CN115037511A - Data processing method, device, equipment and medium - Google Patents

Data processing method, device, equipment and medium Download PDF

Info

Publication number
CN115037511A
CN115037511A CN202210454365.6A CN202210454365A CN115037511A CN 115037511 A CN115037511 A CN 115037511A CN 202210454365 A CN202210454365 A CN 202210454365A CN 115037511 A CN115037511 A CN 115037511A
Authority
CN
China
Prior art keywords
check code
encrypted
data
encryption
mapping relationship
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210454365.6A
Other languages
Chinese (zh)
Inventor
孙操
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202210454365.6A priority Critical patent/CN115037511A/en
Publication of CN115037511A publication Critical patent/CN115037511A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data processing method, a data processing device, data processing equipment and a data processing medium, and relates to the technical field of data processing. The method comprises the following steps: acquiring a message to be encrypted; analyzing data to be encrypted and a first check code from the message to be encrypted; determining an encryption factor corresponding to the first check code according to the obtained mapping relation between the check code and the encryption factor; encrypting the data to be encrypted by using the encryption factor to obtain first ciphertext data; packaging the first ciphertext data and the first check code into a first encrypted message; and sending the first encrypted message. Therefore, the encryption of the data to be encrypted in the message to be encrypted is realized, and a physical transmission key is not required.

Description

一种数据处理方法、装置、设备及介质A data processing method, device, equipment and medium

技术领域technical field

本申请涉及数据处理技术领域,尤其涉及一种数据处理方法、装置、设备及介质。The present application relates to the technical field of data processing, and in particular, to a data processing method, apparatus, device and medium.

背景技术Background technique

网络中传输的数据可以是明文或密文。采用明文直接传输的数据,一旦被非法获取,其加载的数据信息将直接被他人得到。为了机密等敏感数据的传输安全,通常采用加密技术将明文转换为密文进行网络传输。常见的加密技术分类包括对称加密、非对称加密。非对称加密可以获得更强的加密效果,但是其速度较慢。相对于非对称加密方式,对称加密方式具有速度快,计算量小,加密效率高等优点,常用于大量数据加密的情况。而对称加密是数据发送及接收双方采用相同的密钥进行加密和解密的一种加密技术。The data transmitted in the network can be in plaintext or ciphertext. Once the data directly transmitted in plaintext is obtained illegally, the loaded data information will be directly obtained by others. In order to secure the transmission of sensitive data such as secrets, encryption technology is usually used to convert plaintext into ciphertext for network transmission. Common encryption technology classifications include symmetric encryption and asymmetric encryption. Asymmetric encryption can achieve stronger encryption, but its speed is slower. Compared with the asymmetric encryption method, the symmetric encryption method has the advantages of high speed, small amount of calculation, and high encryption efficiency, and is often used in the case of a large amount of data encryption. Symmetric encryption is an encryption technology that uses the same key for encryption and decryption by both data sender and receiver.

对称加密的关键点在于其密钥的生成分发,其密钥分发的主要方式有物理传递或引入第三方进行密钥传递。物理传递密钥限制性强,同时通常不适用于大批量的数据传输,而第三方密钥传递不仅过程较为复杂,而且由于引入第三方,则需要更多的资源消耗。The key point of symmetric encryption is the generation and distribution of its keys. The main methods of key distribution are physical transmission or introduction of a third party for key transmission. Physical delivery of keys is highly restrictive and generally not suitable for mass data transmission, while third-party key delivery is not only complicated, but also requires more resource consumption due to the introduction of a third party.

因此,如何进行数据的加密传输且不需要物理传递密钥是值得考虑的技术问题之一。Therefore, how to perform encrypted transmission of data without requiring physical transmission of keys is one of the technical issues worth considering.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本申请提供一种数据处理方法、装置、设备及介质,用以进行数据的加密传输且不需要物理传递密钥。In view of this, the present application provides a data processing method, apparatus, device and medium, which are used for encrypted transmission of data without requiring physical transmission of keys.

具体地,本申请是通过如下技术方案实现的:Specifically, the application is achieved through the following technical solutions:

根据本申请的第一方面,提供一种数据处理方法,包括:According to a first aspect of the present application, a data processing method is provided, comprising:

获取待加密报文;Get the message to be encrypted;

从所述待加密报文中解析出待加密数据和第一校验码;Parse out the to-be-encrypted data and the first check code from the to-be-encrypted message;

根据获取到的校验码与加密因子之间的映射关系,确定所述第一校验码对应的加密因子;According to the obtained mapping relationship between the check code and the encryption factor, determine the encryption factor corresponding to the first check code;

利用所述加密因子对所述待加密数据进行加密处理,得到第一密文数据;Encrypting the data to be encrypted by using the encryption factor to obtain first ciphertext data;

将所述第一密文数据和所述第一校验码封装到第一加密报文中;encapsulating the first ciphertext data and the first check code into a first encrypted message;

发送所述第一加密报文。Send the first encrypted message.

可选地,本实施例提供的数据处理方法,还包括:Optionally, the data processing method provided in this embodiment further includes:

接收第二加密报文;receiving the second encrypted message;

从所述第二加密报文中解析出第二密文数据和第二校验码;Parse out the second ciphertext data and the second check code from the second encrypted message;

利用获取到的校验码与解密因子之间的映射关系,确定所述第二校验码对应的解密因子;Using the obtained mapping relationship between the check code and the decryption factor, determine the decryption factor corresponding to the second check code;

利用所述解密因子对所述第二密文数据进行解密处理,得到解密数据。The second ciphertext data is decrypted by using the decryption factor to obtain decrypted data.

可选地,所述第一校验码为基于所述待加密数据和设定的多项式确定出的。Optionally, the first check code is determined based on the data to be encrypted and a set polynomial.

可选地,所述校验码与加密因子之间的映射关系为从映射关系分发中心获取到的;以及所述校验码与解密因子之间的映射关系为从映射关系分发中心获取到的。Optionally, the mapping relationship between the check code and the encryption factor is obtained from the mapping relationship distribution center; and the mapping relationship between the check code and the decryption factor is obtained from the mapping relationship distribution center. .

根据本申请的第二方面,提供一种数据处理装置,获取模块,用于获取待加密报文;According to a second aspect of the present application, a data processing device is provided, and an acquisition module is used to acquire a message to be encrypted;

第一解析模块,用于从所述待加密报文中解析出待加密数据和第一校验码;a first parsing module, configured to parse out the to-be-encrypted data and the first check code from the to-be-encrypted message;

第一确定模块,用于根据获取到的校验码与加密因子之间的映射关系,确定所述第一校验码对应的加密因子;a first determination module, configured to determine the encryption factor corresponding to the first check code according to the obtained mapping relationship between the check code and the encryption factor;

加密模块,用于利用所述加密因子对所述待加密数据进行加密处理,得到第一密文数据;an encryption module, configured to perform encryption processing on the data to be encrypted by using the encryption factor to obtain first ciphertext data;

封装模块,用于将所述第一密文数据和所述第一校验码封装到第一加密报文中;an encapsulation module, configured to encapsulate the first ciphertext data and the first check code into a first encrypted message;

发送模块,用于发送所述第一加密报文。A sending module, configured to send the first encrypted message.

可选地,本实施例提供的数据处理装置,还包括:Optionally, the data processing apparatus provided in this embodiment further includes:

接收模块,用于接收第二加密报文;a receiving module for receiving the second encrypted message;

第二解析模块,用于从所述第二加密报文中解析出第二密文数据和第二校验码;a second parsing module, configured to parse out the second ciphertext data and the second check code from the second encrypted message;

第二确定模块,用于利用获取到的校验码与解密因子之间的映射关系,确定所述第二校验码对应的解密因子;a second determination module, configured to determine the decryption factor corresponding to the second check code by using the obtained mapping relationship between the check code and the decryption factor;

解密模块,用于利用所述解密因子对所述第二密文数据进行解密处理,得到解密数据。A decryption module, configured to perform decryption processing on the second ciphertext data by using the decryption factor to obtain decrypted data.

可选地,所述第一校验码为基于所述待加密数据和设定的多项式确定出的。Optionally, the first check code is determined based on the data to be encrypted and a set polynomial.

可选地,所述校验码与加密因子之间的映射关系为从映射关系分发中心获取到的;以及所述校验码与解密因子之间的映射关系为从映射关系分发中心获取到的。Optionally, the mapping relationship between the check code and the encryption factor is obtained from the mapping relationship distribution center; and the mapping relationship between the check code and the decryption factor is obtained from the mapping relationship distribution center. .

根据本申请的第三方面,提供一种电子设备,包括处理器和机器可读存储介质,机器可读存储介质存储有能够被处理器执行的计算机程序,处理器被计算机程序促使执行本申请实施例第一方面所提供的方法。According to a third aspect of the present application, an electronic device is provided, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores a computer program that can be executed by the processor, and the processor is prompted by the computer program to execute the implementation of the present application Example of the method provided in the first aspect.

根据本申请的第四方面,提供一种机器可读存储介质,机器可读存储介质存储有计算机程序,在被处理器调用和执行时,计算机程序促使处理器执行本申请实施例第一方面所提供的方法。According to a fourth aspect of the present application, a machine-readable storage medium is provided, where a computer program is stored in the machine-readable storage medium, and when called and executed by a processor, the computer program causes the processor to execute the first aspect of the embodiments of the present application. provided method.

本申请实施例的有益效果:The beneficial effects of the embodiments of the present application:

本申请实施例提供的数据处理方法及装置中,在获取到待加密报文后,从待加密报文中解析出待加密数据和第一校验码;然后根据获取到的校验码与加密因子之间的映射关系,确定该第一校验码对应的加密因子;并利用加密因子对待加密数据进行加密处理,得到第一密文数据;然后将第一密文数据和第一校验码封装到第一加密报文中,并发送该第一加密报文。由此实现了待加密报文中待加密数据的加密,而且也不需要物理传递密钥;此外通过利用校验码获得用于加密待加密数据的加密因子,从而保证了加密数据的安全性。In the data processing method and device provided by the embodiments of the present application, after the to-be-encrypted message is obtained, the to-be-encrypted data and the first check code are parsed from the to-be-encrypted message; The mapping relationship between the factors is used to determine the encryption factor corresponding to the first check code; and the encryption factor is used to encrypt the data to be encrypted to obtain the first ciphertext data; then the first ciphertext data and the first check code are combined. It is encapsulated into a first encrypted message, and the first encrypted message is sent. Thereby, the encryption of the data to be encrypted in the to-be-encrypted message is realized, and the key is not required to be physically transmitted; in addition, the encryption factor for encrypting the to-be-encrypted data is obtained by using the check code, thereby ensuring the security of the encrypted data.

附图说明Description of drawings

图1是本申请实施例提供的一种数据处理方法的流程示意图;1 is a schematic flowchart of a data processing method provided by an embodiment of the present application;

图2是本申请实施例提供的另一种数据处理方法的流程示意图;2 is a schematic flowchart of another data processing method provided by an embodiment of the present application;

图3是本申请实施例提供的一种数据处理逻辑示意图;3 is a schematic diagram of a data processing logic provided by an embodiment of the present application;

图4是本申请实施例提供的一种数据处理装置的结构示意图;4 is a schematic structural diagram of a data processing apparatus provided by an embodiment of the present application;

图5是本申请实施例提供的一种实施数据处理方法的电子设备的硬件结构示意图。FIG. 5 is a schematic diagram of a hardware structure of an electronic device implementing a data processing method provided by an embodiment of the present application.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application.

在本申请使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相对应的列出项目的任何或所有可能组合。The terminology used in this application is for the purpose of describing particular embodiments only and is not intended to limit the application. As used in this application, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the corresponding listed items.

应当理解,尽管在本申请可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, such information should not be limited by these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information without departing from the scope of the present application. Depending on the context, the word "if" as used herein can be interpreted as "at the time of" or "when" or "in response to determining."

下面对本申请提供的数据处理方法进行详细地说明。The data processing method provided by the present application will be described in detail below.

参见图1,图1是本申请提供的一种数据处理方法的流程图,应用于本端电子设备中,该本端电子设备可以但不限于为需要执行报文加密的网络设备,该本端电子设备在实施数据处理方法时,该方法可包括如下所示步骤:Referring to FIG. 1, FIG. 1 is a flowchart of a data processing method provided by the present application, which is applied to a local electronic device. The local electronic device may be, but is not limited to, a network device that needs to perform message encryption. When the electronic device implements the data processing method, the method may include the following steps:

S101、获取待加密报文。S101. Obtain a message to be encrypted.

本步骤中,当本端电子设备需要对外发送报文时,会先获取待发送的报文,为了保证报文发送过程中报文中数据的安全性,本申请会对待发送的报文也即上述待加密报文执行加密处理流程,参考后续步骤描述。In this step, when the local electronic device needs to send a message to the outside world, it will first obtain the message to be sent. For the encryption processing flow of the message to be encrypted, please refer to the description of the subsequent steps.

S102、从所述待加密报文中解析出待加密数据和第一校验码。S102. Parse the to-be-encrypted message and the to-be-encrypted data and the first check code.

本步骤中,为了对待加密报文中的负载数据也称有效数据执行加密处理,本实施例提出,先从待加密报文中解析出待加密数据,例如,该待加密数据可以为上述负载数据,同时也会解析出该待加密报文中的校验码,记为第一校验码。In this step, in order to perform encryption processing on payload data in the encrypted message, also called valid data, this embodiment proposes to first parse the to-be-encrypted data from the to-be-encrypted message. For example, the to-be-encrypted data may be the above payload data , and also parses out the check code in the to-be-encrypted message, which is recorded as the first check code.

需要说明的是,该第一校验码中的“第一”并没有实际含义,仅是为了与后续涉及的第二加密报文中的校验码进行区分。It should be noted that the "first" in the first check code has no actual meaning, and is only used to distinguish it from the check code in the second encrypted message involved later.

S103、根据获取到的校验码与加密因子之间的映射关系,确定所述第一校验码对应的加密因子。S103. Determine the encryption factor corresponding to the first check code according to the obtained mapping relationship between the check code and the encryption factor.

本步骤中,本端电子设备会获取到校验码与加密因子之间的映射关系,这样一来,当从待加密报文中解析出第一校验码后,会基于上述映射关系,确定出与该第一校验码相对应的加密因子。In this step, the local electronic device will obtain the mapping relationship between the check code and the encryption factor. In this way, after parsing the first check code from the message to be encrypted, it will determine based on the above mapping relationship. The encryption factor corresponding to the first check code is obtained.

可选地,上述校验码与加密因子之间的映射关系为从映射关系分发中心获取到的。Optionally, the mapping relationship between the verification code and the encryption factor is obtained from a mapping relationship distribution center.

具体地,本端电子设备可以实时或周期性主动地从映射关系分发中心获取上述映射关系,也可以是等待接收映射关系分发中心下发。Specifically, the local electronic device may actively acquire the above-mentioned mapping relationship from the mapping relationship distribution center in real time or periodically, or may wait to receive the distribution center of the mapping relationship.

一种实施例中,上述映射关系可以是校验码与加密因子的具体值构成的映射关系,即,映射关系分发中心可以根据经验预先为各种校验码配置加密因子,然后将校验码与加密因子之间的映射关系写入到映射关系列表中,并下发给本端电子设备。这样,本端电子设备从待加密报文中解析出第一校验码后,就可以利用该第一校验码查询映射关系列表,查询出第一校验码对应的加密因子。In an embodiment, the above-mentioned mapping relationship may be a mapping relationship composed of the check code and the specific value of the encryption factor, that is, the mapping relationship distribution center may configure the encryption factor for various check codes in advance according to experience, and then assign the check code. The mapping relationship with the encryption factor is written into the mapping relationship list and sent to the local electronic device. In this way, after the local electronic device parses the first check code from the message to be encrypted, it can use the first check code to query the mapping relationship list to query the encryption factor corresponding to the first check code.

另一种实施例中,由于校验码本身是基于报文中的有效数据计算得到的,不同的有效数据计算得到的校验码不同,因此,映射关系分发中心穷尽各校验码需要消耗较大的工作量,有鉴于此,本实施例提出,上述映射关系还可以是一个映射关系式,即映射关系分发中心配置一个映射关系式,然后将映射关系式下发给本端电子设备。例如,映射关系式为B=g(A),其中,A为校验码,B为加密因子,g()为映射函数。这样,映射关系分发中心可以将当前使用的映射关系式下发给本端电子设备,然后由本端电子设备本地存储该映射关系式。进而,当本端电子设备解析出第一校验码后,就可以将第一校验码作为映射关系式中的A,然后计算得出加密因子B,从而也就得到了第一校验码对应的加密因子。这样,不仅节省了映射关系分发中心的映射关系的存储资源,而且也节省了本端电子设备存储映射关系的存储资源。而且,本实施例中,映射关系分发中心下发的是映射关系式,不再像现有技术中给出的第三方传递密钥的方式,只需在本端电子设备中生成加密因子,由此大大提升了密钥的安全性,进而提升了用加密因子加密待加密数据的安全性,同时保证了后续传输加密后数据的安全性。In another embodiment, since the check code itself is calculated based on the valid data in the message, and the check codes obtained by different valid data are different, therefore, the mapping relationship distribution center exhausts the check codes and needs to consume more In view of the large workload, this embodiment proposes that the above-mentioned mapping relationship may also be a mapping relationship formula, that is, the mapping relationship distribution center configures a mapping relationship formula, and then delivers the mapping relationship formula to the local electronic device. For example, the mapping relationship is B=g(A), where A is a check code, B is an encryption factor, and g() is a mapping function. In this way, the mapping relationship distribution center can deliver the currently used mapping relationship to the local electronic device, and then the local electronic device stores the mapping relationship locally. Furthermore, after the local electronic device parses the first check code, the first check code can be used as A in the mapping relationship, and then the encryption factor B can be calculated to obtain the first check code. the corresponding encryption factor. In this way, not only the storage resources of the mapping relationship of the mapping relationship distribution center are saved, but also the storage resources of the local electronic device for storing the mapping relationship are saved. Moreover, in this embodiment, the mapping relationship distribution center issues the mapping relationship formula, which is no longer like the method of the third party passing the key given in the prior art. It only needs to generate an encryption factor in the electronic device at the local end, which is set by This greatly improves the security of the key, thereby improving the security of encrypting the data to be encrypted with the encryption factor, and at the same time ensuring the security of the encrypted data in subsequent transmissions.

可选地,上述映射函数可以但不限于由标准算法,如SHA-1安全散列算法等算法实现。Optionally, the above-mentioned mapping function can be implemented by, but not limited to, standard algorithms, such as SHA-1 secure hash algorithm and other algorithms.

需要说明的是,上述映射关系可以是动态更新的,当映射关系分发中心中映射关系发生变更时,会将最新的映射关系下发给本端电子设备。It should be noted that the above-mentioned mapping relationship may be dynamically updated. When the mapping relationship in the mapping relationship distribution center changes, the latest mapping relationship will be delivered to the local electronic device.

可选地,映射关系分发中心在向本端电子设备下发映射关系时,可以以加密的形式发送,具体来说,映射关系分发中心会将映射关系进行加密处理,然后将加密后的映射关系下发给本端电子设备,由此提升了映射关系的安全性,进而提升了后续用映射关系中加密因子加密待加密数据的安全性。Optionally, when delivering the mapping relationship to the local electronic device, the mapping relationship distribution center may send the mapping relationship in an encrypted form. Specifically, the mapping relationship distribution center will encrypt the mapping relationship, and then encrypt the encrypted mapping relationship. It is issued to the local electronic device, thereby improving the security of the mapping relationship, and further improving the security of encrypting the data to be encrypted by using the encryption factor in the mapping relationship subsequently.

S104、利用所述加密因子对所述待加密数据进行加密处理,得到第一密文数据。S104. Encrypt the data to be encrypted by using the encryption factor to obtain first ciphertext data.

本步骤中,在基于步骤S103获得加密因子后,就可以利用加密因子对待加密数据进行加密处理,从而就可以得到对应的密文数据,记为上述第一密文数据。In this step, after the encryption factor is obtained based on step S103, the encryption factor can be used to encrypt the data to be encrypted, so that the corresponding ciphertext data can be obtained, which is recorded as the above-mentioned first ciphertext data.

在利用加密因子对待加密数据进行加密时,可以采用现有的加密算法,如对称或非对称加密算法等等。When using the encryption factor to encrypt the data to be encrypted, an existing encryption algorithm, such as a symmetric or asymmetric encryption algorithm, can be used.

S105、将所述第一密文数据和所述第一校验码封装到第一加密报文中。S105. Encapsulate the first ciphertext data and the first check code into a first encrypted message.

S106、发送所述第一加密报文。S106. Send the first encrypted message.

步骤S105和步骤S106中,为了能够将第一密文数据传输到对端,本端电子设备会按照其与对端设备之间的协议封装第一密文数据和第一校验码,从而得到上述第一加密报文,这样就可以将包括第一密文数据的第一加密报文发送给对端设备。In step S105 and step S106, in order to be able to transmit the first ciphertext data to the opposite end, the local electronic device will encapsulate the first ciphertext data and the first check code according to the protocol between it and the opposite end device, thereby obtaining: The above-mentioned first encrypted message, in this way, the first encrypted message including the first ciphertext data can be sent to the peer device.

可选地,上述第一校验码为基于所述待加密数据和设定的多项式确定出的。Optionally, the above-mentioned first check code is determined based on the data to be encrypted and a set polynomial.

具体来说,上述第一校验码可以为循环冗余校验码(CRC),在此基础上,CRC校验码是和选定的多项式及数据(待加密数据)本身相关,选定的多项式及数据任一不同,其得到的CRC校验码就不相同,可以将待加密数据的CRC校验码认为是一种随机数,以4字节校验码为例,其存在42亿多个码值。CRC检验码的逻辑计算可用下式表示:Specifically, the above-mentioned first check code may be a cyclic redundancy check code (CRC). On this basis, the CRC check code is related to the selected polynomial and the data (data to be encrypted) itself. If the polynomial and the data are different, the CRC check code obtained will be different. The CRC check code of the data to be encrypted can be regarded as a random number. Taking the 4-byte check code as an example, there are more than 4.2 billion code value. The logical calculation of the CRC check code can be expressed by the following formula:

A=f(n,k)A=f(n, k)

其中,A为得到的CRC校验码,n为待加密数据,k为选定的多项式,f表示模2除法的逻辑处理关系。由此,就可以基于上述公式计算出每个待加密数据的CRC校验码。Among them, A is the obtained CRC check code, n is the data to be encrypted, k is the selected polynomial, and f represents the logical processing relationship of the modulo 2 division. Thus, the CRC check code of each data to be encrypted can be calculated based on the above formula.

通过实施本申请提供的数据处理方法,在获取到待加密报文后,从待加密报文中解析出待加密数据和第一校验码;然后根据获取到的校验码与加密因子之间的映射关系,确定该第一校验码对应的加密因子;并利用加密因子对待加密数据进行加密处理,得到第一密文数据;然后将第一密文数据和第一校验码封装到第一加密报文中,并发送该第一加密报文。由此实现了待加密报文中待加密数据的加密,而且也不需要物理传递密钥,通过利用校验码获得用于加密待加密数据的加密因子,从而保证了加密数据的安全性。By implementing the data processing method provided by the present application, after the message to be encrypted is obtained, the data to be encrypted and the first check code are parsed from the message to be encrypted; and then according to the difference between the obtained check code and the encryption factor determine the corresponding encryption factor of the first check code; and use the encryption factor to encrypt the data to be encrypted to obtain the first ciphertext data; then encapsulate the first ciphertext data and the first check code into the first ciphertext data and the first check code an encrypted message, and send the first encrypted message. Thus, the encryption of the to-be-encrypted data in the to-be-encrypted message is realized, and the encryption factor for encrypting the to-be-encrypted data is obtained by using the check code, thereby ensuring the security of the encrypted data.

可选地,基于上述实施例,本实施例中,本端电子设备还可以接收其他电子设备发送的加密了的报文,在此基础上,本端电子设备可以按照图2所示的过程实施解密流程,包括以下步骤:Optionally, based on the foregoing embodiment, in this embodiment, the local electronic device may also receive encrypted messages sent by other electronic devices, and on this basis, the local electronic device may implement the process shown in FIG. 2 . The decryption process includes the following steps:

S201、接收第二加密报文。S201. Receive a second encrypted message.

本步骤中,当对端电子设备按照图1所示的流程对需要发送到本端电子设备的报文执行加密处理后,得到第二加密报文,然后将第二加密报文发送给本端电子设备。即,对端电子设备也会存储校验码与加密因子之间的映射关系,其获取方式可以参考本端电子设备的获取方式,此处不再一一详细说明。In this step, after the electronic device at the opposite end performs encryption processing on the message that needs to be sent to the electronic device at the local end according to the process shown in FIG. 1 , a second encrypted message is obtained, and then the second encrypted message is sent to the local end. Electronic equipment. That is, the opposite end electronic device also stores the mapping relationship between the check code and the encryption factor, and the acquisition method can refer to the acquisition method of the local electronic device, which will not be described in detail here.

S202、从所述第二加密报文中解析出第二密文数据和第二校验码。S202. Parse out the second ciphertext data and the second check code from the second encrypted message.

本步骤中,本端电子设备接收到第二加密报文后,可以按照报文的格式从第二加密报文中解析出第二密文数据和第二校验码。In this step, after receiving the second encrypted message, the local electronic device can parse out the second ciphertext data and the second check code from the second encrypted message according to the message format.

S203、利用获取到的校验码与解密因子之间的映射关系,确定所述第二校验码对应的解密因子。S203. Determine the decryption factor corresponding to the second check code by using the obtained mapping relationship between the check code and the decryption factor.

本步骤中,本端电子设备在解析出第二校验码和第二密文数据后,会获取校验码与解密因子之间的映射关系,然后基于该映射关系,确定出与该第二校验码相对应的加密因子。In this step, after parsing the second check code and the second ciphertext data, the electronic device at the local end will obtain the mapping relationship between the check code and the decryption factor, and then, based on the mapping relationship, determine the relationship between the second check code and the second ciphertext data. The encryption factor corresponding to the check code.

可选地,上述校验码与解密因子之间的映射关系也可以从映射关系分发中心获取到。Optionally, the mapping relationship between the check code and the decryption factor can also be obtained from the mapping relationship distribution center.

具体地,本端电子设备可以实时或周期性主动地从映射关系分发中心获取上述校验码与解密因子之间的映射关系,也可以是等待接收映射关系分发中心下发。Specifically, the local electronic device may actively acquire the mapping relationship between the verification code and the decryption factor from the mapping relationship distribution center in real time or periodically, or may wait for the mapping relationship distribution center to issue it.

一种实施例中,上述映射关系可以是校验码与解密因子的具体值构成的映射关系,即,映射关系分发中心可以根据经验预先为各种校验码配置解密因子,然后将校验码与解密因子之间的映射关系写入到映射关系列表中,并下发给本端电子设备。这样,本端电子设备从第二加密报文中解析出第二校验码后,就可以利用该第二校验码查询该映射关系列表,以查询出第二校验码对应的解密因子。In an embodiment, the above-mentioned mapping relationship may be a mapping relationship composed of the check code and the specific value of the decryption factor, that is, the mapping relationship distribution center may configure the decryption factor for various check codes in advance according to experience, and then assign the check code to the decryption factor. The mapping relationship with the decryption factor is written into the mapping relationship list and sent to the local electronic device. In this way, after parsing the second check code from the second encrypted message, the local electronic device can use the second check code to query the mapping relationship list to query the decryption factor corresponding to the second check code.

另一种实施例中,由于校验码本身是基于报文中的有效数据计算得到的,不同的有效数据计算得到的校验码不同,因此,映射关系分发中心穷尽各校验码需要消耗较大的工作量,有鉴于此,本实施例提出,上述映射关系还可以由映射关系式表征,即映射关系分发中心配置一个用于解密的映射关系式,然后将该映射关系式下发给本端电子设备。例如,映射关系式为B’=h(A),其中,A为校验码,B’为解密因子,h()为映射函数。这样,映射关系分发中心可以将当前使用的映射关系式下发给本端电子设备,然后由本端电子设备本地存储该映射关系式。进而,当本端电子设备解析出第二校验码后,就可以将第二校验码作为映射关系式中的A,然后计算得出解密因子B’,从而也就得到了第二校验码对应的解密因子。这样,不仅节省了映射关系分发中心的映射关系的存储资源,而且也节省了本端电子设备存储映射关系的存储资源。而且,本实施例中,映射关系分发中心下发的是用于解密的映射关系式,不再像现有技术中给出的第三方直接传递密钥的方式,只需在本端电子设备中生成解密因子,由此大大提升了密钥的安全性,进而提升了用解密因子解密数据的安全性。In another embodiment, since the check code itself is calculated based on the valid data in the message, and the check codes obtained by different valid data are different, therefore, the mapping relationship distribution center exhausts the check codes and needs to consume more In view of the large workload, this embodiment proposes that the above-mentioned mapping relationship can also be represented by a mapping relationship formula, that is, the mapping relationship distribution center configures a mapping relationship formula for decryption, and then distributes the mapping relationship formula to this terminal electronic equipment. For example, the mapping relationship is B'=h(A), where A is the check code, B' is the decryption factor, and h() is the mapping function. In this way, the mapping relationship distribution center can deliver the currently used mapping relationship to the local electronic device, and then the local electronic device stores the mapping relationship locally. Furthermore, after the local electronic device parses the second check code, the second check code can be used as A in the mapping relationship, and then the decryption factor B' can be calculated to obtain the second check code. The decryption factor corresponding to the code. In this way, not only the storage resources of the mapping relationship of the mapping relationship distribution center are saved, but also the storage resources of the local electronic device for storing the mapping relationship are saved. Moreover, in this embodiment, the mapping relationship distribution center issues the mapping relationship expression for decryption, which is no longer the way that the third party directly transfers the key as given in the prior art. The decryption factor is generated, thereby greatly improving the security of the key, thereby improving the security of decrypting data with the decryption factor.

可选地,上述映射函数可以但不限于由标准算法,如SHA-1安全散列算法等算法实现,该映射函数与上述用于生成加密因子的映射函数相对应。Optionally, the above-mentioned mapping function may be implemented by, but is not limited to, a standard algorithm, such as an algorithm such as the SHA-1 secure hash algorithm, and the above-mentioned mapping function corresponds to the above-mentioned mapping function for generating an encryption factor.

需要说明的是,上述校验码与解密因子之间的映射关系可以是动态更新的,当映射关系分发中心中该映射关系发生变更时,会将最新的映射关系下发给本端电子设备,以使本端电子设备同步到最新的校验码与解密因子之间的映射关系。It should be noted that the mapping relationship between the above verification code and the decryption factor can be dynamically updated. When the mapping relationship in the mapping relationship distribution center changes, the latest mapping relationship will be issued to the local electronic device. In order to synchronize the local electronic device to the latest mapping relationship between the check code and the decryption factor.

可选地,映射关系分发中心在向本端电子设备下发映射关系时,可以以加密的形式发送,具体来说,映射关系分发中心会将校验码与解密因子之间的映射关系进行加密处理,然后将加密后的映射关系下发给本端电子设备,由此提升了映射关系的安全性,进而提升了后续用该映射关系中解密因子解密数据的安全性。Optionally, when issuing the mapping relationship to the local electronic device, the mapping relationship distribution center may send it in an encrypted form. Specifically, the mapping relationship distribution center will encrypt the mapping relationship between the check code and the decryption factor. processing, and then the encrypted mapping relationship is delivered to the local electronic device, thereby improving the security of the mapping relationship, and further improving the security of subsequent decryption of data using the decryption factor in the mapping relationship.

S204、利用所述解密因子对所述第二密文数据进行解密处理,得到解密数据。S204. Decrypt the second ciphertext data by using the decryption factor to obtain decrypted data.

本步骤中,本端电子设备基于步骤S203确定出解密因子后,就可以利用该解密因子对第二密文数据执行解密处理,从而也就得到解密数据,即第二加密报文中的有效数据,从而就可以基于该有效数据执行后续流程。In this step, after the local electronic device determines the decryption factor based on step S203, it can use the decryption factor to perform decryption processing on the second ciphertext data, thereby obtaining decrypted data, that is, valid data in the second encrypted message , so that subsequent processes can be performed based on the valid data.

需要说明的是,第二校验码的生成过程可以参考第一校验码的生成过程,此处不再一一详细说明。It should be noted that, for the generation process of the second check code, reference may be made to the generation process of the first check code, which will not be described in detail here.

值得注意的是,当本端电子设备在将第一加密报文对外发送后,对端电子设备接收到第一加密报文后,对端电子设备也会存储校验码与解密因子之间的映射关系,因此,对端电子设备可以按照图2所示的流程执行数据解密流程,此处不再一一详细说明。而且,对端电子设备获取校验码与解密因子之间的映射关系的方法可以参考本端电子设备的获取方式,此处不再一一详细说明。It is worth noting that after the electronic device at the local end sends the first encrypted message to the outside world and the electronic device at the opposite end receives the first encrypted message, the electronic device at the opposite end also stores the difference between the check code and the decryption factor. Therefore, the electronic device at the opposite end can execute the data decryption process according to the process shown in FIG. 2 , which will not be described in detail here. Moreover, for the method for obtaining the mapping relationship between the check code and the decryption factor by the opposite-end electronic device, reference may be made to the obtaining method of the local-end electronic device, which will not be described in detail here.

为了更好地理解本申请提供的数据处理方法,以图3所示的加解密处理逻辑为例进行说明,由于图3中所采用的加密算法为对称加密算法,因此,校验码与加密因子之间的映射关系、校验码与解密因子之间的映射关系是同一个。映射关系分发中心会将动态建立的映射关系式B=g(A)分别下发给本端电子设备和对端电子设备,可选地,可以采用加密方式传递上述映射关系式。In order to better understand the data processing method provided by this application, the encryption and decryption processing logic shown in FIG. 3 is taken as an example for description. Since the encryption algorithm used in FIG. 3 is a symmetric encryption algorithm, the check code and the encryption factor are The mapping relationship between them, the mapping relationship between the check code and the decryption factor are the same. The mapping relationship distribution center will deliver the dynamically established mapping relationship formula B=g(A) to the electronic device at the local end and the electronic device at the opposite end.

在此基础上,本地电子设备在期望发送有效数据n时,会先将有效数据n和选定的多项式输入到A=f(n,k)中,从而可以得到CRC校验码A,本端电子设备会从本地获取映射关系分发中心分发的映射关系式B=g(A),然后将前述生成的CRC校验码A输入到B=g(A)中,从而可以得到该CRC校验码A对应的加密因子B,然后就可以利用该加密因子B对有效数据n进行加密处理,从而得到密文数据N,然后将密文数据N和CRC校验码A封装到加密报文中发送给对端电子设备。对端电子设备接收到加密报文后,可以从加密报文中解析出CRC校验码A,然后基于本地从映射关系分发中心获取到的映射关系式B=g(A),确定出与该CRC校验码A对应的解密因子B,然后就可以利用该解密因子对加密报文中的密文数据N进行解密处理,从而就解密出本端电子设备要发送给对端电子设备的有效数据n。由此,本申请利用数据传输中常采用的CRC校验技术,采用原始CRC校验码建立前述映射关系,利用映射后得到的加密因子对有效数据进行加密处理,然后再进行传输,从而完成了有效数据的加密及传输。此外,本申请不会增加额外的密钥生成处理,可直接利用数据传输过程中必要的CRC校验码值生成加密因子和解密因子,不需要再另外传输密钥数据,在数据传输量大、数据频繁发送处理的流程中避免了额外生成大量密钥的过程,节省了设备性能,同时,通过灵活地变更映射关系,产生更好地加密效果。On this basis, when the local electronic device expects to send valid data n, it will first input the valid data n and the selected polynomial into A=f(n, k), so that the CRC check code A can be obtained. The electronic device will obtain the mapping relationship formula B=g(A) distributed by the mapping relationship distribution center from the local, and then input the generated CRC check code A into B=g(A), so that the CRC check code can be obtained. A corresponds to the encryption factor B, and then the encryption factor B can be used to encrypt the valid data n, so as to obtain the ciphertext data N, and then encapsulate the ciphertext data N and the CRC check code A into an encrypted message and send it to peer electronic equipment. After receiving the encrypted message, the electronic device at the opposite end can parse out the CRC check code A from the encrypted message, and then based on the mapping relationship B=g(A) obtained locally from the mapping relationship distribution center, determine the relationship with the encrypted message. The decryption factor B corresponding to the CRC check code A, and then the decryption factor can be used to decrypt the ciphertext data N in the encrypted message, so as to decrypt the valid data to be sent by the electronic device at the local end to the electronic device at the opposite end. n. Therefore, the present application utilizes the CRC verification technology often used in data transmission, uses the original CRC verification code to establish the aforementioned mapping relationship, and uses the encryption factor obtained after mapping to encrypt the valid data, and then transmit it, thereby completing the effective Data encryption and transmission. In addition, this application does not add additional key generation processing, and can directly use the necessary CRC check code value in the data transmission process to generate the encryption factor and decryption factor, and there is no need to additionally transmit key data. The process of frequent data sending and processing avoids the process of generating a large number of additional keys, saving device performance, and at the same time, by flexibly changing the mapping relationship, better encryption results are produced.

基于同一发明构思,本申请还提供了与上述数据处理方法对应的数据处理装置。该数据处理装置的实施具体可以参考上述对数据处理方法的描述,此处不再一一论述。Based on the same inventive concept, the present application also provides a data processing apparatus corresponding to the above data processing method. For the specific implementation of the data processing apparatus, reference may be made to the above description of the data processing method, which will not be discussed one by one here.

参见图4,图4是本申请一示例性实施例提供的一种数据处理装置,包括:Referring to FIG. 4, FIG. 4 is a data processing apparatus provided by an exemplary embodiment of the present application, including:

获取模块401,用于获取待加密报文;an obtaining module 401, configured to obtain a message to be encrypted;

第一解析模块402,用于从所述待加密报文中解析出待加密数据和第一校验码;A first parsing module 402, configured to parse the to-be-encrypted data and the first check code from the to-be-encrypted message;

第一确定模块403,用于根据获取到的校验码与加密因子之间的映射关系,确定所述第一校验码对应的加密因子;The first determination module 403 is configured to determine the encryption factor corresponding to the first check code according to the obtained mapping relationship between the check code and the encryption factor;

加密模块404,用于利用所述加密因子对所述待加密数据进行加密处理,得到第一密文数据;An encryption module 404, configured to perform encryption processing on the data to be encrypted by using the encryption factor to obtain first ciphertext data;

封装模块405,用于将所述第一密文数据和所述第一校验码封装到第一加密报文中;an encapsulation module 405, configured to encapsulate the first ciphertext data and the first check code into a first encrypted message;

发送模块406,用于发送所述第一加密报文。The sending module 406 is configured to send the first encrypted message.

可选地,基于上述实施例,本实施例提供的数据处理装置,还包括:Optionally, based on the foregoing embodiment, the data processing apparatus provided in this embodiment further includes:

接收模块(图中未示出),用于接收第二加密报文;a receiving module (not shown in the figure) for receiving the second encrypted message;

第二解析模块(图中未示出),用于从所述第二加密报文中解析出第二密文数据和第二校验码;a second parsing module (not shown in the figure), configured to parse out the second ciphertext data and the second check code from the second encrypted message;

第二确定模块(图中未示出),用于利用获取到的校验码与解密因子之间的映射关系,确定所述第二校验码对应的解密因子;The second determination module (not shown in the figure) is used to determine the decryption factor corresponding to the second check code by using the obtained mapping relationship between the check code and the decryption factor;

解密模块(图中未示出),用于利用所述解密因子对所述第二密文数据进行解密处理,得到解密数据。A decryption module (not shown in the figure), configured to decrypt the second ciphertext data by using the decryption factor to obtain decrypted data.

可选地,基于上述任一实施例,本实施例中的第一校验码为基于所述待加密数据和设定的多项式确定出的。Optionally, based on any of the foregoing embodiments, the first check code in this embodiment is determined based on the data to be encrypted and a set polynomial.

可选地,基于上述实施例,本实施例中的校验码与加密因子之间的映射关系为从映射关系分发中心获取到的;以及所述校验码与解密因子之间的映射关系为从映射关系分发中心获取到的。Optionally, based on the above embodiment, the mapping relationship between the check code and the encryption factor in this embodiment is obtained from the mapping relationship distribution center; and the mapping relationship between the check code and the decryption factor is: Obtained from the mapping relationship distribution center.

本申请任一实施例提供的数据处理装置中,在获取到待加密报文后,从待加密报文中解析出待加密数据和第一校验码;然后根据获取到的校验码与加密因子之间的映射关系,确定该第一校验码对应的加密因子;并利用加密因子对待加密数据进行加密处理,得到第一密文数据;然后将第一密文数据和第一校验码封装到第一加密报文中,并发送该第一加密报文。由此实现了待加密报文中待加密数据的加密,而且也不需要物理传递密钥,通过利用校验码获得用于加密待加密数据的加密因子,从而保证了加密数据的安全性。In the data processing device provided by any of the embodiments of the present application, after obtaining the message to be encrypted, the data to be encrypted and the first check code are parsed from the message to be encrypted; and then according to the obtained check code and encryption The mapping relationship between the factors is used to determine the encryption factor corresponding to the first check code; and the encryption factor is used to encrypt the data to be encrypted to obtain the first ciphertext data; then the first ciphertext data and the first check code are combined. It is encapsulated into a first encrypted message, and the first encrypted message is sent. Thus, the encryption of the to-be-encrypted data in the to-be-encrypted message is realized, and the encryption factor for encrypting the to-be-encrypted data is obtained by using the check code, thereby ensuring the security of the encrypted data.

基于同一发明构思,本申请实施例提供了一种电子设备,该电子设备可以但不限于为上述本端电子设备或对端电子设备。如图5所示,该电子设备包括处理器501和机器可读存储介质502,机器可读存储介质502存储有能够被处理器501执行的计算机程序,处理器501被计算机程序促使执行本申请任一实施例所提供的数据处理方法。此外,该电子设备还包括通信接口503和通信总线504,其中,处理器501,通信接口503,机器可读存储介质502通过通信总线504完成相互间的通信。Based on the same inventive concept, an embodiment of the present application provides an electronic device, which may be, but is not limited to, the above-mentioned local electronic device or opposite-end electronic device. As shown in FIG. 5 , the electronic device includes a processor 501 and a machine-readable storage medium 502, where the machine-readable storage medium 502 stores a computer program that can be executed by the processor 501, and the processor 501 is caused by the computer program to execute any task in the present application. A data processing method provided by an embodiment. In addition, the electronic device further includes a communication interface 503 and a communication bus 504 , wherein the processor 501 , the communication interface 503 , and the machine-readable storage medium 502 communicate with each other through the communication bus 504 .

上述电子设备提到的通信总线可以是外设部件互连标准(Peripheral ComponentInterconnect,PCI)总线或扩展工业标准结构(Extended Industry StandardArchitecture,EISA)总线等。该通信总线可以分为地址总线、数据总线、控制总线等。为便于表示,图中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus mentioned in the above electronic device may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus or the like. The communication bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in the figure, but it does not mean that there is only one bus or one type of bus.

通信接口用于上述电子设备与其他设备之间的通信。The communication interface is used for communication between the above electronic device and other devices.

上述机器可读存储介质502可以为存储器,该存储器可以包括随机存取存储器(Random Access Memory,RAM)、DDR SRAM(Double Data Rate Synchronous DynamicRandom Access Memory,双倍速率同步动态随机存储器),也可以包括非易失性存储器(Non-Volatile Memory,NVM),例如至少一个磁盘存储器。可选的,存储器还可以是至少一个位于远离前述处理器的存储装置。The above-mentioned machine-readable storage medium 502 may be a memory, and the memory may include random access memory (Random Access Memory, RAM), DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory, double-rate synchronous dynamic random access memory), or may include Non-volatile memory (Non-Volatile Memory, NVM), such as at least one disk memory. Optionally, the memory may also be at least one storage device located away from the aforementioned processor.

上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital SignalProcessor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; it may also be a digital signal processor (Digital Signal Processor, DSP), an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

对于电子设备以及机器可读存储介质实施例而言,由于其涉及的方法内容基本相似于前述的方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。For the embodiments of the electronic device and the machine-readable storage medium, since the content of the methods involved is basically similar to the foregoing method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any relationship between these entities or operations. any such actual relationship or sequence exists. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

上述装置中各个单元/模块的功能和作用的实现过程具体详见上述方法中对应步骤的实现过程,在此不再赘述。For details of the implementation process of the functions and functions of each unit/module in the above-mentioned apparatus, please refer to the implementation process of the corresponding steps in the above-mentioned method, which will not be repeated here.

对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元/模块可以是或者也可以不是物理上分开的,作为单元/模块显示的部件可以是或者也可以不是物理单元/模块,即可以位于一个地方,或者也可以分布到多个网络单元/模块上。可以根据实际的需要选择其中的部分或者全部单元/模块来实现本申请方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。For the apparatus embodiments, since they basically correspond to the method embodiments, reference may be made to the partial descriptions of the method embodiments for related parts. The apparatus embodiments described above are only illustrative, wherein the units/modules described as separate components may or may not be physically separated, and components shown as units/modules may or may not be physical units /module, i.e. can be located in one place, or can be distributed over multiple network elements/modules. Some or all of the units/modules may be selected according to actual needs to achieve the purpose of the solution of the present application. Those of ordinary skill in the art can understand and implement it without creative effort.

以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the present application. within the scope of protection.

Claims (10)

1. A data processing method, comprising:
acquiring a message to be encrypted;
analyzing data to be encrypted and a first check code from the message to be encrypted;
determining an encryption factor corresponding to the first check code according to the obtained mapping relation between the check code and the encryption factor;
encrypting the data to be encrypted by using the encryption factor to obtain first ciphertext data;
packaging the first ciphertext data and the first check code into a first encrypted message;
and sending the first encrypted message.
2. The method of claim 1, further comprising:
receiving a second encrypted message;
analyzing second ciphertext data and a second check code from the second encryption message;
determining a decryption factor corresponding to the second check code by using the acquired mapping relation between the check code and the decryption factor;
and decrypting the second ciphertext data by using the decryption factor to obtain decrypted data.
3. The method of claim 1, wherein the first check code is determined based on the data to be encrypted and a set polynomial.
4. The method according to claim 2, wherein the mapping relationship between the check code and the encryption factor is obtained from a mapping relationship distribution center; and the mapping relation between the check code and the decryption factor is obtained from a mapping relation distribution center.
5. A data processing apparatus, comprising:
the acquisition module is used for acquiring a message to be encrypted;
the first analysis module is used for analyzing the data to be encrypted and the first check code from the message to be encrypted;
the first determining module is used for determining an encryption factor corresponding to the first check code according to the mapping relation between the acquired check code and the encryption factor;
the encryption module is used for encrypting the data to be encrypted by using the encryption factor to obtain first ciphertext data;
the encapsulation module is used for encapsulating the first ciphertext data and the first check code into a first encryption message;
and the sending module is used for sending the first encrypted message.
6. The apparatus of claim 5, further comprising:
the receiving module is used for receiving the second encrypted message;
the second analysis module is used for analyzing second ciphertext data and a second check code from the second encrypted message;
the second determining module is used for determining a decryption factor corresponding to the second check code by using the acquired mapping relation between the check code and the decryption factor;
and the decryption module is used for decrypting the second ciphertext data by using the decryption factor to obtain decrypted data.
7. The apparatus of claim 5, wherein the first check code is determined based on the data to be encrypted and a set polynomial.
8. The apparatus according to claim 6, wherein the mapping relationship between the check code and the encryption factor is obtained from a mapping relationship distribution center; and the mapping relation between the check code and the decryption factor is obtained from a mapping relation distribution center.
9. An electronic device comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing a computer program executable by the processor, the processor being caused by the computer program to perform the method of any of claims 1-4.
10. A machine readable storage medium, having stored thereon a computer program which, when invoked and executed by a processor, causes the processor to perform the method of any of claims 1-4.
CN202210454365.6A 2022-04-27 2022-04-27 Data processing method, device, equipment and medium Pending CN115037511A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210454365.6A CN115037511A (en) 2022-04-27 2022-04-27 Data processing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210454365.6A CN115037511A (en) 2022-04-27 2022-04-27 Data processing method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115037511A true CN115037511A (en) 2022-09-09

Family

ID=83119476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210454365.6A Pending CN115037511A (en) 2022-04-27 2022-04-27 Data processing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115037511A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117596053A (en) * 2023-11-29 2024-02-23 赛力斯汽车有限公司 Data processing methods, devices and storage media for different data recipients

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203572A (en) * 2016-07-25 2016-12-07 四川新健康成生物股份有限公司 A kind of bar code encryption method and bar code encryption system
WO2020037577A1 (en) * 2018-08-22 2020-02-27 袁振南 Communication channel encrypting, decrypting, and establishing methods and apparatuses, memory, and terminal
CN113221152A (en) * 2021-05-31 2021-08-06 中国农业银行股份有限公司 Data processing method, device, apparatus, storage medium, and program
CN114338247A (en) * 2022-03-15 2022-04-12 中国信息通信研究院 Data transmission method and apparatus, electronic device, storage medium, and program product

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203572A (en) * 2016-07-25 2016-12-07 四川新健康成生物股份有限公司 A kind of bar code encryption method and bar code encryption system
WO2020037577A1 (en) * 2018-08-22 2020-02-27 袁振南 Communication channel encrypting, decrypting, and establishing methods and apparatuses, memory, and terminal
CN113221152A (en) * 2021-05-31 2021-08-06 中国农业银行股份有限公司 Data processing method, device, apparatus, storage medium, and program
CN114338247A (en) * 2022-03-15 2022-04-12 中国信息通信研究院 Data transmission method and apparatus, electronic device, storage medium, and program product

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117596053A (en) * 2023-11-29 2024-02-23 赛力斯汽车有限公司 Data processing methods, devices and storage media for different data recipients

Similar Documents

Publication Publication Date Title
CN106254896B (en) A kind of distributed cryptographic method for real-time video
CN104918243B (en) Mobile terminal secrecy system and method based on quantum true random number
CN112997448B (en) Public/private key system with reduced public key size
WO2021022794A1 (en) Rdma-based data transmission method, network card, server and medium
CN108574687B (en) Communication connection establishment method, apparatus, electronic device and computer readable medium
US11082411B2 (en) RDMA-based data transmission method, network interface card, server and medium
CN111464564A (en) Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm
US20190045442A1 (en) Transmission/ reception device with wake-up radio resistant to attacks by denial of sleep
CN115516454B (en) Hardware security module and system
US8880892B2 (en) Secured embedded data encryption systems
CN110378128A (en) Data ciphering method, device and terminal device
JP7229778B2 (en) Key management system and method
CN115037511A (en) Data processing method, device, equipment and medium
KR20220000537A (en) System and method for transmitting and receiving data based on vehicle network
CN114938273A (en) Key negotiation method, system, sending end and receiving end
US20130283363A1 (en) Secure data transfer over an arbitrary public or private transport
US20240048385A1 (en) Sharing cryptographic material
CN111262837A (en) Data encryption method, data decryption method, system, equipment and medium
CN114553411B (en) Distributed memory encryption device and distributed memory decryption device
CN107872312B (en) Method, device, equipment and system for dynamically generating symmetric key
US11943367B1 (en) Generic cryptography wrapper
US11902428B2 (en) Key exchange system, communication apparatus, key exchange method and program
CN114362919B (en) A symmetric encryption and decryption algorithm packet processing method
CN115987513B (en) Distributed database fragment encryption and decryption methods, devices, equipment and media
CN119031365A (en) A low-power Bluetooth upgrade encryption method and its system, device, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination