CN114444093B - Data security encryption method, device, equipment and computer readable storage medium - Google Patents

Data security encryption method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN114444093B
CN114444093B CN202111620657.4A CN202111620657A CN114444093B CN 114444093 B CN114444093 B CN 114444093B CN 202111620657 A CN202111620657 A CN 202111620657A CN 114444093 B CN114444093 B CN 114444093B
Authority
CN
China
Prior art keywords
target
server
public key
feedback information
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111620657.4A
Other languages
Chinese (zh)
Other versions
CN114444093A (en
Inventor
余文锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Top Media Co ltd
Original Assignee
Shenzhen Top Media Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Top Media Co ltd filed Critical Shenzhen Top Media Co ltd
Priority to CN202111620657.4A priority Critical patent/CN114444093B/en
Publication of CN114444093A publication Critical patent/CN114444093A/en
Application granted granted Critical
Publication of CN114444093B publication Critical patent/CN114444093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data security encryption method, a device, equipment and a computer readable storage medium, relating to the field of data encryption, wherein the method comprises the following steps: acquiring a target public key and a target private key generated by a client, and sending the target public key to a target server; receiving target feedback information sent by a target server based on a target public key, encrypting target data generated by a client through a target private key, and uploading the encrypted target data to a target network; receiving a first public key and first feedback information which are sent by a first server in a target network based on encrypted target data, and judging whether the first server is a target server or not according to a target private key, the target feedback information, the first public key and the first feedback information; and if the first server is the target server, sending the encrypted target data to the target server. The invention prevents the disguised server from illegally intercepting the target data.

Description

Data security encryption method, device, equipment and computer readable storage medium
Technical Field
The present invention relates to the field of data encryption, and in particular, to a method, an apparatus, a device, and a computer-readable storage medium for data security encryption.
Background
With the rapid development of science and technology, the security of data transmission is more and more concerned by people. When an application program installed on a client sends data to a server which wants to transmit the data through a network, the data can be intercepted by a disguised server in the network, so that the data is lost and the like, the disguised server disguises the data into other servers through a strong disguising means of the disguising server, and the identification difficulty is high, so that the technical problem to be solved urgently how to solve the illegal interception of the data in the network by the disguised server is needed to be solved urgently.
Disclosure of Invention
The invention mainly aims to provide a data security encryption method, a data security encryption device, data security encryption equipment and a computer readable storage medium, and aims to solve the technical problem of illegal interception of data in a network by a disguised server.
In addition, in order to achieve the above object, the present invention further provides a data security encryption method, where the data security encryption method is applied to a client, and the client is in communication connection with a target server through a target network, and the data security encryption method includes the following steps:
acquiring a target public key and a target private key generated by the client, and sending the target public key to the target server;
receiving target feedback information sent by the target server based on the target public key, encrypting target data generated by the client through the target private key, and uploading the encrypted target data to the target network;
receiving a first public key and first feedback information sent by a first server in the target network based on the encrypted target data, and judging whether the first server is the target server or not according to the target private key, the target feedback information, the first public key and the first feedback information;
and if the first server is the target server, sending the encrypted target data to the target server.
Optionally, before the step of obtaining the target public key and the target private key generated by the client and sending the target public key to the target server, the method includes:
after the client is in communication connection with a target server through a target network, acquiring a first preset key generation rule;
generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained through calculation based on the first preset key generation rule and the target private key, and the target public key is unique; and a first private key calculated based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key.
Optionally, after the step of determining whether the first server is the target server according to the target private key, the target feedback information, the first public key, and the first feedback information, the method includes:
if the first public key is obtained through calculation based on the first preset secret key generation rule and the target private key, the first public key is unique, and the target feedback information is matched with the first feedback information, the first server is judged to be the target server;
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, determining that the first server is not the target server;
and if the first public key is obtained through calculation based on the first preset secret key generation rule and the target private key, the first public key is unique, and the target feedback information is not matched with the first feedback information, judging that the first server is not the target server.
Optionally, if the first public key is obtained by calculation based on the first preset key generation rule and the target private key, and the first public key is unique, and the target feedback information does not match the first feedback information, after the step of determining that the first server is not the target server, the method further includes:
selecting a second preset key generation rule from a preset key generation rule group based on the security level of the first preset key generation rule, wherein the security level of the second preset key generation rule is higher than that of the first preset key generation rule;
and a step of respectively using a public key and a private key generated based on the second preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
Optionally, after the step of selecting a second preset key generation rule from the preset key generation rule group based on the security level of the first preset key generation rule, the method further includes:
if the first preset key generation rule is a preset key generation rule with the highest security level in the preset key generation rule group, fusing the first preset key generation rule with other preset key generation rules in the preset key generation rule group to obtain a target preset key generation rule;
and respectively taking a public key and a private key generated based on the target preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
Optionally, the target feedback information includes a target storage path and a target receiving port, the first feedback information includes a first storage path and a first receiving port, and the data security encryption method includes:
if the target storage path is the same as the first storage path and the target receiving port is the same as the first receiving port, determining that the target feedback information is matched with the first feedback information;
and if the target storage path is not the same as the first storage path and/or the target receiving port is not the same as the first receiving port, judging that the target feedback information is not matched with the first feedback information.
Optionally, after the step of determining that the first server is not the target server if the public key calculated based on the first preset key generation rule and the target private key is different from the first public key, the method includes:
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, and the target feedback information is matched with the first feedback information, sending an updating instruction to the target server;
and receiving update feedback information sent by the target server based on the update instruction, taking the update feedback information as the target feedback information, returning to the step of encrypting the target data generated by the client through the target private key, and uploading the encrypted target data to the target network.
In addition, to achieve the above object, the present invention further provides a data security encryption device, including:
the public key sending module is used for acquiring a target public key and a target private key generated by the client and sending the target public key to the target server;
the encrypted data uploading module is used for receiving target feedback information fed back by the target server, encrypting the target data generated by the client through the target private key and uploading the encrypted target data to a target network;
a determining module, configured to receive a first public key and first feedback information, which are fed back by a first server in the target network based on the encrypted target data, and determine whether the first server is the target server according to the target private key, the target feedback information, the first public key, and the first feedback information;
and the encrypted information sending module is used for sending the encrypted target data to the target server if the first server is the target server.
In addition, to achieve the above object, the present invention also provides a data security encryption device, including: the system comprises a memory, a processor and a data security encryption program which is stored on the memory and can run on the processor, wherein when the data security encryption program is executed by the processor, the steps of the data security encryption method are realized.
In addition, to achieve the above object, the present invention further provides a computer readable storage medium having a data security encryption program stored thereon, which when executed by a processor implements the steps of the data security encryption method as described above.
The embodiment of the invention provides a data security encryption method, a data security encryption device, data security encryption equipment and a computer readable storage medium. In the embodiment of the invention, a data security encryption method is applied to a client, the client is in communication connection with a target server through a target network, firstly, a target public key and a target private key generated by the client are obtained, the target public key is sent to the target server, the target server sends target feedback information to the client based on the target public key after receiving the target public key, the client encrypts generated target data (needing to be sent to the target server) through the target private key and uploads the encrypted target data to the target network, when a first server in the target network wants to receive the target data, the first public key and first feedback information need to be sent to the client based on the encrypted target data, then, whether the first server is the target server or not is judged according to the target private key, the target feedback information, the first public key and the first feedback information, if the first server is the target server, the encrypted target data is sent to the target server, when the server in the target network wants to receive the target data, the first public key and the first feedback information sent by the first server need to be fed back to the client, and the real public key and the first feedback information sent by the first server are analyzed, so that the identity of the first server is effectively prevented from being illegally disguised to the target data.
Drawings
Fig. 1 is a schematic hardware structure diagram of an implementation manner of a data security encryption device according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a data security encryption method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of a data security encryption method according to the present invention;
fig. 4 is a functional block diagram of an embodiment of a data security encryption device according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
The data security encryption terminal (also called terminal, equipment or terminal equipment) in the embodiment of the invention can be a PC (personal computer), and can also be a mobile terminal equipment with a code compiling function, such as a smart phone, a tablet computer, a portable computer and the like.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU (Central Processing Unit), a communication bus 1002, and a memory 1003. Wherein a communication bus 1002 is used to enable connective communication between these components. The memory 1003 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The memory 1003 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1003 as a kind of computer storage medium may include therein a data security encryption program.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
acquiring a target public key and a target private key generated by the client, and sending the target public key to the target server;
receiving target feedback information sent by the target server based on the target public key, encrypting target data generated by the client through the target private key, and uploading the encrypted target data to the target network;
receiving a first public key and first feedback information sent by a first server in the target network based on the encrypted target data, and judging whether the first server is the target server according to the target private key, the target feedback information, the first public key and the first feedback information;
and if the first server is the target server, sending the encrypted target data to the target server.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
after the client is in communication connection with a target server through a target network, acquiring a first preset key generation rule;
generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained through calculation based on the first preset key generation rule and the target private key, and the target public key is unique; and a first private key calculated based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
if the first public key is obtained through calculation based on the first preset secret key generation rule and the target private key, the first public key is unique, and the target feedback information is matched with the first feedback information, the first server is judged to be the target server;
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, determining that the first server is not the target server;
and if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, the first public key is unique, and the target feedback information is not matched with the first feedback information, it is determined that the first server is not the target server.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
selecting a second preset key generation rule from a preset key generation rule group based on the security level of the first preset key generation rule, wherein the security level of the second preset key generation rule is higher than that of the first preset key generation rule;
and a step of taking a public key and a private key generated based on the second preset key generation rule as the target public key and the target private key respectively, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
if the first preset key generation rule is a preset key generation rule with the highest security level in the preset key generation rule group, fusing the first preset key generation rule with other preset key generation rules in the preset key generation rule group to obtain a target preset key generation rule;
and respectively taking a public key and a private key generated based on the target preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
if the target storage path is the same as the first storage path and the target receiving port is the same as the first receiving port, determining that the target feedback information is matched with the first feedback information;
and if the target storage path is not the same as the first storage path and/or the target receiving port is not the same as the first receiving port, judging that the target feedback information is not matched with the first feedback information.
In the terminal shown in fig. 1, the processor 1001 may be configured to call a data security encryption program stored in the memory 1003, and perform the following operations:
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, and the target feedback information is matched with the first feedback information, sending an updating instruction to the target server;
and receiving update feedback information sent by the target server based on the update instruction, taking the update feedback information as the target feedback information, returning to the step of encrypting the target data generated by the client through the target private key, and uploading the encrypted target data to the target network.
Based on the hardware structure of the equipment, the embodiment of the data security encryption method is provided.
It should be noted that, the client in the present invention is installed with an application program, and a server corresponding to the application program is connected to the client through a network in a communication manner, for example, the client is a mobile phone, the application program is a WeChat, and the server is a Tencent (WeChat service provider) server, when a user a sends a picture or video data to another user through the WeChat in the mobile phone, the picture or video data will be sent to the Tencent server first, and then forwarded to another user by the Tencent server, and in the process that the picture or video data is sent to the Tencent server through the network, the picture or video data may be intercepted by a disguised server in the network, which causes a data security problem.
Referring to fig. 2, in a first embodiment of the data security encryption method of the present invention, the data security encryption method includes:
step S10, a target public key and a target private key generated by the client are obtained, and the target public key is sent to the target server;
it should be noted that the process of data encryption is actually the process of private key encryption and public key decryption, and the difficulty is that in the case of public key, the difficulty of obtaining the private key is high, the higher the difficulty of obtaining the private key is, the higher the encryption degree is, and the more difficult the data is to be illegally obtained. Based on the above, in this embodiment, after the client establishes a communication connection with the target server through the target network, the client obtains the target public key and the target private key generated by the client, and sends the target public key to the target server.
This embodiment provides a specific application scenario, when a user downloads a "WeChat" application and is registering an account, or when the user opens a "WeChat" application installed in a mobile phone, the "WeChat" application establishes a connection with a flight (WeChat service provider) server (i.e., a target server in this embodiment), and under such a connection, a data security encryption program installed in the mobile phone sends a generated public key (i.e., a target public key in this embodiment) to the target server, and a process of generating the target public key and a target private key will be described in detail below.
Step S20, receiving target feedback information sent by the target server based on the target public key, encrypting target data generated by the client through the target private key, and uploading the encrypted target data to the target network;
it should be noted that, after receiving the target public key sent by the client, the target server generates feedback information (i.e., the target feedback information in this embodiment) based on the target public key, where the generated feedback information includes a storage location of the target public key in the target server, a port used by the target server to receive data sent by the client, and the like, and after receiving the feedback information generated by the target server based on the target public key, the client encrypts the target data generated by the client through the target private key, and uploads the encrypted target data to the target network. It can be known that before the client sends valuable (possibly intercepted by the masquerading server) data to the target server, the client sends the generated target public key to the target server, and then the target server can encrypt the generated feedback information by using the target public key and send the encrypted feedback information to the client.
Step S30, receiving a first public key and first feedback information sent by a first server in the target network based on the encrypted target data, and judging whether the first server is the target server according to the target private key, the target feedback information, the first public key and the first feedback information;
in the process that the client uploads the encrypted target data to the target network and sends the encrypted target data to the target server through the target network, may be illegally intercepted by the masquerading server, therefore, the target data generated by the client disclosed by the invention carries the verification rule (generated based on the feedback information of the target server), wherein the validation rules are generated based on a computer protocol supported by the data security encryption scheme disclosed in the present application, this computer protocol provides that when a server (i.e., the first server in this embodiment) in the target network receives the target data, the response to the validation rules carried by the target data is required, similar to the security validation problem, the target data can be successfully received only if the server receiving the target data passes the validation rules, which are generated by computer readable codes, when the first server wants to receive the target data, a first public key and first feedback information (comprising the public key storage position generated by the first server and the data receiving port) are generated based on a verification rule (such as an output target public key, a public key storage position and a data receiving port), the first public key and the first feedback information sent by the first server in the target network based on the encrypted target data are received, namely, the first server responds to the verification rule carried by the target data and then sends the information, then the first public key is verified through the target private key held by the client, then, the target feedback information is compared with the first feedback information, if the target private key can successfully verify the first public key, and the first feedback information is the same as the target feedback information, it may be determined that the first server is the target server.
And step S40, if the first server is the target server, sending the encrypted target data to the target server.
The first public key is verified through a target private key held by the client, then the target feedback information is compared with the first feedback information, the encrypted target data is sent to the target server after the first server is determined to be the target server, and therefore, if the first server is determined to be not the target server according to the judgment result, the request of the first server for receiving the target data is refused to be responded.
Further, in a possible embodiment, in the step S10, a target public key and a target private key generated by the client are obtained, and the target public key is sent to the target server, where the previous steps include:
step a1, after the client is in communication connection with a target server through a target network, acquiring a first preset key generation rule;
step a2, generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained by calculation based on the first preset key generation rule and the target private key, and the target public key is unique; and a first private key calculated based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key.
It should be noted that, in this embodiment, the idea of generating the target public key and the target private key based on the first preset key generation rule is as follows: the only target public key can be obtained through the first preset secret key generation rule and the target private key, and a plurality of private keys can be obtained through the first preset secret key generation rule and the target public key, wherein the plurality of private keys comprise a real target private key. On the basis of the above idea, this embodiment provides a specific key generation method, where the target private key is 2x +2, and the first preset key generation rule is: the target private key is derived to obtain a target public key, the target public key is 2, and under the condition that the target private key is known to be 2X +2 and the first preset key generation rule is derived to obtain the target public key, the only target public key 2 can be obtained simply; however, when the target public key is known to be 2 and the first preset key generation rule is to derive the target private key to obtain the target public key, the number of private keys obtained by integrating (inverse process of derivation) 2 is 2x + C (C is a constant), and 2x + C (C is a constant) is infinite, so that the pseudo server cannot obtain a correct and unique target private key through the target public key and the first preset key generation rule.
Further, in a possible embodiment, in the step S30, according to the target private key, the target feedback information, the first public key and the first feedback information, it is determined whether the first server is the target server, and the following steps include:
step A1, if a first public key is obtained by calculation based on the first preset secret key generation rule and the target private key, the first public key is unique, and the target feedback information is matched with the first feedback information, the first server is determined to be the target server;
after the client receives the first public key fed back by the first server, if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, the obtained first public key is unique, and the target feedback information is matched with the first feedback information fed back by the first server (for example, the storage position in the first feedback information is the same as the storage position in the target feedback information, and the port number in the first feedback information is the same as the port number in the target feedback information), the first server is determined to be the target server.
Step A2, if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, determining that the first server is not the target server;
therefore, if the public key (i.e., the target public key) calculated based on the first preset key generation rule and the target private key is different from the first public key fed back by the first server, it is determined that the first server is not the target server.
Step A3, if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, the first public key is unique, and the target feedback information is not matched with the first feedback information, it is determined that the first server is not the target server.
It can be known that, if the target server sends the target feedback information to the client before sending the encrypted target data, and if the first public key is obtained based on the first preset key generation rule and the target private key, and the first public key is unique, but the target feedback information is not matched with the first feedback information, this indicates that, in the process of sending the target public key to the target server, the target public key is intercepted illegally, but in the process of sending the target feedback information to the client by the target server, the target feedback information is not intercepted, in this case, it is first determined that the first server is not the target server, then the target private key may be modified, the target public key is obtained again, and then the obtained target public key is sent to the target server again.
In this embodiment, a data security encryption method is applied to a client, the client is in communication connection with a target server through a target network, first, a target public key and a target private key generated by the client are obtained, the target public key is sent to the target server, the target server sends target feedback information to the client based on the target public key after receiving the target public key, the client encrypts target data (which needs to be sent to the target server) generated through the target private key and uploads the encrypted target data to the target network, when a first server in the target network wants to receive the target data, the client needs to send the first public key and first feedback information to the client based on the encrypted target data, then, according to the target private key, the target feedback information, the first public key and the first feedback information, whether the first server is the target server is judged, if the first server is the target server, the encrypted target data is sent to the target server, when the server in the target network wants to receive the target data, the client needs to feed back to the client, and the first public key and the first feedback information sent by the first server are analyzed, so that the real identity of the first server is effectively prevented from being illegally intercepted.
Further, referring to fig. 3, a second embodiment of the data security encryption method of the present invention is proposed on the basis of the above-mentioned embodiment of the present invention.
This embodiment is a step after step A3 in the first embodiment, and the present embodiment is different from the above-described embodiments of the present invention in that:
step A4, selecting a second preset secret key generation rule from a preset secret key generation rule group based on the security level of the first preset secret key generation rule, wherein the security level of the second preset secret key generation rule is higher than that of the first preset secret key generation rule;
and step A5, respectively using a public key and a private key generated based on the second preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
As can be seen, if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, and the first public key is unique, but the target feedback information is not matched with the first feedback information, it indicates that the target public key is illegally intercepted in the process of sending the target public key to the target server by the client, but the target feedback information is not intercepted in the process of sending the target feedback information to the client by the target server, which indicates that the security level of the first preset key generation rule is not high enough, and based on the security level of the first preset key generation rule, the second preset key generation rule is selected from the preset key generation rule group, wherein the security level of the second preset key generation rule is higher than that of the first preset key generation rule, the public key and the private key generated based on the second preset key generation rule are respectively used as the target public key and the target private key, and the target public key and the target private key generated by the client are obtained, and the target public key is sent to the target server.
Further, in a possible embodiment, the step A4 selects a second preset key generation rule from the preset key generation rule set based on the security level of the first preset key generation rule, and then includes:
b1, if the first preset key generation rule is a preset key generation rule with the highest security level in the preset key generation rule group, fusing the first preset key generation rule with other preset key generation rules in the preset key generation rule group to obtain a target preset key generation rule;
and b2, respectively taking a public key and a private key generated based on the target preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
It may be known that, if a first public key is obtained through calculation based on a first preset key generation rule and a target private key, and the first public key is unique, but target feedback information is not matched with the first feedback information, it indicates that the target public key is illegally intercepted in a process of sending the target public key to a target server by a client, but target feedback information is not intercepted in a process of sending the target feedback information to the client by the target server, where this indicates that a security level of the first preset key generation rule is not high enough, and based on a security level of the first preset key generation rule, a preset key generation rule with a higher security level is selected from a preset key generation rule set, and if the first preset key generation rule is a preset key generation rule with a highest security level in the preset key generation rule set, the first preset key generation rule and other preset key generation rules in the preset key generation rule set are fused to obtain a target preset key generation rule, for example, the first target private key generation rule is 2x +2, and the first preset key generation rule is: obtaining a first target public key by differentiating the first target private key, wherein the first target public key is 2; the second target private key is an ellipse formula + a linear formula intersecting the ellipse at two points, and the second preset key generation rule is as follows: and solving the X-axis coordinates of two points of the intersection of the straight line and the ellipse, wherein the second target public key is the X-axis coordinates of the two points of the intersection of the straight line and the ellipse. The target preset key generation rule is: and deriving the first target private key to obtain a first target public key, and carrying out X-axis coordinates of two points of the second target private key, wherein the straight line of the second target private key intersects with the ellipse.
And after the target preset key generation rule is obtained, respectively taking a public key and a private key generated based on the target preset key generation rule as a target public key and a target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
Further, in a possible embodiment, the target feedback information includes a target storage path and a target receiving port, the first feedback information includes a first storage path and a first receiving port, and the data security encryption method includes:
step c1, if the target storage path is the same as the first storage path and the target receiving port is the same as the first receiving port, determining that the target feedback information is matched with the first feedback information;
and c2, if the target storage path is different from the first storage path and/or the target receiving port is different from the first receiving port, judging that the target feedback information is not matched with the first feedback information.
Specifically, if the first storage path in the first feedback information is the same as the target storage path in the target feedback information, and the first receiving port in the first feedback information is the same as the target receiving port in the target feedback information, it is determined that the first feedback information matches the target feedback information, and conversely, if the first storage path in the first feedback information is not the same as the target storage path in the target feedback information, and/or the first receiving port in the first feedback information is not the same as the target receiving port in the target feedback information, it is determined that the first feedback information does not match the target feedback information.
Further, in a possible embodiment, in the step A2, if a public key calculated based on the first preset key generation rule and the target private key is not the same as the first public key, it is determined that the first server is not the target server, and the following steps include:
step d1, if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, and the target feedback information is matched with the first feedback information, sending an update instruction to the target server;
and d2, receiving update feedback information sent by the target server based on the update instruction, taking the update feedback information as the target feedback information, returning to the step of encrypting the target data generated by the client through the target private key, and uploading the encrypted target data to the target network.
It can be known that, if the public key calculated based on the first preset key generation rule and the target private key is different from the first public key, but the target feedback information is matched with the first feedback information, which means that the target public key is not intercepted illegally when the client sends the target public key to the target server, but the target feedback information is intercepted illegally when the target server sends the target feedback information to the client.
In the embodiment, the real identity of the first server is judged by analyzing the first public key and the first feedback information sent by the first server, so that the illegal interception of the target data by the disguised server is effectively prevented.
In addition, referring to fig. 4, an embodiment of the present invention further provides a data security encryption apparatus, where the data security encryption apparatus includes:
the public key sending module 10 is configured to obtain a target public key and a target private key generated by a client, and send the target public key to a target server;
the encrypted data uploading module 20 is configured to receive target feedback information fed back by the target server, encrypt target data generated by the client through the target private key, and upload the encrypted target data to a target network;
a determining module 30, configured to receive a first public key and first feedback information fed back by a first server in the target network based on the encrypted target data, and determine whether the first server is the target server according to the target private key, the target feedback information, the first public key, and the first feedback information;
an encrypted information sending module 40, configured to send the encrypted target data to the target server if the first server is the target server.
Optionally, the data security encryption apparatus further includes:
the first preset key generation rule acquisition module is used for acquiring a first preset key generation rule after the client is in communication connection with a target server through a target network;
the key generation module is used for generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained through calculation based on the first preset key generation rule and the target private key, and the target public key is unique; and a first private key calculated based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key.
Optionally, the data security encryption apparatus further includes:
a first determination module, configured to determine that the first server is the target server if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, where the first public key is unique and the target feedback information matches the first feedback information;
a second determination module, configured to determine that the first server is not the target server if a public key calculated based on the first preset key generation rule and the target private key is different from the first public key;
a third determining module, configured to determine that the first server is not the target server if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, and the first public key is unique and the target feedback information does not match the first feedback information.
Optionally, the data security encryption apparatus further includes:
a second preset key generation rule selection module, configured to select a second preset key generation rule from a preset key generation rule group based on a security level of the first preset key generation rule, where the security level of the second preset key generation rule is higher than the security level of the first preset key generation rule;
and the first circular execution module is used for respectively taking a public key and a private key generated based on the second preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client and sending the target public key to the target server.
Optionally, the data security encryption apparatus further includes:
a rule fusion module, configured to fuse the first preset key generation rule with other preset key generation rules in the preset key generation rule group to obtain a target preset key generation rule if the first preset key generation rule is a preset key generation rule with a highest security level in the preset key generation rule group;
and the second loop execution module is used for respectively taking a public key and a private key generated based on the target preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client and sending the target public key to the target server.
Optionally, the target feedback information includes a target storage path and a target receiving port, the first feedback information includes a first storage path and a first receiving port, and the data security encryption apparatus further includes:
a first determining module, configured to determine that the target feedback information matches the first feedback information if the target storage path is the same as the first storage path and the target receiving port is the same as the first receiving port;
a second determining module, configured to determine that the target feedback information is not matched with the first feedback information if the target storage path is different from the first storage path and/or the target receiving port is different from the first receiving port.
Optionally, the data security encryption apparatus further includes:
an update instruction sending module, configured to send an update instruction to the target server if a public key obtained through calculation based on the first preset key generation rule and the target private key is different from the first public key, and the target feedback information matches the first feedback information;
and the third loop execution module is used for receiving the update feedback information sent by the target server based on the update instruction, using the update feedback information as the target feedback information, returning to the step of encrypting the target data generated by the client through the target private key, and uploading the encrypted target data to the target network.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a program is stored, and the program, when executed by a processor, implements operations in the methods provided by the above embodiments.
The method executed by each program module can refer to each embodiment of the method of the present invention, and is not described herein again.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity/action/object from another entity/action/object without necessarily requiring or implying any actual such relationship or order between such entities/actions/objects; the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.
For the apparatus embodiment, since it is substantially similar to the method embodiment, it is described relatively simply, and reference may be made to some description of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, in that elements described as separate components may or may not be physically separate. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention or the portions contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.

Claims (8)

1. A data security encryption method is applied to a client side, the client side is in communication connection with a target server through a target network, and the data security encryption method comprises the following steps:
acquiring a target public key and a target private key generated by the client, and sending the target public key to the target server;
receiving target feedback information sent by the target server based on the target public key, encrypting target data generated by the client through the target private key, and uploading the encrypted target data to the target network;
receiving a first public key and first feedback information which are sent by a first server in the target network based on the encrypted target data, wherein the first public key and the first feedback information are obtained by the first server responding to a verification rule carried by the target data, and judging whether the first server is the target server according to the target private key, the target feedback information, the first public key and the first feedback information;
if the first server is the target server, sending the encrypted target data to the target server;
before the step of obtaining the target public key and the target private key generated by the client and sending the target public key to the target server, the method comprises the following steps:
after the client is in communication connection with a target server through a target network, acquiring a first preset key generation rule;
generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained through calculation based on the first preset key generation rule and the target private key, and the target public key is unique; a first private key calculated based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key;
after the step of determining whether the first server is the target server according to the target private key, the target feedback information, the first public key and the first feedback information, the method includes:
if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, the first public key is unique, and the target feedback information is matched with the first feedback information, the first server is determined to be the target server;
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, judging that the first server is not the target server;
and if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, the first public key is unique, and the target feedback information is not matched with the first feedback information, it is determined that the first server is not the target server.
2. The data security encryption method according to claim 1, wherein after the step of determining that the first server is not the target server if the first public key is obtained by calculation based on the first preset key generation rule and the target private key, the first public key is unique, and the target feedback information does not match the first feedback information, the method further comprises:
selecting a second preset key generation rule from a preset key generation rule group based on the security level of the first preset key generation rule, wherein the security level of the second preset key generation rule is higher than that of the first preset key generation rule;
and a step of respectively using a public key and a private key generated based on the second preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
3. The method for securely encrypting data according to claim 2, wherein the step of selecting the second preset key generation rule from the preset key generation rule set based on the security level of the first preset key generation rule further comprises:
if the first preset key generation rule is a preset key generation rule with the highest security level in the preset key generation rule group, fusing the first preset key generation rule with other preset key generation rules in the preset key generation rule group to obtain a target preset key generation rule;
and respectively using a public key and a private key generated based on the target preset key generation rule as the target public key and the target private key, returning to the step of obtaining the target public key and the target private key generated by the client, and sending the target public key to the target server.
4. The data security encryption method of claim 1, wherein the target feedback information includes a target storage path and a target receiving port, the first feedback information includes a first storage path and a first receiving port, the data security encryption method comprising:
if the target storage path is the same as the first storage path and the target receiving port is the same as the first receiving port, determining that the target feedback information is matched with the first feedback information;
and if the target storage path is different from the first storage path and/or the target receiving port is different from the first receiving port, judging that the target feedback information is not matched with the first feedback information.
5. The data security encryption method according to claim 1, wherein after the step of determining that the first server is not the target server if the public key calculated based on the first preset key generation rule and the target private key is different from the first public key, the method includes:
if a public key obtained by calculation based on the first preset key generation rule and the target private key is different from the first public key, and the target feedback information is matched with the first feedback information, sending an updating instruction to the target server;
and receiving update feedback information sent by the target server based on the update instruction, taking the update feedback information as the target feedback information, returning to the step of encrypting the target data generated by the client through the target private key, and uploading the encrypted target data to the target network.
6. A data security encryption apparatus, the data security encryption apparatus comprising:
the public key sending module is used for acquiring a target public key and a target private key generated by the client and sending the target public key to the target server;
the encrypted data uploading module is used for receiving target feedback information fed back by the target server, encrypting the target data generated by the client through the target private key and uploading the encrypted target data to a target network;
a determining module, configured to receive a first public key and first feedback information that are fed back by a first server in the target network based on the encrypted target data, where the first public key and the first feedback information are obtained by the first server in response to a verification rule carried by the target data, and determine, according to the target private key, the target feedback information, the first public key, and the first feedback information, whether the first server is the target server;
the encrypted information sending module is used for sending the encrypted target data to the target server if the first server is the target server;
the data security encryption device further comprises:
the first preset key generation rule acquisition module is used for acquiring a first preset key generation rule after the client is in communication connection with a target server through a target network;
the key generation module is used for generating a target public key and a target private key according to the first preset key generation rule, wherein the target public key is obtained through calculation based on the first preset key generation rule and the target private key, and the target public key is unique; a first private key obtained by calculation based on the first preset key generation rule and the target public key is not unique, and the first private key comprises the target private key;
a first determining module, configured to determine that the first server is the target server if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, and the first public key is unique and the target feedback information matches the first feedback information;
a second determining module, configured to determine that the first server is not the target server if a public key obtained through calculation based on the first preset key generation rule and the target private key is different from the first public key;
a third determining module, configured to determine that the first server is not the target server if the first public key is obtained through calculation based on the first preset key generation rule and the target private key, and the first public key is unique and the target feedback information is not matched with the first feedback information.
7. A data security encryption device, characterized in that the data security encryption device comprises: memory, a processor and a data security encryption program stored on the memory and executable on the processor, the data security encryption program when executed by the processor implementing the steps of the data security encryption method of any one of claims 1 to 5.
8. A computer-readable storage medium, having stored thereon a data security encryption program which, when executed by a processor, implements the steps of the data security encryption method of any one of claims 1 to 5.
CN202111620657.4A 2021-12-28 2021-12-28 Data security encryption method, device, equipment and computer readable storage medium Active CN114444093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111620657.4A CN114444093B (en) 2021-12-28 2021-12-28 Data security encryption method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111620657.4A CN114444093B (en) 2021-12-28 2021-12-28 Data security encryption method, device, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN114444093A CN114444093A (en) 2022-05-06
CN114444093B true CN114444093B (en) 2022-11-18

Family

ID=81366653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111620657.4A Active CN114444093B (en) 2021-12-28 2021-12-28 Data security encryption method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN114444093B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107172056A (en) * 2017-05-31 2017-09-15 福建中金在线信息科技有限公司 A kind of channel safety determines method, device, system, client and server
CN109660534A (en) * 2018-12-15 2019-04-19 平安科技(深圳)有限公司 Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN109688098A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Safety communicating method, device, equipment and the computer readable storage medium of data
CN110768796A (en) * 2019-10-31 2020-02-07 广东美的制冷设备有限公司 Control method and control device of air conditioner, air conditioner and readable storage medium
CN112333133A (en) * 2020-07-08 2021-02-05 深圳Tcl新技术有限公司 Data security transmission method, device, equipment and computer readable storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10205709B2 (en) * 2016-12-14 2019-02-12 Visa International Service Association Key pair infrastructure for secure messaging

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107172056A (en) * 2017-05-31 2017-09-15 福建中金在线信息科技有限公司 A kind of channel safety determines method, device, system, client and server
CN109688098A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Safety communicating method, device, equipment and the computer readable storage medium of data
CN109660534A (en) * 2018-12-15 2019-04-19 平安科技(深圳)有限公司 Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN110768796A (en) * 2019-10-31 2020-02-07 广东美的制冷设备有限公司 Control method and control device of air conditioner, air conditioner and readable storage medium
CN112333133A (en) * 2020-07-08 2021-02-05 深圳Tcl新技术有限公司 Data security transmission method, device, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN114444093A (en) 2022-05-06

Similar Documents

Publication Publication Date Title
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
CN109359691B (en) Identity verification method and system based on block chain
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
CN106657152B (en) Authentication method, server and access control device
CN109510796B (en) Equipment binding method and system
CN110138744B (en) Method, device and system for replacing communication number, computer equipment and storage medium
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN111131300B (en) Communication method, terminal and server
CN110177111B (en) Information verification method, system and device
CN113572728B (en) Method, device, equipment and medium for authenticating Internet of things equipment
CN111770057A (en) Identity verification system and identity verification method
EP3206329A1 (en) Security check method, device, terminal and server
CN111460410A (en) Server login method, device and system and computer readable storage medium
CN109889410B (en) Method, system, device, proxy equipment and storage medium for testing service function
CN108667800B (en) Access authority authentication method and device
CN105471920A (en) Identifying code processing method and device
CN110636503B (en) Data encryption method, device, equipment and computer readable storage medium
JP4409497B2 (en) How to send confidential information
CN111898101A (en) Application security equipment verification method and device
US20030154409A1 (en) Mobile communications terminal and data transmitting method
CN108429621B (en) Identity verification method and device
CN114444093B (en) Data security encryption method, device, equipment and computer readable storage medium
CN109936522B (en) Equipment authentication method and equipment authentication system
CN112769759A (en) Information processing method, information gateway, server and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant