CN113595982B - Data transmission method and device, electronic equipment and storage medium - Google Patents

Data transmission method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113595982B
CN113595982B CN202110713582.8A CN202110713582A CN113595982B CN 113595982 B CN113595982 B CN 113595982B CN 202110713582 A CN202110713582 A CN 202110713582A CN 113595982 B CN113595982 B CN 113595982B
Authority
CN
China
Prior art keywords
ciphertext
transmission data
data
target field
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110713582.8A
Other languages
Chinese (zh)
Other versions
CN113595982A (en
Inventor
韩兆强
史忠伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuba Co Ltd
Original Assignee
Wuba Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuba Co Ltd filed Critical Wuba Co Ltd
Priority to CN202110713582.8A priority Critical patent/CN113595982B/en
Publication of CN113595982A publication Critical patent/CN113595982A/en
Application granted granted Critical
Publication of CN113595982B publication Critical patent/CN113595982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention provides a data transmission method, a data transmission device, electronic equipment and a storage medium. The method comprises the following steps: aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field, wherein the first transmission data is original data which needs to be transmitted to a second device side by the first device side; and taking the first transmission data containing the ciphertext as second transmission data, wherein the second transmission data is data entering a transmission channel for network communication between the first equipment end and the second equipment end. Therefore, the dynamic generation strategy of the ciphertext is realized, the complexity is increased, and the violent cracking can be effectively prevented, so that the safety in the network communication process is further improved, and the effect of data protection is improved as a whole.

Description

Data transmission method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data transmission method, a data transmission device, an electronic device, and a storage medium.
Background
Network communication means that all isolated devices are connected through a network, and communication among people, people and computers and between computers is realized through information exchange. With the wide application of network communication, the security problem of transmission data in the network communication process is also a very important issue. For this purpose, data protection measures can be taken. The data protection refers to protecting the data security in the network communication process, and preventing or monitoring the data theft, tampering, interception and other man-in-the-middle attack behaviors. However, the related art lacks an effective data protection scheme. Taking the HyperText transfer protocol (HTTP, hyperText Transfer Protocol) and the secure socket layer HyperText transfer protocol (HTTPs, hypertext Transfer Protocol over Secure Socket Layer) as examples, HTTPs performs data encryption protection by means of the secure socket layer (SSL, secure Sockets Laye) or the transport layer security (Transport Layer Security, TLS), HTTP does not have any encryption protection policy, and at present, both HTTP and HTTPs have a high risk of being attacked by a man-in-the-middle during network communication.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission device, electronic equipment and a storage medium, which are used for solving the problems in the related art.
The invention aims at realizing the following technical scheme:
in a first aspect, an embodiment of the present invention provides a data transmission method, including:
aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field, wherein the first transmission data is original data which needs to be transmitted to a second device side by the first device side;
and taking the first transmission data containing the ciphertext as second transmission data, wherein the second transmission data is data entering a transmission channel for network communication between the first equipment end and the second equipment end.
In one possible embodiment, the method further comprises:
acquiring a configuration file, wherein the configuration file comprises first configuration information, the first configuration information represents whether each field contained in first transmission data is a target field which needs to be converted into ciphertext, and at least one ciphertext generating strategy configured according to a security level corresponds to the target field;
And determining a target field and at least one ciphertext generating strategy configured according to the security level, which corresponds to the target field, in all fields contained in the first transmission data based on the first configuration information.
In one possible implementation, at least one ciphertext generating policy configured according to a security level comprises:
an encryption algorithm configured according to the first security level, and/or a signature algorithm configured according to the second security level.
In one possible implementation, the configuration file includes second configuration information, where the second configuration information characterizes switching information of the security protection function;
for at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, including:
and responding to the second configuration information to characterize and start the security protection function, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
In one possible implementation, obtaining the configuration file includes:
And acquiring the updated configuration file of the security server.
In one possible embodiment, the method further comprises:
the configuration file is stored locally in an encrypted manner.
In one possible embodiment, the method further comprises:
generating a first dynamic key corresponding to the ciphertext generating strategy;
converting the target field into ciphertext includes:
the target field is converted to ciphertext based on the first dynamic key.
In one possible implementation manner, generating a first dynamic key corresponding to a ciphertext generating policy includes:
randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm;
a first dynamic key is generated based on a target key generation algorithm.
In one possible implementation manner, one of the first device side and the second device side is a user terminal, and the generating the first dynamic key based on the target key generating algorithm includes:
combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server;
and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
In one possible implementation, the first transmission data is data for a target service, and the second dynamic key corresponding to the target service is different from the second dynamic keys corresponding to other services other than the target service.
In one possible embodiment, the method further comprises:
detecting whether an abnormality occurs in the running environment;
in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the secret.
In one possible embodiment, the method further comprises:
decrypting the third transmission data from the second equipment end to obtain fourth transmission data;
the fourth transmission data is the original data which needs to be transmitted to the first equipment end by the second equipment end;
the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating policy configured according to the security level corresponding to the target field.
In a second aspect, an embodiment of the present invention provides a data transmission apparatus, including:
the ciphertext generating module is used for converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field aiming at least one target field in all fields contained in the first transmission data, wherein the first transmission data is original data which needs to be transmitted to the second equipment end by the first equipment end;
The data acquisition module is used for taking the first transmission data containing the ciphertext as second transmission data, wherein the second transmission data is data entering a transmission channel for network communication between the first equipment end and the second equipment end.
In one possible embodiment, the method further comprises:
the configuration acquisition module is used for acquiring a configuration file, the configuration file comprises first configuration information, the first configuration information characterizes whether each field contained in the first transmission data is a target field which needs to be converted into ciphertext, and at least one ciphertext generating strategy which corresponds to the target field and is configured according to the security level;
and the policy determining module is used for determining a target field and at least one ciphertext generating policy configured according to the security level, which correspond to the target field, in all the fields contained in the first transmission data based on the first configuration information.
In one possible implementation, at least one ciphertext generating policy configured according to a security level comprises:
an encryption algorithm configured according to the first security level, and/or a signature algorithm configured according to the second security level.
In one possible implementation, the configuration file includes second configuration information, where the second configuration information characterizes switching information of the security protection function;
The ciphertext generating module is specifically configured to:
and responding to the second configuration information to characterize and start the security protection function, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
In a possible implementation manner, the configuration obtaining module is specifically configured to:
and acquiring the updated configuration file of the security server.
In one possible embodiment, the method further comprises:
and the file storage module is used for locally encrypting and storing the configuration file.
In one possible embodiment, the method further comprises:
the key generation module is used for generating a first dynamic key corresponding to the ciphertext generation strategy;
the ciphertext generating module is specifically configured to:
the target field is converted to ciphertext based on the first dynamic key.
In one possible implementation, the key generation module is specifically configured to:
randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm;
a first dynamic key is generated based on a target key generation algorithm.
In one possible implementation manner, one of the first device side and the second device side is a user terminal, and the key generation module is specifically configured to:
Combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server;
and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
In one possible implementation, the first transmission data is data for a target service, and the second dynamic key corresponding to the target service is different from the second dynamic keys corresponding to other services other than the target service.
In one possible embodiment, the method further comprises:
the abnormality detection module is used for detecting whether the running environment is abnormal or not; in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the secret.
In one possible embodiment, the method further comprises:
the data decryption module is used for decrypting the third transmission data from the second equipment end to obtain fourth transmission data; the fourth transmission data is the original data which needs to be transmitted to the first equipment end by the second equipment end; the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating policy configured according to the security level corresponding to the target field.
In a third aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the data transmission method as in any of the above first aspects.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data transmission method as in any of the first aspects.
The advantages or beneficial effects in the technical scheme at least comprise:
the method comprises the steps that a target field in first transmission data to be transmitted is converted into ciphertext based on at least one ciphertext generating strategy configured according to a security level, second transmission data containing the ciphertext is obtained, the second transmission data enters a transmission channel between a first equipment end and a second equipment end and is used for network communication, on one hand, the safety in the network communication process is improved due to the fact that the target field is converted into the ciphertext, on the other hand, for each target field of the first transmission data, at least one corresponding ciphertext generating strategy configured according to the security level is arranged in the target field, multiple ciphertext generating strategies with different security levels can be adopted for the whole transmission data, dynamic of the ciphertext generating strategy is achieved, complexity is increased, violent cracking can be effectively prevented, and accordingly safety in the network communication process is further improved.
The foregoing summary is for the purpose of the specification only and is not intended to be limiting in any way. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features of the present invention will become apparent by reference to the drawings and the following detailed description.
Drawings
FIG. 1 is an exemplary hardware system architecture diagram in an embodiment of the invention;
FIG. 2 is a flow chart of an exemplary data transmission method in an embodiment of the invention;
FIG. 3 is a flow chart of an exemplary data transmission method in an embodiment of the invention;
FIG. 4 is a flow chart of an exemplary data transmission method in an embodiment of the invention;
fig. 5 is a schematic structural view of an exemplary data transmission apparatus in an embodiment of the present invention;
fig. 6 is a schematic diagram of an exemplary data transmission device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device in an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The data transmission method provided by the embodiment of the invention can be executed at the user terminal or at the security server. Wherein the user terminal may be a mobile terminal, a computer, etc. Fig. 1 is an exemplary hardware system architecture, as shown in fig. 1, where the hardware system architecture includes a first device end 101 and a second device end 102 that perform network communications, where one of the first device end 101 and the second device end 102 may be a user terminal, and the other one is a service server corresponding to the user terminal, so that the service server may provide service for the user terminal through network communications between the two parties. The hardware system architecture further comprises a security service end 103, in order to improve the security of data transmission in the network communication process, when the user terminal transmits the data to the service end, the user terminal can execute the data transmission method provided by the embodiment of the invention to protect the data, and when the service end transmits the data to the user terminal, the security service end can execute the data transmission method provided by the embodiment of the invention to protect the data, so as to realize the security protection function. In addition, the security service terminal 103 may also provide security services for the user terminal. In practice, HTTP or HTTPs transport protocols may be used for network communications. For HTTPS, the security protection function of the embodiment of the present invention may be adopted based on the original encryption protection policy of SSL or TLS, so that the security protection function may also be referred to as a reinforcement protection function.
The data transmission method provided by the embodiment of the invention is described in detail below.
Fig. 2 is a flowchart of an exemplary data transmission method according to an embodiment of the present invention. As shown in fig. 2, the data transmission method at least includes the following steps:
step 201, for at least one target field in all fields included in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, where the first transmission data is original data that needs to be transmitted to the second device side by the first device side.
The target field here is one of all the fields included in the first transmission data that needs to be converted into ciphertext. The at least one target field may be all or part of the fields included in the first transmission data. For example, the first transmission data includes 5 fields, and all of the 5 fields may be converted into ciphertext, or 3 of the 5 fields may be converted into ciphertext, and the other 2 fields may not be converted into ciphertext.
Wherein the ciphertext generating strategies of different security level configurations are different.
Step 202, using the first transmission data including the ciphertext as the second transmission data, where the second transmission data is data entering a transmission channel between the first device side and the second device side for network communication.
In this embodiment, for a target field in first transmission data to be transmitted, based on at least one ciphertext generating policy configured according to a security level, the target field is converted into ciphertext to obtain second transmission data including ciphertext, and the second transmission data enters a transmission channel between a first device end and a second device end for network communication.
In an exemplary embodiment, the data transmission method may further include: acquiring a configuration file, wherein the configuration file comprises first configuration information, the first configuration information represents whether each field contained in first transmission data is a target field which needs to be converted into ciphertext, and at least one ciphertext generating strategy configured according to a security level corresponds to the target field; and determining a target field and at least one ciphertext generating strategy configured according to the security level, which corresponds to the target field, in all fields contained in the first transmission data based on the first configuration information.
In this embodiment, a configuration file may be obtained, where each field in the first transmission data is configured according to needs, including whether the field needs to be converted into ciphertext, and a ciphertext generating policy configured according to a security level, based on this, it may be accurately determined which field is converted into ciphertext, and what security level ciphertext generating policy is adopted, and the personalized requirement of the user may be satisfied.
In an exemplary embodiment, acquiring the configuration file may specifically include: and acquiring the updated configuration file of the security server.
In practical application, the security server may provide a configuration management background, where the configuration management background is used to provide a configuration page, and a configuration file may be obtained through a configuration operation of the configuration page. If the data transmission method is executed by the user terminal, the security server can send the configuration file to the user terminal, and the user terminal can acquire the configuration file from the security server.
Based on the above, when the configuration file needs to be updated, the security server can obtain the updated configuration file through the configuration operation of the configuration page. Thus, the latest configuration requirement can be met by updating the configuration through the security server.
In an exemplary embodiment, the first transmission data may be data for a target traffic line interface. By way of example, the target line of business interface may be a login interface, a payment interface, and so forth. In practical application, the target field and at least one ciphertext generating policy configured according to the security level corresponding to the target field may be configured by the configuration page for the first transmission data of each service line interface. As such, the destination fields of different service line interfaces may be different, as may the corresponding ciphertext generation policies.
It may be appreciated that the target field and at least one ciphertext generating policy configured according to the security level corresponding to the target field in all the fields included in the first transmission data may be determined in other manners, for example, the content of the field may be analyzed in real time, and the target field and at least one ciphertext generating policy configured according to the security level corresponding to the target field may be determined based on the analysis result. For example, if the content of a field is related to user privacy data, the field is the target field and the security level is also higher.
In an exemplary embodiment, the at least one ciphertext generating policy configured according to the security level may include: an encryption algorithm configured according to the first security level, and/or a signature algorithm configured according to the second security level.
Wherein the encryption algorithm is used for encrypting data. The data encryption is to convert the plaintext into the ciphertext through an encryption algorithm and an encryption key, the corresponding process is data decryption, and the decryption is to restore the ciphertext into the plaintext through a decryption algorithm and a decryption key.
The first security level refers to the security level of the encryption algorithm. Illustratively, three security levels, high, medium, and low, can be distinguished. In practical applications, the encryption algorithm that may be employed may include an advanced encryption standard (AES, advanced Encryption Standard) algorithm, a white-box encryption algorithm, and an SM4 encryption algorithm (a block cipher algorithm), and so on. For example, the ciphertext generation policy with a low security level may be configured as an AES encryption algorithm, the ciphertext generation policy with a medium security level may be configured as a white-box encryption algorithm, and the ciphertext generation policy with a high security level may be configured as an SM4 encryption algorithm.
Wherein the signature algorithm is used for digital signature. A digital signature is a digital string that cannot be forged by others only the sender of the information, and is also a valid proof of the authenticity of the information sent by the sender of the information.
The second security level refers to the security level of the signature algorithm. Illustratively, three security levels, high, medium, and low, can be distinguished. In practice, signature algorithms that may be employed may include Message Digest algorithms (MD 5), secure Hash algorithms (SHA, secure Hash Algorithm) 1, SHA256, hash Message authentication codes (HMAC, hash-based Message Authentication Code) _sha1, hmac_sha256, and the like. For example, the ciphertext generating policy with the second security level being low may be configured as MD5, the ciphertext generating policy with the second security level being medium may be configured as SHA1 or SHA256, and the ciphertext generating policy with the second security level being high may be configured as hmac_sha1 or hmac_sha256.
The first security level and the second security level corresponding to the same target field may be different or the same for the same target field. For example, an encryption algorithm with a high first security level may be employed, and a signature algorithm with a low second security level may be employed. In practice, the configuration can be carried out according to actual needs.
In this embodiment, an encryption algorithm and/or a signature algorithm may be adopted to convert the target field into the ciphertext, if the first transmission data includes multiple target fields, each target field adopts a respective encryption algorithm and/or a signature algorithm, which are not uniform, and for the whole transmission data, multiple dynamic combination modes formed by multiple encryption algorithms and multiple signature algorithms are presented, so that complexity is further increased, cracking difficulty is increased, and data protection effect is improved.
In an exemplary embodiment, the configuration file includes second configuration information, where the second configuration information characterizes switching information of the security protection function; for at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, and a specific implementation manner of the method may include: and responding to the second configuration information to characterize and start the security protection function, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
The data transmission method provided by the embodiment of the invention realizes the safety protection function of the data. In practical application, whether to start the safety protection function can be configured according to the requirement to perform data protection. For example, a switch control for the security protection function may be set on the configuration page. Based on the configuration operation of the configuration page for the switch control, the safety protection function is started or closed. Under the condition that the safety protection function is started, the target field is converted into the ciphertext, so that the use is more flexible.
It is appreciated that the first transmission data is directly taken as the second transmission data in response to the second configuration information characterizing the shutdown of the security protection function.
In an exemplary embodiment, the data transmission method may further include: the configuration file is stored locally in an encrypted manner. Since the configuration files all belong to sensitive data, the configuration files can be stored in an encrypted manner to avoid exposure. Further, the encryption key corresponding to the configuration file may also be stored in an encrypted manner. For example, the encryption key corresponding to the configuration file may be securely stored based on Keychain. Keycain is a safe storage container, can store information such as passwords, user names and the like with small data volume, and prevents violent cracking. In addition, other sensitive data such as constant character strings can be encrypted and stored so as to ensure the data security.
In an exemplary embodiment, the data transmission method may further include: and generating a first dynamic key corresponding to the ciphertext generating strategy. Accordingly, converting the target field into ciphertext may include: the target field is converted to ciphertext based on the first dynamic key.
Dynamic keys refer to encryption keys that are dynamically generated during processing of data, as opposed to static keys.
The first dynamic keys corresponding to the different ciphertext generating strategies are different.
In this embodiment, the ciphertext conversion may be performed by using the first dynamic key corresponding to the ciphertext generating policy, which effectively ensures the security of the key compared with the conventional manner of using the static key.
In an exemplary embodiment, generating a first dynamic key corresponding to a ciphertext generating policy may include: randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm; a first dynamic key is generated based on a target key generation algorithm.
In practical applications, a variety of key generation algorithms, such as AES or SM4, may be preset. In this embodiment, the target key generation algorithm for generating the first dynamic key is randomly selected from a plurality of key generation algorithms, so that the target key generation algorithm is also dynamic, and the security is further improved compared with the use of a fixed key generation algorithm.
In an exemplary embodiment, one of the first device side and the second device side is a user terminal, and then, based on the target key generation algorithm, a first dynamic key is generated, which may include: combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server; and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
The fixed key from the user terminal is also called a master key, and the second dynamic key from the secure server is also called a sub-key, and the master key and the sub-key form a key group, namely a third dynamic key.
In this embodiment, the key is divided into two parts by adopting the form of the key group, one part is maintained by the client, and the other part is dynamically maintained by the security server, so that the complexity of the dynamic key is increased, and the security of data protection is further improved.
In practical application, the user terminal may generate the fixed key by using a first preset key generation algorithm based on the device information of the user terminal. Therefore, the fixed key can also represent the equipment information of the user terminal, embody the source of transmission data, can indicate the safety of the data to a certain extent, and can have potential safety hazards if the equipment information of the user terminal is abnormal.
The security server may generate a second dynamic key using a second preset key generation algorithm. The second dynamic key can be set to be valid, and when the valid period is reached, the security server can generate a new second dynamic key by adopting a second preset key generation algorithm, so that the effect of the dynamic key is achieved. The second dynamic key may be carried in the configuration file.
The second preset key generation algorithm adopted by the security server is the same as the corresponding ciphertext generation strategy, so that rapid decryption is facilitated.
In an exemplary embodiment, the first transmission data is data for a target service, and the second dynamic key corresponding to the target service is different from the second dynamic keys corresponding to other services other than the target service.
In practical application, the service server side can provide multiple services at the same time, and the second dynamic key corresponding to each service can be different. By adopting different second dynamic keys among different services, the keys of the different services are mutually isolated, one service has a safety problem, and other services are not influenced, so that the safety risk is reduced. For example, the service server may provide a house renting service and a vehicle purchasing service, the second dynamic key of the house renting service is cracked, but the second dynamic key of the vehicle purchasing service is different from the second dynamic key, so that the data of the vehicle purchasing service is still safe.
In an exemplary embodiment, the data transmission method may further include: detecting whether an abnormality occurs in the running environment; in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the secret.
In this embodiment, when an operating environment trip abnormality is detected, the abnormality information is not directly displayed or directly sent to a certain fixed monitoring end, but is hidden in the current ciphertext, so that the abnormality information has better concealment, and when the requirements of debugging and the like exist, a developer can know which abnormalities occur during transmission of which data through the original data and the abnormality information in the ciphertext, so that the abnormality positioning can be quickly performed.
In an exemplary embodiment, the data transmission method may further include: and adding the identification of the ciphertext generating strategy corresponding to the target field into the ciphertext so as to adopt the decrypting strategy matched with the ciphertext generating strategy corresponding to the target field for decryption. In practical application, the identification of the ciphertext generating strategy can be identified by a random number. For example, a random number between 0 and 100 is generated to identify the AES encryption algorithm, and a random number between 100 and 10000 is generated to identify the SM4 encryption algorithm.
In an exemplary embodiment, the data transmission method may further include: decrypting the third transmission data from the second equipment end to obtain fourth transmission data; the fourth transmission data is the original data which needs to be transmitted to the first equipment end by the second equipment end; the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating strategy configured according to the security level and corresponding to the target field.
In this embodiment, the first transmission data that needs to be sent to the second device side by the first device side may be converted into the ciphertext, and the ciphertext from the second device side may be decrypted, so that interaction between the two parties may be achieved.
In practical application, the internal interface communication protocol between the first equipment end and the second equipment end can adopt Google Protocol Buffer protocol, and compared with the common JSON protocol, the data volume can be reduced to more than 40%. The protocol can be packaged into a static library, and the access party can be rapidly integrated through the Cocoaps.
The following describes a data transmission method provided by the embodiment of the present invention in more detail by taking a specific application scenario as an example.
In the related technology, the user terminal and the service server can adopt HTTP or HTTPS transmission protocol to carry out network communication, if HTTP is adopted, no data encryption strategy is available, and if HTTPS is adopted, the encryption security is low. Moreover, no matter HTTP or HTTPS is adopted, man-in-the-middle attack is easy to realize, and the security is low. To this end, the present embodiment provides a solution, specifically as follows:
for the user terminal, the data transmission method provided in this embodiment may be packaged into a secure SDK and added to an installation package of an Application (APP), where the installation package further includes the configuration file. The user terminal can download the installation package of the APP, and after installation, the user terminal comprises the APP, the secure SDK and the configuration file. Based on the above, the transmission data between the APP and the service server (i.e., APP server) can be processed by the above data transmission method of the secure SDK.
For the APP server, the data transmission between the APP server and the APP can be processed through the secure server deployed with the data transmission method of the embodiment of the invention.
The relevant deployment of the data transmission method of the present embodiment mainly includes the following aspects:
1. Internal interface communication protocol: a) And Google Protocol Buffer protocol is used between the APP server and the APP to process communication data, and compared with the common JSON protocol, the data volume is reduced by more than 40%. b) And packaging the protocol into a static library, and enabling the access party integration to be rapidly integrated through Cocoaps.
2. Key design:
a) The key is split into two parts by adopting a key group form, one part is maintained by the user terminal, and is a fixed key generated by a first preset key generation algorithm of the user terminal, namely a main key, and the other part is maintained by a safety server, and is an updatable second dynamic key corresponding to a ciphertext generation strategy and generated by a second preset key generation algorithm of the safety server, namely a sub key, and the key group of the main key and the sub key is processed by utilizing the key generation algorithm based on the main key and the sub key so as to obtain the first dynamic key and is safer.
b) And designing multiple key generation algorithms, wherein one key generation algorithm can be randomly selected from the multiple key generation algorithms to generate a first dynamic key, so that the dynamic and complexity of the key are ensured, and the violent cracking is effectively prevented.
c) The sub-keys are associated with the service lines and are set to have validity periods, and the sub-keys of different service lines are isolated from each other, namely, different service lines adopt different sub-keys.
3. Encryption/signature algorithm design:
a) And generating the ciphertext by adopting an encryption algorithm and/or a signature algorithm, wherein the encryption algorithm can select configuration from a plurality of encryption algorithms, and the signature algorithm can also select configuration from a plurality of signature algorithms.
b) Setting security levels, wherein each algorithm distributes different keys, namely, the encryption security levels and/or the signature security levels can be respectively set according to the fields aiming at the first transmission data, the different encryption security levels correspond to different encryption algorithms and first dynamic keys, and the different signature security levels correspond to different signature algorithms and first dynamic keys so as to realize the dynamics of the encryption algorithms and the signature algorithms at the field level, so that the encryption and signature algorithms are safer.
c) Each algorithm adopts a random number identifier and is assembled into a ciphertext so as to determine a decryption algorithm based on the algorithm characterized by the random number identifier.
4. Setting a configuration file, and flexibly and controllably processing data:
a) And (3) a switch: after the security protection function is online, whether the security protection function is started or not can be controlled online through a configuration management background provided by the security server, and switching information is added into a configuration file;
b) Fields: the fields to be processed by the interfaces of the service lines can be adjusted online through the configuration management background, and the fields which need encryption, signature, security level, encryption algorithm adopted, signature algorithm and the like can be set.
c) Key: the subkeys are issued through the configuration file, and the subkeys of each service line are isolated from each other.
5. Sensitive data protection:
a) The configuration file is sensitive data and can be stored in an encrypted mode.
b) And avoiding exposing constant character strings, and generating key keys (namely, encryption keys of configuration files) through algorithms, namely, encrypting the key keys into ciphertext.
c) And key keys are safely stored by using the Keychain, so that the key keys are prevented from being cracked by violence.
6. Setting an abnormality detection mechanism:
a) Detecting the abnormality of the APP operation environment and marking the abnormality information.
b) The abnormal information is hidden in the data processing result, namely, the abnormal information is added in the ciphertext (namely, the second transmission data), so that the method has good concealment.
c) And monitoring the abnormal equipment and the APP on line.
Based on this, as shown in fig. 3, the flow of the present embodiment is as follows:
the first step, start.
In a second step, the APP prepares to send a network request (i.e., the first transmission data described above). The network request may be an HTTP network request, or an HTTPs network request.
And thirdly, the APP calls the secure SDK, and if a switch of the secure SDK is turned on, a ciphertext is generated.
In the secure SDK, as shown in fig. 4, when the switch of the secure SDK is turned on, one key generation algorithm may be randomly selected from multiple key generation algorithms to obtain a target key generation algorithm, and based on the target key generation algorithm, a third dynamic key formed by combining the main key and the sub key is processed to obtain a first dynamic key corresponding to a signature algorithm configured according to an encryption security level and corresponding to a target field, and the first dynamic key corresponding to the encryption algorithm configured according to the encryption security level is obtained. Then, data processing is performed: and encrypting the target field in the network request by adopting the encryption security level and the corresponding first dynamic key, and signing the target field in the network request by adopting the signature security level and the corresponding first dynamic key. The three security levels high, medium and low are identified in fig. 4 as 1, 2 and 3. Thereafter, a processed network request is obtained.
In the case where the switch of the secure SDK is closed, then the original network request is treated as a processed network request.
And fourthly, the APP transmits the network request (namely the second transmission data) containing the ciphertext to an APP server.
Fifthly, the APP server receives a network request containing ciphertext from the APP, and calls the security server to decrypt the APP ciphertext to obtain APP plaintext.
And sixthly, the APP server responds to the APP plaintext, generates the plaintext which is sent to the APP, calls the security server, generates data containing the ciphertext and transmits the data to the APP.
Seventh, the APP receives the data containing the ciphertext of the APP server (namely the third transmission data), calls the secure SDK, decrypts the ciphertext of the APP server, and obtains the plaintext of the APP server (namely the fourth transmission data).
And eighth step, ending.
Thus, the network communication between the APP and the APP server is realized. The data of both sides are subjected to safety protection treatment before entering the transmission channel of network communication, and the realization effect is as follows:
1. encryption protection of data can be achieved whether HTTP or HTTPS is used.
2. The encryption algorithm is dynamic, so that the security of ciphertext data is greatly improved, and a man in the middle can be prevented from cracking the encrypted data through a tool.
3. The signature algorithm is dynamic, so that the network communication process and the behavior of tampered data can be effectively detected.
4. The dynamic key technology is used for replacing the traditional static key technology, so that the security of the encryption key is effectively ensured.
Fig. 5 is a schematic structural diagram of a data transmission device according to an embodiment of the present invention. As shown in fig. 5, the present embodiment provides a data transmission apparatus 500, including:
the ciphertext generating module 501 is configured to, for at least one target field of all fields included in the first transmission data, convert the target field into ciphertext based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, where the first transmission data is original data that needs to be transmitted to the second device side by the first device side;
the data obtaining module 502 is configured to take the first transmission data including the ciphertext as second transmission data, where the second transmission data is data entering a transmission channel between the first device side and the second device side for network communication.
In one possible embodiment, as shown in fig. 6, further includes:
a configuration obtaining module 503, configured to obtain a configuration file, where the configuration file includes first configuration information, and the first configuration information characterizes whether each field included in the first transmission data is a target field that needs to be converted into a ciphertext, and at least one ciphertext generating policy configured according to a security level corresponding to the target field;
The policy determining module 504 is configured to determine, based on the first configuration information, a target field and at least one ciphertext generating policy configured according to the security level, where the ciphertext generating policy corresponds to the target field, from all fields included in the first transmission data.
In one possible implementation, at least one ciphertext generating policy configured according to a security level comprises:
an encryption algorithm configured according to the first security level, and/or a signature algorithm configured according to the second security level.
In one possible implementation, the configuration file includes second configuration information, where the second configuration information characterizes switching information of the security protection function;
the ciphertext generating module 501 is specifically configured to:
and responding to the second configuration information to characterize and start the security protection function, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
In one possible implementation, the configuration obtaining module 503 is specifically configured to:
and acquiring the updated configuration file of the security server.
In one possible embodiment, as shown in fig. 6, further includes:
The file storage module 505 is configured to store the configuration file in a local encryption manner.
In one possible embodiment, as shown in fig. 6, further includes:
a key generation module 506, configured to generate a first dynamic key corresponding to the ciphertext generation policy;
the ciphertext generating module 501 is specifically configured to:
the target field is converted to ciphertext based on the first dynamic key.
In one possible implementation, the key generation module 506 is specifically configured to:
randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm;
a first dynamic key is generated based on a target key generation algorithm.
In one possible implementation, one of the first device side and the second device side is a user terminal, and the key generating module 506 is specifically configured to:
combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server;
and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
In one possible implementation, the first transmission data is data for a target service, and the second dynamic key corresponding to the target service is different from the second dynamic keys corresponding to other services other than the target service.
In one possible embodiment, as shown in fig. 6, further includes:
an anomaly detection module 507, configured to detect whether an anomaly occurs in the operating environment; in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the secret.
In one possible embodiment, as shown in fig. 6, further includes:
the data decryption module 508 is configured to decrypt the third transmission data from the second device side to obtain fourth transmission data; the fourth transmission data is the original data which needs to be transmitted to the first equipment end by the second equipment end; the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating policy configured according to the security level corresponding to the target field.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
An electronic device provided by an embodiment of the present invention includes: the steps of the data transmission method in any of the above embodiments are implemented by the processor, and the same technical effects are achieved, and the repetition is avoided.
Fig. 7 is a schematic structural diagram of an exemplary electronic device according to an embodiment of the present invention. As shown in fig. 7, the electronic device may include: the device comprises a processor 701, a communication interface 702, a memory 703 and a communication bus 704, wherein the processor 701, the communication interface 702 and the memory 703 are in communication with each other through the communication bus 704. The processor 701 may call a computer program in the memory 703 to perform the data transmission method in any of the above embodiments.
The embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the data transmission method as in any of the above embodiments, and can achieve the same technical effects, so that repetition is avoided, and no further description is given here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (22)

1. A data transmission method, comprising:
for at least one target field in all fields contained in first transmission data, generating a first dynamic key corresponding to a ciphertext generating policy based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, and converting the target field into ciphertext, including: converting the target field into ciphertext based on the first dynamic key, wherein the first transmission data is original data which needs to be transmitted to a second device side by the first device side;
the method comprises the steps that a plurality of target fields adopt ciphertext generating strategies configured by different security levels, and the security levels are related to the content of the target fields;
the first transmission data containing the ciphertext is used as second transmission data, and the second transmission data is data entering a transmission channel for network communication between the first equipment end and the second equipment end;
Wherein the at least one ciphertext generating policy configured according to the security level comprises: an encryption algorithm configured according to the first security level and/or a signature algorithm configured according to the second security level;
the first security level corresponding to the target field is the same as the second security level, or the first security level corresponding to the target field is different from the second security level.
2. The method as recited in claim 1, further comprising:
acquiring a configuration file, wherein the configuration file comprises first configuration information, the first configuration information characterizes whether each field contained in the first transmission data is the target field which needs to be converted into ciphertext, and at least one ciphertext generating strategy configured according to a security level corresponding to the target field;
and determining a target field and at least one ciphertext generating strategy configured according to the security level, which corresponds to the target field, in all fields contained in the first transmission data based on the first configuration information.
3. The method according to claim 2, wherein the configuration file contains second configuration information, and the second configuration information represents switching information of a safety protection function;
The converting, for at least one target field of all fields included in the first transmission data, the target field into a ciphertext based on at least one ciphertext generating policy configured according to a security level corresponding to the target field, includes:
and responding to the second configuration information to represent that the security protection function is started, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
4. The method of claim 2, wherein the obtaining the configuration file comprises:
and acquiring the configuration file updated by the security server.
5. The method as recited in claim 2, further comprising:
and storing the configuration file in a local encryption mode.
6. The method of claim 1, wherein the generating the first dynamic key corresponding to the ciphertext generation policy comprises:
randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm;
the first dynamic key is generated based on the target key generation algorithm.
7. The method of claim 6, wherein one of the first device side and the second device side is a user terminal, wherein the generating the first dynamic key based on the target key generation algorithm comprises:
combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server;
and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
8. The method of claim 7, wherein the first transmission data is data for a target service, the second dynamic key corresponding to the target service being different from the second dynamic keys corresponding to other services than the target service.
9. The method as recited in claim 1, further comprising:
detecting whether an abnormality occurs in the running environment;
in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the ciphertext.
10. The method according to any one of claims 1 to 9, further comprising:
Decrypting the third transmission data from the second equipment end to obtain fourth transmission data;
the fourth transmission data is original data which needs to be transmitted to the first equipment end by the second equipment end;
the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating strategy configured according to the security level and corresponding to the target field.
11. A data transmission apparatus, comprising:
the ciphertext generating module is used for converting at least one target field in all fields contained in the first transmission data into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field, wherein the first transmission data is original data which needs to be transmitted to the second equipment end by the first equipment end;
the data acquisition module is used for taking the first transmission data containing the ciphertext as second transmission data, wherein the second transmission data is data entering a transmission channel for network communication between the first equipment end and the second equipment end;
The apparatus further comprises:
the key generation module is used for generating a first dynamic key corresponding to the ciphertext generation strategy;
the ciphertext generating module is specifically configured to: converting the target field into ciphertext based on the first dynamic key;
the method comprises the steps that a plurality of target fields adopt ciphertext generating strategies configured by different security levels, and the security levels are related to the content of the target fields;
the at least one ciphertext generating policy configured according to the security level comprises: an encryption algorithm configured according to the first security level and/or a signature algorithm configured according to the second security level;
the first security level corresponding to the target field is the same as the second security level, or the first security level corresponding to the target field is different from the second security level.
12. The apparatus as recited in claim 11, further comprising:
the configuration acquisition module is used for acquiring a configuration file, wherein the configuration file comprises first configuration information, the first configuration information characterizes whether each field contained in the first transmission data is the target field which needs to be converted into ciphertext, and at least one ciphertext generating strategy which is configured according to a security level and corresponds to the target field;
And the policy determining module is used for determining a target field in all fields contained in the first transmission data and at least one ciphertext generating policy configured according to the security level corresponding to the target field based on the first configuration information.
13. The apparatus of claim 12, wherein the configuration file includes second configuration information, the second configuration information characterizing switching information of a security protection function;
the ciphertext generating module is specifically configured to:
and responding to the second configuration information to represent that the security protection function is started, aiming at least one target field in all fields contained in the first transmission data, converting the target field into ciphertext based on at least one ciphertext generating strategy configured according to the security level corresponding to the target field.
14. The apparatus according to claim 12, wherein the configuration acquisition module is specifically configured to:
and acquiring the configuration file updated by the security server.
15. The apparatus as recited in claim 12, further comprising:
and the file storage module is used for locally encrypting and storing the configuration file.
16. The apparatus according to claim 11, wherein the key generation module is specifically configured to:
Randomly selecting a key generation algorithm from a plurality of preset key generation algorithms to serve as a target key generation algorithm;
the first dynamic key is generated based on the target key generation algorithm.
17. The apparatus of claim 16, wherein one of the first device side and the second device side is a user terminal, and the key generation module is specifically configured to:
combining to form a third dynamic key based on the fixed key from the user terminal and the second dynamic key from the security server;
and processing the third dynamic key based on the target key generation algorithm to obtain the first dynamic key.
18. The apparatus of claim 17, wherein the first transmission data is data for a target service, the second dynamic key corresponding to the target service being different from the second dynamic keys corresponding to other services than the target service.
19. The apparatus as recited in claim 11, further comprising:
the abnormality detection module is used for detecting whether the running environment is abnormal or not; in response to detecting an abnormality in the operating environment, abnormality information is recorded and added to the ciphertext.
20. The apparatus according to any one of claims 11 to 19, further comprising:
the data decryption module is used for decrypting the third transmission data from the second equipment end to obtain fourth transmission data; the fourth transmission data is original data which needs to be transmitted to the first equipment end by the second equipment end; the third transmission data is obtained by converting at least one target field of all fields in the fourth transmission data into ciphertext based on at least one ciphertext generating strategy configured according to the security level and corresponding to the target field.
21. An electronic device, comprising: a processor, a memory and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the data transmission method according to any one of claims 1 to 10.
22. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the data transmission method according to any of claims 1 to 10.
CN202110713582.8A 2021-06-25 2021-06-25 Data transmission method and device, electronic equipment and storage medium Active CN113595982B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110713582.8A CN113595982B (en) 2021-06-25 2021-06-25 Data transmission method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110713582.8A CN113595982B (en) 2021-06-25 2021-06-25 Data transmission method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113595982A CN113595982A (en) 2021-11-02
CN113595982B true CN113595982B (en) 2023-12-08

Family

ID=78244702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110713582.8A Active CN113595982B (en) 2021-06-25 2021-06-25 Data transmission method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113595982B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114866309B (en) * 2022-04-28 2024-03-08 四川万网鑫成信息科技有限公司 Data transmission method, system, equipment and medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN108011857A (en) * 2016-11-01 2018-05-08 北京京东尚科信息技术有限公司 Data dynamic encryption transmission configuration method and apparatus
CN108712412A (en) * 2018-05-15 2018-10-26 北京五八信息技术有限公司 A kind of encryption and decryption method of database, device, storage medium and terminal
CN109639415A (en) * 2018-12-19 2019-04-16 南京壹证通信息科技有限公司 A kind of collaboration key storage restoration methods based on Secret splitting
CN110413596A (en) * 2019-07-30 2019-11-05 北京明略软件系统有限公司 Field processing method and processing device, storage medium, electronic device
CN112019541A (en) * 2020-08-27 2020-12-01 平安国际智慧城市科技股份有限公司 Data transmission method and device, computer equipment and storage medium
CN112202754A (en) * 2020-09-25 2021-01-08 中国建设银行股份有限公司 Data encryption method and device, electronic equipment and storage medium
CN112235289A (en) * 2020-10-13 2021-01-15 桂林微网互联信息技术有限公司 Data encryption and decryption method and device, computing equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN108011857A (en) * 2016-11-01 2018-05-08 北京京东尚科信息技术有限公司 Data dynamic encryption transmission configuration method and apparatus
CN108712412A (en) * 2018-05-15 2018-10-26 北京五八信息技术有限公司 A kind of encryption and decryption method of database, device, storage medium and terminal
CN109639415A (en) * 2018-12-19 2019-04-16 南京壹证通信息科技有限公司 A kind of collaboration key storage restoration methods based on Secret splitting
CN110413596A (en) * 2019-07-30 2019-11-05 北京明略软件系统有限公司 Field processing method and processing device, storage medium, electronic device
CN112019541A (en) * 2020-08-27 2020-12-01 平安国际智慧城市科技股份有限公司 Data transmission method and device, computer equipment and storage medium
CN112202754A (en) * 2020-09-25 2021-01-08 中国建设银行股份有限公司 Data encryption method and device, electronic equipment and storage medium
CN112235289A (en) * 2020-10-13 2021-01-15 桂林微网互联信息技术有限公司 Data encryption and decryption method and device, computing equipment and storage medium

Also Published As

Publication number Publication date
CN113595982A (en) 2021-11-02

Similar Documents

Publication Publication Date Title
US10652015B2 (en) Confidential communication management
US9432346B2 (en) Protocol for controlling access to encryption keys
CN107294937B (en) Data transmission method based on network communication, client and server
CN111245802B (en) Data transmission security control method, server and terminal
EP3035641A1 (en) Method for file upload to cloud storage system, download method and device
CN110868291B (en) Data encryption transmission method, device, system and storage medium
US20150256343A1 (en) Securely Generating and Storing Passwords in a Computer System
CN115048657B (en) System, method and computer readable medium for protecting cryptographic keys
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
WO2018220693A1 (en) Information processing device, verification device, information processing system, information processing method, and recording medium
CN107368737A (en) A kind of processing method for preventing copy-attack, server and client
KR101832861B1 (en) Method and Apparatus for Evaluating Passwords
CN113595982B (en) Data transmission method and device, electronic equipment and storage medium
CN114499837A (en) Method, device, system and equipment for preventing leakage of message
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN112995096B (en) Data encryption and decryption methods, devices and equipment
Kapusta et al. Secure data sharing with fast access revocation through untrusted clouds
Nazarov et al. An Architecture Model for Active Cyber Attacks on Intelligence Info-communication Systems: Application Based on Advance System Encryption (AES-512) Using Pre-Encrypted Search Table and Pseudo-Random Functions (PRFs)
CN115460020B (en) Data sharing method, device, equipment and storage medium
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
CN117313115A (en) Method and corresponding device for accessing, acquiring and managing installation package resource file
CN117221878A (en) Information security control method and device based on wireless network equipment
KR20210104338A (en) Encryption Gateway equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service between IoT device using the same
CN117879803A (en) Data transmission system, method, equipment and storage medium based on link encryption
CN116720204A (en) Data processing method, device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant