CN115361190A - Data encryption transmission method, device and system, electronic equipment and storage medium - Google Patents

Data encryption transmission method, device and system, electronic equipment and storage medium Download PDF

Info

Publication number
CN115361190A
CN115361190A CN202210976263.0A CN202210976263A CN115361190A CN 115361190 A CN115361190 A CN 115361190A CN 202210976263 A CN202210976263 A CN 202210976263A CN 115361190 A CN115361190 A CN 115361190A
Authority
CN
China
Prior art keywords
data
ciphertext
symmetric
key
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210976263.0A
Other languages
Chinese (zh)
Inventor
陈兴隆
王斌
朱志鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Cowain Automation Technology Co Ltd
Original Assignee
Jiangsu Cowain Automation Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Cowain Automation Technology Co Ltd filed Critical Jiangsu Cowain Automation Technology Co Ltd
Priority to CN202210976263.0A priority Critical patent/CN115361190A/en
Publication of CN115361190A publication Critical patent/CN115361190A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a data encryption transmission method, a data encryption transmission device, a data encryption transmission system, electronic equipment and a storage medium. Wherein, the method comprises the following steps: obtaining a symmetric key ciphertext and a symmetric encryption ciphertext sent by a data sending party; asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key; symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent; and carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver. The server of the technical scheme receives the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party, so that the safety in data transmission is ensured, the processing efficiency of encrypting and decrypting the data to be sent by the data sending party and the server is also ensured, the data to be sent is asymmetrically encrypted by the server and then is sent to the data receiving party, and the safety in data transmission is further improved.

Description

Data encryption transmission method, device, system, electronic equipment and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a system, an electronic device, and a storage medium for encrypted data transmission.
Background
To improve security during data transmission, data is generally encrypted. In the existing data encryption technology, a symmetric encryption technology or an asymmetric encryption technology is generally used. The symmetric encryption technology needs a data sending party and a data receiving party to agree a secret key in advance, the secret key is stored by the two parties, and the data is encrypted and decrypted by using the agreed secret key in advance. The asymmetric encryption technology needs a public key and a private key, wherein the public key and the private key are a pair, the public key is public, the private key can only be owned by a data receiver, a data sender uses the public key for encryption, and the data receiver uses the private key for decryption.
The symmetric encryption technology has high encryption and decryption speed, but generally has security, and if the secret key of one of a data receiving party and a data sending party is leaked, the security of the encrypted data is lost. Although the security of the asymmetric encryption technology is good, when large data is operated, the calculation amount is large, and the encryption and decryption speed is slow.
Disclosure of Invention
The invention provides a data encryption transmission method, a data encryption transmission device, a data encryption transmission system, electronic equipment and a storage medium, which are used for improving the security of data transmission and improving the processing efficiency of encryption and decryption.
According to an aspect of the present invention, there is provided a method of encrypted transmission of data, the method being performed by a server, the method comprising:
acquiring a symmetric key ciphertext and a symmetric encryption ciphertext transmitted by a data transmitter;
the symmetric encryption key ciphertext is a ciphertext obtained by the data sending party asymmetrically encrypting a symmetric encryption key, and the symmetric encryption ciphertext is a ciphertext obtained by the data sending party symmetrically encrypting data to be sent according to the symmetric encryption key;
asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key;
symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent;
and carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver.
According to still another aspect of the present invention, there is provided a method for encrypted transmission of data, the method being performed by an encrypted transmission system of data, the encrypted transmission system of data including a data sender, a server, and a data receiver, the method comprising:
symmetrically encrypting data to be sent according to the symmetric encryption key by the data sender to obtain a symmetric encryption ciphertext;
the symmetric encryption key is asymmetrically encrypted through the data sender to obtain a symmetric key ciphertext;
sending the symmetric key ciphertext and the symmetric encryption ciphertext to a server through the data sender;
and symmetrically decrypting the symmetric encrypted ciphertext through the server according to the symmetric encryption key obtained by asymmetrically decrypting the symmetric key ciphertext, and transmitting the obtained data to be transmitted to a data receiver after asymmetrically encrypting the data to be transmitted.
According to another aspect of the present invention, there is provided an apparatus for encrypted transmission of data, the apparatus being configured in a server, the apparatus including:
the ciphertext acquisition module is used for acquiring a symmetric key ciphertext and a symmetric encryption ciphertext transmitted by a data transmitting party;
the symmetric encryption cipher text is obtained by the data sending party through asymmetric encryption of a symmetric encryption key, and the symmetric encryption cipher text is obtained by the data sending party through symmetric encryption of data to be sent according to the symmetric encryption key;
the asymmetric decryption module is used for asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key;
the symmetric decryption module is used for symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent;
and the encryption module is used for carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext and transmitting the asymmetric encrypted ciphertext to a data receiver.
According to another aspect of the present invention, there is provided an encrypted data transmission system, including a data sender, a server, and a data receiver;
the data sender is used for symmetrically encrypting data to be sent according to the symmetric encryption key to obtain a symmetric encryption ciphertext;
the data sender is used for carrying out asymmetric encryption on the symmetric encryption key to obtain a symmetric key ciphertext;
the data sender is used for sending the symmetric key ciphertext and the symmetric encryption ciphertext to the server;
and the server is used for symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encrypted key obtained by asymmetrically decrypting the symmetric key ciphertext, asymmetrically encrypting the obtained data to be sent and then sending the data to be sent to a data receiver.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform a method of encrypted transmission of data according to any of the embodiments of the invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement a method for encrypted transmission of data according to any one of the embodiments of the present invention when the computer instructions are executed.
According to the technical scheme of the embodiment of the application, a symmetric key ciphertext and a symmetric encryption ciphertext sent by a data sending party are obtained; asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key; symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent; and carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver. The server of the technical scheme receives the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party, so that the safety in data transmission is ensured, the processing efficiency of encrypting and decrypting the data to be sent by the data sending party and the server is also ensured, the data to be sent is asymmetrically encrypted by the server and then is sent to the data receiving party, and the safety in data transmission is further improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for encrypted transmission of data according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for encrypted transmission of data according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for encrypted transmission of data according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an encrypted data transmission system according to a first embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for encrypted transmission of data according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an encrypted transmission system of data according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device implementing a method for encrypted transmission of data according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," "target," and the like in the description and claims of the present invention and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of an embodiment of the present invention, which provides a method for encrypted transmission of data, where the embodiment is applicable to a case where encrypted transmission of data is performed, and the method may be performed by a data encryption transmission apparatus, where the data encryption transmission apparatus may be implemented in a form of hardware and/or software, and the data encryption transmission apparatus may be configured in a server. As shown in fig. 1, the method includes:
s110, obtaining the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party.
In the embodiment of the application, the server acquires the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party, performs related processing on the symmetric key ciphertext and sends the symmetric key ciphertext and the symmetric encryption ciphertext to the data receiving party, so that encrypted transmission of data is realized. The data sender, the server and the data receiver can communicate through a network interface.
In this embodiment of the present application, the symmetric key ciphertext is a ciphertext obtained by asymmetrically encrypting a symmetric encryption key by the data sending party, and the symmetric encryption ciphertext is a ciphertext obtained by symmetrically encrypting data to be sent by the data sending party according to the symmetric encryption key. For example, the data sender may be a client with an encryption and decryption function, and the data receiver may be a mobile terminal with an encryption and decryption function, such as a smart phone and a tablet computer.
In the embodiment of the application, the data sending party symmetrically encrypts the data to be sent according to the symmetric encryption key to obtain the symmetric encryption ciphertext, and the encryption process adopts a symmetric encryption mode, so that the method has the effects of short encryption time and high efficiency. The data sender carries out asymmetric encryption on the symmetric encryption key to obtain a symmetric key ciphertext, the symmetric encryption key is subjected to asymmetric encryption in the encryption process, the data capacity of the symmetric encryption key is small, the operation amount of the asymmetric encryption on the symmetric encryption key is small, and the effect of short encryption time is achieved while the security of the symmetric encryption key is ensured.
And S120, asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key.
Specifically, since the symmetric key ciphertext is encrypted in an asymmetric encryption manner, asymmetric decryption needs to be performed on the symmetric key ciphertext to obtain a symmetric encryption key, and the server stores the symmetric encryption key in the database for subsequent calling. Illustratively, the database may be a MySQL database. Further, the private key required in the asymmetric decryption process can be stored in a database of the server in advance, and the server can directly use the private key.
And S130, symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent.
The data to be sent may be data before encryption, and the type of the data may be various data types such as a document, a table, a website, a picture, a video, an audio, and the like. Specifically, the obtained symmetric encryption key is used to symmetrically decrypt the symmetric encryption ciphertext to obtain data to be sent, and both the data to be sent and the symmetric encryption ciphertext are stored in a database for subsequent calling. Illustratively, the database may be a MySQL database.
S140, carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver.
Specifically, data leakage may be caused because data may be intercepted in a transmission process, and therefore, in order to transmit data to be transmitted in an encrypted manner, in the process of transmitting the data to be transmitted to a data receiver by a server, asymmetric encryption needs to be performed on the data to be transmitted to obtain an asymmetric encrypted ciphertext, and then the asymmetric encrypted ciphertext is transmitted to the data receiver. The effect of encrypting and transmitting the data to be transmitted between the server and the data receiver is realized through the steps.
According to the technical scheme of the embodiment of the application, a symmetric key ciphertext and a symmetric encryption ciphertext sent by a data sending party are obtained; asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key; symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent; and carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver. The server of the technical scheme receives the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party, so that the safety in data transmission is ensured, the processing efficiency of encrypting and decrypting the data to be sent by the data sending party and the server is also ensured, the data to be sent is asymmetrically encrypted by the server and then is sent to the data receiving party, and the safety in data transmission is further improved.
Example two
Fig. 2 is a flowchart of a data encryption transmission method according to a second embodiment of the present invention, which is optimized based on the second embodiment. Specifically, asymmetric decryption is performed on the symmetric key ciphertext and asymmetric encryption is performed on data to be transmitted to optimize.
As shown in fig. 2, the method of the present embodiment specifically includes the following steps:
s210, obtaining the symmetric key ciphertext and the symmetric encryption ciphertext sent by the data sending party.
S220, according to the first private key matched with the first public key, the symmetric key ciphertext is asymmetrically decrypted to obtain a symmetric encryption key.
The first public key is a public key used by the data sending party for asymmetric encryption of a symmetric encryption key. The first private key is matched with the first public key and is stored in the server. Specifically, because the data sender uses the first public key to asymmetrically encrypt the symmetric encryption key, the server uses the first private key matched with the first public key to asymmetrically decrypt a symmetric key ciphertext to obtain the symmetric encryption key.
And S230, symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent.
S240, according to the second public key, carrying out asymmetric encryption on the data to be sent to obtain an asymmetric encryption ciphertext, and sending the asymmetric encryption ciphertext to a data receiver.
The second public key is matched with a second private key, and the second private key is a private key used by the data receiving party for carrying out asymmetric decryption on the asymmetric encrypted ciphertext; the first public key is the same as or different from the second public key.
Specifically, the server performs asymmetric encryption on the data to be transmitted according to the second public key to obtain an asymmetric encryption ciphertext and transmits the asymmetric encryption ciphertext to the data receiver, and the data receiver performs asymmetric decryption on the asymmetric encryption ciphertext by using the second private key to obtain the data to be transmitted.
In the embodiment of the application, the first public key and the second public key may be the same, that is, the public key and the private key for the data sender to asymmetrically encrypt the symmetric encryption key are the same as the public key and the private key for the server to asymmetrically encrypt the file to be sent. The first public key and the second public key may also be different, that is, the public key and the private key for performing asymmetric encryption on the symmetric encryption key by the data sending party are different from the public key and the private key for performing asymmetric encryption on the file to be sent by the server, and whether the first public key and the second public key are the same or not may be configured according to the requirement of data transmission, which is not limited in this embodiment.
In this embodiment of the application, optionally, after sending the asymmetric encrypted ciphertext to a data receiving party, the method further includes: if the modified ciphertext sent by the data receiving party is determined to be received, the modified ciphertext is asymmetrically decrypted according to the second private key to obtain modified data; the modified ciphertext is a ciphertext obtained by the data receiver asymmetrically encrypting the modified data according to a second public key; and sending the modified data to a data sending party.
In the scheme, the data receiver receives the asymmetric encrypted ciphertext and decrypts the asymmetric encrypted ciphertext by using the second private key to obtain the plaintext of the data to be sent. The data receiver also provides a function of modifying the plaintext, and a user can check the plaintext according to an interactive interface and modify the plaintext when the plaintext does not meet the requirements. And if the data receiving party detects a modification instruction of the interactive interface to the plaintext, modifying the plaintext, asymmetrically encrypting the modified data by adopting a second public key to obtain a modified ciphertext and sending the modified ciphertext to the server, asymmetrically decrypting the modified ciphertext by the server according to the second private key to obtain modified data, and sending the modified data to the data sending party.
In the scheme, if the server receives the modified ciphertext sent by the data receiver, the modified ciphertext is asymmetrically decrypted to obtain modified data, and the modified data is sent to the data sender. The scheme provides a processing scheme under the condition that the data receiver modifies the data, so that the method in the embodiment of the application is more complete.
In this embodiment of the present application, optionally, the method further includes: storing the symmetric key ciphertext, the symmetric encryption key and the data to be sent; after the modified data is obtained, the method further comprises the following steps: and modifying the stored data according to the modified data.
In the scheme, the server stores the symmetric key ciphertext, the symmetric encryption key and the data to be sent into the database, and if modified data are obtained, the server can modify the stored data according to the modified data. The scheme is implemented in such a way, and plays a role in backing up data. Illustratively, the database may be a MySQL database. Optionally, after the asymmetric decryption is completed, the data receiving side may not store the asymmetric encrypted ciphertext, and modify the data before modification under the condition of modifying the data, so as to improve the security of the data.
EXAMPLE III
Fig. 3 is a flowchart of a data encryption transmission method according to a third embodiment of the present invention, where this embodiment is applicable to a case where data is encrypted for transmission, and the method may be executed by a data encryption transmission system, where the data encryption transmission system includes a data sending party, a server, and a data receiving party. As shown in fig. 3, the method includes:
s310, the data to be sent is symmetrically encrypted through the data sending party according to the symmetric encryption key, and a symmetric encryption ciphertext is obtained.
In the embodiment of the application, the data to be sent may be relatively large, and if the data to be sent is asymmetrically encrypted, the processing efficiency may be affected, so that the data sender symmetrically encrypts the data to be sent so as to improve the processing efficiency of encryption.
S320, the symmetric encryption key is asymmetrically encrypted through the data sending party to obtain a symmetric key ciphertext.
In the embodiment of the application, the data sending party carries out asymmetric encryption on the symmetric encryption key so as to improve the security of the symmetric encryption key, further improve the security of a symmetric encryption ciphertext and achieve the effects of high encryption speed and high security.
S330, sending the symmetric key ciphertext and the symmetric encryption ciphertext to a server through the data sender.
S340, the symmetric encrypted ciphertext is symmetrically decrypted by the server according to the symmetric encrypted key obtained by asymmetrically decrypting the symmetric key ciphertext, and the obtained data to be sent is sent to a data receiver after being asymmetrically encrypted.
In this embodiment of the present application, optionally, symmetrically encrypting data to be transmitted according to a symmetric encryption key includes: if the data transmission request sent by the data receiver is determined to be received, request verification is carried out on the data transmission request; and if the data transmission request is confirmed to pass the request verification, symmetrically encrypting the data to be sent according to the symmetric encryption key.
The data transmission request includes, but is not limited to: a data transmission request sent by a data receiver to a data sender, a data transmission request triggered by a preset timing, and the like. Ways to request authentication include, but are not limited to: short message verification, picture verification, authority authentication, mobile phone verification, face information verification, fingerprint verification, two-dimensional code verification and the like.
In the scheme, if the data sending party receives the data transmission request sent by the data receiving party, the data transmission request is subjected to request verification so as to control the data transmission and the use of the secret key, and the safety of the data transmission is ensured.
Specific application scenario 1
Fig. 4 is a specific application scenario of the data encryption transmission method according to the embodiment of the present invention, where the specific application scenario can implement the data encryption transmission method according to any embodiment of the present invention, and has a corresponding beneficial effect of an execution method. As shown in fig. 4, the specific applicable scenario includes:
client 80, server 81 and mobile terminal 82, client 80 includes: a client database 50 and a client data encryption and decryption module 51. The server 81 integrates the encryption key server 60 and the data server 61. The moving end 82 includes: a mobile terminal data encryption and decryption module 70, a display module 71 and a mobile terminal writing module 72.
The client data encryption and decryption module 51 may encrypt data to be sent in the client database 50 through a symmetric encryption key to obtain a symmetric encryption ciphertext, and may also obtain a first public key of asymmetric encryption, and encrypt the symmetric encryption key through the first public key of asymmetric encryption to obtain a symmetric key ciphertext.
The encryption key server 60 may receive and store the symmetric key ciphertext, decrypt the symmetric key ciphertext using the first private key of the asymmetric encryption, obtain the symmetric encryption key, and store the symmetric encryption key.
The data server 61 may receive and store the symmetric encrypted ciphertext, decrypt the symmetric encrypted ciphertext with the symmetric encryption key to obtain and store data to be transmitted, and the data server 61 may further encrypt the data to be transmitted with the asymmetric encrypted second public key to obtain the asymmetric encrypted ciphertext.
The mobile terminal data encryption and decryption module 70 may receive the asymmetric encrypted ciphertext, decrypt the asymmetric encrypted ciphertext through the second private key of the asymmetric encryption to obtain data to be sent, and transmit the data to the display module 71 for display.
The mobile terminal writing module 72 may modify the data to be sent decrypted by the mobile terminal data encrypting and decrypting module 70 to obtain modified data. Further, if the mobile terminal writing module 72 modifies the data to be sent, the modified data may be encrypted by the mobile terminal data encryption/decryption module 70, transmitted to the data server 61, decrypted by the data server 61, and transmitted to and stored in the client database 50.
In this specific application scenario, it should be noted that the client data encryption/decryption module 51 may be in communication connection with the encryption key server 60 through I/O stream communication, and may be in communication connection with the data server 61 through a network interface request. The mobile terminal data encryption and decryption module 70 may be communicatively connected to the data server 61 by means of a network interface request.
Illustratively, the specific application scenario adopts an RSA asymmetric encryption algorithm to perform asymmetric encryption and decryption processing. Symmetric Encryption and decryption processing is performed by using an AES (Advanced Encryption Standard) symmetric Encryption algorithm.
Illustratively, the MySQL database is provided in each of the encryption key server 60 and the data server 61, and the symmetric key ciphertext and the symmetric encryption ciphertext are stored in the MySQL database. Optionally, the asymmetric encrypted ciphertext may not be stored in the mobile terminal 82, and if the mobile terminal 82 completes decryption on the asymmetric encrypted ciphertext, the asymmetric encrypted ciphertext may be discarded, so as to ensure that ciphertext data is not leaked by the mobile terminal 82.
Example four
Fig. 5 is a schematic structural diagram of a data encryption transmission apparatus according to a fourth embodiment of the present invention, which is capable of executing the data encryption transmission method according to any embodiment of the present invention, and has corresponding functional modules and beneficial effects. As shown in fig. 5, the apparatus is configured in a server, and the apparatus includes:
a ciphertext obtaining module 510, configured to obtain a symmetric key ciphertext and a symmetric encrypted ciphertext sent by a data sender;
the symmetric encryption key ciphertext is a ciphertext obtained by the data sending party asymmetrically encrypting a symmetric encryption key, and the symmetric encryption ciphertext is a ciphertext obtained by the data sending party symmetrically encrypting data to be sent according to the symmetric encryption key;
the asymmetric decryption module 520 is configured to perform asymmetric decryption on the symmetric key ciphertext to obtain a symmetric encryption key;
the symmetric decryption module 530 is configured to symmetrically decrypt the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent;
the encryption module 540 is configured to perform asymmetric encryption on data to be sent to obtain an asymmetric encrypted ciphertext, and send the asymmetric encrypted ciphertext to a data receiver.
Optionally, the asymmetric decryption module 520 includes:
the asymmetric decryption unit is used for asymmetrically decrypting the symmetric key ciphertext according to a first private key matched with the first public key;
the first public key is a public key used by the data sender for carrying out asymmetric encryption on a symmetric encryption key.
The encryption module 540 includes:
the encryption unit is used for carrying out asymmetric encryption on the data to be sent according to the second public key;
the second public key is matched with a second private key, and the second private key is a private key used by the data receiving party for asymmetrically decrypting the asymmetric encrypted ciphertext; the first public key is the same as or different from the second public key.
Optionally, the apparatus further comprises:
the asymmetric decryption module is used for asymmetrically decrypting the modified ciphertext according to the second private key to obtain modified data if the modified ciphertext sent by the data receiving party is determined to be received;
the modified ciphertext is a ciphertext obtained by the data receiver performing asymmetric encryption on the modified data according to a second public key;
and the sending module is used for sending the modified data to a data sending party.
Optionally, the apparatus further comprises:
the storage module is used for storing the symmetric key ciphertext, the symmetric encryption key and the data to be sent;
and the modification module is used for modifying the stored data according to the modified data.
The data encryption transmission device provided by the embodiment of the invention can execute the data encryption transmission method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 6 is a schematic structural diagram of a data encryption transmission system according to a fifth embodiment of the present invention, where the apparatus is capable of executing the data encryption transmission method according to any embodiment of the present invention, and has corresponding functional modules and beneficial effects of the execution method. As shown in fig. 6, the encrypted transmission system of data includes a data sender 610, a server 620, and a data receiver 630.
The data sender 610 is configured to perform symmetric encryption on data to be sent according to the symmetric encryption key to obtain a symmetric encryption ciphertext;
the data sender 610 is configured to perform asymmetric encryption on the symmetric encryption key to obtain a symmetric key ciphertext;
the data sender 610 is configured to send a symmetric key ciphertext and a symmetric encryption ciphertext to the server 620;
the server 620 is configured to symmetrically decrypt the symmetric encrypted ciphertext according to the symmetric encryption key obtained by asymmetrically decrypting the symmetric key ciphertext, and send the obtained data to be sent to the data receiver after asymmetrically encrypting the data to be sent.
Optionally, the data sender 610 is further configured to:
if the data transmission request sent by the data receiver is determined to be received, request verification is carried out on the data transmission request;
and if the data transmission request is confirmed to pass the request verification, symmetrically encrypting the data to be sent according to the symmetric encryption key.
EXAMPLE six
FIG. 7 illustrates a schematic diagram of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 7, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 can perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from a storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 may also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to the bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 11 performs the respective methods and processes described above, such as an encryption transmission method of data.
In some embodiments, the method of encrypted transmission of data may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into the RAM 13 and executed by the processor 11, one or more steps of the above-described method of encrypted transmission of data may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the encrypted transmission method of data by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the Internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for encrypted transmission of data, the method being performed by a server, the method comprising:
acquiring a symmetric key ciphertext and a symmetric encryption ciphertext transmitted by a data transmitter;
the symmetric encryption key ciphertext is a ciphertext obtained by the data sending party asymmetrically encrypting a symmetric encryption key, and the symmetric encryption ciphertext is a ciphertext obtained by the data sending party symmetrically encrypting data to be sent according to the symmetric encryption key;
asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key;
symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent;
and carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext, and transmitting the asymmetric encrypted ciphertext to a data receiver.
2. The method of claim 1, wherein asymmetrically decrypting symmetric key ciphertext comprises:
according to a first private key matched with the first public key, asymmetrically decrypting the symmetric key ciphertext;
the first public key is a public key used by the data sending party for carrying out asymmetric encryption on a symmetric encryption key;
the asymmetric encryption is carried out on data to be sent, and the asymmetric encryption comprises the following steps:
according to the second public key, carrying out asymmetric encryption on data to be sent;
the second public key is matched with a second private key, and the second private key is a private key used by the data receiving party for asymmetrically decrypting the asymmetric encrypted ciphertext; the first public key is the same as or different from the second public key.
3. The method of claim 2, wherein after sending the asymmetric encrypted ciphertext to a data recipient, further comprising:
if the modified ciphertext sent by the data receiving party is determined to be received, the modified ciphertext is asymmetrically decrypted according to the second private key to obtain modified data;
the modified ciphertext is a ciphertext obtained by the data receiver asymmetrically encrypting the modified data according to a second public key;
and sending the modified data to a data sending party.
4. The method of claim 3, further comprising:
storing the symmetric key ciphertext, the symmetric encryption key and the data to be sent;
after the modified data is obtained, the method further comprises the following steps:
and modifying the stored data according to the modified data.
5. A method for encrypted transmission of data, the method being performed by an encrypted transmission system of data, the encrypted transmission system of data comprising a data sender, a server, and a data receiver, the method comprising:
symmetrically encrypting data to be transmitted according to the symmetric encryption key by the data transmitter to obtain a symmetric encryption ciphertext;
the symmetric encryption key is asymmetrically encrypted through the data sender to obtain a symmetric key ciphertext;
sending the symmetric key ciphertext and the symmetric encryption ciphertext to a server through the data sender;
and symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encrypted key obtained by asymmetrically decrypting the symmetric key ciphertext through the server, and asymmetrically encrypting the obtained data to be sent and then sending the data to be sent to a data receiver.
6. The method of claim 5, wherein symmetrically encrypting the data to be transmitted according to the symmetric encryption key comprises:
if the data transmission request sent by the data receiver is determined to be received, request verification is carried out on the data transmission request;
and if the data transmission request is confirmed to pass the request verification, symmetrically encrypting the data to be sent according to the symmetric encryption key.
7. An apparatus for encrypted transmission of data, the apparatus being configured in a server, the apparatus comprising:
the ciphertext acquisition module is used for acquiring a symmetric key ciphertext and a symmetric encryption ciphertext transmitted by a data transmitting party;
the symmetric encryption key ciphertext is a ciphertext obtained by the data sending party asymmetrically encrypting a symmetric encryption key, and the symmetric encryption ciphertext is a ciphertext obtained by the data sending party symmetrically encrypting data to be sent according to the symmetric encryption key;
the asymmetric decryption module is used for asymmetrically decrypting the symmetric key ciphertext to obtain a symmetric encryption key;
the symmetric decryption module is used for symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encryption key to obtain data to be sent;
and the encryption module is used for carrying out asymmetric encryption on data to be transmitted to obtain an asymmetric encrypted ciphertext and transmitting the asymmetric encrypted ciphertext to a data receiver.
8. The system for encrypting and transmitting the data is characterized by comprising a data transmitting party, a server and a data receiving party;
the data sender is used for symmetrically encrypting data to be sent according to the symmetric encryption key to obtain a symmetric encryption ciphertext;
the data sending party is used for carrying out asymmetric encryption on the symmetric encryption key to obtain a symmetric key ciphertext;
the data sender is used for sending the symmetric key ciphertext and the symmetric encryption ciphertext to the server;
and the server is used for symmetrically decrypting the symmetric encrypted ciphertext according to the symmetric encrypted key obtained by asymmetrically decrypting the symmetric key ciphertext, asymmetrically encrypting the obtained data to be sent and then sending the data to be sent to a data receiver.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform a method of encrypted transmission of data according to any one of claims 1 to 6.
10. A computer-readable storage medium having stored thereon computer instructions for causing a processor to execute a method of encrypted transmission of data according to any one of claims 1 to 6.
CN202210976263.0A 2022-08-15 2022-08-15 Data encryption transmission method, device and system, electronic equipment and storage medium Pending CN115361190A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210976263.0A CN115361190A (en) 2022-08-15 2022-08-15 Data encryption transmission method, device and system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210976263.0A CN115361190A (en) 2022-08-15 2022-08-15 Data encryption transmission method, device and system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115361190A true CN115361190A (en) 2022-11-18

Family

ID=84033103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210976263.0A Pending CN115361190A (en) 2022-08-15 2022-08-15 Data encryption transmission method, device and system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115361190A (en)

Similar Documents

Publication Publication Date Title
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
CN109981576B (en) Key migration method and device
CN112564887A (en) Key protection processing method, device, equipment and storage medium
CN112437044B (en) Instant messaging method and device
CN104038336A (en) Data encryption method based on 3DES
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
CN113422832B (en) File transmission method, device, equipment and storage medium
CN115473722A (en) Data encryption method and device, electronic equipment and storage medium
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN106685897A (en) Safe input method, device and system
CN111181920A (en) Encryption and decryption method and device
CN116781425B (en) Service data acquisition method, device, equipment and storage medium
CN116488919B (en) Data processing method, communication node and storage medium
CN116405199A (en) Encryption method, device, equipment and medium based on NTRU algorithm and SM2 algorithm
CN116208332A (en) Blockchain method based on quantum key distribution and quantum key privacy enhancement
CN115883199A (en) File transmission method and device, electronic equipment and storage medium
CN115688165A (en) Node file processing method, device, equipment and storage medium
CN115459984A (en) Encryption and decryption method and device
CN115361190A (en) Data encryption transmission method, device and system, electronic equipment and storage medium
CN113626848A (en) Sample data generation method and device, electronic equipment and computer readable medium
CN113672954A (en) Feature extraction method and device and electronic equipment
CN111970670A (en) APP key management method, device and system
CN112565156A (en) Information registration method, device and system
CN114866319B (en) Data processing method, device, electronic equipment and storage medium
CN117640083A (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: No. 198, Ruike Road, Yushan Town, Kunshan City, Suzhou City, Jiangsu Province 215,300

Applicant after: Jiangsu Kerian Technology Co.,Ltd.

Address before: 215300 Room No. 1299 Hengsheng Road, Yushan Town, Kunshan City, Suzhou City, Jiangsu Province

Applicant before: JIANGSU COWAIN AUTOMATION TECH. Co.,Ltd.