CN116684102A - Message transmission method, message verification method, device, equipment, medium and product - Google Patents
Message transmission method, message verification method, device, equipment, medium and product Download PDFInfo
- Publication number
- CN116684102A CN116684102A CN202310665766.0A CN202310665766A CN116684102A CN 116684102 A CN116684102 A CN 116684102A CN 202310665766 A CN202310665766 A CN 202310665766A CN 116684102 A CN116684102 A CN 116684102A
- Authority
- CN
- China
- Prior art keywords
- message
- parameter
- key
- authentication code
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 230000005540 biological transmission Effects 0.000 title claims abstract description 28
- 238000012795 verification Methods 0.000 title claims abstract description 15
- 230000006870 function Effects 0.000 claims description 74
- 230000000875 corresponding effect Effects 0.000 claims description 47
- 238000004590 computer program Methods 0.000 claims description 34
- 238000004422 calculation algorithm Methods 0.000 claims description 26
- 230000002596 correlated effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005314 correlation function Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
The application relates to a message transmission method, a message verification device, computer equipment, a storage medium and a product, which can improve the reliability of message transmission. The method comprises the following steps: acquiring a message Wen Miwen obtained by encrypting a message to be sent, and outputting a first key parameter and a message ciphertext to a hash model to obtain a first message authentication code of the message ciphertext; encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter; transmitting message information carrying a first encryption parameter, a message Wen Miwen and a first message authentication code to a server; the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result is determined based on a comparison result of the first message authentication code and the second message authentication code.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a message transmission method, a message verification method, a device, a computer device, a storage medium, and a computer program product.
Background
With the development of financial software technology, in order to facilitate the business handling of users, financial institutions have developed corresponding financial clients, and services are provided for users in time based on data interaction between the financial clients and financial service terminals.
In the related art, a financial client interacts with a financial server through a message plaintext, or encrypts part of field contents of the message and then transmits the encrypted part of field contents. However, in the above transmission process, the message still has a high risk of being tampered, and it is difficult for the financial server to obtain a reliable message.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a message transmission method, a message verification method, an apparatus, a computer device, a computer readable storage medium, and a computer program product that can improve the reliability of message transmission.
In a first aspect, the present application provides a method for transmitting a message. The method comprises the following steps:
acquiring a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and the message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model;
Encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
transmitting message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In one embodiment, before the obtaining the message ciphertext obtained by encrypting the message to be sent, the method further includes:
determining an application function of a message service to be sent; the message is generated under the condition that the application function is called;
if the application function does not belong to the preset application function, the message is sent to the server; the preset application functions comprise application functions with tampered risk values higher than a preset threshold value;
And if the application function belongs to the preset application function, executing the step of obtaining the message ciphertext after encrypting the message to be sent.
In one embodiment, before the outputting the first key parameter and the message ciphertext to the hash model to obtain the first message authentication code of the message Wen Miwen output by the hash model, the method further includes:
determining a key parameter length based on the tampered risk value of the application function; the key parameter length is positively correlated with the tampered risk value;
and acquiring a random number with the key parameter length as a first key parameter.
In one embodiment, the encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter includes:
determining a second key parameter for encrypting the message, and encrypting the first key parameter and the second key parameter based on an asymmetric encryption key to obtain a first encryption parameter and a second encryption parameter;
the sending the message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to the server side includes:
And sending message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, so that the server decrypts the message Wen Miwen based on the second encryption parameter to obtain the message when the server determines that the falsification check result of the message information is that the falsification check result passes based on the first encryption parameter and the first message authentication code.
In one embodiment, the encrypting the first key parameter and the second key parameter based on the asymmetric encryption key includes:
determining an encryption algorithm corresponding to the message ciphertext, and acquiring an asymmetric encryption algorithm different from the encryption algorithm;
encrypting the first key parameter and the second key parameter based on the asymmetric encryption algorithm and the asymmetric encryption key.
In a second aspect, the present application further provides a message verification method. The method comprises the following steps:
receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
Decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
In one embodiment, the message information further carries a second encryption parameter, where the second encryption parameter is obtained by encrypting a second key parameter used for encrypting the message through the asymmetric encryption key;
after determining the falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code, the method further comprises the following steps:
acquiring the second key parameter; the second key parameter is obtained by decrypting the second encryption parameter through the asymmetric decryption key;
decrypting the message Wen Miwen based on the second encryption parameter to obtain the message.
In a third aspect, the present application further provides a message transmission device. The device comprises:
the first message authentication code obtaining module is configured to obtain a message Wen Miwen obtained by encrypting a message to be sent, and output a first key parameter and the message ciphertext to a hash model to obtain a first message authentication code of the message Wen Miwen output by the hash model;
the key parameter encryption module is used for encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
the message information sending module is used for sending message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In a fourth aspect, the present application further provides a message verification device. The device comprises:
the message information receiving module is used for receiving message information from the client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
the key parameter decryption module is used for decrypting the first encryption parameter by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
the second message authentication code generation module is used for inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and the comparison module is used for determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and the message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model;
encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
transmitting message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In a sixth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
In a seventh aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and the message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model;
encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
transmitting message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In an eighth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
In a ninth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
acquiring a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and the message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model;
encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
transmitting message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In a tenth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
The above message transmission method, message verification method, device, computer equipment, storage medium and computer program product, where the financial client can obtain a message Wen Miwen obtained by encrypting a message to be sent, and output a first key parameter and a message ciphertext to the hash model to obtain a first message authentication code of the message ciphertext output by the hash model; then, the first key parameter can be encrypted based on the asymmetric encryption key to obtain a first encryption parameter; and sending message information carrying the first encryption parameter, the message Wen Miwen and the first message authentication code to the server side so that the server side decrypts the first encryption parameter by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter, inputting the first key parameter and a message ciphertext carried by the message information into a hash model to obtain a second message authentication code, and determining a falsification check result of the message ciphertext carried by the message information based on a comparison result of the first message authentication code and the second message authentication code. In the application, on one hand, the server can encrypt the whole message, so as to avoid the direct tampering of the message content; on the other hand, the first encryption parameter is decrypted based on the asymmetric decryption key, and the first message authentication code is verified by combining the decrypted first key parameter and the message Wen Miwen, so that whether the message ciphertext is replaced or not is verified, and the reliability of the message ciphertext which can be obtained by the server side is ensured.
Drawings
FIG. 1 is an application environment diagram of a message transmission method in one embodiment;
FIG. 2 is a flow chart of a message transmission method according to an embodiment;
FIG. 3 is a flowchart illustrating a step of triggering the message ciphertext acquisition in one embodiment;
FIG. 4 is a flow chart of a message check method according to an embodiment;
FIG. 5 is a block diagram of a message transmission device according to one embodiment;
FIG. 6 is a block diagram illustrating a message check apparatus according to an embodiment;
FIG. 7 is an internal block diagram of a computer device in one embodiment;
FIG. 8 is an internal block diagram of another computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The message transmission method provided by the embodiment of the application can be applied to an application environment shown in fig. 1, wherein the application environment can comprise a client and a server, and the client communicates with the server through a network. In the application, a client can acquire a message Wen Miwen obtained by encrypting a message to be sent, output a first key parameter and a message ciphertext to a hash model to obtain a first message authentication code of the message ciphertext output by the hash model, and encrypt the first key parameter based on an asymmetric encryption key to obtain a first encryption parameter; and then, the message information carrying the first encryption parameter, the message Wen Miwen and the first message authentication code can be sent to the server side, so that the server side can decrypt the first encryption parameter by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter, the first key parameter and a message ciphertext carried by the message information are input into a hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
The client is deployed on a terminal, and the terminal can be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things equipment and portable wearable equipment, wherein the internet of things equipment can be an intelligent sound box, an intelligent television, an intelligent air conditioner, intelligent vehicle-mounted equipment and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server may be implemented by an independent server or a server cluster formed by a plurality of servers, and the server may have a data storage system, where the data storage system may store a message from the client, and the data storage system may be integrated on the server, or may be placed on a cloud or other network servers.
In one embodiment, as shown in fig. 2, a method for transmitting a message is provided, and the method is applied to the client in fig. 1 for illustration, and includes the following steps:
s201, obtaining a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and a message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model.
In a specific implementation, the client may obtain a message to be sent, where the message may be a message generated during an interaction between the client and the server, and in an alternative embodiment, the client may be a financial client. After the message to be sent is obtained, the message can be encrypted, a message ciphertext corresponding to the message is obtained, and the message ciphertext can be understood as the message in the ciphertext state. In an embodiment, the financial client can encrypt the message based on a preset encryption algorithm by itself, so as to ensure the data security of the message.
After obtaining the message ciphertext, inputting a first key parameter and the message ciphertext which are obtained in advance into a hash model, wherein the first key parameter can be a randomly generated parameter, and the first key parameter is used for generating a hash value together with the message ciphertext; in some alternative embodiments, the Hash model may be a HMAC (Hash-based Message Authentication Code, hash message authentication code) model. After the hash model obtains the input first key parameter and the message ciphertext parameter, a hash value uniquely corresponding to the first key parameter and the message ciphertext can be generated and used as a first message authentication code of the message ciphertext, wherein when the first key parameter or the message ciphertext slightly changes, the output first message authentication code is obviously changed.
S202, encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter.
After determining the first key parameter for generating the first message authentication code, the client may encrypt the first key parameter with the asymmetric encryption key, with the encryption result being the first encryption parameter. The asymmetric encryption key can be understood as a key used for encrypting information in an asymmetric algorithm, and the client and the server can be agreed in advance, for example, a public key of the server is used as an asymmetric encryption key, and a private key stored by the server is used as an asymmetric decryption key; alternatively, the private key of the client may be used as an asymmetric encryption key, and the corresponding public key stored by the server may be used as an asymmetric decryption key.
S203, sending message information carrying a first encryption parameter, a message Wen Miwen and a first message authentication code to a server, wherein the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to an asymmetric encryption key to obtain a first key parameter, inputting the first key parameter and a message ciphertext carried by the message information into a hash model to obtain a second message authentication code, and determining a falsification check result of the message ciphertext carried by the message information based on a comparison result of the first message authentication code and the second message authentication code.
The falsification check result of the message ciphertext can represent whether the message ciphertext is falsified or not.
In this step, the client may send the message information to the server, and because the message information received by the server carries the first message authentication code, the message ciphertext used to generate the first message authentication code, and the first encryption parameter, the server may first utilize the asymmetric decryption key predefined by the client to attempt to encrypt the client with the corresponding asymmetric encryption key to obtain the first key parameter. If the server side successfully decrypts, the server side can obtain the first key parameter provided by the client side, and can simultaneously determine that the first key parameter is signed (digitally signed) by the client side. If the server cannot decrypt, the risk of tampering the content of the message information can be determined, and the message information is determined to be tampered.
After the first key parameter is obtained, the server may further input the first key parameter and the message ciphertext carried by the message information into the same hash model, and use the hash value output by the hash model as the second message authentication code. Then judging whether the first message authentication code and the second message authentication code are the same, if yes, determining that the message ciphertext carried by the message information is not tampered; if not, determining that the message ciphertext carried by the message information is tampered.
In the above message transmission method, the financial client may acquire a message Wen Miwen obtained by encrypting a message to be sent, and output a first key parameter and a message ciphertext to the hash model to obtain a first message authentication code of the message ciphertext output by the hash model; then, the first key parameter can be encrypted based on the asymmetric encryption key to obtain a first encryption parameter; and sending message information carrying the first encryption parameter, the message Wen Miwen and the first message authentication code to the server side so that the server side decrypts the first encryption parameter by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter, inputting the first key parameter and a message ciphertext carried by the message information into a hash model to obtain a second message authentication code, and determining a falsification check result of the message ciphertext carried by the message information based on a comparison result of the first message authentication code and the second message authentication code. In the application, on one hand, the server can encrypt the whole message, so as to avoid the direct tampering of the message content; on the other hand, the first encryption parameter is decrypted based on the asymmetric decryption key, and the first message authentication code is verified by combining the decrypted first key parameter and the message Wen Miwen, so that whether the message ciphertext is replaced or not is verified, and the reliability of the message ciphertext which can be obtained by the server side is ensured.
In one embodiment, as shown in fig. 3, before S201 obtains the message ciphertext obtained by encrypting the message to be sent, the method may further include the following steps:
s301, determining an application function of a message service to be sent; the message is generated in the case that the application function is invoked.
In a specific implementation, the client may generate a corresponding message when the application function is called or triggered, for example, may acquire a message serving the application function based on operation information recorded by the client and used for characterizing the triggered condition of the application function, and the client may interact with the server through the message, to trigger the server to provide a data resource related to the application function or trigger the server to process a task related to the application function. In an embodiment, the application functions may be respective application functions that the client has installed.
S302, if the application function does not belong to the preset application function, a message is sent to a server; the preset application functions include application functions with tamper risk values higher than a preset threshold.
S303, if the application function belongs to the preset application function, executing the step of obtaining a message ciphertext after encrypting the message to be sent.
Specifically, the client may have a plurality of application functions, and when the client sends a message of some of the application functions to the server, the message is at risk of being tampered with. Based on the above, the tampered risk value corresponding to each application function can be predetermined, and the tampered risk value can represent the tampered risk value of the message of the corresponding application function, wherein the tampered risk value is positively correlated with the possibility of tampering of the message of the application function, that is, the higher the tampered risk value corresponding to the application function is, the higher the possibility of tampering of the message of the application function is.
After obtaining the tampered risk value of each application function, one or more application functions with tampered risk values higher than a preset threshold value can be determined as preset application functions, and the message with the preset application functions has higher tampered risk and needs to reduce the possibility of the message in the transmission process as much as possible. And further, after determining the application function of the message service to be sent, whether the application function is a preset application function or not can be judged. If the application function does not belong to the preset application function, the current message can be directly sent to the server, namely, an unencrypted message is sent to the server. And if the application function belongs to the preset application function, executing the step of obtaining a message ciphertext after encrypting the message to be sent.
In this embodiment, by directly sending a message to the server under the condition that the application function does not belong to the preset application function, and executing to obtain the message ciphertext obtained after encrypting the message to be sent when the application function belongs to the preset application function, on one hand, it is possible to avoid uniformly encrypting all the messages and generating a message authentication code and other processes, reduce occupation of computing resources of the client in the process of transmitting the message, and ensure the message transmission efficiency, and on the other hand, it is possible to avoid tampering the message of the application function with higher risk of tampering during transmission.
In one embodiment, before outputting the first key parameter and the message ciphertext to the hash model to obtain the first message authentication code of the message ciphertext output by the hash model, the method further comprises the following steps:
determining a key parameter length based on the tampered risk value of the application function; the key parameter length is positively correlated with the tampered risk value; a random number having a key parameter length is obtained as a first key parameter.
Specifically, the cracking difficulty of the first message authentication code may be positively correlated with the parameter length of the first key parameter input to the hash model, the parameter length of the input parameter increases, and the possibility that the third party determines that the first key parameter is determined through the collision test is correspondingly reduced.
Based on this, the key parameter length may be determined based on the tamper risk value of the application function. For example, the tampered risk value of the application function can be input into the positive correlation function, and the value output by the positive correlation function is used as the key parameter length; for another example, a plurality of tampered risk value intervals may be divided in advance, where each tampered risk value interval has a corresponding key parameter length, and the key parameter lengths of the tampered risk value intervals increase with the increase of the tampered risk value in the interval.
After determining the key parameter length, a random number having the key parameter length may be obtained as the first key parameter by a random number generation algorithm.
In this embodiment, the length of the random number may be flexibly adjusted according to the tampered risk value of the application function, and the random number is used as the first key parameter, so that the first key parameter may be flexibly changed, and the cracking difficulty of the first message authentication code may be adapted to the tampered risk of the application function, so that the message security is fully ensured under the condition of fully utilizing the computing resource of the client.
In one embodiment, S202 encrypts the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter, which may include the following steps:
And determining a second key parameter for encrypting the message, and encrypting the first key parameter and the second key parameter based on the asymmetric encryption key to obtain a first encryption parameter and a second encryption parameter.
In practical application, the client may determine a second key parameter for encrypting the message to be sent, and then may encrypt the first key parameter and the second key parameter with the same asymmetric encryption key, so as to obtain a first encryption parameter corresponding to the first key parameter and a second encryption parameter corresponding to the second key parameter.
Accordingly, the step of S203 of sending the message information carrying the first encryption parameter, the message Wen Miwen and the first message authentication code to the server may include the following steps:
and sending the message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, so that the server decrypts the message ciphertext based on the second encryption parameter to obtain the message under the condition that the falsification check result of the message information is determined to pass the check based on the first encryption parameter and the first message authentication code.
By sending the message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, the server can further decrypt the message ciphertext by using the second encryption parameter when the falsification check result of the message information is determined to pass the check based on the first encryption parameter and the first message authentication code. Specifically, the server may attempt to decrypt the second encryption parameter by using an asymmetric decryption key predetermined with the client, and in case of successful decryption, may verify that the second encryption parameter is sent by the client, the second encryption parameter and the second key parameter obtained by decryption are trusted information, and then may decrypt the message ciphertext by using the second key parameter. If the message Wen Miwen is successfully decrypted by using the second key parameter, determining that the decrypted message is really a message sent by the client to the server; if the message Wen Miwen cannot be decrypted by using the second key parameter, it is determined that the message ciphertext carried by the message information is tampered.
In this embodiment, the first key parameter and the second key parameter are encrypted based on the asymmetric encryption key to obtain the first encryption parameter and the second encryption parameter, and the message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code is sent to the server, so that the server can check whether the content in the message information is tampered or not in multiple times in different ways, and the reliability of the message acquired by the server is effectively increased.
In one embodiment, encrypting the first key parameter and the second key parameter based on the asymmetric encryption key includes:
determining an encryption algorithm corresponding to the message ciphertext, and acquiring an asymmetric encryption algorithm different from the encryption algorithm; the first key parameter and the second key parameter are encrypted based on an asymmetric encryption algorithm and an asymmetric encryption key.
When the first key parameter and the second key parameter are encrypted, an asymmetric encryption algorithm different from a message ciphertext encryption mode can be selected, and then the encryption is performed by using the asymmetric encryption algorithm. In this embodiment, two different encryption algorithms are used to encrypt the message and the key parameter respectively, so that the risk that the message ciphertext and the key parameter are simultaneously cracked can be reduced, and the reliability of the tamper check result obtained by the server side is improved.
In one embodiment, as shown in fig. 4, a message transmission method is provided, and the method is applied to the server in fig. 1 for illustration, and includes the following steps:
s401, receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, wherein the message ciphertext is obtained by encrypting a message to be sent by the client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key.
In practical application, the client may acquire a message to be sent, where the message may be a message generated in an interaction process between the client and the server, and encrypt the message to obtain a message ciphertext corresponding to the message, where the message ciphertext may be understood as a message in a ciphertext state. After the message ciphertext is obtained, the first key parameter and the message ciphertext which are obtained in advance can be input into a hash model, and a hash value uniquely corresponding to the first key parameter and the message ciphertext is generated by the hash model and is used as a first message authentication code of the message ciphertext.
After determining the first key parameter for generating the first message authentication code, the client may encrypt the first key parameter with the asymmetric encryption key, take the encryption result as the first encryption parameter, and then send the message information carrying the first message authentication code and for generating the first message authentication code, the message Wen Miwen and the first encryption parameter to the server.
S402, decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter.
The server may first attempt to encrypt the client with the first key parameter obtained by using the asymmetric encryption key that is pre-agreed with the client. If the server side successfully decrypts, the server side can obtain the first key parameter provided by the client side, and can simultaneously determine that the first key parameter is signed (digitally signed) by the client side. If the server cannot decrypt, the risk of tampering the content of the message information can be determined, and the message information is determined to be tampered.
S403, inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code.
After the first key parameter is obtained, the server may further input the first key parameter and the message ciphertext carried by the message information into the same hash model, and use the hash value output by the hash model as the second message authentication code.
S404, determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
In the step, the server can judge whether the first message authentication code and the second message authentication code are the same, if yes, the server can determine that the message ciphertext carried by the message information is not tampered; if not, determining that the message ciphertext carried by the message information is tampered.
In the message verification method, the server side can receive message information from the client side; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, wherein the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key; then, the first encryption parameter can be decrypted by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain a first key parameter, and the first key parameter and a message ciphertext carried by the message information are input into a hash model to obtain a second message authentication code; and further, based on the comparison result of the first message authentication code and the second message authentication code, a falsification check result of the message ciphertext carried by the message information can be determined. In the application, on one hand, the server can encrypt the whole message, so as to avoid the direct tampering of the message content; on the other hand, the first encryption parameter is decrypted based on the asymmetric decryption key, and the first message authentication code is verified by combining the decrypted first key parameter and the message Wen Miwen, so that whether the message ciphertext is replaced or not is verified, and the reliability of the message ciphertext which can be obtained by the server side is ensured.
In one embodiment, the message information also carries a second encryption parameter, and the second encryption parameter is obtained by encrypting a second key parameter for encrypting the message by the client through an asymmetric encryption key;
after determining the falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code, the method may further include:
acquiring a second key parameter; the second key parameter is obtained by decrypting the second encryption parameter through an asymmetric decryption key; and decrypting the message ciphertext based on the second encryption parameter to obtain the message.
Specifically, the client may determine a second key parameter for encrypting the message to be sent, and then may encrypt the first key parameter and the second key parameter with the same asymmetric encryption key, so as to obtain a first encryption parameter corresponding to the first key parameter and a second encryption parameter corresponding to the second key parameter.
By sending the message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, the server can further decrypt the message ciphertext by using the second encryption parameter when the falsification check result of the message information is determined to pass the check based on the first encryption parameter and the first message authentication code. Specifically, the server may attempt to decrypt the second encryption parameter by using an asymmetric decryption key predetermined with the client, and in case of successful decryption, may verify that the second encryption parameter is sent by the client, the second encryption parameter and the second key parameter obtained by decryption are trusted information, and then may decrypt the message ciphertext by using the second key parameter. If the message Wen Miwen is successfully decrypted by using the second key parameter, determining that the decrypted message is really a message sent by the client to the server; if the message Wen Miwen cannot be decrypted by using the second key parameter, it is determined that the message ciphertext carried by the message information is tampered.
In this embodiment, the first key parameter and the second key parameter are encrypted based on the asymmetric encryption key to obtain the first encryption parameter and the second encryption parameter, and the message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code is sent to the server, so that the server can check whether the content in the message information is tampered or not in multiple times in different ways, and the reliability of the message acquired by the server is effectively increased.
In order that those skilled in the art may better understand the above steps, an embodiment of the present application will be described below by way of an example, but it should be understood that the embodiment of the present application is not limited thereto.
S1, a financial client can acquire a message to be sent, after determining that the message is an application function serving a 'user prize', the financial client determines that the application function is a pre-examination function, can firstly determine a key parameter A corresponding to an SM4 symmetric encryption algorithm, and symmetrically encrypts the message by utilizing the key parameter A to obtain a message ciphertext.
S2, the financial client can perform HMAC calculation on the message ciphertext, specifically, can acquire a random number as a key parameter B, and then inputs the key parameter B and the message ciphertext into a hash model to obtain a first message authentication code.
S3, the financial client uses a public key corresponding to the SM2 asymmetric algorithm agreed by the server to asymmetrically encrypt the key parameter A, the key parameter B and the message ciphertext, and sends the encrypted message to the server along with the message information.
And S4, after receiving the message information, the server is connected with the encryptor, and decrypts the encrypted key parameters A and B carried by the message information through the private key corresponding to the SM2 asymmetric algorithm to obtain the key parameters A and B.
S5, the server side performs HMAC calculation based on the key parameter B and the message ciphertext carried by the message information to obtain a second message authentication code, compares the second message authentication code with the first message authentication code sent by the message information, and returns failure if the second message authentication code is inconsistent with the first message authentication code; if so, executing step S6.
S6, decrypting the message ciphertext by using the decrypted key parameter A.
And S7, when the server returns the response message to the client, the SM4 symmetric encryption can be carried out only once, namely the key parameter A corresponding to the SM4 symmetric encryption algorithm encrypts the response message, and the encrypted response message is returned to the financial client.
S8, the financial client decrypts the encrypted response message by using the key parameter A.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a message transmission device for realizing the above related message transmission method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the message transmission device provided below may refer to the limitation of the message transmission method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 5, there is provided a message transmission apparatus, including:
a first message authentication code obtaining module 501, configured to obtain a message Wen Miwen obtained by encrypting a message to be sent, and output a first key parameter and the message ciphertext to a hash model to obtain a first message authentication code of the message Wen Miwen output by the hash model;
a key parameter encryption module 502, configured to encrypt the first key parameter based on an asymmetric encryption key, to obtain a first encryption parameter;
a message information sending module 503, configured to send, to a server, message information carrying the first encryption parameter, the message ciphertext, and the first message authentication code;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
In one embodiment, the apparatus further comprises:
an application function identification module for determining the application function of the message service to be sent; the message is generated under the condition that the application function is called;
the message sending module is used for sending the message to the server if the application function does not belong to a preset application function; the preset application functions comprise application functions with tampered risk values higher than a preset threshold value;
and the message Wen Miwen obtaining module is used for executing the step of obtaining the message ciphertext after encrypting the message to be sent if the application function belongs to the preset application function.
In one embodiment, the apparatus further comprises:
the parameter length determining module is used for determining the key parameter length based on the tampered risk value of the application function; the key parameter length is positively correlated with the tampered risk value;
and the first key parameter acquisition module is used for acquiring the random number with the key parameter length as a first key parameter.
In one embodiment, the key parameter encryption module 502 is configured to:
determining a second key parameter for encrypting the message, and encrypting the first key parameter and the second key parameter based on an asymmetric encryption key to obtain a first encryption parameter and a second encryption parameter;
The message information sending module 503 is configured to:
and sending message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, so that the server decrypts the message Wen Miwen based on the second encryption parameter to obtain the message when the server determines that the falsification check result of the message information is that the falsification check result passes based on the first encryption parameter and the first message authentication code.
In one embodiment, the key parameter encryption module 502 is configured to:
determining an encryption algorithm corresponding to the message ciphertext, and acquiring an asymmetric encryption algorithm different from the encryption algorithm;
encrypting the first key parameter and the second key parameter based on the asymmetric encryption algorithm and the asymmetric encryption key.
Based on the same inventive concept, the embodiment of the application also provides a message verification device for realizing the above related message verification method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more message verification devices provided below may refer to the limitation of the message transmission method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 6, there is provided a message checking apparatus, including:
a message information receiving module 601, configured to receive message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
a key parameter decryption module 602, configured to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key, to obtain the first key parameter;
a second message authentication code generating module 603, configured to input the first key parameter and a message ciphertext carried by the message information into the hash model, to obtain a second message authentication code;
and the comparison module 604 is configured to determine a tamper check result of the message ciphertext carried by the message information based on a comparison result of the first message authentication code and the second message authentication code.
In one embodiment, the message information further carries a second encryption parameter, where the second encryption parameter is obtained by encrypting a second key parameter used for encrypting the message through the asymmetric encryption key;
the apparatus further comprises:
the first key parameter acquisition module is used for acquiring the second key parameter; the second key parameter is obtained by decrypting the second encryption parameter through the asymmetric decryption key;
and the ciphertext decrypting module is used for decrypting the message Wen Miwen based on the second encrypting parameter to obtain the message.
All or part of the modules in the message transmission device and the message verification device can be realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing message data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a message check method.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a message transmission method. The display unit of the computer device is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by persons skilled in the art that the structures shown in fig. 7 and 8 are block diagrams of only portions of structures associated with the present inventive arrangements and are not limiting of the computer device to which the present inventive arrangements are applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (12)
1. A method for transmitting a message, the method comprising:
acquiring a message Wen Miwen obtained by encrypting a message to be sent, outputting a first key parameter and the message ciphertext to a hash model, and obtaining a first message authentication code of the message Wen Miwen output by the hash model;
encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
Transmitting message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
2. The method according to claim 1, further comprising, prior to the obtaining the message ciphertext obtained by encrypting the message to be sent:
determining an application function of a message service to be sent; the message is generated under the condition that the application function is called;
if the application function does not belong to the preset application function, the message is sent to the server; the preset application functions comprise application functions with tampered risk values higher than a preset threshold value;
And if the application function belongs to the preset application function, executing the step of obtaining the message ciphertext after encrypting the message to be sent.
3. The method of claim 2, further comprising, prior to said outputting the first key parameter and the message ciphertext to a hash model to obtain a first message authentication code of the message Wen Miwen output by the hash model:
determining a key parameter length based on the tampered risk value of the application function; the key parameter length is positively correlated with the tampered risk value;
and acquiring a random number with the key parameter length as a first key parameter.
4. A method according to any one of claims 1 to 3, wherein encrypting the first key parameter based on an asymmetric encryption key results in a first encryption parameter, comprising:
determining a second key parameter for encrypting the message, and encrypting the first key parameter and the second key parameter based on an asymmetric encryption key to obtain a first encryption parameter and a second encryption parameter;
the sending the message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to the server side includes:
And sending message information carrying the first encryption parameter, the second encryption parameter, the message ciphertext and the first message authentication code to the server, so that the server decrypts the message Wen Miwen based on the second encryption parameter to obtain the message when the server determines that the falsification check result of the message information is that the falsification check result passes based on the first encryption parameter and the first message authentication code.
5. The method of claim 4, wherein encrypting the first key parameter and the second key parameter based on an asymmetric encryption key comprises:
determining an encryption algorithm corresponding to the message ciphertext, and acquiring an asymmetric encryption algorithm different from the encryption algorithm;
encrypting the first key parameter and the second key parameter based on the asymmetric encryption algorithm and the asymmetric encryption key.
6. The message verification method is characterized by comprising the following steps:
receiving message information from a client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
Decrypting the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
7. The method of claim 6, wherein the message information further carries a second encryption parameter, and the second encryption parameter is obtained by encrypting a second key parameter used for encrypting the message by the asymmetric encryption key;
after determining the falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code, the method further comprises the following steps:
acquiring the second key parameter; the second key parameter is obtained by decrypting the second encryption parameter through the asymmetric decryption key;
decrypting the message Wen Miwen based on the second encryption parameter to obtain the message.
8. A message transmission apparatus, the apparatus comprising:
the first message authentication code obtaining module is configured to obtain a message Wen Miwen obtained by encrypting a message to be sent, and output a first key parameter and the message ciphertext to a hash model to obtain a first message authentication code of the message Wen Miwen output by the hash model;
the key parameter encryption module is used for encrypting the first key parameter based on the asymmetric encryption key to obtain a first encryption parameter;
the message information sending module is used for sending message information carrying the first encryption parameter, the message ciphertext and the first message authentication code to a server;
the message information is used for the server to decrypt the first encryption parameter by using an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter, the first key parameter and a message ciphertext carried by the message information are input into the hash model to obtain a second message authentication code, and a tamper check result of the message ciphertext carried by the message information is determined based on a comparison result of the first message authentication code and the second message authentication code.
9. A message verification device, the device comprising:
the message information receiving module is used for receiving message information from the client; the message information carries a first encryption parameter, a message Wen Miwen and a first message authentication code, the message ciphertext is obtained by encrypting a message to be sent by a client, the first message authentication code is obtained by outputting a first key parameter and the message ciphertext to a hash model, and the first encryption parameter is obtained by encrypting the first key parameter through an asymmetric encryption key;
the key parameter decryption module is used for decrypting the first encryption parameter by utilizing an asymmetric decryption key corresponding to the asymmetric encryption key to obtain the first key parameter;
the second message authentication code generation module is used for inputting the first key parameter and the message ciphertext carried by the message information into the hash model to obtain a second message authentication code;
and the comparison module is used for determining a falsification check result of the message ciphertext carried by the message information based on the comparison result of the first message authentication code and the second message authentication code.
10. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 or any one of claims 6 to 7 when the computer program is executed.
11. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 5 or any one of claims 6 to 7.
12. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method of any one of claims 1 to 5 or of any one of claims 6 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310665766.0A CN116684102A (en) | 2023-06-06 | 2023-06-06 | Message transmission method, message verification method, device, equipment, medium and product |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310665766.0A CN116684102A (en) | 2023-06-06 | 2023-06-06 | Message transmission method, message verification method, device, equipment, medium and product |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116684102A true CN116684102A (en) | 2023-09-01 |
Family
ID=87778687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310665766.0A Pending CN116684102A (en) | 2023-06-06 | 2023-06-06 | Message transmission method, message verification method, device, equipment, medium and product |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116684102A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116996327A (en) * | 2023-09-25 | 2023-11-03 | 苏州元脑智能科技有限公司 | Encryption method, decryption method and product based on block cipher |
-
2023
- 2023-06-06 CN CN202310665766.0A patent/CN116684102A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116996327A (en) * | 2023-09-25 | 2023-11-03 | 苏州元脑智能科技有限公司 | Encryption method, decryption method and product based on block cipher |
CN116996327B (en) * | 2023-09-25 | 2024-02-02 | 苏州元脑智能科技有限公司 | Encryption method, decryption method and product based on block cipher |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105812366A (en) | Server, anti-crawler system and anti-crawler verification method | |
CN111294203A (en) | Information transmission method | |
CN116684102A (en) | Message transmission method, message verification method, device, equipment, medium and product | |
CN114499875A (en) | Service data processing method and device, computer equipment and storage medium | |
CN114240347A (en) | Business service secure docking method and device, computer equipment and storage medium | |
CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
CN117395077A (en) | Encryption processing method and device for access request, computer equipment and storage medium | |
CN117040765A (en) | Smart grid terminal authentication method and device, storage medium and computer equipment | |
CN116366364A (en) | Terminal data processing method and system for cloud computer | |
CN116366289A (en) | Safety supervision method and device for remote sensing data of unmanned aerial vehicle | |
CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium | |
CN113243093A (en) | System and method for message transmission and retrieval using blockchains | |
CN114745178A (en) | Identity authentication method, identity authentication device, computer equipment, storage medium and program product | |
CN114238886A (en) | IBE-based power grid PMU identity authentication method, device, computer equipment and medium | |
CN115174260B (en) | Data verification method, device, computer, storage medium and program product | |
CN115426195B (en) | Data transmission method, device, computer equipment and storage medium | |
CN117010000B (en) | Data security service method, device, computer equipment and storage medium | |
CN115426331B (en) | Mail transmission method, mail transmission device, computer equipment and storage medium | |
CN114567444B (en) | Digital signature verification method, device, computer equipment and storage medium | |
CN116488922B (en) | Electronic commerce data transmission method and device based on block chain | |
CN116708039B (en) | Access method, device and system based on zero-trust single-package authentication | |
CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
CN116882983A (en) | Resource transfer method, device, computer equipment and storage medium | |
CN116628636A (en) | Software code hosting method, system, computer device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |