CN115865532B - Communication processing method and device for offline service data - Google Patents
Communication processing method and device for offline service data Download PDFInfo
- Publication number
- CN115865532B CN115865532B CN202310165959.XA CN202310165959A CN115865532B CN 115865532 B CN115865532 B CN 115865532B CN 202310165959 A CN202310165959 A CN 202310165959A CN 115865532 B CN115865532 B CN 115865532B
- Authority
- CN
- China
- Prior art keywords
- offline service
- service data
- offline
- local
- party application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The application discloses a communication processing method and device of offline service data, wherein when the network quality is reduced, a third party application client obtains an offline service credential associated with a user equipment identifier from cloud offline service via local offline service; when the network is offline, the third party application client creates offline service data, and the local offline service performs asymmetric encryption and symmetric encryption on the offline service data according to the offline service credentials; when the network is online, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and a user equipment identifier to the cloud offline service, and the cloud offline service performs asymmetric decryption on the first encrypted copy of the offline service data based on a private key. The method and the device can prevent the offline service data generated by the third party application in the network offline state from being illegally tampered, and meet the trusted processing requirement of the offline service data.
Description
Technical Field
The present invention relates to the field of data communication technologies, and in particular, to a method and an apparatus for processing communication of offline service data.
Background
In the production operation fields of construction, mining and the like, more and more enterprise users perform on-line key workload data records and order data generation of soil and stone vehicle transportation, construction site helper operation and the like through third party applications running on mobile terminals such as mobile phones and the like, and are used for settlement and payment of related operation fees. However, most of these third party applications are developed for online network application scenarios, and cannot be supported for use in production operation scenarios such as construction, mining, etc. where no network signal is located in a remote area. Although individual third party applications also support the offline work load record and order data generation (which may be referred to as offline service data in this application), the offline work load record and order data generation of these third party applications cannot prevent users from illegally falsifying the offline work load record and order data created by the offline network, and users can falsify the offline stored data in the mobile phone by breaking the mobile phone authority and other means, so that it is difficult to meet the trusted processing requirements of enterprise users for the offline work load record and order data. Accordingly, there is a need for an improved solution to the above-mentioned problems.
Disclosure of Invention
In view of this, the application provides a method and a device for processing offline service data, which can prevent the offline service data generated by a third party application in a network offline state from being illegally tampered, meet the trusted processing requirement on the offline service data, and simultaneously save the cost of deployment and use of the third party application without carrying out large-scale reconstruction on the source code of the third party application.
In a first aspect, the present application proposes a method for processing communication of offline service data, including:
when the network quality is monitored to be reduced, the third party application client sends a first request for requesting offline service credentials to a local offline service;
responding to the first request, the local offline service obtains a user equipment identifier, and sends a second request which carries the user equipment identifier and requests offline service credentials to cloud offline service;
responding to the second request, the cloud offline service generates a public key and private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and private key pair to the local offline service as an offline service credential associated with the user equipment identifier;
When the offline of the network is monitored, the third party application client creates offline service data and sends a third request for encrypting the offline service data to the local offline service;
responding to the third request, the local offline service performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
when the online of the network is monitored, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the first uploading request message, asymmetrically decrypting the first encrypted copy of the offline service data by the cloud offline service based on a public key associated with the user equipment identifier and a private key in a private key pair, and sending the decrypted offline service data to a third party application server.
In some embodiments, the method further comprises:
When the network quality is monitored to be reduced, the local offline business service sends a fourth request for requesting the offline business data-associated basic data to the third party application server;
and responding to the fourth request, the third party application server returns basic data associated with the offline service data to the local offline service, and the local offline service performs symmetric encryption on the basic data according to the offline service credentials and caches encrypted copies of the basic data.
In some embodiments, when the network is monitored to be offline, the third party application client creates offline service data, including:
the third party application client sends a fifth request for requesting the basic data associated with the offline service data to the local offline service;
responding to the fifth request, the local offline service symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, and sends the decrypted basic data to the third party application client; the third party application client creates the offline business data based on the base data.
In some embodiments, the method further comprises:
responding to a modification request of a user for the offline service data, and sending a sixth request for decrypting the offline service data to the local offline service by the third party application client;
responding to the sixth request, the local offline service symmetrically decrypts the second encrypted copy of the offline service data according to the offline service credential, obtains a version to be modified of the offline service data, and returns to the third party application client;
the third party application client receives the modification of the to-be-modified version of the offline service data by a user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service;
the local offline service performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
In some embodiments, the method further comprises:
when the online of the network is monitored, the local offline service sends a second uploading request message carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the second uploading request message, the cloud offline service performs asymmetric decryption on the plurality of first encrypted copies of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair to obtain a plurality of versions of the offline service data, and sends the plurality of versions of the offline service data to a third party application server.
In some embodiments, the performing, by the local offline service, asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performing, by the local offline service, symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data, including:
the local offline service obtains the current time from a GPS module of a user mobile terminal, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
And the local offline service performs asymmetric encryption and symmetric encryption on the offline service data added with the first check code according to the offline service certificate.
In some embodiments, the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted offline service data to a third party application server, including:
the cloud offline service obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
and the cloud offline service judges whether the first check code is consistent with the second check code, if not, the cloud offline service sends a response message of failure in check to the local offline service, and the decrypted offline service data is stopped from being sent to a third party application server.
In some embodiments, the method further comprises:
after the local offline service receives the offline service credential associated with the user equipment identifier from the cloud offline service, the local offline service receives the offline service credential based on the user equipment identifier, and caches the encrypted offline service credential.
In some embodiments, the user equipment identifier includes a unique identifier obtained by hashing a combination of a user identifier and hardware feature information of the user mobile terminal.
In a second aspect, the present application further proposes a communication processing device for offline service data, including:
the first service request unit is used for sending a first request for requesting offline service credentials to the local offline service by the third party application client when the network quality is monitored to be reduced;
the second service request unit is used for responding to the first request, the local offline service obtains a user equipment identifier, and sends a second request which carries the user equipment identifier and requests offline service credentials to cloud offline service;
the service credential generation unit is used for responding to the second request, generating a public key and a private key pair which are associated with the user equipment identifier by the cloud offline service based on an asymmetric encryption algorithm, and sending the public key in the public key and the private key pair to the local offline service based on the public key and the private key pair as an offline service credential which is associated with the user equipment identifier;
the off-line service generating unit is used for creating off-line service data by the third party application client when the off-line of the network is monitored, and sending a third request for encrypting the off-line service data to the local off-line service;
The offline service encryption unit is used for responding to the third request, the local offline service performs asymmetric encryption on the offline service data according to the offline service credentials to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credentials to obtain a second encrypted copy of the offline service data;
the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service when the online network is monitored;
and the offline service decryption unit is used for responding to the first uploading request message, the cloud offline service performs asymmetric decryption on the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and the decrypted offline service data is sent to a third party application server.
The embodiment of the application can at least achieve the following beneficial effects:
when the network quality is monitored to be reduced, a third party application client requests an offline service credential associated with a user equipment identifier from a cloud offline service through a local offline service, the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and the private key pair to the local offline service; when the offline of the network is monitored, the third party application client creates offline service data, and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service credentials to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the online network is monitored, the local offline service sends a first encrypted copy carrying the offline service data and a first uploading request message of the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key and a private key in a private key pair associated with the user equipment identifier and sends the decrypted offline service data to a third party application server. Therefore, the method and the device can prevent the offline service data generated by the third party application in the offline state of the network from being illegally tampered, and meet the trusted processing requirement of the offline service data. Meanwhile, the method and the device do not need to carry out large-scale transformation on the source code of the third party application, and the third party application can meet the trusted processing requirement on offline service data only by supporting unified interface call of local offline service and cloud offline service, so that the deployment and use cost of the third party application is saved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following description will briefly explain the drawings that are required to be used in the embodiments of the present application. It is appreciated that the following drawings depict only certain embodiments of the application and are not to be considered limiting of its scope.
FIG. 1 is a schematic diagram of a system architecture of an offline business processing system applicable to an embodiment of the present application;
FIG. 2 is a flow chart of a method for processing offline service data according to an embodiment of the present application;
FIG. 3 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 4 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 5 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 6 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 7 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 8 is a partial flow diagram of a method of communication processing of offline service data according to another embodiment of the present application;
FIG. 9 is a communication interaction timing diagram according to an alternative embodiment of the present application;
fig. 10 is a schematic structural diagram of a communication processing apparatus for offline service data according to an embodiment of the present application;
fig. 11 is a schematic view of a part of a structure of a communication processing apparatus for offline service data according to another embodiment of the present application;
fig. 12 is a schematic view of a part of a structure of a communication processing apparatus for offline service data according to another embodiment of the present application;
fig. 13 is a schematic partial structure of a communication processing apparatus for offline service data according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present application. However, it should be understood that the described embodiments are only some, but not all, of the exemplary embodiments of the present application and, therefore, the following detailed description of the embodiments of the present application is not intended to limit the scope of the claims of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and in the claims of this application are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order, and are not to be construed as indicating or implying relative importance.
As described above, in the production job field of construction, mining, etc., most third party applications do not support the key workload records and order data generation under off-line of the network, and although there are individual third party applications that support the workload records and order data generation under off-line of the network (referred to as off-line business data in this application), the workload records and order data generation under off-line of the network by these third party applications cannot prevent the user from tampering with the workload records and order data created under off-line of the network, and it is difficult to satisfy the credibility requirement of the enterprise user on the off-line business data under off-line of the network. Therefore, in order to solve the above problems, the application provides a method and a device for processing offline service data, which can prevent the offline service data generated by a third party application in a network offline state from being illegally tampered, meet the trusted processing requirement on the offline service data, and simultaneously save the cost of deployment and use of the third party application without carrying out large-scale reconstruction on the source code of the third party application.
Fig. 1 is a schematic system architecture of an offline service processing system applicable to an embodiment of the present application. The system comprises one or more user mobile terminals 110, a third party application server 120 and a cloud server 130, wherein the one or more user mobile terminals 110, the third party application server 120 and the cloud server 130 are all connected to a network 140 and are connected through the network 140. Wherein each of the one or more user mobile terminals 110 includes a third party application client 111 and a local offline business service 112 installed to run on the user mobile terminal 110. The third party application client 111 is used to provide a user of the user mobile terminal 110 with a relevant user interface for business operations processing. The local offline service 112 is a local micro service or application process running on the user mobile terminal 110, and is used to assist in providing communication processing of offline service data together with the cloud offline service 131 deployed on the cloud server 130. In some embodiments, user mobile terminal 110 includes, but is not limited to, a terminal device such as a smart phone, tablet, personal digital assistant, PDA, or the like.
The third party application server 120 is deployed with a third party application server 121 corresponding to the third party application client 111, for providing back-end program processing and service data storage supporting service operation processing of the third party application client 111. The cloud server 130 is deployed with a cloud offline service 131, and the cloud offline service 131 may be a cloud micro-service deploying the cloud server 130 and configured to assist in providing communication processing of offline service data with the local offline service 112 on the user mobile terminal 110. The third party application client 111, the local offline service 112, the cloud offline service 131 and the third party application server 121 can perform data communication interaction through interface call, for example, can perform communication interaction through a RestfulAPI interface protocol, which is an interface communication protocol under a micro-service architecture based on an HTTP transmission protocol. It should be noted that the functions performed by the local offline service 112 and the cloud offline service 131 will be described in detail in the following embodiments.
Fig. 2 is a flow chart of a method for processing offline service data according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:
step S201, when it is monitored that the network quality is reduced, the third party application client 111 sends a first request for requesting offline service credentials to the local offline service 112;
step S202, in response to the first request, the local offline service 112 obtains a user equipment identifier, and sends a second request carrying the user equipment identifier and requesting an offline service credential to the cloud offline service 131;
step S203, in response to the second request, the cloud offline service 131 generates a public key and private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and private key pair to the local offline service 112 as an offline service credential associated with the user equipment identifier;
step S204, when it is monitored that the network is offline, the third party application client 111 creates offline service data, and sends a third request for encrypting the offline service data to the local offline service 112;
Step S205, in response to the third request, the local offline service 112 performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
step S206, when it is monitored that the network is online, the local offline service 112 sends a first upload request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service 131;
in step S207, in response to the first upload request message, the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on the public key associated with the user equipment identifier and the private key in the private key pair, and sends the decrypted offline service data to the third party application server 121.
In this embodiment, when it is detected that the network quality is degraded, the third party application client 111 sends a first request for offline service credentials to the local offline service 112. In one embodiment, the third party application client 111 may monitor network quality through various network quality monitoring means, for example, may monitor different network quality indexes such as network signal strength, uplink and downlink rates, data transmission delay, etc. to determine whether the network quality is degraded. In one embodiment, the network quality degradation may include one or more network quality indicators being monitored to continuously fall below a predetermined threshold for a period of time.
In this embodiment, after receiving the first request sent by the third party application client 111, the local offline service 112 first obtains the user equipment identifier of the current user, and then sends a second request carrying the user equipment identifier and requesting the offline service credential to the cloud offline service 131. The user equipment identity is a unique identifier that uniquely identifies the trusted identity of the current user on the current user mobile terminal 110. In one embodiment, the user equipment identification includes a unique identifier obtained by hashing the combination information of the user identifier and the hardware feature information of the user mobile terminal 110. The user identifier may include a user account ID, a cell phone number, an email box, etc. of the user on the third party application client 111. The hardware characteristic information of the user mobile terminal 110 may include a combination of one or more of a MAC address, a CPU serial number, an international mobile equipment identity IMEI, a device unique identity UDID, etc. of the user mobile terminal 110.
In this embodiment, in response to the second request, the cloud offline service 131 generates a public key and private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and private key pair to the local offline service 112 as an offline service credential associated with the user equipment identifier. In one embodiment, the asymmetric encryption algorithm in this step may comprise an RSA asymmetric encryption algorithm. The cloud offline service 131 sends the public key of the public key and private key pair associated with the user equipment identifier generated based on the asymmetric encryption algorithm as an offline service credential associated with the user equipment identifier to the local offline service 112 for performing local asymmetric encryption and symmetric encryption on the offline service data generated offline by the third party application client 111, and stores the private key of the public key and private key pair associated with the user equipment identifier in the cloud, where the private key is used as a key for performing asymmetric decryption on the first encrypted copy of the offline service data uploaded by the local offline service 112 in a subsequent step.
In one embodiment, after the local offline service 112 receives the offline service credential associated with the ue identifier from the cloud offline service 131, the offline service credential may be symmetrically encrypted based on the ue identifier, and the encrypted offline service credential may be cached, so that the offline service credential may be prevented from being obtained by local illegitimate access, and storage security of the offline service credential is ensured. In one embodiment, the symmetric encryption in this step may include symmetric encryption algorithms such as AES or DES.
In this embodiment, according to a service data operation request of a user, when it is monitored that the network is offline, the third party application client 111 creates offline service data, where the offline service data may include a service form, such as a workload record and a job order, generated by the user of the third party application client 111 in an offline state; and then, sending a third request for encrypting the offline service data to the local offline service 112, so that in response to the third request, the local offline service 112 may perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service credential received from the cloud offline service 131, to obtain a first encrypted copy and a second encrypted copy of the offline service data, respectively.
In one aspect, the first encrypted copy of the offline service data is obtained by asymmetrically encrypting the offline service data based on the offline service credential as a public key, and only the offline service credential can be asymmetrically decrypted by a private key stored in the cloud offline service 131, and the offline service credential cannot be decrypted locally in the user mobile terminal 110, so that the offline service data can be prevented from being tampered locally, and in a subsequent step, when the network is restored to be online, the local offline service 112 sends the first encrypted copy of the offline service data to the cloud offline service 131 for asymmetrically decrypting, so as to send the decrypted offline service data to the third party application server 121. On the other hand, the second encrypted copy of the offline service data is obtained by symmetrically encrypting the offline service data based on the offline service credential as a key, and can be symmetrically decrypted by the offline service credential at the local site of the user mobile terminal 110, so that when the user needs to edit and modify the offline service data based on legal authorization, the second encrypted copy can be used as a subsequent version to be modified of the offline service data. In one embodiment, the symmetric encryption in this step may include symmetric encryption algorithms such as AES or DES.
Then, when it is monitored that the network is online, the local offline service 112 sends a first upload request packet carrying the first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service 131, so that, in response to the first upload request packet, the cloud offline service 131 performs asymmetric decryption on the first encrypted copy of the offline service data based on a public key and a private key in a private key pair associated with the user equipment identifier, and sends the decrypted offline service data to the third party application server 121. In this way, the offline service data created by the user through the third party application client 111 may be sent to the cloud offline service 131 for asymmetric decryption without being tampered, and finally safely returned to the third party application server 121 for storage.
In summary, when the network quality is monitored to be reduced, the third party application client requests the offline service credentials associated with the user equipment identifier from the cloud offline service via the local offline service, the cloud offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and the private key pair to the local offline service as the offline service credentials associated with the user equipment identifier; when the offline of the network is monitored, the third party application client creates offline service data, and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service credentials to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the online network is monitored, the local offline service sends a first encrypted copy carrying the offline service data and a first uploading request message of the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key and a private key in a private key pair associated with the user equipment identifier and sends the decrypted offline service data to a third party application server. Therefore, the embodiment of the application can prevent the offline service data generated by the third party application in the offline state of the network from being illegally tampered, and meets the trusted processing requirement of the offline service data. Meanwhile, the embodiment of the application does not need to carry out large-scale transformation on the source code of the third party application, and the third party application can meet the trusted processing requirement on the offline service data only by supporting unified interface call of the local offline service and the cloud offline service, so that the deployment and use cost of the third party application is saved.
Fig. 3 is a partial flow diagram of a method for processing offline service data according to another embodiment of the present application. As shown in fig. 3, on the basis of the method steps of any of the foregoing embodiments, the method may further include the steps of:
step S301, when it is detected that the network quality is reduced, the local offline service 112 sends a fourth request to the third party application server 121 for requesting the basic data associated with the offline service data;
in step S302, in response to the fourth request, the third party application server 121 returns the basic data associated with the offline service data to the local offline service 112, and the local offline service 112 symmetrically encrypts the basic data according to the offline service credential and caches an encrypted copy of the basic data.
In this embodiment, since some of the offline service data created by the third party application client 111 belongs to reusable basic data, these basic data are usually pre-stored in the back-end database of the third party application server 121, and can be commonly used in different service form creation. In order to quickly realize the creation and trusted processing of the offline service data in the offline state of the third party application client 111, when the network quality is monitored to be reduced, the local offline service 112 may send a request for requesting the basic data associated with the offline service data to the third party application server 121, so that the third party application server 121 returns the basic data associated with the offline service data to the local offline service 112, symmetrically encrypts the basic data based on the offline service credential as a key, and caches the encrypted copy of the basic data in a local cache. In this way, when it is monitored that the network is offline, the third party application client 111 may create offline service data based on the encrypted copy of the basic data cached by the local offline service 112, and further prevent the offline service data generated by the third party application in the offline state from being tampered on the basis of satisfying the shortcut creation of the offline service data, thereby satisfying the trusted processing requirement for the offline service data.
On this basis, as shown in fig. 4, in the step S204, when the network is monitored to be offline, the third party application client 111 creates offline service data, which may include the following steps:
step S401, the third party application client 111 sends a fifth request to the local offline service 112 for requesting the basic data associated with the offline service data;
in step S402, in response to the fifth request, the local offline service 112 symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, and sends the decrypted basic data to the third party application client 111, and the third party application client 111 creates the offline service data based on the basic data.
In this embodiment, when it is monitored that the network is offline, the third party application client 111 may request the local offline service 112 for pre-cached basic data associated with the offline service data, and after the local offline service 112 symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, send the decrypted basic data to the third party application client 111, so that the third party application client 111 creates the offline service data based on the basic data, and further prevent the offline service data generated by the third party application in the offline network state from being tampered on the basis of meeting the requirement of swiftly creating the offline service data, thereby meeting the trusted processing requirement of the offline service data.
Fig. 5 is a partial flow diagram of a method for processing offline service data according to another embodiment of the present application. As shown in fig. 5, on the basis of the method steps of any of the foregoing embodiments, the method may further include the steps of:
step S501, in response to a user' S request for modifying the offline service data, the third party application client 111 sends a sixth request for decrypting the offline service data to the local offline service 112;
step S502, in response to the sixth request, the local offline service 112 symmetrically decrypts the second encrypted copy of the offline service data according to the offline service credential, obtains a to-be-modified version of the offline service data, and sends the to-be-modified version of the offline service data to the third party application client 111;
step S503, the third party application client 111 receives the modification of the to-be-modified version of the offline service data by the user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service 112;
in step S504, the local offline service 112 performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
In this embodiment, when the user needs to modify the created offline service data through legal authorization, the third party application client 111 may request the local offline service 112 to decrypt the second encrypted copy of the offline service data; after the local offline service 112 receives the request, the second encrypted copy of the offline service data is symmetrically decrypted based on the locally stored offline service credential as a key, so as to obtain a to-be-modified version of the offline service data, and the to-be-modified version is returned to the third party application client 111.
Subsequently, the third party application client 111 receives the user modification to the to-be-modified version of the offline service data, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service 112. The local offline service 112 performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data. Thus, when the user needs to modify the created offline service data through legal authorization, the second encrypted copy of the offline service data can be modified based on the local offline service 112, and because the second encrypted copy of the offline service data is obtained by symmetrically encrypting the offline service data based on the offline service credential as a key, the second encrypted copy of the offline service data can be symmetrically decrypted through the offline service credential locally at the user mobile terminal 110, and therefore, the application can meet the requirement of editing and modifying the offline service data based on legal authorization of the user on the basis of the version uploaded when the first encrypted copy of the offline service data which cannot be decrypted locally is recovered online as a network. Meanwhile, each time of modification version can generate another corresponding first encryption copy and another second encryption copy, so that the benefit is that each time of modification version of a user is irreversibly recorded in the local, further the offline service data generated in the offline state of the network is prevented from being illegally tampered, and the modification requirement of the user under legal authorization is also ensured.
In one embodiment, the user modification of the offline service data may result in a plurality of first encrypted copies and a plurality of second encrypted copies, which may be respectively ordered in the order of time stamps.
Fig. 6 is a partial flow diagram of a method for processing offline service data according to another embodiment of the present application. As shown in fig. 6, the method according to any one of the foregoing embodiments may further include the following steps:
step S601, when it is monitored that the network is online, the local offline service 112 sends a second upload request message carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service 131;
in step S602, in response to the second upload request message, the cloud offline service 131 asymmetrically decrypts the plurality of first encrypted copies of the offline service data based on the public key associated with the user equipment identifier and the private key in the private key pair, obtains a plurality of versions of the offline service data, and sends the plurality of versions of the offline service data to the third party application server 121.
In this embodiment, on the basis that the user modifies the version to be modified of the offline service data multiple times based on legal authorization, and generates multiple first encrypted copies and multiple second encrypted copies of the offline service data, when it is monitored that the network is online, the local offline service 112 sends a second upload request packet to the cloud offline service 131, where the second upload request packet carries the multiple first encrypted copies of the offline service data and the user device identifier, and after receiving the second upload request packet, the cloud offline service 131 asymmetrically decrypts the multiple first encrypted copies of the offline service data based on the private key in the public key and the private key pair associated with the user device identifier, thereby obtaining multiple versions of the offline service data, and sends the multiple versions of the offline service data to the third party application server 121. In this way, when the network is restored to be online, the embodiment of the present application uploads the first encrypted copies of the offline service data that cannot be decrypted locally to the cloud offline service 131 in batches for asymmetric decryption, and sends the encrypted copies to the third party application server 121 for storage, so that the historical modification of the offline service data by the user in the offline state can be irreversibly recorded to the third party application server, and further illegal tampering of the offline service data generated in the offline state of the network is prevented.
Fig. 7 is a partial flow diagram of a method for processing offline service data according to another embodiment of the present application. As shown in fig. 7, in step S205, the local offline service 112 performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data, which may further include the following steps:
step S701, the local offline service 112 obtains a current time from the GPS module of the user mobile terminal 110, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
in step S702, the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data to which the first check code is attached according to the offline service credential.
In this embodiment, when the local offline service 112 responds to the request of the third party application client 111 and performs asymmetric encryption and symmetric encryption on the offline service data according to the offline service credential, a first check code may be further added to the offline service data, where the first check code is generated based on the user equipment identifier and the current time acquired from the GPS module of the user mobile terminal 110, and the current time cannot be tampered with. In one embodiment, the first check code may be generated according to a time-based one-time password algorithm, which is an algorithm for calculating a one-time password based on a shared key and a cryptographic hash function of a current time, and in this embodiment, the user equipment identifier is used as the shared key for calculating the one-time password, and the first check code is obtained by performing the TOTP operation together with the current time obtained from the GPS module of the user mobile terminal 110. The offline service data with the first check code can perform check on the generation time of the offline service data according to the first check code, so that the offline service data generated in the offline state of the network is further prevented from being illegally tampered.
Fig. 8 is a partial flow diagram of a method for processing offline service data according to another embodiment of the present application. As shown in fig. 8, in the step S207, the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on the public key associated with the user equipment identifier and the private key in the private key pair, and sends the decrypted offline service data to the third party application server 121, and may further include the following steps:
step S801, the cloud offline service 131 obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
in step S802, the cloud offline service 131 determines whether the first check code is identical to the second check code, if not, the cloud offline service 131 sends a response message of failure in checking to the local offline service 112, and terminates sending the decrypted offline service data to the third party application server 121.
In this embodiment, when the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data, a first check code is added to the offline service data, where the first check code is generated based on the ue identifier and the current time obtained from the GPS module of the ue 110. When it is monitored that the network is online, the local offline service 112 sends a first encrypted copy carrying the offline service data and the user equipment identifier to the cloud offline service 131, after the cloud offline service 131 performs asymmetric decryption on the first encrypted copy of the offline service data based on a public key and a private key pair associated with the user equipment identifier, a second check code may be further generated based on the user equipment identifier and a generation time in the offline service data, the second check code is generated based on a one-time cryptographic algorithm TOTP identical to the first check code, when the generation time of the offline service data is not different from a current time acquired from a GPS module of the user mobile terminal 110, the first check code and the second check code calculated based on the TOTP algorithm are identical, therefore, the cloud offline service 131 may determine whether the generation time of the current offline service data is illegally tampered based on a consistency check of the first check code and the second check code, if the generation time fails, the local offline service is further sent to the offline service 112 after the offline service is stopped after the local offline service is failed, and the decryption is further sent to the offline service to the network by a third party to prevent the offline service from being tampered.
An exemplary description is provided below in connection with a communication interaction timing diagram of an alternative embodiment shown in fig. 9. It should be noted that the exemplary descriptions of the present embodiments should not be construed as limiting the scope of protection or the only embodiments of the technical solutions of the present application. As shown in fig. 9, in step S901, when it is monitored that the network quality is degraded, the third party application client 111 sends a request for an offline service credential to the local offline service 112;
step S902, in response to the request, the local offline service 112 first obtains a user equipment identifier user_device_id, where the user equipment identifier user_device_id is a unique identifier that uniquely identifies the trusted identity of the current user on the current user mobile terminal 110, and may be obtained by performing a hash operation according to the combined information of the user identifier and the hardware feature information of the user mobile terminal 110;
step S903, then, the local offline service 112 sends a request carrying the user device identifier user_device_id to the cloud offline service 131 based on the user device identifier user_device_id, and requests to obtain offline service credentials;
step S904, in response to the request, the cloud offline service 131 generates a public key and private key pair { pub_key, private_key } associated with the user equipment identifier user_device_id based on an RSA asymmetric encryption algorithm;
Step S905, and then, the cloud offline service 131 sends the public key pub_key in the public key and private key pair to the local offline service 112 as an offline service credential associated with the user_device_id;
step S906, the local offline service 112 sends a request for requesting the basic data baseData associated with the offline service data to the third party application server 121;
step S907, in response to the request, the third party application server 121 queries the base data baseData from the backend database;
step S908, the third party application server 121 returns basic data baseData to the local offline business service 112;
step S909, the local offline service 112 performs AES algorithm symmetric encryption on the basic data baseData according to the offline service credential pub_key, and caches an encrypted copy of the basic data baseData;
step S910, when it is monitored that the network is offline, the third party application client 111 sends a request for basic data baseData to the local offline service 112;
step S911, in response to the request, the local offline service 112 performs AES algorithm symmetric decryption on the encrypted copy of the basic data baseData according to the offline service credential pub_key, and sends the decrypted basic data baseData to the third party application client 111;
In step S912, the third party application client 111 creates offline service data offlinforms based on the basic data baseData, where the offline service data offlinforms may be a service form in an offline state, and then the third party application client 111 sends a request for encrypting the offline service data offlinforms to the local offline service 112;
step S913, in response to the request, the local offline service 112 obtains a current time gpsTime from the GPS module of the user mobile terminal 110, and generates a first check code based on the user_device_id and the current time gpsTime, specifically, may be generated by adopting a time-based one-time password (TOTP), and appends the first check code to the offline service data offlinform;
step S914, the local offline service 112 performs RSA algorithm asymmetric encryption on the offline service data offlinfeform to which the first check code is attached according to the offline service credential pub_key to obtain a first encrypted copy of the offline service data offlinfeform, and performs AES algorithm symmetric encryption on the offline service data of the first check code to which the first check code is attached according to the offline service credential pub_key to correspondingly obtain a second encrypted copy of the offline service data of flinfeform;
Step S915, when it is monitored that the network is online, the local offline service 112 sends an upload request message carrying the first encrypted copy of the offline service data offlinform and the user_device_id to the cloud offline service 131;
step S916, in response to the upload request message, the cloud offline service 131 performs asymmetric decryption of an RSA algorithm on the first encrypted copy of the offline service data offlinfeform based on a public key and a private key pair { pub_key, private_key } associated with the user device identifier user_device_id, obtains the first check code from the decrypted offline service data offlinfeform, generates a second check code based on the user device identifier user_device_id and a generation time in the offline service data, and determines whether the first check code and the second check code are consistent to perform time check;
in step S917, after the verification is successful, the cloud offline service 131 sends the decrypted offline service data offlinfeform to the third party application server 121.
Fig. 10 is a schematic structural diagram of an offline service data communication processing apparatus according to an embodiment of the present application. As shown in fig. 10, the communication processing device for offline service data according to the embodiment of the present application may include the following units:
A first service request unit 1001, configured to, when it is detected that the network quality is degraded, send, by the third party application client 111, a first request for requesting offline service credentials to the local offline service 112;
a second service request unit 1002, configured to respond to the first request, obtain a user equipment identifier by using the local offline service 112, and send a second request for requesting an offline service credential, which carries the user equipment identifier, to the cloud offline service 131;
a service credential generating unit 1003, configured to generate, in response to the second request, a public key and private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm by using the cloud offline service 131, and send, to the local offline service 112, the public key in the public key and private key pair as an offline service credential associated with the user equipment identifier;
an offline service generating unit 1004, configured to create offline service data by the third party application client 111 when it is monitored that the network is offline, and send a third request for encrypting the offline service data to the local offline service 112;
an offline service encryption unit 1005, configured to respond to the third request, perform asymmetric encryption on the offline service data according to the offline service credential by using the local offline service 112 to obtain a first encrypted copy of the offline service data, and perform symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
An offline service uploading unit 1006, configured to, when it is monitored that the network is online, send, by the local offline service 112, a first upload request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service 131;
the offline service decryption unit 1007 is configured to respond to the first upload request message, and the cloud offline service 131 asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted offline service data to the third party application server 121.
In some embodiments, as shown in fig. 11, on the basis of any of the foregoing embodiments, the apparatus may further include the following units:
a basic data request unit 1101, configured to, when it is detected that the network quality decreases, send, by the local offline service 112, a fourth request to the third party application server 121 for requesting basic data associated with the offline service data;
and a base data caching unit 1102, configured to respond to the fourth request, where the third party application server 121 returns, to the local offline service 112, the base data associated with the offline service data, and the local offline service 112 symmetrically encrypts the base data according to the offline service credential and caches an encrypted copy of the base data.
In some embodiments, on the basis of any one of the foregoing embodiments, the offline service generating unit 1004 is further configured to:
the third party application client 111 sends a fifth request to the local offline service 112 requesting the basic data associated with the offline service data;
in response to the fifth request, the local offline service 112 symmetrically decrypts the encrypted copy of the base data according to the offline service credential, and sends the decrypted base data to the third party application client 111, and the third party application client 111 creates the offline service data based on the base data.
In some embodiments, as shown in fig. 12, on the basis of any of the foregoing embodiments, the apparatus may further include the following units:
a data modification request unit 1201, configured to, in response to a modification request of the offline service data by a user, send, by the third party application client 111, a sixth request for decrypting the offline service data to the local offline service 112;
a version to be modified obtaining unit 1202, configured to respond to the sixth request, where the local offline service 112 symmetrically decrypts the second encrypted copy of the offline service data according to the offline service credential, obtains a version to be modified of the offline service data, and sends the version to be modified to the third party application client 111;
A modified version generating unit 1203, configured to receive, by the third party application client 111, a modification of a to-be-modified version of the offline service data by a user, generate a modified version of the offline service data, and send the modified version of the offline service data to the local offline service 112;
the modified version encryption unit 1204 is configured to asymmetrically encrypt the modified version of the offline service data according to the offline service credential by using the local offline service 112 to obtain another first encrypted copy of the offline service data, and symmetrically encrypt the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
In some embodiments, as shown in fig. 13, on the basis of any of the foregoing embodiments, the apparatus may further include the following units:
a second offline service uploading unit 1301, configured to, when it is monitored that the network is online, send, by the local offline service 112, a second upload request packet carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service 131;
The second offline service decryption unit 1302 is configured to respond to the second upload request message, perform asymmetric decryption on the plurality of first encrypted copies of the offline service data by using the cloud offline service 131 based on the public key associated with the user equipment identifier and the private key in the private key pair, obtain a plurality of versions of the offline service data, and send the plurality of versions of the offline service data to the third party application server 121.
In some embodiments, on the basis of any one of the foregoing embodiments, the offline service encryption unit 1005 is further configured to:
the local offline service 112 obtains the current time from the GPS module of the user mobile terminal 110, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
the local offline service 112 performs asymmetric encryption and symmetric encryption on the offline service data to which the first check code is attached according to the offline service credential.
In some embodiments, on the basis of any of the foregoing embodiments, the offline service decryption unit 1007 is further configured to:
The cloud offline service 131 obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
the cloud offline service 131 determines whether the first check code and the second check code are consistent, if not, the cloud offline service 131 sends a response message of failure in checking to the local offline service 112, and terminates sending the decrypted offline service data to the third party application server 121.
In summary, according to the method and the device for processing communication of offline service data provided by the embodiment of the application, when the network quality is monitored to be reduced, a third party application client requests offline service credentials associated with a user equipment identifier from a cloud end offline service via a local offline service, the cloud end offline service generates a public key and a private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and the private key pair to the local offline service as the offline service credentials associated with the user equipment identifier; when the offline of the network is monitored, the third party application client creates offline service data, and requests the local offline service to perform asymmetric encryption and symmetric encryption on the offline service data according to the offline service credentials to respectively obtain a first encrypted copy and a second encrypted copy of the offline service data; when the online network is monitored, the local offline service sends a first encrypted copy carrying the offline service data and a first uploading request message of the user equipment identifier to the cloud offline service, and the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key and a private key in a private key pair associated with the user equipment identifier and sends the decrypted offline service data to a third party application server. Therefore, the embodiment of the application can prevent the offline service data generated by the third party application in the offline state of the network from being illegally tampered, and meets the trusted processing requirement of the offline service data. Meanwhile, the embodiment of the application does not need to carry out large-scale transformation on the source code of the third party application, and the third party application can meet the trusted processing requirement on the offline service data only by supporting unified interface call of the local offline service and the cloud offline service, so that the deployment and use cost of the third party application is saved.
It should be noted that, as those skilled in the art can understand, the different embodiments described in the method embodiments of the present application, the explanation and the achieved technical effects thereof are also applicable to the device embodiments of the present application, and are not repeated herein.
Further, the embodiment of the application also provides an electronic device, which may include: a processor and a memory. Wherein the memory stores computer program instructions that the processor may invoke in the memory to perform all or part of the steps of the methods described in any of the embodiments of the present application. The computer program instructions in the memory described above may be embodied in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product.
Further, the present application also provides a computer program product comprising a non-transitory computer readable storage medium storing a computer program capable of performing all or part of the steps of the method of any of the embodiments of the present application when the computer readable storage medium is connected to a computer device, the computer program being executed by one or more processors of the computer device.
Further, the present application also provides a non-transitory computer readable storage medium having stored thereon a computer program executable by one or more processors to perform all or part of the steps of the methods described in any of the embodiments of the present application.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments of the present application may be implemented by software or by a combination of software and necessary general hardware platforms, and of course may be implemented by hardware functions. Based on such understanding, the technical solutions of the present application may be embodied in essence or in a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device, including for example but not limited to a personal computer, a server, or a network device, to perform all or part of the steps of the method of any of the embodiments of the present application. The aforementioned storage medium may include: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, randomAccess Memory), a magnetic disk, or an optical disk, or other various media capable of storing computer program code.
The above describes exemplary embodiments of the present application, it should be understood that the above-described exemplary embodiments are not limiting, but rather illustrative, and the scope of the present application is not limited thereto. It will be appreciated that modifications and variations to the embodiments of the present application may be made by those skilled in the art without departing from the spirit and scope of the present application, and such modifications and variations are intended to be within the scope of the present application.
Claims (10)
1. A communication processing method of offline service data, comprising:
when the network quality is monitored to be reduced, the third party application client sends a first request for requesting offline service credentials to a local offline service;
responding to the first request, the local offline service obtains a user equipment identifier, and sends a second request which carries the user equipment identifier and requests offline service credentials to cloud offline service;
responding to the second request, the cloud offline service generates a public key and private key pair associated with the user equipment identifier based on an asymmetric encryption algorithm, and sends the public key in the public key and private key pair to the local offline service as an offline service credential associated with the user equipment identifier;
When the offline of the network is monitored, the third party application client creates offline service data and sends a third request for encrypting the offline service data to the local offline service;
responding to the third request, the local offline service performs asymmetric encryption on the offline service data according to the offline service credential to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credential to obtain a second encrypted copy of the offline service data;
when the online of the network is monitored, the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the first uploading request message, asymmetrically decrypting the first encrypted copy of the offline service data by the cloud offline service based on a public key associated with the user equipment identifier and a private key in a private key pair, and sending the decrypted offline service data to a third party application server.
2. The method for processing communication of offline service data according to claim 1, wherein the method further comprises:
When the network quality is monitored to be reduced, the local offline business service sends a fourth request for requesting the offline business data-associated basic data to the third party application server;
and responding to the fourth request, the third party application server returns basic data associated with the offline service data to the local offline service, and the local offline service performs symmetric encryption on the basic data according to the offline service credentials and caches encrypted copies of the basic data.
3. The method for processing communication of offline service data according to claim 2, wherein the third party application client creates offline service data when it is monitored that the network is offline, comprising:
the third party application client sends a fifth request for requesting the basic data associated with the offline service data to the local offline service;
responding to the fifth request, the local offline service symmetrically decrypts the encrypted copy of the basic data according to the offline service credential, and sends the decrypted basic data to the third party application client; the third party application client creates the offline business data based on the base data.
4. A method of communication processing of offline service data according to claim 3, characterized in that the method further comprises:
responding to a modification request of a user for the offline service data, and sending a sixth request for decrypting the offline service data to the local offline service by the third party application client;
responding to the sixth request, the local offline service symmetrically decrypts the second encrypted copy of the offline service data according to the offline service credential, obtains a to-be-modified version of the offline service data, and sends the to-be-modified version of the offline service data to the third party application client;
the third party application client receives the modification of the to-be-modified version of the offline service data by a user, generates a modified version of the offline service data, and sends the modified version of the offline service data to the local offline service;
the local offline service performs asymmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another first encrypted copy of the offline service data, and performs symmetric encryption on the modified version of the offline service data according to the offline service credential to obtain another second encrypted copy of the offline service data.
5. The method for processing communication of offline service data according to claim 4, wherein the method further comprises:
when the online of the network is monitored, the local offline service sends a second uploading request message carrying a plurality of first encrypted copies of the offline service data and the user equipment identifier to the cloud offline service;
and responding to the second uploading request message, the cloud offline service performs asymmetric decryption on the plurality of first encrypted copies of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair to obtain a plurality of versions of the offline service data, and sends the plurality of versions of the offline service data to a third party application server.
6. The method for processing communication of offline service data according to claim 3, wherein said performing, by said local offline service, said offline service on said offline service credential to obtain a first encrypted copy of said offline service data, and performing, by said local offline service on said offline service credential, said offline service on said offline service credential to obtain a second encrypted copy of said offline service data, comprises:
The local offline service obtains the current time from a GPS module of a user mobile terminal, generates a first check code based on the user equipment identifier and the current time, and attaches the first check code to the offline service data;
and the local offline service performs asymmetric encryption and symmetric encryption on the offline service data added with the first check code according to the offline service certificate.
7. The method for processing communication of offline service data according to claim 6, wherein the cloud offline service asymmetrically decrypts the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and sends the decrypted offline service data to a third party application server, comprising:
the cloud offline service obtains the first check code from the decrypted offline service data, and generates a second check code based on the user equipment identifier and the generation time in the offline service data;
and the cloud offline service judges whether the first check code is consistent with the second check code, if not, the cloud offline service sends a response message of failure in check to the local offline service, and the decrypted offline service data is stopped from being sent to a third party application server.
8. The method for processing communication of offline service data according to claim 7, wherein the method further comprises:
after the local offline service receives the offline service credential associated with the user equipment identifier from the cloud offline service, the local offline service receives the offline service credential based on the user equipment identifier, and caches the encrypted offline service credential.
9. The method for processing offline service data according to claim 8, wherein the user equipment identifier includes a unique identifier obtained by hashing a combination of a user identifier and hardware feature information of the user mobile terminal.
10. A communication processing apparatus for offline service data, comprising:
the first service request unit is used for sending a first request for requesting offline service credentials to the local offline service by the third party application client when the network quality is monitored to be reduced;
the second service request unit is used for responding to the first request, the local offline service obtains a user equipment identifier, and sends a second request which carries the user equipment identifier and requests offline service credentials to cloud offline service;
The service credential generation unit is used for responding to the second request, generating a public key and a private key pair which are associated with the user equipment identifier by the cloud offline service based on an asymmetric encryption algorithm, and sending the public key in the public key and the private key pair to the local offline service based on the public key and the private key pair as an offline service credential which is associated with the user equipment identifier;
the off-line service generating unit is used for creating off-line service data by the third party application client when the off-line of the network is monitored, and sending a third request for encrypting the off-line service data to the local off-line service;
the offline service encryption unit is used for responding to the third request, the local offline service performs asymmetric encryption on the offline service data according to the offline service credentials to obtain a first encrypted copy of the offline service data, and performs symmetric encryption on the offline service data according to the offline service credentials to obtain a second encrypted copy of the offline service data;
the local offline service sends a first uploading request message carrying a first encrypted copy of the offline service data and the user equipment identifier to the cloud offline service when the online network is monitored;
And the offline service decryption unit is used for responding to the first uploading request message, the cloud offline service performs asymmetric decryption on the first encrypted copy of the offline service data based on a public key associated with the user equipment identifier and a private key in a private key pair, and the decrypted offline service data is sent to a third party application server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165959.XA CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165959.XA CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115865532A CN115865532A (en) | 2023-03-28 |
| CN115865532B true CN115865532B (en) | 2023-04-21 |
Family
ID=85658914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310165959.XA Active CN115865532B (en) | 2023-02-27 | 2023-02-27 | Communication processing method and device for offline service data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115865532B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995775A (en) * | 2019-10-11 | 2020-04-10 | 浙江口碑网络技术有限公司 | Service data processing method, device and system |
| CN111865582A (en) * | 2020-07-20 | 2020-10-30 | 普华云创科技(北京)有限公司 | Private key offline storage method, system and storage medium based on zero knowledge proof |
| WO2021022701A1 (en) * | 2019-08-08 | 2021-02-11 | 平安科技(深圳)有限公司 | Information transmission method and apparatus, client terminal, server, and storage medium |
| CN112508576A (en) * | 2021-02-04 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Key management method, system and storage medium based on block chain |
| CN112685780A (en) * | 2020-12-31 | 2021-04-20 | 杭州链化洞察科技有限公司 | Data encryption and decryption method based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462472A (en) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of data encryption and decryption |
-
2023
- 2023-02-27 CN CN202310165959.XA patent/CN115865532B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021022701A1 (en) * | 2019-08-08 | 2021-02-11 | 平安科技(深圳)有限公司 | Information transmission method and apparatus, client terminal, server, and storage medium |
| CN110995775A (en) * | 2019-10-11 | 2020-04-10 | 浙江口碑网络技术有限公司 | Service data processing method, device and system |
| CN111865582A (en) * | 2020-07-20 | 2020-10-30 | 普华云创科技(北京)有限公司 | Private key offline storage method, system and storage medium based on zero knowledge proof |
| CN112685780A (en) * | 2020-12-31 | 2021-04-20 | 杭州链化洞察科技有限公司 | Data encryption and decryption method based on block chain |
| CN112508576A (en) * | 2021-02-04 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Key management method, system and storage medium based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115865532A (en) | 2023-03-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110049016B (en) | Data query method, device, system, equipment and storage medium of block chain | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| CN111064569B (en) | Cluster key obtaining method and device of trusted computing cluster | |
| CN110661817B (en) | Resource access method and device and service gateway | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| CN106790045B (en) | distributed virtual machine agent device based on cloud environment and data integrity guarantee method | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| JP2021511743A (en) | Methods, application servers, IOT devices and media for implementing IOT services | |
| CN107872532B (en) | Method and system for storing and downloading third-party cloud storage platform | |
| CN113382002B (en) | Data request method, request response method, data communication system, and storage medium | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN114499837B (en) | Message leakage prevention method, device, system and equipment | |
| CN111639357A (en) | Encryption network disk system and authentication method and device thereof | |
| CN113259722B (en) | Secure video Internet of things key management method, device and system | |
| CN111008400A (en) | Data processing method, device and system | |
| JP2024025805A (en) | Storage system download terminal, key terminal, and storage server processing encrypted file while keeping private key hidden in key terminal | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN116561820B (en) | Trusted data processing method and related device | |
| CN116248416B (en) | Identity authentication method, device and computer equipment | |
| CN116419217B (en) | OTA data upgrading method, system, equipment and storage medium | |
| CN112565156B (en) | Information registration method, device and system | |
| CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
| CN115865532B (en) | Communication processing method and device for offline service data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |