CN115550915A - Data transmission method, device and storage medium - Google Patents

Data transmission method, device and storage medium Download PDF

Info

Publication number
CN115550915A
CN115550915A CN202211202124.9A CN202211202124A CN115550915A CN 115550915 A CN115550915 A CN 115550915A CN 202211202124 A CN202211202124 A CN 202211202124A CN 115550915 A CN115550915 A CN 115550915A
Authority
CN
China
Prior art keywords
data
random number
encrypted
target
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211202124.9A
Other languages
Chinese (zh)
Inventor
郭龙伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202211202124.9A priority Critical patent/CN115550915A/en
Publication of CN115550915A publication Critical patent/CN115550915A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Abstract

The application provides a data transmission method, data transmission equipment and a storage medium. The method comprises the following steps: the front end determines whether the target type data exists in the first data to be transmitted back to the back end by the front end code. If so, a target key is generated using the random number and the initial key. And encrypting the first data by using the target key, and adding the encrypted first data serving as an encryption field to the first data to obtain second data. And encrypting the second data by using the initial key, and generating target data according to the encrypted second data and the random number. The target data is sent to the back end. The backend performs validity verification with the target data based on the random number to determine whether the first data is tampered. The method improves the safety of the data which is received by the back end and is returned from the front end.

Description

Data transmission method, device and storage medium
Technical Field
The present application relates to communications technologies, and in particular, to a data transmission method, device, and storage medium.
Background
Nowadays, people can browse news, complete shopping, transact various businesses and the like through terminal devices such as mobile phones, computers, tablets and the like, and the businesses are completed through data interaction between a front end (such as the terminal device) and a back end (such as a server providing services). Wherein the front end transmits data back to the back end through the front end code downloaded from the back end.
When the front end and the back end perform data interaction, the front end code (for example, codes of hypertext Markup Language (HTML), cascading Style Sheets (CSSs), javaScript, and the like) providing the service needs to be downloaded to the front end, so the front end code is transparent to the user. Therefore, the data returned to the back end by the front end by using the front end code is at risk of being tampered, so that the data returned to the back end by the front end is at safety risk, and the data safety problem is brought. At present, the front-end code is compressed and obfuscated mainly through a code obfuscating technology, so that the readability of the front-end code is reduced, the difficulty and cost of tampering the front-end code are improved, and the risk that data returned by the front-end code is tampered is reduced.
However, in the current data transmission method for improving data security through a code obfuscation technology, whether data transmitted back from a front end to a back end is maliciously tampered cannot be identified, and the problem that security risk is high during data interaction exists.
Disclosure of Invention
The application provides a data transmission method, data transmission equipment and a data transmission storage medium, which are used for solving the problems that whether data transmitted back from a front end is maliciously tampered or not can not be identified at present, and the safety risk is high during data interaction.
In a first aspect, the present application provides a data transmission method, including:
determining whether the first data to be transmitted back to the back end by the front end code has data of a target type;
if so, generating a target key by using the random number and the initial key; the random number is generated by the back end and is sent to the front end;
encrypting the first data by using the target key, and adding the encrypted first data serving as an encryption field into the first data to obtain second data;
encrypting the second data by using the initial key, and generating target data according to the encrypted second data and a random number;
and sending the target data to the back end.
In a second aspect, the present application provides a data transmission method, including:
receiving target data sent by a front end;
extracting a random number from the target data, and performing first validity verification based on the extracted random number and the stored random number to determine whether the extracted random number is generated by the back end and sent to the front end;
if the first validity verification is passed, decrypting the target data by using the initial key to obtain decrypted target data;
judging whether the decrypted target data has an encrypted field or not;
if the encrypted field exists, generating a target key by using the stored random number and the initial key, and decrypting the encrypted field by using the target key to obtain decrypted first data;
according to the decrypted first data and the first data except the encrypted field in the decrypted target data, performing second validity verification to determine whether the first data is tampered; the first data is data to be transmitted back to the back end by the front end code.
In a third aspect, the present application provides a data transmission apparatus, including:
the processing module is used for determining whether the target type data exists in first data to be transmitted back to the back end by the front end code; if so, generating a target key by using the random number and the initial key; the random number is generated by the back end and is sent to the front end; encrypting the first data by using the target key, and adding the encrypted first data serving as an encryption field into the first data to obtain second data; encrypting the second data by using the initial key, and generating target data according to the encrypted second data and a random number;
and the sending module is used for sending the target data to the back end.
In a fourth aspect, the present application provides a data transmission apparatus, including:
the receiving module is used for receiving target data sent by the front end;
the processing module is used for extracting a random number from the target data, and performing first validity verification on the basis of the extracted random number and the stored random number so as to determine whether the extracted random number is generated by the back end and sent to the front end; if the first validity verification is passed, decrypting the target data by using the initial key to obtain decrypted target data; judging whether the decrypted target data has an encrypted field or not; if the encrypted field exists, generating a target key by using the stored random number and the initial key, and decrypting the encrypted field by using the target key to obtain decrypted first data; according to the decrypted first data and the first data except the encrypted field in the decrypted target data, performing second validity verification to determine whether the first data is tampered; the first data is data to be transmitted back to the back end by the front end code.
In a fifth aspect, the present application provides a data transmission device, including: a processor, a communication interface, and a memory; the processor is respectively in communication connection with the communication interface and the memory;
the memory stores computer execution instructions;
the communication interface is in communication interaction with external equipment;
the processor executes computer-executable instructions stored by the memory to implement the method of any one of the first or second aspects.
In a sixth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions for implementing the data transmission method of any one of the first or second aspects when executed by a processor.
According to the data transmission method, the data transmission equipment and the data transmission storage medium, the data transmitted back from the front end to the back end are encrypted and transmitted by generating the dynamic random encryption key. The back end can rapidly identify whether the data returned by the front end is tampered or not through identifying the encrypted field, so that the problem that the data is unreliable due to the fact that illegal data are returned by the front end codes to the data of the back end is effectively prevented, and the safety of the data received by the back end is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of a system architecture of an application scenario provided in the present application;
fig. 2 is a schematic flow chart of how the front-end transmission provided in the present application transmits data in a multiple encryption manner;
FIG. 2A is a schematic flow chart of how data is decrypted as provided herein;
FIG. 3 is a schematic diagram of obtaining second data according to an embodiment of the present application;
fig. 4 is an interaction diagram of another data transmission method according to an embodiment of the present application;
fig. 5A is a schematic flowchart of an initial key transmission method according to an embodiment of the present application;
fig. 5B is a schematic flowchart of a data transmission method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data transmission device provided in the present application;
fig. 7 is a schematic structural diagram of another data transmission device provided in the present application;
fig. 8 is a schematic structural diagram of a data transmission device according to the present application.
Specific embodiments of the present application have been shown by way of example in the drawings and will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims.
The terms referred to in this application are explained first:
front end: the terminal device is a terminal device of a client deployed with a website or an application, and is used for displaying a foreground part of the website or the application so that a user can browse, interact and the like on the foreground part of the website or the application. The terminal device may be, for example, a smart phone, a computer, a notebook computer, a tablet computer, and the like. In the present application, the client of the website or application may be, for example, a web version client, an applet version client, an APP version client, and the like.
A rear end: refers to a background part of a website or an application, which provides data access service for a front end, and may be, for example, a server cluster, or the like.
Code obfuscation: also known as floral instructions, refer to the act of transforming the code of a computer program into a form that is functionally equivalent, but difficult to read and understand. For example, the names of various elements in the code, such as variables, functions, classes, may be rewritten to meaningless names. For example, rewriting to a single letter, or a short nonsense letter combination, or even to a symbol "\\" makes it impossible for a reader to guess his or her purpose by name; or rewriting part of logic in the code to change the logic into a functionally equivalent but more difficult-to-understand form, simplifying intermediate variables and the like; or to scramble the code format, such as deleting spaces, squeezing lines of code into a line, or breaking a line of code into lines, etc.
First, an application scenario and a system architecture of the present application will be described.
Fig. 1 is a schematic system architecture diagram of an application scenario provided in the present application. As shown in fig. 1, the system may include: at least one front end, a back end.
The user can access and browse the foreground part of the website or application through the front end, or complete business processing and the like through data interaction, and the business processing can be online shopping, life business handling and the like. The terminal equipment of the user downloads the front-end code so as to acquire the page and the function of the website or the application. By using the page and the function, the data generated by the front end is transmitted to the back end, so that the back end can process the data, and the service processing request and the service processing information of the user are processed. And after the back end finishes processing the front end data, returning a processing result to the front end to inform a user of the service processing result.
When the front end and the back end carry out data interaction, codes forming the front end service logic and the interaction interface are downloaded to the terminal equipment side of a user, so that the front end codes can be obtained by the user. The user can tamper the data transmitted back to the back end by the front end code, so that the data transmitted back to the back end by the front end has an unreliable problem. At present, the front-end code is compressed and obfuscated mainly through a code obfuscation technology, so that the readability of the front-end code is reduced, the difficulty of tampering the data which are transmitted back to the rear end by using the front-end code is improved, and the risk of tampering the data is reduced.
However, although the readability of the front-end code can be reduced to some extent by the code obfuscation technology, there is still a possibility that the front-end code is interpreted, and the problem that the data returned to the back-end by tampering with the front-end code is prone to occur, so that the data returned to the back-end is unreliable. Therefore, the security of the data that the front-end returns to the back-end is still low.
In view of this, the present application provides a data transmission method, which encrypts and transmits data transmitted from a front end to a back end by generating a dynamic and random encryption key. The back end can rapidly identify whether the data returned by the front end is tampered or not through identifying the encrypted field, so that the problem that the data is unreliable due to the fact that illegal data are returned by the front end codes to the data of the back end is effectively prevented, and the safety of the data received by the back end is improved.
With the system architecture of fig. 1, a detailed description will be given below of the technical solution of the present application and how to solve the above technical problem in a specific embodiment, taking an example of data interaction between a front end and a back end. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The embodiment of the application can be used for online shopping, business handling and the like, and the data transmission method provided by the application is described in detail below by taking a scene of online business handling of a user in a bank system as an example.
Fig. 2 is a schematic flow chart of how the front-end transmission uses multiple encryption to transmit data according to the present application. As shown in fig. 2, the method may include:
s201, the front end determines whether the first data to be transmitted back to the back end by the front end code has the data of the target type.
The target type may be set according to actual requirements, for example, the target type may be a type to which data that is tampered, and causes problems such as data at the back end being damaged, leaked, changed, or causing loss to a back end user, belongs.
Therefore, before sending data, the front end may determine whether the target type of data exists in the first data to be transmitted back to the back end. If the first data has the target type data, it is indicated that the tampering of the first data will have a large impact on the data at the back end, and therefore, a second encryption is required to be performed to reduce the risk of tampering the data in a multiple encryption manner, that is, steps S202-S204 are performed; if the target type data does not exist in the first data, it is indicated that the tampering of the first data does not have a great influence on the data at the back end, and the processing may be performed in a one-time encryption manner, that is, step S205 is performed.
For example, the first data may be data transmitted back to the banking system (back end) by the front end when the user performs online remittance, payment service, credit card service through the banking system, and the data may include one or more items of order information, account information of the user, service request, and the like, for example. The target type may refer to, for example, account information, order information, etc. of the user. When the account information and/or the order information is included in the first data, the target type of data is considered to exist.
S202, the front end generates a target key by using the random number and the initial key.
The random number is generated by the back end and sent to the front end, and the random number may be generated by any random number generation method in the prior art, which is not limited in this application. When the front end and the back end perform data transmission, the front end may send a random number acquisition request to the back end in advance to trigger the back end to generate and send to the front end. Or, the back end actively sends the random number to the connected front end according to a preset policy, for example, the random number may be actively sent to the front end according to a preset time interval.
In a possible implementation manner, when the front end and the back end perform data transmission, a random number may be generated for each data transmission behavior, for example, after the front end and the back end complete one data transmission, the back end needs to generate a random number again and send the random number to the front end to be used for the next data transmission.
Another possible implementation is to generate a random number once for a plurality of data transmission behaviors within a preset number range. For example, if the preset number of times is 3, the random number is used in the next data transmission action after the back end generates the random number and sends the random number to the front end, and before the fourth data transmission action, the back end regenerates the random number and sends the random number to the front end to be used for the next data transmission.
The initial key is a key in a symmetric Encryption algorithm, which is used to encrypt and decrypt Data by using the same key, and the symmetric Encryption algorithm may be, for example, data Encryption Standard (DES), advanced Encryption Standard (AES), RC2, RC4, RC5, or the like. The initial key may be a key in any of the above-mentioned symmetric encryption algorithms, and may be, for example, an AES key. When the AES key is used for data transmission, the advantages of higher encryption efficiency of the AES encryption algorithm are benefited, so that the front end can encrypt data more quickly, and the back end can decrypt the data more efficiently, thereby improving the efficiency of data encryption transmission.
The initial key may be generated by the front end, or may be synchronized to the front end after the back end generates the initial key, or may be synchronized to any one of the front end or the back end after the initial key is generated by other devices, and the any one of the front end or the back end is synchronized to the other end again, or is directly synchronized to the front end and the back end, and the like, which is not limited in this application. The initial key may be sent encrypted or unencrypted. When the initial key is sent encrypted, the encryption algorithm may be an asymmetric encryption algorithm, such as an RSA algorithm, an Elgamal algorithm, or the like.
Alternatively, the target key may be generated by inserting the random number into the data corresponding to the initial key. The application does not limit the position of inserting the random number, for example, the random number may be added before the first data in the data string of the initial key, may be inserted at any intermediate position in the data string of the initial key, and may be added after the last data in the data string of the initial key.
Optionally, the target key may be generated by replacing part of data in the initial key with the random number, or by performing an operation on the random number and part or all of data in the initial key. The application is not limited to how the random number and the initial key are used to generate the target key, as long as any one or a combination of multiple possible embodiments is used.
In the embodiment, the target key can be randomly generated through the random number, so that the target key corresponding to the data which is encrypted and transmitted is dynamic and random, the difficulty of cracking the target key is increased, the safety of the first data is further improved, and the data which is sent to the rear end by the front end through the front end code is safer.
S203, the front end encrypts the first data by using the target key, and adds the encrypted first data as an encryption field to the first data to obtain second data.
The specific way of adding the encrypted first data as the encrypted field to the first data may be that the front end and the back end negotiate in advance, or that the encrypted first data is preset in the front end and the back end, so as to ensure that the encrypted field can be accurately obtained when the back end decrypts the first data subsequently.
For example, the encrypted first data may be added to any position in the first data as an encrypted field, for example, the encrypted field may be added to a position before the first data in the first data, the encrypted field may be added to any intermediate position in the first data, the encrypted field may be added to a position after the last data in the first data, or the like, or the encrypted first data may be divided into a plurality of encrypted fields and added to different positions in the first data. Or, an address field storing an encryption field is reserved in the first data, and the encryption field is stored in the address field. Then, the first data to which the encryption field is added is taken as second data. That is, the second data includes the first data and an encrypted field corresponding to the encrypted first data.
Taking the encrypted first data as an encryption field to be added to a position behind the last data in the first data as an example, fig. 3 is a schematic diagram of obtaining the second data according to an embodiment of the present application. As shown in fig. 3, the second data includes first data, and an encryption field, and the second data is composed by combining the first data with the encryption field. The above example is merely one possible implementation for ease of understanding, and it should be understood that the present application is not limited as to how the second data is obtained.
S204, the front end encrypts the second data by using the initial key, and generates target data according to the encrypted second data and the random number.
The random number is used for verifying the legality of the target data by a back end.
The target data may exist in other data forms capable of being transmitted between the front end and the back end, and as long as the target data includes the encrypted second data and the random number, the application does not limit the specific data form of the target data.
Illustratively, the target data may be in the form of a message. In a possible implementation, the encrypted second data is stored in a payload (payload) of the message, and the random number may be located in a header of the message. In another possible implementation manner, the encrypted second data and the random number are both located in a payload (payload) of the message.
In the present application, the second data is first encrypted by the target key and then encrypted again by the initial key on the basis of the encryption by the target key. Therefore, the target data transmitted back to the back end by the front end through the front end code comprises two layers of encrypted first data, and the security of the first data is improved.
It should be understood that the embodiment of the present application is merely exemplified by a way of performing multiple encryption on the first data by taking two-layer encryption on the data as an example, and the present application may also implement the above-mentioned procedure by performing multiple encryption on the data by using a plurality of random numbers and, therefore, a plurality of initial keys. For example, according to a random number and two initial keys, processing data at different positions of the two initial keys to obtain two target keys, thereby performing triple encryption on the data; or multiple encryption and the like are carried out in the above mode according to the two random numbers and the two initial keys, so that the security of the data transmitted back to the back end by the front end through the front end code is further improved, and the risk of tampering the data is reduced.
After step S204 is executed, that is, after the target data is generated, step S206 is executed.
S205, encrypting the first data by using the initial key, and generating target data to be sent to a back end according to the encrypted first data and the random number. After the target data is generated, step S206 is executed.
How to generate the target data according to the encrypted first data and the random number is similar to the manner of generating the target data according to the second data and the random number in step S204, and is not described herein again.
S206, the front end sends the target data to the back end.
Accordingly, the back end receives the target data.
For example, the method for sending the encrypted data from the front end to the back end may be a data transmission manner in the prior art, and may be implemented by any one of data transmission manners such as XMLHttpRequest, post, ajax, and the like.
In the above, the following embodiments are described from the perspective of the back end for the process of how the front end transmits data in a multiple encryption manner, and how to decrypt the data is exemplified.
Fig. 2A is a schematic flowchart of how to decrypt data according to the present application. As shown in fig. 2A, the method may include:
s207, the back end extracts a random number from the target data and conducts first validity verification based on the extracted random number and the stored random number.
The first validity check is used to determine whether the extracted random number is generated by the back-end and sent to the front-end. If the first validity verification passes, the token may perform the next processing on the target data, and step S208 is executed. Optionally, if the first validity verification fails, it is characterized that the target data has been tampered, there is a security risk, and the backend refuses to process the target data, that is, execute step S213.
In this embodiment, after the back end generates the random number, the random number may be stored in a local database of the back end, or may be stored in a separate database connected to the back end. The database may be any database in the prior art, such as Redis, mySQL, oracle, sqlServer, etc. When the back end stores the random number, it needs to store the identification information of the front end to determine the front end corresponding to the random number. The identification information of the head end may be, for example, a MAC address, a device name, etc. of the head end. When the random number is stored by using the Redis database, the Redis database has higher performance and higher response speed due to the memory-based architecture design, so that the speed of extracting the random number and/or the initial key is further increased, and the efficiency of data encryption transmission is further improved.
The back end obtains the random number corresponding to the front end from the database and compares the random number with the random number in the target data. If the random number in the database is the same as the random number in the target data, the first validity verification is passed; if the random number in the database is not the same as the random number in the target data, the first validity verification fails.
And S208, the back end decrypts the target data by using the initial key to obtain the decrypted target data.
S209, the back end judges whether the decrypted target data has an encrypted field.
If the encrypted field exists, it represents that there exists data encrypted by using the target key in the target data, i.e. there exists multiple encrypted data, and the target key needs to be used to decrypt the encrypted field to further verify whether the data is tampered, i.e. steps S210-212 are executed; if the encrypted field does not exist, it is characterized that the decrypted target data does not have the multiple encrypted data, i.e., the decrypted target data is the first data, and step S212 is executed.
In a possible manner, the target data may carry an identifier for indicating whether an encrypted field exists, so that the backend can determine whether the encrypted field exists in the target data by detecting the identifier. Or, the back end reads the decrypted target data through a specific manner of adding the encrypted field to judge whether the encrypted field exists or not.
S210, generating a target key by using the stored random number and the initial key, and decrypting the encrypted field by using the target key to obtain decrypted first data.
And when the back end determines that the encrypted field exists in the target data, generating a target key by using the stored random number and the initial key, and generating the target key in the same way as the target key generated by the front end. The method for generating the target key may be preset in the front end and the back end, may be synchronized from the front end to the back end, may be synchronized from the back end to the front end, or may be synchronized from other devices to the front end and the back end, etc.
And S211, the back end performs second validity verification according to the decrypted first data and the first data except the encrypted field in the decrypted target data.
Wherein the second validity verification is used to determine whether the first data was tampered with. Optionally, if the second validity verification passes, the first data is represented to be not tampered, and there is no data security problem, then step S212 is executed; optionally, if the second validity verification fails, it is indicated that the first data has been tampered, and there is a data security problem, and step S213 is executed.
The rear end judges the validity of the first data by comparing the decrypted first data with the first data in the decrypted target data except the encrypted field. For example, the validity of the first data may be determined according to whether the decrypted first data is the same as the first data in the decrypted target data except for the encrypted field.
And if the decrypted first data and the first data except the encrypted field in the decrypted target data are the same, the first data is represented to be not tampered, the data safety problem does not exist, and the second validity is verified. And if the decrypted first data is different from the first data except the encrypted field in the decrypted target data, the first data is characterized to be tampered, the data safety problem exists, and the second validity verification fails.
The above detailed description of how to decrypt data by the backend provided in the present application, after the backend completes data decryption, optionally, the present application may further include the following steps:
s212, the back end processes the first data to obtain a processing result of the first data and a new random number, and sends the processing result of the first data and the new random number to the front end.
The processing result may be, for example, a remittance request from the user is passed and executed, or the account information of the user is determined to be changed. The new random number is a random number regenerated by the back end.
And S213, the back end generates a new random number and sends the new random number to the front end.
In any of the above embodiments, the method for encrypting data by using a key and decrypting data by using a key may refer to the prior art, and will not be described herein again.
According to the data transmission method provided by the embodiment of the application, the data transmitted back from the front end to the back end is subjected to multiple encryption transmission by generating the dynamic and random encryption key. The rear end can rapidly identify whether the data returned by the front end is falsified through multiple times of validity verification of the random number and the encrypted field, so that the problem that the data is unreliable due to the fact that illegal data are returned by the front end code to the data of the rear end is effectively solved, and the safety of the data returned by the front end and received by the rear end is improved.
With respect to step S208, the initial key is sent by the front end to the back end before sending the target data, and details of another data transmission method provided in this embodiment are described below by taking encryption sending of the initial key as an example. The encryption algorithm in the method may be a symmetric encryption algorithm or an asymmetric encryption algorithm, and the following description will use an asymmetric encryption algorithm (RSA encryption algorithm) as an example.
Fig. 4 is an interaction diagram of another data transmission method according to an embodiment of the present application. As shown in fig. 4, the method may include:
s401, the back end generates a key pair.
Wherein the key pair comprises: a public key and a private key. The public key is used to be sent to the front-end to enable the front-end to encrypt the initial key with the public key. The private key is used for decrypting the initial key which is sent by the front end and received by the back end and encrypted by the public key.
S402, the back end sends the public key to the front end.
Correspondingly, the front end generates an initial key and receives the public key.
The mode of generating the initial key by the front end may refer to a mode of generating a key of a symmetric encryption algorithm in the prior art, and the mode of sending the public key by the back end to the front end may refer to a mode of distributing the public key in the prior art, which is not described herein again. The way of sending the public key to the front end by the back end may be encrypted or unencrypted, which is not limited in the present application.
S403, the front end encrypts the initial key by using the public key to obtain encrypted data.
The front end encrypts the initial key through the public key of the RSA algorithm and a mode of encrypting data by using the public key in the RSA algorithm, so that the encrypted data is obtained. The encrypted data includes an encrypted initial key.
S404, the front end transmits the encrypted data to the back end.
Accordingly, the back end receives the encrypted data sent by the front end.
Wherein the encrypted data is obtained by encrypting the initial key by using the public key.
S405, the back end decrypts the encrypted data by using the private key to obtain an initial key.
The back end decrypts the encrypted data encrypted by the public key through the private key of the key pair, thereby obtaining the initial key in the encrypted data. The private key may be stored in a memory at the back end or in a database connected to the back end, and when the back end receives the encrypted data, the private key is obtained from the storage location of the private key to decrypt the encrypted data.
According to the other data transmission method provided by the embodiment of the application, the initial key pair is encrypted and transmitted through the key pair, so that the safety of the front end when the initial key is sent to the rear end is improved, the risk of leakage of the initial key is reduced, the safety of the front end code used for encrypting the data to be transmitted back to the rear end is improved, and the risk of data tampering when the front end code is transmitted back to the rear end is further reduced.
Following the method steps as described above in fig. 2, a description is given of how the random numbers are updated. The following describes a random number updating method provided in the embodiment of the present application in detail, taking an example in which a new random number is generated every time data transmission.
When the validity verification passes, the first validity verification in the characterization step S207 passes, and the second validity verification in the step S211 passes.
And the front end transmits the target data corresponding to the first data to the rear end through representing that the content of the first data is not tampered by the validity verification, so that the rear end is not subjected to data security risk. At this time, the back end processes the first data to obtain a processing result of the first data and a new random number, and sends the processing result of the first data and the new random number to the front end.
The method for processing the first data by the back end and the processing result of the first data are determined according to the content of the first data. For example, if the content of the first data includes a remittance request, the content of account information, remittance amount, remittance time, and the like related to remittance included in the first data is acquired, and a remittance operation is performed according to the content. A corresponding processing result is then obtained based on the outcome of the money transfer operation, which may be, for example, a success or failure of the money transfer. The generation method of the new random number is the same as the generation method of the random number, and is not described herein again. After the new random number is generated, it is stored in the backend or database in place of the original random number.
Correspondingly, the front end receives the processing result of the first data and the new random number, which are sent by the back end after the validity verification is passed.
The processing result may be directly pushed to the front end, for example, at least one of a short message, a telephone call, or a display on the front end. The new random number is updated to the position of the original random number stored in the front end to replace the original random number, so that the front end can be used for data transmission with the back end next time.
If any one of the first validity verification in step S207 or the second validity verification in step S211 fails, the validity verification fails.
The failure of the validity verification indicates that the content of the first data has been tampered, and the front end transmits the target data corresponding to the first data to the back end, so that data security risk is brought to the back end. At this point, the backend rejects processing the first data. And, the back end generates a new random number and transmits the new random number to the front end.
Correspondingly, the front end receives a new random number sent by the back end after the validity verification fails.
It should be understood that, in this embodiment, no matter whether the first data to be returned by the front-end code to the back-end has the target type data or not, or whether the target data passes the first validity verification and/or the first validity verification, the back-end after completing the corresponding process is regarded as the end of the data transmission process, a new random number needs to be generated to replace the original random number, so that one random number can only be used for one-time data transmission, and further, each target key generated according to the random number can only be used for one-time data transmission, therefore, by using the dynamic and random numbers and the target key to perform data transmission, the difficulty of cracking the data to be returned by the back-end is increased, and the security of the front-end using the front-end code to transmit the data to the back-end is improved.
According to the data transmission method provided by the embodiment of the application, the random number is updated when the front end transmits data to the back end every time, so that the dynamic random number needs to be verified when the front end transmits data back to the back end through the front end code every time. And the target key is generated by the random number, so that the target key is dynamically changed and random during each data transmission, the difficulty in cracking the random number and the target key is improved, the data security problem caused by data tampering is reduced, and the security of data transmitted back to the back end by the front-end code is improved.
For convenience of understanding, the data transmission method provided by the present application is exemplified by using an RSA algorithm to encrypt and transmit an initial key, a key of an AES algorithm (here, the initial key is abbreviated as AES, and a target key is abbreviated as AES 1) to encrypt and transmit data, and a backend database is a Redis database. Fig. 5 is a flowchart illustrating another data transmission method according to an embodiment of the present application. As shown in fig. 5, the method may include:
fig. 5A is a flowchart illustrating an initial key transmission method according to an embodiment of the present application, where as shown in fig. 5A, the method may include:
s501, the back end generates an RSA key pair and sends the RSA public key to the front end.
Accordingly, the front end receives the public key.
The back end simultaneously stores the RSA private key into the Redis database.
S502, the front end generates an initial key AES.
S503, the front end encrypts the initial key AES according to the RSA public key to obtain encrypted data.
S504, the front end synchronizes the encrypted data to the back end.
And S505, the rear end reads the RSA private key to decrypt the encrypted data, obtains an initial key AES and generates a random number.
And S506, the back end sends the random number to the front end.
Correspondingly, the front end receives the random number.
Alternatively, the above steps S501 to S506 may be executed once before the front end transmits data to the back end, may be executed once within a preset number of data transmissions between the front end and the back end, or may be executed only once between the front end and the back end. The execution mode can be determined according to actual requirements, and the application does not limit the execution mode.
Fig. 5B is a flowchart illustrating a data transmission method according to an embodiment of the present application. As shown in fig. 5B, the method may include:
and S507, the front end judges whether the first data to be returned to the back end has the data of the target type, if so, the steps S508-S511 are executed, and if not, the step S512 is executed.
And S508, the front end obtains a target key AES1 according to the random number and the initial key AES.
S509, the front end encrypts the first data by using the target key AES1, and takes the encrypted first data as an encrypted field.
And S510, the front end obtains second data according to the first data and the encrypted field.
S511, the front end encrypts the second data by using the initial key AES, and generates target data according to the random number and the encrypted second data.
After step S511 is executed, step S513 is executed.
S512, the front end encrypts the first data by using an initial key AES, and generates target data according to the random number and the encrypted first data.
After step S512 is executed, step S513 is executed.
And S513, the front end sends the target data to the back end.
Accordingly, the back end receives the data.
And S514, the back end reads the random number and the initial key AES from the Redis database, and performs first validity verification on the random number and the initial key AES in the target data. If the verification is passed, go to step S515; if the verification fails, step S522 is performed.
And S515, the back end decrypts the target data according to the initial key AES to obtain the first data and the encrypted field.
S516, the back end judges whether the decrypted target data has an encryption field. If yes, executing steps S517-519; if not, go to step S520.
And S517, generating a target key AES1 by the back end according to the random number and the initial key AES.
S518, the rear end decrypts the encrypted field by using the target key AES1 to obtain decrypted first data.
And S519, the back end carries out second validity verification according to the decrypted first data and the first data except the encrypted field in the target data. The verification passes performing step S521, and the verification does not pass performing step S522.
S520, the rear end decrypts the target data by using the initial key AES to obtain first data. Step S521 is performed.
S521, the back end acquires a processing result of the first data and a new random number according to the first data, and then sends the processing result and the new random number to the front end.
And S522, the back end generates a new random number and sends the new random number to the front end.
And the back end stores the updated random number into a Redis database.
The data transmission method provided in the embodiment of the present application may be implemented as the data transmission method shown in fig. 2 to 4 in the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram of a data transmission device provided in the present application. As shown in fig. 6, the data transmission apparatus includes: a processing module 11 and a sending module 12. Optionally, the data transmission device may further include, for example, a receiving module 13.
The processing module 11 is configured to determine whether the first data to be returned back to the back end by the front end code contains data of a target type; if so, generating a target key by using the random number and the initial key; encrypting the first data by using the target key, and adding the encrypted first data serving as an encryption field into the first data to obtain second data; encrypting the second data by using the initial key, and generating target data according to the encrypted second data and a random number; the random number is generated by the back end and is sent to the front end;
and a sending module 12, configured to send the target data to the backend.
Optionally, the receiving module 13 is configured to receive the public key sent by the backend; the processing module 11 is further configured to generate the initial key, and encrypt the initial key by using the public key to obtain encrypted data; the sending module 12 is further configured to send the encrypted data to the back end, so that the back end decrypts the encrypted data to obtain the initial key.
Optionally, the receiving module 13 is further configured to, after the sending module 12 sends the target data to the backend, receive a processing result of the first data sent by the backend after the validity verification based on the random number and the encrypted first data passes, and a new random number; or receiving a new random number sent by the back end after the validity verification based on the random number and/or the encrypted first data fails.
Optionally, the processing module 11 is further configured to, after determining whether there is target-type data in first data to be returned back to the back end by the front end code, encrypt the first data by using the initial key if there is no target-type data, and generate target data according to the encrypted first data and the random number. A sending module 12, configured to send the target data to the backend; the receiving module 13 is further configured to receive a processing result of the first data sent by the backend and a new random number after the sending module 12 sends the target data to the backend.
The data transmission device provided in the embodiment of the present application may perform the actions of the front end in the data transmission method shown in fig. 2 to fig. 5 in the above method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 7 is a schematic structural diagram of another data transmission device provided in the present application. As shown in fig. 7, the data transmission apparatus includes: a receiving module 21 and a processing module 22. Optionally, the data transmission apparatus may further include, for example, at least one of the following modules: and a sending module 23.
The receiving module 21 is configured to receive target data sent by a front end.
The processing module 22 is configured to extract a random number from the target data, and perform a first validity verification based on the extracted random number and the stored random number to determine whether the extracted random number is generated by the back end and sent to the front end. And if the first validity verification is passed, decrypting the target data by using the initial key to obtain the decrypted target data. And judging whether the decrypted target data has the encrypted field or not. And if the encrypted field exists, generating a target key by using the stored random number and the initial key, and decrypting the encrypted field by using the target key to obtain decrypted first data. And according to the decrypted first data and the first data except the encrypted field in the decrypted target data, performing second validity verification to determine whether the first data is tampered. The first data is data to be transmitted back to the back end by the front end code.
Optionally, the processing module 22 is further configured to generate a key pair, where the key pair includes: a public key and a private key. A sending module 23, configured to send the public key to the front end. The receiving module 21 is further configured to receive encrypted data sent by the front end; the encrypted data is obtained by encrypting the initial key with the public key. The processing module 22 is further configured to decrypt the encrypted data using the private key to obtain the initial key.
Optionally, the processing module 22 is further configured to process the first data to obtain a processing result of the first data and a new random number if the validity verification based on the random number and the encrypted first data passes. The sending module 23 is further configured to send the processing result of the first data and the new random number to the front end. Or, the processing module 22 is further configured to generate a new random number if the validity verification based on the random number and/or the second data fails. The sending module 23 is further configured to send a new random number to the front end.
Optionally, the processing module 22 is further configured to, after determining whether an encrypted field exists in the decrypted target data, if the encrypted field does not exist, process the first data to obtain a processing result of the first data, and generate a new random number. The sending module 23 is further configured to send the processing result of the first data and the new random number to the front end.
The data transmission device provided in the embodiment of the present application may perform the actions at the back end in the data transmission method shown in fig. 2 to fig. 5 in the above method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a data transmission device provided in the present application. The data transmission device may be, for example, the device where the front end is located, or a back end. As shown in fig. 8, the data transmission apparatus 800 may include: at least one processor 801, a memory 802, and a communication interface 803.
The memory 802 stores programs. In particular, the program may include program code including computer operating instructions.
Memory 802 may comprise high-speed RAM memory and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 801 is configured to execute computer-executable instructions stored in the memory 802 to implement the data transmission methods described in the foregoing method embodiments. The processor 801 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
The processor 801 may perform communication interaction with an external device through the communication interface 803, and when the data transmission device 800 is a device in which a front end is located, the external device may be a back end; when the data transmission device 800 is a backend, the external device may be a device, database, etc. at which the frontend resides. In a specific implementation, if the communication interface 803, the memory 802 and the processor 801 are implemented independently, the communication interface 803, the memory 802 and the processor 801 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. Buses may be classified as address buses, data buses, control buses, etc., but do not represent only one bus or type of bus.
Alternatively, in a specific implementation, if the communication interface 803, the memory 802 and the processor 801 are integrated into a chip, the communication interface 803, the memory 802 and the processor 801 may complete communication through an internal interface.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer-readable storage medium stores program instructions, and the program instructions are used in the method in the foregoing embodiments.
The present application further provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the electronic device may read the execution instruction from the readable storage medium, and the at least one processor executes the execution instruction to enable the electronic device to implement the data transmission method provided by the various embodiments described above.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A method of data transmission, the method comprising:
determining whether the first data to be transmitted back to the back end by the front end code has data of a target type;
if yes, generating a target key by using the random number and the initial key; the random number is generated by the back end and is sent to the front end;
encrypting the first data by using the target key, and adding the encrypted first data serving as an encryption field into the first data to obtain second data;
encrypting the second data by using the initial key, and generating target data according to the encrypted second data and a random number;
and sending the target data to the back end.
2. The method of claim 1, further comprising:
generating the initial key and receiving a public key sent by the back end;
encrypting the initial key by using the public key to obtain encrypted data;
and sending the encrypted data to the back end so that the back end decrypts the encrypted data to obtain the initial key.
3. The method of claim 1 or 2, wherein after the sending the target data to the backend, the method further comprises:
receiving a processing result of the first data sent by the back end after the validity verification based on the random number and the encrypted first data passes, and a new random number;
alternatively, the first and second liquid crystal display panels may be,
and receiving a new random number which is sent by the back end after the validity verification based on the random number and/or the encrypted first data fails.
4. The method according to claim 1 or 2, wherein after determining whether the target type data exists in the first data to be transmitted back to the back end by the front end code, the method further comprises:
if the first data does not exist, the initial secret key is used for encrypting the first data, target data are generated according to the encrypted first data and the random number, and the target data are sent to the back end;
after the target data is sent to the backend, the method further includes:
and receiving a processing result of the first data sent by the back end and a new random number.
5. A method of data transmission, the method comprising:
receiving target data sent by a front end;
extracting a random number from the target data, and performing first validity verification based on the extracted random number and the stored random number to determine whether the extracted random number is generated by the back end and sent to the front end;
if the first validity verification is passed, decrypting the target data by using the initial key to obtain decrypted target data;
judging whether the decrypted target data has an encrypted field or not;
if the encrypted field exists, generating a target key by using the stored random number and the initial key, and decrypting the encrypted field by using the target key to obtain decrypted first data;
according to the decrypted first data and the first data except the encrypted field in the decrypted target data, performing second validity verification to determine whether the first data is tampered; the first data is data to be transmitted back to the back end by the front end code.
6. The method of claim 5, further comprising:
generating a key pair, the key pair comprising: public key and private key;
sending the public key to the front end;
receiving encrypted data sent by the front end; the encrypted data is obtained by encrypting the initial key by using the public key;
and decrypting the encrypted data by using a private key to obtain the initial key.
7. The method of claim 5 or 6, further comprising:
if the validity verification based on the random number and the encrypted first data passes, processing the first data to obtain a processing result of the first data and a new random number, and sending the processing result of the first data and the new random number to the front end;
alternatively, the first and second electrodes may be,
and if the validity verification based on the random number and/or the second data fails, generating a new random number and sending the new random number to the front end.
8. The method according to claim 5 or 6, wherein after determining whether the encrypted field exists in the decrypted target data, the method further comprises:
and if the encrypted field does not exist, processing the first data to obtain a processing result of the first data and a generated new random number, and sending the processing result of the first data and the new random number to the front end.
9. A data transmission device, comprising: a processor, a communication interface, and a memory; the processor is respectively in communication connection with the communication interface and the memory;
the memory stores computer-executable instructions;
the communication interface is in communication interaction with external equipment;
the processor executes computer-executable instructions stored by the memory to implement the method of any of claims 1 to 8.
10. A computer-readable storage medium having computer-executable instructions stored thereon, which when executed by a processor, are configured to implement the data transmission method of any one of claims 1 to 8.
CN202211202124.9A 2022-09-29 2022-09-29 Data transmission method, device and storage medium Pending CN115550915A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211202124.9A CN115550915A (en) 2022-09-29 2022-09-29 Data transmission method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211202124.9A CN115550915A (en) 2022-09-29 2022-09-29 Data transmission method, device and storage medium

Publications (1)

Publication Number Publication Date
CN115550915A true CN115550915A (en) 2022-12-30

Family

ID=84731774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211202124.9A Pending CN115550915A (en) 2022-09-29 2022-09-29 Data transmission method, device and storage medium

Country Status (1)

Country Link
CN (1) CN115550915A (en)

Similar Documents

Publication Publication Date Title
AU2021203184B2 (en) Transaction messaging
US11877213B2 (en) Methods and systems for asset obfuscation
EP3608860A1 (en) Payment system for authorising a transaction between a user device and a terminal
US20130290718A1 (en) Mobile storage device and the data processing system and method based thereon
KR20160024185A (en) Management system and method of crytocurrency using secure element
US20140289129A1 (en) Method for secure contactless communication of a smart card and a point of sale terminal
WO2019233224A1 (en) Tag data generation method, tag, and nfc tag-based data processing
JP2023523437A (en) Card management method, user terminal, server, system, and storage medium
CN115276978A (en) Data processing method and related device
CN114501431A (en) Message transmission method and device, storage medium and electronic equipment
CN113595714A (en) Contactless card with multiple rotating security keys
CN110601836B (en) Key acquisition method, device, server and medium
CN115550915A (en) Data transmission method, device and storage medium
Nosrati et al. A review of mobile banking security
CN113592484A (en) Account cubing method, system and device
CN115150061A (en) Post-quantum cryptographic algorithm digital currency transaction method, device, equipment and medium
CN114491593B (en) Data protection method of NFC (near field communication) tag
CN117349895B (en) Block chain-based automobile financial digital archive management method and device
CN103155010B (en) For smart card being carried out personalized method for simplifying and the equipment being associated
CN117787985A (en) Resource transfer method, device, system, computer equipment and storage medium
CN116308353A (en) IC card transaction method, system, terminal device and storage medium
CN116188009A (en) National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium
KR20160129811A (en) Method and application for preventing falsification of financial texts with memory hacking
JP2012212405A (en) Application authentication system, application authentication method, and program
KR20160064525A (en) Method and system for preventing falsification of financial texts with memory hacking

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination