CN115865532A - Communication processing method and device for offline service data - Google Patents
Communication processing method and device for offline service data Download PDFInfo
- Publication number
- CN115865532A CN115865532A CN202310165959.XA CN202310165959A CN115865532A CN 115865532 A CN115865532 A CN 115865532A CN 202310165959 A CN202310165959 A CN 202310165959A CN 115865532 A CN115865532 A CN 115865532A
- Authority
- CN
- China
- Prior art keywords
- offline service
- service data
- offline
- local
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The application discloses a communication processing method and device of offline service data, when the network quality is reduced, a third-party application client side obtains an offline service certificate associated with a user equipment identifier from a cloud offline service through a local offline service; when the network is offline, the third-party application client creates offline service data, and the local offline service carries out asymmetric encryption and symmetric encryption on the offline service data according to the offline service certificate; when the network is online, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on the private key. The method and the device can prevent the offline service data generated by the third party application in the network offline state from being illegally tampered, and meet the trusted processing requirement on the offline service data.
Description
Technical Field
The present application relates to the field of data communication technologies, and in particular, to a communication processing method and apparatus for offline service data.
Background
In the production operation fields of construction, mining and the like, more and more enterprise users perform key workload data recording and order data generation such as earth and stone vehicle transportation, building site assistant operation and the like on line through third party applications running on mobile terminals such as mobile phones and the like, and the key workload data recording and the order data generation are used for settling and paying related operation expenses. However, most of these third-party applications are developed for online network application scenarios, and cannot be supported in production operation scenarios such as buildings and mining, which are located in remote areas and have no network signals. Although individual third-party applications support workload record and order data generation under network offline (which may be referred to as offline service data in this application), these third-party applications cannot prevent users from illegally tampering workload record and order data created under network offline, users can tamper data stored offline in a mobile phone by means of breaking the authority of the mobile phone, and the like, and thus it is difficult for enterprise users to meet the trusted processing requirements of workload record and order data under network offline. Therefore, an improved technical solution is needed to solve the above problems.
Disclosure of Invention
In view of this, the application provides a communication processing method and device for offline service data, which can prevent the offline service data generated by a third party application in a network offline state from being illegally tampered, meet the trusted processing requirement for the offline service data, and simultaneously, do not need to modify a source code of the third party application on a large scale, thereby saving the cost for deploying and using the third party application.
In a first aspect, the present application provides a method for processing communication of offline service data, including:
when the network quality is monitored to be reduced, the third-party application client sends a first request for requesting an offline service certificate to a local offline service;
responding to the first request, the local offline service acquires a user equipment identifier, and sends a second request carrying a request offline service certificate of the user equipment identifier to a cloud offline service;
responding to the second request, the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key in the public key and private key pair to the local offline service as an offline service certificate associated with the user equipment identifier;
when the network offline is monitored, the third-party application client creates offline service data and sends a third request for encrypting the offline service data to the local offline service;
responding to the third request, the local offline service carries out asymmetric encryption on the offline service data according to the offline service certificate to obtain a first encrypted copy of the offline service data, and carries out symmetric encryption on the offline service data according to the offline service certificate to obtain a second encrypted copy of the offline service data;
when the network is monitored to be online, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the first uploading request message, the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted offline service data to a third-party application server.
In some embodiments, the method further comprises:
when the network quality is monitored to be reduced, the local offline service sends a fourth request for requesting basic data associated with the offline service data to the third-party application server side;
and responding to the fourth request, the third-party application server side returns basic data associated with the offline service data to the local offline service, and the local offline service performs symmetric encryption on the basic data according to the offline service certificate and caches an encrypted copy of the basic data.
In some embodiments, when it is monitored that the network is offline, the third-party application client creates offline service data, including:
the third party application client sends a fifth request for requesting basic data related to the offline service data to the local offline service;
responding to the fifth request, the local offline service symmetrically decrypts the encrypted copy of the basic data according to the offline service certificate, and sends the decrypted basic data to the third-party application client; and the third-party application client side creates the offline service data based on the basic data.
In some embodiments, the method further comprises:
responding to a modification request of a user for the offline service data, and sending a sixth request for decrypting the offline service data to the local offline service by the third-party application client;
responding to the sixth request, the local offline service symmetrically decrypts the second encrypted copy of the offline service data according to the offline service certificate, obtains the version to be modified of the offline service data, and returns the version to the third-party application client;
the third-party application client receives the modification of the offline service data to be modified by a user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service;
and the local off-line service carries out asymmetric encryption on the modified version of the off-line service data according to the off-line service certificate to obtain another first encrypted copy of the off-line service data, and carries out symmetric encryption on the modified version of the off-line service data according to the off-line service certificate to obtain another second encrypted copy of the off-line service data.
In some embodiments, the method further comprises:
when the network is monitored to be online, the local offline service sends a second uploading request message carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the second uploading request message, the cloud offline service asymmetrically decrypts the first encrypted copies of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair to obtain multiple versions of the offline service data, and sends the multiple versions of the offline service data to a third-party application server.
In some embodiments, the asymmetrically encrypting, by the local offline service, the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and symmetrically encrypting, by the local offline service, the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data includes:
the local offline service acquires the current time from a GPS module of a user mobile terminal, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
and the local offline service respectively carries out asymmetric encryption and symmetric encryption on the offline service data added with the first check code according to the offline service certificate.
In some embodiments, the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to a third-party application server, including:
the cloud offline service acquires the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
and the cloud offline service judges whether the first check code and the second check code are consistent, if not, a response message of check failure is sent to the local offline service, and the decrypted offline service data is stopped from being sent to a third-party application server.
In some embodiments, the method further comprises:
and after receiving the offline service certificate associated with the user equipment identifier from the cloud offline service, the local offline service symmetrically encrypts the offline service certificate based on the user equipment identifier and caches the encrypted offline service certificate.
In some embodiments, the user equipment identity comprises a unique identifier obtained by hashing combination information of a user identifier and hardware feature information of the user mobile terminal.
In a second aspect, the present application further provides a communication processing apparatus for offline service data, including:
the first service request unit is used for sending a first request for requesting an offline service certificate to the local offline service by the third-party application client when the network quality is monitored to be reduced;
a second service request unit, configured to respond to the first request, where the local offline service acquires a user equipment identifier, and sends a second request carrying a request offline service credential of the user equipment identifier to a cloud offline service;
a service certificate generating unit, configured to respond to the second request, where the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair to the local offline service as an offline service certificate associated with the user equipment identifier;
the offline service generating unit is used for creating offline service data by the third-party application client when the network offline is monitored, and sending a third request for encrypting the offline service data to the local offline service;
an offline service encryption unit, configured to respond to the third request, perform asymmetric encryption on the offline service data by the local offline service according to the offline service credential to obtain a first encrypted copy of the offline service data, and perform symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
the local offline service server sends a first encrypted copy carrying the offline service data and a first upload request message carrying the user equipment identifier to the cloud offline service server when the online of the network is monitored;
and the off-line service decryption unit is used for responding to the first uploading request message, and the cloud off-line service asymmetrically decrypts the first encrypted copy of the off-line service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted off-line service data to a third-party application server.
The embodiment of the application can at least achieve the following beneficial effects:
when the network quality is monitored to be reduced, a third-party application client requests an offline service certificate associated with a user equipment identifier from a cloud offline service through a local offline service, the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key of the public key and the private key pair to the local offline service as the offline service certificate associated with the user equipment identifier; when the network offline is monitored, the third-party application client creates offline service data and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service certificate, so as to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the network online is monitored, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to a third-party application server. Therefore, the method and the device can prevent the offline service data generated by the third-party application in the network offline state from being illegally tampered, and meet the trusted processing requirement on the offline service data. Meanwhile, the source code of the third-party application does not need to be transformed in a large scale, and the third-party application only needs to support uniform interface calling of the local offline service and the cloud offline service, so that the trusted processing requirement on the offline service data can be met, and the deployment and use cost of the third-party application is saved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments of the present application will be briefly described below. It is appreciated that the following drawings depict only certain embodiments of the application and are not to be considered limiting of its scope.
Fig. 1 is a schematic system architecture diagram of an offline service processing system to which an embodiment of the present application is applicable;
fig. 2 is a flowchart illustrating a communication processing method of offline service data according to an embodiment of the present application;
fig. 3 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
fig. 4 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
fig. 5 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
fig. 6 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
fig. 7 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
fig. 8 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application;
FIG. 9 is a sequence diagram of communication interactions, according to an alternative embodiment of an embodiment of the present application;
fig. 10 is a schematic structural diagram of a communication processing apparatus for offline service data according to an embodiment of the present application;
fig. 11 is a schematic partial structure diagram of an offline service data communication processing apparatus according to another embodiment of the present application;
fig. 12 is a schematic partial structure diagram of an offline service data communication processing apparatus according to another embodiment of the present application;
fig. 13 is a schematic partial structure diagram of an offline service data communication processing apparatus according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings of the embodiments of the present application. However, it should be understood that the described embodiments are only some exemplary embodiments, but not all embodiments, of the application, and thus the following detailed description of the embodiments of the application is not intended to limit the scope of the application as claimed. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and in the claims of this application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order, or for indicating or implying any relative importance.
As described above, in the production operation fields of building, mining, etc., most third-party applications do not support key workload recording and order data generation under network offline, and although there are individual third-party applications supporting workload recording and order data generation under network offline (referred to as offline business data in this application), these third-party applications cannot prevent a user from tampering with the workload recording and order data created under network offline, and it is difficult to meet the requirement of an enterprise user on the reliability of the offline business data under network offline. Therefore, in order to solve the above problems, the present application provides a communication processing method and apparatus for offline service data, which can prevent the offline service data generated by a third party application in a network offline state from being illegally tampered, meet the trusted processing requirement for the offline service data, and simultaneously, do not need to modify the source code of the third party application on a large scale, thereby saving the cost for deploying and using the third party application.
Fig. 1 is a schematic system architecture diagram of an offline service processing system to which the embodiment of the present application is applied. The system comprises one or more user mobile terminals 110, a third party application server 120 and a cloud server 130, wherein the one or more user mobile terminals 110, the third party application server 120 and the cloud server 130 are all connected to a network 140 and are connected through the network 140. Wherein each of the one or more user mobile terminals 110 includes a third party application client 111 and a local offline business service 112 installed to run on that user mobile terminal 110. The third party application client 111 is used to provide the user of the user mobile terminal 110 with the relevant user interface for the business operations process. The local offline service 112 is a local micro-service or application process running on the user mobile terminal 110, and is used to assist the communication process of providing offline service data together with the cloud offline service 131 deployed in the cloud server 130. In some embodiments, the user mobile terminal 110 includes, but is not limited to, a terminal device such as a smartphone, a tablet, a Personal Digital Assistant (PDA), and the like.
The third-party application server 120 is deployed with a third-party application server 121 corresponding to the third-party application client 111, and is configured to provide backend program processing and service data storage for supporting service operation processing of the third-party application client 111. The cloud server 130 is deployed with a cloud offline service 131, and the cloud offline service 131 may be a cloud micro-service deployed in the cloud server 130, and is used for assisting in providing communication processing of offline service data with the local offline service 112 on the user mobile terminal 110. The third-party application client 111, the local offline service 112, the cloud offline service 131, and the third-party application server 121 may perform data communication interaction through interface calls, for example, communication interaction may be performed through restful api interface protocol, which is an interface communication protocol under a micro-service architecture based on HTTP transport protocol. It should be noted that the functions performed by the local offline business service 112 and the cloud offline business service 131 will be described in detail in the following embodiments.
Fig. 2 is a flowchart illustrating a communication processing method of offline service data according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:
step S201, when it is monitored that the network quality is reduced, the third party application client 111 sends a first request for requesting an offline service credential to the local offline service 112;
step S202, in response to the first request, the local offline service 112 obtains a ue identifier, and sends a second request carrying a request offline service credential of the ue identifier to the cloud offline service 131;
step S203, in response to the second request, the cloud offline service 131 generates a public key and a private key pair associated with the ue identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair as an offline service credential associated with the ue identifier to the local offline service 112;
step S204, when it is monitored that the network is offline, the third party application client 111 creates offline service data, and sends a third request for encrypting the offline service data to the local offline service 112;
step S205, in response to the third request, the local offline service 112 performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
step S206, when it is monitored that the network is online, the local offline service 112 sends a first upload request packet carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service 131;
step S207, in response to the first upload request packet, the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on the public key associated with the user equipment identifier and the private key of the private key pair, and sends the decrypted offline service data to the third-party application server 121.
In this embodiment, when it is monitored that the network quality is degraded, the third party application client 111 sends a first request for requesting an offline service credential to the local offline service 112. In one embodiment, the third-party application client 111 may perform network quality monitoring through various network quality monitoring means, for example, may monitor different network quality indicators such as network signal strength, uplink and downlink rates, data transmission delay, and the like to determine whether the network quality is degraded. In one embodiment, the network quality degradation may include the monitored one or more network quality indicators being continuously below a predetermined threshold for a period of time.
In this embodiment, after receiving the first request sent by the third-party application client 111, the local offline service 112 first obtains the ue identifier of the current user, and then sends a second request carrying the requested offline service credential of the ue identifier to the cloud offline service 131. The user equipment identity is a unique identifier that uniquely identifies the trusted identity of the current user on the current user mobile terminal 110. In one embodiment, the user equipment identity comprises a unique identifier obtained by hashing the combination of the user identifier and the hardware feature information of the user mobile terminal 110. The user identifier may include a user account ID, a phone number, an email, etc. of the user on the third party application client 111. The hardware characteristic information of the user mobile terminal 110 may comprise a combination of one or more of a MAC address, a CPU serial number, an international mobile equipment identity IMEI, a device unique identity UDID, etc. of the user mobile terminal 110.
In this embodiment, in response to the second request, the cloud offline service 131 generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair to the local offline service 112 as an offline service credential associated with the user equipment identifier. In one embodiment, the asymmetric encryption algorithm in this step may comprise an RSA asymmetric encryption algorithm. The cloud offline service 131 sends the public key associated with the ue identifier and the public key of the private key pair generated based on the asymmetric encryption algorithm to the local offline service 112 as the offline service credential associated with the ue identifier, so as to perform local asymmetric encryption and symmetric encryption on the offline service data generated offline by the third-party application client 111, and store the public key associated with the ue identifier and the private key of the private key pair in the cloud, where the private key is used as a key for performing asymmetric decryption on the first encrypted copy of the offline service data uploaded by the local offline service 112 in the subsequent steps.
In an embodiment, after the local offline service 112 receives the offline service credential associated with the ue identifier from the cloud offline service 131, the offline service credential may be symmetrically encrypted based on the ue identifier, and the encrypted offline service credential is cached, so that the offline service credential may be prevented from being illegally obtained locally, and the storage security of the offline service credential is ensured. In one embodiment, the symmetric encryption in this step may include a symmetric encryption algorithm such as AES or DES.
In this embodiment, according to a service data operation request of a user, when it is monitored that a network is offline, the third party application client 111 creates offline service data, where the offline service data may include a service form, such as a workload record and a job order, generated by the user of the third party application client 111 in an offline state; subsequently, a third request for encrypting the offline service data is sent to the local offline service 112, so that in response to the third request, the local offline service 112 may perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service credential previously received from the cloud offline service 131, so as to obtain a first encrypted copy and a second encrypted copy of the offline service data, respectively.
On one hand, the first encrypted copy of the offline service data is obtained by asymmetrically encrypting the offline service data based on the offline service credential as a public key, and can only be asymmetrically decrypted by a private key stored in the cloud offline service 131, and cannot be decrypted locally at the user mobile terminal 110, so that the offline service data can be prevented from being locally tampered, and in the subsequent step, when the network is restored online, the local offline service 112 sends the first encrypted copy of the offline service data to the cloud offline service 131 for asymmetric decryption, so as to send the decrypted offline service data to the third-party application service 121. On the other hand, the second encrypted copy of the offline service data is obtained by symmetrically encrypting the offline service data based on the offline service credential as a key, and can be symmetrically decrypted locally at the user mobile terminal 110 through the offline service credential, so that when the user needs to edit and modify the offline service data based on legal authorization, the second encrypted copy can be used as a subsequent to-be-modified version of the offline service data. In one embodiment, the symmetric encryption in this step may include a symmetric encryption algorithm such as AES or DES.
Subsequently, when it is monitored that the network is online, the local offline service 112 sends a first upload request packet carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service 131, so that in response to the first upload request packet, the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to the third-party application server 121. In this way, the offline service data created by the user through the third-party application client 111 can be sent to the cloud offline service 131 for asymmetric decryption without being tampered, and finally safely returned to the third-party application server 121 for storage.
In summary, in the embodiment of the present application, when it is monitored that the network quality is degraded, a third-party application client requests an offline service credential associated with a user equipment identifier from a cloud offline service via a local offline service, where the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair to the local offline service as the offline service credential associated with the user equipment identifier; when the network offline is monitored, the third-party application client creates offline service data and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service certificate, so as to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the network online is monitored, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to a third-party application server. Therefore, the method and the device can prevent the offline service data generated by the third-party application in the network offline state from being illegally tampered, and meet the trusted processing requirement on the offline service data. Meanwhile, the source code of the third-party application does not need to be transformed in a large scale, and the third-party application only needs to support uniform interface calling of the local offline service and the cloud offline service, so that the trusted processing requirement on the offline service data can be met, and the deployment and use cost of the third-party application is saved.
Fig. 3 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application. As shown in fig. 3, on the basis of the method steps of any of the foregoing embodiments, the method may further include the steps of:
step S301, when it is monitored that the network quality is degraded, the local offline service 112 sends a fourth request for requesting basic data associated with the offline service data to the third-party application server 121;
step S302, in response to the fourth request, the third party application server 121 returns the basic data associated with the offline service data to the local offline service 112, and the local offline service 112 symmetrically encrypts the basic data according to the offline service credential and caches an encrypted copy of the basic data.
In this embodiment, since a part of the offline service data created by the third-party application client 111 belongs to reusable basic data, the basic data is usually pre-stored in the back-end database of the third-party application server 121, and can be commonly used in the creation of different service forms. In order to quickly implement the creation and trusted processing of the offline service data of the third-party application client 111 in the offline state, in the embodiment of the present application, when it is monitored that the network quality is degraded, the local offline service 112 sends a request for requesting the basic data associated with the offline service data to the third-party application server 121, so that the third-party application server 121 returns the basic data associated with the offline service data to the local offline service 112, symmetrically encrypts the basic data based on the offline service credential as a key, and caches an encrypted copy of the basic data in a local cache. In this way, when it is monitored that the network is offline, the third party application client 111 may create offline service data based on the encrypted copy of the basic data cached by the local offline service 112, and on the basis of satisfying the requirement of quickly creating offline service data, further prevent the offline service data generated by the third party application in the network offline state from being tampered, and satisfy the trusted processing requirement for the offline service data.
On this basis, as shown in fig. 4, on the basis of the method steps of any of the foregoing embodiments, in step S204, when it is monitored that the network is offline, the third party application client 111 creates offline service data, which may include the following steps:
step S401, the third party application client 111 sends a fifth request for requesting basic data associated with the offline service data to the local offline service 112;
step S402, in response to the fifth request, the local offline service 112 symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, and sends the decrypted basic data to the third-party application client 111, where the third-party application client 111 creates the offline service data based on the basic data.
In this embodiment, when it is monitored that the network is offline, the third-party application client 111 may request the local offline service 112 for basic data associated with the offline service data, which is cached in advance, and after the local offline service 112 symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, the decrypted basic data is sent to the third-party application client 111, so that the third-party application client 111 creates the offline service data based on the basic data, and on the basis of meeting the requirement of creating the offline service data quickly, the offline service data generated by the third-party application in the network offline state is further prevented from being tampered, and the requirement of trusted processing on the offline service data is met.
Fig. 5 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application. As shown in fig. 5, on the basis of the method steps of any of the foregoing embodiments, the method may further include the steps of:
step S501, in response to a modification request of the offline service data from the user, the third party application client 111 sends a sixth request for decrypting the offline service data to the local offline service 112;
step S502, in response to the sixth request, the local offline service 112 symmetrically decrypts the second encrypted copy of the offline service data according to the offline service credential, obtains a to-be-modified version of the offline service data, and sends the to-be-modified version to the third-party application client 111;
step S503, the third party application client 111 receives a modification of the to-be-modified version of the offline service data by the user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service 112;
in step S504, the local offline service 112 performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
In this embodiment, when a user needs to modify created offline service data through legal authorization, the third party application client 111 may request the local offline service 112 to decrypt a second encrypted copy of the offline service data; after receiving the request, the local offline service 112 symmetrically decrypts the second encrypted copy of the offline service data based on the locally stored offline service credential as a key, so as to obtain a to-be-modified version of the offline service data, and returns the to-be-modified version to the third-party application client 111.
Then, the third party application client 111 receives the modification of the to-be-modified version of the offline service data by the user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service 112. The local offline service 112 performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data. Thus, when a user needs to modify created offline service data through legal authorization, the second encrypted copy of the offline service data, which is symmetrically encrypted based on the local offline service 112, can be modified, and since the second encrypted copy of the offline service data is obtained by symmetrically encrypting the offline service data based on the offline service credential as a key, the offline service credential can be symmetrically decrypted locally at the user mobile terminal 110, so that the application can meet the requirement of the user on editing and modifying the offline service data based on legal authorization on the basis that the first encrypted copy of the offline service data, which cannot be decrypted locally, is used as an uploaded version when the network is recovered online. Meanwhile, each modification version generates another corresponding first encryption copy and another corresponding second encryption copy, and the advantage is that each modification version of the user is irreversibly recorded in the local, thereby further preventing the offline service data generated in the offline state of the network from being illegally tampered, and ensuring the modification requirement of the user under legal authorization.
In an embodiment, the modification of the offline service data by the user may generate a plurality of first encrypted copies and a plurality of second encrypted copies, and the plurality of first encrypted copies and the plurality of second encrypted copies may be respectively ordered according to the sequence of the timestamps.
Fig. 6 is a partial flowchart of a communication processing method for offline service data according to another embodiment of the present application. As shown in fig. 6, the embodiment of the present application may further include, on the basis of the method steps of any of the foregoing embodiments, the following steps:
step S601, when it is monitored that the network is online, the local offline service 112 sends a second upload request packet carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service 131;
step S602, in response to the second upload request packet, the cloud offline service 131 asymmetrically decrypts the multiple first encrypted copies of the offline service data based on the public key associated with the user equipment identifier and the private key of the private key pair, so as to obtain multiple versions of the offline service data, and sends the multiple versions of the offline service data to the third-party application server 121.
In this embodiment, on the basis that a user modifies a to-be-modified version of the offline service data multiple times based on legal authorization to generate multiple first encrypted copies and multiple second encrypted copies of the offline service data, when it is monitored that a network is online, the local offline service 112 sends a second upload request message to the cloud offline service 131, where the second upload request message carries the multiple first encrypted copies of the offline service data and a user equipment identifier, and after receiving the second upload request message, the cloud offline service 131 asymmetrically decrypts the multiple first encrypted copies of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, so as to obtain multiple versions of the offline service data, and sends the multiple versions of the offline service data to the third party application server 121. Therefore, when the network is restored to be online, the multiple first encrypted copies of the offline service data which cannot be decrypted locally are uploaded to the cloud offline service 131 in batch for asymmetric decryption, and are sent to the third-party application server 121 for storage, so that the history of modification of the offline service data by the user in an offline state can be irreversibly recorded to the third-party application server, and the offline service data generated in the network offline state is further prevented from being illegally tampered.
Fig. 7 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application. As shown in fig. 7, based on the method steps of any of the foregoing embodiments, in step S205, the local offline service 112 performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data, which may further include the following steps:
step S701, the local offline service 112 obtains current time from a GPS module of the user mobile terminal 110, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
step S702, the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data to which the first check code is appended according to the offline service credential.
In this embodiment, when the local offline service 112 responds to the request of the third party application client 111 and performs asymmetric encryption and symmetric encryption on the offline service data according to the offline service credential, a first check code may be further appended to the offline service data, where the first check code is generated based on the user equipment identifier and the current time obtained from the GPS module of the user mobile terminal 110, and the current time cannot be tampered with. In an embodiment, the first check code may be generated according to a time-based one-time password algorithm TOTP, where the TOTP algorithm is an algorithm for calculating a one-time password based on a shared key and an encryption hash function of a current time, and in this embodiment, the ue identifier is used as the shared key for calculating the one-time password, and the TOTP operation is performed together with the current time obtained from the GPS module of the user mobile terminal 110, so as to obtain the first check code. The offline service data added with the first check code can perform the check of the generation time of the offline service data according to the first check code, thereby further preventing the offline service data generated in the offline state of the network from being illegally tampered.
Fig. 8 is a partial flowchart of a communication processing method of offline service data according to another embodiment of the present application. As shown in fig. 8, on the basis of the method steps in any of the foregoing embodiments, in step S207, the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to the third-party application server 121, which may further include the following steps:
step S801, the cloud offline service 131 obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
in step S802, the cloud offline service 131 determines whether the first check code and the second check code are consistent, and if not, sends a response message indicating that the check fails to the local offline service 112, and terminates sending the decrypted offline service data to the third-party application server 121.
In this embodiment, when the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data, a first check code is appended to the offline service data, where the first check code is generated based on the ue identifier and the current time obtained from the GPS module of the ue mobile terminal 110. When the network is monitored to be online, the local offline service 112 sends the first encrypted copy carrying the offline service data and the user device identifier to the cloud offline service 131, after asymmetrically decrypting the first encrypted copy carrying the offline service data based on a public key and a private key of a private key pair associated with the user device identifier, the cloud offline service 131 may further generate a second check code based on the user device identifier and a generation time in the offline service data, the second check code being generated based on a one-time cryptographic algorithm TOTP that is the same as the first check code, when the generation time of the offline service data is not much different from a current time obtained from a GPS module of the user mobile terminal 110, the first check code and the second check code calculated based on the TOTP algorithm are the same, when the offline service data generation time is not much different from the current time, the offline service 131 may determine whether the current offline service data is illegally generated based on a consistency check of the first check code and the second check code, and if the offline check fails, the local offline service 112 sends a response message to the cloud offline service 112, and may further prevent the cloud offline service from being tampered with the generated service data.
This is illustratively described below in conjunction with the communications interaction timing diagram of an alternative embodiment shown in fig. 9. It should be noted that the exemplary descriptions of the embodiments should not be construed as limiting the scope or the only embodiments of the present invention. As shown in fig. 9, in step S901, when it is monitored that the network quality is degraded, the third party application client 111 sends a request for requesting an offline service credential to the local offline service 112;
step S902, in response to the request, the local offline service 112 first obtains a user equipment identifier user _ device _ id, where the user equipment identifier user _ device _ id is a unique identifier that uniquely identifies a trust identity of a current user on the current user mobile terminal 110, and can be obtained by performing a hash operation according to combination information of the user identifier and hardware feature information of the user mobile terminal 110;
step S903, then, the local offline service 112 sends a request carrying the user equipment identifier user _ device _ id to the cloud offline service 131 based on the user equipment identifier user _ device _ id, and requests to obtain an offline service credential;
step S904, in response to the request, the cloud offline service 131 generates a public key and a private key pair { pub _ key, private _ key } associated with the user equipment identifier user _ device _ id based on an RSA asymmetric encryption algorithm;
step S905, then, the cloud offline service 131 sends the public key pub _ key in the public key and private key pair to the local offline service 112 as an offline service credential associated with the user equipment identifier user _ device _ id;
step S906, the local offline service 112 sends a request for basic data baseData associated with offline service data to the third-party application server 121;
step S907, in response to the request, the third party application server 121 queries basic data baseData from a back-end database;
step S908, the third party application server 121 returns basic data baseData to the local offline service 112;
step S909, the local offline service 112 performs AES symmetric encryption on the basic data baseData according to the offline service credential pub _ key, and caches an encrypted copy of the basic data baseData;
step S910, when it is monitored that the network is offline, the third party application client 111 sends a request for requesting basic data baseData to the local offline service 112;
step S911, in response to the request, the local offline service 112 performs AES algorithm symmetric decryption on the encrypted copy of the basic data baseData according to the offline service credential pub _ key, and sends the decrypted basic data baseData to the third-party application client 111;
step S912, the third party application client 111 creates an offline service data offleform based on the basic data baseData, where the offline service data offleform may be a service form in an offline state, and then the third party application client 111 sends a request for encrypting the offline service data offleform to the local offline service 112;
step S913, in response to the request, the local offline service 112 obtains the current time gpsTime from the GPS module of the user mobile terminal 110, and generates a first check code based on the user equipment identifier user _ device _ id and the current time gpsTime, specifically, may generate the check code by using a time-based one-time password algorithm TOTP, and attaches the first check code to the offline service data offflinform;
step S914, the local offline service 112 performs asymmetric encryption of RSA algorithm on the offline service data offleform appended with the first check code according to the offline service credential pub _ key to obtain a first encrypted copy of the offline service data offleform, and performs symmetric encryption of AES algorithm on the offline service data offleform appended with the first check code according to the offline service credential pub _ key to correspondingly obtain a second encrypted copy of the offline service data offleform;
step S915, when it is monitored that the network is online, the local offline service 112 sends an upload request packet carrying a first encrypted copy of the offline service data offleform and the user equipment identifier user _ device _ id to the cloud offline service 131;
step S916, in response to the upload request packet, the cloud offline service 131 performs RSA algorithm asymmetric decryption on the first encrypted copy of the offline service data offfleform based on a private key _ key of the public key and private key pair { pub _ key, private _ key } associated with the user equipment identifier user _ device _ id, acquires the first check code from the decrypted offline service data offfleform, generates a second check code based on the user equipment identifier user _ device _ id and the generation time in the offline service data, and determines whether the first check code and the second check code are consistent to perform time check;
in step S917, after the verification is successful, the cloud offline service 131 sends the decrypted offline service data offlineForm to the third-party application server 121.
Fig. 10 is a schematic structural diagram of a communication processing apparatus for offline service data according to an embodiment of the present application. As shown in fig. 10, the communication processing apparatus for offline service data according to the embodiment of the present application may include the following units:
a first service request unit 1001, configured to send, when it is monitored that the network quality is reduced, a first request for requesting an offline service credential to the local offline service 112 by the third-party application client 111;
a second service request unit 1002, configured to, in response to the first request, obtain a ue identifier by the local offline service 112, and send a second request carrying a request offline service credential of the ue identifier to the cloud offline service 131;
a service credential generating unit 1003, configured to, in response to the second request, generate, by the cloud offline service 131, a public key and a private key pair associated with the ue identity based on an asymmetric encryption algorithm, and send a public key of the public key and the private key pair to the local offline service 112 as an offline service credential associated with the ue identity;
an offline service generating unit 1004, configured to, when it is monitored that the network is offline, create offline service data by the third party application client 111, and send a third request for encrypting the offline service data to the local offline service 112;
an offline service encryption unit 1005, configured to, in response to the third request, perform asymmetric encryption on the offline service data by the local offline service 112 according to the offline service credential to obtain a first encrypted copy of the offline service data, and perform symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
an offline service uploading unit 1006, configured to send, when it is monitored that a network is online, a first upload request packet carrying a first encrypted copy of the offline service data and the ue identifier to the cloud offline service 131 by the local offline service 112;
an offline service decryption unit 1007, configured to, in response to the first upload request packet, perform asymmetric decryption on the first encrypted copy of the offline service data by the cloud offline service 131 based on a public key and a private key of a private key pair associated with the user equipment identifier, and send the decrypted offline service data to the third-party application server 121.
In some embodiments, as shown in fig. 11, on the basis of any of the foregoing embodiments, the apparatus may further include:
a basic data requesting unit 1101, configured to send, by the local offline service 112, a fourth request for requesting basic data associated with the offline service data to the third-party application server 121 when it is monitored that the network quality is degraded;
a basic data caching unit 1102, configured to, in response to the fourth request, return basic data associated with the offline service data to the local offline service 112 by the third-party application server 121, where the local offline service 112 symmetrically encrypts the basic data according to the offline service credential, and caches an encrypted copy of the basic data.
In some embodiments, on the basis of any of the foregoing embodiments, the offline service generating unit 1004 is further configured to:
the third party application client 111 sends a fifth request for requesting basic data associated with the offline service data to the local offline service 112;
in response to the fifth request, the local offline service 112 symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, and sends the decrypted basic data to the third-party application client 111, where the third-party application client 111 creates the offline service data based on the basic data.
In some embodiments, as shown in fig. 12, on the basis of any of the foregoing embodiments, the apparatus may further include:
a data modification request unit 1201, configured to, in response to a modification request for the offline service data by a user, send, by the third party application client 111, a sixth request for decrypting the offline service data to the local offline service 112;
a to-be-modified version obtaining unit 1202, configured to, in response to the sixth request, perform symmetric decryption on the second encrypted copy of the offline service data by the local offline service 112 according to the offline service credential, obtain a to-be-modified version of the offline service data, and send the to-be-modified version of the offline service data to the third-party application client 111;
a modified version generating unit 1203, configured to receive a modification, by the third party application client 111, to the to-be-modified version of the offline service data, generate a modified version of the offline service data, and send the modified version of the offline service data to the local offline service 112;
a modified version encrypting unit 1204, configured to perform asymmetric encryption on the modified version of the offline service data by the local offline service 112 according to the offline service credential to obtain another first encrypted copy of the offline service data, and perform symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
In some embodiments, as shown in fig. 13, on the basis of any of the foregoing embodiments, the apparatus may further include:
a second offline service uploading unit 1301, configured to, when it is monitored that a network is online, send, by the local offline service 112, a second upload request packet carrying multiple first encrypted copies of the offline service data and the ue identifier to the cloud offline service 131;
a second offline service decryption unit 1302, configured to, in response to the second upload request packet, perform asymmetric decryption on the multiple first encrypted copies of the offline service data by the cloud offline service 131 based on a public key and a private key of a private key pair associated with the user equipment identifier, to obtain multiple versions of the offline service data, and send the multiple versions of the offline service data to the third-party application server 121.
In some embodiments, on the basis of any one of the foregoing embodiments, the offline service encryption unit 1005 is further configured to:
the local offline service 112 acquires the current time from the GPS module of the user mobile terminal 110, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data to which the first check code is appended according to the offline service credential.
In some embodiments, on the basis of any one of the foregoing embodiments, the offline service decryption unit 1007 is further configured to:
the cloud offline service 131 obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
the cloud offline service 131 determines whether the first check code and the second check code are consistent, and if not, sends a response message indicating that the check is failed to the local offline service 112, and terminates sending the decrypted offline service data to the third-party application server 121.
To sum up, according to the communication processing method and apparatus for offline service data provided in the embodiment of the present application, when it is monitored that the network quality is degraded, a third party application client requests an offline service credential associated with a user equipment identifier from a cloud offline service via a local offline service, where the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair to the local offline service as the offline service credential associated with the user equipment identifier; when the network offline is monitored, the third-party application client creates offline service data and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service certificate, so as to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the network online is monitored, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to a third-party application server. Therefore, the embodiment of the application can prevent the offline service data generated by the third party application in the network offline state from being illegally tampered, and meets the trusted processing requirement on the offline service data. Meanwhile, the source code of the third-party application does not need to be transformed in a large scale, and the third-party application only needs to support uniform interface calling of the local offline service and the cloud offline service, so that the trusted processing requirement on the offline service data can be met, and the deployment and use cost of the third-party application is saved.
It should be noted that, those skilled in the art can understand that different embodiments described in the method embodiment of the present application, and descriptions thereof, and technical effects achieved are also applicable to the apparatus embodiment of the present application, and are not described herein again.
Further, an embodiment of the present application also provides an electronic device, where the electronic device may include: a processor and a memory. Wherein the memory stores computer program instructions, and the processor can call the computer program instructions in the memory to execute all or part of the steps of the method according to any embodiment of the present application. The computer program instructions in the memory described above may be implemented in the form of software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product.
Further, the present application also provides a computer program product comprising a non-transitory computer readable storage medium storing a computer program, which when connected to a computer device is capable of performing all or part of the steps of the method according to any of the embodiments of the present application when the computer program is executed by one or more processors of the computer device.
Further, the present application also provides a non-transitory computer readable storage medium having stored thereon a computer program, which can be executed by one or more processors to perform all or part of the steps of the method described in any of the embodiments of the present application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the embodiments of the present application can be implemented by software or by software in combination with a necessary general hardware platform, and of course, can also be implemented by hardware functions. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device, such as but not limited to a personal computer, a server, or a network device, to execute all or part of the steps of the method according to any embodiment of the present application. The aforementioned storage medium may include: various media capable of storing computer program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The foregoing describes exemplary embodiments of the present application and it should be understood that the above exemplary embodiments are not limiting, but rather illustrative and that the scope of the present application is not limited thereto. It is to be understood that modifications and variations may be made in the embodiments of the present application by those skilled in the art without departing from the spirit and scope of the present application, and that such modifications and variations are intended to be within the scope of the present application.
Claims (10)
1. A communication processing method for off-line service data is characterized by comprising the following steps:
when the network quality is monitored to be reduced, the third-party application client sends a first request for requesting an offline service certificate to a local offline service;
responding to the first request, the local offline service acquires a user equipment identifier, and sends a second request carrying a request offline service certificate of the user equipment identifier to a cloud offline service;
responding to the second request, the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key in the public key and private key pair to the local offline service as an offline service certificate associated with the user equipment identifier;
when the network offline is monitored, the third-party application client creates offline service data and sends a third request for encrypting the offline service data to the local offline service;
responding to the third request, the local offline service asymmetrically encrypts the offline service data according to the offline service certificate to obtain a first encrypted copy of the offline service data, and symmetrically encrypts the offline service data according to the offline service certificate to obtain a second encrypted copy of the offline service data;
when the network is monitored to be online, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the first uploading request message, the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted offline service data to a third-party application server.
2. The method for processing communication of offline service data according to claim 1, wherein said method further comprises:
when the network quality is monitored to be reduced, the local offline service sends a fourth request for requesting basic data associated with the offline service data to the third-party application server side;
and responding to the fourth request, the third-party application server side returns basic data associated with the offline service data to the local offline service, and the local offline service performs symmetric encryption on the basic data according to the offline service certificate and caches an encrypted copy of the basic data.
3. The method for processing communication of offline service data according to claim 2, wherein when it is monitored that a network is offline, the third party application client creates offline service data, and the method includes:
the third party application client sends a fifth request for requesting basic data associated with the offline service data to the local offline service;
responding to the fifth request, the local offline service symmetrically decrypts the encrypted copy of the basic data according to the offline service certificate, and sends the decrypted basic data to the third-party application client; and the third-party application client side creates the offline service data based on the basic data.
4. The method for processing communication of offline service data according to claim 3, wherein said method further comprises:
responding to a modification request of a user for the offline service data, and sending a sixth request for decrypting the offline service data to the local offline service by the third-party application client;
responding to the sixth request, the local offline service symmetrically decrypts the second encrypted copy of the offline service data according to the offline service certificate, obtains the version to be modified of the offline service data, and sends the version to the third-party application client;
the third-party application client receives the modification of the offline service data to be modified by a user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service;
and the local off-line service carries out asymmetric encryption on the modified version of the off-line service data according to the off-line service certificate to obtain another first encrypted copy of the off-line service data, and carries out symmetric encryption on the modified version of the off-line service data according to the off-line service certificate to obtain another second encrypted copy of the off-line service data.
5. The method for processing communication of offline service data according to claim 4, wherein said method further comprises:
when the network is monitored to be online, the local offline service sends a second uploading request message carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the second uploading request message, the cloud offline service asymmetrically decrypts the first encrypted copies of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair to obtain multiple versions of the offline service data, and sends the multiple versions of the offline service data to a third-party application server.
6. The method for processing communication of offline service data according to claim 3, wherein the performing, by the local offline service, asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performing symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data, comprises:
the local offline service acquires the current time from a GPS module of a user mobile terminal, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
and the local offline service respectively carries out asymmetric encryption and symmetric encryption on the offline service data added with the first check code according to the offline service certificate.
7. The method for processing communication of offline service data according to claim 6, wherein the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key of a private key pair, and sends the decrypted offline service data to a third-party application server, including:
the cloud offline service acquires the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
and the cloud offline service judges whether the first check code and the second check code are consistent, if not, a response message of failed check is sent to the local offline service, and the decrypted offline service data is sent to a third-party application server terminal.
8. The method for processing communication of offline service data according to claim 7, wherein said method further comprises:
and after receiving an offline service certificate associated with the user equipment identifier from the cloud offline service, the local offline service symmetrically encrypts the offline service certificate based on the user equipment identifier and caches the encrypted offline service certificate.
9. The method of claim 8, wherein the ue identity comprises a unique identifier obtained by hashing combination information of a ue identifier and hardware feature information of the ue.
10. An apparatus for processing communication of offline service data, comprising:
the first service request unit is used for sending a first request for requesting an offline service certificate to the local offline service by the third-party application client when the network quality is monitored to be reduced;
a second service request unit, configured to respond to the first request, where the local offline service obtains a user equipment identifier, and sends a second request carrying a request offline service credential of the user equipment identifier to a cloud offline service;
a service certificate generating unit, configured to respond to the second request, where the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends a public key of the public key and the private key pair to the local offline service as an offline service certificate associated with the user equipment identifier;
the offline service generating unit is used for creating offline service data by the third-party application client when the network offline is monitored, and sending a third request for encrypting the offline service data to the local offline service;
an offline service encryption unit, configured to respond to the third request, where the local offline service performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
the system comprises an offline service uploading unit and a cloud offline service uploading unit, wherein the offline service uploading unit is used for sending a first uploading request message carrying a first encrypted copy of the offline service data and a user equipment identifier to the local offline service when the fact that a network is on line is monitored;
and the off-line service decryption unit is used for responding to the first uploading request message, and the cloud off-line service asymmetrically decrypts the first encrypted copy of the off-line service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted off-line service data to a third-party application server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165959.XA CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165959.XA CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115865532A true CN115865532A (en) | 2023-03-28 |
| CN115865532B CN115865532B (en) | 2023-04-21 |
Family
ID=85658914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310165959.XA Active CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115865532B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190074968A1 (en) * | 2017-09-06 | 2019-03-07 | Alibaba Group Holding Limited | Method, apparatus and system for data encryption and decryption |
| CN110995775A (en) * | 2019-10-11 | 2020-04-10 | 浙江口碑网络技术有限公司 | Service data processing method, device and system |
| CN111865582A (en) * | 2020-07-20 | 2020-10-30 | 普华云创科技(北京)有限公司 | Private key offline storage method, system and storage medium based on zero knowledge proof |
| WO2021022701A1 (en) * | 2019-08-08 | 2021-02-11 | 平安科技(深圳)有限公司 | Information transmission method and apparatus, client terminal, server, and storage medium |
| CN112508576A (en) * | 2021-02-04 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Key management method, system and storage medium based on block chain |
| CN112685780A (en) * | 2020-12-31 | 2021-04-20 | 杭州链化洞察科技有限公司 | Data encryption and decryption method based on block chain |
-
2023
- 2023-02-27 CN CN202310165959.XA patent/CN115865532B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190074968A1 (en) * | 2017-09-06 | 2019-03-07 | Alibaba Group Holding Limited | Method, apparatus and system for data encryption and decryption |
| WO2021022701A1 (en) * | 2019-08-08 | 2021-02-11 | 平安科技(深圳)有限公司 | Information transmission method and apparatus, client terminal, server, and storage medium |
| CN110995775A (en) * | 2019-10-11 | 2020-04-10 | 浙江口碑网络技术有限公司 | Service data processing method, device and system |
| CN111865582A (en) * | 2020-07-20 | 2020-10-30 | 普华云创科技(北京)有限公司 | Private key offline storage method, system and storage medium based on zero knowledge proof |
| CN112685780A (en) * | 2020-12-31 | 2021-04-20 | 杭州链化洞察科技有限公司 | Data encryption and decryption method based on block chain |
| CN112508576A (en) * | 2021-02-04 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Key management method, system and storage medium based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115865532B (en) | 2023-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| CN109194651B (en) | Identity authentication method, device, equipment and storage medium | |
| CN110311787B (en) | Authorization management method, system, device and computer readable storage medium | |
| CN112182514A (en) | Method, apparatus, device and computer readable medium for authorization verification | |
| CN107872532B (en) | Method and system for storing and downloading third-party cloud storage platform | |
| JP2019514314A (en) | Method, system and medium for using dynamic public key infrastructure to send and receive encrypted messages | |
| CN108289074B (en) | User account login method and device | |
| CN113553572A (en) | Resource information acquisition method and device, computer equipment and storage medium | |
| JP2005167412A (en) | Communication system, communication terminal and server apparatus used in communication system, and connection authentication method used for communication system | |
| CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
| CA3086236A1 (en) | Encrypted storage of data | |
| CN113382002A (en) | Data request method, request response method, data communication system, and storage medium | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN114189337A (en) | Firmware burning method, device, equipment and storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN111382451A (en) | Security level identification method and device, electronic equipment and storage medium | |
| CN110825815A (en) | Cloud note system information processing method, equipment and medium based on block chain | |
| CN115865532B (en) | Communication processing method and device for offline service data | |
| CN110602075A (en) | File stream processing method, device and system for encryption access control | |
| CN115567200A (en) | http interface anti-brush method, system and related device | |
| US11818264B2 (en) | Zero-knowledge key escrow | |
| CN110063089B (en) | Computing system, method and storage medium for transmitting content | |
| CN115242471A (en) | Information transmission method and device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |