CN111835511A - Data security transmission method and device, computer equipment and storage medium - Google Patents

Data security transmission method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111835511A
CN111835511A CN202010624280.9A CN202010624280A CN111835511A CN 111835511 A CN111835511 A CN 111835511A CN 202010624280 A CN202010624280 A CN 202010624280A CN 111835511 A CN111835511 A CN 111835511A
Authority
CN
China
Prior art keywords
ciphertext
data
key
encryption key
rsa
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010624280.9A
Other languages
Chinese (zh)
Inventor
周鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Saiante Technology Service Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202010624280.9A priority Critical patent/CN111835511A/en
Publication of CN111835511A publication Critical patent/CN111835511A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Abstract

The embodiment of the application belongs to the technical field of information security, is applied to intelligent medical treatment, and relates to a data security transmission method, a device, computer equipment and a storage medium, wherein the data security transmission method comprises the steps of generating a first AES symmetric encryption key and a first RSA asymmetric encryption key, transmitting the first RSA public key to a cooperative mechanism, and receiving a second RSA public key transmitted by the cooperative mechanism, wherein the first RSA asymmetric encryption key comprises a first RSA public key and a first RSA private key; encrypting local data to be transmitted by using a first AES symmetric encryption key to obtain a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using a second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to a cooperation mechanism; and when receiving the encrypted data transmitted by the cooperative mechanism, inquiring the first RSA private key stored locally, and decrypting the encrypted data to obtain a plaintext. The first AES symmetric encryption key and the first RSA asymmetric encryption key may be stored in a blockchain node. The application effectively improves the security of data encryption.

Description

Data security transmission method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for secure data transmission, a computer device, and a storage medium.
Background
With the rapid development of computer technology, nowadays, various industries choose to perform efficient information transmission through networks. Meanwhile, due to the occurrence of endless information leakage, tampering and stealing events, the security problem of information transmission is gradually emphasized.
Data encryption techniques include symmetric encryption (AES) and asymmetric encryption (RSA). The symmetric encryption is that the sender and the receiver use the same key to encrypt and decrypt the information; asymmetric encryption is that a sender encrypts information by using a public key, and a receiver decrypts the information by using a private key different from the public key, and has the advantage of high security compared with symmetric encryption.
At present, in any of the above encryption manners, there still exist problems that important data may be leaked, transmitted data may be tampered or forged, and authenticity of a data request of the interface cannot be guaranteed.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for secure data transmission, a computer device, and a storage medium, which effectively improve security of data encryption.
In order to solve the above technical problem, an embodiment of the present application provides a data secure transmission method, which adopts the following technical solutions:
a data security transmission method comprises the following steps:
respectively generating a first AES symmetric encryption key and a first RSA asymmetric encryption key, wherein the first RSA asymmetric encryption key comprises a first RSA public key and a first RSA private key, storing the first RSA private key in a database, transmitting the first RSA public key to a cooperative mechanism through a preset external universal gateway, and accepting a second RSA public key transmitted by the cooperative mechanism;
acquiring locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key to acquire a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to acquire ciphertext data, and transmitting the ciphertext data to the cooperation mechanism through an interface; and
when receiving encrypted data transmitted by a partner mechanism, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
In order to solve the above technical problem, an embodiment of the present application further provides a data security transmission device, which adopts the following technical solutions:
a data security transmission apparatus comprising:
the generation module is used for respectively generating a first AES symmetric encryption key and a first RSA asymmetric encryption key, wherein the first RSA asymmetric encryption key comprises a first RSA public key and a first RSA private key, the first RSA private key is stored in a database, the first RSA public key is transmitted to a cooperative mechanism through a preset external general gateway, and the first RSA public key is received by a second RSA public key transmitted by the cooperative mechanism;
the encryption module is used for acquiring locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key to obtain a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the cooperation mechanism through an interface; and
and the decryption module is used for inquiring a first RSA private key stored locally when receiving the encrypted data transmitted by the cooperative mechanism, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
a computer device comprising a memory and a processor, the memory having stored therein computer-readable instructions, the processor implementing the steps of the above-described method for secure transmission of data when executing the computer-readable instructions.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
a computer readable storage medium having computer readable instructions stored thereon, which when executed by a processor, implement the steps of the above-described method for secure transmission of data.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
the data transmission performance can be improved while enough data security can be guaranteed. The encryption method and the encryption device have the advantages that the RSA public key is used for encrypting the AES key and/or the data, the encryption mode of the AES and the RSA is used for encrypting and transmitting the data and the key at the same time, the risk of data leakage is effectively reduced, the possibility that the sent data can be forged and falsified is effectively reduced, and the safety of data encryption is improved.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for secure transmission of data according to the present application;
FIG. 3 is a schematic block diagram of one embodiment of a secure data transfer device according to the present application;
FIG. 4 is a schematic block diagram of one embodiment of a computer device according to the present application.
Reference numerals: 200. a computer device; 201. a memory; 202. a processor; 203. a network interface; 300. a data security transmission device; 301. a generation module; 302. an encryption module; 303. and a decryption module.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that the data security transmission method provided in the embodiments of the present application is generally executed by a server/terminal device, and accordingly, the data security transmission apparatus is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to FIG. 2, a flow diagram of one embodiment of a method for secure transmission of data in accordance with the present application is shown. The data security transmission method comprises the following steps:
s1: respectively generating a first Advanced Encryption Standard (AES) symmetric Encryption key and a first Rivest-Shamir-Adleman asymmetric Encryption key, wherein the first RSA asymmetric Encryption key comprises a first RSA public key and a first RSA private key, storing the first RSA private key in a database, transmitting the first RSA public key to an agency through a preset external general gateway, and accepting a second RSA public key transmitted by the agency.
In this embodiment, the system of the present application is an intelligent system, and when the intelligent system and the cooperating entity perform interface docking, the intelligent system and the cooperating entity of the present application respectively generate an asymmetric encryption RSA public key and a private key in their respective local locations, and directly exchange the generated public keys with each other through a Common API Gateway (Common API Gateway), and store the private key in a local database.
The RSA public key encryption algorithm usually generates a pair of RSA keys, one of which is a secret key, and is stored by a user; the other is a public key which can be disclosed to the outside. AES (Advanced Encryption Standard) is a symmetric Encryption algorithm. And generating an AES random 16-bit key by a preset rule. The smart system generates a first AES symmetric encryption key using its own rules. The partner authority generates a second AES symmetric encryption key using its own rules.
In this embodiment, the electronic device (for example, the server/terminal device shown in fig. 1) on which the data secure transmission method operates may transmit the RSA public key through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
S2: the method comprises the steps of obtaining locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key to obtain a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the cooperation mechanism through an interface.
In the embodiment, the first AES symmetric encryption key and/or the first ciphertext of the OCT intelligent fundus screening system are/is encrypted by using the second RAS public key transmitted by the cooperative mechanism, so that the data transmission safety is increased, and the cooperative mechanism can conveniently decrypt ciphertext data by using the second RSA private key stored in the database of the cooperative mechanism.
Specifically, in step S2, the step of encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the partner entity through the interface includes:
encrypting the first AES symmetric encryption key by using the second RSA public key to obtain a second ciphertext;
and taking the first ciphertext and the second ciphertext as ciphertext data, and transmitting the ciphertext data and a preset first encryption tag to the cooperation mechanism through an interface.
In this embodiment, the data to be transmitted (also called sensitive data) is directly encrypted using the generated AES symmetric encryption key. The locally generated AES cipher is encrypted using the asymmetric encryption public key provided by the partner authority, i.e. the second RSA public key. Compared with the mode of directly encrypting and decrypting the data to be transmitted by adopting the public key, the mode of encrypting the symmetric key by adopting the public key and encrypting the data to be transmitted by adopting the symmetric key not only improves the security of data transmission, but also effectively saves the time consumed during decryption. The first encryption tag is used for identifying the encryption mode, so that the partner mechanism can determine the encryption means adopted by the other party (namely the intelligent system) through the encryption tag.
It should be noted that, in the present application, a mode of carrying the first encryption tag may be adopted, or the first encryption tag may not be carried, and if the first encryption tag is not carried, the partner mechanism needs to autonomously determine the encryption mode adopted by the intelligent system in the process of decrypting the ciphertext data, and then selects the corresponding decryption mode.
In step S2, the acquiring locally stored to-be-transmitted data, encrypting the to-be-transmitted data using the first AES symmetric encryption key, and obtaining a first ciphertext includes:
acquiring locally stored data to be transmitted, analyzing the data to be transmitted, extracting a field name containing a preset keyword in the data to be transmitted and a field value corresponding to the field name, generating a core data table, and encrypting the core data table by using the first AES symmetric encryption key to obtain a first ciphertext;
the step of taking the first ciphertext and the second ciphertext as ciphertext data and transmitting the ciphertext data and a preset first encryption tag to the cooperation mechanism through an interface comprises the following steps:
deleting the part of the data to be transmitted, which is overlapped with the core data table, to obtain conventional data;
and taking the first ciphertext and the second ciphertext as ciphertext data, and transmitting the ciphertext data, the conventional data and a preset first encryption tag to the cooperation mechanism through an interface.
In this embodiment, in the present application, data to be transmitted is divided into a core data table and regular data, and only the core data table may be encrypted for transmission. For example: the field names are name, mobile phone number, identification number and the like, and the corresponding field values are Zhang three, 151X 6578,4114X 7034 and the like. The method and the device realize encryption of the core data table, and avoid the problems of excessive data volume and time consumption in the encryption calculation process.
It should be noted that, in the present application, all the data to be transmitted may be regarded as sensitive data, and encrypted to generate a first ciphertext, so that the first ciphertext and the second ciphertext are transmitted to the cooperative entity, where the sensitive data includes the name, age, mobile phone number, identity card number, and the like of the user.
As another embodiment of the present application, in step S2, that is, the step of encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the partner entity through the interface includes:
respectively encrypting the first AES symmetric encryption key and the first ciphertext by using the second RSA public key to respectively obtain a second ciphertext and a double ciphertext;
and taking the second ciphertext and the double ciphertext as ciphertext data, and transmitting the ciphertext data and a preset second encryption tag to the cooperation mechanism through an interface.
In this embodiment, the second RSA public key is used to encrypt the first ciphertext, so that the data to be transmitted is encrypted by the first AES symmetric encryption key and the second RSA public key. The data to be transmitted is further protected, and the data transmission safety is improved. The second encryption tag is used for identifying the encryption mode, so that the cooperative mechanism can determine the encryption means adopted by the other party through the encryption tag. The method for decrypting the ciphertext data can be used for carrying the second encryption tag, the second encryption tag can not be carried, if the second encryption tag is not carried, the cooperation mechanism needs to independently judge the encryption mode of the intelligent system in the process of decrypting the ciphertext data, and then the corresponding decryption mode is selected.
As another embodiment of the present application, in step S2, the step of encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the partner entity through the interface includes:
splicing the first ciphertext and the first AES symmetric encryption key to generate a spliced text segment;
encrypting the spliced text segment by using the second RAS public key to generate a first text segment ciphertext;
and taking the first text segment ciphertext as ciphertext data, and transmitting the ciphertext data and a preset third encryption tag to the cooperation mechanism through an interface.
In this embodiment, when the partner organization receives the segment ciphertext, the joined segment is obtained after decryption by the second RAS private key. And splitting the spliced text segment to obtain a first ciphertext and a first AES symmetric encryption key, and decrypting the first ciphertext by using the first AES symmetric encryption key to obtain a plaintext. And the mode of splicing the ciphertext and the key and then encrypting is adopted, so that the safety of data transmission is improved. The third encryption label is used for identifying the splicing text section type encryption mode, so that a cooperation mechanism can determine the encryption means adopted by the other party through the encryption label. According to the method and the device, a means of carrying the third encryption tag can be adopted, the third encryption tag can also not be carried, if the third encryption tag is not carried, the cooperation mechanism needs to independently judge the encryption mode of the intelligent system in the process of decrypting the ciphertext data, and then the corresponding decryption mode is selected.
Wherein the step of splicing the first ciphertext and the first AES symmetric encryption key to generate a spliced text segment comprises:
and splicing the first ciphertext, the first AES symmetric encryption key and a preset identification symbol to generate a spliced text segment, wherein the identification symbol is positioned between the first ciphertext and the first AES symmetric encryption key.
In this embodiment, the identifier is directly added between the first ciphertext and the first AES symmetric encryption key, which may facilitate a receiving party (i.e., a partner organization) to quickly identify and split the spliced text segment. The identification symbol can be asterisk, exclamation mark or other symbols different from the cipher text.
Of course, the step of splicing the first ciphertext and the first AES symmetric encryption key to generate a spliced text segment may include:
and splicing the first ciphertext, the first AES symmetric encryption key and a random code to generate a spliced text segment, wherein the random code is located between the first ciphertext and the first AES symmetric encryption key, and the random code is a string of characters agreed with a cooperation institution in advance.
In this embodiment, a mode of placing a predetermined random code between the first ciphertext and the first AES symmetric encryption key may be adopted, and because the random code is agreed in advance by two parties (the OCT system and the cooperation mechanism of the present application), even if the spliced text segment is maliciously obtained by the third party, the random code is difficult to be known by the third party, and the spliced text segment is more difficult to be split, so that the difficulty in decrypting the ciphertext by the third party is effectively improved, thereby preventing data from being tampered, and improving reliability and security of data transmission.
S3: when receiving encrypted data transmitted by a partner mechanism, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
In this embodiment, the encrypted data transmitted by the partner mechanism is data that needs to be transmitted to the intelligent system on the partner mechanism side, and is different from the data to be transmitted. The cooperation mechanism encrypts the data to be transmitted to the intelligent system to generate an encryption mode, wherein the encryption mode is any one of the three encryption modes. When the intelligent system encrypts the data, the received second RSA public key is adopted to encrypt the data. When the cooperation organization encrypts the data, the received first RSA public key is adopted to encrypt the data, so that the intelligent system can decrypt the encrypted data by using the locally stored first RSA private key.
Specifically, in step S3, that is, when receiving the encrypted data transmitted by the partner entity, querying the locally stored first RSA private key, and decrypting the encrypted data by using the first RSA private key to obtain the plaintext, the step includes:
when receiving encrypted data transmitted by a cooperative mechanism, the encrypted data carries a head label, and the head label is checked;
and if the signature verification passes, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
In the embodiment, if the signature verification sign is successful, the locally stored first RSA private key is queried to decrypt the second AES symmetric encryption key of the partner mechanism. And if the signature verification fails, sending an error prompt of the signature verification failure to the user and the cooperation mechanism. This application has improved the authenticity that the interface was called has also been ensured simultaneously to the performance of the safe transmission of interface data through setting up the mode of checking the label. The method not only gives consideration to the safe encryption of the data, but also ensures the authenticity and reliability of the data.
The method comprises the following steps that a head label is received, wherein the head label comprises a first signature, the first signature carries a random number, and when encrypted data and the head label transmitted by a partner mechanism are received, the step of verifying the head label comprises the following steps:
when receiving encrypted data and a head label transmitted by a cooperative mechanism, acquiring a first signature in the head label;
acquiring a request mode, a timestamp, a random number carried by a first signature, an incoming path of a cooperation mechanism and an address of the cooperation mechanism, wherein the random number is generated by the cooperation mechanism according to a local address and the current time through a preset first rule;
calculating the request mode, the timestamp, the random number carried by the first signature, the incoming path of the cooperative mechanism and the address of the cooperative mechanism by adopting an SHA256 encryption algorithm according to a preset second rule to obtain a second signature;
comparing whether the first signature and the second signature are consistent;
if the signature verification passes, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext, wherein the steps of:
and if the first signature is consistent with the second signature, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
In this embodiment, if the first signature and the second signature do not match, it is determined that the data is falsified or forged, an error prompt is returned to the user on the front page, and a notification of the failure of the verification is sent to the partner organization. A preset second rule: and (4) sorting according to English initial letters, splicing into character strings, and then generating sign by using a summarization algorithm SHA256 and setting the sign into a browser. Header tag (header), i.e., the header of the request sent by the system interface at the browser. The generation process of the header comprises the following steps: sign is SHA256 (interface request URI + request mode post/get + timestamp + random number Nonce + address ip). The request mode includes a get or a post, the get is generally used for acquiring/querying the resource information, and the post is generally used for updating the resource information. The Nonce is a hash value of a character string after splicing the ip address and the current time, that is, the Nonce is a hash value calculated each time, and is different, in other words, the Nonce is a random number locally generated each time, so as to prevent reuse, and is a guarantee of checking uniqueness.
As another embodiment of the present application, the encrypted data carries an encryption label, the encryption label includes a first encryption label, a second encryption label and a third encryption label, in step S3, the step of obtaining a plaintext by decrypting the encrypted data with the first RSA private key includes:
identifying a type of the cryptographic label;
if the encryption tag is the first encryption tag, identifying a third ciphertext and a fourth ciphertext contained in the encrypted data, decrypting the third ciphertext by using the first RSA private key, directly obtaining a second AES symmetric encryption key of a cooperation mechanism, decrypting the fourth ciphertext by using the second AES symmetric encryption key, and directly obtaining a plaintext;
if the encryption tag is a second encryption tag, identifying a third ciphertext and a fourth ciphertext contained in the encrypted data, decrypting the third ciphertext and the fourth ciphertext respectively by using the first RSA private key to obtain a second AES symmetric encryption key and a fifth ciphertext respectively, and decrypting the fifth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext;
if the encryption tag is a third encryption tag, decrypting the encrypted data by using the first RSA private key to obtain a second text segment ciphertext;
acquiring an identifier or a random code pre-stored in a database;
matching the identifier or the random code with a field in the ciphertext of the second text segment;
if the matching is successful, taking the field before the identifier symbol or the random code in the ciphertext of the second text segment as a sixth ciphertext, and taking the field after the identifier symbol or the random code as a second AES symmetric encryption key;
decrypting the sixth ciphertext using the obtained second AES symmetric encryption key;
if the decryption is successful, a plaintext is obtained;
and if the decryption fails, taking the identifier or the field after the random code in the ciphertext of the second text segment as a sixth ciphertext, taking the identifier or the field before the random code as a second AES symmetric encryption key, and decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key to obtain the plaintext.
In this embodiment, the second AES symmetric encryption key is generated locally by the partner institution, and is used to encrypt local data to be transmitted on the partner institution side. The method and the device can quickly judge which encryption means the other party uses through the set encryption tag type. And then directly select the decryption mode to improve the decryption speed. The encryption label and the encryption mode are in one-to-one correspondence. In the received encrypted data of the cooperative mechanism, if the encrypted tag is the first encrypted tag, the third ciphertext is equivalent to the second ciphertext of the intelligent system, and the fourth ciphertext is equivalent to the first ciphertext of the intelligent system. And if the encryption tag is the second encryption tag, the third ciphertext is equivalent to the second ciphertext of the intelligent system, the fourth ciphertext is equivalent to the double ciphertext of the intelligent system, and the fifth ciphertext is equivalent to the first ciphertext of the intelligent system. And if the encryption tag is a third encryption tag, the second text segment ciphertext is equivalent to the splicing text segment of the intelligent system, and the sixth ciphertext is equivalent to the first ciphertext of the intelligent system. The security of data verification and the credibility of decrypted data are further enhanced by matching the identifier or the random code pre-stored in the database.
As another embodiment of the present application, when the identified encryption tag is a third encryption tag, the first RSA private key is used to decrypt the encrypted data, and a second text segment ciphertext is obtained;
detecting whether fields which are not data and are not English letters exist in the ciphertext of the second text segment;
if yes, the field is used as an identification symbol;
taking a field before the identifier as a sixth ciphertext and taking a field after the identifier as a second AES symmetric encryption key in the ciphertext of the second text segment;
decrypting the sixth ciphertext using the obtained second AES symmetric encryption key;
if the decryption is successful, a plaintext is obtained;
and if the decryption fails, taking the field behind the identification symbol in the second text segment ciphertext as a sixth ciphertext, taking the field in front of the identification symbol as a second AES symmetric encryption key, and decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext. According to the embodiment, the identifier does not need to be acquired from the database for matching, and the decryption speed is effectively improved.
In addition, as another embodiment of the present application, the encrypted data may not carry an encryption tag, if the encrypted data does not carry an encryption tag, a decryption method is first selected according to the length of the encrypted data, and if the length of the encrypted data is not smaller than a preset threshold, decryption methods corresponding to the second encryption tag and the third encryption tag are preferentially selected in sequence for decryption (in this embodiment, the encryption tag is only used to refer to the decryption method specifically adopted, and the encryption tag is not carried in an actual process). And if the decryption fails, the decryption method corresponding to the first encryption label is selected for decryption. If the length of the encrypted data is smaller than a preset threshold value, the cooperative organization party is preliminarily judged to use the first RSA public key to encrypt only the second AES symmetric encryption key, the intelligent system preferentially selects the decryption method corresponding to the first encryption label to decrypt, and if decryption fails, the decryption methods corresponding to the second encryption label and the third encryption label are selected to decrypt. In this embodiment, since the data amount encrypted by different encryption methods is different, and the length of the transmitted encrypted data is also different, the method of preferential decryption is selected according to the length of the encrypted data, thereby increasing the decryption speed. The encryption mode corresponding to the first encryption tag belongs to single encryption, so that the length of the encrypted data is shorter than that of the other two types. The other two encryption methods belong to double encryption.
The intelligent system of the application can be an OCT (Optical Coherence Tomography) intelligent fundus screening system, a financial data intelligent acquisition system, a government affairs situation collection system and the like. The cooperation institution can be a hospital, a bank, a government and the like, wherein in a medical scene, the intelligent system is an OCT intelligent eye fundus screening system, and when the OCT intelligent eye fundus screening system obtains a diagnosis image of a patient through scanning, the information of the diagnosis image of the patient, the name, the age, the identification number and the like of the patient is encrypted and then transmitted to the hospital through the encryption mode. When other illness state information of the patient is input into the hospital, the other illness state information of the patient can be transmitted to the OCT intelligent fundus screening system through the encryption mode.
The application is applied to in the wisdom medical field for OCT intelligence eye ground screening system has promoted the security of the data of transmission, reduces data leakage risk and reduces the possibility of being tampered among the data transmission process.
It should be emphasized that, in order to further ensure the privacy and security of the data to be transmitted, the first AES symmetric encryption key, the second AES symmetric encryption key, the first RSA asymmetric encryption key, and the second RSA asymmetric encryption key may also be stored in a node of a block chain.
The block chain referred by the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware associated with computer readable instructions, which can be stored in a computer readable storage medium, and when executed, can include processes of the embodiments of the methods described above. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 3, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a data security transmission apparatus, which corresponds to the embodiment of the method shown in fig. 2, and which can be applied to various electronic devices.
As shown in fig. 3, the data security transmission apparatus 300 according to the present embodiment includes: a generation module 301, an encryption module 302, and a decryption module 303. Wherein: the generation module 301 is configured to generate a first AES symmetric encryption key and a first RSA asymmetric encryption key, respectively, where the first RSA asymmetric encryption key includes a first RSA public key and a first RSA private key, store the first RSA private key in a database, transmit the first RSA public key to a partner mechanism through a preset external universal gateway, and accept a second RSA public key transmitted by the partner mechanism; the encryption module 302 is configured to obtain locally stored data to be transmitted, encrypt the data to be transmitted using the first AES symmetric encryption key to obtain a first ciphertext, encrypt the first AES symmetric encryption key and/or the first ciphertext using the second RSA public key to obtain ciphertext data, and transmit the ciphertext data to the cooperation mechanism through an interface; the decryption module 303 is configured to, when receiving encrypted data transmitted by a partner mechanism, query a locally stored first RSA private key, and decrypt the encrypted data through the first RSA private key to obtain a plaintext.
In the embodiment, the data transmission performance can be improved while enough data security is ensured. The encryption method and the encryption device have the advantages that the RSA public key is used for encrypting the AES key and/or the data, the encryption mode of the AES and the RSA is used for encrypting and transmitting the data and the key at the same time, the risk of data leakage is effectively reduced, the possibility that the sent data can be forged and falsified is effectively reduced, and the safety of data encryption is improved.
The encryption module 302 includes an encryption submodule and a transmission submodule, where the encryption submodule is configured to encrypt the first AES symmetric encryption key using the second RSA public key to obtain a second ciphertext. And the transmission submodule is used for taking the first ciphertext and the second ciphertext as ciphertext data and transmitting the ciphertext data and a preset first encryption tag to the cooperation mechanism through an interface.
The encryption module 302 further includes an analysis submodule, where the analysis submodule is configured to obtain locally stored data to be transmitted, analyze the data to be transmitted, extract a field name including a preset keyword in the data to be transmitted and a field value corresponding to the field name, generate a core data table, encrypt the core data table using the first AES symmetric encryption key, and obtain a first ciphertext. The transmission submodule is further used for deleting the part, overlapped with the core data table, in the data to be transmitted to obtain conventional data, using the first ciphertext and the second ciphertext as ciphertext data, and transmitting the ciphertext data, the conventional data and a preset first encryption tag to the cooperation mechanism through an interface.
In some optional implementation manners of this embodiment, the encryption sub-module is further configured to encrypt the first AES symmetric encryption key and the first ciphertext respectively by using the second RSA public key, and obtain a second ciphertext and a double ciphertext respectively. And the transmission sub-module is also used for taking the second ciphertext and the double ciphertext as ciphertext data and transmitting the ciphertext data and a preset second encryption tag to the cooperation mechanism through an interface.
In some optional implementation manners of this embodiment, the encryption sub-module is further configured to splice the first ciphertext with the first AES symmetric encryption key to generate a spliced text segment, and encrypt the spliced text segment using the second RAS public key to generate a first text segment ciphertext. And the transmission sub-module is also used for taking the first text segment ciphertext as ciphertext data and transmitting the ciphertext data and a preset third encryption tag to the cooperation mechanism through an interface.
The encryption submodule is further configured to splice the first ciphertext, a first AES symmetric encryption key and a preset identifier to generate a spliced text segment, where the identifier is located between the first ciphertext and the first AES symmetric encryption key, or splice the first ciphertext, the first AES symmetric encryption key and a random code to generate the spliced text segment, where the random code is located between the first ciphertext and the first AES symmetric encryption key, and the random code is a string of characters agreed with a partner mechanism in advance.
The decryption module 303 includes a signature verification sub-module and a query sub-module. And the label checking sub-module is used for carrying the head label on the encrypted data when receiving the encrypted data transmitted by the cooperation mechanism and checking the label on the head label. The query submodule is used for querying a first RSA private key stored locally when the signature passes, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
The head tag comprises a first signature, the first signature carries a random number, and the tag verification sub-module comprises a first acquisition unit, a second acquisition unit, a calculation unit and a comparison unit. The first acquisition unit is used for acquiring a first signature in a head label when receiving the encrypted data and the head label transmitted by the partner mechanism; the second acquisition unit is used for acquiring a request mode, a timestamp, a random number carried by the first signature, an incoming path of the cooperation mechanism and an address of the cooperation mechanism, wherein the random number is generated by the cooperation mechanism according to a local address and the current time through a preset first rule; the computing unit is used for computing the request mode, the timestamp, the random number carried by the first signature, the incoming path of the cooperative mechanism and the address of the cooperative mechanism by adopting an SHA256 encryption algorithm according to a preset second rule to obtain a second signature; the comparison unit is used for comparing whether the first signature and the second signature are consistent; the query submodule is further used for querying a locally stored first RSA private key when the first signature is consistent with the second signature, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
The decryption module 303 further includes an identification sub-module, a first decryption sub-module, a second decryption sub-module, and a third decryption sub-module. The identification submodule is used for identifying the type of the encrypted tag. The first decryption submodule is used for identifying a third ciphertext and a fourth ciphertext contained in the encrypted data when the encrypted tag is the first encrypted tag, decrypting the third ciphertext by using the first RSA private key, directly obtaining a second AES symmetric encryption key of a cooperation mechanism, decrypting the fourth ciphertext by using the second AES symmetric encryption key, and directly obtaining a plaintext. The second decryption submodule is used for identifying a third ciphertext and a fourth ciphertext contained in the encrypted data when the encrypted tag is a second encrypted tag, respectively decrypting the third ciphertext and the fourth ciphertext by using the first RSA private key to respectively obtain a second AES symmetric encryption key and a fifth ciphertext, and decrypting the fifth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext. The third decryption submodule is used for decrypting the encrypted data by using the first RSA private key when the encrypted tag is a third encrypted tag, obtaining a second text segment ciphertext, obtaining an identification symbol or a random code pre-stored in a database, matching the identification symbol or the random code with a field in the second text segment ciphertext, if the matching is successful, using the field in the second text segment ciphertext before the identification symbol or the random code as a sixth ciphertext, using the field after the identification symbol or the random code as a second AES symmetric encryption key, decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key, if the decryption is successful, obtaining a plaintext, if the decryption is failed, using the field in the second text segment ciphertext after the identification symbol or the random code as a sixth ciphertext, and using the field before the identification symbol or the random code as a second AES symmetric encryption key, and decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext.
In some optional implementation manners of this embodiment, the third decryption sub-module is further configured to, when the identified encryption tag is a third encryption tag, decrypt the encrypted data using the first RSA private key to obtain a second segment ciphertext; detecting whether fields which are not data and are not English letters exist in the ciphertext of the second text segment; if yes, the field is used as an identification symbol; taking a field before the identifier as a sixth ciphertext and taking a field after the identifier as a second AES symmetric encryption key in the ciphertext of the second text segment; decrypting the sixth ciphertext using the obtained second AES symmetric encryption key; if the decryption is successful, a plaintext is obtained; and if the decryption fails, taking the field behind the identification symbol in the second text segment ciphertext as a sixth ciphertext, taking the field in front of the identification symbol as a second AES symmetric encryption key, and decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext.
In some optional implementation manners of this embodiment, the decryption module is further configured to select a decryption manner according to a length of the encrypted data when the encrypted data does not carry the encrypted tag. And when the length of the encrypted data is not less than a preset threshold value, preferentially selecting the decryption methods corresponding to the second encrypted tag and the third encrypted tag in sequence for decryption. And if the decryption fails, the decryption method corresponding to the first encryption label is selected for decryption. If the length of the encrypted data is smaller than a preset threshold value, preliminarily judging that the first RSA public key is only used for encrypting the second AES symmetric encryption key, selecting a decryption method corresponding to the first encryption label for decryption, and if decryption fails, selecting decryption methods corresponding to the second encryption label and the third encryption label for decryption.
The data transmission performance can be improved while enough data security can be guaranteed. The encryption method and the encryption device have the advantages that the RSA public key is used for encrypting the AES key and/or the data, the encryption mode of the AES and the RSA is used for encrypting and transmitting the data and the key at the same time, the risk of data leakage is effectively reduced, the possibility that the sent data can be forged and falsified is effectively reduced, and the safety of data encryption is improved.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 4, fig. 4 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 200 comprises a memory 201, a processor 202, a network interface 203 communicatively connected to each other via a system bus. It is noted that only computer device 200 having components 201 and 203 is shown, but it is understood that not all of the illustrated components are required and that more or fewer components may alternatively be implemented. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 201 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 201 may be an internal storage unit of the computer device 200, such as a hard disk or a memory of the computer device 200. In other embodiments, the memory 201 may also be an external storage device of the computer device 200, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 200. Of course, the memory 201 may also include both internal and external storage devices of the computer device 200. In this embodiment, the memory 201 is generally used for storing an operating system installed in the computer device 200 and various types of application software, such as computer readable instructions of a data security transmission method. Further, the memory 201 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 202 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 202 is generally operative to control overall operation of the computer device 200. In this embodiment, the processor 202 is configured to execute the computer readable instructions stored in the memory 201 or process data, for example, execute the computer readable instructions of the data secure transmission method.
The network interface 203 may comprise a wireless network interface or a wired network interface, and the network interface 203 is generally used for establishing communication connection between the computer device 200 and other electronic devices.
In the embodiment, the risk of data leakage and the possibility that the sending data can be forged and falsified are effectively reduced, and the security of data encryption is improved.
The present application further provides another embodiment, which is to provide a computer-readable storage medium, wherein the computer-readable storage medium stores computer-readable instructions, which can be executed by at least one processor, so as to cause the at least one processor to execute the steps of the data security transmission method as described above.
In the embodiment, the risk of data leakage and the possibility that the sending data can be forged and falsified are effectively reduced, and the security of data encryption is improved.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1. A data security transmission method is characterized by comprising the following steps:
respectively generating a first AES symmetric encryption key and a first RSA asymmetric encryption key, wherein the first RSA asymmetric encryption key comprises a first RSA public key and a first RSA private key, storing the first RSA private key in a database, transmitting the first RSA public key to a cooperative mechanism through a preset external universal gateway, and accepting a second RSA public key transmitted by the cooperative mechanism;
acquiring locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key to acquire a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to acquire ciphertext data, and transmitting the ciphertext data to the cooperation mechanism through an interface; and
when receiving encrypted data transmitted by a partner mechanism, inquiring a first RSA private key stored locally, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
2. The method according to claim 1, wherein the step of encrypting the first AES symmetric encryption key and/or the first ciphertext with the second RSA public key to obtain ciphertext data and transmitting the ciphertext data to the partner entity through the interface comprises:
encrypting the first AES symmetric encryption key by using the second RSA public key to obtain a second ciphertext;
and taking the first ciphertext and the second ciphertext as ciphertext data, and transmitting the ciphertext data and a preset first encryption tag to the cooperation mechanism through an interface.
3. The method for securely transmitting data according to claim 2, wherein the steps of obtaining locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key, and obtaining a first ciphertext comprise:
acquiring locally stored data to be transmitted, analyzing the data to be transmitted, extracting a field name containing a preset keyword in the data to be transmitted and a field value corresponding to the field name, generating a core data table, and encrypting the core data table by using the first AES symmetric encryption key to obtain a first ciphertext;
the step of taking the first ciphertext and the second ciphertext as ciphertext data and transmitting the ciphertext data and a preset first encryption tag to the cooperation mechanism through an interface comprises the following steps:
deleting the part of the data to be transmitted, which is overlapped with the core data table, to obtain conventional data;
and taking the first ciphertext and the second ciphertext as ciphertext data, and transmitting the ciphertext data, the conventional data and a preset first encryption tag to the cooperation mechanism through an interface.
4. The method according to claim 2, wherein the step of encrypting the first AES symmetric encryption key and/or the first ciphertext with the second RSA public key to obtain ciphertext data and transmitting the ciphertext data to the partner entity through the interface comprises:
respectively encrypting the first AES symmetric encryption key and the first ciphertext by using the second RSA public key to respectively obtain a second ciphertext and a double ciphertext;
and taking the second ciphertext and the double ciphertext as ciphertext data, and transmitting the ciphertext data and a preset second encryption tag to the cooperation mechanism through an interface.
5. The method according to claim 2, wherein the step of encrypting the first AES symmetric encryption key and/or the first ciphertext with the second RSA public key to obtain ciphertext data and transmitting the ciphertext data to the partner entity through the interface comprises:
splicing the first ciphertext and the first AES symmetric encryption key to generate a spliced text segment;
encrypting the spliced text segment by using the second RAS public key to generate a first text segment ciphertext;
and taking the first text segment ciphertext as ciphertext data, and transmitting the ciphertext data and a preset third encryption tag to the cooperation mechanism through an interface.
6. The method for securely transmitting data according to claim 5, wherein the step of concatenating the first ciphertext and the first AES symmetric encryption key to generate a concatenated segment comprises:
and splicing the first ciphertext, the first AES symmetric encryption key and a preset identifier, or splicing the first ciphertext, the first AES symmetric encryption key and a random code to generate a spliced text segment, wherein the identifier or the random code is located between the first ciphertext and the first AES symmetric encryption key, and the random code is a string of characters agreed with a cooperative institution in advance.
7. The method for securely transmitting data according to claim 1, wherein the encrypted data carries encrypted tags, the encrypted tags include a first encrypted tag, a second encrypted tag and a third encrypted tag, and the step of decrypting the encrypted data by the first RSA private key to obtain a plaintext includes:
identifying a type of the cryptographic label;
if the encryption tag is the first encryption tag, identifying a third ciphertext and a fourth ciphertext contained in the encrypted data, decrypting the third ciphertext by using the first RSA private key to obtain a second AES symmetric encryption key of a cooperation mechanism, decrypting the fourth ciphertext by using the second AES symmetric encryption key to directly obtain a plaintext;
if the encryption tag is a second encryption tag, identifying a third ciphertext and a fourth ciphertext contained in the encrypted data, decrypting the third ciphertext and the fourth ciphertext respectively by using the first RSA private key to obtain a second AES symmetric encryption key and a fifth ciphertext respectively, and decrypting the fifth ciphertext by using the obtained second AES symmetric encryption key to obtain a plaintext;
if the encryption tag is a third encryption tag, decrypting the encrypted data by using the first RSA private key to obtain a second text segment ciphertext;
acquiring an identifier or a random code pre-stored in a database;
matching the identifier or the random code with a field in the ciphertext of the second text segment;
if the matching is successful, taking the field before the identifier symbol or the random code in the ciphertext of the second text segment as a sixth ciphertext, and taking the field after the identifier symbol or the random code as a second AES symmetric encryption key;
decrypting the sixth ciphertext using the obtained second AES symmetric encryption key;
if the decryption is successful, a plaintext is obtained;
and if the decryption fails, taking the identifier or the field after the random code in the ciphertext of the second text segment as a sixth ciphertext, taking the identifier or the field before the random code as a second AES symmetric encryption key, and decrypting the sixth ciphertext by using the obtained second AES symmetric encryption key to obtain the plaintext.
8. A secure data transfer device, comprising:
the generation module is used for respectively generating a first AES symmetric encryption key and a first RSA asymmetric encryption key, wherein the first RSA asymmetric encryption key comprises a first RSA public key and a first RSA private key, the first RSA private key is stored in a database, the first RSA public key is transmitted to a cooperative mechanism through a preset external general gateway, and the first RSA public key is received by a second RSA public key transmitted by the cooperative mechanism;
the encryption module is used for acquiring locally stored data to be transmitted, encrypting the data to be transmitted by using the first AES symmetric encryption key to obtain a first ciphertext, encrypting the first AES symmetric encryption key and/or the first ciphertext by using the second RSA public key to obtain ciphertext data, and transmitting the ciphertext data to the cooperation mechanism through an interface; and
and the decryption module is used for inquiring a first RSA private key stored locally when receiving the encrypted data transmitted by the cooperative mechanism, and decrypting the encrypted data through the first RSA private key to obtain a plaintext.
9. A computer device comprising a memory having computer readable instructions stored therein and a processor which when executed implements the steps of a method of secure transmission of data as claimed in any of claims 1 to 7.
10. A computer-readable storage medium, having computer-readable instructions stored thereon, which, when executed by a processor, implement the steps of the method for secure transmission of data according to any one of claims 1 to 7.
CN202010624280.9A 2020-06-30 2020-06-30 Data security transmission method and device, computer equipment and storage medium Pending CN111835511A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010624280.9A CN111835511A (en) 2020-06-30 2020-06-30 Data security transmission method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010624280.9A CN111835511A (en) 2020-06-30 2020-06-30 Data security transmission method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111835511A true CN111835511A (en) 2020-10-27

Family

ID=72900764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010624280.9A Pending CN111835511A (en) 2020-06-30 2020-06-30 Data security transmission method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111835511A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112367342A (en) * 2020-12-04 2021-02-12 国网江苏省电力有限公司南京供电分公司 Encryption transmission method and system for distributed photovoltaic operation and maintenance data
CN112464270A (en) * 2020-12-30 2021-03-09 广汽本田汽车有限公司 Bidding file encryption and decryption method, equipment and storage medium
CN112637836A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112751852A (en) * 2020-12-29 2021-05-04 平安普惠企业管理有限公司 Data transmission method and related equipment
CN112749402A (en) * 2021-01-07 2021-05-04 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN112866237A (en) * 2021-01-15 2021-05-28 广州Tcl互联网小额贷款有限公司 Data communication method, device, equipment and storage medium
CN113221146A (en) * 2021-05-26 2021-08-06 中国人民银行数字货币研究所 Method and device for data transmission between block chain nodes
CN113726772A (en) * 2021-08-30 2021-11-30 平安国际智慧城市科技股份有限公司 Method, device, equipment and storage medium for realizing on-line inquiry session
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system
CN114374527A (en) * 2021-11-22 2022-04-19 四川新迎顺信息技术股份有限公司 Environmental protection data processing device and system based on big data
CN114500072A (en) * 2022-02-10 2022-05-13 数贸科技(北京)有限公司 Message data transmission method and system
WO2022126980A1 (en) * 2020-12-15 2022-06-23 平安科技(深圳)有限公司 Data transmission method and apparatus, terminal, and storage medium
CN114726597A (en) * 2022-03-25 2022-07-08 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium
CN115102754A (en) * 2022-06-20 2022-09-23 中银金融科技有限公司 Data transmission method and system, storage medium and electronic equipment
CN115514485A (en) * 2022-11-23 2022-12-23 中网道科技集团股份有限公司 Method for carrying out community correction system data transmission with quantum encryption
CN116070232A (en) * 2022-11-18 2023-05-05 上海创蓝云智信息科技股份有限公司 Data security export method, device and storage medium
CN116471491A (en) * 2023-04-25 2023-07-21 北京拙河科技有限公司 Method and device for decoding video stream of optical camera
CN116612572A (en) * 2023-06-14 2023-08-18 厦门万安智能有限公司 Building access control management system
WO2024027301A1 (en) * 2022-08-05 2024-02-08 深圳市星卡软件技术开发有限公司 Encryption method for automobile diagnosis software
CN114726597B (en) * 2022-03-25 2024-04-26 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
US10187200B1 (en) * 2017-12-18 2019-01-22 Secure Channels Inc. System and method for generating a multi-stage key for use in cryptographic operations
CN109428710A (en) * 2017-08-22 2019-03-05 深圳光启智能光子技术有限公司 Data transmission method, device, storage medium and processor
CN109672523A (en) * 2018-09-25 2019-04-23 平安科技(深圳)有限公司 Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter
CN109802825A (en) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 A kind of data encryption, the method for decryption, system and terminal device
CN111245771A (en) * 2018-11-28 2020-06-05 深圳兆日科技股份有限公司 Instant message encryption and decryption method, device, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428710A (en) * 2017-08-22 2019-03-05 深圳光启智能光子技术有限公司 Data transmission method, device, storage medium and processor
CN109802825A (en) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 A kind of data encryption, the method for decryption, system and terminal device
US10187200B1 (en) * 2017-12-18 2019-01-22 Secure Channels Inc. System and method for generating a multi-stage key for use in cryptographic operations
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
CN109672523A (en) * 2018-09-25 2019-04-23 平安科技(深圳)有限公司 Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter
CN111245771A (en) * 2018-11-28 2020-06-05 深圳兆日科技股份有限公司 Instant message encryption and decryption method, device, equipment and storage medium

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112367342A (en) * 2020-12-04 2021-02-12 国网江苏省电力有限公司南京供电分公司 Encryption transmission method and system for distributed photovoltaic operation and maintenance data
WO2022126980A1 (en) * 2020-12-15 2022-06-23 平安科技(深圳)有限公司 Data transmission method and apparatus, terminal, and storage medium
CN112637836A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112637836B (en) * 2020-12-18 2023-08-11 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112751852A (en) * 2020-12-29 2021-05-04 平安普惠企业管理有限公司 Data transmission method and related equipment
CN112751852B (en) * 2020-12-29 2022-10-11 平安普惠企业管理有限公司 Data transmission method and related equipment
WO2022142038A1 (en) * 2020-12-29 2022-07-07 平安普惠企业管理有限公司 Data transmission method and related device
CN112464270A (en) * 2020-12-30 2021-03-09 广汽本田汽车有限公司 Bidding file encryption and decryption method, equipment and storage medium
CN112749402A (en) * 2021-01-07 2021-05-04 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN112749402B (en) * 2021-01-07 2024-04-23 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN112866237A (en) * 2021-01-15 2021-05-28 广州Tcl互联网小额贷款有限公司 Data communication method, device, equipment and storage medium
CN113221146A (en) * 2021-05-26 2021-08-06 中国人民银行数字货币研究所 Method and device for data transmission between block chain nodes
CN113221146B (en) * 2021-05-26 2023-11-03 中国人民银行数字货币研究所 Method and device for data transmission among block chain nodes
CN113726772A (en) * 2021-08-30 2021-11-30 平安国际智慧城市科技股份有限公司 Method, device, equipment and storage medium for realizing on-line inquiry session
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system
CN114374527A (en) * 2021-11-22 2022-04-19 四川新迎顺信息技术股份有限公司 Environmental protection data processing device and system based on big data
CN114500072A (en) * 2022-02-10 2022-05-13 数贸科技(北京)有限公司 Message data transmission method and system
CN114500072B (en) * 2022-02-10 2024-01-26 数贸科技(北京)有限公司 Message data transmission method and system
CN114726597A (en) * 2022-03-25 2022-07-08 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium
CN114726597B (en) * 2022-03-25 2024-04-26 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium
CN115102754A (en) * 2022-06-20 2022-09-23 中银金融科技有限公司 Data transmission method and system, storage medium and electronic equipment
CN115102754B (en) * 2022-06-20 2024-04-02 中银金融科技有限公司 Data transmission method and system, storage medium and electronic equipment
WO2024027301A1 (en) * 2022-08-05 2024-02-08 深圳市星卡软件技术开发有限公司 Encryption method for automobile diagnosis software
CN116070232B (en) * 2022-11-18 2023-08-08 上海创蓝云智信息科技股份有限公司 Data security export method, device and storage medium
CN116070232A (en) * 2022-11-18 2023-05-05 上海创蓝云智信息科技股份有限公司 Data security export method, device and storage medium
CN115514485B (en) * 2022-11-23 2023-10-24 中网道科技集团股份有限公司 Method for transmitting community correction system data with quantum encryption
CN115514485A (en) * 2022-11-23 2022-12-23 中网道科技集团股份有限公司 Method for carrying out community correction system data transmission with quantum encryption
CN116471491A (en) * 2023-04-25 2023-07-21 北京拙河科技有限公司 Method and device for decoding video stream of optical camera
CN116612572A (en) * 2023-06-14 2023-08-18 厦门万安智能有限公司 Building access control management system
CN116612572B (en) * 2023-06-14 2024-03-19 厦门万安智能有限公司 Building access control management system

Similar Documents

Publication Publication Date Title
CN111835511A (en) Data security transmission method and device, computer equipment and storage medium
WO2022252632A1 (en) Data encryption processing method and apparatus, computer device, and storage medium
US20180308098A1 (en) Identity Management Service Using A Block Chain Providing Identity Transactions Between Devices
CN104008351B (en) Window application completeness check system, method and device
CN112511514A (en) HTTP encrypted transmission method and device, computer equipment and storage medium
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
CN114024710A (en) Data transmission method, device, system and equipment
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN110677382A (en) Data security processing method, device, computer system and storage medium
CN110598433B (en) Block chain-based anti-fake information processing method and device
CN111131416A (en) Business service providing method and device, storage medium and electronic device
WO2023071133A1 (en) Tagged network information service generation and application method and apparatus, device and medium
CN116226289A (en) Electronic certificate management method, device, equipment and storage medium based on blockchain
CN115795538A (en) Desensitization document anti-desensitization method, apparatus, computer device and storage medium
CN104901951A (en) Mobile terminal based cipher data processing and interaction method in Web application
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
US7958363B2 (en) Toolbar signature
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
Rossudowski et al. A security privacy aware architecture and protocol for a single smart card used for multiple services
US9203607B2 (en) Keyless challenge and response system
CN114357472B (en) Data tagging method, system, electronic device and readable storage medium
CN115085934A (en) Contract management method based on block chain and combined key and related equipment
CN113037760B (en) Message sending method and device
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right

Effective date of registration: 20210222

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: Shenzhen saiante Technology Service Co.,Ltd.

Address before: 1-34 / F, Qianhai free trade building, 3048 Xinghai Avenue, Mawan, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000

Applicant before: Ping An International Smart City Technology Co.,Ltd.

TA01 Transfer of patent application right
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201027

RJ01 Rejection of invention patent application after publication