CN112636916A - Data processing method, data processing device, storage medium and electronic equipment - Google Patents
Data processing method, data processing device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN112636916A CN112636916A CN202011381249.3A CN202011381249A CN112636916A CN 112636916 A CN112636916 A CN 112636916A CN 202011381249 A CN202011381249 A CN 202011381249A CN 112636916 A CN112636916 A CN 112636916A
- Authority
- CN
- China
- Prior art keywords
- data
- sending
- equipment
- encrypted data
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/0647—Migration mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The application discloses a data processing method, a data processing device, a storage medium and electronic equipment, wherein the data processing method comprises the steps of sending a data migration instruction to first equipment so that the first equipment encrypts data to be migrated to obtain encrypted data and a digital signature; receiving encrypted data and a digital signature sent by the first equipment; and sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated into the second equipment under the condition that the encrypted data is determined to be legal. The migration process is the point-to-point migration of the old device to the new device, only the instruction transmission device is used for transmission, and no process needing storage exists in the middle, so that the storage device is not needed. The data migration can be completed without a third-party storage device, the migration process is relatively flexible, the hardware requirement is low, the data is transmitted under the protection of an encryption algorithm, and the information leakage risk possibly caused by third-party attack is avoided.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data processing method and apparatus, a storage medium, and an electronic device.
Background
With the development of technology and the continuous progress of technology, the electronic equipment is updated more and more quickly, but most of data in old equipment still needs to be stored and used continuously.
At present, the existing data processing scheme generally migrates data in old equipment and stores the data in a remote server, and new equipment needs to obtain the data from the remote server and migrate the data in the process, so that high requirements are placed on the storage capacity, safety and other performances of the remote server, and if the storage capacity is limited, the problem of blocking is caused when large-scale migration is completed. If the security is low, the information leakage problem is caused.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data processing method, an apparatus, a storage medium, and an electronic device, so as to at least solve the problems of slow data processing and information leakage in the prior art.
The technical scheme of the application is as follows:
according to a first aspect of embodiments of the present application, there is provided a data processing method, which may include: sending a data migration instruction to the first equipment to enable the first equipment to encrypt data to be migrated so as to obtain encrypted data and a digital signature; receiving encrypted data and a digital signature sent by the first equipment; and sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated into the second equipment under the condition that the encrypted data is determined to be legal.
Further, before sending the data migration instruction to the first device, the method further comprises: generating a symmetric key according to an issuance rule of the first device; the symmetric key is sent to the first device.
Further, sending a data migration instruction to the first device, so that the first device encrypts the data to be migrated to obtain encrypted data and a digital signature, including: and sending a data migration instruction to the first equipment so that the first equipment generates encrypted data according to the symmetric key and generates a check value according to the MAC address.
Further, after sending the encrypted data and the digital signature to the second device, the method further comprises: receiving first confirmation information, wherein the first confirmation information is sent when the second equipment receives the encrypted data and verifies that the encrypted data is complete according to the digital signature; and performing failure processing on the first equipment based on the first confirmation information.
Further, before sending the data migration instruction to the first device, the method further comprises: sending a first key sending instruction to the first device so that the first device sends a first public key in the first asymmetric key pair; receiving the first public key and sending the first public key to the second equipment; sending a key sending instruction to the second equipment to enable the second equipment to send a second public key in the second asymmetric key pair; receiving a second public key and sending the second public key to the first equipment; wherein the first asymmetric key pair is generated according to a first device issuance rule and the second asymmetric key pair is generated according to a second device issuance rule.
Further, sending a data migration instruction to the first device, so that the first device encrypts the data to be migrated to obtain encrypted data and a digital signature, including: and sending a data migration instruction to the first equipment so that the first equipment encrypts the data to be migrated by using the second public key to obtain encrypted data, and generating a digital signature according to at least the encrypted data.
Here, the digital signature is generated from at least the encrypted data, but may be generated from other information such as encrypted data and device information.
Further, sending the encrypted data and the digital signature to the second device, so that the second device verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated in the second device when the encrypted data is determined to be valid, the method includes: sending the encrypted data and the digital signature to a second device, so that the second device verifies the digital signature by using a first public key, and the validity of the encrypted data is verified; and enabling the second device to decrypt the encrypted data by using the second private key to obtain decrypted data, and enabling the second device to write the decrypted data.
Further, after sending the encrypted data and the digital signature to the second device, the method further comprises: receiving second receiving confirmation information, wherein the second confirmation information is sent when the second equipment writes the decrypted data and verifies that the decrypted data is complete; and performing failure processing on the first equipment based on the second confirmation information.
According to a second aspect of embodiments of the present application, there is provided a payment data processing apparatus, which may include: the sending module is used for sending a data migration instruction to the first equipment so that the first equipment encrypts the data to be migrated to obtain encrypted data and a digital signature; the receiving module is used for receiving the encrypted data and the digital signature sent by the first equipment; and the sending module is also used for sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the integrity of the encrypted data according to the digital signature and writes the data to be migrated.
According to a third aspect of embodiments of the present application, there is provided a server, which may include: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the instructions to implement the data processing method as shown in any embodiment of the first aspect.
According to a fourth aspect of embodiments of the present application, there is provided an electronic apparatus, which may include: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the instructions to implement the data processing method as shown in any embodiment of the first aspect.
According to a fourth aspect of embodiments of the present application, there is provided a storage medium, in which instructions are executed by a processor of an information processing apparatus or a server to cause the information processing apparatus or the server to implement the data processing method as shown in any one of the embodiments of the first aspect.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
the embodiment of the application receives encrypted data and a digital signature sent by the first equipment; and sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the integrity of the encrypted data according to the digital signature, and writing the data to be migrated into the second equipment under the condition of determining the integrity of the encrypted data. The migration process is the point-to-point migration of the old device to the new device, only the instruction transmission device is used for transmission, and no process needing storage exists in the middle, so that the storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the application and are not to be construed as limiting the application.
FIG. 1 is a flow diagram illustrating a method of data processing in accordance with an exemplary embodiment;
FIG. 2 is a block diagram of a data processing apparatus according to an exemplary embodiment;
FIG. 3 is a schematic diagram of an electronic device shown in accordance with an exemplary embodiment;
fig. 4 is a schematic diagram illustrating a hardware structure of an electronic device according to an exemplary embodiment.
Detailed Description
In order to make the technical solutions of the present application better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
As shown in fig. 1, in a first aspect of the embodiments of the present application, there is provided a data processing method, which may include:
step 100: sending a data migration instruction to the first equipment to enable the first equipment to encrypt data to be migrated so as to obtain encrypted data and a digital signature;
step 200: receiving encrypted data and a digital signature sent by the first equipment;
step 300: and sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated into the second equipment under the condition that the encrypted data is determined to be legal.
In the above embodiment, the first device and the second device may be: smart cards, wearable devices, cell phones and all other payment devices containing SE chips. The digital signature is used to ensure the integrity of the transmitted and received data. The calculation method of the digital signature can be based on a symmetric cryptographic algorithm or an asymmetric cryptographic algorithm.
In the above embodiment of the present application, since the migration process in the method is point-to-point migration of the old device to the new device, transmission is performed only by using the instruction transmission device, and there is no process needing storage in the middle, a storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
In an embodiment of the present application, before sending the data migration instruction to the first device, the method further includes:
generating a symmetric key according to an issuance rule of the first device;
the symmetric key is sent to the first device.
In this embodiment, the symmetric key generated according to a certain rule of the first device may be sent to the first device and the second device through a specified key exchange protocol.
In an embodiment of the present application, sending a data migration instruction to a first device to enable the first device to encrypt data to be migrated, so as to obtain encrypted data and a digital signature, includes:
and sending a data migration instruction to the first device so that the first device generates encrypted data according to the symmetric key and generates a digital signature according to the MAC address.
In an embodiment of the application, after sending the encrypted data and the digital signature to the second device, the method further comprises:
receiving first confirmation information, wherein the first confirmation information is sent when the second equipment receives the encrypted data and verifies that the encrypted data is complete according to the digital signature;
and performing failure processing on the first equipment based on the first confirmation information.
In an embodiment of the present application, before sending the data migration instruction to the first device, the method further includes: sending a first key sending instruction to the first device so that the first device sends a first public key in the first asymmetric key pair; receiving the first public key and sending the first public key to the second equipment; sending a key sending instruction to the second equipment to enable the second equipment to send a second public key in the second asymmetric key pair; receiving a second public key and sending the second public key to the first equipment; wherein the first asymmetric key pair is generated according to a first device issuance rule and the second asymmetric key pair is generated according to a second device issuance rule.
In an embodiment of the present application, sending a data migration instruction to a first device to enable the first device to encrypt data to be migrated, so as to obtain encrypted data and a digital signature, includes: and sending a data migration instruction to the first equipment so that the first equipment encrypts the data to be migrated by using the second public key to obtain encrypted data, and generating a digital signature according to at least the encrypted data.
Here, the digital signature is generated from at least the encrypted data, but may be generated from other information such as encrypted data and device information.
In an embodiment of the present application, sending the encrypted data and the digital signature to the second device, so that the second device verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated in the second device if it is determined that the encrypted data is valid, includes: sending the encrypted data and the digital signature to a second device, so that the second device verifies the digital signature by using a first public key, and the validity of the encrypted data is verified; and based on the legality of the encrypted data, the second equipment decrypts the encrypted data by using the second private key to obtain decrypted data, and writes the decrypted data into the second equipment. Wherein, the legality comprises: data authenticity, data validity, and no data tampering.
In an embodiment of the application, after sending the encrypted data and the digital signature to the second device, the method further comprises: receiving second receiving confirmation information, wherein the second confirmation information is sent when the second equipment writes the decrypted data and verifies that the decrypted data is complete; and performing failure processing on the first equipment based on the second confirmation information.
The key transmission method in the above embodiment includes: preset, contact, NFC, bluetooth transmission, etc.
In one embodiment of the present invention, data is transferred from one smart card to another smart card:
s1: and managing the data management key migrated at this time according to the card issuing rule, and sending the data management key to the card to be replaced and the new card.
A symmetric key or an asymmetric key mechanism may be used, and if the symmetric key mechanism is used, the key needs to be managed and sent to both parties. If the device is an asymmetric key mechanism, the device to be replaced and the new device need to generate an asymmetric key pair respectively, the public key is transmitted to the other side, and the private keys are reserved respectively. The private key of the device to be replaced is used for signing to ensure the legality of the migrated data. The private key of the new device is used to decrypt the data to ensure the security of the data transmission. Asymmetric keys can be directly transmitted to each other without passing through a key manager. But the entire migration operation requires authorization. The specific method is as exemplified below.
Example one: the preset mode is as follows: symmetric key
A. And writing a key (migration key for short) for data migration into the equipment when the card is sent. The key setting is a common flow in the device production, the payment devices all need keys with various purposes to ensure the safety of the payment devices, and the migration key can be introduced to be used as a new purpose key.
B. And after the data migration is initiated, acquiring the migration key of the replaced equipment, and writing the migration key into the new equipment. The migration key of the replaced device can be directly obtained (the key transmission is encrypted all the way) or the migration key can be indirectly obtained according to key information (for example, the migration key is obtained according to protocol dispersion).
Example two: and (3) a dynamic generation mode: asymmetric key
According to the above expression, the new card and the card to be replaced have asymmetric key pairs generated according to the issuing rules of the respective cards; referred to as the second key pair and the first key pair.
a. And after the data migration is initiated, sending an instruction to the new card to obtain a second public key of a second migration key pair provided by the new card.
b. The second public key provided by the new card is sent to the replaced card. And the subsequent data transmission is encrypted and transmitted by the asymmetric migration key public key.
c. And sending an instruction to the card to be replaced to obtain a first migration key public key provided by the card to be replaced.
d. And sending the first migration key public key provided by the card to be replaced to the new card. In the subsequent data transmission process, the new card verifies the validity of the data by using the public key.
S2: and sending a lead-out instruction to the card to be replaced.
S3: after the replacement card receives the sending instruction, the data to be transmitted is encrypted by using the secret key to obtain encrypted data and a digital signature, and the data and the digital signature obtained by encryption are returned to ensure the integrity of the data to be transmitted and received.
For a symmetric key: and encrypting by using the migration key of the replaced card, and obtaining a check value through MAC.
For asymmetric keys: and encrypting the data by using the received second public key to obtain encrypted data, and simultaneously signing by using the first private key based on an asymmetric key algorithm to obtain a digital signature.
S4: and sending the received data and the digital signature to a new card through an import instruction.
S5: the new card verifies the digital signature by using the first public key, decrypts the encrypted data by using the second private key after verifying that the data is complete, and writes the received data into the new card.
S6: and after the new card writes all data and verifies the integrity of the data, returning confirmation information to the instruction sender, and returning the confirmation information by the instruction sender.
S7: and after receiving the confirmation information of the new card, performing invalidation treatment on the payment card to be replaced. The payment card replacement was successful.
Alternatively, the digital signature may use a cryptographic algorithm or an RSA algorithm.
Only one of which is exemplified below: and sending a data migration instruction to the old card so that the old card encrypts the data to be migrated by using the second public key to obtain encrypted data, generating a first abstract according to the encrypted data, and encrypting the first abstract by using a first private key in the first asymmetric key pair to obtain a digital signature.
Sending the encrypted data and the digital signature to the new card so that the new card verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated in the new card under the condition that the encrypted data is determined to be legal, wherein the method comprises the following steps:
sending the encrypted data and the digital signature to the new card so that the new card decrypts the digital signature by using the first public key to obtain a first abstract; the new card generates a second abstract according to the encrypted data, and the first abstract and the second abstract are compared to verify the validity of the encrypted data;
optionally, the relationship between the key manager and the instruction transmitter may be the following two types:
1. the two are combined into one. In this case, three parties can complete the entire data migration.
2. The key manager authorizes the transmitter to perform data migration. This situation requires the instruction transmitter to transmit the instruction between the key manager and the old and new cards.
Optionally, for power supply of the card in the data transmission process:
in a conventional smart card, a card reader is used as a card power supply to complete data transmission.
An active smart card, the card itself has power supply capabilities.
The key manager may be understood as the issuer of the card and the data migration must be performed under the authority of the issuer. The specific sending process of the instruction may be any device having a specified protocol sending function, for example, a mobile phone with a specified app installed.
Based on the same inventive concept, an embodiment of the present application further provides a data processing apparatus, which may include, as shown in fig. 2:
the sending module is used for sending a data migration instruction to the first equipment so that the first equipment encrypts the data to be migrated to obtain encrypted data and a digital signature;
the receiving module is used for receiving the encrypted data and the digital signature sent by the first equipment;
and the sending module is also used for sending the encrypted data and the digital signature to the second equipment so that the second equipment verifies the integrity of the encrypted data according to the digital signature and writes the data to be migrated.
In the above embodiment of the present application, since the migration process implemented by the apparatus is point-to-point migration of the old device to the new device, the new device is only transmitted by using the instruction transmission device, and there is no process needing to be stored in the middle, so that a storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
In a third aspect of embodiments of the present application, a server is provided, which may include:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the data processing method as shown in any embodiment of the first aspect.
In the foregoing embodiment of the present application, since the migration process implemented by the server is point-to-point migration of the old device to the new device, the new device is only transmitted by using the instruction transmission device, and there is no process needing to be stored in the middle, so that a storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
Optionally, as shown in fig. 3, an electronic device 300 is further provided in this embodiment of the present application, and includes a processor 301, a memory 302, and a program or an instruction stored in the memory 302 and capable of running on the processor 301, where the program or the instruction is executed by the processor 301 to implement each process of the data processing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
It should be noted that the electronic device in the embodiment of the present application includes the mobile electronic device and the non-mobile electronic device described above.
In the embodiment of the present application, since the migration process implemented by the electronic device is point-to-point migration of an old device to a new device, transmission is performed only by using an instruction transmission device, and no process requiring storage is provided in the middle, a storage device is not required. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
Fig. 4 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present application.
The electronic device 100 includes, but is not limited to: a radio frequency unit 101, a network module 102, an audio output unit 103, an input unit 104, a sensor 105, a display unit 106, a user input unit 107, an interface unit 108, a memory 109, and a processor 110.
Those skilled in the art will appreciate that the electronic device 100 may further comprise a power source (e.g., a battery) for supplying power to various components, and the power source may be logically connected to the processor 110 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The electronic device structure shown in fig. 4 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is omitted here.
It should be understood that in the embodiment of the present application, the input Unit 404 may include a Graphics Processing Unit (GPU) 4041 and a microphone 4042, and the Graphics processor 4041 processes image data of a still picture or a video obtained by an image capturing device (such as a camera) in a video capturing mode or an image capturing mode. The display unit 406 may include a display panel 4061, and the display panel 4061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 407 includes a touch panel 4071 and other input devices 4072. A touch panel 4071, also referred to as a touch screen. The touch panel 4071 may include two parts, a touch detection device and a touch controller. Other input devices 4072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein. The memory 409 may be used to store software programs as well as various data including, but not limited to, application programs and an operating system. The processor 410 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 410.
In the embodiment of the present application, since the migration process implemented by the electronic device is point-to-point migration of an old device to a new device, transmission is performed only by using an instruction transmission device, and no process requiring storage is provided in the middle, a storage device is not required. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the data processing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.
In the foregoing embodiment of the present application, since the migration process implemented by the storage medium is point-to-point migration of an old device to a new device, transmission is performed only by using an instruction transmission device, and there is no process needing storage in the middle, a storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to execute a program or an instruction to implement each process of the data processing method embodiment, and can achieve the same technical effect, and the details are not repeated here to avoid repetition.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as system-on-chip, system-on-chip or system-on-chip, etc.
In the above embodiment of the present application, since the migration process implemented by the chip is point-to-point migration of the old device to the new device, only the instruction transmission device is used for transmission, and there is no process needing to be stored in the middle, a storage device is not needed. The data migration can be completed without a third-party storage device. The migration process is relatively flexible, and the requirement on hardware is low. Data is transmitted under the protection of an encryption algorithm, so that risks such as information leakage and the like possibly caused by third-party attack are avoided. The data security is ensured, and the plaintext transmission is avoided in the whole process.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the invention is not limited to the precise embodiments described above, which are meant to be illustrative and not restrictive, and that various changes may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (11)
1. A data processing method, comprising:
sending a data migration instruction to first equipment to enable the first equipment to encrypt data to be migrated to obtain encrypted data and a digital signature;
receiving the encrypted data and the digital signature sent by the first device;
and sending the encrypted data and the digital signature to second equipment so that the second equipment verifies the validity of the encrypted data according to the digital signature, and writing the data to be migrated under the condition of determining that the encrypted data is legal.
2. The method of claim 1, wherein prior to the step of sending the data migration instruction to the first device, the method further comprises:
generating a symmetric key according to an issuance rule of the first device;
the symmetric key is sent to the first device.
3. The method according to claim 2, wherein the sending a data migration instruction to the first device to enable the first device to encrypt the data to be migrated to obtain encrypted data and a check value includes:
and sending a data migration instruction to the first equipment to enable the first equipment to generate encrypted data according to the symmetric key and enable the first equipment to generate a check value according to the MAC address.
4. The method of claim 3, wherein after said sending said encrypted data and said check value to said second device, said method further comprises:
receiving first confirmation information, wherein the first confirmation information is sent when the second equipment receives the encrypted data and verifies that the encrypted data is complete according to the check value;
and performing failure processing on the first equipment based on the first confirmation information.
5. The method of claim 1, wherein prior to said sending the data migration instruction to the first device, the method further comprises:
sending a first key sending instruction to the first device so that the first device sends a first public key in a first asymmetric key pair;
receiving the first public key and sending the first public key to the second device;
sending a key sending instruction to the second equipment to enable the second equipment to send a second public key in a second asymmetric key pair;
receiving the second public key and sending the second public key to the first device; wherein the first asymmetric key pair is generated according to the first device issuance rule and the second asymmetric key pair is generated according to the second device issuance rule.
6. The method of claim 5, wherein sending a data migration instruction to the first device to enable the first device to encrypt the data to be migrated to obtain encrypted data and a digital signature comprises:
and sending a data migration instruction to the first device so that the first device encrypts the data to be migrated by using the second public key to obtain encrypted data, and generating a digital signature according to at least the encrypted data.
7. The method according to claim 6, wherein the sending the encrypted data and the digital signature to a second device, so that the second device verifies the validity of the encrypted data according to the digital signature, and writes the data to be migrated if the encrypted data is determined to be valid, comprises:
sending the encrypted data and the digital signature to a second device, so that the second device verifies the digital signature by using a first public key, and the validity of the encrypted data is verified;
and based on the legality of the encrypted data, the second equipment decrypts the encrypted data by using a second private key to obtain decrypted data, and writes the decrypted data into the second equipment.
8. The method of any of claims 1-7, wherein after sending the encrypted data and the digital signature to the second device, the method further comprises:
receiving second receiving confirmation information, wherein the second confirmation information is sent when the second equipment writes in decrypted data and verifies that the decrypted data is complete;
and performing failure processing on the first equipment based on the second confirmation information.
9. A data processing apparatus, comprising:
the device comprises a sending module, a receiving module and a processing module, wherein the sending module is used for sending a data migration instruction to first equipment so as to enable the first equipment to encrypt data to be migrated and obtain encrypted data and a digital signature;
a receiving module, configured to receive the encrypted data and the digital signature sent by the first device;
the sending module is further configured to send the encrypted data and the digital signature to a second device, so that the second device verifies integrity of the encrypted data according to the digital signature, and writes the data to be migrated.
10. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the data processing method of any one of claims 1-8.
11. A storage medium characterized in that instructions in the storage medium, when executed by a processor of an information processing apparatus or a server, cause the information processing apparatus or the server to realize the data processing method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011381249.3A CN112636916A (en) | 2020-11-30 | 2020-11-30 | Data processing method, data processing device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011381249.3A CN112636916A (en) | 2020-11-30 | 2020-11-30 | Data processing method, data processing device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112636916A true CN112636916A (en) | 2021-04-09 |
Family
ID=75307080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011381249.3A Pending CN112636916A (en) | 2020-11-30 | 2020-11-30 | Data processing method, data processing device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112636916A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114401278A (en) * | 2021-12-27 | 2022-04-26 | 深圳软牛科技有限公司 | Cross-platform transmission method, system, equipment and storage medium of Line App data |
| CN114584378A (en) * | 2022-03-04 | 2022-06-03 | 中国建设银行股份有限公司 | Data processing method, device, electronic equipment and medium |
| CN115033899A (en) * | 2021-11-26 | 2022-09-09 | 荣耀终端有限公司 | Application data migration method, terminal device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2642421A1 (en) * | 2012-03-20 | 2013-09-25 | TechSAT GmbH | Data loading device |
| WO2017157859A1 (en) * | 2016-03-15 | 2017-09-21 | Dp Security Consulting Sas | Duplication process of operational data contained in a source secure element into one or more recipient secure elements allowing, at most, one secure element to be operational at a given time |
| CN107294726A (en) * | 2016-04-12 | 2017-10-24 | 阿里巴巴集团控股有限公司 | The export importing of virtual encryption equipment data and processing method, device and system |
| CN108055236A (en) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | A kind of data processing method, mobile unit and electronic equipment |
| CN108076011A (en) * | 2016-11-10 | 2018-05-25 | 中国移动通信有限公司研究院 | A kind of credible performing environment data migration method and device |
| CN109698834A (en) * | 2019-01-11 | 2019-04-30 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and system |
| CN110622138A (en) * | 2017-02-23 | 2019-12-27 | 华为技术有限公司 | Data migration method and device |
-
2020
- 2020-11-30 CN CN202011381249.3A patent/CN112636916A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2642421A1 (en) * | 2012-03-20 | 2013-09-25 | TechSAT GmbH | Data loading device |
| WO2017157859A1 (en) * | 2016-03-15 | 2017-09-21 | Dp Security Consulting Sas | Duplication process of operational data contained in a source secure element into one or more recipient secure elements allowing, at most, one secure element to be operational at a given time |
| CN107294726A (en) * | 2016-04-12 | 2017-10-24 | 阿里巴巴集团控股有限公司 | The export importing of virtual encryption equipment data and processing method, device and system |
| CN108076011A (en) * | 2016-11-10 | 2018-05-25 | 中国移动通信有限公司研究院 | A kind of credible performing environment data migration method and device |
| CN110622138A (en) * | 2017-02-23 | 2019-12-27 | 华为技术有限公司 | Data migration method and device |
| CN108055236A (en) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | A kind of data processing method, mobile unit and electronic equipment |
| CN109698834A (en) * | 2019-01-11 | 2019-04-30 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115033899A (en) * | 2021-11-26 | 2022-09-09 | 荣耀终端有限公司 | Application data migration method, terminal device and storage medium |
| CN114401278A (en) * | 2021-12-27 | 2022-04-26 | 深圳软牛科技有限公司 | Cross-platform transmission method, system, equipment and storage medium of Line App data |
| CN114401278B (en) * | 2021-12-27 | 2023-11-17 | 深圳软牛科技有限公司 | Cross-platform transmission method, system, equipment and storage medium for Line App data |
| CN114584378A (en) * | 2022-03-04 | 2022-06-03 | 中国建设银行股份有限公司 | Data processing method, device, electronic equipment and medium |
| CN114584378B (en) * | 2022-03-04 | 2024-04-02 | 中国建设银行股份有限公司 | Data processing method, device, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10380361B2 (en) | Secure transaction method from a non-secure terminal | |
| US10601795B2 (en) | Service processing method and electronic device | |
| CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
| KR101712784B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| EP3883216A1 (en) | Managing credentials of multiple users on an electronic device | |
| KR101418799B1 (en) | System for providing mobile OTP service | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN108924147B (en) | Communication terminal digital certificate issuing method, server and communication terminal | |
| US20150213433A1 (en) | Secure provisioning of credentials on an electronic device using elliptic curve cryptography | |
| CN112636916A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN105027107A (en) | Secure virtual machine migration | |
| CN103873440A (en) | Application program upgrading method and system | |
| CN103996117A (en) | Safety mobile phone | |
| CN103220148A (en) | Method and system for electronic signature token to respond operation request, and electronic signature token | |
| CN110445840B (en) | File storage and reading method based on block chain technology | |
| CN113242134B (en) | Digital certificate signing method, device, system and storage medium | |
| CN100550030C (en) | On portable terminal host, add the method for credible platform | |
| KR20120051344A (en) | Portable integrated security memory device and service processing apparatus and method using the same | |
| CN109815747A (en) | Offline auditing method, electronic device and readable storage medium storing program for executing based on block chain | |
| CN114070614A (en) | Identity authentication method, device, equipment, storage medium and computer program product | |
| CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
| CN202978979U (en) | Password security keypad device and password security pad system | |
| CN112861156B (en) | Secure communication method and device for display data, electronic equipment and storage medium | |
| CN109543367B (en) | Quantum encryption-based software authorization method and device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |