CN111416788A - Method and device for preventing transmitted data from being tampered - Google Patents
Method and device for preventing transmitted data from being tampered Download PDFInfo
- Publication number
- CN111416788A CN111416788A CN201910007286.9A CN201910007286A CN111416788A CN 111416788 A CN111416788 A CN 111416788A CN 201910007286 A CN201910007286 A CN 201910007286A CN 111416788 A CN111416788 A CN 111416788A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- encrypted
- generate
- check code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for preventing transmission data from being tampered, and relates to the technical field of computers. The method for preventing the transmission data from being tampered comprises the following steps: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a verification code; and splicing the ciphertext character string and the check code into ciphertext data, and returning the ciphertext data to the first calling party. Through the steps, data can be effectively prevented from being tampered in transmission, and the safety risk that the data cannot be found in time after being tampered is reduced.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for preventing transmission data from being tampered.
Background
In order to ensure the security of information transmitted from a computer or other devices, encryption and decryption processes are often required for the transmitted information. At present, the following two encryption and decryption methods mainly exist: symmetric encryption and decryption and asymmetric encryption and decryption. Compared with an asymmetric encryption and decryption mode, the symmetric encryption and decryption mode has the advantages of small calculation amount, high encryption and decryption speed, high encryption and decryption efficiency and the like.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
although encrypted transmission can improve the security of the transmitted information, there is still a data security risk that the transmitted information is tampered with. This is because: in the decryption process, the ciphertext data can be successfully decrypted as long as the ciphertext data meets a certain data format, so that the situation that the tampered ciphertext data is successfully decrypted and a decryptor does not know that the data is tampered possibly occurs.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for preventing transmitted data from being tampered, which can effectively prevent data from being tampered during transmission, and reduce a security risk that the data cannot be found in time after being tampered.
To achieve the above object, according to a first aspect of the present invention, there is provided a method of preventing transmission data from being falsified.
The method for preventing the transmission data from being tampered comprises the following steps: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code; and splicing the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first caller.
Optionally, the method comprises: receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data needing to be decrypted; dividing the ciphertext data to be decrypted into a ciphertext character string and a first check code; decrypting the ciphertext character string to generate plaintext data; encrypting preset data for verification by using the plaintext data as an encryption key to generate a second verification code; and returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
Optionally, the method further comprises: and under the condition that the first check code is different from the second check code, returning error prompt information to the second caller.
Optionally, the step of encrypting the plaintext data to be encrypted to generate a ciphertext character string includes: and encrypting the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string.
To achieve the above object, according to a second aspect of the present invention, there is provided a data encryption device.
The data encryption device of the present invention includes: the receiving module is used for receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; the generating module is used for encrypting the plaintext data to be encrypted to generate a ciphertext character string; the device is also used for encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code; the assembling module is used for assembling the ciphertext character string and the first check code into ciphertext data; and the sending module is used for returning the ciphertext data to the first caller.
Optionally, the generating module performs encryption processing on the plaintext data to be encrypted to generate a ciphertext character string, and includes: and the generating module encrypts the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string.
To achieve the above object, according to a third aspect of the present invention, there is provided a data decryption apparatus.
The data decryption apparatus of the present invention includes: the receiving module is used for receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data needing to be decrypted; the splitting module is used for splitting the ciphertext data needing to be decrypted into a ciphertext character string and a first check code; the generating module is used for decrypting the ciphertext character string to generate plaintext data; the device is also used for encrypting preset data for verification by taking the plaintext data as an encryption key so as to generate a second verification code; and the sending module is used for returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
Optionally, the sending module is further configured to return an error prompt message to the second caller when the first check code is different from the second check code.
To achieve the above object, according to a fourth aspect of the present invention, there is provided a data security system.
The data security system of the present invention comprises: the data encryption device of the present invention and the data decryption device of the present invention.
To achieve the above object, according to a fifth aspect of the present invention, there is provided an electronic apparatus.
The electronic device of the present invention includes: one or more processors; and storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors implement the method of the present invention for preventing transmitted data from being tampered with.
To achieve the above object, according to a sixth aspect of the present invention, there is provided a computer-readable medium.
The computer-readable medium of the present invention, on which a computer program is stored, which, when executed by a processor, implements the method of the present invention for preventing transmitted data from being tampered with.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps of receiving a data encryption request of a first calling party, encrypting plaintext data to be encrypted carried by the data encryption request to generate a ciphertext character string, encrypting preset data for verification to generate a first check code by taking the plaintext data to be encrypted as an encryption key, splicing the ciphertext character string and the first check code into ciphertext data, and the like, so that data can be effectively prevented from being tampered in transmission, and the safety risk that the data cannot be found in time after being tampered is reduced.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a main flow diagram illustrating a method for preventing transmission data from being tampered according to a first embodiment of the present invention;
fig. 2 is a partial flow diagram illustrating a method for preventing transmission data from being tampered according to a second embodiment of the present invention;
fig. 3 is a main flowchart illustrating a method for preventing transmission data from being tampered according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of main blocks of a data encryption apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic diagram of the main blocks of a data decryption apparatus according to a fifth embodiment of the present invention;
fig. 6 is a principal constituent diagram of a data security system according to a sixth embodiment of the present invention;
FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
FIG. 8 is a schematic block diagram of a computer system suitable for use with the electronic device to implement an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
Before describing embodiments of the present invention in detail, some technical terms related to the embodiments of the present invention will be described.
DES algorithm: the symmetric cryptosystem encryption algorithm developed by IBM corporation of america in 1972 is a symmetric cryptosystem in the cryptosystem, also called as the american data encryption standard.
3DES algorithm: or Triple DES Algorithm, is a generic term for Triple Data Encryption Algorithm (TDEA). It is equivalent to applying the DES encryption algorithm three times per block.
Fig. 1 is a main flow diagram illustrating a method for preventing transmission data from being tampered according to a first embodiment of the present invention. As shown in fig. 1, the data encryption method according to the embodiment of the present invention includes:
step S101, receiving a data encryption request of a first calling party; the data encryption request includes plaintext data to be encrypted.
The first caller may be a service system that needs to encrypt data.
Step S102, encrypting the plaintext data to be encrypted to generate a ciphertext character string; and encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code.
In this step, the plaintext data and the data for verification may be encrypted based on the same encryption algorithm, or may be encrypted based on different encryption algorithms. For example, plaintext data, data for verification may be encrypted based on the DES algorithm; or encrypting the plaintext data based on DES algorithm, and encrypting the data for verification based on 3DES algorithm.
For example, assuming that the encryption algorithms used for encrypting the plaintext data and the data for verification are both DES algorithms, the plaintext data to be encrypted is "ABCDEF 123456789", the key for encrypting the plaintext data is "1111111122222222", and the preset data for verification is "ABCDEF cdefabcd", the ciphertext character string obtained by encrypting the plaintext data is "2E 15BB363D942E 5F", and the first verification code obtained by using the plaintext data as the encryption key is "21C 95B3F 23610500".
In the embodiment of the invention, because the original text data required to be encrypted are different in size each time, the original text data is selected as the encryption key to encrypt the data for verification, so that the encryption keys used for generating the verification code are different each time, the encrypted data can be better ensured not to be illegally tampered in the transmission and storage processes, the data security risk caused by using the same encryption key to generate the verification code for multiple times is avoided, and the practicability and the convenience are better.
And S103, splicing the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first caller.
Illustratively, the ciphertext character string and the check code may be directly spliced together in tandem to obtain ciphertext data. For example, if the encrypted ciphertext string is "2E 15BB363D942E 5F", and the encrypted first check code is "21C 95B3F 23610500", the concatenated ciphertext data is "2E 15BB363D942E5F21C95B3F 23610500".
In the embodiment of the invention, the plaintext data to be encrypted is used as the encryption key in the encryption process, and the preset verification data is encrypted to generate the first check code, so that whether the encrypted data is tampered or not is verified based on the first check code in the subsequent decryption process, thereby effectively preventing the encrypted data from being tampered in the transmission process and reducing the security risk that the encrypted data cannot be found in time after being tampered.
Fig. 2 is a partial flow diagram illustrating a method for preventing transmission data from being tampered according to a second embodiment of the present invention. The method for preventing transmission data from being tampered according to the embodiment of the present invention includes a flow shown in fig. 2 in addition to the flow shown in fig. 1. As shown in fig. 2, the method for preventing transmission data from being tampered according to the embodiment of the present invention includes:
step S201, receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data needing to be decrypted.
The second caller may be a service system that needs to decrypt data.
Step S202, the ciphertext data needing to be decrypted is split into a ciphertext character string and a first check code.
Step S203, carrying out decryption processing on the ciphertext character string to generate plaintext data; and encrypting preset data for verification by using the plaintext data as an encryption key to generate a second verification code.
Exemplarily, it is assumed that the DES algorithm is used for decrypting the ciphertext string and encrypting the preset check data, the separated ciphertext string is "2E 15BB363D942E 5F", the first check code is "21C 95B3F 23610500", the preset check data is "ABCDEF cdefabcd", the decrypted plaintext data is "ABCDEF 123456789", and the second check code obtained by using the plaintext data as the encryption key is "21C 95B3F 23610500".
And step S204, returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
Further, the method of the embodiment of the present invention may further include the steps of: and under the condition that the first check code is different from the second check code, returning error prompt information to the second calling party.
In the embodiment of the invention, the plaintext data obtained by decryption is used as the encryption key in the decryption process, the preset check data is encrypted to generate the second check code, and the second check code is compared with the first check code in the ciphertext data, so that the encrypted data can be effectively prevented from being tampered in the transmission process, the encrypted data can be found in time after being tampered, and the safety of the data in the transmission and storage processes is improved.
Fig. 3 is a main flow chart of a method for preventing transmission data from being tampered according to a third embodiment of the invention. As shown in fig. 3, the method for preventing transmission data from being tampered according to the embodiment of the present invention includes:
step S301, the first service system sends a data encryption request to the data security system.
Wherein the data encryption request comprises: encrypted plaintext data is required.
And S302, symmetrically encrypting the data security system to generate a ciphertext character string and a first check code.
In the step, the data security system carries out symmetric encryption processing on the plaintext data to be encrypted so as to generate a ciphertext character string; the data security system symmetrically encrypts preset data for verification to generate a first verification code. Specifically, the data security system may use the plaintext data to be encrypted as an encryption key, and perform symmetric encryption processing on preset data for verification based on the encryption key to generate a first verification code.
And S303, the data security system assembles the ciphertext character string and the first check code into ciphertext data.
For example, the data security system may splice the ciphertext character string and the first check code together directly in tandem to obtain ciphertext data.
And step S304, the data security system returns the ciphertext data to the first service system.
Step S305, the first service system sends the ciphertext data to the second service system.
And S306, the second service system sends a data decryption request to the data security system.
Wherein the data decryption request includes the ciphertext data.
And step S307, the data security system breaks the ciphertext data into a ciphertext character string and a first check code.
Step S308, the data security system symmetrically decrypts the ciphertext character string into plaintext data and generates a second check code.
In this step, the data security system may perform symmetric decryption processing on the ciphertext string to generate plaintext data; and carrying out symmetric encryption processing on the preset data for verification to generate a second verification code. Specifically, the data security system may perform symmetric encryption processing on preset data for verification based on the encryption key using the plaintext data as the encryption key to generate the second verification code.
In the embodiment of the invention, the ciphertext character string is decrypted by adopting a symmetric decryption mode to generate plaintext data, so that the decryption processing efficiency can be improved; the original text data is selected as the encryption key to encrypt the data for verification, so that the encryption key used for generating the check code at each time is different, the encrypted data can be better ensured not to be illegally tampered in the transmission and storage processes, the data security risk caused by the fact that the check code is generated by using the same encryption key for multiple times is avoided, and the practicability and the convenience are better.
Step S309, if the first check code is the same as the second check code, the data security system returns the plaintext data to the second service system.
Further, the method of the embodiment of the present invention further includes: and if the first check code is different from the second check code, the data security system returns error prompt information to the second service system.
In the embodiment of the invention, the steps can not only ensure higher encryption and decryption processing efficiency, but also effectively prevent the data from being tampered in the transmission process and reduce the security risk that the data cannot be found in time after being tampered.
Fig. 4 is a schematic diagram of main blocks of a data encryption apparatus according to a fourth embodiment of the present invention. As shown in fig. 4, the data encryption apparatus 400 according to the embodiment of the present invention includes: a receiving module 401, a generating module 402, a splicing module 403 and a sending module 404.
A receiving module 401, configured to receive a data encryption request of a first caller; the data encryption request includes plaintext data to be encrypted. The first caller may be a service system that needs to encrypt data.
A generating module 402, configured to perform encryption processing on the plaintext data to be encrypted to generate a ciphertext character string; and the encryption device is also used for encrypting preset data for verification by using the plaintext data to be encrypted as an encryption key so as to generate a first verification code.
In specific implementation, the generating module 402 may encrypt the plaintext data and the data for verification based on the same encryption algorithm, or encrypt the plaintext data and the data for verification based on different encryption algorithms. For example, the generating module 402 may encrypt plaintext data and data for verification based on DES algorithm; the generating module 402 may also encrypt plaintext data based on DES algorithm and encrypt data for verification based on 3DES algorithm.
In the embodiment of the invention, because the original text data required to be encrypted are mostly different each time, the generation module encrypts the data for verification by selecting the original text data as the encryption key, so that the encryption key used for generating the first verification code is different each time, thereby not only better ensuring that the encrypted data is not illegally tampered in the transmission and storage processes, avoiding the data security risk brought by using the same encryption key to generate the verification code for multiple times, but also having better practicability and convenience.
And the splicing module 403 is configured to splice the ciphertext character string and the first check code into ciphertext data.
For example, the splicing module 403 may splice the ciphertext character string and the first check code together directly in tandem to obtain ciphertext data. For example, if the encrypted ciphertext string is "2E 15BB363D942E 5F", and the encrypted first check code is "21C 95B3F 23610500", the concatenated ciphertext data is "2E 15BB363D942E5F21C95B3F 23610500".
A sending module 404, configured to return the ciphertext data to the first caller.
In the device provided by the embodiment of the invention, the plaintext data to be encrypted is used as the encryption key in the encryption process, and the preset verification data is encrypted to generate the first verification code, so that whether the data is falsified or not is verified based on the first verification code in the subsequent decryption process, and therefore, the encrypted data can be effectively prevented from being falsified in the transmission process, and the security risk that the encrypted data cannot be found in time after being falsified is reduced.
Fig. 5 is a schematic diagram of main blocks of a data decryption apparatus according to a fifth embodiment of the present invention. As shown in fig. 5, the data decryption apparatus 500 according to the embodiment of the present invention includes: the device comprises a receiving module 501, a splitting module 502, a generating module 503 and a sending module 504.
A receiving module 501, configured to receive a data decryption request of a second caller; the data decryption request comprises ciphertext data needing to be decrypted. The second caller may be a service system that needs to decrypt data.
The splitting module 502 is configured to split the ciphertext data to be decrypted into a ciphertext character string and a first check code.
A generating module 503, configured to decrypt the ciphertext character string to generate plaintext data; the generating module 503 is further configured to encrypt preset data for verification with the plaintext data as an encryption key to generate a second verification code.
Exemplarily, it is assumed that the DES algorithm is used for decrypting the ciphertext string and encrypting the preset check data, the separated ciphertext string is "2E 15BB363D942E 5F", the first check code is "21C 95B3F 23610500", the preset check data is "ABCDEF cdefabcd", the decrypted plaintext data is "ABCDEF 123456789", and the second check code obtained by using the plaintext data as the encryption key is "21C 95B3F 23610500".
A sending module 504, configured to return the plaintext data to the second caller when the first check code is the same as the second check code. Further, the sending module 504 may be further configured to return an error prompt message to the second caller when the first check code is different from the second check code.
In the device of the embodiment of the invention, the plaintext data obtained by decryption is used as the encryption key in the decryption process, the preset check data is encrypted to generate the second check code, and the second check code is compared with the first check code in the ciphertext data, so that the encrypted data can be effectively prevented from being tampered in the transmission process, the encrypted data can be found in time after being tampered, and the safety of the data in the transmission and storage processes is improved.
Fig. 6 is a main configuration diagram of a data security system according to a sixth embodiment of the present invention. As shown in fig. 6, a data security system 600 of an embodiment of the present invention may include: data encryption device 601, data decryption device 602.
A data encryption device 601, configured to receive a data encryption request of a first caller; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code; and splicing the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first caller.
A data decryption device 602, configured to mainly receive a data decryption request of a second caller; the data decryption request comprises ciphertext data needing to be decrypted; dividing the ciphertext data to be decrypted into a ciphertext character string and a first check code; decrypting the ciphertext character string to generate plaintext data; encrypting preset data for verification by using the plaintext data as an encryption key to generate a second verification code; and returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
According to the data security system provided by the embodiment of the invention, in the encryption process, plaintext data to be encrypted is used as an encryption key, and the data for preset verification is encrypted to generate a first verification code, so that whether the encrypted data is tampered or not can be conveniently verified based on the first verification code in the subsequent decryption process; in the decryption process, the decrypted plaintext data is used as an encryption key, the preset data for verification is encrypted to generate a second verification code, and the second verification code is compared with the first verification code in the ciphertext data, so that the data can be effectively prevented from being tampered in the transmission process, and the safety risk that the data cannot be found in time after being tampered is reduced.
Fig. 7 shows an exemplary system architecture 700 of a data security system or method of preventing transmission data from being tampered with, to which embodiments of the present invention may be applied.
As shown in fig. 7, the system architecture 700 may include a first application server 701, a data encryption/decryption server 702, a second application server 703, and a network 704. The network 704 is used to provide a medium for communication links between the first application server 701, the data encryption/decryption server 702, and the second application server 703. Network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The first application server 701 may interact with the data encryption and decryption server 702, the second application server 703 via the network 704 to receive or send messages, and the like. For example, the first application server 701 may send a data encryption request to the data encryption and decryption server 702, receive ciphertext data returned by the data encryption and decryption server 702, and send the ciphertext data to the second application server 703.
The second application server 703 may interact with the data encryption/decryption server 702, the first application server 701 through the network 704 to receive or transmit messages, and the like. For example, the second application server 703 may send a data decryption request to the data encryption and decryption server 702 and receive plaintext data returned by the data encryption and decryption server 702.
The first application server 701 and the second application server 703 may be servers that provide various services, for example, various background management servers that support shopping websites browsed by a user using a terminal device.
It should be noted that the method for preventing the transmission data from being tampered provided by the embodiment of the present invention is generally performed by the data encryption and decryption server 702, and accordingly, the data security system is generally disposed in the data encryption and decryption server 702.
It should be understood that the number of first application server, network and second application server, data encryption and decryption servers in fig. 7 is merely illustrative. There may be any number of first application servers, second application servers, and data encryption/decryption servers, as desired for implementation.
Referring now to FIG. 8, shown is a block diagram of a computer system 800 suitable for use in implementing an electronic device of an embodiment of the present invention. The electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
To the I/O interface 805, AN input section 806 including a keyboard, a mouse, and the like, AN output section 807 including a network interface card such as a Cathode Ray Tube (CRT), a liquid crystal display (L CD), and the like, a speaker, and the like, a storage section 808 including a hard disk, and the like, and a communication section 809 including a network interface card such as a L AN card, a modem, and the like are connected, the communication section 809 performs communication processing via a network such as the internet, a drive 810 is also connected to the I/O interface 805 as necessary, a removable medium 811 such as a magnetic disk, AN optical disk, a magneto-optical disk, a semiconductor memory, and the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted into the storage section 808 as.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 801.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a receiving module, a generating module, an assembling module and a sending module. The names of these modules do not in some cases constitute a limitation on the module itself, and for example, a receiving module may also be described as a "module that receives a data encryption request".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to perform the following: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code; and splicing the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first caller.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (11)
1. A method of preventing transmitted data from being tampered with, the method comprising:
receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted;
encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code;
and splicing the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first caller.
2. The method according to claim 1, characterized in that it comprises:
receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data needing to be decrypted;
dividing the ciphertext data to be decrypted into a ciphertext character string and a first check code;
decrypting the ciphertext character string to generate plaintext data; encrypting preset data for verification by using the plaintext data as an encryption key to generate a second verification code;
and returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
3. The method of claim 2, further comprising:
and under the condition that the first check code is different from the second check code, returning error prompt information to the second caller.
4. The method according to claim 3, wherein the step of encrypting the plaintext data to be encrypted to generate a ciphertext string comprises:
and encrypting the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string.
5. An apparatus for encrypting data, the apparatus comprising:
the receiving module is used for receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted;
the generating module is used for encrypting the plaintext data to be encrypted to generate a ciphertext character string; the device is also used for encrypting preset data for verification by taking the plaintext data to be encrypted as an encryption key to generate a first verification code;
the assembling module is used for assembling the ciphertext character string and the first check code into ciphertext data;
and the sending module is used for returning the ciphertext data to the first caller.
6. The apparatus according to claim 5, wherein the generating module performs encryption processing on the plaintext data to be encrypted to generate a ciphertext character string comprises:
and the generating module encrypts the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string.
7. An apparatus for decrypting data, the apparatus comprising:
the receiving module is used for receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data needing to be decrypted;
the splitting module is used for splitting the ciphertext data needing to be decrypted into a ciphertext character string and a first check code;
the generating module is used for decrypting the ciphertext character string to generate plaintext data; the device is also used for encrypting preset data for verification by taking the plaintext data as an encryption key so as to generate a second verification code;
and the sending module is used for returning the plaintext data to the second caller under the condition that the first check code is the same as the second check code.
8. The apparatus of claim 7, wherein the sending module is further configured to return an error notification message to the second caller if the first check code is different from the second check code.
9. A data security system, the system comprising:
a data encryption apparatus according to claim 5 or 6 and a data decryption apparatus according to claim 7 or 8.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4.
11. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910007286.9A CN111416788B (en) | 2019-01-04 | 2019-01-04 | Method and device for preventing transmission data from being tampered |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910007286.9A CN111416788B (en) | 2019-01-04 | 2019-01-04 | Method and device for preventing transmission data from being tampered |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111416788A true CN111416788A (en) | 2020-07-14 |
| CN111416788B CN111416788B (en) | 2023-08-08 |
Family
ID=71493943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910007286.9A Active CN111416788B (en) | 2019-01-04 | 2019-01-04 | Method and device for preventing transmission data from being tampered |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111416788B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559497A (en) * | 2020-12-25 | 2021-03-26 | 北京百度网讯科技有限公司 | Data processing method, information transmission method and device and electronic equipment |
| CN112987942A (en) * | 2021-03-10 | 2021-06-18 | 京东数字科技控股股份有限公司 | Method, device and system for inputting information by keyboard, electronic equipment and storage medium |
| CN112995210A (en) * | 2021-04-20 | 2021-06-18 | 全球能源互联网研究院有限公司 | Data transmission method and device and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013976A (en) * | 2010-12-20 | 2011-04-13 | 西安西电捷通无线网络通信股份有限公司 | Key management method and system |
| CN103078841A (en) * | 2012-12-03 | 2013-05-01 | 厦门市美亚柏科信息股份有限公司 | Method and system for preventive electronic data security |
| CN105516204A (en) * | 2016-01-27 | 2016-04-20 | 北京理工大学 | Method for high-security network data storage |
| CN108768924A (en) * | 2018-04-02 | 2018-11-06 | 广州广电运通金融电子股份有限公司 | Cash processing terminal safety certifying method, device and cash processing terminal |
| CN108920971A (en) * | 2018-07-06 | 2018-11-30 | 北京京东金融科技控股有限公司 | The method of data encryption, the method for verification, the device of encryption and verification device |
| CN108959962A (en) * | 2018-06-27 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of API secure calling method of dynamic base |
-
2019
- 2019-01-04 CN CN201910007286.9A patent/CN111416788B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013976A (en) * | 2010-12-20 | 2011-04-13 | 西安西电捷通无线网络通信股份有限公司 | Key management method and system |
| CN103078841A (en) * | 2012-12-03 | 2013-05-01 | 厦门市美亚柏科信息股份有限公司 | Method and system for preventive electronic data security |
| CN105516204A (en) * | 2016-01-27 | 2016-04-20 | 北京理工大学 | Method for high-security network data storage |
| CN108768924A (en) * | 2018-04-02 | 2018-11-06 | 广州广电运通金融电子股份有限公司 | Cash processing terminal safety certifying method, device and cash processing terminal |
| CN108959962A (en) * | 2018-06-27 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of API secure calling method of dynamic base |
| CN108920971A (en) * | 2018-07-06 | 2018-11-30 | 北京京东金融科技控股有限公司 | The method of data encryption, the method for verification, the device of encryption and verification device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559497A (en) * | 2020-12-25 | 2021-03-26 | 北京百度网讯科技有限公司 | Data processing method, information transmission method and device and electronic equipment |
| CN112559497B (en) * | 2020-12-25 | 2023-06-23 | 北京百度网讯科技有限公司 | Data processing method, information transmission method, device and electronic equipment |
| CN112987942A (en) * | 2021-03-10 | 2021-06-18 | 京东数字科技控股股份有限公司 | Method, device and system for inputting information by keyboard, electronic equipment and storage medium |
| CN112987942B (en) * | 2021-03-10 | 2024-04-16 | 京东科技控股股份有限公司 | Method, device and system for inputting information by keyboard, electronic equipment and storage medium |
| CN112995210A (en) * | 2021-04-20 | 2021-06-18 | 全球能源互联网研究院有限公司 | Data transmission method and device and electronic equipment |
| CN112995210B (en) * | 2021-04-20 | 2023-04-07 | 全球能源互联网研究院有限公司 | Data transmission method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111416788B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888656B (en) | Calling method and calling device of server-side interface | |
| CN108880812B (en) | Method and system for data encryption | |
| CN112055004A (en) | Data processing method and system based on small program | |
| CN111416788B (en) | Method and device for preventing transmission data from being tampered | |
| CN108923925B (en) | Data storage method and device applied to block chain | |
| CN112437044B (en) | Instant messaging method and device | |
| CN110519203B (en) | Data encryption transmission method and device | |
| CN111327605A (en) | Method, terminal, server and system for transmitting private information | |
| CN107920060B (en) | Data access method and device based on account | |
| CN113765968A (en) | File transmission method, device and system | |
| CN112329044A (en) | Information acquisition method and device, electronic equipment and computer readable medium | |
| WO2024060630A1 (en) | Data transmission management method, and data processing method and apparatus | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN107707528B (en) | Method and device for isolating user information | |
| CN114499893B (en) | Bidding file encryption and evidence storage method and system based on block chain | |
| CN113810779B (en) | Code stream signature verification method, device, electronic equipment and computer readable medium | |
| CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium | |
| CN111786955B (en) | Method and apparatus for protecting a model | |
| CN110166226B (en) | Method and device for generating secret key | |
| CN113507363B (en) | Data processing method, device, electronic equipment and storage medium | |
| CN114338629A (en) | Data processing method, device, equipment and medium | |
| CN112926076B (en) | Data processing method, device and system | |
| CN113987469B (en) | Process protection method and device applied to vehicle machine system and electronic equipment | |
| CN116546500B (en) | Terminal capability identification method, system, electronic equipment and medium | |
| CN113676482B (en) | Data transmission system and method and data transmission system and method based on double-layer SSL |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |