CN113630412A - Resource downloading method, resource downloading device, electronic equipment and storage medium - Google Patents

Resource downloading method, resource downloading device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113630412A
CN113630412A CN202110899114.4A CN202110899114A CN113630412A CN 113630412 A CN113630412 A CN 113630412A CN 202110899114 A CN202110899114 A CN 202110899114A CN 113630412 A CN113630412 A CN 113630412A
Authority
CN
China
Prior art keywords
resource
key
encrypted
client
encrypted resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110899114.4A
Other languages
Chinese (zh)
Other versions
CN113630412B (en
Inventor
韩长青
许立欣
杜志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Original Assignee
Baidu Online Network Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baidu Online Network Technology Beijing Co Ltd filed Critical Baidu Online Network Technology Beijing Co Ltd
Priority to CN202110899114.4A priority Critical patent/CN113630412B/en
Publication of CN113630412A publication Critical patent/CN113630412A/en
Application granted granted Critical
Publication of CN113630412B publication Critical patent/CN113630412B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides a resource downloading method, a resource downloading device, an electronic device and a storage medium, and relates to the field of computer technologies, in particular to the field of information security. The specific implementation scheme is as follows: in response to a login authentication request for a user from a client, transmitting an encryption key to the client in a case where it is determined that an authentication result for authentication information included in the login authentication request is authenticated using a trusted public key list, wherein the trusted public key list includes public keys of at least one electronic key; responding to a downloading request from a client, and acquiring an encrypted resource related to a downloading path included in the downloading request; and sending the encrypted resources to the client so that the client decrypts the encrypted resources by using the private key and the encryption key of the electronic key in the process of receiving the encrypted resources to obtain the target resources.

Description

Resource downloading method, resource downloading device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technology, and more particularly, to the field of information security. In particular, the invention relates to a resource downloading method, a resource downloading device, an electronic device and a storage medium.
Background
With the development of computer technology, more and more ways to acquire resources are provided. For example, a user may utilize a client to obtain a network resource stored on a server, where the network resource may include pictures, audio, or video. The network resource may exist in the form of a file.
Disclosure of Invention
The disclosure provides a resource downloading method, a resource downloading device, an electronic device and a storage medium.
According to an aspect of the present disclosure, there is provided a resource downloading method, including: in response to a login authentication request for a user from a client, in the case that it is determined that an authentication result for authentication information included in the login authentication request is authenticated by using a trusted public key list, transmitting an encryption key to the client, wherein the trusted public key list includes public keys of at least one electronic key; responding to a downloading request from a client, and acquiring an encrypted resource related to a downloading path included in the downloading request; and sending the encrypted resource to the client, so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
According to another aspect of the present disclosure, there is provided a resource downloading method, including: sending a login authentication request to a server; in response to receiving an encryption key from a server, sending a download request to the server; receiving an encrypted resource from the server, wherein the encrypted resource is associated with a download path included in the download request; and in the process of receiving the encrypted resource, decrypting the encrypted resource by using the private key of the electronic key and the encryption key to obtain the target resource.
According to another aspect of the present disclosure, there is provided a resource downloading apparatus including: a first sending module, configured to send, in response to a login authentication request for a user from a client, an encryption key to the client if it is determined that an authentication result for authentication information included in the login authentication request is authenticated using a trusted public key list, where the trusted public key list includes public keys of at least one electronic key; the acquisition module is used for responding to a downloading request from a client and acquiring encrypted resources related to a downloading path included by the downloading request; and the second sending module is used for sending the encrypted resource to the client so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
According to another aspect of the present disclosure, there is provided a resource downloading apparatus including: a fifth sending module, configured to send a login authentication request to the server; a sixth sending module, configured to send a download request to the server in response to receiving the encryption key from the server; a second receiving module, configured to receive an encrypted resource from the server, where the encrypted resource is related to a download path included in the download request; and the decryption module is used for decrypting the encrypted resource by using a private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
According to another aspect of the present disclosure, there is provided an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to perform the method.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method as described above.
According to another aspect of the present disclosure, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the method as described above.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 schematically illustrates an exemplary system architecture of a method and apparatus for downloading resources according to an embodiment of the present disclosure;
FIG. 2 schematically shows a flow chart of a resource download method according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a flow chart of an identity authentication process according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram of a resource download method according to another embodiment of the present disclosure;
FIG. 5 schematically shows a schematic diagram of a process of obtaining a target resource segment according to an embodiment of the present disclosure;
FIG. 6 schematically shows a block diagram of a resource downloading apparatus according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of a resource download apparatus according to another embodiment of the present disclosure; and
fig. 8 schematically shows a block diagram of an electronic device suitable for a resource downloading method according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The user can download the resources stored in the server to the local by using the client so as to facilitate local reference. The Resource stored in the server may be downloaded by the client, in such a way that the client obtains a URL (Uniform Resource Locator) input by the user, and the client sends a download request to the server, where the download request may include the URL. And the server acquires the resource corresponding to the URL and sends the resource corresponding to the URL to the client. The user can interact with the server through the browser of the client.
In implementing the disclosed concept, the security of resource downloads is found to be low. In order to improve the security of resource downloading, it may be designed to, on one hand, authenticate the user identity for the user to ensure that the user is a trusted user with corresponding rights as much as possible. On the other hand, for the resource itself, the resource with higher security requirement can be encrypted, so that the resource is transmitted in the form of encrypted resource in the network transmission process.
To this end, it was found that resources can be encrypted and authenticated with an electronic Key (i.e., USB Key). The USB Key is a hardware device of USB (Universal Serial Bus), which is embedded with a single chip or a smart card chip, has a certain storage space, and can store a private Key and a public Key (i.e. a digital certificate) of a user representing a unique identity of the user. The private Key of the user is generated within the USB Key of high security and cannot be exported outside the USB Key. In the internet banking application, the digital signature of the transaction data is completed inside the USB Key and protected by the PIN code of the USB Key (i.e. the login password of the USB Key).
For encrypting a resource with an electronic key, it was found that the resource can be encrypted with an encryption algorithm. The encryption algorithm may include a symmetric encryption algorithm or an asymmetric encryption algorithm. For example, the resource may be encrypted using a symmetric encryption algorithm. The Key used for encryption and decryption may be referred to as an Enc-Key. Namely, the server encrypts the resource by using the encryption algorithm to obtain the encrypted resource, and the client decrypts the encrypted resource by using the decryption algorithm after obtaining the encrypted resource of the server. Although the transmission of encrypted resources may effectively guarantee the security of the resources, there may be a certain security risk if different resources utilize the same key. For this reason, it is found that the key can be encrypted to obtain an encryption key, so as to ensure the security and uniqueness of the key.
Therefore, the embodiment of the disclosure provides a scheme for realizing resource downloading based on an electronic key, after identity authentication is completed by using the electronic key, encrypted resources stored in a server can be downloaded, and the scheme can be applied to a scene that the server resources have encryption requirements and conditional resource downloading can be performed.
Based on the foregoing, the disclosed embodiments provide a resource downloading method, a resource downloading apparatus, an electronic device, a non-transitory computer-readable storage medium storing computer instructions, and a computer program product. The resource downloading method comprises the following steps: the method comprises the steps of responding to a login authentication request from a client and sending an encryption key to the client under the condition that the authentication result of authentication information included in the login authentication request is verified by using a trusted public key list, wherein the trusted public key list comprises public keys of at least one electronic key, responding to a downloading request from the client, acquiring encryption resources related to a downloading path included in the downloading request, and sending the encryption resources to the client, so that the client decrypts the encryption resources by using a private key of the electronic key and the encryption key in the process of receiving the encryption resources to obtain target resources.
The encrypted resource can be decrypted by using the private key and the encryption key of the electronic key, the trusted public key list is used for determining that the verification result of the verification information included in the login verification request is the user who passes the verification, and the verification result is that the user who fails the verification cannot decrypt the encrypted resource by using the private key and the encryption key of the electronic key, so that the security of the user who downloads the resource is effectively ensured, and the security of resource downloading is further improved. Meanwhile, because the resource is an encrypted resource and the encrypted resource is decrypted by using the encryption key, the security of resource downloading is also improved.
Fig. 1 schematically shows an exemplary system architecture of a method and apparatus for downloading resources according to an embodiment of the present disclosure.
It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios. For example, in another embodiment, an exemplary system architecture to which the resource downloading method and apparatus may be applied may include a client, but the client may implement the resource downloading method and apparatus provided in the embodiments of the present disclosure without interacting with a server.
As shown in fig. 1, a system architecture 100 according to this embodiment may include clients 101, 102, 103, a network 104, and a server 105. Network 104 is the medium used to provide communication links between clients 101, 102, 103 and server 105. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.
A user may use clients 101, 102, 103 to interact with server 105 over network 104 to receive or send messages, etc. The clients 101, 102, 103 may have installed thereon various messaging client applications, such as a knowledge reading-type application, a web browser application, a search-type application, an instant messaging tool, a mailbox client, and/or social platform software, etc. (by way of example only).
The clients 101, 102, 103 may be various electronic devices with USB interfaces, capable of utilizing USB keys, having display screens, and supporting web browsing, including but not limited to smart phones, tablets, laptop portable computers, desktop computers, and the like.
The clients 101, 102, 103 may be clients that provide various services, for example, the clients 101, 102, 103 may send login authentication requests to the server, download requests to the server 105 in response to receiving an encryption key from the server 205; receiving the encrypted resource from the server 105, the encrypted resource being associated with the download path included in the download request, decrypting the encrypted resource using the private key and the encryption key of the electronic key during the process of receiving the encrypted resource to obtain the target resource
The server 105 may be various types of servers that provide various services. For example, the Server 105 may be a cloud Server, which is also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service extensibility in a conventional physical host and a VPS (Virtual Private Server, VPS). The server 105 may also be an edge server. Server 105 may also be a server of a distributed system or a server that incorporates a blockchain.
The server 105 may send an encryption key to the client in response to a login authentication request for the user from the client, in a case where it is determined that an authentication result for authentication information included in the login authentication request is authenticated by using the trusted public key list, obtain an encrypted resource related to a download path included in the download request in response to the download request from the client, and send the encrypted resource to the client, so that the client decrypts the encrypted resource by using a private key of the electronic key and the encryption key in a process of receiving the encrypted resource to obtain a target resource.
It should be understood that the number of clients, networks, and servers in FIG. 1 is merely illustrative. There may be any number of clients, networks, and servers, as desired for an implementation.
Fig. 2 schematically shows a flow chart of a resource downloading method according to an embodiment of the present disclosure.
As shown in FIG. 2, the method 200 includes operations S210-S230.
In operation S210, in response to a login authentication request for a user from a client, in case it is determined that an authentication result for authentication information included in the login authentication request is authentication pass using a trusted public key list, the trusted public key list including public keys of at least one electronic key, an encryption key is transmitted to the client.
In operation S220, in response to a download request from a client, an encrypted resource related to a download path included in the download request is acquired.
In operation S230, the encrypted resource is sent to the client, so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource, and obtains the target resource.
According to an embodiment of the present disclosure, the login authentication request may be a request for characterizing authentication whether the user has the right to download the encrypted resource. The login authentication request may be generated by the client upon detecting that an electronic key is inserted into the client and that the user entered a username and a login password for the electronic key. In case the electronic key is inserted into the client, the correlation signal may be triggered, e.g. the correlation signal may comprise an interrupt signal, and the client may determine that the electronic key is inserted into the client in case the correlation signal is detected. The electronic key may be plugged into a USB interface of the client. The verification information may include at least one of a response code and a public key of the electronic key. The response code can be obtained by the client signing the verification code from the server by using the private key of the electronic key.
According to the present disclosure, the download request may include a download path, which may be used to characterize a path for obtaining encrypted resources. The trusted public key list may be used to store public keys of electronic keys having the authority to download encrypted resources. The trusted public key list may be obtained in advance and stored in the server.
According to an embodiment of the present disclosure, the server may determine whether the authentication result for the authentication information included in the login authentication request is authentication pass using the trusted public key list. If it is determined that the authentication result for the authentication information included in the login authentication request is authentication pass, it can be stated that the user having the public key of the electronic key is a user having the authority to download the encrypted resource, and thus, the encryption key can be transmitted to the client. If it is determined that the authentication result for the authentication information included in the login authentication request is authentication failure, it can be said that the user having the public key of the electronic key is a user who does not have the authority to download the encrypted resource, and thus, execution of the subsequent operation is ended.
According to the embodiment of the disclosure, if the server determines that the authentication result of the authentication information included in the login authentication request is that the authentication is passed, the server transmits the encryption key to the client, so that the client can use the encryption key and the private key of the electronic key to decrypt the encrypted resource in the process of receiving the encrypted resource. For example, the client may decrypt the encryption key with a private key of the electronic key to obtain an initial key, and decrypt the encrypted resource with the initial key to obtain the target resource. The client can receive and decrypt the encrypted resources during the process of receiving the encrypted resources, so that the resources downloaded to the local part of the client are the target resources after decryption.
According to an embodiment of the present disclosure, the server may further transmit response information to the client in a case where it is determined that the authentication result for the authentication information included in the login authentication request is authentication pass. The client may obtain the private key of the electronic key upon receiving a response from the server. The reply information may include a small text file (i.e., Cookies) that may include an encryption key. After obtaining the encrypted resources, the client may determine whether the small text file exists, and in the case where it is determined that the small text file exists, the client obtains the encryption key from the small text file. In a case where it is determined that the small text file does not exist, the client performs an operation of logging in the electronic key.
According to the embodiment of the disclosure, the encrypted resource can be decrypted by using the private key and the encryption key of the electronic key, and the user who meets the following conditions: the trusted public key list is used for determining that the verification result of the verification information included in the login verification request is the user who passes the verification, and the verification result is that the user who fails the verification cannot decrypt the encrypted resource by using the private key and the encryption key of the electronic key, so that the security of the user who downloads the resource is effectively guaranteed, and the security of resource downloading is further improved. In addition, because the resource is an encrypted resource and the encrypted resource is decrypted according to the encryption key, the security of resource downloading is also improved.
According to an embodiment of the present disclosure, the resource downloading method may further include the following operations.
And sending the verification code to the client so that the client signs the verification code by using the private key of the electronic key to generate a response code. And receiving the response code from the client and the public key of the electronic key. And under the condition that the public key of the electronic key exists in the credible public key list, verifying the answer code. In a case where it is determined that the result of the verification for the response code is verified, it is determined that the result of the verification for the verification information is verified.
According to the embodiment of the present disclosure, the forms of the verification code and the response code may be configured according to actual service requirements, and are not limited herein.
According to the embodiment of the disclosure, the server can respond to a login verification request for a user from the client, and send the verification code to the client, so that the client performs digital signature on the verification code by using a private key of the electronic key to generate a response code, and the client sends the response code and a public key of the electronic key to the server. The server determines whether the public key of the electronic key exists in the trusted public key list, if the public key of the electronic key exists in the trusted public key list, the answer code can be verified, and if the verification result of the answer code is verified, the verification result of the verification information can be proved to be verified. If it is determined that the result of the verification for the response code is verification failure, it can be said that the result of the verification for the verification information is verification failure. If it is determined that the public key of the electronic key does not exist in the trusted public key list, it may be stated that the verification result for the verification information is verification failure.
According to the embodiment of the disclosure, before responding to the login authentication request for the user from the client, the intranet identity authentication can be performed on the user. That is, the server may respond to the login authentication request for the user from the client if the login authentication request for the user from the client is received in a case where it is determined that the authentication result for the user information included in the intranet authentication request is authenticated in response to the intranet authentication request for the user from the client. The user information may include a username and a login password. The intranet authentication request can be used for representing a request for verifying whether a user has the right to browse the encrypted resources and the non-encrypted resources. And in the case that the verification result of the user information included in the intranet authentication request is determined to be verification failure, the user does not have the right to browse the encrypted resources and the non-encrypted resources.
According to the embodiment of the disclosure, for a user having the authority to browse encrypted resources and unencrypted resources, for unencrypted resources, the user can perform at least one of browsing and downloading operations on unencrypted resources. For the encrypted resource, if the user needs to download the encrypted resource, the user needs to verify the verification information included in the login verification request by using the trusted public key list, the verification result is that the user who passes the verification can download the encrypted resource, and the verification result is that the user who fails the verification cannot download the encrypted resource.
According to an embodiment of the present disclosure, the resource downloading method may further include the following operations.
And encrypting the initial key by using the public key of the electronic key to obtain an encryption key.
In accordance with embodiments of the present disclosure, for encrypting a resource with an electronic key, it is found that the security and uniqueness of the key can be guaranteed with the electronic key. The electronic key comprises one or more key pairs, one key pair can be selected, the initial key is encrypted by using the public key of the electronic key to obtain an encryption key, and the encryption key is stored in the server. The server may transmit the encryption key to the client in a case where it is determined by using the trusted public key list that the authentication result for the authentication information included in the login authentication request is authenticated, and transmit the encrypted resource to the client in a case where the encrypted resource related to the download path included in the download request is acquired in response to the download request from the client. The client can decrypt the encryption key by using the private key of the electronic key to obtain an initial key, and then decrypt the encrypted resource by using the initial key to obtain the target resource.
According to the embodiment of the disclosure, different resources can be managed respectively by using the electronic key, that is, different initial keys are used for encrypting and decrypting the resources without depending on a fixed initial key, so that the security of resource downloading is improved. The server encrypts the initial key by using the public key of the electronic key, and then sends the encrypted key and the encrypted resource obtained by encrypting the target resource by using the initial key to the client, so that different initial keys are respectively used for encrypting different resources. Because the user can decrypt the resources within the user authority range by using the effective private key of the electronic key, the private key of the electronic key is stored in the electronic key, and the user who can decrypt the encrypted resources by using the private key and the encryption key of the electronic key is the user who meets the following conditions: and determining that the authentication result aiming at the authentication information included in the login authentication request is the authenticated user by using the trusted public key list, thereby improving the security of resource downloading.
According to an embodiment of the present disclosure, the resource downloading method may further include the following operations.
And based on a block encryption algorithm, encrypting the target resource by using the initial key to obtain an encrypted resource.
According to the embodiment of the disclosure, the target resource may be encrypted by using an Encryption algorithm and an initial key to obtain an encrypted resource, the Encryption algorithm may include a symmetric Encryption algorithm, the symmetric Encryption algorithm may include a block Encryption algorithm, and the block Encryption algorithm may include AES (Advanced Encryption Standard). The mode of operation of AES may include CTR (Counter, calculator mode), which is a Counter that increments one by one for each packet and generates a keystream by encrypting the Counter, i.e., ciphertext packets are obtained by xoring a bit sequence obtained by encrypting the Counter with plaintext packets, ciphertext may refer to an encrypted resource and plaintext may refer to a target resource. The CTR encryption mode is simple, fast, safe and reliable.
According to the embodiment of the disclosure, the server may encrypt the target resource by using the initial key based on the OpenSSL and the packet encryption algorithm, so as to obtain the encrypted resource.
According to an embodiment of the present disclosure, the resource downloading method may further include the following operations.
And sending the initialization vector to the client.
Operation S230 may include the following operations.
And sending the encrypted resources to the client so that the client decrypts the encrypted resources by using the private key, the encryption key and the initialization vector of the electronic key based on a packet decryption algorithm in the process of receiving the encrypted resources to obtain the target resources.
According to an embodiment of the present disclosure, the Initialization Vector (IV) is a fixed-length input value. The initialization vector may be generated using a random or pseudo-random number. The initialization vector generated by the random number can achieve semantic security, and an attacker can not easily crack the ciphertext of the same key.
According to embodiments of the present disclosure, a small text file may include an encryption key and an initialization vector. After obtaining the encrypted resources, the client may determine whether a small text file exists. In the event that it is determined that a small text file exists, the client obtains the encryption key and initialization vector from the small text file. And decrypting the encrypted key by using the private key of the electronic key to obtain an initial key, and decrypting the encrypted resource by using the initial key and the initialization vector to obtain the target resource.
Referring to fig. 3, a resource downloading method according to an embodiment of the disclosure is further described with reference to a specific embodiment.
Fig. 3 schematically shows a flow chart of an identity authentication procedure according to an embodiment of the present disclosure.
As shown in fig. 3, the method 300 includes operations S301 to S307.
In operation S301, the server 302 transmits a passcode to the client 301.
In operation S302, the client 301 signs the verification code with the private key of the electronic key 303, and generates a response code.
In operation S303, the client 301 transmits the response code and the public key of the electronic key 303 to the server 302.
In operation S304, the server 302 trusted public key list exists the public key of the electronic key 303? If so, perform operation 305; if not, operation S306 is performed.
In operation S305, is the verification result of the server 302 for the response code verification pass? If yes, go to operation S307; if not, operation S306 is performed.
In operation S306, the server 302 determines that the verification result is verification failure.
In operation S307, the server 302 determines that the authentication result is authentication pass.
Fig. 4 schematically shows a flowchart of a resource downloading method according to another embodiment of the present disclosure.
As shown in fig. 4, the method 400 includes operations S410 to S440.
In operation S410, a login authentication request is transmitted to the server.
In response to receiving the encryption key from the server, a download request is transmitted to the server in operation S420.
In operation S430, an encrypted resource is received from the server, wherein the encrypted resource is associated with a download path included in the download request.
In operation S440, in the process of receiving the encrypted resource, the encrypted resource is decrypted by using the private key of the electronic key and the encryption key, so as to obtain the target resource.
According to an embodiment of the present disclosure, a client may transmit a login authentication request for a user to a server, so that the server transmits an encryption key to the client in response to the login authentication request for the user from the client in a case where it is determined with a trusted public key list that an authentication result for authentication information included in the login authentication request is authentication pass. The client generates a downloading request and sends the downloading request to the server, so that the server responds to the downloading request and acquires the encrypted resource related to the downloading path included in the downloading request. The client receives the encrypted resources from the server, and decrypts the encrypted resources by using the private key and the encryption key of the electronic key in the process of receiving the encrypted resources to obtain the target resources. The client may obtain the private key of the electronic key upon receiving a response from the server.
According to the embodiment of the disclosure, the client can receive and decrypt the encrypted resources in the process of receiving the encrypted resources, so that the resources downloaded to the local part of the client are the target resources after decryption.
According to an embodiment of the present disclosure, the resource downloading method may further include the following operations.
An initialization vector is received from a server.
Operation S440 may include the following operations.
And based on a block decryption algorithm, decrypting the encrypted resources by using a private key of the electronic key, the encrypted key and the initialization vector to obtain the target resources.
According to the embodiment of the disclosure, before the resources are stored to the local part of the client, the encrypted resources need to be decrypted by using a decryption algorithm, so as to obtain the target resources. The decryption algorithm may comprise a symmetric decryption algorithm or an asymmetric decryption algorithm, the symmetric decryption algorithm may comprise a block encryption algorithm, and the block encryption algorithm may comprise AES. The operating mode of AES may include CTR. And encrypting the target resource by using the CTR to obtain an encrypted resource, namely encrypting the resource packet by performing XOR on a bit sequence obtained by encrypting the counter and the target resource packet. And decrypting the encrypted resource by using the CTR to obtain the target resource, namely, the target resource packet is obtained by carrying out XOR on the key stream and the encrypted resource packet.
According to the embodiment of the disclosure, decrypting the encrypted resource by using the private key of the electronic key, the encryption key and the initialization vector based on the block decryption algorithm to obtain the target resource may include the following operations.
And based on a packet decryption algorithm, decrypting the encrypted key by using a private key of the electronic key to obtain an initial key. And decrypting the encrypted resources by using the initial key and the initialization vector to obtain the target resources.
According to an embodiment of the present disclosure, the packet decryption algorithm may include AES.
According to the embodiment of the disclosure, the client can realize AES decryption by utilizing the Web Crypto API. The Web Crypto API provides a set of interfaces to cryptography for scripts to use in building systems that require the use of passwords. The subtletecrypto interface based on the Web Crypto API provides the underlying encryption function.
According to an embodiment of the present disclosure, the client may also decrypt the encrypted resource using an electronic key tool.
Operation S340 may include the following operations according to an embodiment of the present disclosure.
And carrying out streaming processing on the encrypted resource to obtain a plurality of encrypted resource fragments. And for each encrypted resource segment in the plurality of encrypted resource segments, after the encrypted resource segment is received, decrypting the encrypted resource segment by using a private key and an encryption key of the electronic key to obtain a target resource segment corresponding to the encrypted resource segment. And obtaining the target resource according to the plurality of target resource segments.
According to the embodiment of the disclosure, if the target resource is large in size and is difficult to completely download in a short time, a proper method can be selected to solve the problem of continuous transmission of the large target resource. To this end, the encrypted resource may be processed using a streaming method, resulting in a plurality of encrypted resource fragments.
According to the embodiment of the disclosure, in the case that the encrypted resource is processed by using a streaming processing method to obtain a plurality of encrypted resource segments, since the storage space of the client browser is limited, how to download the resource is also a problem to be solved. The method can be achieved by means of downloading and decrypting, namely, after each encrypted resource segment is received, the encrypted resource segment can be decrypted by means of a private key of an electronic key, an encryption key and an initialization vector, and a target resource segment corresponding to the encrypted resource segment is obtained. Decrypting the encrypted resource segment using the private key of the electronic key, the encryption key, and the initialization vector to obtain the target resource segment corresponding to the encrypted resource segment may include: and decrypting the encrypted key by using the private key of the electronic key to obtain an initial key, and decrypting the encrypted resource segment by using the initial key to obtain a target resource segment corresponding to the encrypted resource segment. The encrypted resource segments may be data in binary form.
Referring to fig. 5, a resource downloading method according to an embodiment of the disclosure is further described with reference to a specific embodiment.
Fig. 5 schematically shows a schematic diagram of a process of acquiring a target resource segment according to an embodiment of the present disclosure.
As shown in fig. 5, the process 500 of obtaining the target resource segment may include the client decrypting the encryption key 502 by using the public key 501 of the electronic key to obtain an initial key 503, and decrypting the encrypted resource segment 505 by using the initial key 503 and the initialization vector 505 based on the packet decryption algorithm 504 to obtain the target resource segment 506.
According to an embodiment of the present disclosure, performing streaming processing on an encrypted resource to obtain a plurality of encrypted resource segments may include the following operations.
And carrying out stream processing on the encrypted resources by using the resource acquisition interface, the data stream interface and the stream data storage plug-in to obtain a plurality of encrypted resource fragments.
According to an embodiment of the present disclosure, an encrypted resource may be acquired using a resource acquisition interface, the encrypted resource being streaming data. The resource acquisition interface may include a Fetch API. The stream data saving plug-in processes the encrypted resources by using a stream conversion method included by the stream data interface and a Service (i.e. Service Worker) terminal included by the stream data saving plug-in to obtain a plurality of encrypted resource fragments, and the stream data interface can be used for processing the encrypted resources obtained by using the resource obtaining interface. The data Stream interface may include a Stream API. The translation stream method included in the data stream interface may be a TransformStream method.
According to the embodiment of the disclosure, the streaming transmission of the encrypted resource can be performed by using the resource acquisition interface and the data stream interface, and the breakpoint resume function of the browser is realized in a simulated manner.
According to the embodiment of the disclosure, performing streaming processing on an encrypted resource by using a resource acquisition interface, a data stream interface and a stream data storage plug-in to obtain a plurality of encrypted resource segments may include the following operations.
And receiving a readable stream instance sent by the server through the resource acquisition interface, wherein the readable stream instance comprises the encrypted resource. The readable instance is created using a convert stream method of the data stream interface. A plurality of encrypted resource fragments are obtained from the readable stream instance using the readable instance and the stream data preservation plug-in.
The resource downloading method may further include the following operations.
A writable instance is created using a stream data save plug-in. The target resource segment is stored to the writable instance.
According to an embodiment of the present disclosure, the resource acquisition interface may be a Fetch API. The Fetch API provides a global Fetch method to obtain encrypted resources, and obtains an instance of a readable stream (i.e., ReadableStream) using the Fetch method. The readable stream instance may include a loading resource. The data Stream interface may be a Stream API. The Streams API gives the network the ability to request that data be processed in fragments, and can receive a portion of binary data in the form of a TypedArray fragment and then directly process the data, similar to a breakpoint resume of a browser. The ReadableStream instance created by using the Fetch API may be processed by using the Streams API, that is, a transformat stream (TransformStream) method included in the Streams API may be used, and the transformat stream method is a stream that can be written and read. The TransformStream method itself encapsulates two parameters, readableStream and WritableStream, and can create a readable (i.e., reader) instance with readableStream, a writeable (i.e., writer) instance with WritableStream, a reader instance can be used to handle encrypted resources obtained with the Fetch API, and a writer instance can be used to store resources obtained with the reader instance to the writer instance.
Js may be a stream save plug-in according to an embodiment of the present disclosure. Js may include a Client (i.e., Client) side and a server side. Js can create a readable instance by using a transformstart method, instead of directly storing resources into the client, so that the limitation of the storage space of the client is broken through.
The server can be used for maintaining a continuous channel, so that the downloading and the decryption are realized while the resources are stored to the local client. The server is realized by utilizing a Service Worker, the principle is that a server is forged to download resources and a new download link is forged, a request for downloading the download link is intercepted by the Service Worker, and the resource flow is continuously written into the new download link.
According to the embodiment of the disclosure, the operation of downloading the encrypted resource from the client request server to the client for decryption is as follows, namely, the client sends the download request to the server by using the Fetch API, the server creates a ReaderStream instance after receiving the download request, and sends the ReaderStream instance to the client. After receiving the ReaderStream instance, the client creates a reader instance by using the TransformStream method included in the Stream API. The reader instance reads partial contents (namely encrypted resource segments) of the ReaderStream instance in sequence in a segment mode, after the reader instance reads the partial contents, the AES decryption algorithm and a private key of an electronic key are used for decrypting the encrypted key to obtain an initial key, the initial key and an initialization vector are used for decrypting the encrypted resource segments to obtain target resource segments, and the target resource segments are written into the writer instance, so that the target resource segments are written in once. And repeating the process of acquiring the encrypted resource segment by the reader instance in a segment mode and writing the encrypted resource segment into the writer until the reader instance finishes reading the content of all the ReaderStream instances, and finishing the whole downloading process.
It should be noted that, in the technical solution of the embodiment of the present disclosure, the resources involved, the obtaining, processing and storing of the public key and the private key of the electronic key all conform to the regulations of the related laws and regulations, and necessary security measures are taken without violating the good customs of the public order.
Fig. 6 schematically shows a block diagram of a resource downloading device according to an embodiment of the present disclosure.
As shown in fig. 6, the resource downloading apparatus 600 may include a first transmitting module 610, an obtaining module 620, and a second transmitting module 630.
A first sending module 610, configured to, in response to a login authentication request for a user from a client, send an encryption key to the client if it is determined that an authentication result for authentication information included in the login authentication request is authentication pass by using a trusted public key list, where the trusted public key list includes public keys of at least one electronic key.
An obtaining module 620, configured to obtain, in response to a download request from a client, an encrypted resource related to a download path included in the download request.
The second sending module 630 is configured to send the encrypted resource to the client, so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource, to obtain the target resource.
According to an embodiment of the present disclosure, the resource downloading apparatus 600 may further include a third sending module, a first receiving module, a verifying module, and a determining module.
And the third sending module is used for sending the verification code to the client so that the client signs the verification code by using the private key of the electronic key to generate a response code.
And the first receiving module is used for receiving the response code from the client and the public key of the electronic key.
And the verification module is used for verifying the answer code under the condition that the public key of the electronic key exists in the credible public key list.
And the determining module is used for determining that the verification result of the verification information is verified if the verification result of the response code is verified.
According to an embodiment of the present disclosure, the resource downloading apparatus 600 may further include a first encryption module.
And the first encryption module is used for encrypting the initial key by using the public key of the electronic key to obtain an encryption key.
According to an embodiment of the present disclosure, the resource downloading module 600 may further include a second encryption module.
And the second encryption module is used for encrypting the target resource by using the initial key based on the block encryption algorithm to obtain the encrypted resource.
According to an embodiment of the present disclosure, the resource downloading module 600 may further include a fourth sending module.
And the fourth sending module is used for sending the initialization vector to the client.
The second transmitting module may include a transmitting submodule.
And the sending submodule is used for sending the encrypted resources to the client so that the client decrypts the encrypted resources by using a private key of the electronic key, the encrypted key and the initialization vector based on a block decryption algorithm in the process of receiving the encrypted resources to obtain the target resources.
Fig. 7 schematically shows a block diagram of a resource downloading device according to another embodiment of the present disclosure.
As shown in fig. 8, the resource downloading apparatus 700 may include a fifth transmitting module 710, a sixth transmitting module 720, a second receiving module 730, and a decrypting module 740.
A fifth sending module 710, configured to send a login authentication request to the server.
A sixth sending module 720, configured to send a download request to the server in response to receiving the encryption key from the server.
A second receiving module 730, configured to receive the encrypted resource from the server, where the encrypted resource is associated with a download path included in the download request.
The decryption module 740 is configured to decrypt the encrypted resource with the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
According to an embodiment of the present disclosure, the resource downloading apparatus 700 may further include a third receiving module.
And the third receiving module is used for receiving the initialization vector from the server.
The decryption module 740 may include a first decryption sub-module.
And the first decryption submodule is used for decrypting the encrypted resources by using a private key of the electronic key, the encryption key and the initialization vector based on a block decryption algorithm to obtain the target resources.
According to an embodiment of the present disclosure, the first decryption sub-module may include a first decryption unit and a second decryption unit.
And the first decryption unit is used for decrypting the encrypted key by using the private key of the electronic key based on the packet decryption algorithm to obtain an initial key.
And the second decryption unit is used for decrypting the encrypted resources by using the initial key and the initialization vector to obtain the target resources.
According to an embodiment of the present disclosure, the decryption module 740 may include a processing sub-module, a second decryption sub-module, and an obtaining sub-module.
And the processing submodule is used for carrying out streaming processing on the encrypted resource to obtain a plurality of encrypted resource fragments.
And the second decryption submodule is used for decrypting the encrypted resource segments by using the private key and the encryption key of the electronic key after receiving the encrypted resource segments aiming at each encrypted resource segment in the plurality of encrypted resource segments to obtain the target resource segment corresponding to the encrypted resource segment.
And the obtaining submodule is used for obtaining the target resource according to the plurality of target resource segments.
According to an embodiment of the present disclosure, the processing submodule may include a processing unit.
And the processing unit is used for carrying out stream processing on the encrypted resources by utilizing the resource acquisition interface, the data stream interface and the stream data storage plug-in to obtain a plurality of encrypted resource fragments.
According to an embodiment of the present disclosure, a processing unit may include a receiving subunit, a creating subunit, and an obtaining subunit.
And the receiving subunit is used for receiving the readable stream instance sent by the server through the resource acquisition interface, wherein the readable stream instance comprises the encrypted resource.
And the creating subunit is used for creating the readable instance by using the conversion stream method of the data stream interface.
An obtaining subunit, configured to obtain, from the readable stream instance, the plurality of encrypted resource segments using the readable instance and the stream data saving plug-in.
The resource downloading apparatus 700 may further include a creation module and a storage module.
And the creating module is used for creating the writable instance by using the stream data storage plug-in.
A storage module to store the target resource segment to the writable instance.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
According to an embodiment of the present disclosure, an electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
According to an embodiment of the present disclosure, a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method as described above.
According to an embodiment of the disclosure, a computer program product comprising a computer program which, when executed by a processor, implements the method as described above.
Fig. 8 schematically shows a block diagram of an electronic device suitable for a resource downloading method according to an embodiment of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 8, the electronic device 800 includes a computing unit 801 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)802 or a computer program loaded from a storage unit 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the electronic apparatus 800 can also be stored. The calculation unit 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
A number of components in the electronic device 800 are connected to the I/O interface 805, including: an input unit 806, such as a keyboard, a mouse, or the like; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, or the like; and a communication unit 809 such as a network card, modem, wireless communication transceiver, etc. The communication unit 809 allows the electronic device 800 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
Computing unit 801 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 801 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and the like. The computing unit 801 executes the respective methods and processes described above, such as the resource download method. For example, in some embodiments, the resource download method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 808. In some embodiments, part or all of the computer program can be loaded and/or installed onto the electronic device 800 via the ROM 802 and/or the communication unit 809. When loaded into RAM 803 and executed by computing unit 801, may perform one or more of the steps of the resource download method described above. Alternatively, in other embodiments, the computing unit 801 may be configured to perform the resource download method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.

Claims (20)

1. A resource downloading method, comprising:
in response to a login authentication request for a user from a client, transmitting an encryption key to the client in a case where it is determined that an authentication result for authentication information included in the login authentication request is authenticated by using a trusted public key list, wherein the trusted public key list includes public keys of at least one electronic key;
responding to a downloading request from a client, and acquiring an encrypted resource related to a downloading path included in the downloading request; and
and sending the encrypted resource to the client, so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
2. The method of claim 1, further comprising:
sending a verification code to the client so that the client signs the verification code by using a private key of the electronic key to generate a response code;
receiving a response code from the client and a public key of the electronic key;
verifying the response code under the condition that the public key of the electronic key exists in the trusted public key list; and
in a case where it is determined that the verification result for the response code is verified, it is determined that the verification result for the verification information is verified.
3. The method of claim 1 or 2, further comprising:
and encrypting the initial key by using the public key of the electronic key to obtain the encryption key.
4. The method of claim 3, further comprising:
and based on a block encryption algorithm, encrypting the target resource by using the initial key to obtain the encrypted resource.
5. The method of any of claims 1-4, further comprising:
sending an initialization vector to the client;
the sending the encrypted resource to the client to enable the client to decrypt the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource includes:
and sending the encrypted resource to the client, so that the client decrypts the encrypted resource by using the private key of the electronic key, the encryption key and the initialization vector based on a packet decryption algorithm in the process of receiving the encrypted resource to obtain the target resource.
6. A resource downloading method, comprising:
sending a login authentication request to a server;
in response to receiving an encryption key from a server, sending a download request to the server;
receiving an encrypted resource from the server, wherein the encrypted resource is associated with a download path included in the download request; and
and in the process of receiving the encrypted resource, decrypting the encrypted resource by using a private key of the electronic key and the encryption key to obtain the target resource.
7. The method of claim 6, further comprising:
receiving an initialization vector from the server;
the decrypting the encrypted resource by using the private key of the electronic key and the encryption key to obtain the target resource includes:
and based on a packet decryption algorithm, decrypting the encrypted resource by using a private key of the electronic key, the encryption key and the initialization vector to obtain the target resource.
8. The method of claim 7, wherein the decrypting the encrypted resource using the private key of the electronic key, the encryption key, and the initialization vector based on the packet decryption algorithm to obtain the target resource comprises:
based on the group decryption algorithm, decrypting the encrypted key by using a private key of the electronic key to obtain an initial key; and
and decrypting the encrypted resources by using the initial key and the initialization vector to obtain the target resources.
9. The method according to any one of claims 6 to 8, wherein the decrypting the encrypted resource by using a private key of an electronic key and the encryption key in the process of receiving the encrypted resource to obtain a target resource comprises:
performing streaming processing on the encrypted resource to obtain a plurality of encrypted resource fragments;
for each encrypted resource segment in the plurality of encrypted resource segments, after the encrypted resource segment is received, decrypting the encrypted resource segment by using a private key of the electronic key and the encryption key to obtain a target resource segment corresponding to the encrypted resource segment; and
and obtaining the target resource according to the target resource segments.
10. The method of claim 9, wherein said streaming said encrypted resource to obtain a plurality of encrypted resource segments comprises:
and carrying out stream processing on the encrypted resources by using a resource acquisition interface, a data stream interface and a stream data storage plug-in to obtain the plurality of encrypted resource fragments.
11. The method of claim 10, wherein the streaming the encrypted resource using a resource acquisition interface, a data stream interface, and a stream data saving plug-in to obtain the plurality of encrypted resource segments comprises:
receiving a readable stream instance sent from the server via the resource acquisition interface, wherein the readable stream instance comprises the encrypted resource;
creating a readable instance by using a conversion stream method of the data stream interface; and
obtaining the plurality of encrypted resource fragments from the readable stream instance using the readable instance and the stream data preservation plug-in;
the method further comprises the following steps:
creating a writable instance using the stream data save plug-in; and
storing the target resource segment to the writable instance.
12. A resource downloading apparatus comprising:
a first sending module, configured to send, in response to a login authentication request for a user from a client, an encryption key to the client if it is determined that an authentication result for authentication information included in the login authentication request is authenticated using a trusted public key list, where the trusted public key list includes public keys of at least one electronic key;
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for responding to a downloading request from a client and acquiring encrypted resources related to a downloading path included by the downloading request; and
and the second sending module is used for sending the encrypted resource to the client so that the client decrypts the encrypted resource by using the private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
13. The apparatus of claim 12, further comprising:
the third sending module is used for sending a verification code to the client so that the client signs the verification code by using a private key of the electronic key to generate a response code;
the first receiving module is used for receiving the response code from the client and the public key of the electronic key;
the verification module is used for verifying the response code under the condition that the public key of the electronic key exists in the credible public key list; and
a determination module configured to determine that the verification result for the verification information is verified if it is determined that the verification result for the response code is verified.
14. The apparatus of claim 12 or 13, further comprising:
and the first encryption module is used for encrypting the initial key by using the public key of the electronic key to obtain the encryption key.
15. The apparatus of claim 14, further comprising:
and the second encryption module is used for encrypting the target resource by using the initial key based on a block encryption algorithm to obtain the encrypted resource.
16. The apparatus of any of claims 12-15, further comprising:
a fourth sending module, configured to send the initialization vector to the client;
wherein the second sending module includes:
and the sending submodule is used for sending the encrypted resource to the client so that the client decrypts the encrypted resource by using a private key of the electronic key, the encryption key and the initialization vector based on a packet decryption algorithm in the process of receiving the encrypted resource to obtain the target resource.
17. A resource downloading apparatus comprising:
a fifth sending module, configured to send a login authentication request to the server;
a sixth sending module, configured to send a download request to a server in response to receiving an encryption key from the server;
a second receiving module, configured to receive an encrypted resource from the server, where the encrypted resource is related to a download path included in the download request; and
and the decryption module is used for decrypting the encrypted resource by using a private key of the electronic key and the encryption key in the process of receiving the encrypted resource to obtain the target resource.
18. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 5 or any one of claims 6 to 11.
19. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any of claims 1-5 or any of claims 6-11.
20. A computer program product comprising a computer program which, when executed by a processor, implements the method of any of claims 1 to 5 or any of claims 6 to 11.
CN202110899114.4A 2021-08-05 2021-08-05 Resource downloading method, resource downloading device, electronic equipment and storage medium Active CN113630412B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110899114.4A CN113630412B (en) 2021-08-05 2021-08-05 Resource downloading method, resource downloading device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110899114.4A CN113630412B (en) 2021-08-05 2021-08-05 Resource downloading method, resource downloading device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113630412A true CN113630412A (en) 2021-11-09
CN113630412B CN113630412B (en) 2023-06-30

Family

ID=78383145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110899114.4A Active CN113630412B (en) 2021-08-05 2021-08-05 Resource downloading method, resource downloading device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113630412B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500054A (en) * 2022-01-27 2022-05-13 百度在线网络技术(北京)有限公司 Service access method, service access device, electronic device, and storage medium
CN115065530A (en) * 2022-06-13 2022-09-16 北京华信傲天网络技术有限公司 Trusted data interaction method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101676925A (en) * 2008-09-16 2010-03-24 联想(北京)有限公司 Computer system and method of setting authentication information in security chip
CN102882858A (en) * 2012-09-13 2013-01-16 江苏乐买到网络科技有限公司 External data transmission method for cloud computing system
US20140365781A1 (en) * 2013-06-07 2014-12-11 Technische Universitaet Darmstadt Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource
CN109302425A (en) * 2018-11-28 2019-02-01 河北省科学院应用数学研究所 Identity identifying method and terminal device
CN110276000A (en) * 2019-06-19 2019-09-24 腾讯科技(深圳)有限公司 Acquisition methods and device, the storage medium and electronic device of media resource
CN111249740A (en) * 2020-01-07 2020-06-09 上海米哈游天命科技有限公司 Resource data access method and system
CN111447214A (en) * 2020-03-25 2020-07-24 北京左江科技股份有限公司 Method for centralized service of public key and password based on fingerprint identification
CN112232810A (en) * 2020-09-24 2021-01-15 中国银联股份有限公司 Resource processing method, server, device, equipment, system and medium
CN112508578A (en) * 2021-02-04 2021-03-16 支付宝(杭州)信息技术有限公司 Resource transfer request verification and sending method and device based on block chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101676925A (en) * 2008-09-16 2010-03-24 联想(北京)有限公司 Computer system and method of setting authentication information in security chip
CN102882858A (en) * 2012-09-13 2013-01-16 江苏乐买到网络科技有限公司 External data transmission method for cloud computing system
US20140365781A1 (en) * 2013-06-07 2014-12-11 Technische Universitaet Darmstadt Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource
CN109302425A (en) * 2018-11-28 2019-02-01 河北省科学院应用数学研究所 Identity identifying method and terminal device
CN110276000A (en) * 2019-06-19 2019-09-24 腾讯科技(深圳)有限公司 Acquisition methods and device, the storage medium and electronic device of media resource
CN111249740A (en) * 2020-01-07 2020-06-09 上海米哈游天命科技有限公司 Resource data access method and system
CN111447214A (en) * 2020-03-25 2020-07-24 北京左江科技股份有限公司 Method for centralized service of public key and password based on fingerprint identification
CN112232810A (en) * 2020-09-24 2021-01-15 中国银联股份有限公司 Resource processing method, server, device, equipment, system and medium
CN112508578A (en) * 2021-02-04 2021-03-16 支付宝(杭州)信息技术有限公司 Resource transfer request verification and sending method and device based on block chain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500054A (en) * 2022-01-27 2022-05-13 百度在线网络技术(北京)有限公司 Service access method, service access device, electronic device, and storage medium
CN114500054B (en) * 2022-01-27 2024-03-01 百度在线网络技术(北京)有限公司 Service access method, service access device, electronic device, and storage medium
CN115065530A (en) * 2022-06-13 2022-09-16 北京华信傲天网络技术有限公司 Trusted data interaction method and system
CN115065530B (en) * 2022-06-13 2024-01-23 北京华信傲天网络技术有限公司 Trusted data interaction method and system

Also Published As

Publication number Publication date
CN113630412B (en) 2023-06-30

Similar Documents

Publication Publication Date Title
US10469469B1 (en) Device-based PIN authentication process to protect encrypted data
EP3324572B1 (en) Information transmission method and mobile device
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
CN111639325B (en) Merchant authentication method, device, equipment and storage medium based on open platform
US10541819B2 (en) Forged command filtering system and related command authentication circuit
KR101739203B1 (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN112564887A (en) Key protection processing method, device, equipment and storage medium
WO2018112482A1 (en) Method and system for distributing attestation key and certificate in trusted computing
CN111464297A (en) Transaction processing method and device based on block chain, electronic equipment and medium
CN111400743B (en) Transaction processing method, device, electronic equipment and medium based on blockchain network
CN114363088B (en) Method and device for requesting data
CN112987942A (en) Method, device and system for inputting information by keyboard, electronic equipment and storage medium
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN113422832B (en) File transmission method, device, equipment and storage medium
CN111209544B (en) Web application security protection method and device, electronic equipment and storage medium
CN112565156B (en) Information registration method, device and system
CN111064577A (en) Security authentication method and device and electronic equipment
CN114884714B (en) Task processing method, device, equipment and storage medium
CN115022057A (en) Security authentication method, device and equipment and storage medium
CN114880630A (en) Method and device for acquiring software use permission
CN114239014A (en) File processing method and device based on offline device and electronic device
Han et al. Scalable and secure virtualization of HSM with ScaleTrust

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant