CN112468470B - Data transmission method and device and electronic equipment - Google Patents
Data transmission method and device and electronic equipment Download PDFInfo
- Publication number
- CN112468470B CN112468470B CN202011282442.1A CN202011282442A CN112468470B CN 112468470 B CN112468470 B CN 112468470B CN 202011282442 A CN202011282442 A CN 202011282442A CN 112468470 B CN112468470 B CN 112468470B
- Authority
- CN
- China
- Prior art keywords
- key
- data
- verification information
- processed
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
According to the data transmission method, the data transmission device and the electronic equipment, when the fact that the first to-be-processed data needs to be sent is detected, the first key determining parameter can be determined through the current time, the first key is generated through the first key determining parameter, and when the time is different, the generated keys are different. In other words, when the data to be processed needs to be sent to the corresponding receiving end every time, due to the fact that time is different, the determined key determining parameters are different, and therefore the keys generated according to the key determining parameters are different.
Description
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a data transmission method and apparatus, and an electronic device.
Background
With the development of scientific technology, the functions of the terminal device are more and more perfect, for example: people can use the terminal device to chat, shop, search data, listen to lessons, etc. And the functions of the terminal equipment also simplify the life style of people to a certain extent.
In some application scenarios, frequent interaction between the server and the terminal device is required (for example, in an online response link of a certain program, the terminal device needs to send an answer filled by a user to the server, and the server needs to send a standard answer to the terminal device).
Disclosure of Invention
This disclosure is provided to introduce concepts in a simplified form that are further described below in the detailed description. This disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
The embodiment of the disclosure provides a data transmission method, a data transmission device and electronic equipment, wherein sent data are encrypted by using a dynamic key, so that the keys of data transmission at each time are different, and the security of information in the transmission process is improved.
In a first aspect, an embodiment of the present disclosure provides a data transmission method, including: in response to detecting the first data to be processed, determining a first key determination parameter based on the current time; generating a first key based on the first key determination parameter; generating first verification information based on the first key determination parameter, the first to-be-processed data and the first key; encrypting the first to-be-processed data by using the first key to obtain first encrypted data; and sending the first encrypted data and the first verification information to a corresponding receiving end, wherein the corresponding receiving end obtains the first key based on the first verification information, and decrypts the first encrypted data by using the first key to obtain the first to-be-processed data.
In a second aspect, an embodiment of the present disclosure provides a data transmission apparatus, including: a determination unit configured to determine a first key determination parameter based on a current time in response to detection of first data to be processed; a first generation unit configured to generate a first key based on the first key specifying parameter; a second generating unit configured to generate first verification information based on the first key specifying parameter, the first to-be-processed data, and the first key; an encryption unit, configured to encrypt the first to-be-processed data with the first key to obtain first encrypted data; a sending unit, configured to send the first encrypted data and the first verification information to a corresponding receiving end, where the corresponding receiving end obtains the first key based on the first verification information, and decrypts the first encrypted data with the first key to obtain the first to-be-processed data.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: one or more processors; a storage device, configured to store one or more programs, which when executed by the one or more processors, cause the one or more processors to implement the data transmission method according to the first aspect.
In a fourth aspect, the disclosed embodiments provide a computer-readable medium, on which a computer program is stored, which when executed by a processor, implements the steps of the data transmission method as described above in the first aspect.
According to the data transmission method, the data transmission device and the electronic equipment, when the fact that the first to-be-processed data needs to be sent is detected, the first key determining parameter is determined according to the current time, the first key is generated according to the first key determining parameter, and when the time is different, the generated keys are different. In other words, when data to be processed needs to be sent to the corresponding receiving end every time, due to the fact that time is different, the determined key determining parameters are different, and therefore the keys generated according to the key determining parameters are different.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Fig. 1 is a flow diagram of one embodiment of a data transmission method according to the present disclosure;
fig. 2 is a flow diagram of another embodiment of a data transmission method according to the present disclosure;
FIG. 3 is an exemplary interaction diagram of a data transmission method according to the present disclosure;
FIG. 4 is a schematic block diagram of one embodiment of a data transmission device according to the present disclosure;
FIG. 5 is an exemplary system architecture to which the data transmission method of one embodiment of the present disclosure may be applied;
fig. 6 is a schematic diagram of a basic structure of an electronic device provided according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein is intended to be open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Referring to fig. 1, a flow of one embodiment of a data transmission method according to the present disclosure is shown. The data transmission method can be applied to a terminal device and/or a server. The data transmission method as shown in fig. 1 includes the following steps:
in response to detecting the first data to be processed, a first key determination parameter is determined based on the current time, step 101.
Here, the first key determination parameter may be understood as a parameter required for generating the first key.
The first to-be-processed data may be understood as data that needs to be processed by the receiving end, and may be, for example, a request, such as a request for obtaining specific data.
Of course, the specific data in which the first to-be-processed data is in any form only needs to be set reasonably by combining with the actual application scenario.
Here, it can be seen that the first authentication information includes a parameter (first key determination parameter) for generating the first key, in other words, the parameter required for generating the first key can be acquired from the first authentication information.
And 104, encrypting the first to-be-processed data by using the first key to obtain first encrypted data.
Here, the first encrypted data may be generated by encrypting the first data to be processed with the first key.
And 105, sending the first encrypted data and the first verification information to a corresponding receiving end.
Here, a network connection may be previously established between the receiving end and the execution main body (which may be a terminal device). By way of example, a receiver may also be understood as another terminal device and/or another server.
Here, the receiving end obtains the first key based on the first verification information, and can decrypt the first encrypted data with the first key to obtain the first data to be processed.
It can be seen that, in this embodiment, when it is detected that the first to-be-processed data needs to be sent, the first key determination parameter may be determined by the current time, and the first key is generated by the first key determination parameter, that is, when the times are different, the generated keys are also different. In other words, when data to be processed needs to be sent to the corresponding receiving end every time, due to the fact that time is different, the determined key determining parameters are different, and therefore the keys generated according to the key determining parameters are different.
In some embodiments, the corresponding receiving end may share a set of key generation function with the execution main body, so that it can be ensured that the corresponding receiving end can determine a key generated by the parameter according to the first key in the first verification information, and realize decryption of the first encrypted data, so that the receiving end can obtain the first to-be-processed data.
In some embodiments, it may be understood that: when first to-be-processed data needs to be sent to the receiving end, a key (first key) can be dynamically generated, the first to-be-processed data is encrypted according to the first key to obtain first encrypted data, and the first encrypted data can be sent to the receiving end.
In some embodiments, there are many ways of encrypting the data to be processed by using the key, which are not described herein for brevity of the specification, and only need to be selected reasonably according to the actual situation, for example, AES (Advanced Encryption Standard) may be selected for Encryption.
In some embodiments, step 102 (generating a first key based on a first key determination parameter) may comprise steps 1021-1023.
Here, the corresponding receiving end includes a preset key pool. In other words, the corresponding terminal device is the same as the key pool used by the executing entity.
Here, the key pool includes seeds required for generating keys, and each seed can be regarded as a field.
In some embodiments, the first key determination parameter may be complemented with a preset value, and the first key offset may be obtained.
Here, the first key determination parameter and the preset value may be both positive integers. As an example, the preset value may be the number of seeds in the preset key pool.
Here, the key version corresponds to the seed. The key version can be used for limiting the key generation mode, the format of the generated key and the like; thus, different key versions, the required seed may be different.
Here, the first key offset may be used to filter the target seed (target field), in other words, since one field includes a plurality of characters, a partial character may be filtered from the plurality of characters by the first offset.
In some implementations, the screened out partial character may then be considered a first key.
In some embodiments, the first key may be generated using an LFSR (Linear feedback shift register). Here, the target seed may be understood as an initial value given to the LFSR, and an offset of the initial value may be determined by the first subkey offset. And the field output by the LFSR can be regarded as the first key.
In some embodiments, when the key version used to generate the first key is determined, a target seed may be determined from a pool of preset keys, and the first key may be generated based on the target seed.
In some embodiments, in order to make the encryption process more secure, in the process of performing data interaction between the main body and the corresponding receiving end, the version of the key used may also be changed for different data to be transmitted.
In some embodiments, step 1023 (generating the first key based on the first key offset and the target seed) may include: and determining the total sub-character amount of the first key according to the first key offset, then screening the characters in the target seed by using the first offset to obtain an initial character sequence segment, selecting the characters of the total character amount from the initial character sequence segment, and generating the first key.
Here, the filtering of the character in the target seed by the first offset may be understood as: and denoising the target seed by using the first offset. In other words, a portion of the characters in the target seed may be filtered out based on the first offset.
In some embodiments, the total number of characters may be equal to the number of characters in the first offset, and of course, in a specific embodiment, the total number of characters of the first key may be defined according to other manners, and a specific value of the total number of characters of the first key is not limited herein. Here, the total number of characters of the first key may be regarded as the key length of the first key.
In some embodiments, the characters of the total number of characters may be selected continuously from the beginning of the initial character sequence segment, or the characters of the first total number of characters may be selected continuously from the end of the initial character sequence segment. Of course, in the specific embodiment, there are many ways to select the characters of the total number of characters from the initial character sequence segment, and only reasonable selection needs to be performed according to actual situations, and here, the way to select the characters of the total number of characters from the initial character sequence segment is not limited.
In some embodiments, step 103 (generating the first verification information based on the first key determination parameter, the first to-be-processed data, and the first key) may include:
the method comprises the steps of packaging a first secret key and first data to be processed, carrying out Hash processing on the packaged first data to be processed and the first secret key to obtain initial first verification information, inserting a first secret key determining parameter and a secret key version identifier used for generating the first secret key into a preset position of the initial first verification information, and obtaining the first verification information.
Here, the corresponding receiving end includes a parameter for indicating the preset position, that is, after the corresponding receiving end receives the first verification information, the key version identifier and the first key determination parameter may be extracted from the first verification information based on the parameter for indicating the preset position.
Here, the key version identification is used to indicate the key version, that is, the key version can be determined by the key version identification.
In some embodiments, both the first data to be processed and the first key may be converted into a fixed-length string (for example, a string that may be 32 characters long) by using a preset hash function (hash process), and the fixed-length string may be understood as the initial first authentication information. Then, both the first key determination parameter and the key version identification are added after a certain character of the first information of the initial key (for example, after the 12 th character) to obtain a new character string, and the new character string can be understood as the first authentication information. Since the pre-execution main body and the receiving end may already agree on both the first key determination parameter and the key version identifier to be added after which specific character string, the receiving end may obtain the first key determination parameter and the key version identifier from the first verification information after receiving the first verification information.
In some embodiments, since one key is newly generated every time the data to be processed is sent, in order to shorten the time taken to generate the key each time, the maximum value of the first key offset may be defined, so that the time taken to generate the key may be shortened.
Here, it should be noted that, since the maximum value of the first key offset is related to the number of the first key determination parameter and the number of the seeds in the preset key pool, the maximum value of the first key offset may be defined by defining the number of the first key determination parameter and the seeds in the preset key pool.
In some embodiments, to define the character length of the generated key, the LFSR may be given a character length defining parameter at the execution body, the character length defining parameter being used to define the maximum length of the character string of the LFSR output. Accordingly, the receiving end may also give the LFSR an identical character length limiting parameter.
In some embodiments, in response to receiving the first encrypted data and the first verification information, the corresponding receiving end obtains a key version identifier and a key determination parameter in the first verification information, generates a first key to be verified based on the obtained key version identifier and the key determination parameter, and decrypts the first encrypted data using the first key to be verified.
In some embodiments, when the first key to be verified generated by the corresponding receiving end cannot decrypt the first encrypted data, the key version identifier in the first verification information or the first determination parameter may be changed, so that a prompt message may be generated at this time to prompt a worker, and a phenomenon that data is changed occurs in the current transmission process, so that the worker can process the data in time.
In some embodiments, in response to successfully decrypting the first encrypted data by using the first key to be verified, the corresponding receiving end may generate first verification information to be verified based on the to-be-processed data obtained by the decryption, the first key to be verified, and the first key determination parameter, and in response to determining that the first verification information to be verified is different from the first verification information, generate prompt information for indicating that the to-be-processed data obtained by the decryption is error data.
In some embodiments, when the first key to be verified generated by the corresponding receiving end can decrypt the first encrypted data, it may be indicated that the first verification information is not changed, at this time, it may be continuously verified whether the first encrypted data is changed, the corresponding receiving end may generate the first verification information to be verified according to a manner of generating the first verification information, and if the first verification information to be verified is different from the first verification information, it may be indicated that the data to be processed obtained by decryption is different from the data to be processed sent by the execution main body.
In some embodiments, in the generation process of the first verification information, the first key and the first to-be-processed data need to be packaged and subjected to hash processing, and the hash processing is an irreversible processing mode, so that the first key and the first to-be-processed data cannot be directly acquired from the first verification information, and by this mode, the security in the data transmission process can be further improved.
In some embodiments, when the corresponding receiving end needs to send the second to-be-processed data to the execution main body, a second key may be generated, and the second to-be-processed data is encrypted by using the second key to generate second encrypted data. The mode of generating the second key by the receiving end is the same as the mode of generating the first key by the execution main body; accordingly, the receiving end generates the second verification information in the same manner as the executing main body generates the first verification information. Therefore, for the simplicity of the description, the process of sending the second encrypted data and the manner of generating the second verification information at the corresponding receiving end are described herein again.
Here, since agreement is made in advance between the execution main body and the receiving end (for example, it may be agreed to acquire the key determination parameter at a specific certain position in the authentication information), the execution main body may acquire the second key determination parameter from the second authentication information.
In some embodiments, for ease of understanding, the execution of the first encrypted data by the main body and the second encrypted data by the corresponding receiving end may be regarded as performing one interactive process of the main body and the receiving end. In this process, the first to-be-processed data corresponds to the second to-be-processed data, that is, if the first to-be-processed data is the request data, the second to-be-processed data may be the request result. That is, it can be understood that the second to-be-processed data can be used to characterize the execution result of the receiving end on the first to-be-processed data. Of course, the types of the first to-be-processed data and the second to-be-processed data may be determined according to an actual application scenario, and are not limited herein.
For example, when the application scenario is an 'online answer scenario'; in this application scenario, the user may input 'answer to test question' through the execution subject, and the 'answer to test question' at this time may be understood as the first data to be processed. Before the execution main body sends the 'answer to the test question' to the receiving end (a scoring system for on-line answering, and the like), the 'answer to the test question' can be encrypted by using a first key to obtain first encrypted data, the first encrypted data can be sent to the receiving end, after the receiving end receives the first encrypted data, the first encrypted data can be decrypted to obtain the 'answer to the test question' therein, whether the 'answer to the test question' input by the user is accurate can be judged, the 'standard answer' can be searched, the judgment result and the 'standard answer' can be understood as second data to be processed, at the moment, the receiving end can encrypt the second data to be processed (the judgment result and the 'standard answer') by using a second key to obtain second encrypted data, and the second encrypted data can be sent to the execution main body. In the process, the first key and the second key are different, so that the safety of the execution main body in the data interaction process with the receiving end is improved.
In some embodiments, when the execution main body needs to send data to the corresponding receiving end for multiple times, the execution main body corresponds to different time when sending data each time, so that the key used for sending the data to be processed each time can be different. In other words, in the process of performing data interaction between the main body and the receiving end, the keys adopted in each data sending process are different, so that the safety of the interaction process is improved.
For better understanding of the interaction manner between the execution main body and the receiving end, please refer to fig. 3, and fig. 3 is an interaction diagram of the execution main body and the receiving end provided in the present disclosure. As can be seen from fig. 3, when the execution main body needs to send the data to be processed to the receiving end each time, the encrypted data that is encrypted and the verification information used for obtaining the encryption key of this time need to be sent to the receiving end, and the receiving end obtains the key determination parameter according to the verification information, then generates the key based on the key determination parameter, and decrypts the encrypted data by using the generated key to obtain the data to be processed sent by the execution main body, and when the receiving end receives the data to be processed, the data to be processed to be returned to the execution main body is obtained according to the content of the received data, and the data to be processed to be returned to the execution main body is encrypted in the same manner as above, so that the encrypted data and the key generation information are obtained, and the encrypted data and the verification information are sent to the execution main body. That is, when the execution main body and the receiving end do not normally transmit data to each other at the same time, that is, each time data is transmitted, the used encryption keys are different (that is, it can be understood that the first encryption data corresponds to the first key, the second encryption data corresponds to the second key, and the third encryption data corresponds to the third key, but the first key, the second key, and the third key are different), and then the security in the data transmission process is improved.
With further reference to fig. 4, as an implementation of the methods shown in the above-mentioned figures, the present disclosure provides an embodiment of a data transmission apparatus, which corresponds to the data transmission method embodiment shown in fig. 1, and which can be specifically applied to various electronic devices.
As shown in fig. 4, the data transmission device of the present embodiment includes: a determining unit 401, configured to determine, in response to detecting the first to-be-processed data, a first key determination parameter based on a current time; a first generating unit 402, configured to generate a first key based on the first key determination parameter; a second generating unit 403, configured to generate first verification information based on the first key specifying parameter, the first data to be processed, and the first key; an encrypting unit 404, configured to encrypt the first to-be-processed data with the first key to obtain first encrypted data; a sending unit 405, configured to send the first encrypted data and the first verification information to a corresponding receiving end, where the corresponding receiving end obtains the first key based on the first verification information, and decrypts the first encrypted data with the first key to obtain the first to-be-processed data.
In some embodiments, the first generating unit 402 is further specifically configured to obtain a first key offset based on the number of seeds in a preset key pool and the first key determination parameter, where the corresponding receiving end includes the preset key pool; determining a target seed in the preset key pool according to a key version used for generating the first key, wherein the key version corresponds to the seed; and generating a first key based on the first key offset and the target seed.
In some embodiments, the first generating unit 402 is further specifically configured to determine a total number of characters of the first key according to the first key offset; screening the characters in the target seeds by using the first offset to obtain an initial character sequence segment; and selecting characters of the total number of the characters from the initial character sequence segment to generate the first key.
In some embodiments, the second generating unit 403 is further specifically configured to pack the first key and the first data to be processed; performing hash processing on the packaged first to-be-processed data and the first secret key to obtain the initial first verification information; and inserting the first key determination parameter and a key version identifier used for generating the first key at a preset position of the initial first verification information to obtain first verification information, wherein the corresponding receiving end includes a parameter for indicating the preset position, and the key version identifier is used for indicating a key version.
In some embodiments, the corresponding receiving end obtains a key version identifier and a key determination parameter in the first authentication information in response to receiving the first encrypted data and the first authentication information; generating a first key to be verified based on the obtained key version identification and key determination parameters; and decrypting the first encrypted data by using the first key to be verified.
In some embodiments, in response to successfully decrypting the first encrypted data by using the first key to be verified, the corresponding receiving end generates first verification information to be verified based on the data to be processed obtained by decryption, the first key to be verified, and the first key determination parameter; and generating prompt information for indicating that the data to be processed obtained by decryption is error data in response to detecting that the first verification information to be verified is different from the first verification information.
Referring to fig. 5, fig. 5 illustrates an exemplary system architecture to which the data transmission method of one embodiment of the present disclosure may be applied.
As shown in fig. 5, the system architecture may include terminal devices 501, 502, 503, a network 504, and a server 505. The network 504 may be the medium used to provide communication links between the terminal devices 501, 502, 503 and the server 505. Network 504 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
The terminal devices 501, 502, 503 may interact with a server 505 over a network 504 to receive or send messages or the like. The terminal devices 501, 502, 503 may have various client applications installed thereon, such as a web browser application, a search-type application, and a news-information-type application. The client application in the terminal device 501, 502, 503 may receive the instruction of the user, and complete the corresponding function according to the instruction of the user, for example, add the corresponding information in the information according to the instruction of the user.
The terminal devices 501, 502, 503 may be hardware or software. When the terminal devices 501, 502, 503 are hardware, they may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, motion Picture Experts Group Audio Layer 3), MP4 players (Moving Picture Experts Group Audio Layer IV, motion Picture Experts Group Audio Layer 4), laptop portable computers, desktop computers, and the like. When the terminal devices 501, 502, and 503 are software, they can be installed in the electronic devices listed above. It may be implemented as multiple pieces of software or software modules (e.g., software or software modules used to provide distributed services) or as a single piece of software or software module. And is not particularly limited herein.
The server 505 may be a server providing various services, for example, receiving an information acquisition request sent by the terminal device 501, 502, 503, and acquiring the presentation information corresponding to the information acquisition request in various ways according to the information acquisition request. And the relevant data of the presentation information is sent to the terminal equipment 501, 502, 503.
It should be noted that the information processing method provided by the embodiment of the present disclosure may be executed by a terminal device, and accordingly, the data transmission apparatus may be disposed in the terminal device 501, 502, 503. In addition, the information processing method provided by the embodiment of the present disclosure may also be executed by the server 505, and accordingly, an information processing apparatus may be provided in the server 505.
It should be understood that the number of terminal devices, networks, and servers in fig. 5 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to fig. 6, shown is a schematic diagram of an electronic device (e.g., a terminal device or a server of fig. 5) suitable for use in implementing embodiments of the present disclosure. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, or the like; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 illustrates an electronic device having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may be separate and not incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to detecting the first data to be processed, determining a first key determination parameter based on the current time; generating a first key based on the first key determination parameter; generating first verification information based on the first key determination parameter, the first to-be-processed data and the first key; encrypting the first to-be-processed data by using the first key to obtain first encrypted data; and sending the first encrypted data and the first verification information to a corresponding receiving end, wherein the corresponding receiving end obtains the first key based on the first verification information, and decrypts the first encrypted data by using the first key to obtain the first to-be-processed data.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, smalltalk, C + +, including conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a definition of the unit itself, for example, the determination unit 401 may also be described as a "unit that determines the first key determination parameter".
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems on a chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (9)
1. A method of data transmission, comprising:
in response to detecting the first data to be processed, determining a first key determination parameter based on the current time;
generating a first key based on the first key determination parameter;
generating first verification information based on the first key determination parameter, the first to-be-processed data and the first key;
encrypting the first data to be processed by using the first secret key to obtain first encrypted data;
sending the first encrypted data and the first verification information to a corresponding receiving end, wherein the corresponding receiving end obtains the first secret key based on the first verification information, and decrypts the first encrypted data by using the first secret key to obtain the first to-be-processed data;
generating, based on the first key determination parameter, the first to-be-processed data, and the first key, first verification information, including:
packing the first key and the first data to be processed;
performing hash processing on the first to-be-processed data and the first secret key after packaging to obtain initial first verification information;
inserting the first key determination parameter and a key version identifier used for generating the first key at a preset position of the initial first verification information to obtain the first verification information, wherein the corresponding receiving end comprises a parameter for indicating the preset position, and the key version identifier is used for indicating a key version.
2. The method of claim 1, wherein generating a first key based on the first key determination parameter comprises:
obtaining a first key offset based on the number of seeds in a preset key pool and the first key determination parameter, wherein the corresponding receiving end comprises the preset key pool;
determining a target seed in the preset key pool according to a key version used for generating the first key, wherein the key version corresponds to the seed;
generating the first key based on the first key offset and the target seed.
3. The method of claim 2, wherein generating the first key based on the first key offset and the target seed comprises:
determining the total amount of characters of the first key according to the first key offset;
screening characters in the target seeds by using the first key offset to obtain an initial character sequence segment;
and selecting characters of the total number of the characters from the initial character sequence segment to generate the first key.
4. The method according to claim 1, wherein the corresponding receiving end obtains a key version identification and a key determination parameter in the first authentication information in response to receiving the first encrypted data and the first authentication information;
generating a first key to be verified based on the obtained key version identification and key determination parameters;
and decrypting the first encrypted data by using the first key to be verified.
5. The method according to claim 4, wherein the corresponding receiving end, in response to successfully decrypting the first encrypted data with the first key to be verified, generates first verification information to be verified based on the data to be processed obtained by decryption, the first key to be verified, and the first key determination parameter;
and generating prompt information for indicating that the data to be processed obtained by decryption is error data in response to detecting that the first verification information to be verified is different from the first verification information.
6. A data transmission apparatus, comprising:
a determination unit configured to determine a first key determination parameter based on a current time in response to detection of the first to-be-processed data;
a first generating unit configured to generate a first key based on the first key determination parameter;
a second generating unit configured to generate first verification information based on the first key determination parameter, the first to-be-processed data, and the first key;
the encryption unit is used for encrypting the first data to be processed by using the first key to obtain first encrypted data;
a sending unit, configured to send the first encrypted data and the first verification information to a corresponding receiving end, where the corresponding receiving end obtains the first key based on the first verification information, and decrypts the first encrypted data with the first key to obtain the first to-be-processed data;
the second generating unit is specifically configured to pack the first key and the first data to be processed; performing hash processing on the first to-be-processed data and the first secret key after packaging to obtain initial first verification information; inserting the first key determination parameter and a key version identifier used for generating the first key at a preset position of the initial first verification information to obtain the first verification information, wherein the corresponding receiving end comprises a parameter for indicating the preset position, and the key version identifier is used for indicating a key version.
7. The apparatus according to claim 6, wherein the first generating unit is further configured to obtain a first key offset based on the number of seeds in a preset key pool and the first key determination parameter, where the corresponding receiving end includes the preset key pool;
determining a target seed in the preset key pool according to a key version used for generating the first key, wherein the key version corresponds to the seed;
generating the first key based on the first key offset and the target seed.
8. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
9. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011282442.1A CN112468470B (en) | 2020-11-16 | 2020-11-16 | Data transmission method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011282442.1A CN112468470B (en) | 2020-11-16 | 2020-11-16 | Data transmission method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112468470A CN112468470A (en) | 2021-03-09 |
| CN112468470B true CN112468470B (en) | 2022-10-11 |
Family
ID=74837941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011282442.1A Active CN112468470B (en) | 2020-11-16 | 2020-11-16 | Data transmission method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468470B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108964893A (en) * | 2018-06-26 | 2018-12-07 | 百度在线网络技术(北京)有限公司 | A kind of cipher key processing method, device, equipment and medium |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1627682A (en) * | 2003-12-12 | 2005-06-15 | 华为技术有限公司 | Method for creating dynamic cipher at time of building connection in network transmission |
| CN102904713A (en) * | 2011-07-25 | 2013-01-30 | 深圳市金溢科技有限公司 | Key exchange method for secret key encryption communication system |
| CN103067160B (en) * | 2013-01-14 | 2018-05-15 | 江苏智联天地科技有限公司 | A kind of method and system for the dynamic key production for encrypting SD card |
| CN105763331A (en) * | 2014-12-19 | 2016-07-13 | 北大方正集团有限公司 | Data encryption method, device, data decryption method and device |
| CN108259407B (en) * | 2016-12-28 | 2020-09-11 | 航天信息股份有限公司 | Symmetric encryption method and system based on timestamp |
| CN106972926B (en) * | 2017-03-29 | 2019-12-10 | 北京经纬恒润科技有限公司 | encryption and decryption method, device and system for wireless automobile key |
| CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
| CN109617696B (en) * | 2019-01-03 | 2022-08-19 | 北京城市网邻信息技术有限公司 | Data encryption and data decryption method and device |
| CN109889344B (en) * | 2019-01-31 | 2020-06-16 | 深圳中兴飞贷金融科技有限公司 | Terminal, data transmission method, and computer-readable storage medium |
-
2020
- 2020-11-16 CN CN202011282442.1A patent/CN112468470B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108964893A (en) * | 2018-06-26 | 2018-12-07 | 百度在线网络技术(北京)有限公司 | A kind of cipher key processing method, device, equipment and medium |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112468470A (en) | 2021-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110516462B (en) | Method and apparatus for encrypting data | |
| CN111258602B (en) | Information updating method and device | |
| CN111199037B (en) | Login method, system and device | |
| CN110377440B (en) | Information processing method and device | |
| CN111030827A (en) | Information interaction method and device, electronic equipment and storage medium | |
| CN113742709A (en) | Information processing method and device, readable medium and electronic equipment | |
| CN110705985B (en) | Method and apparatus for storing information | |
| CN112329044A (en) | Information acquisition method and device, electronic equipment and computer readable medium | |
| CN113259353A (en) | Information processing method and device and electronic equipment | |
| CN111767550A (en) | Data storage method and device | |
| CN112468470B (en) | Data transmission method and device and electronic equipment | |
| CN114499893B (en) | Bidding file encryption and evidence storage method and system based on block chain | |
| CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium | |
| CN115296807A (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN110492998B (en) | Method for encrypting and decrypting data | |
| CN114780124A (en) | Differential upgrading method, device, medium and electronic equipment | |
| CN114491421A (en) | File encryption method, file processing method, file encryption device, file processing device, readable medium and electronic equipment | |
| CN113032345A (en) | File processing method, device, terminal and non-transitory storage medium | |
| CN113961931A (en) | Adb tool using method and device and electronic equipment | |
| CN115378743B (en) | Information encryption transmission method, device, equipment and medium | |
| CN111752625A (en) | Method and device for interface mock | |
| CN113742774B (en) | Data processing method and device, readable medium and electronic equipment | |
| CN111786955A (en) | Method and apparatus for protecting a model | |
| CN111835846B (en) | Information updating method and device and electronic equipment | |
| CN112149168B (en) | File data encryption method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |