CN117081815A - Method, device, computer equipment and storage medium for data security transmission - Google Patents
Method, device, computer equipment and storage medium for data security transmission Download PDFInfo
- Publication number
- CN117081815A CN117081815A CN202311069507.8A CN202311069507A CN117081815A CN 117081815 A CN117081815 A CN 117081815A CN 202311069507 A CN202311069507 A CN 202311069507A CN 117081815 A CN117081815 A CN 117081815A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- access party
- encryption algorithm
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 158
- 238000012795 verification Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 14
- 230000008569 process Effects 0.000 description 9
- 238000012550 audit Methods 0.000 description 7
- 238000013478 data encryption standard Methods 0.000 description 7
- 230000006854 communication Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 description 2
- 241001441724 Tetraodontidae Species 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, computer equipment and a storage medium for data security transmission, which comprise the following steps: establishing a secure data channel with a data access party; acquiring a target data request of a data access party through an established secure data channel; encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data; and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data. According to the application, the data is encrypted through the encryption protocol and is transmitted through the secure data transmission channel, so that the security and privacy of the data transmission can be effectively ensured, and the risk of data leakage is reduced. Especially in the financial science and technology field, can ensure user privacy information safety and fund safety.
Description
Technical Field
The present application relates to the field of financial science and technology and the internet technology, and in particular, to a method, an apparatus, a computer device and a storage medium for data security transmission.
Background
In the internet of things environment, data transmission of bank internet of things equipment faces more risks and challenges. The internet of things equipment is huge in quantity and wide in distribution, and is generally lack of effective security measures, so that the internet of things equipment is easily attacked by hackers and invaded by malicious software, and the security problems of bank information leakage, fund loss and the like are caused. Meanwhile, the bank internet of things equipment relates to private information of users, such as account information, transaction records and the like, and if the information is revealed, unpredictable risks and losses are generated for property and personal safety of the users. Therefore, data transmission security and privacy protection of the bank internet of things device are very important.
The existing data transmission implementation scheme of the banking equipment has a plurality of defects, wherein the security defect is the most obvious problem, and the traditional data transmission mode has security threats such as interception, tampering or eavesdropping by attackers.
Disclosure of Invention
The application mainly aims to provide a method, a device, computer equipment and a storage medium for data security transmission, which can solve the technical problem of insufficient security of the traditional data transmission mode in the prior art.
To achieve the above object, a first aspect of the present application provides a method for securely transmitting data, applied to a data provider, the method comprising:
establishing a secure data channel with a data access party;
acquiring a target data request of a data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
To achieve the above object, a second aspect of the present application provides an apparatus for secure data transmission, applied to a data provider, the apparatus comprising:
the channel establishing module is used for establishing a safe data channel with the data access party;
the first data acquisition module is used for acquiring a target data request of a data access party through an established secure data channel;
the first encryption module is used for encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
And the data transmission module is used for transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party can correspondingly decrypt the received first ciphertext data to obtain the plaintext of the target data.
To achieve the above object, a third aspect of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
establishing a secure data channel with a data access party;
acquiring a target data request of a data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
To achieve the above object, a fourth aspect of the present application provides a computer apparatus including a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
Establishing a secure data channel with a data access party;
acquiring a target data request of a data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
The embodiment of the application has the following beneficial effects:
according to the application, the data is encrypted through the encryption protocol and is transmitted through the secure data transmission channel, so that the security and privacy of the data transmission can be effectively ensured, and the risk of data leakage is reduced. Especially in the financial science and technology field, can ensure user privacy information safety and fund safety.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Wherein:
FIG. 1 is an application environment diagram of a method for secure data transmission in an embodiment of the present application;
FIG. 2 is a flow chart of a method for secure transmission of data in an embodiment of the application;
FIG. 3 is a block diagram illustrating an apparatus for secure data transmission in accordance with an embodiment of the present application;
fig. 4 is a block diagram of a computer device in an embodiment of the application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
FIG. 1 is an application environment diagram of a method of secure transmission of data in one embodiment. Referring to fig. 1, the method of data security transmission is applied to a system of data security transmission. The system for secure transmission of data includes a terminal 110 and a server 120. The terminal 110 and the server 120 are connected through a network, and the terminal 110 may be a desktop terminal or a mobile terminal, and the mobile terminal may be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The server 120 may be implemented as a stand-alone server or as a server cluster composed of a plurality of servers. The terminal 110 is configured to establish a secure data channel with the server 120, send a target data request to the server 120, and the server 120 is configured to establish a secure data channel with a data access party; acquiring a target data request of a data access party through an established secure data channel; encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data; and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
As shown in fig. 2, in one embodiment, a method of secure transmission of data is provided. The method can be applied to a terminal or a server, and the embodiment is applied to terminal illustration. The data security transmission method specifically comprises the following steps:
s100: and establishing a secure data channel with the data access party.
In particular, the present application applies to data providers. The data provider may be a server of an application system, for example in the field of financial science and technology, the data provider is a server of a financial banking system or other internet of things device. The data access party may be a client, a terminal, an application end, etc. of an application system (e.g., a financial banking system), or may be a server of another system, etc., which is not limited in this aspect of the present application. The application end may specifically include an application APP, an applet, a web page, and the like, without being limited thereto.
The data provider communicates with the data access party through a network to establish a secure data channel. For the data provider and the data access party to conduct secure data interaction through the secure data channel, such as data transmission, data reading, data writing, and the like, but not limited thereto. More specifically, a secure data channel is established using secure channel technology such as VPN or IPSec.
The data transmission is protected by the tunnel through the security channel technology, so that the security of the data transmission can be ensured.
S200: and acquiring the target data request of the data access party through the established secure data channel.
Specifically, the target data request carries a user identification of the data access party and key information that can be used to query or generate the target data. Key information may include, but is not limited to, query fields and field values or related fields and field values, etc.
S300: and encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data.
In particular, the encryption algorithm may include, but is not limited to, a public key encryption algorithm, a symmetric encryption algorithm, and the like. The public key encryption algorithm is also called an asymmetric encryption (public key encryption) algorithm, and refers to an encryption method consisting of a corresponding pair of unique keys (i.e., a public key and a private key).
The public key encryption algorithm may use, for example, but not limited to, RSA, EIGam, knapsack algorithm, rabin, diffie-Hellman (D-H) key exchange protocol, elliptic Curve Cryptography (ECC, elliptic curve encryption algorithm), and the like. The RSA public key cryptosystem is an internationally accepted ideal public key cryptosystem using different encrypted keys and decryption keys, and EIGam.
A key pair may be generated using a public key encryption algorithm, the key pair comprising a public key and a private key, the public key being different from the private key, the public key being used to encrypt data and the private key being used to decrypt data.
The symmetric encryption algorithm is that the encrypted key and the decryption key are the same cryptosystem. The data encryption standard DES belongs to a symmetric key cryptosystem. In the symmetric encryption algorithm, a data sender processes plaintext (original data) and an encrypted key together through a special encryption algorithm, and then the plaintext and the encrypted key are changed into complex encrypted ciphertext to be sent out.
Symmetric encryption algorithms include, but are not limited to, DES, 3DES, AES, TDEA, blowfish, RC, etc. encryption algorithms. The DES encryption algorithm is a block cipher, which encrypts data by taking 64 bits as a block, and the key length is 56 bits, and the same algorithm is used for encryption and decryption. 3DES (Triple DES) is a symmetric algorithm based on DES, and a piece of data is encrypted three times by three different keys, so that the intensity is higher. The AES encryption algorithm uses a symmetric block cipher system, the minimum support of the key length is 128, 192, 256, the block length is 128 bits.
The data provider extracts key information for inquiring or generating target data from the target data request, inquires the target data according to the key information or acquires intermediate data according to the key information, processes the intermediate data to generate the target data, and the target data is response data to be transmitted to the data access party. And then encrypting the target data by using at least one encryption algorithm to obtain first ciphertext data. The first ciphertext data is non-plaintext data obtained by encrypting the target data.
In the financial banking field, the target data may be, for example, financial data such as a bank account balance, a bank card account number, a bank line, a transfer record, and the like.
S400: and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
Specifically, the data provider sends first ciphertext data to the data access party through the secure data channel, and the data access party decrypts the received first ciphertext data to obtain target data of the plaintext.
The embodiment can be applied to data security transmission in various application scenes, in particular to the field of more sensitive data such as financial banks. In the internet of things environment, data transmission of bank internet of things equipment faces more risks and challenges. The internet of things equipment is huge in quantity and wide in distribution, and is generally lack of effective security measures, so that the internet of things equipment is easily attacked by hackers and invaded by malicious software, and the security problems of bank information leakage, fund loss and the like are caused. Meanwhile, the bank internet of things equipment relates to private information of users, such as account information, transaction records and the like, and if the information is revealed, unpredictable risks and losses are generated for property and personal safety of the users. Therefore, the method is very important for data transmission safety and privacy protection of the bank internet of things equipment.
According to the embodiment, the data is encrypted through the encryption protocol and is transmitted through the secure data transmission channel, so that the security and privacy of data transmission can be effectively ensured, and the risk of data leakage is reduced. Especially in the financial science and technology field, can ensure user privacy information safety and fund safety.
In one embodiment, step S300 specifically includes:
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
the decryption key in the first key is provided to the data access party,
encrypting the decryption key in the second key using the encryption key in the first key to obtain an encrypted key,
the encrypted key is provided to the data access party,
encrypting the target data by using an encryption key in the second key to obtain first ciphertext data;
or,
the step S300 specifically includes:
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
the decryption key in the first key and the decryption key in the second key are provided to the data access party,
and encrypting the target data at least twice by utilizing the encryption key in the first key and the encryption key in the second key to obtain first ciphertext data.
Specifically, if the first encryption algorithm is an asymmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is a symmetric encryption algorithm. Step S300 specifically includes: generating a first key pair by using a first encryption algorithm, wherein the first key pair comprises a first public key and a first private key, providing the first private key for a data access party, generating a random key by using a second encryption algorithm, encrypting the random key by using the first public key to obtain an encrypted key, providing the encrypted key for the data access party, and encrypting target data by using the random key to obtain first ciphertext data.
More specifically, the first encryption algorithm may use any one of encryption algorithms such as RSA, EIGam, knapsack algorithm, rabin, diffie-Hellman (D-H) key exchange protocol, elliptic Curve Cryptography (ECC, elliptic curve encryption algorithm), and the like.
The second encryption algorithm may use any one of DES, 3DES, AES, TDEA, blowfish, RC, and the like.
The data provider generates a first key pair using a first encryption algorithm and provides a first private key of the first key pair as a decryption key to the data access party. The first public key of the first key pair is used to encrypt data.
The data provider generates a random key using the second encryption algorithm, the random key being a symmetric key. The data may be encrypted or decrypted using a random key.
The data provider encrypts the random key using the first public key to obtain an encrypted key, and provides the encrypted key to the data access party.
The data provider also encrypts the target data using the random key to obtain first ciphertext data.
The data access party decrypts the encrypted key by using the first private key to obtain a random key; and decrypting the first ciphertext data by using the random key to obtain target data which is plaintext.
If the first encryption algorithm is an asymmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is an asymmetric encryption algorithm. Step S300 specifically includes: generating a first key pair by using a first encryption algorithm, wherein the first key pair comprises a first public key and a first private key, providing the first private key for a data access party, generating a fourth key pair by using a second encryption algorithm, wherein the fourth key pair comprises a fourth public key and a fourth private key, encrypting the fourth private key by using the first public key to obtain an encrypted key, providing the encrypted key for the data access party, and encrypting target data by using the fourth public key to obtain first ciphertext data.
More specifically, the first encryption algorithm and the second encryption algorithm are both asymmetric encryption algorithms. The first encryption algorithm and the second encryption algorithm may use any one of public key encryption algorithms in RSA, EIGam, knapsack algorithm, rabin, diffie-Hellman (D-H) key exchange protocol, elliptic Curve Cryptography (ECC, elliptic curve encryption algorithm), and the like.
The data access party decrypts the encrypted key by using the first private key to obtain a fourth private key, and decrypts the first ciphertext data by using the fourth private key to obtain target data which is plaintext.
If the first encryption algorithm is a symmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is a symmetric encryption algorithm. Step S300 specifically includes: generating a first random key by using a first encryption algorithm, providing the first random key to a data access party, generating a second random key by using a second encryption algorithm, encrypting the second random key by using the first random key to obtain an encrypted key, providing the encrypted key to the data access party, and encrypting target data by using the second random key to obtain first ciphertext data.
The data access party decrypts the encrypted key by using the first random key to obtain a second random key, and decrypts the first ciphertext data by using the second random key to obtain the target data of the plaintext.
If the first encryption algorithm is an asymmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is a symmetric encryption algorithm. Step S300 specifically includes: generating a first key pair by using a first encryption algorithm, wherein the first key pair comprises a first public key and a first private key, providing the first private key for a data access party, generating a random key by using a second encryption algorithm, providing the random key for the data access party, and encrypting target data at least twice by using the first public key and the random key to obtain first ciphertext data.
And the data access party decrypts the first ciphertext data at least twice by using the first private key and the random key to obtain the target data of the plaintext.
If the first encryption algorithm is an asymmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is an asymmetric encryption algorithm. Step S300 specifically includes: generating a first key pair by using a first encryption algorithm, wherein the first key pair comprises a first public key and a first private key, providing the first private key for a data access party, generating a fourth key pair by using a second encryption algorithm, wherein the fourth key pair comprises a fourth public key and a fourth private key, providing the fourth private key for the data access party, and encrypting target data at least twice by using the first public key and the fourth public key to obtain first ciphertext data.
And the data access party decrypts the first ciphertext data at least twice by using the first private key and the fourth private key to obtain the target data of the plaintext.
If the first encryption algorithm is a symmetric encryption algorithm (or public key encryption algorithm), the second encryption algorithm is a symmetric encryption algorithm. Step S300 specifically includes: generating a first random key by using a first encryption algorithm, providing the first random key for a data access party, generating a second random key by using a second encryption algorithm, providing the second random key for the data access party, and encrypting target data at least twice by using the first random key and the second random key to obtain first ciphertext data.
And the data access party decrypts the first ciphertext data at least twice by using the first random key and the second random key to obtain the target data of the plaintext.
In another embodiment, if the first encryption algorithm is an asymmetric encryption algorithm (or a public key encryption algorithm) and the second encryption algorithm is a symmetric encryption algorithm, the data provider encrypts the target data for the first time by using the first public key to obtain first intermediate ciphertext data, and encrypts the first intermediate ciphertext data for the second time by using the random key to obtain first ciphertext data.
The data access party decrypts the first ciphertext data for the first time by using the random key to obtain first intermediate ciphertext data, and decrypts the first intermediate ciphertext data for the second time by using the first private key to obtain plaintext of the target data.
Or,
if the first encryption algorithm is an asymmetric encryption algorithm (or a public key encryption algorithm) and the second encryption algorithm is a symmetric encryption algorithm, the data provider encrypts the target data for the first time by using the random key to obtain first intermediate ciphertext data, and encrypts the first intermediate ciphertext data for the second time by using the first public key to obtain first ciphertext data.
The data access party decrypts the first ciphertext data for the first time by using the first private key to obtain first intermediate ciphertext data, and decrypts the first intermediate ciphertext data for the second time by using the random key to obtain plaintext of the target data.
Of course, the foregoing is merely illustrative of how the data may be encrypted and decrypted, and the application is not limited in this regard.
In addition, the data provider can provide the secret key to the data access party in the negotiation process of establishing the secure data channel, and the application is not limited to the way in which the secret key is exchanged between the two parties.
The following purposes can be achieved by adopting various encryption modes:
the data security is higher: by adopting multi-level data encryption and authentication measures, the security problems such as data leakage and tampering can be effectively prevented.
The transmission efficiency is higher: by adopting the encryption algorithm based on hardware acceleration, the data can be encrypted and decrypted more quickly, and the transmission efficiency is improved.
The compatibility is better: the standard encryption and authentication protocol is adopted, so that the device can be better compatible with various different types of devices, and the interoperability of the devices is improved.
The flexibility is stronger: by adopting a flexible key management mechanism, the key management and maintenance can be more conveniently carried out, and the flexibility and the expandability of the system are improved.
Privacy protection is better: by adopting end-to-end encryption and authentication measures, the privacy and data security of the user can be better protected, and the trust feeling and satisfaction of the user can be enhanced.
The embodiment encrypts the data through various encryption methods to ensure the safety of data transmission and effectively reduce the risks of eavesdropping and tampering of the data. The data transmitted in the data transmission safety implementation scheme of the bank internet of things equipment in the internet of things environment can be ensured to be encrypted, and confidentiality and integrity of the data can be protected. Meanwhile, in the data transmission process, the secret key is only transmitted in the negotiation process, so that the security of the secret key can be protected.
In one embodiment, before forming the first ciphertext data, the method further comprises:
matching a third encryption algorithm according to the acquired user type of the data access party,
a third key is generated using a third encryption algorithm,
providing the encryption key in the third key to the data access party;
the step S200 specifically includes:
receiving second ciphertext data sent by the data access party, wherein the second ciphertext data is obtained by encrypting a target data request by the data access party by using an encryption key in a third key;
and decrypting the second ciphertext data by using the decryption key in the third key to obtain the plaintext of the target data request.
Specifically, users of different user types may have different data access rights, and thus the data that can be acquired may be different. The higher the data access rights the richer the user can access the data content, the more likely the data content is sensitive data. The lower the data access rights the more single or less sensitive the data content accessible to the user.
Based on the above, the embodiment can encrypt the accessed data by adopting different encryption algorithms for different types of users, thereby realizing different-level and targeted encryption.
And obtaining the user type of the data access party, and matching a third encryption algorithm matched with the user type of the data access party according to the user type of the data access party. The higher the user type level of the data access party (i.e. the more extensive or sensitive the data that is accessible), the higher the level and security of the third encryption algorithm it matches. The lower the user type level of the data access party (i.e. the narrower or less sensitive the data that can be accessed), the lower the level and security of the third encryption algorithm it matches or the simpler the third encryption algorithm.
And if the third encryption algorithm is an asymmetric encryption algorithm, generating a second key pair by using the third encryption algorithm, wherein the second key pair comprises a second public key and a second private key, and transmitting the second public key to the data access party. The second key pair is the third key.
The step S200 specifically includes: receiving second ciphertext data sent by a data access party, wherein the second ciphertext data is obtained by encrypting a target data request by the data access party by using a second public key; and decrypting the second ciphertext data by using the second private key to obtain a plaintext of the target data request.
And if the third encryption algorithm is a symmetric encryption algorithm, generating a third random key by using the third encryption algorithm, and transmitting the third random key to the data access party. The third random key, i.e., the third key, may encrypt data as well as decrypt data.
The step S200 specifically includes: receiving second ciphertext data sent by a data access party, wherein the second ciphertext data is obtained by encrypting a target data request by the data access party by using a third random key; and decrypting the second ciphertext data by using the third random key to obtain a plaintext of the target data request.
According to the embodiment, the user type is used for accessing Fang Pipei the data by using a third encryption algorithm, a third encryption key is generated by using the third encryption algorithm, and the encryption key in the third encryption key is provided for a data access party, so that the data access party can also conduct data encryption protection when sending data to the data provider, the data security and privacy are further ensured, in addition, according to the user type, the third encryption algorithm matched with the user can realize targeted encryption, unnecessary complex encryption and blind encryption on non-sensitive data are reduced, and further, the calculation cost caused by blind encryption and decryption is reduced.
In one embodiment, step S300 specifically includes:
and encrypting the target data indicated by the target data request according to the user type matching at least one encryption algorithm of the data access party to form first ciphertext data.
Specifically, for example, a fourth encryption algorithm is matched, a fifth key pair is generated according to the fourth encryption algorithm, the fifth key pair includes a fifth public key and a fifth private key, and the fifth private key is sent to the data access party. Determining target data according to the target data request; encrypting the target data by using the fifth public key to form first ciphertext data; transmitting the first ciphertext data to a data access party; and the data access party uses the fifth private key to correspondingly decrypt the received first ciphertext data to obtain the target data of the plaintext.
Or, matching the fifth encryption algorithm, generating a fifth random key according to the fifth encryption algorithm, and transmitting the fifth random private key to the data access party. Determining target data according to the target data request; encrypting the target data by using the fifth random key to form first ciphertext data; transmitting the first ciphertext data to a data access party; and the data access party uses the fifth random key to correspondingly decrypt the received first ciphertext data to obtain the target data of the plaintext.
Or, matching to the first encryption algorithm and the second encryption algorithm;
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
The decryption key in the first key is provided to the data access party,
encrypting the decryption key in the second key using the encryption key in the first key to obtain an encrypted key,
the encrypted key is provided to the data access party,
and encrypting the target data by using the encryption key in the second key to obtain the first ciphertext data.
Or, matching to the first encryption algorithm and the second encryption algorithm;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data, wherein the first ciphertext data comprises the following steps:
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
the decryption key in the first key and the decryption key in the second key are provided to the data access party,
and encrypting the target data at least twice by utilizing the encryption key in the first key and the encryption key in the second key to obtain first ciphertext data.
The specific encryption process of the first encryption algorithm and the second encryption algorithm is referred to in the above description, and will not be described herein.
According to the embodiment, the target data indicated by the target data request is encrypted by matching the user type with at least one encryption algorithm for the data access party to form the first ciphertext data, so that targeted encryption can be realized, unnecessary complex encryption and blind encryption on non-sensitive data are reduced, and further calculation expenditure caused by blind encryption and decryption is reduced.
In one embodiment, the establishing a secure data channel with the data access party in step S100 includes:
and carrying out identity verification with the data access party through a handshake protocol, exchanging an encryption key after the identity verification is passed, and establishing a secure data channel with the data access party.
In particular, a secure handshake protocol, such as a secure communication protocol, e.g., TLS/SSL, is established between the data provider and the data access party, as the application is not limited in this regard. Wherein TLS is a transport layer security protocol (Transport Layer Security) and SSL is a secure socket layer (Secure Sockets Layer).
Through a handshake protocol, the data provider can perform identity verification on the data access party and exchange encryption keys to ensure data encryption and integrity in the communication process. The handshake protocol is a protocol that the client and the server establish SSL connection and execute first, and is completed before data transmission, and the server and the client mutually identify each other by using the protocol, negotiate an encryption algorithm, a MAC algorithm, and a session key used for encrypting the data.
The above-mentioned public key or private key or random key is a session key provided to the communication partner in the process of establishing the secure data channel.
Once the handshake protocol is completed, the two communication parties can encrypt the data by using the encryption key, and the two communication parties can perform the interaction of the encrypted data, so that the data is ensured not to be tampered or stolen in the transmission process.
By establishing the secure data channel, the embodiment can effectively ensure confidentiality, security and integrity in the data transmission process.
In one embodiment, before forming the first ciphertext data, the method further comprises:
according to the user type, authorizing access rights matched with the user type by different users;
extracting a user identification of a data access party from a target data request, and determining the access authority of the data access party according to the user identification;
verifying the access authority of the data access party to the target data according to the access authority of the data access party;
encrypting the target data indicated by the target data request using at least one encryption algorithm, comprising: and if the data access party has access rights to the target data, encrypting the target data indicated by the target data request by adopting at least one encryption algorithm.
Specifically, the data access party may be any one user. Before a user accesses data, the user needs to apply for authorization to access the data provider, for example, by registering an account number. The user types corresponding to the user accounts can include, but are not limited to, administrators, operators (e.g., testers, operation and maintenance personnel, developers), common users, and the like, but are not limited to, different user accounts, different roles, and different owned access rights.
Based on the above, the data provider needs to verify whether the data access party has access right to the target data, namely, identity authentication and verification are performed on the data access party. If the data access party has access rights to the target data, namely the authentication is passed, the target data is encrypted and the encrypted target data is sent to the data access party. If the data access party does not have access to the target data, i.e. authentication is not passed, the provision of the target data to the data access party is denied. Still further, the data provider sends a reply to the data access party indicating unauthorized access.
In addition, in this embodiment, access rights or identity authentication may be performed by using methods such as user name password authentication and certificate authentication, and an Access Control List (ACL) may be configured to limit the user to access a specific resource or perform a specific operation.
Alternatively, after the secure channel is established, the data provider may verify the identity of both parties to the communication via an authentication and authorization mechanism and authorize access to specific data. For example, a token, access token, or certificate mechanism is used to control the access rights of a data access party to data.
In another embodiment, the data provider can also periodically audit the access right verification function, discover and repair defects of the access right verification function in time, and process unauthorized access behaviors so as to ensure the accuracy of identity authentication or access right authentication and reduce the miss rate.
The embodiment adopts a user authentication mode, ensures that only users after authentication can access target data, and ensures data security and confidentiality to a certain extent. The method and the device are applied to the fields of financial banks and the like, and can realize access control of the bank Internet of things equipment data, so that the safety and privacy of the financial data are guaranteed.
In one embodiment, the method further comprises:
and recording access logs of all data access parties, and carrying out data analysis on the access logs to judge whether abnormal user operation occurs.
Specifically, the operation logs of all users (data access parties) are recorded and analyzed, so that abnormal conditions can be found in time and the operation records can be traced back.
By recording and analyzing the access log, the embodiment can find abnormality in time, further ensure the safety of data, and particularly prevent sensitive data in the fields of financial industry and the like from being stolen.
In another embodiment, the data provider may also monitor and record access operations of the data access party (including access and operation to related devices and access and operation of data) to obtain monitored data; and analyzing the monitoring data, and identifying and preventing threat events according to the analysis result.
Specifically, the data provider monitors and records the access and operation of the equipment and the data, and timely discovers and prevents security vulnerabilities and attacks. Specifically, the occurrence of threat events is identified and prevented, for example, by collecting, analyzing, and reporting operational records, logs, etc., of various aspects of the system, network, application, etc.
The related devices comprise the bank internet of things device in the internet of things environment, security audit can be achieved through monitoring of the embodiment, and the security audit can help monitor data transmission behaviors of the devices, including who accesses the devices at the time, which functions are used, which data are generated, and the like. Potential security risks and vulnerabilities can be identified and located through security audit, so that corresponding measures are taken in time for precaution and treatment. In addition, the security audit can also help a manager of the banking equipment to manage and decide, for example, analyze the service condition of the equipment, make more scientific and reasonable strategies and specifications, and improve the utilization rate and efficiency of the equipment.
In one embodiment, the method further comprises: and carrying out security updating and patch upgrading on related devices and systems.
In particular, related devices and systems include devices local to the data provider, devices local to the data access party, and systems where the data provider and the data access party are located. The devices local to the data provider include servers and the like. The device local to the data access party comprises a server or a user terminal.
The data provider performs security updating and patch upgrading on the locally located device. The data access party can automatically and regularly perform security updating and patch upgrading on the local equipment. And the equipment of any one of the local equipment of the data provider and the local equipment of the data access party carries out security updating and patch updating, namely the updating of the corresponding system is realized. The equipment and the system are updated in time by security updating and patch updating, so that known security holes can be eliminated, and the security of the system can be improved.
In the internet of things environment, especially in the data transmission security implementation scheme of the bank internet of things device, security update is usually implemented through software update. Because of the large number of devices, a great deal of labor and time are required for updating the device software, so that the updating work can be more efficiently completed by adopting a remote software updating mode.
Specifically, a centralized software update system is designed, which is responsible for managing software updates of all server-side devices and/or client-side devices (such as a bank internet of things device). When the device software of the data provider needs to be updated, the software updating system sends an updating request to the devices or the related devices where all the data providers are located, the data provider replies a response of agreeing to update or disagreeing to update to the software updating system according to the updating request, and the software updating system sends an updating package to the data provider agreeing to update. The update package can be encrypted by an encryption protocol, so that the security in the transmission process is ensured. Meanwhile, a safety check mechanism can be set to ensure that the update package received by the equipment is from a trusted update source. And the data provider performs security verification and decryption on the received update package, obtains the plaintext of the update package after the security verification is passed, and performs software security update and patch upgrade on the local equipment or the related equipment by using the plaintext of the update package.
After the update is completed, the data provider can automatically conduct security audit on the update result so as to ensure the security and effectiveness of the update.
Similarly, when the device software of the data access party needs to be updated, the software updating system sends an updating request to the devices or the associated devices of all the data access parties, the data access party replies a response of agreeing to update or disagreeing to update to the software updating system according to the updating request, and the software updating system sends an updating package to the data access party agreeing to update. The update package can be encrypted by an encryption protocol, so that the security in the transmission process is ensured. Meanwhile, a safety check mechanism can be set to ensure that the update package received by the equipment is from a trusted update source. And the data access party performs security check and decryption on the received update package, obtains the plaintext of the update package after the security check is passed, and performs software security update and patch upgrade on the local equipment or the related equipment by using the plaintext of the update package.
After the update is completed, the data access party can automatically conduct security audit on the update result so as to ensure the security and the effectiveness of the update.
In another embodiment, hardware security mechanisms may also be employed, such as using physical security locks, hardware encryption chips, secure booting, etc., to protect the security of the device and data.
The application comprehensively utilizes various security technologies and measures to improve the security and reliability of data transmission, and comprehensively utilizes various data encryption technologies: the application comprehensively uses symmetric encryption and asymmetric encryption, and can also use various data encryption technologies such as message digest, digital signature and the like to encrypt and protect data from a plurality of layers, thereby improving the security of data transmission.
Of course, the application can also adopt dynamic key management technology to realize dynamic key management, update the key regularly, reduce the risk of key leakage and improve the security of data transmission.
The application can also use the techniques such as message digest and digital signature to verify the data integrity, thus realizing the verification of the data integrity and effectively preventing the data from being tampered and forged.
The application can also introduce a blockchain technology to ensure the data non-falsification and the data non-repudiation in the data transmission process, thereby fundamentally ensuring the safety of the data transmission. And the possible security threat and attack are prevented, and the reliability and the integrity of the data are ensured.
The application can also use the technology of the gateway of the Internet of things, and uses the gateway of the Internet of things as a transfer station for data transmission, thereby realizing data isolation and effectively preventing malicious attack and unauthorized access.
Referring to fig. 3, the present application also provides a device for securely transmitting data, applied to a data provider, the device comprising:
a channel establishment module 100, configured to establish a secure data channel with a data access party;
a first data obtaining module 200, configured to obtain a target data request of a data access party through an established secure data channel;
a first encryption module 300, configured to encrypt target data indicated by the target data request by using at least one encryption algorithm, to form first ciphertext data;
the data transmission module 400 is configured to transmit the first ciphertext data to the data access party through the secure data channel, so that the data access party performs corresponding decryption on the received first ciphertext data to obtain plaintext of the target data.
In one embodiment, the first encryption module 300 specifically includes:
a first key generation module for generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
a first key providing module for providing the decryption key in the first key to the data access party,
a key encryption module for encrypting the decryption key in the second key by using the encryption key in the first key to obtain an encrypted key,
A second key providing module for providing the encrypted key to the data access party,
the data encryption module is used for encrypting the target data by using the encryption key in the second key to obtain first ciphertext data;
or,
the first encryption module 300 specifically includes:
a first key generation module for generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
a first key providing module for providing the decryption key in the first key and the decryption key in the second key to the data access party,
and the data encryption module is used for encrypting the target data at least twice by utilizing the encryption key in the first key and the encryption key in the second key to obtain first ciphertext data.
In one embodiment, the apparatus further comprises:
an encryption algorithm matching module for matching a third encryption algorithm according to the acquired user type of the data access party,
a second key generation module for generating a third key using a third encryption algorithm,
a third key providing module for providing the encryption key in the third key to the data access party;
the first data acquisition module 200 specifically includes:
The data receiving module is used for receiving second ciphertext data sent by the data access party, wherein the second ciphertext data is obtained by encrypting the target data request by the data access party by utilizing an encryption key in the third key;
and the decryption module is used for decrypting the second ciphertext data by using the decryption key in the third key to obtain the plaintext of the target data request.
In one embodiment, the channel establishment module 100 is specifically configured to perform authentication with the data access party through a handshake protocol, exchange an encryption key after the authentication passes, and establish a secure data channel with the data access party.
In one embodiment, the apparatus further comprises:
the authorization module is used for authorizing the access rights matched with the user types of different users according to the user types;
the permission determining module is used for extracting the user identification of the data access party from the target data request and determining the access permission of the data access party according to the user identification;
the permission verification module is used for verifying the access permission of the data access party to the target data according to the access permission of the data access party;
the first encryption module 300 is specifically configured to encrypt, if the data access party has access rights to the target data, the target data indicated by the target data request by adopting at least one encryption algorithm.
In one embodiment, the apparatus further comprises:
the anomaly analysis module is used for recording access logs of all data access parties, and carrying out data analysis on the access logs so as to judge whether abnormal user operation occurs.
In one embodiment, the apparatus further comprises:
and the updating and upgrading module is used for carrying out safety updating and patch upgrading on related equipment and systems.
FIG. 4 illustrates an internal block diagram of a computer device in one embodiment. The computer device may specifically be a terminal or a server. As shown in fig. 4, the computer device includes a processor, a memory, and a network interface connected by a system bus. The memory includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system, and may also store a computer program which, when executed by a processor, causes the processor to implement the steps of the method embodiments described above. The internal memory may also have stored therein a computer program which, when executed by a processor, causes the processor to perform the steps of the method embodiments described above. It will be appreciated by persons skilled in the art that the architecture shown in fig. 4 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of:
establishing a secure data channel with a data access party;
acquiring a target data request of a data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
and transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
In one embodiment, a computer readable storage medium is provided, storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
establishing a secure data channel with a data access party;
acquiring a target data request of a data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
And transmitting the first ciphertext data to the data access party through the secure data channel, so that the data access party carries out corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
Those skilled in the art will appreciate that the processes implementing all or part of the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, and the program may be stored in a non-volatile computer readable storage medium, and the program may include the processes of the embodiments of the methods as above when executed. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. A method for secure transmission of data for use with a data provider, the method comprising:
establishing a secure data channel with a data access party;
acquiring a target data request of the data access party through an established secure data channel;
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
And transmitting the first ciphertext data to a data access party through the secure data channel, so that the data access party performs corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
2. The method of claim 1, wherein encrypting the target data indicated by the target data request using at least one encryption algorithm to form first ciphertext data comprises:
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
providing a decryption key of the first key to the data access party,
encrypting the decryption key in the second key using the encryption key in the first key to obtain an encrypted key,
providing the encrypted key to the data access party,
encrypting the target data by using an encryption key in the second key to obtain first ciphertext data;
or,
encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data, wherein the method comprises the following steps:
generating a first key using a first encryption algorithm, generating a second key using a second encryption algorithm,
Providing the decryption key of the first key and the decryption key of the second key to the data access party,
and encrypting the target data at least twice by utilizing the encryption key in the first key and the encryption key in the second key to obtain first ciphertext data.
3. The method of claim 1, wherein prior to forming the first ciphertext data, the method further comprises:
according to the acquired user type of the data access party, matching a third encryption algorithm,
generating a third key using the third encryption algorithm,
providing an encryption key in the third key to the data access party;
the obtaining the target data request of the data access party through the established secure data channel comprises the following steps:
receiving second ciphertext data sent by the data access party, wherein the second ciphertext data is obtained by encrypting a target data request by the data access party by utilizing an encryption key in the third key;
and decrypting the second ciphertext data by using the decryption key in the third key to obtain the plaintext of the target data request.
4. The method of claim 1, wherein establishing a secure data channel with a data access party comprises:
and carrying out identity verification with the data access party through a handshake protocol, exchanging an encryption key after the identity verification is passed, and establishing a secure data channel with the data access party.
5. The method of claim 1, wherein prior to forming the first ciphertext data, the method further comprises:
according to the user type, authorizing access rights matched with the user type by different users;
extracting a user identifier of the data access party from the target data request, and determining the access right of the data access party according to the user identifier;
verifying the access authority of the data access party to the target data according to the access authority of the data access party;
the encrypting the target data indicated by the target data request by adopting at least one encryption algorithm comprises the following steps: and if the data access party has the access right to the target data, encrypting the target data indicated by the target data request by adopting at least one encryption algorithm.
6. The method according to claim 1, wherein the method further comprises:
And recording access logs of all data access parties, and carrying out data analysis on the access logs to judge whether abnormal user operation occurs.
7. The method according to claim 1, wherein the method further comprises:
and carrying out security updating and patch upgrading on related devices and systems.
8. An apparatus for secure transmission of data for use with a data provider, the apparatus comprising:
the channel establishing module is used for establishing a safe data channel with the data access party;
the first data acquisition module is used for acquiring a target data request of the data access party through an established secure data channel;
the first encryption module is used for encrypting the target data indicated by the target data request by adopting at least one encryption algorithm to form first ciphertext data;
and the data transmission module is used for transmitting the first ciphertext data to a data access party through the secure data channel, so that the data access party can perform corresponding decryption on the received first ciphertext data to obtain the plaintext of the target data.
9. A computer readable storage medium storing a computer program, which when executed by a processor causes the processor to perform the steps of the method according to any one of claims 1 to 7.
10. A computer device comprising a memory and a processor, wherein the memory stores a computer program which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311069507.8A CN117081815A (en) | 2023-08-23 | 2023-08-23 | Method, device, computer equipment and storage medium for data security transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311069507.8A CN117081815A (en) | 2023-08-23 | 2023-08-23 | Method, device, computer equipment and storage medium for data security transmission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117081815A true CN117081815A (en) | 2023-11-17 |
Family
ID=88707690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311069507.8A Pending CN117081815A (en) | 2023-08-23 | 2023-08-23 | Method, device, computer equipment and storage medium for data security transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117081815A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117478439A (en) * | 2023-12-28 | 2024-01-30 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
-
2023
- 2023-08-23 CN CN202311069507.8A patent/CN117081815A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117478439A (en) * | 2023-12-28 | 2024-01-30 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
| CN117478439B (en) * | 2023-12-28 | 2024-04-19 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102812684B (en) | Implement the system and method for computer strategy | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| US20070074282A1 (en) | Distributed SSL processing | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN103001976A (en) | Safe network information transmission method | |
| US11831753B2 (en) | Secure distributed key management system | |
| EP2786292A1 (en) | Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management | |
| CN108418691A (en) | Dynamic network identity identifying method based on SGX | |
| JP2004509398A (en) | System for establishing an audit trail for the protection of objects distributed over a network | |
| CN101695038A (en) | Method and device for detecting SSL enciphered data safety | |
| CN114024710A (en) | Data transmission method, device, system and equipment | |
| CN117081815A (en) | Method, device, computer equipment and storage medium for data security transmission | |
| Junghanns et al. | Engineering of secure multi-cloud storage | |
| US11640480B2 (en) | Data message sharing | |
| CN111611620B (en) | Access request processing method and related device of access platform | |
| Lee et al. | Study on the transaction linkage technique combined with the designated terminal for 5G-enabled IoT | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| Kwon et al. | Certificate transparency with enhanced privacy | |
| KR102211033B1 (en) | Agency service system for accredited certification procedures | |
| KR20230111434A (en) | Method and system for mydata service authentication | |
| CN111935164B (en) | Https interface request method | |
| US11184339B2 (en) | Method and system for secure communication | |
| KR20190083160A (en) | Module for controlling encryption communication protocol | |
| CN113556365B (en) | Authentication result data transmission system, method and device | |
| TWI794126B (en) | A supervision system and method on end-to-end encrypted messaging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |