CN115102768B - Data processing method and device and computer equipment - Google Patents
Data processing method and device and computer equipment Download PDFInfo
- Publication number
- CN115102768B CN115102768B CN202210730121.6A CN202210730121A CN115102768B CN 115102768 B CN115102768 B CN 115102768B CN 202210730121 A CN202210730121 A CN 202210730121A CN 115102768 B CN115102768 B CN 115102768B
- Authority
- CN
- China
- Prior art keywords
- message
- encrypted
- receiver
- sender
- message body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 13
- 238000000034 method Methods 0.000 claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000005538 encapsulation Methods 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 9
- 238000013524 data verification Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 24
- 238000010586 diagram Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data processing method, firstly, coding a message to be sent, enabling the message to be in an unreadable state before decryption by a receiver, then carrying out asymmetric encryption on the message, enabling only the receiver to decrypt the coded message body, then in the assembling process, putting an encryption character string obtained based on the encrypted message body into a message header, ensuring that data in the message body is not tampered, simultaneously putting identification information for verification, and finally, carrying out symmetric encryption on the packaged message and sending the message to the receiver, so that the receiver can decrypt the original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the verification of the data validity can be realized.
Description
Technical Field
The present invention relates to the field of secure communications technologies, and in particular, to a data processing method, a data processing device, and a computer device.
Background
Currently, in daily life, complex service systems are supported behind each transfer, login, inquiry and other service, and these service systems are actually server clusters. The inside of the server cluster is not separated from frequent and large-scale data communication and data exchange. In the related art, a processing scheme for guaranteeing the data communication security of a server cluster generally encrypts data by using a single encryption mode and transmits the encrypted data. However, such a method is easy to crack and tamper with data, and the security of the data is not strong.
Disclosure of Invention
An objective of the embodiments of the present application is to provide a data processing method, apparatus, and computer device, so as to solve the problem that in the related art, data communicated in a server cluster is easy to be cracked and tampered.
In a first aspect, a data processing method provided in an embodiment of the present application is applied to a sender, and includes:
coding the message to be sent to obtain a coded message body;
carrying out asymmetric encryption on the coded message body by utilizing the public key of the receiver to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
symmetrically encrypting the encapsulated message, and transmitting the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
In the implementation process, the message to be sent is firstly encoded, so that the message is in an unreadable state before decryption by a receiver, then asymmetric encryption is carried out on the message, so that only the receiver can decrypt the encoded message body, then in the assembly process, the encrypted character string obtained based on the encrypted message body is put into the message header, the data in the message body is ensured not to be tampered, and meanwhile identification information is put into the message header for verification, and finally, the encapsulated message is symmetrically encrypted and sent to the receiver, so that the receiver can decrypt the original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the verification of the data validity can be realized.
Further, in some embodiments, the encoding the message to be sent includes:
and performing Base64 coding on the message to be sent.
In the implementation process, the Base64 coding is performed on the message to be sent, so that the coded message body has unreadability and can be read after decoding.
Further, in some embodiments, the asymmetric encryption employs an SM2 algorithm.
In the implementation process, compared with the traditional asymmetric encryption algorithm, the SM2 algorithm is adopted, so that the encryption method has the advantages of higher password complexity, higher processing speed and lower machine performance consumption.
Further, in some embodiments, the encrypted string is a hash value obtained by performing a hash algorithm on the encrypted message body.
In the implementation process, the encrypted message body is processed based on the hash algorithm, and the obtained encrypted character string is put into the message header, so that the data in the message body is ensured not to be tampered.
Further, in some embodiments, the identification information includes at least one of:
unique identification code and time stamp of the two parties are sent.
In the implementation process, the unique identification codes and/or time stamps of the two parties of the message are/is put into the message header as identification information, so that the receiving party can verify the identity of the sending party so as to verify whether the message is tampered after being generated.
Further, in some embodiments, the symmetric encryption employs the SM4 algorithm.
In the implementation process, the SM4 algorithm is adopted, so that compared with the traditional symmetric encryption algorithm, the security and the performance are improved to a certain extent.
In a second aspect, a data processing method provided in an embodiment of the present application is applied to a receiving party, and includes:
after receiving a message sent by a sender, decrypting the message by using a symmetric encryption key to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
performing data consistency verification on the encrypted message body by using the encrypted character string in the message header, and verifying the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
after the verification is passed, decrypting the message body by using an asymmetrically encrypted private key to obtain an encoded message body;
and decoding the coded message body to obtain message information.
In a third aspect, an embodiment of the present application provides a data processing apparatus, applied to a sender, including:
the message coding module is used for coding the message to be sent to obtain a coded message body;
the first encryption module is used for asymmetrically encrypting the coded message body by utilizing the public key of the receiver to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
the data encapsulation module is used for obtaining an encrypted character string based on the encrypted message body, encapsulating the encrypted character string and the identification information in a message header, and obtaining an encapsulated message; the identification information is used for identifying the identity of the sender;
the second encryption module is used for symmetrically encrypting the packaged message and sending the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
In a fourth aspect, an embodiment of the present application provides a data processing apparatus, applied to a receiving side, including:
the first decryption module is used for decrypting the message by using a symmetric encryption key after receiving the message sent by the sender to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
the data verification module is used for verifying the data consistency of the encrypted message body by utilizing the encrypted character string in the message header and verifying the identity of the sender by utilizing the identification information in the message header; the identification information is used for identifying the identity of the sender;
the second decryption module is used for decrypting the message body by using the asymmetric encrypted private key after the verification is passed, so as to obtain an encoded message body;
and the message decoding module is used for decoding the coded message body to obtain message information.
In a fifth aspect, an electronic device provided in an embodiment of the present application includes: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to any one of the first aspects when the computer program is executed.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium having instructions stored thereon, which when executed on a computer, cause the computer to perform the method according to any of the first aspects.
In a seventh aspect, embodiments of the present application provide a computer program product, which when run on a computer, causes the computer to perform the method according to any one of the first aspects.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part will be obvious from the description, or may be learned by practice of the techniques disclosed herein.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a data processing method according to an embodiment of the present application;
FIG. 2 is a flowchart of another data processing method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a data information encryption process of a sender according to an embodiment of the present application;
fig. 4 is a schematic diagram of a data information decryption process of a receiving party according to an embodiment of the present application;
FIG. 5 is a block diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 6 is a block diagram of another data processing apparatus according to an embodiment of the present application;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
In daily life, complex service systems are supported behind each transfer, login, inquiry and other service, and the service systems are actually a server cluster. The inside of the server cluster is not separated from frequent and large-scale data communication and data exchange. In the related art, a processing scheme for guaranteeing the data communication security of a server cluster generally encrypts data by using a single encryption mode and transmits the encrypted data. However, such a method is easy to crack and tamper with data, and the security of the data is not strong.
Based on this, the embodiment of the application provides a data processing scheme to solve the above problem.
As shown in fig. 1, fig. 1 is a flowchart of a data processing method provided in an embodiment of the present application, where the method is applied to a sender, and the sender may be any node in a server cluster. Clusters, also referred to as clusters, are clusters that utilize a standard network to connect various common servers together, providing users with higher system computing capabilities by specific methods, while providing users with single system image function computer systems.
Step 101, coding a message to be transmitted to obtain a coded message body;
a message (message) is a data unit exchanged and transmitted in a network, and contains complete data information to be transmitted, and its length is not limited and variable. The sender of the embodiment transmits the data information to be sent to the receiver in the form of a message, specifically, the message is attached with a destination address pointing to the receiver, so that the network node can transfer the message to the next node according to the destination address on the message, and the message is always transferred to the receiver node by node.
The step is to encode the original data once so that it is not readable until decrypted by the receiving party. In some examples, this step is Base64 encoding the message to be sent. Base64 is a method of representing binary data based on 64 printable characters, and its general encoding rules include converting every three 8Bit bytes into four 6Bit bytes, and then adding the 6Bit bits with two more high order 0's, making up four 8Bit bytes. By Base64 coding the message to be sent, the coded message body is unreadable and can be read after decoding. Of course, in other embodiments, other types of encoding methods may be employed by the sender.
In step 102, the coded message body is asymmetrically encrypted by using the public key of the receiver, so as to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
asymmetric encryption is one of encryption techniques that requires two keys for encryption and decryption, a Public Key (Public Key) and a Private Key (Private Key). The public key and the private key are a pair, and if the public key is used for encrypting the data, the data can be decrypted only by the corresponding private key; accordingly, if the data is encrypted with the private key, it can be decrypted only with the corresponding public key. The step performs asymmetric encryption on the encoded message body, so that only a receiving party with a private key can truly decrypt the encoded message body, which is a key barrier in the whole encryption process.
The most common of the asymmetric encryption algorithms is the RSA algorithm, but with the development of cryptography and computer technology, the current RSA algorithm faces serious security threats. Thus, in some embodiments, the asymmetric encryption in this step employs the SM2 algorithm. The SM2 algorithm is an asymmetric encryption algorithm in the national commercial cryptography algorithm, and compared with the RSA algorithm, the SM2 algorithm has higher password complexity, higher processing speed and smaller machine performance consumption, so that the SM2 algorithm is an advanced and safe algorithm. The specific SM2 encryption and decryption process can be referred to the description in the related art, and this embodiment will not be described in detail.
In addition, the public key of the recipient may be sent by the recipient to each node in the cluster upon entering the system. After the group is added, the system authentication is needed, after the authentication is passed, the receiving party broadcasts the asymmetrically encrypted public key to the server passing the whole network authentication, and then the server can send the normal data message. Of course, the method for obtaining the asymmetric encryption key may also be set differently according to the requirements of other specific scenes, which is not limited in this application.
Step 103, obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
the step is essentially the process of packaging the data and assembling the message header, wherein the encrypted character string is obtained based on the encrypted message body and is put into the message header, so that the data in the message body is ensured not to be tampered. In some embodiments, the encrypted string may be a Hash code value obtained by performing Hash algorithm processing on the encrypted message body. The Hash algorithm is a compression map that can be used to compress messages of arbitrary length into a message digest of some fixed length.
Alternatively, the hash algorithm employed may be SHA (Secure Hash Algorithm ) 256 algorithm. For any message of any length, the SHA256 algorithm generates a 256-bit hash value called a message digest, and the main processing steps include: performing bit filling processing on the message so that the final length is a multiple of 512 bits; blocking the message in 512-bit units; each message block is processed one by one. Of course, in other embodiments, other types of hashing algorithms may be employed, as this application is not limited in this regard.
The step also places identification information during the assembly process so that the receiver can verify it when decrypting. The identification information is information for verifying data consistency, optionally, the identification information may include at least one of: unique identification code and time stamp of the two parties are sent. The unique identifier of the sender and the unique identifier of the receiver are the unique identifier of the sender and the unique identifier of the receiver, and the unique identifier may be a server UUID (Universally Unique Identifier, universal unique identifier), specifically, the unique identifier may be generated based on the MAC (Media Access Control ) address of the corresponding device, and the unique identifier of the sender is put into the header, so that the receiver can authenticate the identity of the sender after receiving the message, thereby verifying whether the message has been tampered after being generated; the time stamp is data generated by using a digital signature technology, and the time stamp is put into the message header, so that a receiver can authenticate the generation time of the message by a certain technical means after receiving the message, thereby verifying whether the message is tampered after being generated. Of course, in other embodiments, the identification information may further include other types of information, such as a message ID, which is an identification that uniquely distinguishes a message from a message, and the message ID is placed in the header, so that replay attack may be prevented.
Step 104, symmetrically encrypting the encapsulated message, and transmitting the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
Symmetric encryption is also one of the encryption techniques, and unlike asymmetric encryption, symmetric encryption uses the same key for encryption and decryption. The step carries out symmetric encryption on the packaged message, so that a receiver with a symmetric encryption key can decrypt the packaged message to obtain the packaged message, and carries out validity check on the packaged message.
In some embodiments, the symmetric encryption in this step uses the SM4 algorithm. The SM4 algorithm is a symmetric encryption algorithm in the national commercial cryptography algorithm, which uses a nonlinear iteration structure of 32 rounds, and adds an inverse sequence transformation after the last round of nonlinear iteration, so that the decryption algorithm and the encryption algorithm can be kept consistent as long as the decryption key is the inverse sequence of the encryption key in the SM 4. Therefore, the SM4 algorithm is used instead of the traditional symmetric encryption algorithm, so that the security and the performance can be improved to a certain extent.
In addition, the key for the sender to perform symmetric encryption may be obtained after authentication is passed. After joining the cluster, the sender needs to perform system authentication first, and after the authentication is passed, the sender can acquire the symmetric encryption key. Alternatively, the key may be obtained from a central node, which may be considered a node in the cluster having public trust, that performs system authentication on servers joining the cluster and sends a symmetrically encrypted key to the servers passing the authentication. Of course, the method for obtaining the symmetric encryption key may also be set differently according to the requirements of other specific scenes, which is not limited in this application.
According to the data information encryption method, the message to be sent is firstly encoded, the message is in an unreadable state before decryption by a receiver, then asymmetric encryption is carried out on the message, only the receiver can decrypt the encoded message, then in the assembly process, an encryption character string obtained based on the encrypted message is placed in a message header, data in the message is ensured not to be tampered, identification information is placed for verification, and finally, the encapsulated message is symmetrically encrypted and sent to the receiver, so that the receiver can decrypt the original data. Therefore, through multiple encryption and data encapsulation, the data security is ensured, and the verification of the data validity can be realized.
Correspondingly, the application also provides an embodiment of the decryption method. As shown in fig. 2, fig. 2 is a flowchart of another data processing method according to an embodiment of the present application, where the method is applied to a receiving party, and includes:
after receiving a message sent by a sender, decrypting the message by using a symmetric encryption key to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
202, checking the data consistency of the encrypted message body by using the encrypted character string in the message header, and checking the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
in step 203, after the verification is passed, decrypting the message body by using the asymmetrically encrypted private key to obtain an encoded message body;
in step 204, the encoded message body is decoded to obtain message information.
The decryption scheme of the present embodiment corresponds to the encryption scheme of the embodiment of fig. 1, so the implementation process of each step of the present embodiment may refer to the description of the foregoing embodiment of fig. 1, and this application is not repeated herein. In addition, other modifications involved in the embodiment of fig. 1 are equally applicable to the embodiment of fig. 2.
For a more detailed description of the data processing scheme of the present application, a specific embodiment is described below:
the embodiment realizes the data communication safety of a server cluster (hereinafter referred to as a system), when each node enters the system, the system authentication needs to be performed firstly, after the authentication is passed, the key of the SM4 algorithm and the private key of the SM2 algorithm are acquired, meanwhile, the public key of the SM2 algorithm is broadcasted to other nodes passing the whole network authentication, and then the node can perform normal data message transmission with other nodes. For convenience of distinction, a node that transmits a message will be referred to as a sender, and a node that receives a message will be referred to as a receiver.
As shown in fig. 3, fig. 3 is a schematic diagram of a data information encryption process of a sender according to an embodiment of the present application. The encryption process includes:
s301, when a message is sent, firstly, base64 coding is used for an original message 31 to obtain a coded message body 32;
s302, carrying out asymmetric encryption on the coded message body 32 by using an SM2 public key of a receiver to obtain an encrypted message body 33;
s303, carrying out Hash25 algorithm processing on the encrypted message body 33 to obtain a HashCode value, and putting the HashCode value and data such as unique identification codes, date and the like of the two transmitting parties into a message header to obtain an encapsulated message 34, wherein the message body of the encapsulated message 34 is the encrypted message body 33;
s304, encrypting the encapsulated message 34 by using the SM4 key to obtain a symmetrically encrypted message 35;
s305, the symmetrically encrypted message 35 is sent to a receiver.
Correspondingly, as shown in fig. 4, fig. 4 is a schematic diagram of a data information decryption process of a receiving party according to an embodiment of the present application. The decryption process includes:
s401, when the symmetrically encrypted message 35 is received, decrypting the symmetrically encrypted message 35 by using an SM4 key to obtain an encapsulated message 34;
s402, checking the consistency of data based on the HashCode value in the header of the encapsulated message 34, checking the identity of the sender based on the unique identification code, date and other data of the sender in the header, and acquiring the message body of the encapsulated message 34 as the encrypted message body 33 when the verification is passed;
s403, decrypting the encrypted message body 33 by using the SM2 private key to obtain an encoded message body 32;
s404, performing Base64 decoding on the coded message body 32 to obtain the original message 31 of the sender.
From the above, according to the scheme of the embodiment, the multiple encryption algorithm is utilized to process the data, so that on one hand, the security of the data is ensured, and on the other hand, the data check and the identity check are realized, and the data is effectively prevented from being tampered.
Corresponding to the embodiments of the foregoing method, the present application further provides embodiments of a data processing device and a terminal to which the data processing device is applied.
As shown in fig. 5, fig. 5 is a block diagram of a data processing apparatus provided in an embodiment of the present application, where the data processing apparatus is applied to a sender, and includes:
the message encoding module 51 is configured to encode a message to be sent to obtain an encoded message body;
a first encryption module 52, configured to asymmetrically encrypt the encoded message body by using the public key of the receiver, to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
the data encapsulation module 53 is configured to obtain an encrypted string based on the encrypted message body, encapsulate the encrypted string and the identification information in the header, and obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
the second encryption module 54 is configured to symmetrically encrypt the encapsulated packet, and send the symmetrically encrypted packet to the receiver; the receiver also holds a symmetrically encrypted key.
As shown in fig. 6, fig. 6 is a block diagram of another data processing apparatus provided in an embodiment of the present application, where the data processing apparatus is applied to a receiving side, and includes:
a first decryption module 61, configured to decrypt a message sent by a sender by using a symmetric encryption key after receiving the message, to obtain a decrypted message, where the decrypted message includes a header and an encrypted message body;
the data verification module 62 is configured to perform data consistency verification on the encrypted message body by using the encrypted string in the header, and verify the identity of the sender by using the identification information in the header; the identification information is used for identifying the identity of the sender;
a second decryption module 63, configured to decrypt the message body by using the asymmetrically encrypted private key after the verification is passed, to obtain an encoded message body;
the message decoding module 64 is configured to decode the encoded message body to obtain message information.
The application further provides an electronic device, please refer to fig. 7, and fig. 7 is a block diagram of an electronic device according to an embodiment of the application. The electronic device may include a processor 710, a communication interface 720, a memory 730, and at least one communication bus 740. Wherein the communication bus 740 is used to enable direct connection communications for these components. The communication interface 720 of the electronic device in the embodiment of the present application is used for performing signaling or data communication with other node devices. Processor 710 may be an integrated circuit chip with signal processing capabilities.
The processor 710 may be a general-purpose processor, including a central processing unit (CPU, central Processing Unit), a network processor (NP, network Processor), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 710 may be any conventional processor or the like.
The Memory 730 may be, but is not limited to, random access Memory (RAM, random Access Memory), read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable Read Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable Read Only Memory (EEPROM, electric Erasable Programmable Read-Only Memory), and the like. The memory 730 has stored therein computer readable instructions which, when executed by the processor 710, can cause an electronic device to perform the various steps described above in relation to the method embodiments of fig. 1-2.
Optionally, the electronic device may further include a storage controller, an input-output unit.
The memory 730, the memory controller, the processor 710, the peripheral interface, and the input/output unit are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the elements may be electrically coupled to each other via one or more communication buses 740. The processor 710 is configured to execute executable modules stored in the memory 730, such as software functional modules or computer programs included in the electronic device.
The input-output unit is used for providing the user with the creation task and creating the starting selectable period or the preset execution time for the task so as to realize the interaction between the user and the server. The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative, and that the electronic device may also include more or fewer components than those shown in fig. 7, or have a different configuration than that shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
The embodiment of the application further provides a storage medium, where instructions are stored, and when the instructions run on a computer, the computer program is executed by a processor to implement the method described in the method embodiment, so that repetition is avoided, and no further description is given here.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (9)
1. A data processing method, applied to a sender, comprising:
base64 coding is carried out on the message to be sent, and a coded message body is obtained;
carrying out asymmetric encryption on the coded message body by utilizing the public key of the receiver to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
obtaining an encrypted character string based on the encrypted message body, and encapsulating the encrypted character string and the identification information in a message header to obtain an encapsulated message; the identification information is used for identifying the identity of the sender;
symmetrically encrypting the encapsulated message, and transmitting the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
2. The method of claim 1, wherein the asymmetric encryption employs an SM2 algorithm.
3. The method of claim 1, wherein the encrypted string is a hash value obtained by hashing an encrypted body of the message.
4. The method of claim 1, wherein the identification information comprises at least one of:
unique identification code and time stamp of the two parties are sent.
5. The method of claim 1, wherein the symmetric encryption employs an SM4 algorithm.
6. A data processing method, for use by a receiver, comprising:
after receiving a message sent by a sender, decrypting the message by using a symmetric encryption key to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
performing data consistency verification on the encrypted message body by using the encrypted character string in the message header, and verifying the identity of the sender by using the identification information in the message header; the identification information is used for identifying the identity of the sender;
after the verification is passed, decrypting the message body by using an asymmetrically encrypted private key to obtain an encoded message body;
and performing Base64 decoding on the coded message body to obtain message information.
7. A data processing apparatus, for use in a sender, comprising:
the message coding module is used for performing Base64 coding on a message to be sent to obtain a coded message body;
the first encryption module is used for asymmetrically encrypting the coded message body by utilizing the public key of the receiver to obtain an encrypted message body; the receiver holds an asymmetrically encrypted private key;
the data encapsulation module is used for obtaining an encrypted character string based on the encrypted message body, encapsulating the encrypted character string and the identification information in a message header, and obtaining an encapsulated message; the identification information is used for identifying the identity of the sender;
the second encryption module is used for symmetrically encrypting the packaged message and sending the symmetrically encrypted message to the receiver; the receiver also holds a symmetrically encrypted key.
8. A data processing apparatus for use with a receiver, comprising:
the first decryption module is used for decrypting the message by using a symmetric encryption key after receiving the message sent by the sender to obtain a decrypted message, wherein the decrypted message comprises a message header and an encrypted message body;
the data verification module is used for verifying the data consistency of the encrypted message body by utilizing the encrypted character string in the message header and verifying the identity of the sender by utilizing the identification information in the message header; the identification information is used for identifying the identity of the sender;
the second decryption module is used for decrypting the message body by using the asymmetric encrypted private key after the verification is passed, so as to obtain an encoded message body;
and the message decoding module is used for performing Base64 decoding on the coded message body to obtain message information.
9. A computer device, comprising: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 6 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730121.6A CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730121.6A CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115102768A CN115102768A (en) | 2022-09-23 |
| CN115102768B true CN115102768B (en) | 2024-03-19 |
Family
ID=83292261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210730121.6A Active CN115102768B (en) | 2022-06-24 | 2022-06-24 | Data processing method and device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115102768B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116612572B (en) * | 2023-06-14 | 2024-03-19 | 厦门万安智能有限公司 | Building access control management system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741552A (en) * | 2009-12-28 | 2010-06-16 | 华为技术有限公司 | Message transmitting method, equipment and system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN105119900A (en) * | 2015-07-17 | 2015-12-02 | 北京奇虎科技有限公司 | Information secure transmission method, network access method and corresponding terminals |
| CN105471827A (en) * | 2014-09-04 | 2016-04-06 | 华为技术有限公司 | Message transmission method and device |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN113037471A (en) * | 2020-12-19 | 2021-06-25 | 江苏云坤信息科技有限公司 | Cross-system and cross-department business cooperation information exchange method based on government affair field |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
-
2022
- 2022-06-24 CN CN202210730121.6A patent/CN115102768B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741552A (en) * | 2009-12-28 | 2010-06-16 | 华为技术有限公司 | Message transmitting method, equipment and system |
| CN102231707A (en) * | 2011-06-27 | 2011-11-02 | 中国建设银行股份有限公司 | Method and system for reliably transmitting data message in bank outlets |
| CN105471827A (en) * | 2014-09-04 | 2016-04-06 | 华为技术有限公司 | Message transmission method and device |
| CN105119900A (en) * | 2015-07-17 | 2015-12-02 | 北京奇虎科技有限公司 | Information secure transmission method, network access method and corresponding terminals |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN113037471A (en) * | 2020-12-19 | 2021-06-25 | 江苏云坤信息科技有限公司 | Cross-system and cross-department business cooperation information exchange method based on government affair field |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115102768A (en) | 2022-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109559122A (en) | Block chain data transmission method and block chain data transmission system | |
| CN106973056B (en) | Object-oriented security chip and encryption method thereof | |
| CN111079128A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
| CN110912920A (en) | Data processing method, apparatus and medium | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| JP6289680B2 (en) | Packet transmission device, packet reception device, packet transmission program, and packet reception program | |
| SE538304C2 (en) | Improved installation of a terminal in a secure system | |
| CN111555872A (en) | Communication data processing method, device, computer system and storage medium | |
| CN112491549A (en) | Data information encryption verification method, system and computer readable storage medium | |
| CN103209389B (en) | Short message push method, note supplying system and note push cloud server | |
| Saxena et al. | Efficient signature scheme for delivering authentic control commands in the smart grid | |
| CN114499857B (en) | Method for realizing data correctness and consistency in encryption and decryption of large data quanta | |
| CN115102768B (en) | Data processing method and device and computer equipment | |
| CN107294704B (en) | Password generation method, password execution method and terminal | |
| CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
| CN113591109B (en) | Method and system for communication between trusted execution environment and cloud | |
| CN111490874B (en) | Distribution network safety protection method, system, device and storage medium | |
| CN116170131B (en) | Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device | |
| CN111800784A (en) | Block chain cloud service system based on cloud computing | |
| CN114978769B (en) | Unidirectional leading-in device, unidirectional leading-in method, unidirectional leading-in medium and unidirectional leading-in equipment | |
| Somaiya et al. | Implementation and evaluation of EMAES–A hybrid encryption algorithm for sharing multimedia files with more security and speed | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| CN111147461B (en) | Data transmission method, device, server and user terminal | |
| CN112953968A (en) | Power distribution terminal operation and maintenance communication method and device based on security authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |