CN114745115A - Information transmission method and device, computer equipment and storage medium - Google Patents

Information transmission method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN114745115A
CN114745115A CN202210443694.0A CN202210443694A CN114745115A CN 114745115 A CN114745115 A CN 114745115A CN 202210443694 A CN202210443694 A CN 202210443694A CN 114745115 A CN114745115 A CN 114745115A
Authority
CN
China
Prior art keywords
data
random number
data packet
request
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210443694.0A
Other languages
Chinese (zh)
Inventor
徐东
刘文民
郝石磊
张殿炎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sensetime Technology Development Co Ltd
Original Assignee
Beijing Sensetime Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sensetime Technology Development Co Ltd filed Critical Beijing Sensetime Technology Development Co Ltd
Priority to CN202210443694.0A priority Critical patent/CN114745115A/en
Publication of CN114745115A publication Critical patent/CN114745115A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The present disclosure provides an information transmission method, apparatus, computer device and storage medium, wherein the method comprises: receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number; generating response data based on the request data in the request data packet; generating first signature data based on the response data and the target random number, and generating a response data packet based on the first signature data; and sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.

Description

Information transmission method and device, computer equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an information transmission method and apparatus, a computer device, and a storage medium.
Background
With the development of information transmission technology, information transmission between servers or between a server and a user side is very common. However, information is easily attacked by interception in the transmission process, and how to ensure the security of information transmission becomes an urgent problem to be solved.
In the related art, the HTTPS protocol improves the security of information transmission, however, there is no information protection means in the process of sending information to the user side by the server, so that the transmitted information is easily attacked by the network such as replay attack and information rewriting, thereby bringing about a potential safety hazard.
Disclosure of Invention
The embodiment of the disclosure at least provides an information transmission method, an information transmission device, computer equipment and a storage medium.
In a first aspect, an embodiment of the present disclosure provides an information transmission method, including:
receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
generating response data based on the request data in the request data packet;
generating first signature data based on the response data and the target random number, and generating a response data packet based on the first signature data;
and sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
In the method, the request data packet received by the server contains the signed target random number, and the data security of the user side in the process of sending data to the server can be ensured by verifying the target random number; after generating the response data, the server may generate first signature data based on the response data and a target random number in a request data packet sent by the user side, and generate a response data packet based on the first signature data. Therefore, after the response data packet is sent to the user side, the user side can verify whether the content of the response data packet is tampered or not based on the first signature data and the target random number, and by executing the signature verification process on the user side and the server at the same time, the risk of network attacks such as replay attack and information rewriting can be reduced, and the safety of data transmission is improved.
In a possible implementation, after receiving the request packet sent by the user terminal, the method further includes:
judging whether the target random number is the same as the received historical random number or not;
and under the condition that the target random number is detected to be the same as the historical random number, determining the request data packet as invalid data, and sending invalid prompt information to the user side.
By adopting the method, the request data packet which is probably the replay attack can be determined as invalid data, and the safety of information transmission is improved.
In a possible implementation manner, the request packet includes encrypted request data, identification information of the user side, and second signature data, where the second signature data includes the target random number;
after receiving the request data packet sent by the user terminal, the method further comprises:
and searching a corresponding first public key and a second public key based on the identification information of the user side, decrypting the encrypted request data based on the first public key, and verifying the signature of the second signature data based on the second public key.
By adopting the method, the corresponding first public key and the second public key can be searched based on the identification information of the user side so as to determine whether the identification information of the user side is a legal user identification or not, thereby realizing the verification of the user identity.
In one possible embodiment, the generating first signature data based on the response data and the target random number includes:
determining summary information of the response data;
and encrypting the summary information and the target random number based on the second public key to generate the first signature data.
By adopting the method, after receiving the response data packet, the user terminal can compare the received target random number with the target random number in the transmitted request data packet, so as to verify the response data packet, and ensure that the response data is transmitted by the server and not by the intermediate agent.
In one possible embodiment, the generating a response packet based on the first signature data includes:
and encrypting the response data, and generating the response data packet based on the first signature data and the encrypted response data.
By adopting the method, the interceptor can directly acquire the response data after the response data packet is intercepted to a certain extent, thereby improving the safety and the privacy of information transmission.
In a second aspect, an embodiment of the present disclosure further provides an information transmission method, including:
generating a request data packet based on the request data and the target random number, and sending the request data packet to a server;
receiving a response data packet sent by a server; wherein the response data packet comprises first signature data;
checking the first signature data, and judging whether the target random number after checking is consistent with the target random number in the request data packet;
and if the data is consistent with the data, performing data processing based on the response data in the response data packet.
In the method, the user side can generate a request data packet based on the request data and the target random number, send the request data packet to the server, and then compare the target random number in the sent request data packet with the target random number in the received response data packet, so as to verify whether the response data packet corresponds to the request data packet, thereby preventing the potential safety hazard caused by replay attack to a certain extent and improving the safety of information transmission.
In one possible embodiment, the generating the request packet based on the request data and the target random number includes:
encrypting the summary information of the request data and the target random number based on a private key to generate second signature data, and generating the request data packet based on the second signature data;
the verifying the first signature data includes:
decrypting the first signature data based on the private key.
By adopting the method, the server can verify the content of the request data packet after receiving the request data packet, thereby reducing the potential safety hazard brought by the request data packet being maliciously rewritten to a certain extent; and the first signature data is verified based on the private key, so that potential safety hazards caused by malicious rewriting of the response data packet are reduced to a certain extent, and the safety of information transmission is improved.
In a third aspect, an embodiment of the present disclosure further provides an information transmission apparatus, including:
the first receiving module is used for receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
the first generation module is used for generating response data based on the request data in the request data packet;
a second generation module, configured to generate first signature data based on the response data and the target random number, and generate a response packet based on the first signature data;
and the first sending module is used for sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
In a possible implementation manner, after receiving the request packet sent by the user side, the first receiving module is further configured to:
judging whether the target random number is the same as the received historical random number;
and under the condition that the target random number is detected to be the same as the historical random number, determining the request data packet as invalid data, and sending invalid prompt information to the user side.
In a possible implementation manner, the request packet includes encrypted request data, identification information of the user side, and second signature data, where the second signature data includes the target random number;
after receiving the request packet sent by the user side, the first receiving module is further configured to:
and searching a corresponding first public key and a second public key based on the identification information of the user side, decrypting the encrypted request data based on the first public key, and verifying the signature of the second signature data based on the second public key.
In one possible embodiment, the second generating module, when generating the first signature data based on the response data and the target random number, is configured to:
determining summary information of the response data;
and encrypting the digest information and the target random number based on the second public key to generate the first signature data.
In one possible embodiment, the second generating module, when generating the response packet based on the first signature data, is configured to:
and encrypting the response data, and generating the response data packet based on the first signature data and the encrypted response data.
In a fourth aspect, an embodiment of the present disclosure further provides an information transmission apparatus, including:
the second sending module is used for generating a request data packet based on the request data and the target random number and sending the request data packet to the server;
the second receiving module is used for receiving a response data packet sent by the server; wherein the response data packet comprises first signature data;
the signature checking module is used for checking the first signature data and judging whether the target random number after the signature checking is consistent with the target random number in the request data packet or not;
and the processing module is used for processing data based on the response data in the response data packet if the response data is consistent with the response data packet.
In a possible implementation manner, the second sending module, when generating the request packet based on the request data and the target random number, is configured to:
encrypting the summary information of the request data and the target random number based on a private key to generate second signature data, and generating the request data packet based on the second signature data;
the signature verification module is used for, when verifying the signature of the first signature data:
decrypting the first signature data based on the private key.
In a fifth aspect, an embodiment of the present disclosure further provides a computer device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the computer device is running, the machine-readable instructions when executed by the processor performing the steps of the first aspect, or any one of the possible implementations of the first aspect, or the second aspect, or any one of the possible implementations of the second aspect.
In a sixth aspect, this disclosed embodiment also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor performs the steps in the first aspect, or any one of the possible embodiments of the first aspect, or performs the steps in the second aspect, or any one of the possible embodiments of the second aspect.
For the description of the effects of the information transmission apparatus, the computer device, and the computer-readable storage medium, reference is made to the description of the information transmission method, which is not repeated herein.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the technical aspects of the disclosure.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for use in the embodiments will be briefly described below, and the drawings herein incorporated in and forming a part of the specification illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the technical solutions of the present disclosure. It is appreciated that the following drawings depict only certain embodiments of the disclosure and are therefore not to be considered limiting of its scope, for those skilled in the art will be able to derive additional related drawings therefrom without the benefit of the inventive faculty.
Fig. 1 shows a flow chart of an information transmission method provided by an embodiment of the present disclosure;
FIG. 2 is a schematic diagram illustrating content contained in a request packet according to an embodiment of the disclosure;
FIG. 3 is a diagram illustrating the content contained in a response packet according to an embodiment of the disclosure;
fig. 4 is a flowchart illustrating another information transmission method provided by the embodiment of the present disclosure;
fig. 5 is a schematic diagram illustrating an architecture of an information transmission apparatus provided in an embodiment of the present disclosure;
fig. 6 is a schematic diagram illustrating an architecture of another information transmission apparatus provided in the embodiment of the present disclosure;
FIG. 7 is a schematic structural diagram of a computer device provided by an embodiment of the present disclosure;
fig. 8 shows a schematic structural diagram of another computer device provided by the embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, not all of the embodiments. The components of the embodiments of the present disclosure, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the disclosure, provided in the accompanying drawings, is not intended to limit the scope of the disclosure, as claimed, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
With the development of information transmission technology, information transmission between servers or between a server and a user side is very common. However, information is easily attacked by interception in the transmission process, and how to ensure the security of information transmission becomes an urgent problem to be solved.
In the related art, the HTTPS protocol improves the security of information transmission, but lacks an information protection means in the process of sending information from the server to the client, so that the transmitted information is vulnerable to network attacks such as replay attack and information rewriting, thereby bringing about a potential safety hazard.
In the process of transmitting the data packet to the target device, the replay attack means that an attacker steals the data packet by using network monitoring or other methods and sends the data packet to the target device again, so that the target device makes an error response by using the data packet under the condition that the content in the data packet cannot be known (usually, the content in the data packet is encrypted).
Based on the research, the present disclosure provides an information transmission method, an information transmission apparatus, a computer device, and a storage medium, where a request data packet received by a server includes a signed target random number, and data security of a user in a process of sending data to the server can be ensured by verifying the target random number; after generating the response data, the server may generate first signature data based on the response data and a target random number in a request data packet sent by the user side, and generate a response data packet based on the first signature data. Therefore, after the response data packet is sent to the user side, the user side can verify whether the content of the response data packet is tampered or not based on the first signature data and the target random number, and by executing the signature verification process on the user side and the server at the same time, the risk of network attacks such as replay attack and information rewriting can be reduced, and the safety of data transmission is improved.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The term "and/or" herein merely describes an associative relationship, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
For the convenience of understanding the present embodiment, first, an information transmission method disclosed in the embodiments of the present disclosure is described in detail, and an execution subject of the information transmission method provided in the embodiments of the present disclosure is generally a server. In some possible implementations, the transmission method may be implemented by a processor calling computer readable instructions stored in a memory.
Referring to fig. 1, a flowchart of an information transmission method provided in the embodiment of the present disclosure is shown, where the method includes steps 101 to 104, where:
step 101, receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
102, generating response data based on the request data in the request data packet;
103, generating first signature data based on the response data and the target random number, and generating a response data packet based on the first signature data;
and 104, sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
The following is a detailed description of the above steps:
for step 101,
Specifically, the user side may send the request data packet to the server first, where the request data packet may include second signature data, encrypted request data, and a target random number; the request data packet may further include a timestamp, the processed identification information of the user side, and the like.
In a possible implementation manner, after the server receives a request data packet sent by the user side, whether the target random number is the same as the received historical random number may be determined; and under the condition that the target random number is detected to be the same as the historical random number, determining the request data packet as invalid data, and sending invalid prompt information to the user side.
The target random number may be a random number generated by a random number generation algorithm, and the exemplary target random number may be a Universal Unique Identifier (UUID), where the target random number has uniqueness. The historical random number is a random number received by the server.
Specifically, the server stores a history random number in a history request packet sent from the user side, and if the target random number is the same as the history random number, the history random number indicates that the target random number has been received by the server, and the request packet may be a packet for replay attack.
By adopting the method, the request data packet which is probably the replay attack can be determined as invalid data, and the safety of information transmission is improved.
In a possible application scenario, if the server stores all the received historical random numbers, the data stored in the server will be more and more as time goes on, and occupy more storage space, and the consumed time will be longer and longer when detecting whether the target random number is the same as the historical random number, thereby reducing the working efficiency.
Therefore, in a possible implementation, the historical random number may be all received random numbers within a preset time difference from the current time, and if the current time is 10:30 and the preset time difference is 10 minutes, all the received random numbers are between 10:20 and 10: 30.
In a possible implementation manner, a time interval between the time when the user side sends the request data packet and the time when the server receives the request data packet is a time interval for data transmission, and the longer the time interval is, the higher the probability that the request data packet is intercepted and modified is.
Therefore, the request packet may further include the timestamp, where the timestamp may refer to a time when the request packet is sent or may refer to a time when the second signature data is generated, and after receiving the request packet, the server may determine a time interval between the time indicated by the timestamp and a current time, and when the time interval exceeds a preset time interval, determine that the request packet is invalid data, and send an invalid prompt message to the user end.
Illustratively, the preset time interval is 5 minutes, the current time is 10:25, if the timestamp is 10:00, the time interval between the current time and the timestamp is 25 minutes, if the time interval is greater than the preset time interval, it is determined that the request packet is invalid data, and an invalid prompt message such as "message sending error" is sent to the user end; if the timestamp is 10:23, the time interval between the current time and the timestamp is 2 minutes, and is smaller than the preset time interval, and the server continues to perform subsequent processing on the request data packet.
By adopting the method, the server can judge the timeliness of the request data packet according to the timestamp and the current time, so that the safety of information transmission is improved; and only the historical random number in a period of time is stored, so that the storage space of the server is saved, and the working efficiency of comparing the target random number with the historical random number is improved.
In a possible implementation manner, the request packet includes encrypted request data, identification information of the user side, and second signature data, where the second signature data includes the target random number; after receiving a request data packet sent by a user side, a corresponding first public key and a corresponding second public key may be searched based on identification information of the user side, the encrypted request data is decrypted based on the first public key, and signature verification processing is performed on the second signature data based on the second public key. Wherein the second public key may be the same as the first public key.
Specifically, the identification information of the user side may be issued to the user side in advance by the server, for example, the identification information of the user side may be stored in a license certificate issued to the user side by the server, and when the user side sends the request data packet to the server, the identification information of the user side may be acquired through the license certificate. Meanwhile, the server may store identification information of a plurality of clients.
After receiving the request packet, the server may determine whether the identity of the user side is legal according to the identification information of the user side and the identification information of the plurality of user sides stored by the server.
The server stores a plurality of public keys, and the public keys are stored corresponding to the identification information of the user side, so that the first public key and the second public key corresponding to the identification information of the user side can be searched from the server based on the identification information of the user side.
Here, in order to ensure that the identification information of the user side is not stolen or tampered in the information transmission process, the identification information of the user side may be processed identification information, and after receiving the processed identification information, the server may restore the identification information of the user side to identification information before being processed by using a preset algorithm.
When the encrypted request data is decrypted, the first public key is the same as a secret key adopted when the user side is encrypted under the condition that the encryption mode of the request data is symmetric encryption, and the first public key corresponds to a private key adopted when the user side is encrypted under the condition that the encryption mode of the request data is asymmetric encryption. Here, the method of encrypting and decrypting the request data may be exemplified by an RSA encryption algorithm and an RSA decryption algorithm.
The second signature data may include signatures of the following target data: the timestamp, the target random number, the summary information of the request data, the identification information of the user side, the signature version, the request method, the request path and the like.
The signature version is a version of a signature method adopted by the user terminal when generating the second signature data, the request method is used for indicating a request type of the request data packet, such as a GET method and a POST method in HTTP, for example, and the request path is an address of a resource in a server.
In summary, the content included in the request packet is as shown in fig. 2, wherein the encrypted request data, the timestamp, and the target random number are transmitted in plaintext, and the identification information of the user end is the processed identification information of the user end.
When the signature verification processing is performed on the second signature data based on the second public key, the second signature data may be decrypted based on the second public key (the second public key corresponds to a private key used when the user side signs), so as to obtain decrypted target data, and then, the target data is verified based on the decrypted target data.
Specifically, the verification process can be referred to the following table:
Figure BDA0003615028090000131
here, when the server performs the verification, the regenerated summary information may be generated based on the following method: the digest information (e.g., SHA-256 digest) of the requested data is regenerated based on an Algorithm, such as a Secure Hash Algorithm (SHA), used when the user terminal generates the digest information of the requested data. And then comparing the decrypted summary information in the second signature data with the regenerated summary information.
For the time stamp and the target random number, the time stamp decrypted from the second signature data may be compared with the time stamp of the plaintext, and the target random number decrypted from the second signature data may be compared with the target random number of the plaintext.
For the identification information of the user side, the plaintext identification information of the user side after being processed may be restored to generate the identification information of the user side, and then the identification information of the user side decrypted from the second signature data may be compared with the generated identification information of the user side.
In the comparison process, if any one comparison result is inconsistent and indicates that the request data packet is possibly rewritten, determining that the request data packet is invalid data, and sending the invalid prompt information to the user side; and under the condition that all comparison results are consistent, continuing to perform subsequent processing on the request data packet.
By adopting the method, the corresponding first public key and the second public key can be searched based on the identification information of the user side so as to determine whether the identification information of the user side is a legal user identification or not, thereby realizing the verification of the user identity.
For steps 102, 103
In a possible implementation manner, the server further stores therein permissions corresponding to the respective clients, and in order to determine whether the client has a permission for the server to execute the request data, after the request packet is verified by the method in step 101, the permission information of the client may be queried based on the identification information of the client, and in a case that the request data of the client conforms to the permission information of the client, first signature data is generated based on the response data and the target random number.
In one possible application scenario, in order to enable the user end to verify the response packet sent by the server after receiving the response packet, first signature data may be generated based on the response data and the target random number.
Here, the first signature data may include, in addition to the digest information of the response data and the target random number, a signature of: signature version, request method, request path.
In summary, the content contained in the response packet is shown in fig. 3. Wherein, the encrypted response data and the target random number are transmitted in plaintext.
In one possible embodiment, when generating the first signature data based on the response data and the target random number, digest information of the response data may be determined, and then the digest information and the target random number are encrypted based on the second public key to generate the first signature data.
Specifically, when the digest information of the response data is determined, it may be exemplarily extracted by using an SHA algorithm (such as SHA-256) to obtain SHA-256 digest information, and then the digest information and the target random number are encrypted based on the second public key, where the target random number is the target random number in the request data packet sent by the user side.
In this way, after receiving the response packet, the user terminal may compare the received target random number with the target random number in the request packet sent, so as to verify the response packet, so as to ensure that the response packet is sent by the server and not by the intermediate proxy.
In one possible implementation, when generating a response packet based on the first signature data, the response data may be encrypted, and the response packet may be generated based on the first signature data and the encrypted response data.
Specifically, when the response data is encrypted, the response data may be encrypted based on the first public key, where in a case of adopting a symmetric encryption method, the first public key is the same as a secret key of the user terminal when decrypting the response data, and in a case of adopting an asymmetric encryption method, the first public key corresponds to a private key of the user terminal when decrypting the response data. Illustratively, the response data may be encrypted using an RSA encryption algorithm.
By adopting the method, the interceptor can directly acquire the response data after the response data packet is intercepted to a certain extent, thereby improving the safety and the privacy of information transmission.
And then, according to a preset sending format, splicing the first signature data and the encrypted response data to generate the response data packet, wherein the response data packet may further include the signature version, the request path, the request method, the target random number, and the like.
With respect to step 104,
Specifically, after receiving the response packet, the user side may check the first signature data in the response packet, compare the target random number in the response packet with the random number in the request packet, and if the target random number is consistent with the random number in the request packet, perform data processing based on the response data in the response packet. The specific verification method is described in the following examples.
According to the information transmission method provided by the embodiment of the disclosure, the request data packet received by the server contains the signed target random number, and the data security of the user side in the process of sending data to the server can be ensured by verifying the target random number; after generating the response data, the server may generate first signature data based on the response data and a target random number in a request data packet sent by the user side, and generate a response data packet based on the first signature data. Therefore, after the response data packet is sent to the user side, the user side can verify whether the content of the response data packet is tampered or not based on the first signature data and the target random number, and by executing the signature verification process on the user side and the server at the same time, the risk of network attacks such as replay attack and information rewriting can be reduced, and the safety of data transmission is improved.
Based on the same concept, the embodiment of the present disclosure further provides an information transmission method, which is applied to a user side, for example, a smart phone, a personal computer, a tablet computer, and the like; referring to fig. 4, a flowchart of another information transmission method provided in the embodiment of the present disclosure is shown, where the method includes steps 401 to 404, where:
step 401, generating a request data packet based on the request data and the target random number, and sending the request data packet to a server;
step 402, receiving a response data packet sent by a server; wherein the response data packet comprises first signature data;
step 403, checking the first signature data, and judging whether the target random number after checking is consistent with the target random number in the request data packet;
and step 404, if the response data in the response data packet are consistent, performing data processing based on the response data in the response data packet.
The following is a detailed description of the above steps:
for step 401,
In one possible embodiment, when generating a request packet based on request data and a target random number, the digest information of the request data and the target random number may be encrypted based on a private key, second signature data may be generated, and the request packet may be generated based on the second signature data.
Specifically, the private key corresponds to a second public key of the server, the summary information of the request data may be extracted from the request data based on an SHA algorithm, the extracted summary information may be (SHA-256 summary information), and the second signature data may further include a signature of: the user identification of the (processed or plaintext) user side, the timestamp, the signature version, the request method, the request path, etc.
By adopting the method, the server can verify the content of the request data packet after receiving the request data packet, thereby reducing the potential safety hazard brought by the request data packet being maliciously rewritten to a certain extent.
In a possible embodiment, the request data may also be encrypted. Illustratively, the request data may be encrypted using an RSA encryption algorithm. Under the condition of adopting a symmetric encryption method, a secret key of a user side can be adopted to encrypt the request data, and after receiving the encrypted request data, the server can adopt the same secret key to decrypt the encrypted request data; under the condition of adopting asymmetric encryption, the request data can be encrypted by adopting a private key of a user side, and the server can decrypt the encrypted request data by adopting a public key corresponding to the private key after receiving the encrypted request data.
For step 402 to step 404
Wherein the first signature data comprises: summary information of the response data, the target random number, the signature version, the request method, the request path. The response data packet includes the first signature data, the encrypted response data, the plaintext target random number, and the like.
In one possible embodiment, the first signature data may be decrypted based on the private key when the first signature data is verified. Wherein the private key corresponds to the second public key. Here, after decryption, the decrypted target random number, the digest information of the decrypted response data, and the like can be obtained.
In one possible embodiment, the encrypted response data may also be decrypted. Specifically, if the response data is encrypted by using a symmetric encryption method, the response data may be decrypted by using the same key as that used when the server encrypts the response data, and if the response data is encrypted by using an asymmetric encryption method, the response data may be decrypted by using a private key corresponding to the first public key used when the server encrypts the response data. For example, if the response data is encrypted by using an RSA encryption algorithm, the encrypted response data may be decrypted by using an RSA decryption algorithm.
In a possible implementation, when the first signature data is verified, the digest information of the response data may be regenerated, for example, the digest information of the response data (for example, SHA-256 digest information) is regenerated by using the SHA algorithm, then the regenerated digest information is compared with the digest information decrypted from the first signature data, the target random number in the plaintext is compared with the target random number decrypted from the first signature data, and the like, and in case that any comparison result is inconsistent, the response data packet is determined to be invalid data, and invalid prompt information, for example, "data reception error", is displayed; and performing subsequent processing on the response data packet under the condition that all comparison results are consistent.
By adopting the method, the first signature data is verified based on the private key, so that potential safety hazards caused by malicious rewriting of the response data packet are reduced to a certain extent, and the safety of information transmission is improved.
In a possible application scenario, if a user sends a plurality of request packets to a server, but there is a situation that part of the request packets fail to be verified, a response packet sent by the server to the user and passing through the request packets may be intercepted, and then a request result pretended to be a request packet failing to be verified after being intercepted may be sent to the user, thereby causing an error processing of the user.
For example, the user side may send two request data packets, request a and request B, to the server, the server may reject the content requested by request B through the content requested by request a, and in the case that the request a passes, a response data packet corresponding to the request a may be attacked by replay, so that the response data packet is sent to the user side again as the request result of request B, and thus the processing result is wrong for request B.
Based on this, the disclosure compares the target random number after signature verification with the target random number in the request data packet, if the target random number is consistent with the target random number in the request data packet, it indicates that the response data packet corresponds to the request data packet, and then, the subsequent processing can be executed for the response data packet; if not, it indicates that the response packet does not correspond to the request packet, and a replay attack may be suffered. Therefore, by adopting the method, the replay attack can be released to a certain extent, and the safety of information transmission is improved.
In one possible embodiment, when the target random number after the signature verification is inconsistent with the target random number in the request packet, an invalid prompt message, such as "message reception error" may be displayed.
According to the information transmission method provided by the embodiment of the disclosure, the user side can generate the request data packet based on the request data and the target random number, send the request data packet to the server, and then compare the target random number in the sent request data packet with the target random number in the received response data packet, so as to verify whether the response data packet corresponds to the request data packet, thereby preventing the potential safety hazard caused by replay attack to a certain extent and improving the safety of information transmission.
It will be understood by those skilled in the art that in the method of the present invention, the order of writing the steps does not imply a strict order of execution and any limitations on the implementation, and the specific order of execution of the steps should be determined by their function and possible inherent logic.
Based on the same inventive concept, an information transmission device corresponding to the information transmission method is also provided in the embodiments of the present disclosure, and because the principle of solving the problem of the device in the embodiments of the present disclosure is similar to the information transmission method in the embodiments of the present disclosure, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.
Corresponding to the information transmission method shown in fig. 1, an embodiment of the present disclosure provides an information transmission apparatus, and referring to fig. 5, the apparatus is an architecture diagram of the information transmission apparatus provided in the embodiment of the present disclosure, and the apparatus includes: a first receiving module 501, a first generating module 502, a second generating module 503, and a first transmitting module 504; wherein the content of the first and second substances,
a first receiving module 501, configured to receive a request data packet sent by a user end; wherein, the request data packet comprises a signed target random number;
a first generating module 502, configured to generate response data based on the request data in the request data packet;
a second generating module 503, configured to generate first signature data based on the response data and the target random number, and generate a response packet based on the first signature data;
a first sending module 504, configured to send the response packet to the user side, so that after the user side performs signature verification on the first signature data, the security of the response packet is verified based on the target random number after signature verification.
In a possible implementation manner, after receiving the request packet sent by the user side, the first receiving module 501 is further configured to:
judging whether the target random number is the same as the received historical random number;
and under the condition that the target random number is detected to be the same as the historical random number, determining the request data packet as invalid data, and sending invalid prompt information to the user side.
In a possible implementation manner, the request packet includes encrypted request data, identification information of the user side, and second signature data, where the second signature data includes the target random number;
after receiving the request packet sent by the user end, the first receiving module 501 is further configured to:
and searching a corresponding first public key and a second public key based on the identification information of the user side, decrypting the encrypted request data based on the first public key, and verifying the signature of the second signature data based on the second public key.
In a possible implementation, the second generating module 503, when generating the first signature data based on the response data and the target random number, is configured to:
determining summary information of the response data;
and encrypting the digest information and the target random number based on the second public key to generate the first signature data.
In a possible implementation, the second generating module 503, when generating the response packet based on the first signature data, is configured to:
and encrypting the response data, and generating the response data packet based on the first signature data and the encrypted response data.
Corresponding to the information transmission method shown in fig. 4, an embodiment of the present disclosure further provides an information transmission apparatus, and referring to fig. 6, an architecture diagram of another information transmission apparatus provided in the embodiment of the present disclosure is shown, where the apparatus includes: a second sending module 601, a second receiving module 602, a signature checking module 603, and a processing module 604; wherein, the first and the second end of the pipe are connected with each other,
a second sending module 601, configured to generate a request data packet based on the request data and the target random number, and send the request data packet to the server;
a second receiving module 602, configured to receive a response packet sent by the server; wherein, the response data packet comprises first signature data;
the signature checking module 603 is configured to check the signature of the first signature data, and determine whether the target random number after the signature checking is consistent with the target random number in the request data packet;
and a processing module 604, configured to perform data processing based on the response data in the response data packet if the response data is consistent with the response data.
In a possible implementation manner, the second sending module 601, when generating the request packet based on the request data and the target random number, is configured to:
encrypting the summary information of the request data and the target random number based on a private key to generate second signature data, and generating the request data packet based on the second signature data;
the signature verification module 603, when verifying the signature of the first signature data, is configured to:
decrypting the first signature data based on the private key.
The description of the processing flow of each module in the device and the interaction flow between the modules may refer to the related description in the above method embodiments, and will not be described in detail here.
Based on the same technical concept, the embodiment of the disclosure also provides computer equipment. Referring to fig. 7, a schematic structural diagram of a computer device 700 provided in the embodiment of the present disclosure includes a processor 701, a memory 702, and a bus 702. The memory 702 is used for storing execution instructions and includes a memory 7021 and an external memory 7022; the memory 7021 is also referred to as an internal memory, and is used to temporarily store operation data in the processor 701 and data exchanged with an external memory 7022 such as a hard disk, the processor 701 exchanges data with the external memory 7022 through the memory 7021, and when the computer apparatus 700 is operated, the processor 701 communicates with the memory 702 through the bus 702, so that the processor 701 executes the following instructions:
receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
generating response data based on the request data in the request data packet;
generating first signature data based on the response data and the target random number, and generating a response data packet based on the first signature data;
and sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
Based on the same technical concept, the embodiment of the disclosure also provides another computer device. Referring to fig. 8, a schematic structural diagram of a computer device 800 provided in the embodiment of the present disclosure includes a processor 801, a memory 802, and a bus 802. The memory 802 is used for storing execution instructions and includes a memory 8021 and an external memory 8022; the memory 8021 is also referred to as an internal memory, and is used for temporarily storing operation data in the processor 801 and data exchanged with an external storage 8022 such as a hard disk, the processor 801 exchanges data with the external storage 8022 through the memory 8021, and when the computer apparatus 800 operates, the processor 801 communicates with the storage 802 through the bus 802, so that the processor 801 executes the following instructions:
generating a request data packet based on the request data and the target random number, and sending the request data packet to a server;
receiving a response data packet sent by a server; wherein the response data packet comprises first signature data;
checking the first signature data, and judging whether the target random number after checking is consistent with the target random number in the request data packet;
and if the data is consistent with the data, performing data processing based on the response data in the response data packet.
The embodiments of the present disclosure also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program performs the steps of the information transmission method in the above method embodiments. The storage medium may be a volatile or non-volatile computer-readable storage medium.
The embodiments of the present disclosure also provide a computer program product, where the computer program product carries a program code, and instructions included in the program code may be used to execute the steps of the information transmission method in the foregoing method embodiments, which may be referred to specifically for the foregoing method embodiments, and are not described herein again.
The computer program product may be implemented by hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied in a computer storage medium, and in another alternative embodiment, the computer program product is embodied in a Software product, such as a Software Development Kit (SDK), or the like.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working process of the system and the apparatus described above may refer to the corresponding process in the foregoing method embodiment, and details are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in software functional units and sold or used as a stand-alone product, may be stored in a non-transitory computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above-mentioned embodiments are merely specific embodiments of the present disclosure, which are used to illustrate the technical solutions of the present disclosure, but not to limit the technical solutions, and the scope of the present disclosure is not limited thereto, and although the present disclosure is described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: any person skilled in the art can modify or easily conceive of the technical solutions described in the foregoing embodiments or equivalent technical features thereof within the technical scope of the present disclosure; such modifications, changes and substitutions do not depart from the spirit and scope of the embodiments disclosed herein, and they should be construed as being included therein. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
If the technical scheme of the application relates to personal information, a product applying the technical scheme of the application clearly informs personal information processing rules before processing the personal information, and obtains personal independent consent. If the technical scheme of the application relates to sensitive personal information, before the sensitive personal information is processed, a product applying the technical scheme of the application obtains individual consent and simultaneously meets the requirement of 'explicit consent'. For example, at a personal information collection device such as a camera, a clear and significant identifier is set to inform that the personal information collection range is entered, the personal information is collected, and if the person voluntarily enters the collection range, the person is regarded as agreeing to collect the personal information; or on the device for processing the personal information, under the condition of informing the personal information processing rule by using obvious identification/information, obtaining personal authorization by modes of popping window information or asking a person to upload personal information of the person by himself, and the like; the personal information processing rule may include information such as a personal information processor, a personal information processing purpose, a processing method, and a type of personal information to be processed.

Claims (11)

1. An information transmission method, applied to a server, includes:
receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
generating response data based on the request data in the request data packet;
generating first signature data based on the response data and the target random number, and generating a response data packet based on the first signature data;
and sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
2. The method of claim 1, wherein after receiving the request packet sent by the user terminal, the method further comprises:
judging whether the target random number is the same as the received historical random number;
and under the condition that the target random number is detected to be the same as the historical random number, determining the request data packet as invalid data, and sending invalid prompt information to the user side.
3. The method according to claim 1 or 2, wherein the request packet includes encrypted request data, identification information of the user side, and second signature data, and the second signature data includes the target random number;
after receiving the request data packet sent by the user terminal, the method further comprises:
and searching a corresponding first public key and a second public key based on the identification information of the user side, decrypting the encrypted request data based on the first public key, and verifying the signature of the second signature data based on the second public key.
4. The method of claim 3, wherein generating first signature data based on the response data and the target nonce comprises:
determining summary information of the response data;
and encrypting the summary information and the target random number based on the second public key to generate the first signature data.
5. The method according to any one of claims 1 to 4, wherein the generating a response packet based on the first signature data comprises:
and encrypting the response data, and generating the response data packet based on the first signature data and the encrypted response data.
6. An information transmission method, applied to a user side, includes:
generating a request data packet based on the request data and the target random number, and sending the request data packet to a server;
receiving a response data packet sent by a server; wherein the response data packet comprises first signature data;
checking the first signature data, and judging whether the target random number after checking is consistent with the target random number in the request data packet;
and if the data is consistent with the data, performing data processing based on the response data in the response data packet.
7. The method of claim 6, wherein generating the request packet based on the request data and the target nonce comprises:
encrypting the summary information of the request data and the target random number based on a private key to generate second signature data, and generating the request data packet based on the second signature data;
the verifying the first signature data includes:
decrypting the first signature data based on the private key.
8. An information transmission apparatus, comprising:
the first receiving module is used for receiving a request data packet sent by a user side; wherein, the request data packet comprises a signed target random number;
the first generation module is used for generating response data based on the request data in the request data packet;
a second generation module, configured to generate first signature data based on the response data and the target random number, and generate a response packet based on the first signature data;
and the first sending module is used for sending the response data packet to the user side so as to verify the security of the response data packet based on the target random number after the user side verifies the first signature data.
9. An information transmission apparatus, comprising:
the second sending module is used for generating a request data packet based on the request data and the target random number and sending the request data packet to the server;
the second receiving module is used for receiving a response data packet sent by the server; wherein the response data packet comprises first signature data;
the signature checking module is used for checking the first signature data and judging whether the target random number after the signature checking is consistent with the target random number in the request data packet or not;
and the processing module is used for processing data based on the response data in the response data packet if the response data is consistent with the response data packet.
10. A computer device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when a computer device is run, the machine-readable instructions, when executed by the processor, performing the steps of the information transfer method according to any one of claims 1 to 5, or performing the steps of the information transfer method according to claim 6 or 7.
11. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, is adapted to carry out the steps of the information transmission method according to one of the claims 1 to 5, or the steps of the information transmission method according to one of the claims 6 or 7.
CN202210443694.0A 2022-04-25 2022-04-25 Information transmission method and device, computer equipment and storage medium Pending CN114745115A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210443694.0A CN114745115A (en) 2022-04-25 2022-04-25 Information transmission method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210443694.0A CN114745115A (en) 2022-04-25 2022-04-25 Information transmission method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114745115A true CN114745115A (en) 2022-07-12

Family

ID=82283549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210443694.0A Pending CN114745115A (en) 2022-04-25 2022-04-25 Information transmission method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114745115A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529184A (en) * 2022-09-28 2022-12-27 中国电信股份有限公司 Message verification method and device, electronic equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108512848A (en) * 2018-03-31 2018-09-07 深圳大普微电子科技有限公司 The method and relevant apparatus of anti-replay-attack
CN110177001A (en) * 2019-05-21 2019-08-27 广东联合电子服务股份有限公司 A kind of NFC circle deposit method, system and storage medium based on soft certificate
CN110430043A (en) * 2019-07-05 2019-11-08 视联动力信息技术股份有限公司 A kind of authentication method, system and device and storage medium
US20200169406A1 (en) * 2017-07-28 2020-05-28 China Mobile Communication Co., Ltd Research Institute Security authentication method and device
CN113037484A (en) * 2021-05-19 2021-06-25 银联商务股份有限公司 Data transmission method, device, terminal, server and storage medium
CN113918932A (en) * 2021-10-14 2022-01-11 湖南国科微电子股份有限公司 Security authentication method and related components
CN114282267A (en) * 2021-11-19 2022-04-05 郑州云海信息技术有限公司 Token generation method, token signature verification method, device, equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200169406A1 (en) * 2017-07-28 2020-05-28 China Mobile Communication Co., Ltd Research Institute Security authentication method and device
CN108512848A (en) * 2018-03-31 2018-09-07 深圳大普微电子科技有限公司 The method and relevant apparatus of anti-replay-attack
CN110177001A (en) * 2019-05-21 2019-08-27 广东联合电子服务股份有限公司 A kind of NFC circle deposit method, system and storage medium based on soft certificate
CN110430043A (en) * 2019-07-05 2019-11-08 视联动力信息技术股份有限公司 A kind of authentication method, system and device and storage medium
CN113037484A (en) * 2021-05-19 2021-06-25 银联商务股份有限公司 Data transmission method, device, terminal, server and storage medium
CN113918932A (en) * 2021-10-14 2022-01-11 湖南国科微电子股份有限公司 Security authentication method and related components
CN114282267A (en) * 2021-11-19 2022-04-05 郑州云海信息技术有限公司 Token generation method, token signature verification method, device, equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529184A (en) * 2022-09-28 2022-12-27 中国电信股份有限公司 Message verification method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US9531540B2 (en) Secure token-based signature schemes using look-up tables
CN109688098B (en) Method, device and equipment for secure communication of data and computer readable storage medium
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN108769029B (en) Authentication device, method and system for application system
CN114244522B (en) Information protection method, device, electronic equipment and computer readable storage medium
CN101552676B (en) Host module legitimacy verification method, system and device using a card module
CN113301036A (en) Communication encryption method and device, equipment and storage medium
CN114244508A (en) Data encryption method, device, equipment and storage medium
CN112115461A (en) Equipment authentication method and device, computer equipment and storage medium
CN115276978A (en) Data processing method and related device
CN107548542B (en) User authentication method with enhanced integrity and security
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN112769789B (en) Encryption communication method and system
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN111740995B (en) Authorization authentication method and related device
CN114745115A (en) Information transmission method and device, computer equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN116527261A (en) Key recovery method, electronic device and storage medium
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN114065170A (en) Method and device for acquiring platform identity certificate and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination