CN114205142B - Data transmission method, device, electronic equipment and storage medium - Google Patents
Data transmission method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114205142B CN114205142B CN202111500861.2A CN202111500861A CN114205142B CN 114205142 B CN114205142 B CN 114205142B CN 202111500861 A CN202111500861 A CN 202111500861A CN 114205142 B CN114205142 B CN 114205142B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- sampling
- data
- message
- sampled
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Abstract
The invention discloses a data transmission method, a data transmission device, electronic equipment and a storage medium, and relates to the field of computer data security. The data transmission method is executed by the client and comprises the following steps: generating a symmetric encryption key for a data original to be transmitted, and encrypting the data original by adopting the symmetric encryption key to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampling data, and sending the sampled ciphertext to a server; generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext; and sending a second ciphertext to the server side, wherein the second ciphertext is used for enabling the server side to execute the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message. The embodiment of the invention can improve the encryption efficiency of the data and the safety of the data transmission.
Description
Technical Field
The embodiment of the invention relates to the technical field of computer data security, in particular to a data transmission method, a data transmission device, electronic equipment and a storage medium.
Background
When various network activities are performed through a network, data transmission is involved, and data transmission security needs to be ensured. In order to prevent data from being snooped, intercepted, and altered during transmission, the data is typically transmitted encrypted.
Asymmetric encryption algorithms and traditional symmetric encryption algorithms are two common encryption algorithms used in data transmission processes.
However, conventional symmetric encryption algorithms are less secure and asymmetric encryption algorithms are less efficient.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission device, electronic equipment and a storage medium, so as to improve data encryption efficiency and data transmission safety.
In a first aspect, an embodiment of the present invention provides a data transmission method, which is performed by a client, the method including:
generating a symmetric encryption key for a data original to be transmitted, and encrypting the data original by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampling data, and sending the sampled ciphertext to a server;
Generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
and sending a second ciphertext to the server side, wherein the second ciphertext is used for enabling the server side to execute the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a second aspect, an embodiment of the present invention provides a data transmission method, which is executed by a server, where the method includes:
receiving the sampled ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; generating a message according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by adopting an asymmetric private key to obtain a message;
and restoring the sampled ciphertext by adopting the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by adopting the symmetric encryption key in the message.
In a third aspect, an embodiment of the present invention further provides a data transmission apparatus, which is executed by a client, the apparatus including:
the first ciphertext acquisition module is used for generating a symmetric encryption key for the data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module is used for sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
the second ciphertext acquisition module is used for generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext;
the first ciphertext decrypting module is used for sending a second ciphertext to the server and enabling the server to execute the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a fourth aspect, an embodiment of the present invention further provides a data transmission device, which is executed by a server, where the device includes:
the post-sampling ciphertext receiving module is used for receiving the post-sampling ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
The second ciphertext receiving module is used for receiving the second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; generating a message according to the sampling data and the symmetric encryption key;
the second ciphertext decrypting module is used for decrypting the second ciphertext by adopting the asymmetric private key to obtain a message;
the first ciphertext decryption module is used for restoring the sampled ciphertext by adopting the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by adopting the symmetric encryption key in the message.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement a data transmission method as provided by an embodiment of the present invention.
In a sixth aspect, embodiments of the present invention also provide a storage medium comprising computer-executable instructions, which when executed by a computer processor, are for performing a data transmission method as provided by embodiments of the present invention.
In a seventh aspect, embodiments of the present invention further provide a computer program product comprising a computer program which, when executed by a processor, implements a data transmission method provided according to embodiments of the present invention.
According to the embodiment of the invention, the symmetric encryption key is generated through the client, the symmetric encryption key is adopted to encrypt the data original text to obtain the first ciphertext, the symmetric encryption method is adopted to improve the encryption efficiency of the original text, the first ciphertext is sampled and sent to the server, the integrity of the first ciphertext is destroyed through sampling, the first ciphertext is prevented from being deciphered, the safety of the first ciphertext is improved, the sampled data and the symmetric encryption key are generated into the message, the message is asymmetrically encrypted to obtain the second ciphertext, the second ciphertext is sent to the server, the asymmetric encryption can improve the safety of the second ciphertext, namely the safety of the symmetric encryption key and the transmission of the sampled data is improved, the data volume of the second ciphertext is relatively smaller, the efficiency of the asymmetric encryption can be improved, the problems of poor safety of a traditional symmetric encryption algorithm and low efficiency of the symmetric encryption algorithm are solved, and the effect of improving the data encryption efficiency and the data transmission safety is realized.
Drawings
Fig. 1 is a flowchart of a data transmission method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention;
Fig. 3 is a schematic diagram of a first ciphertext sample according to a second embodiment of the invention;
fig. 4 is a flowchart of a data transmission method according to a third embodiment of the present invention;
fig. 5 is a flowchart of a client data transmission method according to a fourth embodiment of the present invention;
fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a data transmission device according to a fifth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a data transmission device according to a sixth embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a data transmission method according to a first embodiment of the present invention, where the method may be implemented by a data transmission device, and the device may be implemented in software and/or hardware. The device can be configured in an electronic apparatus and executed by a client, and the method specifically includes:
And 110, generating a symmetric encryption key for the data original to be transmitted, and encrypting the data original by adopting the symmetric encryption key to obtain a first ciphertext.
The symmetric encryption key is a key used in the encryption process of the data original text in the data transmission process and is used for encrypting the data original text to be transmitted, and when the symmetric encryption key is used for encrypting the transmission data, the same key is used for encrypting the data original text in the transmission process and decrypting the data original text in the receiving process. The first ciphertext is data obtained by encrypting the data original text to be transmitted through a symmetric encryption key, specifically, after generating a symmetric encryption key, carrying out certain operation on the symmetric encryption key and the data original text to be transmitted through an encryption algorithm, and obtaining the first ciphertext. Exemplary, common symmetric encryption algorithms include DES (Data Encryption Standard ) algorithm, AES (Advanced Encryption Standard, advanced encryption standard) algorithm, IDEA (International Data Encryption Algorithm ) algorithm, and the like, preferably, the present invention uses ChaCha20 algorithm, which is a ChaCha series stream cipher, and has a stronger characteristic of resisting crypto analysis attack, wherein "20" indicates that the algorithm has 20 rounds of encryption computation, and is a novel stream encryption algorithm with high efficiency and high security. And the data original text is encrypted by adopting the symmetric encryption key to obtain the first ciphertext, so that the calculation amount is small, and the encryption speed can be improved.
In an alternative embodiment, generating a symmetric encryption key for a data original to be transmitted includes: generating a key random number for a data original text to be transmitted; and generating a symmetric encryption key according to the key random number.
The key random number is randomly generated data for generating a symmetric encryption key, for example, the key random number may be generated by a random function, each generated random number is different, and the symmetric encryption key generated from the key random number is a random key. Specifically, the symmetric encryption key is generated by the client, the key is a random key with a fixed length of more than 32 bits, and the generation of the symmetric encryption key can be performed by combining information such as a key random number, date, time and clock sequence, for example, the key random number, date, time and clock sequence information are sequentially formed into the symmetric encryption key, and the symmetric encryption key does not include specific information.
The secret key random number is randomly generated, has randomness, generates a symmetric encryption secret key according to the secret key random number, has randomness, and can improve the security of the secret key.
And 120, sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server.
Sampling is to collect data of a preset position of the first ciphertext, namely extracting the data of the preset position in the first ciphertext, wherein the extracted data is sampling data, the sampled ciphertext is the sampled first ciphertext, and the sampled ciphertext can be removed or replaced by the data of the preset position of the first ciphertext to obtain a sampled ciphertext, wherein the preset position is a preset position for sampling the first ciphertext. And the client sends the sampled ciphertext to the server. By sampling the first ciphertext, the integrity of the first ciphertext data is destroyed, the original text data information can not be obtained even if the first ciphertext data is intercepted by a third party in the transmission process, and the safety of data transmission is improved.
And 130, generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext.
The message is composed of sampling data, a symmetric encryption key and the like, and is used for a server to acquire decryption information of a first ciphertext, specifically, the message adopts a JSON format, the sampling data is sequentially packaged by an array by adopting key value pairs, for example, the key value pairs can be in the form of { sampling positions: first ciphertext }. The asymmetric public key is a key used when encrypting the message through an asymmetric encryption algorithm, different keys are used in the encryption and decryption processes of the asymmetric encryption algorithm, the key used in the encryption process is a public key, the key used in the decryption process is a private key, the public key and the private key are a pair of keys, after the message is encrypted by the public key, only the corresponding private key can be used for decrypting, so that the security of the message transmission is improved, and the asymmetric encryption algorithm can be DSA (Digital Signature Algorithm ), ECDSA (Elliptic Curve Digital Signature Algorithm, elliptic curve signature algorithm) or RSA algorithm. The second ciphertext is a message encrypted by the asymmetric public key and is used for sending the sampling data of the data original to be transmitted, the symmetric encryption key of the first ciphertext and the like to the server. And encrypting the message by adopting the asymmetric public key to obtain a second ciphertext, so that the security of the second ciphertext can be improved.
In an alternative embodiment, generating a message from the sampled data and the symmetric encryption key includes: determining the abstract of the first ciphertext to obtain a first ciphertext abstract; and generating a message comprising the sampling data, the symmetric encryption key and the first ciphertext abstract, and verifying the restored first ciphertext by the server according to the first ciphertext abstract in the message.
The digest of the first ciphertext is summary information obtained by calculating the first ciphertext through a hash algorithm, the summary information is used for verifying the restored first ciphertext by a server, specifically, the first ciphertext is mapped into summary information through a hash function, the summary information is a character string with a fixed length, and an exemplary hash algorithm can be MACTripleDES, MD5, RIPEMD160, SHA1, SHA256, SHA384 or SHA512, and the like, preferably, an MD5 algorithm is adopted in the embodiment, the MD5 algorithm has higher efficiency, the efficiency of verification through the digest can be improved, the output result of the MD5 algorithm is relatively short, the transmission message length can be effectively reduced, and the asymmetric encryption efficiency is improved. And generating a message by the sampling data, the symmetric encryption key and the first ciphertext abstract, receiving the second ciphertext by the server, extracting the ciphertext abstract from the message, verifying the restored first ciphertext, specifically, obtaining the abstract of the restored first ciphertext by the MD5 algorithm after receiving the second ciphertext, and comparing the abstract with the abstract of the first ciphertext in the message to verify, wherein the restored first ciphertext is obtained by restoring the sampled ciphertext by the server according to the sampling data.
The first ciphertext abstract is obtained through calculation, the sampling data, the symmetric encryption key and the first ciphertext abstract are used for generating a message, the first ciphertext abstract can be used for verifying the restored first ciphertext by the server, whether the first ciphertext received by the server is tampered or lost in the transmission process is verified, the correctness of the first ciphertext is confirmed, meanwhile, the length of the message can be effectively reduced through the hash algorithm, and the asymmetric encryption efficiency and the transmission efficiency of the message are improved.
In an alternative embodiment, the root sample data and symmetric encryption key generation message includes: determining the abstract of the data original text to obtain an original text abstract; and generating a message comprising the sampling data, the symmetric encryption key and the original text abstract, and verifying the decryption result of the first ciphertext by the server according to the original text abstract in the message.
The original text abstract is abstract information obtained by calculating the original text of the data to be transmitted through a hash algorithm, the acquisition method is the same as the first ciphertext abstract acquisition method, namely, the MD5 algorithm is adopted to obtain the original text abstract, and the original text abstract is used for verifying the decryption result of the first ciphertext by the server, namely, whether the decryption result of the first ciphertext is the same as the original text of the data to be transmitted sent by the client or not is verified. Specifically, the method comprises the steps of calculating a data original to be transmitted through an MD5 algorithm to obtain an original text abstract, generating sampling data, a symmetric encryption key, the original text abstract and the like into a message, verifying a decryption result of a first ciphertext according to the original text abstract after a server receives the message, specifically, after decrypting the first ciphertext, calculating the abstract of the decryption result of the first ciphertext according to the MD5 algorithm, and comparing the abstract with the original text abstract to verify.
The original text abstract is obtained through calculation, the sampling data, the symmetric encryption key, the original text abstract and the like are generated into the message, the original text abstract can be used for verifying the original text, whether the original text received by the server is tampered or lost in the transmission process is verified, the correctness of the original text is confirmed, meanwhile, the length of the message can be effectively reduced through the hash algorithm, and the asymmetric encryption efficiency and the transmission efficiency of the message are improved.
The client sends a second ciphertext to the server, and the client is used for enabling the server to receive the second ciphertext, then decrypting the second ciphertext according to a private key of the server to obtain a message, restoring the first ciphertext according to sampling data in the message to obtain a first ciphertext, and decrypting the first ciphertext according to a symmetric encryption key in the message to obtain a data original.
The network has been advanced to the aspects of our life, such as internet taxi taking, internet shopping and mobile payment, etc., and data transmission is required in network activities, such as identity authentication, face recognition, data backup and security document transmission, etc., so that security of data transmission needs to be ensured, and in general, in order to prevent data from being snooped, intercepted and altered during transmission, encrypted data transmission needs to be performed. For example, in the situation of identity authentication, an identity card needs to be photographed and uploaded, in order to achieve transmission safety, after photographing, in the prior art, a picture needs to be compressed and converted into a Base64 text, and then the Base64 text is converted into a ciphertext through asymmetric encryption for transmission, and the process is long in time consumption, so that user experience is poor. The security of the asymmetric encryption algorithm is relatively high, the data size is relatively large after the picture is converted into the text, the time consumption for encryption and decryption is relatively long, and the efficiency of the whole process is low. On the other hand, the traditional symmetric encryption algorithm has simple and efficient encryption and decryption, but the key is easy to intercept in the process of sending the key, and if a relatively fixed key is adopted, the risk of leakage exists, and the security is low.
According to the technical scheme, the symmetric encryption key is generated through the client, the symmetric encryption key is adopted to encrypt the data original text to obtain the first ciphertext, the symmetric encryption method is adopted to improve the encryption efficiency of the original text, the first ciphertext is sampled and sent to the server, the integrity of the first ciphertext is damaged through sampling, the first ciphertext is prevented from being deciphered, the safety of the first ciphertext is improved, the sampled data and the symmetric encryption key are generated into a message, the message is asymmetrically encrypted to obtain the second ciphertext, the second ciphertext is sent to the server, the asymmetric encryption can improve the safety of the second ciphertext, namely the safety of the symmetric encryption key and the transmission of the sampled data is improved, the data quantity of the second ciphertext is relatively smaller, the efficiency of the asymmetric encryption can be improved, the problems that the traditional symmetric encryption algorithm is poor in safety and the efficiency of the asymmetric encryption algorithm are solved, and the effect of improving the data encryption efficiency and the data transmission safety is achieved.
Example two
Fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention, where the embodiment is further refined based on the foregoing embodiment, specifically, the first ciphertext is sampled to obtain a sampled ciphertext and sampled data, and the sampled ciphertext and the sampled data are refined as follows: determining at least one sampling location in the first secret; the method comprises the steps of replacing a first ciphertext at a sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by a server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext, wherein the method comprises the following steps:
The sampling position is a position where sampling data is extracted from the first ciphertext, and the sampling position may be generated according to a certain rule sequence, that is, the sampling position is sequentially sampled, for example, the first byte of every 5120 bytes is a sampling point, or may be generated randomly, that is, randomly sampled, for example, a series of random numbers are generated through a random function as the sampling position. The number of sampling positions in the first ciphertext is at least one, and the sampling positions are generally multiple and are used for destroying the integrity of the first ciphertext, so that the difficulty of third parties in decrypting the first ciphertext is increased, and the safety of file transmission is improved.
In an alternative embodiment, determining at least one sampling location in the first secret includes: determining sampling times according to a preset sampling data quantity threshold value and the length of preset data; and determining a sampling position according to the data quantity and the sampling times of the first ciphertext.
The preset sample data amount threshold is a preset maximum value of data amounts of all sample data, that is, a total data amount of the sample data, and is used for limiting the sample data amount, for example, the preset sample data amount threshold is 4K. When the sampling data volume is too large, the generated message data volume is too large, the calculation amount is large when the message is encrypted by an asymmetric encryption algorithm, the encryption efficiency is reduced, and the asymmetric encryption efficiency of the message can be ensured by setting the sampling data volume threshold value. The length of the preset data is the length of each sampling data, namely the data length of each sampling position. The number of samples may be determined according to a preset sample data amount threshold value and a preset data length, and specifically, the number of samples may be obtained by dividing the preset sample data amount threshold value by the preset data length, that is, the number of samples=the preset sample data amount threshold value/the preset data length. The data amount of the first ciphertext is the data amount of the data contained in the first ciphertext, according to the data amount and the sampling times of the first ciphertext, the sampling frequency can be obtained, specifically, the sampling frequency=the data amount/the sampling times of the first ciphertext, the data amount of the first ciphertext is 10M, the preset sampling data amount threshold value is 2K, the length of the preset data is 1 byte, the sampling times are 2048 bytes, the sampling frequency is 5120 bytes, each sampling point is 5120 bytes, namely, one sampling is performed every 5120 bytes, for example, sequential sampling is performed, and the position of the first byte in every 5120 bytes in the first ciphertext can be determined as the sampling position.
According to the preset sampling data quantity threshold value and the length of the preset data, the sampling times are determined, so that the sampling data quantity can be ensured not to be too large, the data quantity of a message can be ensured not to be too large, the asymmetric encryption efficiency is improved, the sampling position is determined according to the data quantity of the first ciphertext and the sampling times, the method is simple, the position of a sampling point can be obtained rapidly, and the sampling efficiency is improved.
In an alternative embodiment, determining the sampling location based on the data amount of the first ciphertext and the number of samples includes: dividing the first ciphertext into N parts of first sub-ciphertexts according to the data quantity of the first ciphertext; wherein N is the sampling times; generating a sampling random number; and determining the sampling position in the first sub-secret according to the sampling random number.
According to the data amount of the first ciphertext, the first ciphertext is divided into N parts of first sub-ciphertexts, that is, the first ciphertext is divided into N parts of first sub-ciphertexts according to the sampling frequency, the length of each part of first sub-ciphertext is equal to the value of the sampling frequency value, that is, the length of the first sub-ciphertext=the data amount/N of the first ciphertext, the first ciphertext is uniformly divided into N parts, for example, the data amount of the first ciphertext is 10M, the sampling frequency is 2048, the length of the first sub-ciphertext is 5120 bytes, that is, the first ciphertext is divided into 2048 first sub-ciphertexts, and each first sub-ciphertext is 5120 bytes. The sampling random number is a random number for determining a sampling position of each first sub-ciphertext, specifically, the random number can be generated through a random function, for example, the random number between 0 and 1 is generated through the random function, the length of the first sub-ciphertext is multiplied by the random number to obtain the sampling random number, and the sampling random number is used as the sampling position; or directly generating a random number which is smaller than or equal to the length value of the first sub-ciphertext through a random function, taking the random number as a sampling random number, and taking the sampling random number as a sampling position.
The first ciphertext is divided into N parts of first sub ciphertexts, the sampling positions are determined according to the sampling random numbers in the first sub ciphertexts, so that the sampling positions can keep randomness in the whole, generated random numbers are prevented from being concentrated at a certain position of the first ciphertext, for example, the generated random numbers are concentrated at the beginning part of the first ciphertext, the randomness of the sampling positions is lost, the randomness of the sampling positions is improved, the difficulty of restoring the file after interception during data transmission is improved, and the safety of data transmission is improved.
And 230, replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
The preset data is a set of data having the same size as the sampling position data, which is preset, and is used for replacing the sampling data of the sampling position, for example, 00000000. And replacing the first ciphertext of the sampling position with preset data, and taking the sampling position and the first ciphertext of the sampling position as sampling data. The server obtains sampling data according to the received message, and restores the sampled first ciphertext to obtain a first ciphertext. Fig. 3 is a schematic diagram of a first ciphertext sample. There are three random sampling points in the first secret, where sampling point 1 and sampling point 2 have been sampled and sampling point 3 has not been sampled. As shown in fig. 3: sampling point 1:01001000, sample point 2:01111000, sample 3:01001110, preset data: 00000000, sample point 1 and sample point 2, obtain two sets of data: 01001000 and 01111000, wherein the two sets of data and the sampling position information thereof are sampling data, and the sampling point 1 and the sampling point 2 are replaced by 00000000 respectively to obtain a first ciphertext after sampling, so as to ensure that the size and the data sequence of the first ciphertext after sampling are consistent with those before sampling. Preferably, in order to improve the security of the first ciphertext, the first ciphertext may be sampled after being integrally displaced, and during the restoration, the sampled data needs to be restored to be reversely displaced again, and meanwhile displacement data is recorded. By sampling the first ciphertext, the integrity of the first ciphertext is damaged, so that the first ciphertext can be prevented from being cracked in the transmission process, and the safety of the first ciphertext is improved.
According to the technical scheme, the first ciphertext at the sampling position is replaced by the preset data by determining at least one sampling position, so that the integrity of the first ciphertext can be damaged, the content and sequence of the first ciphertext at other positions are not damaged, the difficulty of decoding the first ciphertext is improved, the transmission safety of the first ciphertext after sampling is improved, and meanwhile the service end is convenient to restore the first ciphertext, so that the decryption efficiency is improved.
Example III
Fig. 4 is a flowchart of a data transmission method according to a third embodiment of the present invention, where the method may be performed by a data transmission device, and the device may be implemented in software and/or hardware. The device can be configured in an electronic apparatus and executed by a server, and the method specifically includes:
The server receives the sampled ciphertext sent by the client. The method comprises the steps that after sampling, a ciphertext is generated by a client, the client generates a symmetric encryption key, symmetric encryption is conducted on a data original to be transmitted through a symmetric encryption algorithm, a first ciphertext is obtained, the obtained first ciphertext is sampled to obtain a first ciphertext after sampling, the first ciphertext is sent to a server, and sampled data are obtained and used for generating a message.
The server receives the second ciphertext sent by the client. The second ciphertext is a message encrypted by the client according to the asymmetric public key, and the message comprises sampling data and a symmetric encryption key.
And 330, decrypting the second ciphertext by adopting the asymmetric private key to obtain the message.
The server decrypts the received second ciphertext according to the asymmetric private key to obtain a message, and specifically comprises sampling data and a symmetric encryption key, wherein the sampling data is used for restoring the sampled ciphertext, and the symmetric encryption key is used for decrypting the first ciphertext.
And 340, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
The method comprises the steps of obtaining sampling data in a message, restoring preset data of a sampling position according to a first ciphertext of the sampling position, namely restoring the ciphertext after sampling to obtain the first ciphertext, obtaining a symmetric encryption key in the message, decrypting the restored first ciphertext, and obtaining a data original to be transmitted, which is sent by a client.
In an alternative embodiment, the restoring the ciphertext after sampling to obtain the first ciphertext by using the sampling data in the message includes: extracting a sampling position and a first ciphertext at the sampling position from sampling data in the message; and replacing preset data at the sampling position in the sampled ciphertext by using the first ciphertext at the sampling position, and recovering to obtain the first ciphertext.
The sampling data in the message comprises a sampling position and a first ciphertext of the sampling position, the sampling position and the first ciphertext of the sampling position are extracted from the sampling data in the message, the first ciphertext of the sampling position is used for replacing preset data of the sampling position in the ciphertext after sampling, the ciphertext after sampling is restored, and the first ciphertext after restoration is obtained.
The first ciphertext is obtained by restoring the preset data corresponding to the sampling position through the sampling position extracted from the sampling data and the first ciphertext of the sampling position, and the accuracy of the restored first ciphertext can be improved.
In an alternative embodiment, before decrypting the restored first ciphertext using the symmetric encryption key in the message, the method further includes: and verifying the restored first ciphertext by adopting the first ciphertext abstract in the message.
The server side carries out hash calculation on the restored first ciphertext to obtain a restored first ciphertext abstract, the restored first ciphertext is used for verifying the restored first ciphertext, a hash algorithm adopted by the server side is the same as that adopted by the client side, specifically, the restored first ciphertext abstract obtained by the server side is compared with the first ciphertext abstract in the message, if the restored first ciphertext abstract and the restored first ciphertext abstract are equal, verification is successful, safety and effectiveness in the first ciphertext transmission process are indicated, if the restored first ciphertext abstract and the restored first ciphertext abstract are unequal, verification is unsuccessful, and failure information is sent to the client side.
And verifying the first ciphertext through the first ciphertext abstract in the message, so that whether the first ciphertext is wrong in the transmission process or not can be verified, and the decrypted original text is ensured to be correct.
In an alternative embodiment, after decrypting the restored first ciphertext using the symmetric encryption key in the message, the method further includes: and verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
The server side carries out hash calculation on the first ciphertext decryption result to obtain a summary of the first ciphertext decryption result, the summary is used for verifying the first ciphertext decryption result, a hash algorithm adopted by the server side is the same as that adopted by the client side, specifically, the summary of the first ciphertext decryption result obtained by the server side is compared with an original text summary in a message, if the summary is the same, verification is successful, safety and effectiveness in the original text transmission process are indicated, and if the summary is not the same, verification is unsuccessful, and failure information is sent to the client side.
The original text is verified through the original text abstract in the message, so that whether the original text is wrong in the transmission process can be verified, and the accuracy of file transmission is ensured.
According to the technical scheme, the second ciphertext is decrypted by the asymmetric public key through receiving the sampled ciphertext and the second ciphertext to obtain the message, the safety of the message is improved, the first ciphertext is restored according to the sampled data in the message, the first ciphertext is decrypted according to the symmetric key in the message to obtain the first ciphertext, the decryption efficiency of the first ciphertext is improved, and the data decryption efficiency is improved while the safety of data transmission is improved by comprehensively utilizing asymmetric encryption and symmetric encryption.
Example IV
Fig. 5 is a flowchart of a client data transmission method according to a fourth embodiment of the present invention, and fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention, where the method is applicable to encrypting and decrypting data transmission, and the method is as follows:
fig. 5 is a flowchart of a client data transmission method according to a fourth embodiment of the present invention, and the specific process is as follows:
Preferably, in order to improve the overall security, the first ciphertext may be sampled after being integrally displaced, and accordingly, when the server side restores, the sampled ciphertext needs to be restored and then integrally reversely displaced, and displacement data is recorded. Optionally, two steps of encrypting the sending data and sampling the encrypted data can be combined together, specifically, the sending data is shifted integrally, the first secret key is used for exclusive-or calculation after shifting, and sampling is performed in the calculation process, so that the data calculation efficiency is improved, the whole process is equivalent to copying the sending data once, the sampling data and the ciphertext after sampling can be separated quickly, and the encryption and sampling efficiency is improved.
Fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention, and the specific process is as follows:
In the encryption process of the client, the data transmission safety and encryption efficiency are improved by applying symmetric encryption and asymmetric encryption, the data transmission safety is improved by sampling the first ciphertext, in the decryption process of the server, verification before and after symmetric encryption of the transmission data is carried out through the first ciphertext abstract and the original text abstract, restoration of the ciphertext after sampling is carried out, and two times of decryption are carried out to obtain the transmission data original text, so that the accuracy of the obtained data original text is ensured, and the data transmission safety is improved.
Example five
Fig. 7 is a schematic structural diagram of a data transmission device according to a fifth embodiment of the present invention. The fifth embodiment is a corresponding device for implementing the data transmission method of the client according to the foregoing embodiment of the present invention, where the device may be implemented in software and/or hardware, and may be generally integrated in an electronic device of the client. The data transmission device includes:
The first ciphertext obtaining module 610 is configured to generate a symmetric encryption key for a data original to be transmitted, and encrypt the data original with the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module 620 is configured to sample the first ciphertext to obtain a sampled ciphertext and sampled data, and send the sampled ciphertext to the server;
the second ciphertext obtaining module 630 is configured to generate a message according to the sampling data and the symmetric encryption key, and encrypt the message with the asymmetric public key to obtain a second ciphertext;
the first ciphertext decrypting module 640 is configured to send the second ciphertext to the server, and is configured to enable the server to perform the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
According to the technical scheme, the symmetric encryption key is generated through the client, the symmetric encryption key is adopted to encrypt the data original text to obtain the first ciphertext, the symmetric encryption method is adopted to improve the encryption efficiency of the original text, the first ciphertext is sampled and sent to the server, the integrity of the first ciphertext is damaged through sampling, the first ciphertext is prevented from being deciphered, the safety of the first ciphertext is improved, the sampled data and the symmetric encryption key are generated into a message, the message is asymmetrically encrypted to obtain the second ciphertext, the second ciphertext is sent to the server, the asymmetric encryption can improve the safety of the second ciphertext, namely the safety of the symmetric encryption key and the transmission of the sampled data is improved, the data quantity of the second ciphertext is relatively smaller, the efficiency of the asymmetric encryption can be improved, the problems that the traditional symmetric encryption algorithm is poor in safety and the efficiency of the asymmetric encryption algorithm are solved, and the effect of improving the data encryption efficiency and the data transmission safety is achieved.
Further, the ciphertext sending module 620 may include:
a sampling position determining unit, configured to determine at least one sampling position in the first secret;
the ciphertext sampling unit is used for replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
Further, the sampling position determining unit includes:
the sampling frequency determining subunit is used for determining the sampling frequency according to a preset sampling data quantity threshold value and the length of preset data;
and the sampling position calculating subunit is used for determining the sampling position according to the data quantity of the first ciphertext and the sampling times.
Further, the sampling position calculation subunit is specifically configured to divide the first ciphertext into N parts of first sub-ciphertexts according to the data size of the first ciphertext; wherein N is the sampling times; generating a sampling random number; and determining the sampling position in the first sub-secret according to the sampling random number.
Further, the second ciphertext obtaining module 630 may include:
The first ciphertext abstract obtaining unit is used for determining the abstract of the first ciphertext to obtain a first ciphertext abstract;
the first message generating unit is used for generating a message comprising sampling data, a symmetric encryption key and a first ciphertext abstract, and the server verifies the restored first ciphertext according to the first ciphertext abstract in the message.
Further, the second ciphertext obtaining module 630 may include:
the original text abstract obtaining unit is used for determining the abstract of the data original text to obtain an original text abstract;
the second message generating unit is used for generating a message comprising sampling data, a symmetric encryption key and an original text abstract, and the server verifies the decryption result of the first ciphertext according to the original text abstract in the message.
Further, the first ciphertext obtaining module 610 may include:
the random number generation unit is used for generating a secret key random number for the data original text to be transmitted;
and the key generation unit is used for generating a symmetric encryption key according to the key random number.
The device can execute the data transmission method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
Example six
Fig. 8 is a schematic structural diagram of a data transmission device according to a sixth embodiment of the present invention. The sixth embodiment of the present invention is a corresponding apparatus for implementing the data transmission method of the server provided in the foregoing embodiment of the present invention, where the apparatus may be implemented in a software and/or hardware manner and may be generally integrated in an electronic device of the server. The data transmission device includes:
A post-sampling ciphertext receiving module 710 that receives the post-sampling ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
a second ciphertext receiving module 720 for receiving the second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; generating a message according to the sampling data and the symmetric encryption key;
a second ciphertext decrypting module 730 configured to decrypt the second ciphertext using the asymmetric private key to obtain the message;
the first ciphertext decrypting module 740 is configured to restore the sampled ciphertext by using the sampled data in the message to obtain a first ciphertext, and decrypt the restored first ciphertext by using the symmetric encryption key in the message.
According to the embodiment of the invention, the second ciphertext is decrypted by the asymmetric public key to obtain the message by receiving the sampled ciphertext and the second ciphertext, so that the safety of the message is improved, the first ciphertext is restored according to the sampled data in the message, the first ciphertext is decrypted according to the symmetric key in the message to obtain the first ciphertext, the decryption efficiency of the first ciphertext is improved, and the data decryption efficiency is improved while the safety of data transmission is improved by comprehensively utilizing asymmetric encryption and symmetric encryption.
Further, the first ciphertext decrypting module 740 includes:
the first ciphertext extraction unit is used for extracting a sampling position and a first ciphertext at the sampling position from the sampling data in the message;
the first ciphertext restoring unit is used for replacing preset data at the sampling position in the sampled ciphertext by adopting the first ciphertext at the sampling position, and restoring to obtain the first ciphertext.
Further, the first ciphertext decrypting module 740 further includes:
and the restoring result verification unit is used for verifying the restored first ciphertext by adopting the first ciphertext abstract in the message.
Further, the first ciphertext decrypting module 740 further includes:
and the decryption result verification unit is used for verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
The device can execute the data transmission method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
Example seven
Fig. 9 is a schematic structural diagram of an electronic device provided in a seventh embodiment of the present invention, where the electronic device may be configured to a client or a server, and as shown in fig. 9, the electronic device includes a processor 810, a memory 820, an input device 830, and an output device 840; the number of processors 810 in the electronic device may be one or more, one processor 810 being taken as an example in fig. 9; the processor 810, memory 820, input device 830, and output device 840 in the apparatus may be connected by a bus or other means, for example in fig. 9.
The memory 820 is a computer readable storage medium, and may be used to store a software program, a computer executable program, and modules, such as program instructions/modules (e.g., the first ciphertext obtaining module 610, the ciphertext transmitting module 620, the second ciphertext obtaining module 630, and the first ciphertext decrypting module 640) corresponding to the data transmission method in the embodiments of the invention. The processor 810 executes various functional applications of the electronic device and data processing, i.e., implements the data transmission methods described above, by running software programs, instructions, and modules stored in the memory 820.
The input device 830 may be used to receive input point cloud data and to generate key signal inputs related to user settings and function controls of the electronic device. The output device 840 may include a display device such as a display screen.
Example eight
An eighth embodiment of the present invention also provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are for performing a data transmission method comprising (by a client):
generating a symmetric encryption key for a data original to be transmitted, and encrypting the data original by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampling data, and sending the sampled ciphertext to a server;
generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
and sending a second ciphertext to the server side, wherein the second ciphertext is used for enabling the server side to execute the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
The method further comprises (executed by the server):
receiving the sampled ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; generating a message according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by adopting an asymmetric private key to obtain a message;
and restoring the sampled ciphertext by adopting the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by adopting the symmetric encryption key in the message.
Of course, the storage medium containing the computer executable instructions provided in the embodiments of the present invention is not limited to the method operations described above, and may also perform the related operations in the data transmission method provided in any embodiment of the present invention.
The embodiments of the present invention also provide a computer program product comprising a computer program which, when executed by a processor, implements a data transmission method according to any of the embodiments of the present invention.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
It should be noted that, in the above-mentioned embodiments of the search apparatus, each unit and module included are only divided according to the functional logic, but not limited to the above-mentioned division, as long as the corresponding functions can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (14)
1. A method of data transmission, performed by a client, the method comprising:
generating a symmetric encryption key for a data original to be transmitted, and encrypting the data original by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampling data, and sending the sampled ciphertext to a server;
generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
And sending the second ciphertext to the server side, wherein the second ciphertext is used for enabling the server side to execute the following steps: decrypting the second ciphertext by using an asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using a symmetric encryption key in the message;
the step of sampling the first ciphertext to obtain a sampled ciphertext and sampled data includes:
determining at least one sampling location in the first secret;
and replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
2. The method of claim 1, wherein determining at least one sampling location in the first secret comprises:
determining sampling times according to a preset sampling data quantity threshold value and the length of preset data;
and determining a sampling position according to the data quantity and the sampling times of the first ciphertext.
3. The method of claim 2, wherein determining the sampling location based on the data amount of the first ciphertext and the number of samples comprises:
dividing the first ciphertext into N parts of first sub-ciphertexts according to the data quantity of the first ciphertext; wherein N is the sampling times;
generating a sampling random number;
and determining the sampling position in the first sub-secret according to the sampling random number.
4. The method of claim 1, wherein generating a message from the sampled data and the symmetric encryption key comprises:
determining the abstract of the first ciphertext to obtain a first ciphertext abstract;
and generating a message comprising the sampling data, the symmetric encryption key and the first ciphertext abstract, and verifying the restored first ciphertext by the server according to the first ciphertext abstract in the message.
5. The method of claim 1, wherein generating a message from the sampled data and the symmetric encryption key comprises:
determining the abstract of the data original text to obtain an original text abstract;
and generating a message comprising the sampling data, the symmetric encryption key and the original text abstract, and verifying a decryption result of the first ciphertext by the server according to the original text abstract in the message.
6. The method of claim 1, wherein generating a symmetric encryption key for the data original to be transmitted comprises:
generating a key random number for a data original text to be transmitted;
and generating a symmetric encryption key according to the key random number.
7. A data transmission method, performed by a server, the method comprising:
receiving the sampled ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting a data original text to be transmitted by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data; the step of sampling the first ciphertext to obtain a sampled ciphertext and sampled data includes: determining at least one sampling location in the first secret; replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext;
Receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by adopting an asymmetric private key to obtain a message;
and restoring the ciphertext after sampling by adopting the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by adopting the symmetric encryption key in the message.
8. The method of claim 7, wherein the recovering the sampled ciphertext using the sampled data in the message to obtain the first ciphertext comprises:
extracting a sampling position and a first ciphertext at the sampling position from sampling data in the message;
and replacing preset data at the sampling position in the sampled ciphertext by using the first ciphertext at the sampling position, and recovering to obtain the first ciphertext.
9. The method of claim 7, wherein prior to decrypting the restored first ciphertext using the symmetric encryption key in the message, further comprises:
and verifying the restored first ciphertext by adopting the first ciphertext abstract in the message.
10. The method of claim 7, wherein after decrypting the restored first ciphertext using the symmetric encryption key in the message, further comprises:
And verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
11. A data transmission apparatus, characterized by being executed by a client, comprising:
the first ciphertext acquisition module is used for generating a symmetric encryption key for the data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module is used for sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
the second ciphertext acquisition module is used for generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext;
the first ciphertext decrypting module is used for sending a second ciphertext to the server and enabling the server to execute the following steps: decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message;
wherein, ciphertext sending module includes:
a sampling position determining unit, configured to determine at least one sampling position in the first secret;
The ciphertext sampling unit is used for replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, the sampling data are determined according to the sampling position and the first ciphertext at the sampling position, and the server side restores the sampled ciphertext according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
12. A data transmission apparatus, executed by a server, comprising:
the post-sampling ciphertext receiving module is used for receiving the post-sampling ciphertext from the client; the ciphertext after sampling is obtained by the following steps: encrypting a data original text to be transmitted by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data; the step of sampling the first ciphertext to obtain a sampled ciphertext and sampled data includes: determining at least one sampling location in the first secret; replacing the first ciphertext at the sampling position by preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext;
The second ciphertext receiving module is used for receiving the second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
the second ciphertext decrypting module is used for decrypting the second ciphertext by adopting the asymmetric private key to obtain a message;
the first ciphertext decryption module is used for restoring the sampled ciphertext by adopting the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by adopting the symmetric encryption key in the message.
13. An electronic device, the electronic device comprising:
one or more processors;
a storage means for storing one or more programs;
when executed by the one or more processors, causes the one or more processors to implement the data transmission method of any of claims 1-10.
14. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the data transmission method according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500861.2A CN114205142B (en) | 2021-12-09 | 2021-12-09 | Data transmission method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500861.2A CN114205142B (en) | 2021-12-09 | 2021-12-09 | Data transmission method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114205142A CN114205142A (en) | 2022-03-18 |
| CN114205142B true CN114205142B (en) | 2023-05-30 |
Family
ID=80651760
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111500861.2A Active CN114205142B (en) | 2021-12-09 | 2021-12-09 | Data transmission method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114205142B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745207B (en) * | 2022-06-10 | 2022-08-26 | 国汽智控(北京)科技有限公司 | Data transmission method, device, equipment, computer readable storage medium and product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110048852A (en) * | 2019-03-29 | 2019-07-23 | 如般量子科技有限公司 | Quantum communications service station Signcryption method and system based on unsymmetrical key pond |
| CN110214325A (en) * | 2017-01-27 | 2019-09-06 | 国际商业机器公司 | Data mask |
| CN110324143A (en) * | 2019-05-24 | 2019-10-11 | 平安科技(深圳)有限公司 | Data transmission method, electronic equipment and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11483306B2 (en) * | 2018-03-26 | 2022-10-25 | Matrics2, Inc. | Secure communication with random numbers |
-
2021
- 2021-12-09 CN CN202111500861.2A patent/CN114205142B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110214325A (en) * | 2017-01-27 | 2019-09-06 | 国际商业机器公司 | Data mask |
| CN110048852A (en) * | 2019-03-29 | 2019-07-23 | 如般量子科技有限公司 | Quantum communications service station Signcryption method and system based on unsymmetrical key pond |
| CN110324143A (en) * | 2019-05-24 | 2019-10-11 | 平安科技(深圳)有限公司 | Data transmission method, electronic equipment and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114205142A (en) | 2022-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109151053B (en) | Anti-quantum computing cloud storage method and system based on public asymmetric key pool | |
| CN109756500B (en) | Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools | |
| EP3841702B1 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| TWI489847B (en) | Data encryption method, data verification method and electronic apparatus | |
| CN111555872B (en) | Communication data processing method, device, computer system and storage medium | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN106357690B (en) | data transmission method, data sending device and data receiving device | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN112804205A (en) | Data encryption method and device and data decryption method and device | |
| CN111526007B (en) | Random number generation method and system | |
| CN110611670A (en) | API request encryption method and device | |
| CN111010399A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN111339040A (en) | Cloud storage method, device, equipment and storage medium for data files | |
| CN111079178B (en) | Method for desensitizing and backtracking trusted electronic medical record | |
| CN115276978A (en) | Data processing method and related device | |
| CN114205142B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN110889695A (en) | Method and device for saving and recovering private data based on secure multi-party computing | |
| CN109299618B (en) | Quantum-resistant computing cloud storage method and system based on quantum key card | |
| CN114338648A (en) | SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm | |
| CN112702582B (en) | Secure transmission method and device for monitoring video based on SM2 | |
| CN109412788B (en) | Anti-quantum computing agent cloud storage security control method and system based on public key pool | |
| CN111291398A (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
| CN109302283B (en) | Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool | |
| CN113489589A (en) | Data encryption and decryption method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |