WO2019242163A1 - Data security verification method, apparatus and system, and computer device and storage medium - Google Patents

Data security verification method, apparatus and system, and computer device and storage medium Download PDF

Info

Publication number
WO2019242163A1
WO2019242163A1 PCT/CN2018/109490 CN2018109490W WO2019242163A1 WO 2019242163 A1 WO2019242163 A1 WO 2019242163A1 CN 2018109490 W CN2018109490 W CN 2018109490W WO 2019242163 A1 WO2019242163 A1 WO 2019242163A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encrypted data
generated
server
terminal
Prior art date
Application number
PCT/CN2018/109490
Other languages
French (fr)
Chinese (zh)
Inventor
何兵
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019242163A1 publication Critical patent/WO2019242163A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the present application relates to the field of data processing technology, and in particular, to a method, device, system, computer equipment, and storage medium for data security verification.
  • Hybrid framework applications allow developers to embed HTML applications in a native container, combining the advantages of native applications and HTML applications.
  • the application of the Hybrid framework is often delivered through the network when updating HTML page resources and related resources, that is, the terminal where the application is located downloads the update package through the network, or the server sends the update package to the application through the network. Terminal.
  • An application usually has many updates. If it is updated, a hacker intercepts the update package, injects other things into the update package, and sends it to the terminal. This involves resource security issues.
  • the embodiments of the present application provide a data security verification method, device, system, computer equipment, and storage medium, which can improve data security.
  • an embodiment of the present application provides a data security verification method, which is applied to a terminal.
  • the method includes:
  • a pair of public and private keys are generated by an asymmetric encryption algorithm; a first request is sent to the server, wherein the first request includes the public key, and the The first request is used to obtain first encrypted data on the server side, where the first encrypted data is obtained by the server side by encrypting the generated data through a message digest algorithm; receiving the second encrypted data returned by the server side, where The second encrypted data is obtained by the server side using the public key to encrypt the first encrypted data; using the private key to decrypt the received second encrypted data to obtain the first encrypted data; Sending a second request to the server, the second request is used to obtain the generated data on the server; receive the generated data returned by the server; and encrypt the generated data by the message digest algorithm, To obtain third encrypted data; verify the received generated data according to the first encrypted data and the third encrypted data Is it safe.
  • an embodiment of the present application further provides a data security verification method, which is applied to a server side, and the method includes:
  • the generated data is encrypted by a message digest algorithm to obtain the first encrypted data; a first request sent by the terminal where the application is located, wherein the first request includes the terminal using asymmetric encryption
  • the public key generated by the algorithm, the first request is used to obtain the first encrypted data; the first encrypted data is encrypted using the public key to obtain the second encrypted data; and the second encrypted data is sent to the terminal
  • an embodiment of the present application provides a data security verification device.
  • the device includes a unit for executing a data security verification method according to the first aspect, or includes a unit for executing the second aspect. Corresponding unit of a data security verification method.
  • an embodiment of the present application provides a data security verification system, including a server end and at least one terminal, where the terminal is used to execute the data security verification method described in the first aspect, and the server end is used to execute A data security verification method according to the above second aspect.
  • an embodiment of the present application provides a computer device, where the computer device includes a memory and a processor connected to the memory;
  • the memory is configured to store a computer program
  • the processor is configured to run the computer program stored in the memory to perform the data security verification method according to the first aspect, or to perform the data security verification according to the second aspect. method.
  • an embodiment of the present application provides a computer-readable storage medium.
  • the computer-readable storage medium stores a computer program.
  • the computer program includes program instructions. When the program instructions are executed by a processor, the foregoing is implemented.
  • a pair of public and private keys are generated by using an asymmetric encryption algorithm, and the public key is sent to the server, so that the server encrypts the first encrypted data according to the public key to obtain the second encrypted data, where The first encrypted data is obtained by the server-side detection of the generated data, and the generated data is encrypted by using a message digest algorithm.
  • the terminal receives the second encrypted data, it uses the private key to decrypt to obtain the first encrypted data.
  • the third encrypted data is obtained by encryption using the same message digest algorithm, and whether the generated data is safe is verified based on the third encrypted data and the first encrypted data.
  • the server uses the public key of the asymmetric encryption algorithm to encrypt the first encrypted data, obtains the second encrypted data, and sends it to the terminal. Only the terminal with the private key can decrypt the first Two encrypted data data to obtain the first encrypted data.
  • the first encrypted data obtained by the decryption since the first encrypted data obtained by the decryption is accurate, the first encrypted data and the third encrypted data obtained by the decryption can be used to verify whether the obtained generated data is safe, and the data security is improved. .
  • FIG. 1 is a sequence diagram of a data security verification system provided by an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a data security verification method according to an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a sub-process of a data security verification method according to an embodiment of the present application.
  • FIG. 4 is a schematic diagram of another sub-process of a data security verification method according to an embodiment of the present application.
  • FIG. 5 is a schematic flowchart of a data security verification method according to another embodiment of the present application.
  • FIG. 6 is a schematic diagram of a sub-process of a data security verification method according to another embodiment of the present application.
  • FIG. 7 is a schematic block diagram of a data security verification device according to an embodiment of the present application.
  • FIG. 8 is a schematic block diagram of a condition detection unit according to an embodiment of the present application.
  • FIG. 9 is a schematic block diagram of a verification unit according to an embodiment of the present application.
  • FIG. 10 is a schematic block diagram of a data security verification device according to another embodiment of the present application.
  • FIG. 11 is a schematic block diagram of a computer device according to an embodiment of the present application.
  • server-side generated data mentioned in the embodiments of the present application may be any type of any data that communicates with the terminal, and the generated data is generated by the server.
  • the generated data is an application program update package as an example for description.
  • FIG. 1 is a sequence diagram of a data verification system provided by an embodiment of the present application.
  • the data verification system includes a server and at least one terminal.
  • the terminal includes, but is not limited to, electronic devices with communication functions such as smart phones, tablet computers, notebook computers, desktop computers, personal digital assistants, and wearable devices.
  • the server may be an independent server or a server cluster composed of multiple servers, and the server communicates with the terminal to send data generated by the server to the terminal so that the terminal verifies whether the generated data received is Safety. If the generated data includes the generated application version update package, the corresponding terminal includes an application, and the server is a server corresponding to the application.
  • the server detects the generated data, the generated data is encrypted by the message digest algorithm to obtain the first encrypted data; if the terminal detects that the conditions for obtaining the data generated by the server are met, the asymmetric encryption algorithm is used. Generate a pair of public and private keys; the terminal sends a first request to the server, where the first request includes a public key, the first request is used to obtain the first encrypted data of the server; the server receives the terminal and sends After the first request, the first encrypted data is encrypted by using the public key to obtain the second encrypted data; the second encrypted data is sent to the terminal; after the second encrypted data is received by the terminal, the private key is decrypted and received The second encrypted data obtained to obtain the first encrypted data; the terminal sends a second request to the server, the second request is used to obtain the generated data on the server side; the server sends the second request to the terminal after receiving the second request from the terminal The requested generated data; the terminal receives the generated data returned by the server and passes the generated data through the same message.
  • the server uses the public key of the asymmetric encryption algorithm to encrypt the first encrypted data, obtains the second encrypted data, and sends it to the terminal. Only the terminal with the private key can decrypt the first Two encrypted data data to obtain the first encrypted data.
  • the embodiment of the present application makes the first encrypted data obtained by decryption accurate.
  • the terminal uses the same message digest algorithm to encrypt the generated data to obtain third encrypted data. Based on the third encrypted data and the first encrypted data, whether the generated data obtained is safe can be verified, and the data security is improved.
  • FIG. 2 is a schematic flowchart of a data security verification method according to an embodiment of the present application. The method is applied in a terminal. The method includes the following steps S201-S208.
  • the asymmetric encryption algorithm generates a pair of secret keys during use, namely a public key and a private key.
  • the public key is used for encryption, and the private key can be used for decryption.
  • Asymmetric algorithms such as the RSA algorithm.
  • the data security verification method further includes: if an acquisition instruction is received, detecting whether a condition for acquiring data generated by the server is met.
  • the step of detecting whether the conditions for obtaining the data generated by the server are met includes the following steps S301-S306.
  • S303 Determine whether the application program needs to be updated according to the version number of the application program returned by the server and the obtained current version number of the application program. If no version update is required, it is determined that the conditions for obtaining data generated by the server are not met.
  • step S303 includes: determining whether the version number of the application program returned by the server is greater than the current version number of the obtained application program; if the version number of the application program returned by the server side is greater than the current version number of the application program, determining whether the application program needs to be performed Version update; if the version number of the application program returned by the server is not greater than the current version number of the obtained application program, it is determined that the application program does not need to be updated.
  • the terminal's current operating environment data includes network environment, hardware environment, power, etc.
  • the network environment includes whether the terminal is currently using a WIFI network or traffic, and if the terminal is using a WIFI network, it corresponds to the network speed of the WIFI network.
  • the hardware environment includes the remaining amount or occupancy of the hardware involved in the terminal, such as memory, hard disk, and CPU.
  • the server determines whether the terminal satisfies the conditions for obtaining the application version update package according to the running environment data, and please refer to the corresponding description in the server embodiment.
  • the terminal and the server need to pre-negotiate whether the corresponding terminal satisfies the condition for obtaining the application version update package, such as whether the terminal meets the requirements for obtaining the application version update package.
  • the condition is represented by parameter A.
  • yes is used to meet the conditions for obtaining the application version update package, and no is used to indicate that the conditions for obtaining the application version update package are not met; yes may also be used to indicate that the The condition for obtaining the application version update package, non-yes means that the condition for obtaining the application version update package is not met; it can also be 0 or 1, for example, if 1 is used to meet the conditions for obtaining the application version update package, 0 is not satisfied Get the conditions for the application version update package, etc. You can also use other numbers, letters, text, and so on.
  • the corresponding confirmation information is sent to the terminal.
  • the detection terminal parses the corresponding parameters and values, and determines whether the conditions for obtaining the data generated by the server are met according to the corresponding parameters and values.
  • a first request is sent to the server, where the first request includes the public key, and the first request is used to obtain first encrypted data of the server, where the first encrypted data is a server-side pass message digest.
  • the algorithm encrypts the generated data.
  • the main feature of the message digest algorithm is that the encryption process does not require a key, and the encrypted data cannot be decrypted. Only the same plaintext data (data that needs to be encrypted) can be obtained through the same message digest algorithm to obtain the same ciphertext ( Encrypted data). If the server detects the generated data, it encrypts the generated data through a message digest algorithm to obtain the first encrypted data.
  • the terminal sends a first request to the server.
  • the first request includes a public key generated by an asymmetric encryption algorithm, and the first request is used to request the first encrypted data on the server side.
  • the message digest algorithm can use the MD5 algorithm.
  • S203 Receive second encrypted data returned by the server, where the second encrypted data is obtained by the server using the public key to encrypt the first encrypted data.
  • the server sends the second encrypted data obtained by encrypting the first encrypted data with the public key to the terminal, and the terminal receives the second encrypted data returned by the server.
  • the second encrypted data is calculated by using the public key of the first encrypted data. Since the private key is on the terminal that sends the request, only the terminal that sent the request can decrypt the second encrypted data with the private key, and After receiving the second encrypted data, other terminals cannot decrypt it.
  • the terminal decrypts the received second encrypted data by using the private key to obtain the first encrypted data. Because only the terminal that sent the request can decrypt the second encrypted data, it can prevent others from receiving the second encrypted data by mistake (even after receiving the second encrypted data, other terminals cannot decrypt because they have no secret key). At the same time, because the first encrypted data obtained after decryption is calculated by the message digest algorithm, it is almost difficult or impossible to decrypt. Therefore, the private key and digest algorithm in the asymmetric encryption algorithm can ensure that the first encrypted data obtained by the terminal after decryption is accurate and true.
  • S207 Encrypt the generated data through the same message digest algorithm to obtain third encrypted data. It should be noted that the message digest algorithm in this step is the same as the message digest algorithm in step 2. Like the MD5 algorithm.
  • step S208 includes the following steps S401-S403.
  • S402. Determine whether the first encrypted data and the third encrypted data are the same according to the comparison result.
  • the received generated data is secure.
  • the received generated data is determined to be safe for further operations, such as determining the security of the version update package corresponding to the application, and using the version update package to update the application.
  • the message digest algorithm only needs to input the same plaintext data (data that needs to be encrypted) and go through the same message digest algorithm to get the same ciphertext (encrypted data). Therefore, if the generated data received by the terminal is changed, after the same message digest algorithm, the third encrypted data will change accordingly. Therefore, the third encrypted data and the first encrypted data are compared and judged. If the data is the same, it can be known whether the received generated data has been changed, that is, whether it has been modified by a hacker or the like. If the third encrypted data is the same as the first encrypted data, it is determined that the received generated data is secure and has not been modified.
  • the third encrypted data is not the same as the first encrypted data, it is determined that the received generated data is not the same generated data, and there may be a case where it is modified, then a prompt is given. In this way, the generated data can be verified to ensure the security of the received generated data.
  • FIG. 5 is a schematic flowchart of a data security verification method according to another embodiment of the present application. This method runs on the server. The method includes the following steps S501-S506.
  • the generated data is detected, the generated data is encrypted by using a message digest algorithm to obtain first encrypted data.
  • detecting the generated data means detecting that a new version update package is generated for the application. If a new version update package is generated, the version update package is encrypted by using a message digest algorithm to obtain first encrypted data. Data encrypted using the message digest algorithm cannot be decrypted. It should be noted that the message digest algorithm used here is the same algorithm used in the terminal.
  • S502. Receive a first request sent by a terminal where an application is located, where the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain the first encrypted data.
  • the asymmetric encryption algorithm will generate a pair of secret keys during use, that is, the public key and the private key.
  • the public key is used for encryption, and the private key can be used for decryption.
  • the second encrypted data is calculated by using the public key of the first encrypted data. Since the private key is on the terminal that sends the request, only the terminal that sent the request can decrypt it with the private key. After receiving the second encrypted data, the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data. Since the first encrypted data is calculated by the message digest algorithm, it cannot be decrypted. Therefore, the asymmetric encryption algorithm and the digest algorithm can ensure that the first encrypted data obtained by the terminal after decryption is accurate and true.
  • S506 Send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the first encrypted data and the The third data is encrypted to verify whether the generated data is secure.
  • the terminal can verify whether the generated data is secure by decrypting the accurate and authentic first encrypted data and the third encrypted data obtained by encrypting the received generated data by using the same message digest algorithm.
  • the verification of the generated data is achieved to ensure the security of the received generated data.
  • the server encrypts the first encrypted data with the public key after generating the first encrypted data and sends the second encrypted data to the terminal according to the first request, and sends the generated data to the terminal according to the second request.
  • the sequence of steps is related to the sequence of specific requests sent by the terminal. If the terminal sends a request to obtain the first encrypted data first, then execute the steps corresponding to sending the second encrypted data to the terminal, and then execute the steps corresponding to sending the generated data to the terminal. If the terminal sends a request to obtain the generated data first, , Then the steps corresponding to sending the generated data to the terminal are performed first, and then the steps corresponding to sending the second encrypted data to the terminal are performed. Finally, the terminal is caused to use the same message digest algorithm to encrypt the generated data to obtain the third encrypted data, and verify whether the generated data is secure according to the first encrypted data and the third encrypted data.
  • the generated data includes a generated application version update package.
  • the method for data security verification running on the server side further includes: determining whether the terminal meets the conditions for obtaining the application version update package and, if it is determined that the terminal meets the conditions, The terminal sends confirmation information, so that the terminal confirms, based on the received confirmation information sent by the server end, that a condition for acquiring data generated by the server end is satisfied. In an embodiment, as shown in FIG.
  • the step of confirming that the terminal detects that the condition for acquiring the data generated by the server is met according to the received confirmation information sent by the server includes the following steps S601-S603.
  • the operating environment data sent by the terminal includes a network environment, a hardware environment, and power.
  • the network environment includes whether the terminal is currently using a WIFI network or traffic, and if a WIFI network is used, it corresponds to the network speed of the WIFI network.
  • the hardware environment includes the remaining amount or occupancy of the hardware involved in the terminal, such as memory, hard disk, and CPU.
  • the determining whether the terminal meets the conditions for acquiring the application version update package according to the received operating environment data sent by the terminal includes determining whether the current network environment of the terminal where the application is located is using a WIFI network or traffic. ; If the current network environment of the terminal where the application is located uses traffic, determine that the terminal does not meet the conditions for obtaining the application version update package; if the current network environment of the terminal where the application is located uses a WIFI network, determine whether the current power of the terminal is greater than predicted The amount of power consumed by the installed version update package; if the current power of the terminal is less than or equal to the estimated power of the installed version update package; determine that the terminal does not meet the conditions for obtaining the application version update package; if the current power of the terminal is greater than the predicted installed version The power consumed by the update package to determine whether the remaining hardware resources involved in the hardware environment of the terminal where the application is located are greater than the preset hardware resources or whether the hardware resource occupancy is greater than the preset hardware occupancy; if the hardware environment of the terminal where the application is
  • the preset amount of hardware resources includes the sum of the amount of hardware resources that can ensure the normal operation of the terminal and the amount of resources involved in the size of the version update data. Understandably, if the remaining amount of hardware resources involved in the terminal hardware environment is not sufficient to update the version of the application or to update the version of the application will affect the normal operation of the terminal, then it is determined that the terminal does not meet the requirements for obtaining the application version Conditions for updating packages. When determining whether the conditions are met, the network speed of the WIFI network is taken into consideration, which excludes the situation where the WIFI network is unstable and the WIFI network signal is very weak. In other embodiments, whether the terminal meets the conditions for obtaining the application version update package may be determined by combining other factors, and other determination methods may be used to determine whether the terminal meets the conditions for obtaining the application version update package.
  • whether the terminal meets the version update conditions is determined by the server, because other factors and other determination methods are taken into consideration, and the corresponding determination code is placed on the server side, which can easily increase the impact of other factors and other determination methods. Conducive to the further expansion and improvement of the program.
  • the terminal If it is determined that the terminal meets a condition for obtaining the application version update package, send determination information to the terminal, so that the terminal confirms that the acquisition is satisfied based on the confirmation information sent by the server.
  • Conditions for server-generated data Specifically, the terminal sends parameters and values corresponding to the conditions for determining whether to obtain the application version update package, so that the terminal can analyze the specific meaning of the received parameters and values according to the received parameters and values.
  • the server determines that the terminal meets the conditions for obtaining the application version update package or does not meet the conditions for obtaining the application version update package, the corresponding confirmation information is sent to the terminal.
  • the embodiment of the invention also provides a data security verification system, which includes the data security verification method described in any one of the above embodiments running on a terminal and the data security verification method described in any one of the embodiments running on a server .
  • a data security verification system which includes the data security verification method described in any one of the above embodiments running on a terminal and the data security verification method described in any one of the embodiments running on a server .
  • FIG. 7 is a schematic block diagram of a data security verification device according to an embodiment of the present application.
  • the device includes a unit corresponding to a method for performing data security verification of the terminal, and the device is configured in the terminal.
  • the device 70 includes a key generation unit 701, a first request unit 702, an encrypted data receiving unit 703, a private key decryption unit 704, a second request unit 705, a generated data receiving unit 706, and a first digest encryption Unit 707 and verification unit 708.
  • the key generation unit 701 is configured to generate a pair of a public key and a private key by using an asymmetric encryption algorithm if it is detected that the conditions for obtaining data generated by the server are met.
  • a first requesting unit 702 is configured to send a first request to a server, where the first request includes the public key, and the first request is used to obtain first encrypted data on the server, where the first encrypted data It is obtained by the server by encrypting the generated data through the message digest algorithm.
  • the encrypted data receiving unit 703 is configured to receive the second encrypted data returned by the server, where the second encrypted data is obtained by the server using the public key to encrypt the first encrypted data.
  • a private key decryption unit 704 is configured to decrypt the received second encrypted data by using the private key to obtain the first encrypted data.
  • the second request unit 705 is configured to send a second request to the server, where the second request is used to obtain the generated data on the server.
  • the generating data receiving unit 706 is configured to receive the generated data returned by the server.
  • the first digest encryption unit 707 is configured to encrypt the generated data by using a same message digest algorithm to obtain third encrypted data.
  • the verification unit 708 is configured to verify whether the received generated data is secure according to the first encrypted data and the third encrypted data.
  • the data security verification device running in the terminal further includes a condition detection unit 80.
  • the condition detection unit 80 includes: a version number requesting unit 801, a version number obtaining unit 802, a version update determination unit 803, an environment data sending unit 804, and a condition reception determination unit 805.
  • a version number requesting unit 801 configured to send a version number request to the server to receive the application version number returned by the server according to the version number request;
  • a version number obtaining unit 802 configured to obtain a current version number of the application program
  • a version update determining unit 803, configured to determine whether the application requires a version update according to the application version number returned by the server and the obtained current version number of the application;
  • the environment data sending unit 804 is configured to send the current running environment data of the terminal where the application is located to the server if the application needs to be updated, so that the server can determine whether the terminal meets the requirements of obtaining the Describe the conditions of the application version update package and send confirmation information to the terminal if the terminal meets the conditions;
  • the conditional access determination unit 805 is configured to detect whether the confirmation information returned by the server is received, and if the confirmation information returned by the server is received, confirm that the condition for acquiring the data generated by the server is met.
  • the verification unit 708 includes a comparison unit 901, a comparison determination unit 902, and a security verification unit 903.
  • a comparison unit 901, configured to compare the first encrypted data with the third encrypted data
  • a comparison determining unit 902 configured to determine whether the first encrypted data and the third encrypted data are the same according to a comparison result
  • a security verification unit 903, configured to determine that the generated data received is secure if the first encrypted data and the third encrypted data are the same;
  • the security verification unit 903 is further configured to determine that the generated data received is not secure if the first encrypted data and the third encrypted data are different.
  • FIG. 10 is a schematic block diagram of a data security verification device according to an embodiment of the present application.
  • the device includes a unit corresponding to a method for performing the above-mentioned server-side data security verification method, and the device is configured in the server.
  • the device 100 includes a second digest encryption unit 101, a first request reception unit 102, a public key encryption unit 103, an encrypted data transmission unit 104, a second request reception unit 105, and a generated data transmission unit 106.
  • a second digest encryption unit 101 configured to: if the generated data is detected, encrypt the generated data by using a message digest algorithm to obtain the first encrypted data;
  • a first request receiving unit 102 is configured to receive a first request sent by a terminal where an application is located, where the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain a first key An encrypted data;
  • a public key encryption unit 103 configured to encrypt the first encrypted data by using the public key to obtain second encrypted data
  • the encrypted data sending unit 104 is configured to send the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
  • a second request receiving unit 105 configured to receive a second request sent by the terminal, where the second request is used to obtain the generated data
  • a generating data sending unit 106 is configured to send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the first An encrypted data and the third encrypted data to verify whether the generated data is secure.
  • the data security verification device running on the server side further includes: a condition determination unit.
  • the condition determining unit includes a version number sending unit, an update condition determining unit, and a determining data sending unit. among them,
  • a version number sending unit configured to send the application version number to the terminal according to the version number request sent by the terminal, so that the terminal according to the application version number and the current version number of the application obtained Determining whether the application needs to be updated;
  • An update condition determining unit configured to determine whether the terminal meets a condition for acquiring the application version update package according to the received operating environment data sent by the terminal if a version update is required;
  • a determination data sending unit configured to, if it is determined that the terminal meets a condition for obtaining the application version update package, send determination information to the terminal, so that the terminal is based on the received confirmation information sent by the server end, Confirm that the conditions for obtaining data generated by the server are met.
  • the above apparatus may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in FIG. 11.
  • FIG. 11 is a schematic block diagram of a computer device according to an embodiment of the present application.
  • the device 110 may be a terminal device such as a mobile phone, a laptop computer, a tablet computer, and a desktop computer.
  • the device 110 includes a processor 112, a memory, and a network interface 113 connected through a system bus 111.
  • the memory may include a non-volatile storage medium 114 and an internal memory 115.
  • the non-volatile storage medium 114 can store an operating system 1141 and a computer program 1142.
  • the computer program 1142 stored in the non-volatile storage medium is executed by the processor 112, the data security verification method implemented by the terminal can be implemented, as shown in Figs. 2, 3, and 4.
  • the processor 112 is used to provide computing and control capabilities to support the operation of the entire device 110.
  • the internal memory 115 provides an environment for running a computer program in a non-volatile storage medium. When the computer program is executed by the processor 112, the processor 112 can cause the processor 112 to execute data as shown in FIG. 2, FIG. 3, and FIG. 4 described above. Security verification methods.
  • the network interface 113 is used for network communication, such as receiving messages.
  • FIG. 11 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the device 110 to which the solution of the present application is applied. Include more or fewer parts than shown in the figure, or combine certain parts, or have a different arrangement of parts.
  • the processor 112 is configured to run a computer program stored in a memory to implement any embodiment of the data security verification method implemented by the foregoing terminal.
  • FIG. 11 Another embodiment of the present application also provides a schematic block diagram of a computer device.
  • the device is a server. Please refer to FIG. 11 for details.
  • the computer device includes the same structure as the computer device shown in FIG. 11. This computer device is different from the computer device shown in FIG. 11 in that when the computer program stored in the non-volatile storage medium in the computer device is executed by the processor 112, the data security verification method implemented on the server side can be implemented, such as Figures 5 and 6 show.
  • the processor 112 is configured to run a computer program stored in a memory to implement any embodiment of the data security verification method implemented on the server side.
  • the processor 112 may be a central processing unit (CPU), and the processor may also be another general-purpose processor or a digital signal processor (DSP). , Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • a computer-readable storage medium stores a computer program.
  • the computer program includes program instructions. When the program instructions are executed by a processor, To implement any embodiment of the data security verification method implemented by the foregoing terminal.
  • a computer-readable storage medium stores a computer program, where the computer program includes program instructions, and the program instructions are executed by a processor. To implement any embodiment of the data security verification method implemented on the server.
  • the storage medium includes a computer-readable storage medium, and the computer-readable storage medium includes a non-volatile computer-readable storage medium.
  • the computer-readable storage medium may be an internal storage unit of the terminal or the server according to any of the foregoing embodiments, such as a hard disk or a memory of the terminal or the server.
  • the computer-readable storage medium may also be an external storage device of the terminal or server, such as a plug-in hard disk, a Smart Media Card (SMC), and a secure digital (Secure Digital) , SD) card, etc.
  • the computer-readable storage medium may further include both an internal storage unit of the terminal or the server and an external storage device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a data security verification method, apparatus and system, and a computer device and a storage medium. The method comprises: generating a public key and private key pair by means of an asymmetric encryption algorithm; sending a first request comprising the public key to a server end so as to acquire second encrypted data returned by the server, wherein the second encrypted data is obtained by encrypting first encrypted data using the public key, and the first encrypted data is obtained by encrypting generated data by the server end by means of a message digest algorithm; decrypting the received second encrypted data using the private key so as to obtain the first encrypted data; sending a second request to the server end so as to acquire the generated data of the server end; receiving the generated data and encrypting same by means of the message digest algorithm so as to obtain third encrypted data; and according to the first encrypted data and the third encrypted data, verifying whether the received generated data is secure.

Description

数据安全验证方法、装置、系统、计算机设备及存储介质Data security verification method, device, system, computer equipment and storage medium
本申请要求于2018年6月22日提交中国专利局、申请号为201810649623.X、发明名称为“数据安全验证方法、装置、系统、计算机设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed on June 22, 2018 with the Chinese Patent Office, application number 201810649623.X, and the invention name "Data Security Verification Method, Device, System, Computer Equipment, and Storage Medium", which The entire contents are incorporated herein by reference.
技术领域Technical field
本申请涉及数据处理技术领域,尤其涉及一种数据安全验证方法、装置、系统、计算机设备及存储介质。The present application relates to the field of data processing technology, and in particular, to a method, device, system, computer equipment, and storage medium for data security verification.
背景技术Background technique
现有很多应用程序使用的是Hybird框架,即混合框架,混合框架的应用程序让开发人员可以把HTML应用程序嵌入到一个原生容器里面,集原生应用程序和HTML应用程序的优点于一体。目前Hybrid框架的应用程序,在更新HTML页面资源和相关资源的时候往往是通过网络下发的形式,即应用程序所在的终端通过网络下载更新包,或者服务器通过网络将更新包发送至应用程序所在的终端。而一个应用程序通常存在很多次的更新,若更新时,黑客拦截了更新包,向更新包中注入其他东西再发送终端,这样就涉及到资源的安全问题。Many existing applications use the Hybird framework, which is a hybrid framework. Hybrid framework applications allow developers to embed HTML applications in a native container, combining the advantages of native applications and HTML applications. At present, the application of the Hybrid framework is often delivered through the network when updating HTML page resources and related resources, that is, the terminal where the application is located downloads the update package through the network, or the server sends the update package to the application through the network. Terminal. An application usually has many updates. If it is updated, a hacker intercepts the update package, injects other things into the update package, and sends it to the terminal. This involves resource security issues.
申请内容Application content
本申请实施例提供一种数据安全验证方法、装置、系统、计算机设备及存储介质,可提高数据的安全性。The embodiments of the present application provide a data security verification method, device, system, computer equipment, and storage medium, which can improve data security.
第一方面,本申请实施例提供了一种数据安全验证方法,应用于终端,该方法包括:In a first aspect, an embodiment of the present application provides a data security verification method, which is applied to a terminal. The method includes:
若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所述所生成数据进行加密得到的;接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;向服务器端发送第二请求,所述第二请求用于获取 服务器端的所述所生成数据;接收服务器端返回的所述所生成数据;将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。If it is detected that the conditions for obtaining data generated by the server are met, a pair of public and private keys are generated by an asymmetric encryption algorithm; a first request is sent to the server, wherein the first request includes the public key, and the The first request is used to obtain first encrypted data on the server side, where the first encrypted data is obtained by the server side by encrypting the generated data through a message digest algorithm; receiving the second encrypted data returned by the server side, where The second encrypted data is obtained by the server side using the public key to encrypt the first encrypted data; using the private key to decrypt the received second encrypted data to obtain the first encrypted data; Sending a second request to the server, the second request is used to obtain the generated data on the server; receive the generated data returned by the server; and encrypt the generated data by the message digest algorithm, To obtain third encrypted data; verify the received generated data according to the first encrypted data and the third encrypted data Is it safe.
第二方面,本申请实施例还提供了一种数据安全验证方法,应用于服务器端,所述方法包括:In a second aspect, an embodiment of the present application further provides a data security verification method, which is applied to a server side, and the method includes:
若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。If the generated data is detected, the generated data is encrypted by a message digest algorithm to obtain the first encrypted data; a first request sent by the terminal where the application is located, wherein the first request includes the terminal using asymmetric encryption The public key generated by the algorithm, the first request is used to obtain the first encrypted data; the first encrypted data is encrypted using the public key to obtain the second encrypted data; and the second encrypted data is sent to the terminal To enable the terminal to decrypt the second encrypted data to obtain the first encrypted data by using the private key generated by the asymmetric encryption algorithm; receive a second request sent by the terminal, wherein the second request Configured to obtain the generated data; send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the The first encrypted data and the third encrypted data to verify whether the generated data is secure.
第三方面,本申请实施例提供了一种数据安全验证装置,该装置包括用于执行上述第一方面所述一种数据安全验证方法对应的单元,或者包括用于执行上述第二方面所述的一种数据安全验证方法对应的单元。According to a third aspect, an embodiment of the present application provides a data security verification device. The device includes a unit for executing a data security verification method according to the first aspect, or includes a unit for executing the second aspect. Corresponding unit of a data security verification method.
第四方面,本申请实施例提供了数据安全验证系统,包括服务器端和至少一终端,所述终端用于执行上述第一方面所述的一种数据安全验证方法,所述服务器端用于执行上述第二方面所述的一种数据安全验证方法。In a fourth aspect, an embodiment of the present application provides a data security verification system, including a server end and at least one terminal, where the terminal is used to execute the data security verification method described in the first aspect, and the server end is used to execute A data security verification method according to the above second aspect.
第五方面,本申请实施例提供了一种计算机设备,所述计算机设备包括存储器,以及与所述存储器相连的处理器;In a fifth aspect, an embodiment of the present application provides a computer device, where the computer device includes a memory and a processor connected to the memory;
所述存储器用于存储计算机程序,所述处理器用于运行所述存储器中存储的计算机程序,以执行上述第一方面所述的数据安全验证方法,或者执行上述第二方面所述的数据安全验证方法。The memory is configured to store a computer program, and the processor is configured to run the computer program stored in the memory to perform the data security verification method according to the first aspect, or to perform the data security verification according to the second aspect. method.
第六方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令被处理器执行时,实现上述第一方面所述的数据安全验证方法,或者实现上述 第二方面所述的数据安全验证方法。According to a sixth aspect, an embodiment of the present application provides a computer-readable storage medium. The computer-readable storage medium stores a computer program. The computer program includes program instructions. When the program instructions are executed by a processor, the foregoing is implemented. The data security verification method according to the first aspect, or implements the data security verification method according to the second aspect.
本申请实施例通过非对称加密算法生成一对公钥和私钥,并将公钥发送到服务器端,以使服务器端根据所述公钥加密第一加密数据,以得到第二加密数据,其中,第一加密数据是服务器端检测生成数据后,利用消息摘要算法将所生成数据进行加密得到的,当终端接收到第二加密数据后,利用私钥进行解密,以得到第一加密数据;终端再根据接收到的所生成数据,利用同一消息摘要算法进行加密得到第三加密数据,根据第三加密数据和第一加密数据验证所述所生成数据是否安全。由于利用消息摘要算法加密得到的第一加密数据无法解密,同时服务器端利用非对称加密算法的公钥加密第一加密数据,得到第二加密数据再发送到终端,有私钥的终端才能解密第二加密数据数据,以得到第一加密数据。在本申请实施例中,由于解密得到的第一加密数据是准确的,再根据解密得到的第一加密数据和第三加密数据即可验证获取的所生成数据是否安全,提高了数据的安全性。In this embodiment of the present application, a pair of public and private keys are generated by using an asymmetric encryption algorithm, and the public key is sent to the server, so that the server encrypts the first encrypted data according to the public key to obtain the second encrypted data, where The first encrypted data is obtained by the server-side detection of the generated data, and the generated data is encrypted by using a message digest algorithm. When the terminal receives the second encrypted data, it uses the private key to decrypt to obtain the first encrypted data. Based on the received generated data, the third encrypted data is obtained by encryption using the same message digest algorithm, and whether the generated data is safe is verified based on the third encrypted data and the first encrypted data. Because the first encrypted data encrypted by the message digest algorithm cannot be decrypted, at the same time, the server uses the public key of the asymmetric encryption algorithm to encrypt the first encrypted data, obtains the second encrypted data, and sends it to the terminal. Only the terminal with the private key can decrypt the first Two encrypted data data to obtain the first encrypted data. In the embodiment of the present application, since the first encrypted data obtained by the decryption is accurate, the first encrypted data and the third encrypted data obtained by the decryption can be used to verify whether the obtained generated data is safe, and the data security is improved. .
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本申请实施例提供的数据安全验证系统的时序图;FIG. 1 is a sequence diagram of a data security verification system provided by an embodiment of the present application;
图2是本申请实施例提供的数据安全验证方法的流程示意图;2 is a schematic flowchart of a data security verification method according to an embodiment of the present application;
图3是本申请实施例提供的数据安全验证方法的子流程示意图;3 is a schematic diagram of a sub-process of a data security verification method according to an embodiment of the present application;
图4是本申请实施例提供的数据安全验证方法的另一子流程示意图;4 is a schematic diagram of another sub-process of a data security verification method according to an embodiment of the present application;
图5是本申请另一实施例提供的数据安全验证方法的流程示意图;5 is a schematic flowchart of a data security verification method according to another embodiment of the present application;
图6是本申请另一实施例提供的数据安全验证方法的子流程示意图;6 is a schematic diagram of a sub-process of a data security verification method according to another embodiment of the present application;
图7本申请实施例提供的数据安全验证装置的示意性框图;7 is a schematic block diagram of a data security verification device according to an embodiment of the present application;
图8是本申请实施例提供的条件检测单元的示意性框图;8 is a schematic block diagram of a condition detection unit according to an embodiment of the present application;
图9是本申请实施例提供的验证单元的示意性框图;9 is a schematic block diagram of a verification unit according to an embodiment of the present application;
图10本申请另一实施例提供的一种数据安全验证装置的示意性框图;10 is a schematic block diagram of a data security verification device according to another embodiment of the present application;
图11是本申请实施例提供的一种计算机设备的示意性框图。FIG. 11 is a schematic block diagram of a computer device according to an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳 动前提下所获得的所有其他实施例,都属于本申请保护的范围。In the following, the technical solutions in the embodiments of the present application will be clearly and completely described with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of this application.
应当理解,本申请实施例中提到的服务器端的所生成数据可以是任一类型的与终端有通信的任意数据,所生成数据是服务器所生成的。以下为了方便理解本申请实施例的方案,以所生成数据为应用程序版本更新包为例进行说明。It should be understood that the server-side generated data mentioned in the embodiments of the present application may be any type of any data that communicates with the terminal, and the generated data is generated by the server. In the following, in order to facilitate understanding of the solution in the embodiment of the present application, the generated data is an application program update package as an example for description.
图1是本申请实施例提供的数据验证系统的时序图。该数据验证系统包括服务器和至少一终端。该终端包括但不限于智能手机、平板电脑、笔记本电脑、台式电脑、个人数字助理和穿戴式设备等具有通信功能的电子设备。该服务器可以是独立的服务器,也可以是多个服务器组成的服务器集群,该服务器与该终端进行通信,以将服务器所生成数据发送给该终端以使该终端验证所接收到的所生成数据是否安全。若所生成数据包括所生成的应用程序版本更新包,那么对应的终端中包括有应用程序,服务器为所述应用程序对应的服务器。FIG. 1 is a sequence diagram of a data verification system provided by an embodiment of the present application. The data verification system includes a server and at least one terminal. The terminal includes, but is not limited to, electronic devices with communication functions such as smart phones, tablet computers, notebook computers, desktop computers, personal digital assistants, and wearable devices. The server may be an independent server or a server cluster composed of multiple servers, and the server communicates with the terminal to send data generated by the server to the terminal so that the terminal verifies whether the generated data received is Safety. If the generated data includes the generated application version update package, the corresponding terminal includes an application, and the server is a server corresponding to the application.
在图1中,服务器端若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;终端若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;终端向服务器端发送第一请求,其中,所述第一请求包括公钥,所述第一请求用于获取服务器端的第一加密数据;服务器端接收到终端发送的第一请求后,利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;向终端发送第二加密数据;终端接收到第二加密数据后,通过私钥解密接收到的第二加密数据,以得到第一加密数据;终端向服务器发送第二请求,所述第二请求用于获取服务器端的所生成数据;服务器接收到终端发送的第二请求后,向终端发送请求的所生成数据;终端接收服务器端返回的所生成数据,并将所生成数据通过同一消息摘要算法进行加密,以得到第三加密数据;根据第一加密数据和第三加密数据来验证接收到的所生成数据是否安全。In FIG. 1, if the server detects the generated data, the generated data is encrypted by the message digest algorithm to obtain the first encrypted data; if the terminal detects that the conditions for obtaining the data generated by the server are met, the asymmetric encryption algorithm is used. Generate a pair of public and private keys; the terminal sends a first request to the server, where the first request includes a public key, the first request is used to obtain the first encrypted data of the server; the server receives the terminal and sends After the first request, the first encrypted data is encrypted by using the public key to obtain the second encrypted data; the second encrypted data is sent to the terminal; after the second encrypted data is received by the terminal, the private key is decrypted and received The second encrypted data obtained to obtain the first encrypted data; the terminal sends a second request to the server, the second request is used to obtain the generated data on the server side; the server sends the second request to the terminal after receiving the second request from the terminal The requested generated data; the terminal receives the generated data returned by the server and passes the generated data through the same message The digest algorithm performs encryption to obtain the third encrypted data; and verifies whether the received generated data is secure according to the first encrypted data and the third encrypted data.
由于利用消息摘要算法加密得到的第一加密数据无法解密,同时服务器端利用非对称加密算法的公钥加密第一加密数据,得到第二加密数据再发送到终端,有私钥的终端才能解密第二加密数据数据,以得到第一加密数据。本申请实施例使得解密得到的第一加密数据是准确的。接着终端利用同一消息摘要算法对获取的所生成数据进行加密以得到第三加密数据。再根据第三加密数据和第一加密数据即可验证获取的所生成数据是否安全,提高了数据的安全性。Because the first encrypted data encrypted by the message digest algorithm cannot be decrypted, at the same time, the server uses the public key of the asymmetric encryption algorithm to encrypt the first encrypted data, obtains the second encrypted data, and sends it to the terminal. Only the terminal with the private key can decrypt the first Two encrypted data data to obtain the first encrypted data. The embodiment of the present application makes the first encrypted data obtained by decryption accurate. The terminal then uses the same message digest algorithm to encrypt the generated data to obtain third encrypted data. Based on the third encrypted data and the first encrypted data, whether the generated data obtained is safe can be verified, and the data security is improved.
以下分别以终端和服务器的角度详细地介绍该数据安全验证方法的步骤。In the following, the steps of the data security verification method are described in detail from the perspective of a terminal and a server.
图2是本申请实施例提供的数据安全验证方法的流程示意图。该方法应用于终端中。该方法包括以下步骤S201-S208。FIG. 2 is a schematic flowchart of a data security verification method according to an embodiment of the present application. The method is applied in a terminal. The method includes the following steps S201-S208.
S201,若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥。S201. If it is detected that the conditions for obtaining the data generated by the server are met, a pair of public key and private key is generated through an asymmetric encryption algorithm.
其中,非对称加密算法在使用过程中会产生一对秘钥,即公钥和私钥,使用公钥加密,使用私钥才能解密。非对称算法如RSA算法。Among them, the asymmetric encryption algorithm generates a pair of secret keys during use, namely a public key and a private key. The public key is used for encryption, and the private key can be used for decryption. Asymmetric algorithms such as the RSA algorithm.
在步骤S201之前,该数据安全验证方法还包括:若接收到获取指令,检测是否满足获取服务器端所生成数据的条件。Before step S201, the data security verification method further includes: if an acquisition instruction is received, detecting whether a condition for acquiring data generated by the server is met.
在一实施例中,若所生成数据包括所生成的应用程序版本更新包,如图3所示,所述检测是否满足获取服务器端所生成数据的条件的步骤包括以下步骤S301-S306。In an embodiment, if the generated data includes the generated application version update package, as shown in FIG. 3, the step of detecting whether the conditions for obtaining the data generated by the server are met includes the following steps S301-S306.
S301,向服务器端发送版本号请求,以接收服务器端根据所述版本号请求返回的应用程序版本号。S301. Send a version number request to the server to receive the application version number returned by the server according to the version number request.
S302,获取应用程序当前版本号。即获取终端中应用程序当前版本号。S302. Obtain the current version number of the application. That is to obtain the current version number of the application in the terminal.
S303,根据服务器端返回的应用程序版本号和获取的应用程序当前版本号确定应用程序是否需进行版本更新。若无需进行版本更新,确定不满足获取服务器端所生成数据的条件。S303: Determine whether the application program needs to be updated according to the version number of the application program returned by the server and the obtained current version number of the application program. If no version update is required, it is determined that the conditions for obtaining data generated by the server are not met.
其中,应用程序的版本号是递增的,应用程序每次有新的更新,版本号就往上加。具体地,步骤S303,包括:判断服务器端返回的应用程序版本号是否大于获取的应用程序当前版本号;若服务器端返回的应用程序版本号大于获取的应用程序当前版本号,确定应用程序需进行版本更新;若服务器端返回的应用程序版本号不大于获取的应用程序当前版本号,则确定应用程序无需进行版本更新。Among them, the version number of the application program is incremented, and each time the application program is updated, the version number is incremented. Specifically, step S303 includes: determining whether the version number of the application program returned by the server is greater than the current version number of the obtained application program; if the version number of the application program returned by the server side is greater than the current version number of the application program, determining whether the application program needs to be performed Version update; if the version number of the application program returned by the server is not greater than the current version number of the obtained application program, it is determined that the application program does not need to be updated.
S304,若应用程序需进行版本更新,向服务器端发送应用程序所在终端当前的运行环境数据,以使服务器端根据所述运行环境数据确定终端是否满足获取应用程序版本更新包的条件且在终端满足条件的情况下向终端发送确认信息。S304. If the application requires a version update, send the current operating environment data of the terminal where the application is located to the server, so that the server can determine whether the terminal meets the conditions for obtaining the application version update package according to the operating environment data and meets the requirements on the terminal. Under certain conditions, a confirmation message is sent to the terminal.
其中,终端当前的运行环境数据包括网络环境、硬件环境、电量等。其中, 网络环境包括终端当前使用的是WIFI网络还是流量,以及若使用的是WIFI网络,对应WIFI网络的网速。硬件环境包括终端涉及的硬件如内存、硬盘、CPU等的剩余量或者占用率等。具体地,服务器端根据所述运行环境数据确定终端是否满足获取应用程序版本更新包的条件的具体方案,请参看服务器端实施例中对应的说明。需要注意的是,在向服务器端发送运行环境数据前,需要终端和服务器端预先协商对应的终端是否满足获取应用程序版本更新包的条件的表达形式,如终端是否满足获取应用程序版本更新包的条件用参数A表示。A的值对应有两个,分别可以用yes、no表示,如用yes表示满足获取应用程序版本更新包的条件,用no表示不满足获取应用程序版本更新包的条件;也可以用yes表示满足获取应用程序版本更新包的条件,非yes表示不满足获取应用程序版本更新包的条件;还可以为0、1表示,如用1表示满足获取应用程序版本更新包的条件,用0表示不满足获取应用程序版本更新包的条件等。还可以用其他的数字、字母、文字等表示。Among them, the terminal's current operating environment data includes network environment, hardware environment, power, etc. The network environment includes whether the terminal is currently using a WIFI network or traffic, and if the terminal is using a WIFI network, it corresponds to the network speed of the WIFI network. The hardware environment includes the remaining amount or occupancy of the hardware involved in the terminal, such as memory, hard disk, and CPU. Specifically, the server determines whether the terminal satisfies the conditions for obtaining the application version update package according to the running environment data, and please refer to the corresponding description in the server embodiment. It should be noted that before sending the running environment data to the server, the terminal and the server need to pre-negotiate whether the corresponding terminal satisfies the condition for obtaining the application version update package, such as whether the terminal meets the requirements for obtaining the application version update package. The condition is represented by parameter A. There are two corresponding values of A, which can be represented by yes and no respectively. For example, yes is used to meet the conditions for obtaining the application version update package, and no is used to indicate that the conditions for obtaining the application version update package are not met; yes may also be used to indicate that the The condition for obtaining the application version update package, non-yes means that the condition for obtaining the application version update package is not met; it can also be 0 or 1, for example, if 1 is used to meet the conditions for obtaining the application version update package, 0 is not satisfied Get the conditions for the application version update package, etc. You can also use other numbers, letters, text, and so on.
S305,检测是否接收到服务器端返回的确认信息。具体地,终端接收服务器端返回的对应的参数和值,根据预先协商的结果,对所对应的参数和值进行解析以便获知该参数和值对应的真正含义。如终端是否满足获取应用程序版本更新包的条件用参数A表示,同时用1表示满足获取应用程序版本更新包的条件,用0表示不满足获取应用程序版本更新包的条件,那么服务器端接收到A,且A=1,则确定接收到服务器端返回的确认信息。S305: Detect whether a confirmation message returned by the server is received. Specifically, the terminal receives the corresponding parameter and value returned by the server, and analyzes the corresponding parameter and value according to the result of pre-negotiation in order to know the true meaning of the parameter and value. If the terminal meets the conditions for obtaining the application version update package with parameter A, while 1 represents the conditions for obtaining the application version update package, and 0 indicates that the conditions for obtaining the application version update package are not met, then the server receives A, and A = 1, it is determined that the confirmation information returned by the server is received.
S306,若接收到服务器端返回的确认信息,确认检测到满足获取服务器端所生成数据的条件。S306. If the confirmation information returned by the server is received, it is confirmed that the conditions for acquiring the data generated by the server are met.
在一些实施例中,无论服务器端确定终端是满足获取应用程序版本更新包的条件还是不满足获取应用程序版本更新包的条件,都向终端发送对应的确认信息。检测终端接收到服务器端返回的确认信息后,会解析对应的参数和值,根据对应的参数和值确定是否满足获取服务器端所生成数据的条件。In some embodiments, regardless of whether the server determines that the terminal meets the conditions for obtaining the application version update package or does not meet the conditions for obtaining the application version update package, the corresponding confirmation information is sent to the terminal. After receiving the confirmation information returned by the server, the detection terminal parses the corresponding parameters and values, and determines whether the conditions for obtaining the data generated by the server are met according to the corresponding parameters and values.
S202,向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所生成数据进行加密得到的。S202. A first request is sent to the server, where the first request includes the public key, and the first request is used to obtain first encrypted data of the server, where the first encrypted data is a server-side pass message digest. The algorithm encrypts the generated data.
消息摘要算法的主要特征是加密过程不需要密钥,并且经过加密后的数据 无法被解密,只有输入相同的明文数据(需要进行加密的数据)经过相同的消息摘要算法才能得到相同的密文(加密后的数据)。服务器端若检测到生成数据,则通过消息摘要算法将所生成数据进行加密,以得到第一加密数据。终端向服务器发送第一请求,该第一请求中包括有非对称加密算法生成的公钥,该第一请求用于请求服务器端的第一加密数据。其中,消息摘要算法可使用MD5算法。The main feature of the message digest algorithm is that the encryption process does not require a key, and the encrypted data cannot be decrypted. Only the same plaintext data (data that needs to be encrypted) can be obtained through the same message digest algorithm to obtain the same ciphertext ( Encrypted data). If the server detects the generated data, it encrypts the generated data through a message digest algorithm to obtain the first encrypted data. The terminal sends a first request to the server. The first request includes a public key generated by an asymmetric encryption algorithm, and the first request is used to request the first encrypted data on the server side. Among them, the message digest algorithm can use the MD5 algorithm.
S203,接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的。S203. Receive second encrypted data returned by the server, where the second encrypted data is obtained by the server using the public key to encrypt the first encrypted data.
服务器端将第一加密数据利用公钥加密后得到的第二加密数据发送到终端,终端接收服务器端返回的第二加密数据。该第二加密数据是第一加密数据通过公钥计算得到的,由于私钥在发送请求的终端上,因此只有发送请求的终端接收到该第二加密数据后才可以用私钥进行解密,而其他终端收到该第二加密数据后无法解密。The server sends the second encrypted data obtained by encrypting the first encrypted data with the public key to the terminal, and the terminal receives the second encrypted data returned by the server. The second encrypted data is calculated by using the public key of the first encrypted data. Since the private key is on the terminal that sends the request, only the terminal that sent the request can decrypt the second encrypted data with the private key, and After receiving the second encrypted data, other terminals cannot decrypt it.
S204,利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据。S204. Use the private key to decrypt the received second encrypted data to obtain the first encrypted data.
终端通过私钥解密接收到的第二加密数据,以得到第一加密数据。由于只有发送请求的终端才能解密第二加密数据,因此可防止他人误接收到第二加密数据对其解密(其他终端即使接收到第二加密数据后,因为没有秘钥,无法进行解密)。同时又由于解密后得到的第一加密数据是通过消息摘要算法计算出来的,几乎很难或者无法被解密。因此通过非对称加密算法中的私钥和摘要算法可确保终端解密后得到的第一加密数据是准确的、真实无误的。The terminal decrypts the received second encrypted data by using the private key to obtain the first encrypted data. Because only the terminal that sent the request can decrypt the second encrypted data, it can prevent others from receiving the second encrypted data by mistake (even after receiving the second encrypted data, other terminals cannot decrypt because they have no secret key). At the same time, because the first encrypted data obtained after decryption is calculated by the message digest algorithm, it is almost difficult or impossible to decrypt. Therefore, the private key and digest algorithm in the asymmetric encryption algorithm can ensure that the first encrypted data obtained by the terminal after decryption is accurate and true.
S205,向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据。S205. Send a second request to the server, where the second request is used to obtain the generated data on the server.
S206,接收服务器端返回的所述所生成数据。S206. Receive the generated data returned by the server.
S207,将所述所生成数据通过同一消息摘要算法进行加密,以得到第三加密数据。需要注意的是,该步骤中的消息摘要算法与步骤2中的消息摘要算法是相同的消息摘要算法。如同是MD5算法。S207: Encrypt the generated data through the same message digest algorithm to obtain third encrypted data. It should be noted that the message digest algorithm in this step is the same as the message digest algorithm in step 2. Like the MD5 algorithm.
需要说明的是,终端获取第二加密数据后解密得到第一加密数据,和终端获取所生成数据并进行加密以得到第三加密数据中所涉及的步骤不分前后,即 可以先执行步骤S205-S207,后执行步骤S202-S204;也可以先执行步骤S202-S204,再执行步骤S205-S207。It should be noted that after the terminal obtains the second encrypted data and decrypts it to obtain the first encrypted data, and the terminal obtains the generated data and encrypts it to obtain the third encrypted data, there is no difference between the steps involved, that is, step S205- S207, and then perform steps S202-S204; you may also perform steps S202-S204 first, and then perform steps S205-S207.
S208,根据所述第一加密数据和所述第三加密数据来验证接收到的所生成数据是否安全。S208. Verify whether the received generated data is secure according to the first encrypted data and the third encrypted data.
在本实施例中,如图4所示,步骤S208包括以下步骤S401-S403。In this embodiment, as shown in FIG. 4, step S208 includes the following steps S401-S403.
S401,将所述第一加密数据与所述第三加密数据进行比对。S401. Compare the first encrypted data with the third encrypted data.
S402,根据比对结果判断所述第一加密数据与所述第三加密数据是否相同。S402. Determine whether the first encrypted data and the third encrypted data are the same according to the comparison result.
S403,若所述第一加密数据与所述第三加密数据相同,确定接收到的所生成数据安全。确定接收到的所生成数据安全以进行进一步的操作,如确定应用程序所对应的版本更新包安全,利用该版本更新包更新应用程序。S403. If the first encrypted data is the same as the third encrypted data, determine that the received generated data is secure. The received generated data is determined to be safe for further operations, such as determining the security of the version update package corresponding to the application, and using the version update package to update the application.
S404,若所述第一加密数据与所述第三加密数据不相同,确定接收到的所生成数据不安全,并进行提示。如提示是否进行删除或者进行杀毒等。S404. If the first encrypted data is different from the third encrypted data, determine that the received generated data is not secure, and prompt. Such as prompting whether to delete or antivirus.
由于消息摘要算法只有输入相同的明文数据(需要进行加密的数据)经过相同的消息摘要算法才能得到相同的密文(加密后的数据)。因此若终端接收到的所生成数据有改动,那么经过相同的消息摘要算法后,对应的,该第三加密数据就会发生变化,因此通过比对并判断该第三加密数据与该第一加密数据是否相同,就能够得知接收到的所生成数据是否有改动,即是否被黑客等进行修改。若该第三加密数据与该第一加密数据相同,确定接收到的所生成数据是安全的,没有被修改。若该第三加密数据与该第一加密数据不相同,确定接收到的所生成数据不是同一个所生成数据,可能存在被修改的情况,那么进行提示。如此可对所生成数据安全进行验证,以保证接收到的所生成数据的安全性。Because the message digest algorithm only needs to input the same plaintext data (data that needs to be encrypted) and go through the same message digest algorithm to get the same ciphertext (encrypted data). Therefore, if the generated data received by the terminal is changed, after the same message digest algorithm, the third encrypted data will change accordingly. Therefore, the third encrypted data and the first encrypted data are compared and judged. If the data is the same, it can be known whether the received generated data has been changed, that is, whether it has been modified by a hacker or the like. If the third encrypted data is the same as the first encrypted data, it is determined that the received generated data is secure and has not been modified. If the third encrypted data is not the same as the first encrypted data, it is determined that the received generated data is not the same generated data, and there may be a case where it is modified, then a prompt is given. In this way, the generated data can be verified to ensure the security of the received generated data.
图5是本申请另一实施例提供的数据安全验证方法的流程示意图。该方法运行于服务器端。该方法包括以下步骤S501-S506。FIG. 5 is a schematic flowchart of a data security verification method according to another embodiment of the present application. This method runs on the server. The method includes the following steps S501-S506.
S501,若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据。S501. If the generated data is detected, the generated data is encrypted by using a message digest algorithm to obtain first encrypted data.
若所对应的是应用程序,那么检测到生成数据,意味着检测到应用程序有新的版本更新包生成。若有新的版本更新包生成,通过消息摘要算法将该版本更新包进行加密,以得到第一加密数据。使用消息摘要算法加密后的数据无法解密。需要注意的是,该处使用的消息摘要算法与终端中使用的消息摘要算法 是同一个算法。If the corresponding application is an application, then detecting the generated data means detecting that a new version update package is generated for the application. If a new version update package is generated, the version update package is encrypted by using a message digest algorithm to obtain first encrypted data. Data encrypted using the message digest algorithm cannot be decrypted. It should be noted that the message digest algorithm used here is the same algorithm used in the terminal.
S502,接收应用程序所在终端发送的第一请求,其中,所述第一请求包括终端使用非对称加密算法生成的公钥,所述第一请求用于获取所述第一加密数据。S502. Receive a first request sent by a terminal where an application is located, where the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain the first encrypted data.
S503,利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据。S503. Use the public key to encrypt the first encrypted data to obtain second encrypted data.
S504,向终端发送该所述第二加密数据,以使终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据。S504. Send the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data.
非对称加密算法在使用过程中会产生一对秘钥,即公钥和私钥,使用公钥加密,使用私钥才能解密。该第二加密数据是该第一加密数据通过公钥计算得到的,由于私钥在发送请求的终端上,因此只有发送请求的终端接收到该第二加密数据后才可以用私钥进行解密。终端接收到第二加密数据后,通过非对称加密算法生成的私钥解密该第二加密数据以得到第一加密数据。由于第一加密数据是通过消息摘要算法计算出来的,无法解密。因此通过非对称加密算法和摘要算法可确保终端解密后得到的第一加密数据是准确的、真实无误的。The asymmetric encryption algorithm will generate a pair of secret keys during use, that is, the public key and the private key. The public key is used for encryption, and the private key can be used for decryption. The second encrypted data is calculated by using the public key of the first encrypted data. Since the private key is on the terminal that sends the request, only the terminal that sent the request can decrypt it with the private key. After receiving the second encrypted data, the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data. Since the first encrypted data is calculated by the message digest algorithm, it cannot be decrypted. Therefore, the asymmetric encryption algorithm and the digest algorithm can ensure that the first encrypted data obtained by the terminal after decryption is accurate and true.
S505,接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据。S505. Receive a second request sent by the terminal, where the second request is used to obtain the generated data.
S506,向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。S506: Send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the first encrypted data and the The third data is encrypted to verify whether the generated data is secure.
通过解密得到的准确的、真实无误的第一加密数据,和利用同一消息摘要算法对接收到的所生成数据进行加密得到的第三加密数据,终端可以验证所生成数据是否安全。达到了对所生成数据的安全进行验证,以保证接收到的所生成数据的安全性。The terminal can verify whether the generated data is secure by decrypting the accurate and authentic first encrypted data and the third encrypted data obtained by encrypting the received generated data by using the same message digest algorithm. The verification of the generated data is achieved to ensure the security of the received generated data.
需要说明的是,服务器根据第一请求后将第一加密数据利用公钥加密后生成第二加密数据并向终端发送第二加密数据,和根据第二请求向终端发送所生成数据中所涉及的步骤顺序跟终端发送的具体请求的先后有关。若终端先发送获取第一加密数据的请求,那么先执行向终端发送第二加密数据所对应的步骤,再执行向终端发送所生成数据所对应的步骤,若终端先发送获取所生成数据的请求,那么先执行向终端发送所生成数据所对应的步骤,再执行向终端发送第 二加密数据所对应的步骤。最后使得终端利用同一消息摘要算法对所生成数据进行加密以得到第三加密数据,并根据该第一加密数据和该第三加密数据来验证所生成数据是否安全。It should be noted that the server encrypts the first encrypted data with the public key after generating the first encrypted data and sends the second encrypted data to the terminal according to the first request, and sends the generated data to the terminal according to the second request. The sequence of steps is related to the sequence of specific requests sent by the terminal. If the terminal sends a request to obtain the first encrypted data first, then execute the steps corresponding to sending the second encrypted data to the terminal, and then execute the steps corresponding to sending the generated data to the terminal. If the terminal sends a request to obtain the generated data first, , Then the steps corresponding to sending the generated data to the terminal are performed first, and then the steps corresponding to sending the second encrypted data to the terminal are performed. Finally, the terminal is caused to use the same message digest algorithm to encrypt the generated data to obtain the third encrypted data, and verify whether the generated data is secure according to the first encrypted data and the third encrypted data.
在一实施例中,所生成数据包括所生成的应用程序版本更新包。在接收应用程序所在终端发送的第一请求前,运行于服务器端的数据安全验证方法还包括:确定所述终端是否满足获取所述应用程序版本更新包的条件并在确定终端满足条件的情况下向所述终端发送确认信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。在一实施例中,如图6所示,所述确定所述终端是否满足获取所述应用程序版本更新包的条件并在确定终端满足条件的情况下向所述终端发送确认信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件的步骤,包括以下步骤S601-S603。In one embodiment, the generated data includes a generated application version update package. Before receiving the first request sent by the terminal where the application is located, the method for data security verification running on the server side further includes: determining whether the terminal meets the conditions for obtaining the application version update package and, if it is determined that the terminal meets the conditions, The terminal sends confirmation information, so that the terminal confirms, based on the received confirmation information sent by the server end, that a condition for acquiring data generated by the server end is satisfied. In an embodiment, as shown in FIG. 6, the determining whether the terminal meets a condition for obtaining the application version update package and sending a confirmation message to the terminal when it is determined that the terminal meets the condition, so that all the The step of confirming that the terminal detects that the condition for acquiring the data generated by the server is met according to the received confirmation information sent by the server includes the following steps S601-S603.
S601,根据所述终端发送的版本号请求向所述终端发送所述应用程序版本号,以使所述终端根据所述应用程序版本号和获取的所述应用程序当前版本号确定所述应用程序是否需进行版本更新。S601. Send the application version number to the terminal according to the version number request sent by the terminal, so that the terminal determines the application program according to the application version number and the obtained current version number of the application program. Whether a version update is required.
S602,若需进行版本更新,根据接收到的所述终端发送的运行环境数据,确定所述终端是否满足获取所述应用程序版本更新包的条件。S602. If a version update is required, determine whether the terminal meets a condition for obtaining the application version update package according to the received operating environment data sent by the terminal.
其中,终端发送的运行环境数据包括网络环境、硬件环境、电量等。其中,网络环境包括终端当前使用的是WIFI网络还是流量,以及若使用的是WIFI网络,对应WIFI网络的网速。硬件环境包括终端涉及的硬件如内存、硬盘、CPU等的剩余量或者占用率等。The operating environment data sent by the terminal includes a network environment, a hardware environment, and power. The network environment includes whether the terminal is currently using a WIFI network or traffic, and if a WIFI network is used, it corresponds to the network speed of the WIFI network. The hardware environment includes the remaining amount or occupancy of the hardware involved in the terminal, such as memory, hard disk, and CPU.
所述根据接收到的所述终端发送的运行环境数据,确定所述终端是否满足获取所述应用程序版本更新包的条件,包括:判断应用程序所在终端当前的网络环境使用的是WIFI网络还是流量;若应用程序所在终端当前的网络环境使用的是流量,确定终端不满足获取应用程序版本更新包的条件;若应用程序所在终端当前的网络环境使用的是WIFI网络,判断终端当前电量是否大于预测的安装版本更新包所消耗的电量;若终端当前电量小于或等于预测的安装版本更新包所消耗的电量;确定终端不满足获取应用程序版本更新包的条件;若终端当前电量大于预测的安装版本更新包所消耗的电量,判断应用程序所在终端硬件 环境中涉及的硬件资源剩余量是否大于预设硬件资源量或者硬件资源占用率是否大于预设硬件占用率;若应用程序所在终端硬件环境中涉及的硬件资源剩余量不大于预设硬件资源量或者硬件资源占用率不大于预设硬件占用率,确定终端不满足获取应用程序版本更新包的条件;若应用程序所在终端硬件环境中涉及的硬件资源剩余量大于预设硬件资源量或者硬件资源占用率大于预设硬件占用率,获取当前WIFI网络的网速;若WIFI网络的网速大于预设网速,确定终端满足获取应用程序版本更新包的条件;若WIFI网络的网速不大于预设网速,确定终端不满足获取应用程序版本更新包的条件。The determining whether the terminal meets the conditions for acquiring the application version update package according to the received operating environment data sent by the terminal includes determining whether the current network environment of the terminal where the application is located is using a WIFI network or traffic. ; If the current network environment of the terminal where the application is located uses traffic, determine that the terminal does not meet the conditions for obtaining the application version update package; if the current network environment of the terminal where the application is located uses a WIFI network, determine whether the current power of the terminal is greater than predicted The amount of power consumed by the installed version update package; if the current power of the terminal is less than or equal to the estimated power of the installed version update package; determine that the terminal does not meet the conditions for obtaining the application version update package; if the current power of the terminal is greater than the predicted installed version The power consumed by the update package to determine whether the remaining hardware resources involved in the hardware environment of the terminal where the application is located are greater than the preset hardware resources or whether the hardware resource occupancy is greater than the preset hardware occupancy; if the hardware environment of the terminal where the application is located involves Hardware The source remaining amount is not greater than the preset hardware resource amount or the hardware resource occupancy rate is not greater than the preset hardware occupancy rate, and it is determined that the terminal does not meet the conditions for obtaining an application version update package; if the hardware resource remaining amount involved in the hardware environment of the terminal where the application is located Get the current network speed of the WIFI network if it is greater than the preset hardware resource amount or the hardware resource occupancy rate is greater than the preset hardware occupancy rate; if the network speed of the WIFI network is greater than the preset network speed, determine that the terminal meets the conditions for obtaining the application version update package; If the network speed of the WIFI network is not greater than the preset network speed, it is determined that the terminal does not meet the conditions for obtaining an application program update package.
预设硬件资源量包括能保证终端正常运行的硬件资源量与版本更新数据大小所涉及的资源量之和。可以理解地,若终端硬件环境中涉及的硬件资源的剩余量不足以用来更新应用程序的版本或者用来更新应用程序的版本后会影响终端的正常运行,那么确定终端不满足获取应用程序版本更新包的条件。确定是否满足条件时,考虑到了WIFI网络的网速,是排除WIFI网络不稳定以及WIFI网络信号极弱的情况。在其他实施例中,终端是否满足获取应用程序版本更新包的条件,还可以结合其他的因素来确定,确定终端是否满足获取应用程序版本更新包的条件还可以用其他的确定方式等。The preset amount of hardware resources includes the sum of the amount of hardware resources that can ensure the normal operation of the terminal and the amount of resources involved in the size of the version update data. Understandably, if the remaining amount of hardware resources involved in the terminal hardware environment is not sufficient to update the version of the application or to update the version of the application will affect the normal operation of the terminal, then it is determined that the terminal does not meet the requirements for obtaining the application version Conditions for updating packages. When determining whether the conditions are met, the network speed of the WIFI network is taken into consideration, which excludes the situation where the WIFI network is unstable and the WIFI network signal is very weak. In other embodiments, whether the terminal meets the conditions for obtaining the application version update package may be determined by combining other factors, and other determination methods may be used to determine whether the terminal meets the conditions for obtaining the application version update package.
其中,终端是否符合版本更新条件由服务器端来确定,是因为考虑到了其他因素和其他确定方式的存在,将相应的确定代码放在服务器端,可方便增加其他因素和其他确定方式的影响,有利于方案的进一步扩展和完善。Among them, whether the terminal meets the version update conditions is determined by the server, because other factors and other determination methods are taken into consideration, and the corresponding determination code is placed on the server side, which can easily increase the impact of other factors and other determination methods. Conducive to the further expansion and improvement of the program.
S603,若确定所述终端满足获取所述应用程序版本更新包的条件,向所述终端发送确定信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。具体地,向所述终端发送确定是否满足获取应用程序版本更新包的条件所对应的参数和值,以使终端根据接收到的参数和值来解析所接收到的参数和值的具体含义。S603. If it is determined that the terminal meets a condition for obtaining the application version update package, send determination information to the terminal, so that the terminal confirms that the acquisition is satisfied based on the confirmation information sent by the server. Conditions for server-generated data. Specifically, the terminal sends parameters and values corresponding to the conditions for determining whether to obtain the application version update package, so that the terminal can analyze the specific meaning of the received parameters and values according to the received parameters and values.
在一些实施例中,无论服务器端确定终端是满足获取应用程序版本更新包的条件还是不满足获取应用程序版本更新包的条件,都向终端发送对应的确认信息。In some embodiments, regardless of whether the server determines that the terminal meets the conditions for obtaining the application version update package or does not meet the conditions for obtaining the application version update package, the corresponding confirmation information is sent to the terminal.
发明实施例还提供了数据安全验证系统,该数据安全验证系统包括以上运行于终端中的任一实施例所述的数据安全验证方法和运行于服务器端的任一实 施例所述的数据安全验证方法。具体,请参看以上对应实施例的内容,在此不再赘述。The embodiment of the invention also provides a data security verification system, which includes the data security verification method described in any one of the above embodiments running on a terminal and the data security verification method described in any one of the embodiments running on a server . Specifically, please refer to the content of the corresponding embodiments above, and details are not described herein again.
图7是本申请实施例提供的一种数据安全验证装置的示意性框图。该装置包括用于执行上述终端的数据安全验证方法所对应的单元,该装置被配置于终端中。如图7所示,该装置70包括秘钥生成单元701、第一请求单元702、加密数据接收单元703、私钥解密单元704、第二请求单元705、生成数据接收单元706、第一摘要加密单元707以及验证单元708。FIG. 7 is a schematic block diagram of a data security verification device according to an embodiment of the present application. The device includes a unit corresponding to a method for performing data security verification of the terminal, and the device is configured in the terminal. As shown in FIG. 7, the device 70 includes a key generation unit 701, a first request unit 702, an encrypted data receiving unit 703, a private key decryption unit 704, a second request unit 705, a generated data receiving unit 706, and a first digest encryption Unit 707 and verification unit 708.
秘钥生成单元701,用于若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥。The key generation unit 701 is configured to generate a pair of a public key and a private key by using an asymmetric encryption algorithm if it is detected that the conditions for obtaining data generated by the server are met.
第一请求单元702,用于向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所生成数据进行加密得到的。A first requesting unit 702 is configured to send a first request to a server, where the first request includes the public key, and the first request is used to obtain first encrypted data on the server, where the first encrypted data It is obtained by the server by encrypting the generated data through the message digest algorithm.
加密数据接收单元703,用于接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的。The encrypted data receiving unit 703 is configured to receive the second encrypted data returned by the server, where the second encrypted data is obtained by the server using the public key to encrypt the first encrypted data.
私钥解密单元704,用于利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据。A private key decryption unit 704 is configured to decrypt the received second encrypted data by using the private key to obtain the first encrypted data.
第二请求单元705,用于向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据。The second request unit 705 is configured to send a second request to the server, where the second request is used to obtain the generated data on the server.
生成数据接收单元706,用于接收服务器端返回的所述所生成数据。The generating data receiving unit 706 is configured to receive the generated data returned by the server.
第一摘要加密单元707,用于将所述所生成数据通过同一消息摘要算法进行加密,以得到第三加密数据。The first digest encryption unit 707 is configured to encrypt the generated data by using a same message digest algorithm to obtain third encrypted data.
验证单元708,用于根据所述第一加密数据和所述第三加密数据来验证接收到的所生成数据是否安全。The verification unit 708 is configured to verify whether the received generated data is secure according to the first encrypted data and the third encrypted data.
在一实施例中,所述运行于终端中的数据安全验证装置还包括:条件检测单元80。其中,如图8所示,所述条件检测单元80,包括:版本号请求单元801、版本号获取单元802、版本更新确定单元803、环境数据发送单元804以及条件接收确定单元805。In an embodiment, the data security verification device running in the terminal further includes a condition detection unit 80. As shown in FIG. 8, the condition detection unit 80 includes: a version number requesting unit 801, a version number obtaining unit 802, a version update determination unit 803, an environment data sending unit 804, and a condition reception determination unit 805.
版本号请求单元801,用于向所述服务器端发送版本号请求,以接收服务 器端根据所述版本号请求返回的所述应用程序版本号;A version number requesting unit 801, configured to send a version number request to the server to receive the application version number returned by the server according to the version number request;
版本号获取单元802,用于获取所述应用程序当前版本号;A version number obtaining unit 802, configured to obtain a current version number of the application program;
版本更新确定单元803,用于根据服务器端返回的所述应用程序版本号和获取的所述应用程序当前版本号确定所述应用程序是否需进行版本更新;A version update determining unit 803, configured to determine whether the application requires a version update according to the application version number returned by the server and the obtained current version number of the application;
环境数据发送单元804,用于若所述应用程序需进行版本更新,向服务器端发送所述应用程序所在终端当前的运行环境数据,以使服务器端根据所述运行环境数据确定终端是否满足获取所述应用程序版本更新包的条件且在终端满足条件的情况下向终端发送确认信息;The environment data sending unit 804 is configured to send the current running environment data of the terminal where the application is located to the server if the application needs to be updated, so that the server can determine whether the terminal meets the requirements of obtaining the Describe the conditions of the application version update package and send confirmation information to the terminal if the terminal meets the conditions;
条件接收确定单元805,用于检测是否接收到服务器端返回的确认信息,以及若接收到服务器端返回的确认信息,确认检测到满足获取服务器端所生成数据的条件。The conditional access determination unit 805 is configured to detect whether the confirmation information returned by the server is received, and if the confirmation information returned by the server is received, confirm that the condition for acquiring the data generated by the server is met.
在一实施例中,如图9所示,验证单元708包括:比对单元901、比对判断单元902以及安全验证单元903。In an embodiment, as shown in FIG. 9, the verification unit 708 includes a comparison unit 901, a comparison determination unit 902, and a security verification unit 903.
比对单元901,用于将所述第一加密数据和所述第三加密数据进行比对;A comparison unit 901, configured to compare the first encrypted data with the third encrypted data;
比对判断单元902,用于根据比对结果判断所述第一加密数据和所述第三加密数据是否相同;A comparison determining unit 902, configured to determine whether the first encrypted data and the third encrypted data are the same according to a comparison result;
安全验证单元903,用于若所述第一加密数据和所述第三加密数据相同,确定接收到的所述所生成数据安全;A security verification unit 903, configured to determine that the generated data received is secure if the first encrypted data and the third encrypted data are the same;
安全验证单元903,还用于若所述第一加密数据和所述第三加密数据不相同,确定接收到的所述所生成数据不安全。The security verification unit 903 is further configured to determine that the generated data received is not secure if the first encrypted data and the third encrypted data are different.
图10是本申请实施例提供的一种数据安全验证装置的示意性框图。该装置包括用于执行上述服务器端的数据安全验证方法所对应的单元,该装置被配置于服务器端中。如图10所示,该装置100包括第二摘要加密单元101、第一请求接收单元102、公钥加密单元103、加密数据发送单元104、第二请求接收单元105以及生成数据发送单元106。FIG. 10 is a schematic block diagram of a data security verification device according to an embodiment of the present application. The device includes a unit corresponding to a method for performing the above-mentioned server-side data security verification method, and the device is configured in the server. As shown in FIG. 10, the device 100 includes a second digest encryption unit 101, a first request reception unit 102, a public key encryption unit 103, an encrypted data transmission unit 104, a second request reception unit 105, and a generated data transmission unit 106.
第二摘要加密单元101,用于若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;A second digest encryption unit 101, configured to: if the generated data is detected, encrypt the generated data by using a message digest algorithm to obtain the first encrypted data;
第一请求接收单元102,用于接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请 求用于获取第一加密数据;A first request receiving unit 102 is configured to receive a first request sent by a terminal where an application is located, where the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain a first key An encrypted data;
公钥加密单元103,用于利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;A public key encryption unit 103, configured to encrypt the first encrypted data by using the public key to obtain second encrypted data;
加密数据发送单元104,用于向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;The encrypted data sending unit 104 is configured to send the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
第二请求接收单元105,用于接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;A second request receiving unit 105, configured to receive a second request sent by the terminal, where the second request is used to obtain the generated data;
生成数据发送单元106,用于向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。A generating data sending unit 106 is configured to send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the first An encrypted data and the third encrypted data to verify whether the generated data is secure.
在一实施例中,所述运行于服务器端的数据安全验证装置还包括:条件确定单元。所述条件确定单元,包括:版本号发送单元、更新条件确定单元、确定数据发送单元。其中,In one embodiment, the data security verification device running on the server side further includes: a condition determination unit. The condition determining unit includes a version number sending unit, an update condition determining unit, and a determining data sending unit. among them,
版本号发送单元,用于根据所述终端发送的版本号请求向所述终端发送所述应用程序版本号,以使所述终端根据所述应用程序版本号和获取的所述应用程序当前版本号确定所述应用程序是否需进行版本更新;A version number sending unit, configured to send the application version number to the terminal according to the version number request sent by the terminal, so that the terminal according to the application version number and the current version number of the application obtained Determining whether the application needs to be updated;
更新条件确定单元,用于若需进行版本更新,根据接收到的所述终端发送的运行环境数据,确定所述终端是否满足获取所述应用程序版本更新包的条件;An update condition determining unit, configured to determine whether the terminal meets a condition for acquiring the application version update package according to the received operating environment data sent by the terminal if a version update is required;
确定数据发送单元,用于若确定所述终端满足获取所述应用程序版本更新包的条件,向所述终端发送确定信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。A determination data sending unit, configured to, if it is determined that the terminal meets a condition for obtaining the application version update package, send determination information to the terminal, so that the terminal is based on the received confirmation information sent by the server end, Confirm that the conditions for obtaining data generated by the server are met.
需要说明的是,所属领域的技术人员可以清楚地了解到,上述数据安全装置和各单元的具体实现过程,可以参考前述方法实施例中的相应描述,为了描述的方便和简洁,在此不再赘述。It should be noted that those skilled in the art can clearly understand that the specific implementation process of the above data security device and each unit can refer to the corresponding description in the foregoing method embodiments. For the convenience and brevity of description, it will not be repeated To repeat.
上述装置可以实现为一种计算机程序的形式,计算机程序可以在如图11所示的计算机设备上运行。The above apparatus may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in FIG. 11.
图11为本申请实施例提供的一种计算机设备的示意性框图。在本实施例 中,该设备110可以为移动电话、膝上型计算机、平板计算机、台式计算机等终端设备。该设备110包括通过系统总线111连接的处理器112、存储器和网络接口113,其中,存储器可以包括非易失性存储介质114和内存储器115。FIG. 11 is a schematic block diagram of a computer device according to an embodiment of the present application. In this embodiment, the device 110 may be a terminal device such as a mobile phone, a laptop computer, a tablet computer, and a desktop computer. The device 110 includes a processor 112, a memory, and a network interface 113 connected through a system bus 111. The memory may include a non-volatile storage medium 114 and an internal memory 115.
该非易失性存储介质114可存储操作系统1141和计算机程序1142。该非易失性存储介质中所存储的计算机程序1142被处理器112执行时,可实现上述终端所实现的数据安全验证方法,如图2、图3、图4所示。该处理器112用于提供计算和控制能力,支撑整个设备110的运行。该内存储器115为非易失性存储介质中的计算机程序的运行提供环境,该计算机程序被处理器112执行时,可使得处理器112执行如上述图2、图3以及图4所示的数据安全验证方法。该网络接口113用于进行网络通信,如接收消息等。本领域技术人员可以理解,图11中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的设备110的限定,具体的设备110可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。The non-volatile storage medium 114 can store an operating system 1141 and a computer program 1142. When the computer program 1142 stored in the non-volatile storage medium is executed by the processor 112, the data security verification method implemented by the terminal can be implemented, as shown in Figs. 2, 3, and 4. The processor 112 is used to provide computing and control capabilities to support the operation of the entire device 110. The internal memory 115 provides an environment for running a computer program in a non-volatile storage medium. When the computer program is executed by the processor 112, the processor 112 can cause the processor 112 to execute data as shown in FIG. 2, FIG. 3, and FIG. 4 described above. Security verification methods. The network interface 113 is used for network communication, such as receiving messages. Those skilled in the art can understand that the structure shown in FIG. 11 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the device 110 to which the solution of the present application is applied. Include more or fewer parts than shown in the figure, or combine certain parts, or have a different arrangement of parts.
其中,所述处理器112用于运行存储在存储器中的计算机程序,以实现前述终端所实现的数据安全验证方法的任一实施例。The processor 112 is configured to run a computer program stored in a memory to implement any embodiment of the data security verification method implemented by the foregoing terminal.
本申请另一实施例还提供了一种计算机设备的示意性框图。在本实施例中,所述设备为服务器。具体请参看图11,该计算机设备包括与图11所示计算机设备相同的结构。该计算机设备与图11所示计算机设备的不同在于,该计算机设备中非易失性存储介质所存储的计算机程序被处理器112执行时,可实现上述服务器端所实现的数据安全验证方法,如图5和图6所示。Another embodiment of the present application also provides a schematic block diagram of a computer device. In this embodiment, the device is a server. Please refer to FIG. 11 for details. The computer device includes the same structure as the computer device shown in FIG. 11. This computer device is different from the computer device shown in FIG. 11 in that when the computer program stored in the non-volatile storage medium in the computer device is executed by the processor 112, the data security verification method implemented on the server side can be implemented, such as Figures 5 and 6 show.
其中,所述处理器112用于运行存储在存储器中的计算机程序,以实现前述服务器端所实现的数据安全验证方法的任一实施例。The processor 112 is configured to run a computer program stored in a memory to implement any embodiment of the data security verification method implemented on the server side.
应当理解,在本申请实施例中,所称处理器112可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that, in the embodiment of the present application, the processor 112 may be a central processing unit (CPU), and the processor may also be another general-purpose processor or a digital signal processor (DSP). , Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
在本申请的另一实施例中提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时,以实现前述终端所实现的数据安全验证方法的任一实施例。In another embodiment of the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program. The computer program includes program instructions. When the program instructions are executed by a processor, To implement any embodiment of the data security verification method implemented by the foregoing terminal.
在本申请的另一实施例中还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时,以实现前述服务器端所实现的数据安全验证方法的任一实施例。In another embodiment of the present application, a computer-readable storage medium is also provided. The computer-readable storage medium stores a computer program, where the computer program includes program instructions, and the program instructions are executed by a processor. To implement any embodiment of the data security verification method implemented on the server.
存储介质包括计算机可读存储介质,所述计算机可读存储介质包括非易失性计算机可读存储介质。所述计算机可读存储介质可以是前述任一实施例所述的终端或者服务器的内部存储单元,例如终端或者服务器的硬盘或内存。所述计算机可读存储介质也可以是所述终端或者服务器的外部存储设备,例如所述终端或者服务器上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡等。进一步地,所述计算机可读存储介质还可以既包括所述终端或者服务器的内部存储单元也包括外部存储设备。The storage medium includes a computer-readable storage medium, and the computer-readable storage medium includes a non-volatile computer-readable storage medium. The computer-readable storage medium may be an internal storage unit of the terminal or the server according to any of the foregoing embodiments, such as a hard disk or a memory of the terminal or the server. The computer-readable storage medium may also be an external storage device of the terminal or server, such as a plug-in hard disk, a Smart Media Card (SMC), and a secure digital (Secure Digital) , SD) card, etc. Further, the computer-readable storage medium may further include both an internal storage unit of the terminal or the server and an external storage device.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置、设备和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的装置、设备、单元以及存储介质被处理器执行的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。In the several embodiments provided in this application, it should be understood that the disclosed apparatus, device, and method may be implemented in other manners. For example, the device embodiments described above are only schematic, and the division of the units is only a logical function division. In actual implementation, there may be another division manner. Those skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific work process performed by the processor on the devices, devices, units, and storage media described above can refer to the corresponding processes in the foregoing method embodiments. This is not repeated here. The above is only a specific implementation of this application, but the scope of protection of this application is not limited to this. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in this application. Modifications or replacements should be covered by the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种数据安全验证方法,应用于终端,其中,所述方法包括:A data security verification method applied to a terminal, wherein the method includes:
    若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;If it is detected that the conditions for obtaining data generated by the server are met, a pair of public and private keys are generated through an asymmetric encryption algorithm;
    向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所述所生成数据进行加密得到的;A first request is sent to the server, where the first request includes the public key, and the first request is used to obtain the first encrypted data of the server, where the first encrypted data is Obtained by encrypting the generated data;
    接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;Receiving the second encrypted data returned by the server, wherein the second encrypted data is obtained by the server encrypting the first encrypted data by using the public key;
    利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;Decrypting the received second encrypted data by using the private key to obtain the first encrypted data;
    向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据;Sending a second request to the server, where the second request is used to obtain the generated data on the server;
    接收服务器端返回的所述所生成数据;Receiving the generated data returned by the server;
    将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;Encrypting the generated data by using the message digest algorithm to obtain third encrypted data;
    根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。Verifying whether the generated data received is secure according to the first encrypted data and the third encrypted data.
  2. 根据权利要求1所述的方法,其中,所述根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全,包括:The method according to claim 1, wherein the verifying whether the generated data received is secure based on the first encrypted data and the third encrypted data comprises:
    将所述第一加密数据和所述第三加密数据进行比对;Comparing the first encrypted data with the third encrypted data;
    根据比对结果判断所述第一加密数据和所述第三加密数据是否相同;Determining whether the first encrypted data and the third encrypted data are the same according to a comparison result;
    若所述第一加密数据和所述第三加密数据相同,确定接收到的所述所生成数据安全;If the first encrypted data and the third encrypted data are the same, determining that the generated data received is safe;
    若所述第一加密数据和所述第三加密数据不相同,确定接收到的所述所生成数据不安全。If the first encrypted data and the third encrypted data are different, it is determined that the generated data received is not secure.
  3. 根据权利要求1所述的方法,其中,所述在检测到满足获取服务器端所生成数据的条件之前,所述方法还包括:若接收到获取指令,检测是否满足获取服务器端所生成数据的条件。The method according to claim 1, wherein before detecting that the conditions for acquiring data generated by the server are met, the method further comprises: if an acquisition instruction is received, detecting whether the conditions for acquiring data generated by the server are met .
  4. 根据权利要求3所述的方法,其中,所述所生成数据包括所生成的应用 程序版本更新包,所述检测是否满足获取服务器端所生成数据的条件,包括:The method according to claim 3, wherein the generated data comprises a generated application version update package, and the detecting whether the condition for obtaining the server-generated data is met comprises:
    向所述服务器端发送版本号请求,以接收服务器端根据所述版本号请求返回的所述应用程序版本号;Sending a version number request to the server to receive the application version number returned by the server according to the version number request;
    获取所述应用程序当前版本号;Obtaining the current version number of the application;
    根据服务器端返回的所述应用程序版本号和获取的所述应用程序当前版本号确定所述应用程序是否需进行版本更新;Determining whether the application requires a version update according to the application version number returned by the server and the obtained current version number of the application;
    若所述应用程序需进行版本更新,向服务器端发送所述应用程序所在终端当前的运行环境数据,以使服务器端根据所述运行环境数据确定终端是否满足获取所述应用程序版本更新包的条件且在终端满足条件的情况下向所述终端发送确认信息;If the application needs to be updated, send the current operating environment data of the terminal where the application is located to the server, so that the server can determine whether the terminal meets the conditions for obtaining the application version update package according to the operating environment data And sending confirmation information to the terminal if the terminal meets the conditions;
    检测是否接收到服务器端返回的所述确认信息;Detecting whether the confirmation information returned by the server is received;
    若接收到服务器端返回的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。If the confirmation information returned by the server is received, it is confirmed that the conditions for obtaining the data generated by the server are met.
  5. 一种数据安全验证方法,应用于服务器端,其中,所述方法包括:A data security verification method applied to a server side, wherein the method includes:
    若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;If the generated data is detected, the generated data is encrypted by a message digest algorithm to obtain the first encrypted data;
    接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;Receiving a first request sent by a terminal where an application is located, wherein the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain first encrypted data;
    利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;Encrypting the first encrypted data by using the public key to obtain second encrypted data;
    向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;Sending the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
    接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;Receiving a second request sent by the terminal, where the second request is used to obtain the generated data;
    向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。Sending the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain a third encrypted data, and according to the first encrypted data and the third encrypted data The data is encrypted to verify that the generated data is secure.
  6. 根据权利要求5所述的方法,其中,所述所生成数据包括所生成的应用程序版本更新包,在所述接收应用程序所在终端发送的第一请求之前,所述方法还包括:确定所述终端是否满足获取所述应用程序版本更新包的条件并在确 定终端满足条件的情况下向所述终端发送确认信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。The method according to claim 5, wherein the generated data comprises a generated application version update package, and before the receiving a first request sent by a terminal where the application is located, the method further comprises: determining the Whether the terminal meets the conditions for obtaining the application version update package and sends a confirmation message to the terminal if it is determined that the terminal meets the conditions, so that the terminal confirms detection based on the confirmation information sent by the server To meet the conditions to obtain the data generated by the server.
  7. 一种数据安全验证装置,包括:A data security verification device includes:
    秘钥生成单元,用于若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;A secret key generating unit, configured to generate a pair of a public key and a private key through an asymmetric encryption algorithm if it is detected that the conditions for obtaining data generated by the server are met;
    第一请求单元,用于向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所述所生成数据进行加密得到的;A first request unit, configured to send a first request to a server, wherein the first request includes the public key, and the first request is used to obtain first encrypted data on the server, where the first encrypted data is The server end encrypts the generated data by using a message digest algorithm;
    加密数据接收单元,用于接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;An encrypted data receiving unit configured to receive the second encrypted data returned by the server, wherein the second encrypted data is obtained by the server encrypting the first encrypted data by using the public key;
    私钥解密单元,用于利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;A private key decryption unit, configured to decrypt the received second encrypted data by using the private key to obtain the first encrypted data;
    第二请求单元,用于向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据;A second request unit, configured to send a second request to the server, where the second request is used to obtain the generated data on the server;
    生成数据接收单元,用于接收服务器端返回的所述所生成数据;A generating data receiving unit, configured to receive the generated data returned by the server;
    第一摘要加密单元,用于将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;A first digest encryption unit, configured to encrypt the generated data by using the message digest algorithm to obtain third encrypted data;
    验证单元,用于根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。A verification unit, configured to verify whether the generated data received is safe according to the first encrypted data and the third encrypted data.
  8. 根据权利要求7所述的数据安全验证装置,其中,所述验证单元包括:The data security verification device according to claim 7, wherein the verification unit comprises:
    比对单元,用于将所述第一加密数据和所述第三加密数据进行比对;A comparison unit, configured to compare the first encrypted data with the third encrypted data;
    比对判断单元,用于根据比对结果判断所述第一加密数据和所述第三加密数据是否相同;A comparison determining unit, configured to determine whether the first encrypted data and the third encrypted data are the same according to a comparison result;
    安全验证单元,用于若所述第一加密数据和所述第三加密数据相同,确定接收到的所述所生成数据安全;A security verification unit, configured to determine that the generated data received is secure if the first encrypted data and the third encrypted data are the same;
    安全验证单元,还用于若所述第一加密数据和所述第三加密数据不相同,确定接收到的所述所生成数据不安全。The security verification unit is further configured to determine that the generated data received is not secure if the first encrypted data and the third encrypted data are different.
  9. 一种数据安全验证装置,包括:A data security verification device includes:
    第二摘要加密单元,用于若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;A second digest encryption unit, configured to: if the generated data is detected, encrypt the generated data by using a message digest algorithm to obtain the first encrypted data;
    第一请求接收单元,用于接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;A first request receiving unit, configured to receive a first request sent by a terminal where an application is located, wherein the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain a first Encrypted data
    公钥加密单元,用于利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;A public key encryption unit, configured to encrypt the first encrypted data by using the public key to obtain second encrypted data;
    加密数据发送单元,用于向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;An encrypted data sending unit, configured to send the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
    第二请求接收单元,用于接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;A second request receiving unit, configured to receive a second request sent by the terminal, where the second request is used to obtain the generated data;
    生成数据发送单元,用于向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。A generating data sending unit, configured to send the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain third encrypted data, and according to the first The encrypted data and the third encrypted data are used to verify whether the generated data is secure.
  10. 一种数据安全验证系统,包括服务器端以及至少一终端,其中,所述终端用于执行如下步骤:A data security verification system includes a server and at least one terminal, where the terminal is configured to perform the following steps:
    若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;If it is detected that the conditions for obtaining data generated by the server are met, a pair of public and private keys are generated through an asymmetric encryption algorithm;
    向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所述所生成数据进行加密得到的;A first request is sent to the server, where the first request includes the public key, and the first request is used to obtain the first encrypted data of the server, where the first encrypted data is Obtained by encrypting the generated data;
    接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;Receiving the second encrypted data returned by the server, wherein the second encrypted data is obtained by the server encrypting the first encrypted data by using the public key;
    利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;Decrypting the received second encrypted data by using the private key to obtain the first encrypted data;
    向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据;Sending a second request to the server, where the second request is used to obtain the generated data on the server;
    接收服务器端返回的所述所生成数据;Receiving the generated data returned by the server;
    将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;Encrypting the generated data by using the message digest algorithm to obtain third encrypted data;
    根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。Verifying whether the generated data received is secure according to the first encrypted data and the third encrypted data.
    所述服务器端用于执行如下步骤:The server is used to perform the following steps:
    若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;If the generated data is detected, the generated data is encrypted by a message digest algorithm to obtain the first encrypted data;
    接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;Receiving a first request sent by a terminal where an application is located, wherein the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain first encrypted data;
    利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;Encrypting the first encrypted data by using the public key to obtain second encrypted data;
    向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;Sending the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
    接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;Receiving a second request sent by the terminal, where the second request is used to obtain the generated data;
    向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。Sending the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain a third encrypted data, and according to the first encrypted data and the third encrypted data The data is encrypted to verify that the generated data is secure.
  11. 一种计算机设备,包括存储器,以及与所述存储器相连的处理器;其中,A computer device includes a memory and a processor connected to the memory; wherein,
    所述存储器用于存储计算机程序;所述处理器用于运行所述存储器中存储的计算机程序,以执行如下步骤:The memory is used to store a computer program; the processor is used to run the computer program stored in the memory to perform the following steps:
    若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;If it is detected that the conditions for obtaining data generated by the server are met, a pair of public and private keys are generated through an asymmetric encryption algorithm;
    向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消息摘要算法将所述所生成数据进行加密得到的;A first request is sent to the server, where the first request includes the public key, and the first request is used to obtain the first encrypted data of the server, where the first encrypted data is Obtained by encrypting the generated data;
    接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;Receiving the second encrypted data returned by the server, wherein the second encrypted data is obtained by the server encrypting the first encrypted data by using the public key;
    利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;Decrypting the received second encrypted data by using the private key to obtain the first encrypted data;
    向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据;Sending a second request to the server, where the second request is used to obtain the generated data on the server;
    接收服务器端返回的所述所生成数据;Receiving the generated data returned by the server;
    将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;Encrypting the generated data by using the message digest algorithm to obtain third encrypted data;
    根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。Verifying whether the generated data received is secure according to the first encrypted data and the third encrypted data.
  12. 根据权利要求11所述的计算机设备,其中,所述处理器在执行所述根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全的步骤时,具体执行如下步骤:The computer device according to claim 11, wherein, when the processor executes the step of verifying whether the generated data received is secure based on the first encrypted data and the third encrypted data, Perform the following steps:
    将所述第一加密数据和所述第三加密数据进行比对;Comparing the first encrypted data with the third encrypted data;
    根据比对结果判断所述第一加密数据和所述第三加密数据是否相同;Determining whether the first encrypted data and the third encrypted data are the same according to a comparison result;
    若所述第一加密数据和所述第三加密数据相同,确定接收到的所述所生成数据安全;If the first encrypted data and the third encrypted data are the same, determining that the generated data received is safe;
    若所述第一加密数据和所述第三加密数据不相同,确定接收到的所述所生成数据不安全。If the first encrypted data and the third encrypted data are different, it is determined that the generated data received is not secure.
  13. 根据权利要求11所述的计算机设备,其中,所述处理器在执行所述检测到满足获取服务器端所生成数据的条件的步骤之前,还执行如下步骤:若接收到获取指令,检测是否满足获取服务器端所生成数据的条件。The computer device according to claim 11, wherein before executing the step of detecting that the conditions for obtaining data generated by the server are met, the processor further performs the following step: if an acquisition instruction is received, detecting whether the acquisition is satisfied Conditions for server-generated data.
  14. 根据权利要求13所述的计算机设备,其中,所述所生成数据包括所生成的应用程序版本更新包,所述处理器在执行所述检测是否满足获取服务器端所生成数据的条件的步骤时,具体执行如下步骤:The computer device according to claim 13, wherein the generated data includes a generated application version update package, and when the processor executes the step of detecting whether a condition for acquiring the server-generated data is met, Perform the following steps:
    向所述服务器端发送版本号请求,以接收服务器端根据所述版本号请求返回的所述应用程序版本号;Sending a version number request to the server to receive the application version number returned by the server according to the version number request;
    获取所述应用程序当前版本号;Obtaining the current version number of the application;
    根据服务器端返回的所述应用程序版本号和获取的所述应用程序当前版本号确定所述应用程序是否需进行版本更新;Determining whether the application requires a version update according to the application version number returned by the server and the obtained current version number of the application;
    若所述应用程序需进行版本更新,向服务器端发送所述应用程序所在终端当前的运行环境数据,以使服务器端根据所述运行环境数据确定终端是否满足获取所述应用程序版本更新包的条件且在终端满足条件的情况下向所述终端发送确认信息;If the application needs to be updated, send the current operating environment data of the terminal where the application is located to the server, so that the server can determine whether the terminal meets the conditions for obtaining the application version update package according to the operating environment data And sending confirmation information to the terminal if the terminal meets the conditions;
    检测是否接收到服务器端返回的所述确认信息;Detecting whether the confirmation information returned by the server is received;
    若接收到服务器端返回的所述确认信息,确认检测到满足获取服务器端所 生成数据的条件。If the confirmation information returned by the server is received, it is confirmed that the conditions for obtaining the data generated by the server are met.
  15. 一种计算机设备,包括存储器,以及与所述存储器相连的处理器;其中,A computer device includes a memory and a processor connected to the memory; wherein,
    所述存储器用于存储计算机程序;所述处理器用于运行所述存储器中存储的计算机程序,以执行如下步骤:The memory is used to store a computer program; the processor is used to run the computer program stored in the memory to perform the following steps:
    若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;If the generated data is detected, the generated data is encrypted by a message digest algorithm to obtain the first encrypted data;
    接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;Receiving a first request sent by a terminal where an application is located, wherein the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain first encrypted data;
    利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;Encrypting the first encrypted data by using the public key to obtain second encrypted data;
    向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;Sending the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
    接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;Receiving a second request sent by the terminal, where the second request is used to obtain the generated data;
    向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。Sending the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain a third encrypted data, and according to the first encrypted data and the third encrypted data The data is encrypted to verify that the generated data is secure.
  16. 根据权利要求15所述的计算机设备,其中,所述所生成数据包括所生成的应用程序版本更新包,所述处理器在执行所述接收应用程序所在终端发送的第一请求的步骤之前,还执行如下步骤:确定所述终端是否满足获取所述应用程序版本更新包的条件并在确定终端满足条件的情况下向所述终端发送确认信息,以使所述终端根据接收到的服务器端发送的所述确认信息,确认检测到满足获取服务器端所生成数据的条件。The computer device according to claim 15, wherein the generated data includes a generated application version update package, and the processor further executes the step of receiving the first request sent by the terminal where the application is located, and Perform the following steps: determine whether the terminal meets the conditions for obtaining the application version update package and send a confirmation message to the terminal if it is determined that the terminal meets the conditions, so that the terminal is based on the received The confirmation information confirms that a condition that the data generated by the server is obtained is detected to be satisfied.
  17. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令被处理器执行时,实现如下步骤:A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, the following steps are implemented:
    若检测到满足获取服务器端所生成数据的条件,通过非对称加密算法生成一对公钥和私钥;If it is detected that the conditions for obtaining data generated by the server are met, a pair of public and private keys are generated through an asymmetric encryption algorithm;
    向服务器端发送第一请求,其中,所述第一请求包括所述公钥,所述第一请求用于获取服务器端的第一加密数据,所述第一加密数据是服务器端通过消 息摘要算法将所述所生成数据进行加密得到的;A first request is sent to the server, where the first request includes the public key, and the first request is used to obtain the first encrypted data of the server, where the first encrypted data is Obtained by encrypting the generated data;
    接收服务器端返回的第二加密数据,其中,所述第二加密数据是服务器端利用所述公钥将所述第一加密数据进行加密得到的;Receiving the second encrypted data returned by the server, wherein the second encrypted data is obtained by the server encrypting the first encrypted data by using the public key;
    利用所述私钥解密接收到的所述第二加密数据,以得到所述第一加密数据;Decrypting the received second encrypted data by using the private key to obtain the first encrypted data;
    向服务器端发送第二请求,所述第二请求用于获取服务器端的所述所生成数据;Sending a second request to the server, where the second request is used to obtain the generated data on the server;
    接收服务器端返回的所述所生成数据;Receiving the generated data returned by the server;
    将所述所生成数据通过所述消息摘要算法进行加密,以得到第三加密数据;Encrypting the generated data by using the message digest algorithm to obtain third encrypted data;
    根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全。Verifying whether the generated data received is secure according to the first encrypted data and the third encrypted data.
  18. 根据权利要求17所述的计算机可读存储介质,其中,所述处理器在执行所述根据所述第一加密数据和所述第三加密数据来验证接收到的所述所生成数据是否安全的步骤时,具体执行如下步骤:The computer-readable storage medium of claim 17, wherein the processor is executing the first encrypted data and the third encrypted data to verify whether the generated data is secure. When performing the steps, perform the following steps:
    将所述第一加密数据和所述第三加密数据进行比对;Comparing the first encrypted data with the third encrypted data;
    根据比对结果判断所述第一加密数据和所述第三加密数据是否相同;Determining whether the first encrypted data and the third encrypted data are the same according to a comparison result;
    若所述第一加密数据和所述第三加密数据相同,确定接收到的所述所生成数据安全;If the first encrypted data and the third encrypted data are the same, determining that the generated data received is safe;
    若所述第一加密数据和所述第三加密数据不相同,确定接收到的所述所生成数据不安全。If the first encrypted data and the third encrypted data are different, it is determined that the generated data received is not secure.
  19. 根据权利要求17所述的计算机可读存储介质,其中,所述处理器在执行所述在检测到满足获取服务器端所生成数据的条件的步骤之前,还执行如下步骤:若接收到获取指令,检测是否满足获取服务器端所生成数据的条件。The computer-readable storage medium according to claim 17, wherein before executing the step of detecting that the conditions for acquiring data generated by the server are met, the processor further performs the following steps: if an acquisition instruction is received, Check whether the conditions for obtaining data generated by the server are met.
  20. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令被处理器执行时,实现如下步骤:A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, the following steps are implemented:
    若检测到生成数据,通过消息摘要算法将所生成数据进行加密,以得到第一加密数据;If the generated data is detected, the generated data is encrypted by a message digest algorithm to obtain the first encrypted data;
    接收应用程序所在终端发送的第一请求,其中,所述第一请求包括所述终端使用非对称加密算法生成的公钥,所述第一请求用于获取第一加密数据;Receiving a first request sent by a terminal where an application is located, wherein the first request includes a public key generated by the terminal using an asymmetric encryption algorithm, and the first request is used to obtain first encrypted data;
    利用所述公钥将所述第一加密数据进行加密,以得到第二加密数据;Encrypting the first encrypted data by using the public key to obtain second encrypted data;
    向所述终端发送第二加密数据,以使所述终端通过所述非对称加密算法生成的私钥解密所述第二加密数据以得到所述第一加密数据;Sending the second encrypted data to the terminal, so that the terminal decrypts the second encrypted data by using the private key generated by the asymmetric encryption algorithm to obtain the first encrypted data;
    接收所述终端发送的第二请求,其中,所述第二请求用于获取所述所生成数据;Receiving a second request sent by the terminal, where the second request is used to obtain the generated data;
    向所述终端发送所述所生成数据,以使所述终端利用所述消息摘要算法对所述所生成数据进行加密以得到第三加密数据,并根据所述第一加密数据和所述第三加密数据来验证所述所生成数据是否安全。Sending the generated data to the terminal, so that the terminal uses the message digest algorithm to encrypt the generated data to obtain a third encrypted data, and according to the first encrypted data and the third encrypted data The data is encrypted to verify that the generated data is secure.
PCT/CN2018/109490 2018-06-22 2018-10-09 Data security verification method, apparatus and system, and computer device and storage medium WO2019242163A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810649623.XA CN108848094B (en) 2018-06-22 2018-06-22 Data security verification method, device, system, computer equipment and storage medium
CN201810649623.X 2018-06-22

Publications (1)

Publication Number Publication Date
WO2019242163A1 true WO2019242163A1 (en) 2019-12-26

Family

ID=64203378

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/109490 WO2019242163A1 (en) 2018-06-22 2018-10-09 Data security verification method, apparatus and system, and computer device and storage medium

Country Status (2)

Country Link
CN (1) CN108848094B (en)
WO (1) WO2019242163A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114047947B (en) * 2022-01-13 2022-04-15 中科亿海微电子科技(苏州)有限公司 Method for controlling program version of circuit board card with double FPGA (field programmable Gate array) architectures
CN115580447A (en) * 2022-09-23 2023-01-06 中国测绘科学研究院 Safety design method and device for main control system of surveying and mapping remote sensing sensor of unmanned aerial vehicle

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036872A (en) * 2012-11-19 2013-04-10 华为技术有限公司 Method, equipment and system for encryption and decryption of data transmission
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1860817B1 (en) * 2006-05-26 2009-03-25 Sap Ag Method and system for protecting data of a mobile agent within a network system
CN102006303B (en) * 2010-12-06 2013-06-05 河海大学 Method and terminal for increasing data transmission safety by using multi-encryption method
CN102624740B (en) * 2012-03-30 2016-05-11 北京奇虎科技有限公司 A kind of data interactive method and client, server
CN103731270B (en) * 2013-12-25 2017-02-08 华南理工大学 Communication data encryption and decryption method based on BBS, RSA and SHA-1 encryption algorithm
CN106203071A (en) * 2016-06-30 2016-12-07 浪潮(北京)电子信息产业有限公司 A kind of firmware upgrade method and device
CN106506470B (en) * 2016-10-31 2018-07-27 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN107948189B (en) * 2017-12-19 2020-10-30 数安时代科技股份有限公司 Asymmetric password identity authentication method and device, computer equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036872A (en) * 2012-11-19 2013-04-10 华为技术有限公司 Method, equipment and system for encryption and decryption of data transmission
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer

Also Published As

Publication number Publication date
CN108848094B (en) 2021-04-16
CN108848094A (en) 2018-11-20

Similar Documents

Publication Publication Date Title
US10116645B1 (en) Controlling use of encryption keys
CN111193695B (en) Encryption method and device for third party account login and storage medium
WO2021022701A1 (en) Information transmission method and apparatus, client terminal, server, and storage medium
CN110492990B (en) Private key management method, device and system under block chain scene
US10708047B2 (en) Computer-readable recording medium storing update program and update method, and computer-readable recording medium storing management program and management method
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
CN114024710B (en) Data transmission method, device, system and equipment
US20140096213A1 (en) Method and system for distributed credential usage for android based and other restricted environment devices
US11050570B1 (en) Interface authenticator
US10003467B1 (en) Controlling digital certificate use
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
CN112055004A (en) Data processing method and system based on small program
CN108199847B (en) Digital security processing method, computer device, and storage medium
KR20210151016A (en) Key protection processing method, apparatus, device and storage medium
WO2018112482A1 (en) Method and system for distributing attestation key and certificate in trusted computing
CN112073433B (en) SSL certificate updating method and device, electronic equipment and storage medium
CN111316596A (en) Encryption chip with identity authentication
CN111414640B (en) Key access control method and device
CN112966287A (en) Method, system, device and computer readable medium for acquiring user data
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
WO2019242163A1 (en) Data security verification method, apparatus and system, and computer device and storage medium
CN113282951B (en) Application program security verification method, device and equipment
US11671251B1 (en) Application programming interface to generate data key pairs
CN115549930B (en) Verification method for logging in operating system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18923710

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18923710

Country of ref document: EP

Kind code of ref document: A1