CN112769783A - Data transmission method, cloud server, receiving end and sending end - Google Patents

Data transmission method, cloud server, receiving end and sending end Download PDF

Info

Publication number
CN112769783A
CN112769783A CN202011602792.1A CN202011602792A CN112769783A CN 112769783 A CN112769783 A CN 112769783A CN 202011602792 A CN202011602792 A CN 202011602792A CN 112769783 A CN112769783 A CN 112769783A
Authority
CN
China
Prior art keywords
request
sending
receiving end
receiving
encryption code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011602792.1A
Other languages
Chinese (zh)
Other versions
CN112769783B (en
Inventor
朱英龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Wanxiang Electronics Technology Co Ltd
Original Assignee
Xian Wanxiang Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Wanxiang Electronics Technology Co Ltd filed Critical Xian Wanxiang Electronics Technology Co Ltd
Priority to CN202011602792.1A priority Critical patent/CN112769783B/en
Publication of CN112769783A publication Critical patent/CN112769783A/en
Application granted granted Critical
Publication of CN112769783B publication Critical patent/CN112769783B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data transmission method, a cloud server, a receiving end and a sending end. Wherein, the method comprises the following steps: acquiring a first request of data transmission sent by a receiving terminal, wherein the first request comprises a service request, a second encryption code of the receiving terminal and a first encryption code of the sending terminal, the first encryption code comprises first identity information and first key information, and the second encryption code comprises second identity information and second key information; determining whether the receiving end and the sending end have a binding relation or not according to the first identity information and the second identity information; and under the condition that the receiving end and the sending end have a binding relationship, sending a second request to the sending end, wherein the second request comprises a service request and a first encryption code, and the second request is used for encrypting the transmitted service data by the sending end through a key corresponding to the first key information of the second request. The invention solves the technical problem that the data transmission safety is poor due to the fact that the data transmission method in the related technology is easy to intercept.

Description

Data transmission method, cloud server, receiving end and sending end
Technical Field
The invention relates to the field of data transmission, in particular to a data transmission method, a cloud server, a receiving end and a sending end.
Background
In the prior art, some schemes for encrypting and transmitting data exist, and most of the schemes adopt a specific encryption algorithm to encrypt the data and transmit the encrypted data and a secret key to a receiving end; for the receiving end, the data can be decrypted according to the received key. However, this method cannot completely ensure data security because the data transmitted on the network is very easy to be illegally intercepted, and the intercepted data also contains the secret key, so that other people can decrypt the acquired data after illegally acquiring the transmitted data, thereby acquiring the confidential data.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a cloud server, a receiving end and a sending end, and at least solves the technical problem that the data transmission safety is poor due to the fact that the data transmission method in the related technology is easy to intercept.
According to an aspect of an embodiment of the present invention, there is provided a data transmission method, including: acquiring a first request of data transmission sent by a receiving end, wherein the first request comprises a service request, a second encryption code of the receiving end and a first encryption code of a sending end acquired by the receiving end, the first encryption code comprises first identity information and first key information of the sending end, and the second encryption code comprises second identity information and second key information of the receiving end; determining whether the receiving end and the transmitting end have a binding relationship or not according to the first identity information and the second identity information; and sending a second request to the sending end under the condition that the receiving end and the sending end have a binding relationship, wherein the second request comprises the service request and the first encryption code, and the second request is used for the sending end to encrypt the transmitted service data through a key corresponding to the first key information of the second request.
Optionally, before obtaining the first request for data transmission sent by the receiving end, the method includes: receiving the first encrypted code determined for the sender by a first manufacturing system of the sender when the sender is produced, wherein the first identity information and the first key information of the first encrypted code are randomly determined and unique by the first manufacturing system; and/or receiving the second encrypted code determined by a second manufacturing system of the receiving end for the receiving end when the receiving end is produced, wherein the second identity information and the second key information of the second encrypted code are randomly determined and unique by the second manufacturing system.
Optionally, before acquiring the first request for data transmission sent by the receiving end, the method further includes: receiving a first equipment activation request sent by the sending end, wherein the first equipment activation request comprises a first encryption code of the sending end; responding to the first equipment activation request, and storing a first encryption code of the sending end in a legal equipment information list; and/or receiving a second equipment activation request sent by the receiving end, wherein the second equipment activation request comprises a second encryption code of the receiving end; and responding to the second equipment activation request, and storing the second encryption code of the receiving end in the legal equipment information list.
Optionally, determining whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information includes: receiving a device binding request of the receiving end, wherein the binding request comprises a second encryption code of the receiving end and a first encryption code of the transmitting end needing to be bound; verifying the sending end needing to be bound according to the first encryption code, and verifying the receiving end according to the second encryption code; and establishing a binding relationship between the receiving end and the transmitting end to be bound under the condition that the receiving end and the transmitting end to be bound are successfully verified.
Optionally, verifying the sending end to be bound according to the first encryption code, and verifying the receiving end according to the second encryption code includes: searching the legal equipment information list according to the first encryption code, and determining that the sending end is successfully verified when the first encryption code can be searched by the legal equipment information list; and searching the legal equipment information list according to the second encrypted code, and determining that the receiving end is successfully verified when the second encrypted code can be searched in the legal equipment information list.
According to another aspect of the embodiments of the present invention, there is provided another data transmission method, including: acquiring a first encryption code of a sending end, wherein the first encryption code comprises first identity information and first key information of the sending end; sending a first request for data transmission to a cloud server, wherein the first request comprises a service request, a second encrypted code of a receiving end and a first encrypted code of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; receiving a second request sent by the sending terminal in response to the cloud server, and encrypting the transmitted service data through a key corresponding to the first key information, wherein the second request is sent by the cloud server to the corresponding sending terminal according to the first encryption code under the condition that the cloud server verifies that the sending terminal and the receiving terminal have a binding relationship according to the first request, and the second request comprises the service request and the first encryption code; and decrypting the encrypted service data through a key corresponding to the first key information of the first encryption code.
Optionally, before sending the first request for data transmission to the cloud server, the method includes: sending an equipment binding request to the cloud server, wherein the binding request comprises a second encryption code of the receiving end and a first encryption code of a sending end needing to be bound, the cloud server verifies the sending end needing to be bound according to the first encryption code, verifies the receiving end according to the second encryption code, and under the condition that the receiving end and the sending end needing to be bound both verify successfully, the binding relationship between the receiving end and the sending end needing to be bound is established.
According to another aspect of the embodiments of the present invention, there is provided another data transmission method, including: receiving a second request sent by a cloud server, wherein the second request is a first request sent by a receiving end and received by the cloud server, and the cloud server sends the second request to the corresponding sending end according to a first encryption code of the first request under the condition that the first request verifies that the sending end and the receiving end have a binding relationship, and the second request comprises a service request and the first encryption code; the first request comprises the service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; responding to the service request of the second request, and encrypting service data through a key corresponding to the first key information; and sending the encrypted service data to the receiving end.
According to another aspect of the embodiments of the present invention, there is also provided a cloud server for data transmission, including: a first obtaining module, configured to obtain a first request for data transmission sent by a receiving end, where the first request includes a service request, a second encryption code of the receiving end, and a first encryption code of the sending end obtained by the receiving end, where the first encryption code includes first identity information and first key information of the sending end, and the second encryption code includes second identity information and second key information of the receiving end; a determining module, configured to determine whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information; a first sending module, configured to send a second request to the sending end when the receiving end and the sending end have a binding relationship, where the second request includes the service request and the first encryption code, and the second request is used for the service data that is transmitted by the sending end through encryption of a key corresponding to the first key information of the second request.
According to another aspect of the embodiments of the present invention, there is also provided a receiving end for data transmission, including: the second obtaining module is used for obtaining a first encryption code of a sending end, wherein the first encryption code comprises first identity information and first key information of the sending end; the system comprises a second sending module, a first sending module and a second sending module, wherein the first sending module is used for sending a first request of data transmission to a cloud server, the first request comprises a service request, a second encrypted code of a receiving end and the first encrypted code of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; a first receiving module, configured to receive a second request sent by the sending end in response to the cloud server, and encrypt service data transmitted through a key corresponding to the first key information, where the second request is sent by the cloud server to the corresponding sending end according to the first encrypted code when the cloud server verifies that the sending end and the receiving end have a binding relationship according to the first request, and the second request includes the service request and the first encrypted code; and the decryption module is used for decrypting the encrypted service data through a key corresponding to the first key information of the first encryption code.
According to another aspect of the embodiments of the present invention, there is also provided a transmitting end for data transmission, including: the second receiving module is used for receiving a second request sent by a cloud server, wherein the second request is a first request sent by a receiving end and received by the cloud server, and the cloud server sends the second request to the corresponding sending end according to a first encryption code of the first request under the condition that the first request verifies that the sending end and the receiving end have a binding relationship, and the second request comprises a service request and the first encryption code; the first request comprises the service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; the encryption module is used for responding to the service request of the second request and encrypting service data through a key corresponding to the first key information; and the third sending module is used for sending the encrypted service data to the receiving end.
According to another aspect of the embodiments of the present invention, there is also provided a computer storage medium, where the computer storage medium includes a stored program, and when the program runs, the apparatus where the computer storage medium is located is controlled to execute the data transmission method described in any one of the above.
According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes the data transmission method of any one of the above.
In the embodiment of the invention, a first request for acquiring data transmission sent by a receiving end is adopted, wherein the first request comprises a service request, a second encrypted code of the receiving end and a first encrypted code of a sending end acquired by the receiving end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; determining whether the receiving end and the sending end have a binding relation or not according to the first identity information and the second identity information; the method comprises the steps of sending a second request to a sending end under the condition that the receiving end and the sending end have a binding relationship, wherein the second request comprises a service request and a first encryption code, the second request is used for the sending end to encrypt service data transmitted by a key corresponding to first key information of the second request, different data transmission schemes are provided for different receiving ends and sending ends, and transmission can be carried out only under the condition that the receiving end and the sending end have the binding relationship, so that the aim of carrying out encryption transmission data transmission in a dedicated encryption mode at the sending end and the receiving end having the binding relationship is achieved, the technical effect of improving the data transmission safety of the receiving end and the sending end is achieved, and the technical problem that data transmission methods in related technologies are easy to intercept and cause poor data transmission safety is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method of data transmission according to an embodiment of the present invention;
FIG. 2 is a flow chart of another method of data transmission according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method of data transmission according to an embodiment of the present invention;
FIG. 4 is a prior art schematic according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of data interaction according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of data transmission according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a cloud server for data transmission according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a receiving end of a data transmission according to an embodiment of the present invention;
fig. 9 is a schematic diagram of a transmitting end of data transmission according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In accordance with an embodiment of the present invention, there is provided a method embodiment of a data transmission method, it being noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different than that presented herein.
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, a first request of data transmission sent by a receiving end is obtained, wherein the first request comprises a service request, a second encryption code of the receiving end and a first encryption code of the sending end obtained by the receiving end, the first encryption code comprises first identity information and first key information of the sending end, and the second encryption code comprises second identity information and second key information of the receiving end;
step S104, determining whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information;
and step S106, under the condition that the receiving end and the sending end have a binding relationship, sending a second request to the sending end, wherein the second request comprises a service request and a first encryption code, and the second request is used for the sending end to encrypt the transmitted service data through a key corresponding to the first key information of the second request.
Through the steps, a first request for acquiring data transmission sent by a receiving end is adopted, wherein the first request comprises a service request, a second encryption code of the receiving end and a first encryption code of the sending end acquired by the receiving end, the first encryption code comprises first identity information and first key information of the sending end, and the second encryption code comprises second identity information and second key information of the receiving end; determining whether the receiving end and the sending end have a binding relation or not according to the first identity information and the second identity information; the method comprises the steps of sending a second request to a sending end under the condition that the receiving end and the sending end have a binding relationship, wherein the second request comprises a service request and a first encryption code, the second request is used for the sending end to encrypt service data transmitted by a key corresponding to first key information of the second request, different data transmission schemes are provided for different receiving ends and sending ends, and transmission can be carried out only under the condition that the receiving end and the sending end have the binding relationship, so that the aim of carrying out encryption transmission data transmission in a dedicated encryption mode at the sending end and the receiving end having the binding relationship is achieved, the technical effect of improving the data transmission safety of the receiving end and the sending end is achieved, and the technical problem that data transmission methods in related technologies are easy to intercept and cause poor data transmission safety is solved.
The execution main body of the above steps may be a cloud server at the cloud end, and the receiving end may be a receiving end device that requests service data and receives data, and may be a user terminal, for example, a smart phone, a smart terminal, a tablet computer, and the like.
The first request is used for requesting service data, the first request is sent to the cloud server by the receiving end, and the first request comprises a second encryption code of the receiving end and a first encryption code of the sending end acquired by the receiving end.
The second encrypted code of the receiving end is generated by a manufacturing Execution system mes (manufacturing Execution system) when the receiving end produces the second encrypted code, and the second encrypted code includes second identity information and second key information of the receiving end. The second identity information and the second key information correspond to the receiving end uniquely, that is, the second identity information and the second key information of one receiving end are both unique and unique to the receiving end.
The first encrypted code of the sending terminal, which is obtained by the receiving terminal, can be obtained by scanning the two-dimensional code of the sending terminal or from a management interface of sending terminal equipment, when the receiving terminal needs to request data from the sending terminal, the first encrypted code of the sending terminal is obtained first, and then the request is sent to the cloud server.
The first encryption code of the sending end is similar to the second encryption code of the receiving end, and may also be generated by the manufacturing execution system MES when the sending end is in production, and the first encryption code includes the first identity information and the first key information of the receiving end. The first identity information and the first key information uniquely correspond to the transmitting end, that is, the first identity information and the first key information of one transmitting end are both unique and unique to the transmitting end.
And determining whether the receiving end and the sending end have a binding relationship or not according to the first identity information and the second identity information. When the receiving end and the sending end are produced, the MES system sends the generated first encryption codes of the sending end and the second encryption codes of the receiving end to the cloud server, and the cloud server stores the first encryption codes of the sending ends and the second encryption codes of the receiving ends uploaded by the MES systems.
The cloud server determines whether the receiving end and the sending end have a binding relationship when the receiving end requests the sending end through the cloud server.
The cloud server sends a second request to the sending end under the condition that the receiving end and the sending end have a binding relationship, wherein the second request comprises a service request and a first encryption code. And after receiving the second request, the sending end responds to the second request to generate service data, encrypts the service data according to the key corresponding to the first key information in the second request, and sends the encrypted service data to the receiving end.
Different data transmission schemes are provided for different receiving ends and sending ends, and only under the condition that the receiving ends and the sending ends have the binding relation, the data can be transmitted, the purpose of encrypting the data transmission in an exclusive encryption mode at the sending ends and the receiving ends with the binding relation is achieved, the technical effect of improving the data transmission safety of the receiving ends and the sending ends is achieved, and the technical problem that the data transmission safety is poor due to the fact that the data transmission method in the related technology is easy to intercept is solved.
Optionally, before obtaining the first request for data transmission sent by the receiving end, the method includes: receiving a first encrypted code determined for a sending end by a first manufacturing system of the sending end when the sending end is produced, wherein first identity information and first key information of the first encrypted code are randomly determined and unique by the first manufacturing system; and/or receiving a second encrypted code determined by a second manufacturing system of the receiving end for the receiving end when the receiving end is produced, wherein the second identity information and the second key information of the second encrypted code are randomly determined and unique by the second manufacturing system.
When the cloud server is generated at the sending end, the cloud server receives a first encrypted code of the sending end sent by the first manufacturing system, wherein the first identity information and the first key information of the first encrypted code are randomly determined and unique by the first manufacturing system. The first manufacturing system may be the MES system.
And when the cloud server is generated at the receiving end, receiving a second encrypted code of the receiving end, which is sent by the second manufacturing system, wherein second identity information and second key information of the second encrypted code are randomly determined and unique by the second manufacturing system. The second manufacturing system may be the MES system, and the second manufacturing system may be the same manufacturing system as the first manufacturing system or may be a different manufacturing system from the first manufacturing system.
Optionally, before acquiring the first request for data transmission sent by the receiving end, the method further includes: receiving a first equipment activation request sent by a sending end, wherein the first equipment activation request comprises a first encryption code of the sending end; responding to a first equipment activation request, and storing a first encryption code of a sending end in a legal equipment information list; and/or receiving a second equipment activation request sent by a receiving end, wherein the second equipment activation request comprises a second encryption code of the receiving end; and responding to the second equipment activation request, and storing the second encryption code of the receiving end in a legal equipment information list.
After the receiving end and the sending end leave a factory, an activation request is sent to the cloud server for activation before use, and the cloud server can be put into use. Specifically, the cloud server receives a first device activation request sent by a sending end, wherein the first device activation request comprises a first encryption code of the sending end; the cloud server responds to the first equipment activation request, and stores the first encryption code of the sending end in a legal equipment information list.
The cloud server receives a second equipment activation request sent by a receiving end, wherein the second equipment activation request comprises a second encryption code of the receiving end; and the cloud server responds to the second equipment activation request and stores the second encryption code of the receiving end in a legal equipment information list.
The legal device information list can be used for verifying the legality of the sending end and the receiving end, and when the sending end and the receiving end request for binding, whether the binding request is corresponding can be determined according to whether the sending end and the receiving end are legal.
Optionally, before determining whether the receiving end and the sending end have the binding relationship according to the first identity information and the second identity information, the method includes: receiving a device binding request of a receiving end, wherein the binding request comprises a second encryption code of the receiving end and a first encryption code of a transmitting end needing to be bound; verifying the sending terminal needing to be bound according to the first encryption code, and verifying the receiving terminal according to the second encryption code; and establishing the binding relationship between the receiving end and the transmitting end to be bound under the condition that the receiving end and the transmitting end to be bound are successfully verified.
In this embodiment, a binding request is sent from a receiving end to a cloud server, the binding request includes a second encryption code of the receiving end and a first encryption code of a sending end to be bound, the cloud server verifies the sending end to be bound according to the first encryption code, verifies the receiving end according to the second encryption code, and establishes a binding relationship between the receiving end and the sending end to be bound under the condition that it is determined that both the receiving end and the sending end to be bound are successfully verified. So as to subsequently perform data transmission between the receiving end and the transmitting end with the binding relationship.
Optionally, verifying the sending end to be bound according to the first encryption code, and verifying the receiving end according to the second encryption code includes: searching the legal equipment information list according to the first encryption code, and determining that the sending end is successfully verified when the first encryption code can be found in the legal equipment information list; and searching the legal equipment information list according to the second encrypted code, and determining that the receiving end is successfully verified when the second encrypted code can be searched by the legal equipment information list.
Fig. 2 is a flowchart of another data transmission method according to an embodiment of the present invention, and as shown in fig. 2, according to another aspect of the embodiment of the present invention, another data transmission method is further provided, which includes the following steps:
step S202, a first encryption code of a sending end is obtained, wherein the first encryption code comprises first identity information and first key information of the sending end;
step S204, a first request of data transmission is sent to a cloud server, wherein the first request comprises a service request, a second encrypted code of a receiving end and a first encrypted code of a sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
step S206, receiving a second request sent by a sending end responding to the cloud server, and encrypting the transmitted service data through a key corresponding to the first key information, wherein the second request is sent by the cloud server to the corresponding sending end according to the first encryption code under the condition that the cloud server verifies that the sending end and the receiving end have the binding relationship according to the first request, and the second request comprises the service request and the first encryption code;
in step S208, the encrypted service data is decrypted by using the key corresponding to the first key information of the first encryption code.
Through the steps, a first encryption code of a sending end is obtained, wherein the first encryption code comprises first identity information and first key information of the sending end; sending a first request for data transmission to a cloud server, wherein the first request comprises a service request, a second encrypted code of a receiving end and a first encrypted code of a sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; receiving a second request sent by a sending terminal in response to the cloud server, and encrypting the transmitted service data through a key corresponding to the first key information, wherein the second request is sent by the cloud server to the corresponding sending terminal according to the first encryption code under the condition that the cloud server verifies that the sending terminal and the receiving terminal have the binding relationship according to the first request, and the second request comprises the service request and the first encryption code; the method for decrypting the encrypted service data through the key corresponding to the first key information of the first encryption code provides different data transmission schemes for different receiving ends and sending ends, and only under the condition that the receiving ends and the sending ends have the binding relation, the service data can be transmitted, the purpose of encrypting and transmitting data transmission in the exclusive encryption mode at the sending ends and the receiving ends with the binding relation is achieved, so that the technical effect of improving the data transmission safety of the receiving ends and the sending ends is achieved, and the technical problem that the data transmission safety is poor due to the fact that the data transmission method in the related technology is easy to intercept is solved.
The execution subject of the above steps may be a receiving end.
Optionally, before sending the first request for data transmission to the cloud server, the method includes: and sending an equipment binding request to a cloud server, wherein the binding request comprises a second encryption code of a receiving end and a first encryption code of a sending end needing to be bound, the cloud server verifies the sending end needing to be bound according to the first encryption code, verifies the receiving end according to the second encryption code, and the binding relationship between the receiving end and the sending end needing to be bound is established under the condition that the receiving end and the sending end needing to be bound both verify successfully.
Fig. 3 is a flowchart of another data transmission method according to an embodiment of the present invention, and as shown in fig. 3, according to another aspect of the embodiment of the present invention, another data transmission method is further provided, which includes the following steps:
step S302, receiving a second request sent by a cloud server, wherein the second request is a first request sent by a receiving end and received by the cloud server, and the cloud server sends the first encrypted code of the first request to a corresponding sending end under the condition that the sending end and the receiving end are verified to have a binding relationship according to the first request, and the second request comprises a service request and the first encrypted code; the first request comprises a service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
step S304, responding to the service request of the second request, and encrypting the service data through the key corresponding to the first key information;
step S306, sending the encrypted service data to the receiving end.
Through the steps, receiving a second request sent by the cloud server, wherein the second request is sent by the cloud server to the corresponding sending terminal according to a first encryption code of the first request under the condition that the cloud server receives the first request sent by the receiving terminal and verifies that the sending terminal and the receiving terminal have the binding relationship according to the first request, and the second request comprises the service request and the first encryption code; the first request comprises a service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; responding to the service request of the second request, and encrypting the service data through a key corresponding to the first key information; the method for sending the encrypted service data to the receiving end provides different data transmission schemes for different receiving ends and sending ends, and only under the condition that the receiving end and the sending end have a binding relationship, the data can be transmitted, the purpose of encrypting the data transmission in the exclusive encryption mode at the sending end and the receiving end having the binding relationship is achieved, thereby realizing the technical effect of improving the data transmission safety of the receiving end and the sending end, and further solving the technical problem that the data transmission method in the related technology is easy to intercept, which results in poor data transmission safety.
The execution main body of the above steps may be a sending end.
It should be noted that this embodiment also provides an alternative implementation, which is described in detail below.
Fig. 4 is a schematic diagram of a prior art according to an embodiment of the present invention, and as shown in fig. 4, in the image transmission system, an S-side device (image receiving device) and an R-side device respectively access a cloud platform through a network. The cloud platform is used for carrying out validity authentication on the connection request of the S-end equipment and the R-end equipment and monitoring the connection process piece of the R-end equipment and the S-end equipment.
In the system, the connection between the S-side device and the R-side device can be directly established and data (audio/video stream, image, etc.) transmission is performed, or the S-side device transmits data to the R-side device through the forwarding of the cloud platform.
In the data transmission process, data is transmitted in a network, so that the security of the data is particularly important.
The embodiment provides a set of complete audio and video data encryption and decryption service implementation flow for an image transmission system, and audio and video encryption and decryption can be implemented through the flow, different encryption and decryption schemes are provided for each device in the method, and only receiving end devices among the devices bound with each other can obtain VKey for decrypting audio and video streams sent by a sending end device when the receiving end devices are bound, and in addition, only after the receiving end devices are bound successfully, the receiving end devices can receive the audio and video streams sent by the sending end device. In addition, as the decrypted key (VKey) cannot be transmitted on the network, and different sending end devices have different VKey, the confidentiality of the VKey is higher.
In the embodiment, a randomly generated VCode is used as a combination of a unique identifier for marking the device and a device password, and specifically, the VCode is composed of a VId part and a VKey part. VId is used as the only identification of the sending equipment; VKey is the secret used by the transmitting device to securely encrypt the data throughout the system, and each device has a unique definition, i.e., a different and unique VKey is set for each device. The transmitting end can scramble contents of generated video streams, pictures and the like by using VKey as an encrypted scrambling code, and the receiving end descrambles the received scrambled data by using VKey according to VCode obtained from the equipment end.
In addition, in the embodiment, in the instruction for requesting the service provision from the cloud or the sending end, the receiving end performs AES encryption on the message of the instruction or the key data in the message, and the key value of the key uses MDVKey.
In the scheme, due to the uniqueness of VKey, only the receiving end bound to the transmitting end can decode the data of the transmitting end, so that the data decryption difficulty is increased, and the encrypted data/request instruction of the user cannot be decrypted under the condition that the device VKey cannot be obtained.
The terms appearing in the present embodiment are explained and explained below:
1. use and definition of VCode
Application of VCode
1) As an identifier uniquely identifying the sending device;
2) as the content of a two-dimensional code that uniquely identifies the device.
Composition and definition of VCode
Composition of VCode: VCode is VId + VKEy. EG: QWERTYIUASDGHJK
Generation of VId, VKey: generated by the factory line MES system. Uses and definitions are as follows;
2. use and definition of VId
Use of VId
In order to avoid sensitive information related to production from being leaked due to regularity of sn in the three-terminal interaction process, a randomly generated character string of 8 characters is adopted as an identifier for uniquely identifying sending equipment and is used for replacing the sn as an identifier for uniquely identifying the sending equipment when each terminal requests for service and responds to service.
Definition of VId
VId is a string of randomly generated 8 capitalized characters, the range of characters: a-Z, the combination of strings must be unique.
For example: VId when VCode is QWERTYIUIASDFGHJK is as follows: QWERTYUI.
As the identifier for uniquely identifying the device, the VId needs to be stored in the transmitting end, the receiving end and the cloud.
3. Use and definition of VKey
Use of VKey
The most basic and important cipher in the encryption process adopts a character string with 8 characters which are randomly generated for each device and are used as the cipher of the whole set of business encryption design scheme.
Definition of VKey
VKey is a string of randomly generated 8 capitalized characters, the range of characters: a-Z, the combination of strings must be unique.
For example: VKey is shown as follows when VCode is QWERTYIASDFGHJK: ASDFGHJK.
4. Application and definition of MDKey
Application of MDVKey
In order to prevent the VKey leakage of the device caused by hacker attack or data leakage, the cloud only stores the MDVKey encrypted by the MD5, and the safety of the video/picture encrypted data of the user is ensured.
Definition of MDVKey
MDVKey is a 16-character-length string obtained by MD5 (capital, 16-bit) encryption of VKey. For example: VKey is: MDVKey for ASDFGHJK is: B35320905908508E.
5. Status and use of VCode at each end
Fig. 5 is a schematic diagram of data interaction according to an embodiment of the present invention, and as shown in fig. 5, the overall interaction flow is as follows:
1. the MES system generates product information such as VCode, MDVKey and the like; 2.1, the MES system sends the product information to a sending end, and the sending end generates an equipment two-dimensional code according to the VCode; 2.2, writing the corresponding VCode and MDVKey in the sending end equipment by the MES system; 2.3, writing the corresponding VCode and MDVKey in the equipment by the sending end equipment; 3. the MES system uploads product information such as VId, MDVKey and the like to the cloud platform; 4.1, the sending terminal device is on line, and registration and authentication are carried out on the cloud terminal request device by using VId and MDVKey; 4.2, the receiving terminal equipment is on line, and registration and authentication are carried out on the cloud end request equipment by using VId and MDVKey; 5.1, the sending end equipment establishes a binding relationship with a sending end through a two-dimensional code or a management interface through a VCode; and 5.2, the receiving terminal equipment requests equipment binding authentication from the cloud by using the VId and MDVKey of the sending terminal and the receiving terminal.
Fig. 6 is a schematic diagram of data transmission according to an embodiment of the present invention, and as shown in fig. 6, a pull flow of a sending end and a receiving end is as follows:
1. the receiving end uses the VId and the MDVKey to request a streaming service from the cloud end; 2. the cloud end requests a stream pulling service from the sending end through the VId and the MDVKey; 3. the transmitting end pushes the audio and video stream scrambled by VKey to the receiving end; 4. P2P or the server transmits the scrambled audio and video stream; 5. and the receiving end descrambles and plays the audio and video stream through VKey after receiving the audio and video stream.
6. Introduction of devices in a System
6.1 Manufacturing line MES (Manufacturing Execution System) As the source of VCode-the producer, the following work needs to be done:
1) VId, VKey and MDVKey (MD 5[16 capitalization ] encryption for VKey) required to generate VCode;
2) after the production of the sending device or the receiving device is finished, writing device information such as VCode, sn, MAC (physical Address, hardware Address, Media Access Control Address) and the like into the sending device;
3) and uploading product information including VId, MDVKey, sn, MAC and the like to a cloud, and recording by the cloud.
6.2 transmitting device
Before delivery, equipment information such as VCode, VKey and the like is directly written into configuration information of sending end equipment through a production line MES system. Therefore, the sending end device locally stores information such as VId, VKey, MDVKey and the like.
The functions and the processing flow are as follows:
1) before the sending equipment is accessed to the cloud end each time, sending registration authentication request information sent to the cloud platform contains VId and MDVKey codes and is used for verifying the validity of the sending equipment to the cloud platform;
2) video streams/pictures are encrypted using VKey or a variant of VKey as encryption key.
6.3 receiver
Before delivery, equipment information such as VCode, VKey and the like of the current receiving end equipment is directly written into configuration information of the sending equipment through a production line MES system. Therefore, the receiving end device end stores information such as VId, VKey, MDVKey and the like.
The functions and the processing flow are as follows:
1) when the receiving terminal equipment requests service from the cloud platform, AES encryption is carried out according to key data or parameters in the interface definition message, and the key uses MDVKey.
2) When the receiving end is bound with the sending end, the equipment information of the sending end can be acquired, which comprises the following steps: VCode, sn, MAC, etc., and stores the device information of the transmitting end locally. The VKey of the transmitting end device is available from the VCode, and when the receiving end device receives the encrypted data from the transmitting end, the encrypted data (video stream/picture) can be decrypted by the VKey or the VKey variant of the corresponding transmitting end device, that is, the VKey or the VKey variant is used as a decryption key for data decryption.
6.4 cloud platform
And the production line MES system uploads the VId and the MDVKey of the sending end and the receiving end to the cloud.
The functions and the processing flow are as follows:
1) after receiving the VId and the MDVKey of the sending end equipment transmitted by the receiving end equipment or the sending end equipment, the cloud platform verifies whether the equipment is registered on the cloud platform or not by inquiring equipment information stored in a mes production line in a database;
2) when the sending and receiving equipment registers authentication, the cloud platform verifies the validity of the sending equipment through the combination of the VId and the MDVKey in the request, and the cloud platform judges whether the sending and receiving equipment is allowed to access the cloud platform according to the verification result;
3) when the sending and receiving end equipment initiates the binding authentication, the cloud platform judges whether the current authentication is successful (whether the current binding request is agreed) through the combination of the VId and the MDVKey in the request;
4) the MDVKey is used for encrypting the public key in the http channel encryption; fed-heap encryption
5) When a receiving end requests services such as streaming to a cloud platform, AES encryption is carried out according to key data or parameters in an interface definition message, and an MDVKey is used as a secret key. After receiving the request, the cloud platform decrypts the encrypted data or parameters according to the interface definition, so that the security of the request and the sensitive information is ensured.
7. Overall Process flow
The overall process flow of the present embodiment is as follows:
and (3) equipment delivery stage:
step 1-1, generating product information such as VCode (including VId and VKey), MDVKey and the like by MES;
step 1-2, the MES writes corresponding product information such as VCode, MDVKey and the like into corresponding sending end equipment or receiving end equipment; and after successful writing, uploading product information such as VID, MDVKey and the like to a cloud-end platform.
Specifically, the VCode includes VId and VKey, where VId is used as unique identification information of the device, and VKey is used to identify the secret seed in the encryption process. When the sending end equipment or the receiving end equipment sends the control instruction, encrypting the instruction through the secret seed identified by VKEy; VKey is also used for the sender device to encrypt data (audio-video streams, pictures, files, etc.) sent by the sender.
After writing the product information into the equipment, the MES uploads the corresponding product information to the cloud platform as a factory record of the product, and the cloud platform can store the received product information, specifically, the product information is stored in a local legal equipment information list, so that whether the equipment initiating the request is legal equipment is judged according to the product information in the follow-up process.
Device activation (registration) phase:
step 2-1, when a sending end device or a receiving end device is online, initiating a device activation request to a cloud platform, wherein the device activation request comprises device information (VId and MDVKey) of the current device;
step 2-2, the cloud platform judges whether the equipment information of the current equipment is in a local legal equipment information list or not, and if yes, the current equipment is successfully activated; otherwise, the activation fails.
And a device binding stage:
step 3-1, the receiving end initiates a binding request aiming at the sending end equipment to the cloud end platform in a two-dimensional code scanning mode or through a management interface;
two-dimensional code mode: the two-dimensional code can be generated according to the product information of the sending terminal device and displayed in a certain form, such as being pasted on the sending terminal device, or displayed through a certain display interface; the user can scan this two-dimensional code through receiving end equipment, and after the scanning was accomplished, can acquire the product information of sending end equipment, include: VCode and MDVKey; after the product information of the sending terminal device is obtained, a binding request can be sent to the cloud platform according to the obtained VId and MDVKey, and the binding request simultaneously carries the VId and MDVkey of the current receiving terminal device.
And (3) managing an interface mode: the receiving end device may initiate a binding request for a certain transmitting end device through a specific management interface, and when initiating the binding request, the VId and MDVKey of the transmitting end device to be bound need to be input, and the VId and MDVKey of the current receiving end device are carried at the same time.
Step 3-2, the cloud platform respectively carries out local legality certification on the VId and MDVKey of the receiving end and the sending end, specifically, whether the VId and the MDVKey exist in a local legal device information list or not is judged, and if yes, it is determined that the current sending end device and the receiving end device are both local legal devices; the binding request is agreed and the binding relationship between the two devices is recorded locally, so that when the receiving end device initiates a pull stream request from the sending end device, whether the two devices are in the binding relationship can be directly determined.
And (3) pulling flow:
step 4-1, the receiving end equipment initiates a pull flow request aiming at the sending end equipment to the cloud end platform; the stream pulling request comprises VId and MDVKey of the receiving end equipment and the sending end equipment;
and 4-2, the cloud platform judges whether the current sending end equipment and the current receiving end equipment have a binding relationship, specifically judges by searching for a local record, agrees to the pull request when the two parties are determined to have the binding relationship, and executes the pull processing step.
The specific stream pulling processing steps are different according to different current data transmission modes, and if the current data transmission mode is P2P transmission, the cloud platform informs the corresponding sending end equipment to establish connection with the current receiving end equipment and then transmits the data stream to the receiving end equipment; if the data transmission is carried out in a server forwarding mode currently, the cloud platform receives the data stream sent by the sending terminal device and directly forwards the received data stream to the receiving terminal device.
And after receiving the data stream, the receiving end equipment decrypts the received data stream according to the VKey of the current sending end equipment and then displays the data stream.
Fig. 7 is a schematic diagram of a cloud server for data transmission according to an embodiment of the present invention, and as shown in fig. 7, according to another aspect of the embodiment of the present invention, there is also provided a cloud server for data transmission, including: a first acquisition module 72, a determination module 74 and a first sending module 76, which are described in detail below.
A first obtaining module 72, configured to obtain a first request for data transmission sent by a receiving end, where the first request includes a service request, a second encrypted code of the receiving end, and a first encrypted code of the sending end obtained by the receiving end, where the first encrypted code includes first identity information and first key information of the sending end, and the second encrypted code includes second identity information and second key information of the receiving end; a determining module 74, connected to the first obtaining module 72, configured to determine whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information; and a first sending module 76, connected to the determining module 74, configured to send a second request to the sending end when the receiving end and the sending end have a binding relationship, where the second request includes a service request and a first encryption code, and the second request is used for the sending end to encrypt the service data transmitted by using a key corresponding to the first key information of the second request.
Through the cloud server, a first obtaining module 72 is used for obtaining a first request of data transmission sent by a receiving end, wherein the first request comprises a service request, a second encryption code of the receiving end, and a first encryption code of a sending end obtained by the receiving end, the first encryption code comprises first identity information and first key information of the sending end, and the second encryption code comprises second identity information and second key information of the receiving end; the determining module 74 determines whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information; the first sending module 76, in the case where the receiving end and the sending end have a binding relationship, sends a second request to the sending end, wherein the second request comprises a service request and a first encryption code, the second request is used for a mode that the transmitting end encrypts the transmitted service data through a key corresponding to the first key information of the second request, different data transmission schemes are provided for different receiving ends and sending ends, and only under the condition that the receiving ends and the sending ends have binding relations, can be transmitted, the purpose of encrypting data transmission by a special encryption mode at a transmitting end and a receiving end which have a binding relation is achieved, thereby realizing the technical effect of improving the safety of data transmission of the receiving end and the transmitting end, and the technical problem that the data transmission safety is poor due to the fact that the data transmission method in the related technology is easy to intercept is solved.
Fig. 8 is a schematic diagram of a receiving end of data transmission according to an embodiment of the present invention, and as shown in fig. 8, according to another aspect of the embodiment of the present invention, there is also provided a receiving end of data transmission, including: a second obtaining module 82, a second sending module 84, a first receiving module 86 and a decrypting module 88, which will be described in detail below.
A second obtaining module 82, configured to obtain a first encrypted code of the sending end, where the first encrypted code includes first identity information and first key information of the sending end; a second sending module 84, connected to the second obtaining module 82, configured to send a first request for data transmission to the cloud server, where the first request includes a service request, a second encrypted code at the receiving end, and a first encrypted code at the sending end, where the second encrypted code includes second identity information and second key information at the receiving end; a first receiving module 86, connected to the second sending module 84, for receiving a second request sent by a sending end in response to the cloud server, and encrypting the transmitted service data by using a key corresponding to the first key information, where the second request is sent by the cloud server to the corresponding sending end according to the first encrypted code when the cloud server verifies that the sending end and the receiving end have a binding relationship according to the first request, and the second request includes the service request and the first encrypted code; and a decryption module 88, connected to the first receiving module 86, for decrypting the encrypted service data by using the key corresponding to the first key information of the first encryption code.
Acquiring a first encryption code of the sending end by using a second acquiring module 82 through the receiving end, wherein the first encryption code comprises first identity information and first key information of the sending end; the second sending module 84 sends a first request for data transmission to the cloud server, where the first request includes a service request, a second encrypted code of the receiving end, and a first encrypted code of the sending end, where the second encrypted code includes second identity information and second key information of the receiving end; the first receiving module 86 receives a second request sent by the sending terminal in response to the cloud server, and encrypts the transmitted service data through a key corresponding to the first key information, wherein the second request is sent by the cloud server to the corresponding sending terminal according to the first encryption code under the condition that the cloud server verifies that the sending terminal and the receiving terminal have a binding relationship according to the first request, and the second request comprises the service request and the first encryption code; the decryption module 88 decrypts encrypted service data by using a key corresponding to the first key information of the first encryption code, and provides different data transmission schemes for different receiving ends and sending ends, and only when the receiving end and the sending end have a binding relationship, the encrypted service data can be transmitted, so that the purpose of encrypting and transmitting data transmission in a dedicated encryption mode at the sending end and the receiving end having the binding relationship is achieved, thereby achieving the technical effect of improving the data transmission safety of the receiving end and the sending end, and further solving the technical problem that the data transmission method in the related technology is easy to intercept and causes poor data transmission safety.
Fig. 9 is a schematic diagram of a transmitting end of data transmission according to an embodiment of the present invention, and as shown in fig. 9, according to another aspect of the embodiment of the present invention, there is also provided a transmitting end of data transmission, including: a second receiving module 92, an encryption module 94 and a third sending module 96, which are described in detail below.
The second receiving module 92 is configured to receive a second request sent by the cloud server, where the second request is sent by the cloud server to the corresponding sending terminal according to a first encryption code of the first request under the condition that the cloud server receives the first request sent by the receiving terminal and verifies that the sending terminal and the receiving terminal have a binding relationship according to the first request, and the second request includes a service request and the first encryption code; the first request comprises a service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; an encryption module 94, connected to the second receiving module 92, for responding to the service request of the second request and encrypting the service data by using the key corresponding to the first key information; and a third sending module 96, connected to the encryption module 94, for sending the encrypted service data to the receiving end.
Through the sending terminal, a second receiving module 92 is adopted to receive a second request sent by the cloud server, wherein the second request is sent by the cloud server to the corresponding sending terminal according to a first encryption code of the first request under the condition that the cloud server receives the first request sent by the receiving terminal and verifies that the sending terminal and the receiving terminal have a binding relationship according to the first request, and the second request comprises a service request and the first encryption code; the first request comprises a service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end; the encryption module 94 encrypts the service data through the key corresponding to the first key information in response to the service request of the second request; the third sending module 96 sends the encrypted service data to the receiving end, different data transmission schemes are provided for different receiving ends and sending ends, and only under the condition that the receiving end and the sending end have a binding relationship, transmission can be performed, the purpose of encrypted data transmission in an exclusive encryption mode at the sending end and the receiving end having the binding relationship is achieved, so that the technical effect of improving the data transmission safety of the receiving end and the sending end is achieved, and the technical problem that the data transmission method in the related technology is easy to intercept and causes poor data transmission safety is solved.
According to another aspect of the embodiments of the present invention, there is also provided a computer storage medium, where the computer storage medium includes a stored program, and when the program runs, the apparatus on which the computer storage medium is located is controlled to execute the data transmission method of any one of the above.
According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes to perform the data transmission method in any one of the above.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (13)

1. A method of data transmission, comprising:
acquiring a first request of data transmission sent by a receiving end, wherein the first request comprises a service request, a second encryption code of the receiving end and a first encryption code of a sending end acquired by the receiving end, the first encryption code comprises first identity information and first key information of the sending end, and the second encryption code comprises second identity information and second key information of the receiving end;
determining whether the receiving end and the transmitting end have a binding relationship or not according to the first identity information and the second identity information;
and sending a second request to the sending end under the condition that the receiving end and the sending end have a binding relationship, wherein the second request comprises the service request and the first encryption code, and the second request is used for the sending end to encrypt the transmitted service data through a key corresponding to the first key information of the second request.
2. The method of claim 1, wherein obtaining the first request for data transmission sent by the receiver comprises:
receiving the first encrypted code determined for the sender by a first manufacturing system of the sender when the sender is produced, wherein the first identity information and the first key information of the first encrypted code are randomly determined and unique by the first manufacturing system;
and/or the presence of a gas in the gas,
receiving the second encrypted code determined by a second manufacturing system of the receiving end for the receiving end when the receiving end is produced, wherein the second identity information and the second key information of the second encrypted code are randomly determined and unique by the second manufacturing system.
3. The method of claim 2, wherein before obtaining the first request for data transmission sent by the receiver, further comprising:
receiving a first equipment activation request sent by the sending end, wherein the first equipment activation request comprises a first encryption code of the sending end;
responding to the first equipment activation request, and storing a first encryption code of the sending end in a legal equipment information list;
and/or the presence of a gas in the gas,
receiving a second equipment activation request sent by the receiving end, wherein the second equipment activation request comprises a second encryption code of the receiving end;
and responding to the second equipment activation request, and storing the second encryption code of the receiving end in the legal equipment information list.
4. The method of claim 3, wherein before determining whether the receiving end and the transmitting end have a binding relationship according to the first identity information and the second identity information, the method comprises:
receiving a device binding request of the receiving end, wherein the binding request comprises a second encryption code of the receiving end and a first encryption code of the transmitting end needing to be bound;
verifying the sending end needing to be bound according to the first encryption code, and verifying the receiving end according to the second encryption code;
and establishing a binding relationship between the receiving end and the transmitting end to be bound under the condition that the receiving end and the transmitting end to be bound are successfully verified.
5. The method of claim 4, wherein verifying the sender requiring binding according to the first encryption code and verifying the receiver according to the second encryption code comprises:
searching the legal equipment information list according to the first encryption code, and determining that the sending end is successfully verified when the first encryption code can be searched by the legal equipment information list;
and searching the legal equipment information list according to the second encrypted code, and determining that the receiving end is successfully verified when the second encrypted code can be searched in the legal equipment information list.
6. A method of data transmission, comprising:
acquiring a first encryption code of a sending end, wherein the first encryption code comprises first identity information and first key information of the sending end;
sending a first request for data transmission to a cloud server, wherein the first request comprises a service request, a second encrypted code of a receiving end and a first encrypted code of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
receiving a second request sent by the sending terminal in response to the cloud server, and encrypting the transmitted service data through a key corresponding to the first key information, wherein the second request is sent by the cloud server to the corresponding sending terminal according to the first encryption code under the condition that the cloud server verifies that the sending terminal and the receiving terminal have a binding relationship according to the first request, and the second request comprises the service request and the first encryption code;
and decrypting the encrypted service data through a key corresponding to the first key information of the first encryption code.
7. The method of claim 6, wherein sending the first request for data transmission to the cloud server is preceded by:
sending an equipment binding request to the cloud server, wherein the binding request comprises a second encryption code of the receiving end and a first encryption code of a sending end needing to be bound, the cloud server verifies the sending end needing to be bound according to the first encryption code, verifies the receiving end according to the second encryption code, and under the condition that the receiving end and the sending end needing to be bound both verify successfully, the binding relationship between the receiving end and the sending end needing to be bound is established.
8. A method of data transmission, comprising:
receiving a second request sent by a cloud server, wherein the second request is a first request sent by a receiving end and received by the cloud server, and the cloud server sends the second request to the corresponding sending end according to a first encryption code of the first request under the condition that the first request verifies that the sending end and the receiving end have a binding relationship, and the second request comprises a service request and the first encryption code; the first request comprises the service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
responding to the service request of the second request, and encrypting service data through a key corresponding to the first key information;
and sending the encrypted service data to the receiving end.
9. A cloud server for data transmission, comprising:
a first obtaining module, configured to obtain a first request for data transmission sent by a receiving end, where the first request includes a service request, a second encryption code of the receiving end, and a first encryption code of the sending end obtained by the receiving end, where the first encryption code includes first identity information and first key information of the sending end, and the second encryption code includes second identity information and second key information of the receiving end;
a determining module, configured to determine whether the receiving end and the sending end have a binding relationship according to the first identity information and the second identity information;
a first sending module, configured to send a second request to the sending end when the receiving end and the sending end have a binding relationship, where the second request includes the service request and the first encryption code, and the second request is used for the service data that is transmitted by the sending end through encryption of a key corresponding to the first key information of the second request.
10. A receiving end for data transmission, comprising:
the second obtaining module is used for obtaining a first encryption code of a sending end, wherein the first encryption code comprises first identity information and first key information of the sending end;
the system comprises a second sending module, a first sending module and a second sending module, wherein the first sending module is used for sending a first request of data transmission to a cloud server, the first request comprises a service request, a second encrypted code of a receiving end and the first encrypted code of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
a first receiving module, configured to receive a second request sent by the sending end in response to the cloud server, and encrypt service data transmitted through a key corresponding to the first key information, where the second request is sent by the cloud server to the corresponding sending end according to the first encrypted code when the cloud server verifies that the sending end and the receiving end have a binding relationship according to the first request, and the second request includes the service request and the first encrypted code;
and the decryption module is used for decrypting the encrypted service data through a key corresponding to the first key information of the first encryption code.
11. A transmitting end for data transmission, comprising:
the second receiving module is used for receiving a second request sent by a cloud server, wherein the second request is a first request sent by a receiving end and received by the cloud server, and the cloud server sends the second request to the corresponding sending end according to a first encryption code of the first request under the condition that the first request verifies that the sending end and the receiving end have a binding relationship, and the second request comprises a service request and the first encryption code; the first request comprises the service request, a second encrypted code of the receiving end and a first encrypted code of the sending end, the first encrypted code comprises first identity information and first key information of the sending end, and the second encrypted code comprises second identity information and second key information of the receiving end;
the encryption module is used for responding to the service request of the second request and encrypting service data through a key corresponding to the first key information;
and the third sending module is used for sending the encrypted service data to the receiving end.
12. A computer storage medium, comprising a stored program, wherein the program, when executed, controls an apparatus in which the computer storage medium is located to perform the data transmission method according to any one of claims 1 to 8.
13. A processor, characterized in that the processor is configured to run a program, wherein the program is configured to execute the data transmission method according to any one of claims 1 to 8 when running.
CN202011602792.1A 2020-12-29 2020-12-29 Data transmission method, cloud server, receiving end and sending end Active CN112769783B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011602792.1A CN112769783B (en) 2020-12-29 2020-12-29 Data transmission method, cloud server, receiving end and sending end

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011602792.1A CN112769783B (en) 2020-12-29 2020-12-29 Data transmission method, cloud server, receiving end and sending end

Publications (2)

Publication Number Publication Date
CN112769783A true CN112769783A (en) 2021-05-07
CN112769783B CN112769783B (en) 2023-04-25

Family

ID=75696305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011602792.1A Active CN112769783B (en) 2020-12-29 2020-12-29 Data transmission method, cloud server, receiving end and sending end

Country Status (1)

Country Link
CN (1) CN112769783B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113411316A (en) * 2021-06-04 2021-09-17 深圳市华磊迅拓科技有限公司 MES system data communication method and system based on WCF protocol

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388770A (en) * 2008-10-20 2009-03-18 华为技术有限公司 Method, server and customer apparatus for acquiring dynamic host configuration protocol cipher
US20120239916A1 (en) * 2011-03-16 2012-09-20 Rammohan Malasani Wi-fi router with integrated touch-screen and enhanced security features
CN103795571A (en) * 2014-01-24 2014-05-14 北京搜狗科技发展有限公司 Binding method and device between equipment
US20150350411A1 (en) * 2012-09-07 2015-12-03 Telefonaktiebolaget L M Ericsson (Publ) Protection of a Wireless Communications Device Against Unauthorized Use
CN107979514A (en) * 2017-11-21 2018-05-01 海信集团有限公司 A kind of method and apparatus bound to equipment
CN109246604A (en) * 2018-09-30 2019-01-18 美的集团股份有限公司 Smart machine secure binding method, server, smart machine and ustomer premises access equipment
CN110139139A (en) * 2018-02-02 2019-08-16 华为技术有限公司 A kind of method for processing business, terminal, server and Related product
CN110636062A (en) * 2019-09-20 2019-12-31 百度在线网络技术(北京)有限公司 Method and device for controlling secure interaction of equipment, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388770A (en) * 2008-10-20 2009-03-18 华为技术有限公司 Method, server and customer apparatus for acquiring dynamic host configuration protocol cipher
US20120239916A1 (en) * 2011-03-16 2012-09-20 Rammohan Malasani Wi-fi router with integrated touch-screen and enhanced security features
US20150350411A1 (en) * 2012-09-07 2015-12-03 Telefonaktiebolaget L M Ericsson (Publ) Protection of a Wireless Communications Device Against Unauthorized Use
CN103795571A (en) * 2014-01-24 2014-05-14 北京搜狗科技发展有限公司 Binding method and device between equipment
CN107979514A (en) * 2017-11-21 2018-05-01 海信集团有限公司 A kind of method and apparatus bound to equipment
CN110139139A (en) * 2018-02-02 2019-08-16 华为技术有限公司 A kind of method for processing business, terminal, server and Related product
CN109246604A (en) * 2018-09-30 2019-01-18 美的集团股份有限公司 Smart machine secure binding method, server, smart machine and ustomer premises access equipment
CN110636062A (en) * 2019-09-20 2019-12-31 百度在线网络技术(北京)有限公司 Method and device for controlling secure interaction of equipment, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113411316A (en) * 2021-06-04 2021-09-17 深圳市华磊迅拓科技有限公司 MES system data communication method and system based on WCF protocol

Also Published As

Publication number Publication date
CN112769783B (en) 2023-04-25

Similar Documents

Publication Publication Date Title
CN109218825B (en) Video encryption system
CN108989848B (en) Video resource file acquisition method and management system
WO2017097041A1 (en) Data transmission method and device
CN101977190B (en) Digital content encryption transmission method and server side
CN109151508B (en) Video encryption method
KR20190031989A (en) System and method for processing electronic contracts based on blockchain
CN108809633B (en) Identity authentication method, device and system
KR20150079489A (en) Instant messaging method and system
CN103237010B (en) The server end of digital content is cryptographically provided
WO2017181518A1 (en) Method, apparatus and system for encrypting communication
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN102404337A (en) Data encryption method and device
CN108768920B (en) Recorded broadcast data processing method and device
CN111726801A (en) Network security control method
CN103237011B (en) Digital content encryption transmission method and server end
CN109981271A (en) A kind of network multimedia security protection encryption method
CN114697082B (en) Production and application method of encryption and decryption device in server-free environment
KR101479290B1 (en) Agent for providing security cloud service, security token device for security cloud service
CN113676478B (en) Data processing method and related equipment
JP2022117456A (en) Message transmission system with hardware security module
CN112769783B (en) Data transmission method, cloud server, receiving end and sending end
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN112491907A (en) Data transmission method, device, system, storage medium and electronic equipment
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111049641A (en) Bidirectional authentication based image multiple secret transmission method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant