifying data to be encrypted in the data to be transmitted, the identifying module is specifically configured to: identifying at least one data attribute included in the data to be transmitted and an attribute value corresponding to each data attribute; screening out data attributes meeting encryption conditions from the at least one data attribute; and taking the attribute value corresponding to the data attribute meeting the encryption condition as the data to be encrypted.
In a possible implementation manner, the first data packet further includes the unencrypted data attribute corresponding to the data to be encrypted.
In a possible implementation manner, the first data packet further includes at least one of the following information: encryption algorithm identification information used for the encryption process, version information of the encryption algorithm, and data padding algorithm identification information.
In a possible embodiment, the apparatus further comprises: a generation module; the generation module is configured to: generating a random code and a current timestamp; and generating the first key according to the random code and the current timestamp.
In a fourth aspect, the present disclosure provides a data transmission apparatus, comprising:
the receiving module is used for receiving a first data message sent by sending equipment, wherein the first data message comprises a first secret key encrypted by a public key and a ciphertext encrypted by the first secret key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key; the first decryption module is used for decrypting the first secret key encrypted by the public key by using a private key matched with the public key to obtain the first secret key; and the second decryption module is used for decrypting the ciphertext by using the first key to obtain part of decrypted data in the data to be transmitted.
In a possible implementation manner, the first data packet further includes unencrypted data in the data to be transmitted; the receiving module, after receiving the first data packet sent by the sending device, is further configured to: identifying the unencrypted data in the first data packet; the second decryption module, after obtaining the decrypted partial data in the data to be transmitted, is further configured to: and synthesizing the decrypted partial data and the unencrypted data to obtain the data to be transmitted.
In a possible implementation manner, the first data packet further carries a data identifier, and the receiving module is further configured to: receiving a second data message sent by the sending equipment; and after the data identification carried in the second data message is determined to be consistent with the data identification carried in the first data message, synthesizing the unencrypted data in the second data message with the decrypted partial data in the data to be transmitted to obtain the data to be transmitted.
In a fifth aspect, the present disclosure provides an electronic device comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is operating, the machine-readable instructions being executable by the processor to perform the steps of the data transmission method according to the first aspect or any of the embodiments, or to perform the steps of the data transmission method according to the second aspect or any of the embodiments.
In a sixth aspect, the present disclosure provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of performing the data transmission method according to the first aspect or any one of the embodiments described above, or performs the steps of performing the data transmission method according to the second aspect or any one of the embodiments described above.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings may be obtained from the drawings without inventive effort.
Fig. 1 shows a flow chart of a data transmission method provided by an embodiment of the present disclosure;
fig. 2 is a schematic diagram illustrating a protocol format of a first data packet according to an embodiment of the disclosure;
fig. 3 is a flow chart illustrating another data transmission method provided by the embodiment of the disclosure;
fig. 4 is a schematic structural diagram of a data transmission apparatus provided in an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of another data transmission apparatus provided in the embodiment of the present disclosure;
fig. 6 shows a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, not all of the embodiments. The components of the embodiments of the present disclosure, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
The data transmission method provided by the present disclosure may be applied in an end-to-end data transmission scenario, which may be, for example, a scenario of data transmission between a front-end device (e.g., a user terminal) and a back-end device (e.g., a server). The user terminal includes, but is not limited to, a mobile phone, a tablet computer, a vehicle-mounted device, a wearable device, a Personal Digital Assistant (PDA), a Point of Sales (POS), and the like. The application program installed on the user terminal, the embedded applet and the webpage can receive various user data input by a user and upload the user data to the server, or receive various user data requested by the server, and the user data are used as data to be transmitted and need to be encrypted in the transmission process between the user terminal and the server.
In consideration of the fact that user sensitive information in user data generally needs to be encrypted, and some non-sensitive information can be directly transmitted in a plaintext mode, in the method, data to be encrypted in the data to be transmitted are identified, only the data to be encrypted can be encrypted to obtain a ciphertext, and the data not to be encrypted in the data to be transmitted can not be encrypted, so that the encryption processing amount can be reduced, and the data amount after encryption processing is often larger than the original data amount, so that the data amount in the data transmission process can be effectively reduced and the data transmission performance is improved by only encrypting part of the data to be encrypted. In addition, the first key used in the encryption processing is encrypted, so that the first key can be prevented from being stolen in the data transmission process, and the security of data transmission can be effectively provided.
In order to facilitate understanding of the technical solutions provided by the present disclosure, a data transmission method provided by an embodiment of the present disclosure is first described in detail.
Fig. 1 is a schematic flow chart of a data transmission method according to an embodiment of the present disclosure. The data transmission method may also be executed by a sending device, where the sending device may be a front-end device or a back-end device, and for example, the sending device may be a user terminal or a server. Specifically, the data transmission method comprises the following steps:
step 101, identifying data to be encrypted in the data to be transmitted, wherein the data to be encrypted is part of the data to be transmitted.
The sending device may identify data to be encrypted in the data to be transmitted, in case it is detected that the data to be transmitted is present. For example, in the case that the sending device is a front-end device, it may be determined that data to be transmitted is detected when a data transmission instruction input by a user is received or when a data request instruction sent by a back-end device is received. Alternatively, in the case where the sending device is a backend device, it may be determined that data to be transmitted is detected in the case where a request data instruction sent by the frontend device is received.
In the embodiment of the disclosure, the data to be encrypted in the data to be transmitted can be identified by considering that all the data to be transmitted are not necessarily sensitive information which needs to be encrypted. In a possible implementation, the data to be transmitted may be split, specifically including the following steps,
step 1011, at least one data attribute included in the data to be transmitted and an attribute value corresponding to each data attribute are identified.
The data attribute and the corresponding attribute value may be in the form of a key-value pair. Key represents a data attribute and value represents an attribute value. Each data attribute may correspond to a unique attribute value.
In one example, assume that the data to be transmitted is user data, including zhang san, 18 years old, login account number XXX, and login password XXX, and the data attributes and corresponding attribute values identified in this field include name-zhang san, age-18, login account number XXX, and login password-XXX.
Step 1012, the data attribute meeting the encryption condition is screened out from at least one data attribute.
In one possible embodiment, a data attribute set to be encrypted may be defined in advance, and it may be determined whether or not a data attribute of at least one data attribute is included in the data attribute set.
And 1013, taking the attribute value corresponding to the data attribute meeting the encryption condition as the data to be encrypted.
Continuing with the above example, assuming that the pre-agreed data attribute set to be encrypted includes name, age, and login password, the identified name, age, and login password in the field may be used as the data attribute meeting the encryption condition, and the attribute values "zhang san", "18", and "xxx" are used as the data to be encrypted.
In the above embodiment, by splitting the data to be transmitted, the attribute value corresponding to the data attribute to be encrypted can be screened based on the data attribute obtained after splitting, so that the effective identification of the data to be encrypted can be realized.
And 102, encrypting the data to be encrypted by using the first key to obtain a ciphertext.
In one possible embodiment, the first key may be generated according to the following: generating a random code and a current timestamp; a first key is generated based on the random code and the current timestamp. And then, the attribute value corresponding to the data attribute meeting the encryption condition can be encrypted by using the first key to obtain a ciphertext. The first key is generated through the random code and the timestamp, and the first key has randomness, so that the difficulty of cracking the key can be enhanced, and the safety performance of data transmission is improved.
The random code may be generated using a random algorithm, such as generating an 8-bit random number. The current timestamp is a current time point, and is, for example, a timestamp of 8 bits. The random code and the current timestamp are combined to obtain a salt value, namely an encrypted salt value. For example, the generated 8-bit random number and the 8-bit time stamp are combined into a 16-bit encrypted salt value. The obtained encrypted salt value may be directly used as the first key, or the encrypted salt value may be subjected to buffer (buffer) conversion to obtain the first key. The obtained first key is, for example, a symmetric Encryption key, such as an Advanced Encryption Standard (AES) key. For example, when the AES key is used to encrypt the data to be encrypted, the data to be encrypted may be grouped to obtain a group of data, each group of data has the same length, and for each group of data, the key corresponding to the group of data in the AES key is used to encrypt the data until the entire data to be encrypted is encrypted.
In one embodiment of the present disclosure, after the first key is generated, the first key may be further subjected to an encryption process. For example, the first key is subjected to encryption processing using a public key stored in advance. The first key for transmission is encrypted by using the public key, so that the first key can be effectively prevented from being stolen in the data transmission process, and the data transmission safety can be improved.
Step 103, transmitting a first data message to the receiving device, where the first data message includes the ciphertext and the first key encrypted by the public key.
The first data message carries the first key encrypted by the public key, so that the receiving device can analyze the first key, and further analyze the ciphertext by using the analyzed first key to obtain the transmitted data.
In the embodiment of the present disclosure, the first data packet may further include a data attribute corresponding to the data to be encrypted. By carrying the data attribute corresponding to the data to be encrypted in the first data message, the receiving device can directly identify the data attribute of the ciphertext after receiving the first data message, and does not need to decrypt the ciphertext and then identify the ciphertext.
In the embodiment of the present disclosure, the first data packet may further include at least one of the following information: encryption algorithm identification information, version information of an encryption algorithm, and data padding algorithm identification information used for encryption processing. By carrying the information in the first data message, the receiving device can determine the mode for analyzing the ciphertext conveniently, and the efficiency of analyzing the ciphertext is improved.
Since the encryption algorithms are different and the key lengths of the first keys are also different, the encryption algorithm used for the encryption processing is identified by the encryption algorithm identification information so as to obtain the key lengths of the first keys. Since the encryption algorithm is updated continuously, the version information of the first key used in the current encryption process can be represented by the version information of the encryption algorithm.
Under the condition that the AES key is used for encrypting the data to be encrypted, the data to be encrypted needs to be grouped, each group of data needs to be encrypted respectively, and the length of each group of data is required to be the same, so that under the condition that the last group of data does not meet the length requirement, the usable data filling algorithm can be identified by identifying the identification information of the data filling algorithm, and further, the data filling algorithm can be used for supplementing bits to the last group of data so as to enable the last group of data to meet the length requirement. For example, assuming that the data to be encrypted is divided into N groups of data according to a length of 16 bytes, the data from the 1 st group to the N-1 st group is 16 bytes, and the data of the N group is 8 bytes, in this case, the data padding operation needs to be performed on the data of the N group, for example, the data padding algorithm may perform a zero padding operation on missing bits, so that the data of the N group can be padded into data of a length of 16 bytes. In view of the particularity of such encryption algorithm, data padding algorithm identification information may be carried in the first data packet, so that the receiving device knows the data padding algorithm in the packet data based on the data padding algorithm identification information.
Illustratively, referring to fig. 2, a format of a first data packet provided for the embodiment of the present disclosure sequentially includes version information, encryption algorithm identification information, a first key after encryption processing, data padding algorithm identification information, a data attribute meeting an encryption condition, and a ciphertext.
In the embodiment of the disclosure, the first data message further includes unencrypted data except the identified data to be encrypted in the data to be transmitted; or after identifying the data to be encrypted in the data to be transmitted, transmitting a second data message to the receiving device, wherein the second data message comprises unencrypted data except the identified data to be encrypted. The second data message may include other data to be transmitted that is not transmitted, that is, unencrypted data, and such unencrypted data may be directly transmitted in plaintext. For example, the attribute values corresponding to the data attributes that do not meet the encryption condition in the data to be transmitted, the data attributes that do not meet the encryption condition, and the like may be included. The protocol used for the second data message is not limited in this disclosure. By selectively transmitting unencrypted data through a plaintext message, the encryption processing amount can be effectively reduced, and the data transmission performance can be improved.
Fig. 3 is a schematic flow chart of a data transmission method according to an embodiment of the present disclosure. The data transmission method may be performed by a receiving device, where the receiving device may be a front-end device or a back-end device, and for example, the receiving device may be a user terminal or a server. Specifically, the data transmission method comprises the following steps:
step 301, receiving a first data packet sent by a sending device, where the first data packet includes a first key encrypted by a public key and a ciphertext encrypted by the first key.
Step 302, the private key matched with the public key is used to decrypt the first secret key encrypted by the public key to obtain the first secret key.
And step 303, decrypting the ciphertext by using the first key to obtain part of the decrypted data to be transmitted.
In the embodiment of the present disclosure, after receiving the first data packet, the first data packet may be analyzed. The version information of the encryption algorithm and the encryption algorithm identification information in the first data message may be analyzed first. And determining a decryption algorithm used for decrypting the ciphertext according to the analyzed version information and the identification information of the encryption algorithm. Further, the first key may be decrypted using a pre-agreed private key. And finally, the first key can be used for decrypting the ciphertext by using a decryption algorithm to obtain decrypted data.
In addition, under the condition that unencrypted data except the identified data to be encrypted in the data to be transmitted is transmitted through the first data message, the receiving equipment can also analyze the unencrypted data of the data to be transmitted in the first data message, or under the condition that unencrypted data except the identified data to be encrypted in the data to be transmitted is transmitted through the second data message, the receiving equipment can also analyze the unencrypted data in the second data message; and then after partial data in the decrypted data to be transmitted is obtained, synthesizing the decrypted partial data with the unencrypted data to obtain the data to be transmitted.
In practical application, considering that a receiving device may receive a plurality of data messages, in order to ensure that a decrypted part of data and parsed unencrypted data come from the same data to be transmitted, in a possible implementation manner, a first data message may further carry a data identifier, a sending device transmits unencrypted data, except for the identified data to be encrypted, in the data to be transmitted through a second data message, and the second data message also carries a data identifier, after receiving the second data message and parsing the second data message to obtain unencrypted data in the second data message, the receiving device may further synthesize the unencrypted data in the second data message and the decrypted part of data in the data to be transmitted after determining that the data identifier carried in the second data message is consistent with the data identifier carried in the first data message, and obtaining the data to be transmitted.
In the above embodiments provided by the present disclosure, by identifying the data to be encrypted in the data to be transmitted, only the data to be encrypted may be encrypted to obtain the ciphertext, and the data not to be encrypted in the data to be transmitted may not be encrypted, so that the encryption throughput may be reduced, and because the data volume after the encryption processing is often greater than the original data volume, by only encrypting part of the data to be encrypted, the data volume in the data transmission process may also be effectively reduced, and the data transmission performance is improved. In addition, the first key for transmission is encrypted by using a public key and decrypted by using a private key, so that the first key can be effectively prevented from being stolen in the data transmission process, and the data transmission safety can be improved.
Based on the same technical concept, a data transmission device corresponding to the data transmission method is also provided in the embodiments of the present disclosure, and as the principle of solving the problem of the device in the embodiments of the present disclosure is similar to the data transmission method in the embodiments of the present disclosure, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.
Referring to fig. 4, a schematic structural diagram of a data transmission device provided in an embodiment of the present disclosure is shown, where the device includes: an identification module 401, an encryption module 402, and a sending module 403; wherein,
the identification module 401 is configured to identify data to be encrypted in the data to be transmitted; the data to be encrypted is part of the data to be transmitted;
an encryption module 402, configured to encrypt the data to be encrypted by using a first key to obtain a ciphertext;
a sending module 403, configured to transmit a first data packet to a receiving device, where the first data packet includes the ciphertext and the first key encrypted by the public key.
In a possible implementation manner, the first data packet further includes unencrypted data, except for the identified data to be encrypted, in the data to be transmitted; or, the sending module 403 is further configured to: and transmitting a second data message to the receiving equipment, wherein the second data message comprises unencrypted data except the identified data to be encrypted.
In a possible implementation manner, when identifying data to be encrypted in the data to be transmitted, the identifying module 401 is specifically configured to:
identifying at least one data attribute included in the data to be transmitted and an attribute value corresponding to each data attribute;
screening out data attributes meeting encryption conditions from the at least one data attribute;
and taking the attribute value corresponding to the data attribute meeting the encryption condition as the data to be encrypted.
In a possible implementation manner, the first data packet further includes the unencrypted data attribute corresponding to the data to be encrypted.
In a possible implementation manner, the first data packet further includes at least one of the following information: encryption algorithm identification information used for the encryption process, version information of the encryption algorithm, and data padding algorithm identification information.
In a possible embodiment, the apparatus further comprises: a generation module 404; the generating module 404 is configured to:
generating a random code and a current timestamp;
and generating the first key according to the random code and the current timestamp.
The description of the processing flow of each module in the above device and the interaction flow between each module may refer to the related description in the above method embodiment, and will not be described in detail here.
Referring to fig. 5, a schematic structural diagram of a data transmission device provided in an embodiment of the present disclosure is shown, where the device includes: a receiving module 501, a first decryption module 502, a second decryption module 503; wherein,
a receiving module 501, configured to receive a first data packet sent by a sending device, where the first data packet includes a first key encrypted by a public key and a ciphertext encrypted by the first key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key;
a first decryption module 502, configured to decrypt, by using a private key matched with the public key, the first key encrypted by the public key to obtain the first key;
the second decryption module 503 is configured to decrypt the ciphertext with the first key to obtain a part of decrypted data in the data to be transmitted.
In a possible implementation manner, the first data packet further includes unencrypted data in the data to be transmitted;
the receiving module 501, after receiving the first data packet sent by the sending device, is further configured to:
identifying the unencrypted data in the first data packet;
the second decryption module 503, after obtaining the decrypted partial data in the data to be transmitted, is further configured to:
and synthesizing the decrypted partial data and the unencrypted data to obtain the data to be transmitted.
In a possible implementation manner, the first data packet further carries a data identifier, and the receiving module 501 is further configured to:
receiving a second data message sent by the sending equipment;
and after the data identification carried in the second data message is determined to be consistent with the data identification carried in the first data message, synthesizing the unencrypted data in the second data message with the decrypted partial data in the data to be transmitted to obtain the data to be transmitted.
The description of the processing flow of each module in the above device and the interaction flow between each module may refer to the related description in the above method embodiment, and will not be described in detail here.
As shown in fig. 6, a schematic structural diagram of an electronic device 60 provided for the embodiment of the present disclosure includes a processor 61, a memory 62, and a bus 63; the memory 62 is used for storing execution instructions and includes a memory 621 and an external memory 622; the memory 621 is also referred to as an internal memory, and is configured to temporarily store operation data in the processor 61 and data exchanged with an external memory 622 such as a hard disk, the processor 61 exchanges data with the external memory 622 through the memory 621, and when the user equipment 60 operates, the processor 61 communicates with the memory 62 through the bus 63, so that the processor 61 executes the following processing modes:
in one possible processing mode, data to be encrypted in the data to be transmitted can be identified; the data to be encrypted is part of the data to be transmitted; encrypting the data to be encrypted by using a first key to obtain a ciphertext; and transmitting a first data message to a receiving device, wherein the first data message comprises the ciphertext and the first key encrypted by the public key.
In another possible processing mode, a first data message sent by a sending device is received, wherein the first data message comprises a first secret key encrypted by a public key and a ciphertext encrypted by the first secret key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key; decrypting the first key encrypted by the public key by using a private key matched with the public key to obtain the first key; and decrypting the ciphertext by using the first key to obtain part of decrypted data in the data to be transmitted.
Furthermore, the embodiments of the present disclosure also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program performs the steps of the data transmission method in the above method embodiments.
The computer program product of the data transmission method provided in the embodiments of the present disclosure includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute steps of the data transmission method described in the above method embodiments, which may be referred to specifically for the above method embodiments, and are not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above are only specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present disclosure, and shall be covered by the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (13)
1. A data transmission method applied to a transmitting device, comprising:
identifying data to be encrypted in the data to be transmitted; the data to be encrypted is part of the data to be transmitted;
encrypting the data to be encrypted by using a first key to obtain a ciphertext;
and transmitting a first data message to a receiving device, wherein the first data message comprises the ciphertext and the first key encrypted by the public key.
2. The method according to claim 1, wherein the first data message further comprises unencrypted data except the identified data to be encrypted in the data to be transmitted;
or after the data to be encrypted in the data to be transmitted is identified, the method further includes: and transmitting a second data message to the receiving equipment, wherein the second data message comprises unencrypted data except the identified data to be encrypted.
3. The method of claim 1, wherein the identifying data to be encrypted in the data to be transmitted comprises:
identifying at least one data attribute included in the data to be transmitted and an attribute value corresponding to each data attribute;
screening out data attributes meeting the encryption condition from the at least one data attribute:
and taking the attribute value corresponding to the data attribute meeting the encryption condition as the data to be encrypted.
4. The method of claim 3, wherein the first data packet further comprises the unencrypted data attribute corresponding to the data to be encrypted.
5. The method according to any one of claims 1 to 4, wherein the first data packet further comprises at least one of the following information: encryption algorithm identification information used for the encryption process, version information of the encryption algorithm, and data padding algorithm identification information.
6. The method of claim 1, wherein the first key is generated according to:
generating a random code and a current timestamp;
and generating the first key according to the random code and the current timestamp.
7. A data transmission method applied to a receiving device, comprising:
receiving a first data message sent by a sending device, wherein the first data message comprises a first secret key encrypted by a public key and a ciphertext encrypted by the first secret key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key;
decrypting the first key encrypted by the public key by using a private key matched with the public key to obtain the first key;
and decrypting the ciphertext by using the first key to obtain part of decrypted data in the data to be transmitted.
8. The method of claim 7, wherein the first data message further comprises unencrypted data in the data to be transmitted;
after receiving the first data packet sent by the sending device, the method further includes:
identifying the unencrypted data in the first data packet;
after obtaining the decrypted partial data in the data to be transmitted, the method further includes:
and synthesizing the decrypted partial data and the unencrypted data to obtain the data to be transmitted.
9. The method of claim 7, wherein the first data packet further carries a data identifier, and the method further comprises:
receiving a second data message sent by the sending equipment;
and after the data identification carried in the second data message is determined to be consistent with the data identification carried in the first data message, synthesizing the unencrypted data in the second data message with the decrypted partial data in the data to be transmitted to obtain the data to be transmitted.
10. A data transmission apparatus, comprising:
the identification module is used for identifying data to be encrypted in the data to be transmitted; the data to be encrypted is part of the data to be transmitted;
the encryption module is used for encrypting the data to be encrypted by using a first secret key to obtain a ciphertext;
and the sending module is used for transmitting a first data message to the receiving equipment, wherein the first data message comprises the ciphertext and the first key encrypted by the public key.
11. A data transmission apparatus, comprising:
the receiving module is used for receiving a first data message sent by sending equipment, wherein the first data message comprises a first secret key encrypted by a public key and a ciphertext encrypted by the first secret key; the ciphertext is obtained by encrypting part of data to be transmitted by the sending equipment by using the first key;
the first decryption module is used for decrypting the first secret key encrypted by the public key by using a private key matched with the public key to obtain the first secret key;
and the second decryption module is used for decrypting the ciphertext by using the first key to obtain part of decrypted data in the data to be transmitted.
12. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when the electronic device is operating, the machine-readable instructions when executed by the processor performing the steps of the data transmission method of any one of claims 1 to 6 or the steps of the data transmission method of any one of claims 7 to 9.
13. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, is adapted to carry out the steps of the data transmission method according to one of the claims 1 to 6 or the steps of the data transmission method according to one of the claims 7 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910821041.XA CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910821041.XA CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110505066A true CN110505066A (en) | 2019-11-26 |
Family
ID=68590964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910821041.XA Pending CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110505066A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Power data encryption transmission method, system and readable medium for resumption of work and production detection |
| CN111935122A (en) * | 2020-07-31 | 2020-11-13 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
| CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
| CN112995096A (en) * | 2019-12-13 | 2021-06-18 | 中移动信息技术有限公司 | Data encryption and decryption method, device and equipment |
| CN113114457A (en) * | 2021-04-06 | 2021-07-13 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
| CN113114648A (en) * | 2021-04-01 | 2021-07-13 | 山东高云半导体科技有限公司 | Method and device for realizing encrypted communication |
| CN113886850A (en) * | 2021-09-28 | 2022-01-04 | 上海商汤智能科技有限公司 | Information encryption method, decryption method, apparatus, electronic device, storage medium |
| CN119402297A (en) * | 2024-12-30 | 2025-02-07 | 苏州元脑智能科技有限公司 | Data transmission method, device, readable storage medium and program product |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5974141A (en) * | 1995-03-31 | 1999-10-26 | Mitsubishi Corporation | Data management system |
| US6789195B1 (en) * | 1999-06-07 | 2004-09-07 | Siemens Aktiengesellschaft | Secure data processing method |
| US20080046757A1 (en) * | 2006-07-12 | 2008-02-21 | Palo Alto Research Center Incorporated | Method, Apparatus, and Program Product for Flexible Redaction of Content |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| CN109246130A (en) * | 2018-10-17 | 2019-01-18 | 深圳壹账通智能科技有限公司 | Data ciphering method, device, computer equipment and storage medium |
-
2019
- 2019-08-30 CN CN201910821041.XA patent/CN110505066A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5974141A (en) * | 1995-03-31 | 1999-10-26 | Mitsubishi Corporation | Data management system |
| US6789195B1 (en) * | 1999-06-07 | 2004-09-07 | Siemens Aktiengesellschaft | Secure data processing method |
| US20080046757A1 (en) * | 2006-07-12 | 2008-02-21 | Palo Alto Research Center Incorporated | Method, Apparatus, and Program Product for Flexible Redaction of Content |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| CN109246130A (en) * | 2018-10-17 | 2019-01-18 | 深圳壹账通智能科技有限公司 | Data ciphering method, device, computer equipment and storage medium |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112995096A (en) * | 2019-12-13 | 2021-06-18 | 中移动信息技术有限公司 | Data encryption and decryption method, device and equipment |
| CN112995096B (en) * | 2019-12-13 | 2023-04-25 | 中移动信息技术有限公司 | Data encryption and decryption method, device and equipment |
| CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
| CN111935122A (en) * | 2020-07-31 | 2020-11-13 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
| CN111935122B (en) * | 2020-07-31 | 2022-09-20 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
| CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Power data encryption transmission method, system and readable medium for resumption of work and production detection |
| CN113114648A (en) * | 2021-04-01 | 2021-07-13 | 山东高云半导体科技有限公司 | Method and device for realizing encrypted communication |
| CN113114457A (en) * | 2021-04-06 | 2021-07-13 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
| CN113886850A (en) * | 2021-09-28 | 2022-01-04 | 上海商汤智能科技有限公司 | Information encryption method, decryption method, apparatus, electronic device, storage medium |
| CN119402297A (en) * | 2024-12-30 | 2025-02-07 | 苏州元脑智能科技有限公司 | Data transmission method, device, readable storage medium and program product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110505066A (en) | A kind of data transmission method, device, equipment and storage medium | |
| CN109150499B (en) | Method and device for dynamically encrypting data, computer equipment and storage medium | |
| CN105553951B (en) | Data transmission method and device | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN113572743B (en) | Data encryption and decryption methods and devices, computer equipment and storage medium | |
| CN112823503B (en) | Data access method, data access device and mobile terminal | |
| JP2014119486A (en) | Secret retrieval processing system, secret retrieval processing method, and secret retrieval processing program | |
| CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
| CN104283853A (en) | A method for improving information security, terminal equipment and network equipment | |
| CN106161224B (en) | Method for interchanging data, device and equipment | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN106506479B (en) | Method, system and the client of cipher authentication, server and smart machine | |
| CN111131282B (en) | Request encryption method and device, electronic equipment and storage medium | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN114443718A (en) | A data query method and system | |
| CN113301036A (en) | Communication encryption method and device, equipment and storage medium | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN119299233B (en) | Dynamic encryption verification method and device based on time network protocol | |
| CN110912683B (en) | Password storage method and device and password verification method and device | |
| GB2488753A (en) | Encrypted communication | |
| CN118199992B (en) | Data encryption method and device, electronic equipment and storage medium | |
| KR20200136629A (en) | Apparatus and method for decrypting end-to-end encrypted files | |
| CN117150548A (en) | Data transmission method based on block chain | |
| CN116707778A (en) | Data hybrid encryption transmission method and device and electronic equipment | |
| EP3166040B1 (en) | Data encryption system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191126 |