WO2021022701A1 - Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations - Google Patents

Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations Download PDF

Info

Publication number
WO2021022701A1
WO2021022701A1 PCT/CN2019/116768 CN2019116768W WO2021022701A1 WO 2021022701 A1 WO2021022701 A1 WO 2021022701A1 CN 2019116768 W CN2019116768 W CN 2019116768W WO 2021022701 A1 WO2021022701 A1 WO 2021022701A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
server
encrypted
aes key
key
Prior art date
Application number
PCT/CN2019/116768
Other languages
English (en)
Chinese (zh)
Inventor
林伟彬
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021022701A1 publication Critical patent/WO2021022701A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Definitions

  • This application relates to the field of computer technology, in particular to an information transmission method, device, client, server and storage medium.
  • An information transmission method applied to a client the client communicates with a server, and the method includes: sending request information to the server to obtain an RSA public key; receiving login information for accessing a business system, and generating a first An AES key; the login information and the first AES key are encrypted by the RSA public key, and the encrypted information is sent to the server, so that the server confirms that the login information is accurate Generate confirmation information and the second AES key; receive the encrypted confirmation information and the second AES key sent by the server; decrypt the encrypted confirmation information and the second AES key by the first AES key Obtain a second AES key; receive a service request for access to the service system; encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, The server generates a response message after processing the service request according to the original message.
  • An information transmission method applied to a server the server communicates with a client, and the method includes: receiving request information sent by the client, and generating an RSA public key and an RSA private key; sending the RSA public key Key to the client; receive the login information and the first AES key encrypted by the RSA public key from the client; decrypt the login information and the first AES key by the RSA private key; confirm the Whether the login information is accurate; generate confirmation information and a second AES key when the login information is accurate; encrypt the confirmation information and the second AES key by the first AES key, and send the encrypted confirmation Information and the second AES key to the client; receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message; pass the second The AES key encrypts the response message, and sends the encrypted response message to the client.
  • An information transmission device which runs in a client, and is connected to a server in communication.
  • the device includes: a sending module for sending request information to the server to obtain an RSA public key; a receiving module for receiving Access the login information of the business system and generate the first AES key; the encryption module is used to encrypt the login information and the first AES key with the RSA public key, and send the encrypted information to the The server, which causes the server to generate confirmation information and a second AES key after confirming that the login information is accurate; the receiving module is also used to receive the encrypted confirmation information and the second AES key sent by the server;
  • the decryption module is configured to decrypt the encrypted confirmation information and the second AES key using the first AES key to obtain a second AES key; the receiving module is also configured to receive access to the business system The service request; the encryption module is also used to encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, so that the server according to the The original message generates a
  • An information transmission device runs in a server, and the server is in communication connection with a client.
  • the device includes a receiving module for receiving request information sent by the client and generating an RSA public key and an RSA private key;
  • the sending module is used to send the RSA public key to the client;
  • the receiving module is also used to receive the login information encrypted by the RSA public key and the first AES key sent by the client;
  • the decryption module It is used to decrypt the login information and the first AES key by the RSA private key;
  • the confirmation module is used to confirm whether the login information is accurate;
  • the generation module is used to generate the confirmation information and the first AES key when the login information is accurate.
  • Two AES key an encryption module for encrypting the confirmation information and the second AES key by the first AES key, and sending the encrypted confirmation information and the second AES key to the client
  • the receiving module is also configured to receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message; the sending module also uses Yu encrypts the response message with the second AES key, and sends the encrypted response message to the client.
  • a client the client is in communication connection with a server, the client includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps: send request information to The server obtains the RSA public key; receives the login information for accessing the business system and generates the first AES key; encrypts the login information and the first AES key by the RSA public key, and encrypts Send the information of, to the server, so that the server generates confirmation information and a second AES key after confirming that the login information is accurate; receives the encrypted confirmation information and the second AES key sent by the server; Use the first AES key to decrypt the encrypted confirmation information and the second AES key to obtain a second AES key; receive a service request for access to the service system; use the second AES key pair
  • the original message of the service request is encrypted, and the encrypted original message is sent to the server, so that the server generates a response message after processing the service request according to the original message.
  • a server the server is in communication connection with the client, the server includes a processor and a memory, and the processor is configured to execute at least one computer-readable instruction stored in the memory to implement the following steps: And generate the RSA public key and the RSA private key; send the RSA public key to the client; receive the login information and the first AES key encrypted by the RSA public key from the client; The RSA private key decrypts the login information and the first AES key; confirms whether the login information is accurate; generates confirmation information and a second AES key when the login information is accurate; encrypts by the first AES key The confirmation information and the second AES key, and send the encrypted confirmation information and the second AES key to the client; receive the original message of the service request encrypted by the second AES key, according to The original message generates a response message after processing the service request; encrypts the response message with a second AES key, and sends the encrypted response message to the client.
  • a non-volatile readable storage medium stores at least one computer readable instruction, and when the at least one computer readable instruction is executed by a processor, the following steps are implemented: sending request information To the server to obtain the RSA public key; receive the login information for accessing the business system, and generate the first AES key; encrypt the login information and the first AES key by the RSA public key, and encrypt The latter information is sent to the server, so that the server generates confirmation information and a second AES key after confirming that the login information is accurate; receives the encrypted confirmation information and the second AES key sent by the server Decrypt the encrypted confirmation information and the second AES key by the first AES key to obtain the second AES key; receive the service request for access to the service system; pass the second AES key Encrypt the original message of the service request, and send the encrypted original message to the server, so that the server generates a response message after processing the service request according to the original message.
  • a non-volatile readable storage medium storing at least one computer readable instruction, and when the at least one computer readable instruction is executed by a processor, the following steps are implemented:
  • the information transmission method, device, client, server, and storage medium provided by this application first transmit key information (such as login information) through asymmetric encryption, and then transfer non-key information (such as confirmation information). ) Transmission through symmetric encryption, to achieve the effect of improving information transmission efficiency and improving information security.
  • key information such as login information
  • non-key information such as confirmation information
  • FIG. 1 is a diagram of the application environment architecture of the information transmission method provided in the first embodiment of the present application.
  • Fig. 2 is a flowchart of a method for information transmission provided in the second embodiment of the present application.
  • Fig. 3 is a flowchart of a method for information transmission provided in the third embodiment of the present application.
  • FIG. 4 is a structural diagram of an information transmission device provided by Embodiment 4 of the present application.
  • FIG. 5 is a structural diagram of an information transmission device provided in Embodiment 5 of the present application.
  • FIG. 6 is a schematic diagram of a client provided in Embodiment 6 of the present application.
  • FIG. 7 is a schematic diagram of a server provided by Embodiment 7 of the present application.
  • FIG. 1 is a structural diagram of the application environment of the information transmission method provided in Embodiment 1 of this application.
  • the information transmission method used for testing of this application is applied in the environment formed by the client 1 and the server 2.
  • the client 1 and the server 2 are connected through a wired or wireless network communication.
  • the wired network can be any type of traditional wired communication, such as the Internet and a local area network.
  • the wireless network can be any type of traditional wireless communication, such as radio, wireless fidelity (Wireless Fidelity, WIFI), cellular, satellite, broadcast, etc.
  • the client 1 may include a personal computer (Personal Computer, PC), a personal digital assistant (Personal Digital Assistant, PDA), a wireless handheld device, a tablet computer (Tablet Computer), a smart phone, etc.
  • PC Personal Computer
  • PDA Personal Digital Assistant
  • the foregoing client 1 is merely an example, not an exhaustive list, and includes but is not limited to the foregoing terminal.
  • the client 1 can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device.
  • a business system is installed on the client 1, and when a user needs to perform business processing through the business system, the client 1 can send a business request to the server 2 through the business system.
  • the server 2 may be a banking system server, such as a Ping An Banking system server.
  • the server 2 is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, an application specific integrated circuit (application license Specific Integrated Circuit). , ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processor (Digital Signal Processor, DSP), embedded equipment, etc.
  • ASIC application specific integrated circuit
  • FPGA Field-Programmable Gate Array
  • DSP Digital Signal Processor
  • embedded equipment etc.
  • Fig. 2 is a flowchart of the information transmission method provided in the second embodiment of the present application.
  • the information transmission method can be applied to the client.
  • the function of multi-device management for testing provided by the method of this application can be directly integrated on the client.
  • the client or run on the client in the form of a software development kit (SDK).
  • SDK software development kit
  • the information transmission method specifically includes the following steps. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • Step S21 Send the request information to the server to obtain the RSA public key.
  • the client sends request information to the server, and the server generates an RSA public key and an RSA private key after receiving the request information, and sends the RSA public key to the Client.
  • the RSA (Rivest Shamir Adleman) encryption technology is an asymmetric encryption algorithm that requires a pair of keys (a public key and a private key), the public key is used for encryption, and the private key is used for decryption.
  • the key distribution of the RSA encryption technology is very convenient, and the user's public key can be disclosed like a telephone number, which is convenient to use. Each user only needs a pair of keys to realize confidential communication with any user in the network.
  • the encryption principle of the RSA encryption technology is based on a one-way function. It is impossible for an illegal receiver to use the public key to calculate the secret key within a limited time, and the confidentiality is good.
  • RSA encryption technology has the disadvantage of slow encryption speed.
  • key information such as login information for logging in to the business system
  • key information can be encrypted by RSA encryption technology.
  • Step S22 Receive login information for accessing the service system, and generate a first AES key.
  • the client when the user accesses the business system in the client, the client receives the login information of the user to access the business system.
  • the login information includes at least information such as account number and password.
  • the user logs in to the business system in the client he needs to enter an account and password, and the account and password are key information for the user to access the business system.
  • key information can be encrypted by RSA and then transmitted, and non-key information can be encrypted by AES and then transmitted, thereby improving information transmission efficiency and improving information security.
  • the AES Advanced Encryption Standard
  • the AES encryption algorithm process involves four operations, namely byte substitution, row shift, column confusion, and round key addition.
  • the decryption process is the corresponding inverse operation. Since each operation is reversible, the plaintext can be recovered by decrypting in the reverse order.
  • the AES has the advantage of fast encryption speed.
  • the key information is encrypted by RSA encryption technology with high confidentiality to prevent the key information from being stolen during transmission.
  • it can be encrypted with the AES encryption algorithm to increase the encryption speed.
  • the client will temporarily generate the first AES key.
  • the client randomly generates the first AES key. Therefore, the leakage of the first AES key can be prevented, and the security of information transmission can be improved.
  • Step S23 Encrypt the login information and the first AES key with the RSA public key, and send the encrypted information to the server, so that the server generates a confirmation after confirming that the login information is accurate Information and the second AES key.
  • the server randomly generates the second AES key.
  • the login information (such as account number and password) is generally not allowed to be transmitted in plain text. Therefore, in this solution, the login information is encrypted by the RSA public key, and then the encrypted information is sent to the server. If the RSA-encrypted login information is stolen during the transmission process, because there is no corresponding RSA private key, the encrypted login information cannot be RSA decrypted, and the login information cannot be obtained.
  • the server After the server receives the login information and the first AES key encrypted by the RSA encryption algorithm sent by the client, it decrypts the encrypted login information and the first AES key by the corresponding RSA private key , To obtain the corresponding information before encryption (such as the first AES key and account number, password, etc.).
  • the server verifies whether the user's identity meets the requirements by verifying whether the login information is accurate.
  • the server will generate the corresponding second AES key and confirmation information. Then use the first AES key previously received from the client to perform AES encryption (symmetric encryption) on the second AES key and confirmation information that needs to be returned to the client.
  • AES encryption symmetric encryption
  • the confirmation information is a piece of feedback information generated after verifying that the login information is accurate.
  • the step for the server to verify whether the login information is accurate includes:
  • the server also stores user information corresponding to the login information, and the user information can be returned to the client through the confirmation information. Therefore, the confirmation information may also include user information, for example, user name, department and other information.
  • Step S24 Receive the encrypted confirmation information and the second AES key sent by the server.
  • the server after confirming that the login information is accurate, the server generates confirmation information and a second AES key, and then encrypts the confirmation information and the second AES key by the first AES key, And send the encrypted confirmation information and the second AES key to the client.
  • Step S25 Decrypt the encrypted confirmation information and the second AES key by the first AES key to obtain the second AES key.
  • the client uses the first AES key to perform AES decryption, thereby obtaining the second AES key key and confirmation information returned from the server. Therefore, the information in the service request process is encrypted by the second AES key, so as to increase the information transmission speed.
  • the above steps S21-S25 can realize that when the user logs in to the business system, the key login information can be encrypted by RSA to ensure the security of the login information, and then the non-key confirmation information can be encrypted by AES to ensure both the client and the server
  • the security of information transmission between the two can also take into account the efficiency of information transmission.
  • the parameters in the business request process can be encrypted and transmitted only through the official AES encryption key generated by the server, avoiding slow encryption speed RSA encryption, which can greatly increase the speed of information transmission.
  • the formal AES encryption key is generated by the server and can be changed at any time.
  • Step S26 Receive a service request for access to the service system.
  • the service request to the service system is started. For example, after logging in to Ping An Bank's system, a user executes a business request for checking balance.
  • the original message of the service request is encrypted by the second AES key, and the encrypted information is sent To the server.
  • the service request is generally an http request, and the request parameters in the http request are transmitted in the form of URL or request body.
  • request parameters are easily intercepted and tampered. Therefore, it is necessary to sign the request parameters, and then verify the request parameters at the request recipient (such as the server) to ensure that the two signatures are the same. After the verification is passed, the request processor can perform business logic processing.
  • signing and verification can only solve the problem of parameter tampering during request transmission, and cannot solve the security problem of sensitive parameter transmission. Therefore, in this case, the original message of the service request is encrypted by the second AES key to ensure information security.
  • the client generates a message digest from the original message text through a hash function, and then encrypts the digest with the second AES key, and what is obtained is the number corresponding to the original message signature.
  • the client will send the digital signature and the original message to the server together.
  • the validity of the signature can be set. For example, if the signature is set to check (signature verification) once, it becomes invalid, so even if the digital signature and the original message are stolen by an intermediary, it is impossible to initiate a request to the server again.
  • Step S27 Encrypt the original message of the service request by the second AES key, and send the encrypted original message to the server, so that the server processes the service request according to the original message. Generate a response message.
  • the server needs to verify the signature of the original message.
  • the signature verification means that after the server obtains the original message and the digital signature, it uses the same hash function to generate digest A from the original message.
  • the server uses the second AES key to perform digital signature After decryption, the digest B is obtained. By comparing whether A and B are the same, it can be known whether the original message has been tampered with.
  • Step S28 Receive the encrypted response message sent by the server, and decrypt the encrypted response message by using the second AES key to obtain the response message.
  • the server also has the second AES key.
  • the network communication between the client and the server is to perform AES encryption and decryption on the information of the network module.
  • the AES encryption and decryption can effectively ensure the security of the transmitted information.
  • the signature and verification process in the network module is to ensure the integrity of the transmitted information and prevent tampering.
  • Fig. 3 is a flowchart of a method for information transmission provided in the third embodiment of the present application.
  • the information transmission method can be applied to the server.
  • the information transmission function provided by the method of this application can be directly integrated on the server, or a software development tool The package (Software Development Kit, SDK) runs on the server.
  • the information transmission method specifically includes the following steps. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • Step S31 Receive the request information sent by the client, and generate an RSA public key and an RSA private key.
  • the client when the user needs to access the business system, the client can send request information to the server, and the server generates the RSA public key and the RSA private key after receiving the request information, And send the RSA public key to the client.
  • Step S32 Send the RSA public key to the client.
  • the client receives the RSA public key sent by the server.
  • the client receives the login information input by the user and generates a first AES key.
  • the RSA public key is used to encrypt the login information and the first AES key.
  • Step S33 Receive the login information encrypted by the RSA public key and the first AES key sent by the client.
  • the client After the client encrypts the login information and the first AES key with the RSA public key, it sends the encrypted login information and the first AES key to the server.
  • the login information (such as account number and password) is generally not allowed to be transmitted in plain text. Therefore, in this solution, the login information is encrypted by the RSA public key, and then the encrypted information is sent to the server.
  • Step S34 Decrypt the login information and the first AES key by using the RSA private key.
  • the server decrypts the encrypted login information and the first AES key through the previously generated RSA private key to obtain the login information and the first AES key.
  • Step S35 Confirm whether the login information is accurate. When the login information is accurate, go to step S36; when the login information is inaccurate, go back to step S33.
  • the server After obtaining the decrypted login information (such as account password), the server verifies whether the user's identity meets the requirements by verifying whether the login information is accurate. When verifying that the login information is accurate, the server will generate the corresponding second AES key and confirmation information. Then use the first AES key previously received from the client to perform AES encryption (symmetric encryption) on the second AES key and confirmation information that needs to be returned to the client.
  • AES encryption symmetric encryption
  • the confirmation information also includes user information, for example, user name, department, and other information.
  • the step of verifying whether the login information is accurate by the server includes: comparing whether the login information is consistent with the login information saved by the server; when the login information is consistent with the login information saved by the server When they are consistent, confirm that the login information is accurate; when the login information is inconsistent with the login information saved by the server, confirm that the login information is inaccurate.
  • Step S36 Generate confirmation information and a second AES key when the login information is accurate.
  • the second AES key is used to encrypt the original message of the service request sent by the client, so that the service request can be encrypted and protected.
  • Step S37 Encrypt the confirmation information and the second AES key with the first AES key, and send the encrypted confirmation information and the second AES key to the client.
  • the server after confirming that the login information is accurate, the server generates confirmation information and a second AES key, and then encrypts the confirmation information and the second AES key by the first AES key, And send the encrypted confirmation information and the second AES key to the client.
  • the server After confirming that the login information is accurate, the server generates confirmation information and a second AES key, and then encrypts the confirmation information and the second AES key by the first AES key, And send the encrypted confirmation information and the second AES key to the client.
  • the service request can also be continuously encrypted to ensure the security of the service request.
  • the parameters in the service request process can be encrypted and transmitted only through the official AES encryption key generated by the server, avoiding the use of RSA encryption with slow encryption speed, which can greatly improve the speed of information transmission.
  • the formal AES encryption key is generated by the server and can be changed at any time.
  • Step S38 Receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message.
  • the client receives the service request for the service system, encrypts the original message of the service request by the second AES key, and sends the encrypted information to the server.
  • the original message of the service request is encrypted by the second AES key, and the encrypted information is sent to Server.
  • the service request is generally an http request, and the request parameters in the http request are transmitted in the form of URL or request body.
  • request parameters are easily intercepted and tampered. Therefore, it is necessary to sign the request parameters, and then verify the request parameters at the request recipient (such as the server) to ensure that the two signatures are the same. After the verification is passed, the request processor can perform business logic processing.
  • signature and verification can only solve the problem of parameter tampering during request transmission, and cannot solve the security problem of sensitive parameter transmission. Therefore, in this case, the original message of the service request is encrypted by the second AES key to ensure information security.
  • Step S39 Encrypt the response message by using the second AES key, and send the encrypted response message to the client.
  • the server decrypts the encrypted information using the second AES key to obtain the original message, and executes service processing based on the original message, and generates a response message after the service processing is completed , Encrypt the response message with the second AES key, and send the encrypted response message to the client.
  • the server needs to verify the signature of the original message.
  • the signature verification means that after the server obtains the original message and the digital signature, it uses the same hash function to generate digest A from the original message.
  • the server uses the second AES key to perform digital signature After decryption, digest B is obtained, and by comparing whether A and B are the same, it can be known whether the original message has been tampered with.
  • the server also has the second AES key.
  • the network communication between the client and the server is to perform AES encryption and decryption on the information of the network module.
  • the AES encryption and decryption can effectively ensure the security of the transmitted information.
  • the signature and verification process in the network module is to ensure the integrity of the transmitted information and prevent tampering.
  • the information transmission method described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key.
  • Encryption mode of the original message requested by the encrypted service Realize the combination of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to improve the efficiency of information transmission and the effect of improving information security.
  • RSA asymmetric
  • AES symmetric
  • FIG. 4 is a structural diagram of an information transmission device provided in Embodiment 4 of the present application.
  • the information transmission device 30 runs in the client.
  • the client and the server are connected through a wired or wireless network communication.
  • the information transmission device 30 may include multiple functional modules composed of program code segments.
  • the program code of each program segment in the information transmission device 30 may be stored in the memory of the client and executed by the at least one processor to perform secure information transmission.
  • the information transmission device 30 can be divided into multiple functional modules according to the functions it performs.
  • the functional modules may include: a sending module 301, a receiving module 302, an encryption module 303, and a decryption module 304.
  • the module referred to in this application refers to a series of computer-readable instruction segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory.
  • the sending module 301 is used to send request information to the server to obtain the RSA public key.
  • the receiving module 302 is configured to receive login information for accessing the service system, and generate a first AES key.
  • the encryption module 303 is configured to encrypt the login information and the first AES key using the RSA public key, and send the encrypted information to the server, so that the server confirms that the login information is accurate Generate confirmation information and the second AES key.
  • the receiving module 302 is also configured to receive the encrypted confirmation information and the second AES key sent by the server.
  • the decryption module 304 is configured to decrypt the encrypted confirmation information and the second AES key using the first AES key to obtain the second AES key.
  • the receiving module 302 is further configured to receive a service request for access to the service system.
  • the encryption module 303 is further configured to encrypt the original message of the service request using the second AES key, and send the encrypted original message to the server, so that the server processes the original message according to the original message.
  • a response message is generated after the service request.
  • the decryption module 304 is further configured to receive the encrypted response message sent by the server, and decrypt the encrypted response message using the second AES key to obtain the response message.
  • the information transmission device described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key. Encryption mode of the original message requested by the encrypted service. Realize the combination of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to improve the efficiency of information transmission and the effect of improving information security.
  • RSA asymmetric
  • AES symmetric
  • FIG. 5 is a structural diagram of an information transmission device provided in Embodiment 5 of the present application.
  • the information transmission device 40 runs in a server.
  • the server and the client are connected through wired or wireless network communication.
  • the information transmission device 40 may include multiple functional modules composed of program code segments.
  • the program code of each program segment in the information transmission device 40 may be stored in the memory of the server and executed by the at least one processor to perform secure information transmission.
  • the information transmission device 40 can be divided into multiple functional modules according to the functions it performs.
  • the functional modules may include: a receiving module 401, a sending module 402, a decryption module 403, a confirmation module 404, a generation module 405, and an encryption module 406.
  • the module referred to in this application refers to a series of computer-readable instruction segments that can be executed by at least one processor and can complete fixed functions, and are stored in a memory.
  • the receiving module 401 is configured to receive request information sent by the client, and generate an RSA public key and an RSA private key.
  • the sending module 402 is configured to send the RSA public key to the client.
  • the receiving module 401 is further configured to receive the login information encrypted by the RSA public key and the first AES key sent by the client.
  • the decryption module 403 is configured to decrypt the login information and the first AES key by using the RSA private key.
  • the confirmation module 404 is used to confirm whether the login information is accurate.
  • the generating module 405 is configured to generate confirmation information and a second AES key when the login information is accurate.
  • the encryption module 406 is configured to encrypt the confirmation information and the second AES key by using the first AES key, and send the encrypted confirmation information and the second AES key to the client.
  • the receiving module 401 is further configured to receive the original message of the service request encrypted by the second AES key, and generate a response message after processing the service request according to the original message.
  • the sending module 402 is further configured to encrypt the response message by using the second AES key, and send the encrypted response message to the client.
  • the information transmission device described in the embodiment of the present application encrypts the login information when the user logs in to the business system through the RSA public key, and encrypts the confirmation information through the first AES key and the second AES key. Encryption mode of the original message requested by the encrypted service. Realize the use of asymmetric (RSA) and symmetric (AES) encryption methods for information transmission. Therefore, the key information (such as login information) is transmitted through asymmetric encryption, and then the non-key information (such as confirmation information) is transmitted through symmetric encryption, so as to achieve the effect of improving information transmission efficiency and improving information security.
  • RSA asymmetric
  • AES symmetric
  • the client 1 includes a memory 11, at least one processor 12, computer-readable instructions 14 stored in the memory 11 and running on the at least one processor 12, and At least one communication bus 13.
  • the client shown in FIG. 6 may include more or less other hardware or software, or different component arrangements than shown.
  • the client 1 is a terminal that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. Its hardware includes but is not limited to a microprocessor, an application specific integrated circuit, Programmable gate arrays, digital processors and embedded devices, etc.
  • the client 1 may also include client equipment, which includes, but is not limited to, any electronic product that can interact with the client through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, Personal computers, tablet computers, smart phones, digital cameras, etc.
  • client 1 is only an example, and other existing or future electronic products that can be adapted to this application should also be included in the scope of protection of this application and included here by reference .
  • the memory 11 is used to store program codes and various data, such as the information transmission device 30 installed in the client 1, and achieve high-speed and automatic completion during the operation of the client 1 Access to programs or data.
  • the memory 11 includes Read-Only Memory (ROM), Programmable Read-Only Memory (PROM), and Erasable Programmable Read-Only Memory (EPROM) , One-time Programmable Read-Only Memory (OTPROM), Electronically-Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disk storage, magnetic disk storage, tape storage, or any other non-volatile readable storage medium that can be used to carry or store data.
  • ROM Read-Only Memory
  • PROM Programmable Read-Only Memory
  • EPROM Erasable Programmable Read-Only Memory
  • OTPROM One-time Programmable Read-Only Memory
  • EEPROM Electronically-Erasable Programmable Read-Only Memory
  • CD-ROM Compact Disc Read-
  • the at least one processor 12 may be composed of integrated circuits, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions, including one Or a combination of multiple central processing units (CPU), microprocessors, digital processing chips, graphics processors, and various control chips.
  • the at least one processor 12 is the control core (Control Unit) of the client 1, which uses various interfaces and lines to connect the various components of the entire client 1, and runs or executes programs stored in the memory 11 or Modules, and call data stored in the memory 11 to perform various functions of the client 1 and process data, for example, for the purpose of secure information transmission.
  • Control Unit Control Unit
  • the at least one communication bus 13 is configured to implement connection and communication between the memory 11 and the at least one processor 12 and the like.
  • the client 1 may also include a power source (such as a battery) for supplying power to various components.
  • the power source may be logically connected to the at least one processor 12 through a power management device, thereby being implemented by the power management device Manage functions such as charging, discharging, and power management.
  • the power supply may also include one or more DC or AC power supplies, recharging devices, power failure detection circuits, power converters or inverters, power supply status indicators and other arbitrary components.
  • the client 1 may also include various sensors, Bluetooth modules, Wi-Fi modules, etc., which will not be repeated here.
  • the above-mentioned integrated unit implemented in the form of a software function module may be stored in a computer readable storage medium.
  • the above-mentioned software function module is stored in a storage medium and includes several instructions to make a computer device (which may be a personal computer, a terminal, or a network device, etc.) or a processor execute the method described in each embodiment of the present application. section.
  • the at least one processor 12 can execute the operating device of the client 1 and various installed applications (the information transmission device 30 described above), program codes, etc., for example, the various modules mentioned above.
  • the memory 11 stores computer-readable instructions
  • the at least one processor 12 can call the computer-readable instructions stored in the memory 11 to perform related functions.
  • the various modules described in FIG. 4 are a series of computer-readable instructions stored in the memory 11 and executed by the at least one processor 12, so as to realize the functions of the various modules to achieve information security. The purpose of the transmission.
  • the memory 11 stores multiple computer-readable instructions, and the multiple computer-readable instructions are executed by the at least one processor 12 to achieve the purpose of secure information transmission.
  • the server 2 includes a memory 21, at least one processor 22, computer-readable instructions 24 stored in the memory 21 and running on the at least one processor 22, and At least one communication bus 23.
  • server 2 shown in FIG. 7 may include more or less other hardware or software, or different component arrangements than shown.
  • the server 2 is a terminal that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions.
  • Its hardware includes but is not limited to a microprocessor, an application specific integrated circuit, Programmable gate arrays, digital processors and embedded devices, etc.
  • the server 2 may also include client equipment, which includes, but is not limited to, any electronic product that can interact with the client through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, Personal computers, tablet computers, smart phones, digital cameras, etc.
  • server 2 is only an example, and other existing or future electronic products that can be adapted to this application should also be included in the scope of protection of this application and included here by reference .
  • the memory 21 is used to store program codes and various data, such as the information transmission device 40 installed in the server 2, and achieve high-speed and automatic completion during the operation of the server 2 Access to programs or data.
  • the memory 21 includes a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), and an Erasable Programmable Read-Only Memory (EPROM). , One-time Programmable Read-Only Memory (OTPROM), Electronically-Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disk storage, magnetic disk storage, tape storage, or any other non-volatile readable storage medium that can be used to carry or store data.
  • ROM Read-Only Memory
  • PROM Programmable Read-Only Memory
  • EPROM Erasable Programmable Read-Only Memory
  • OTPROM One-time Programmable Read-Only Memory
  • EEPROM Electronically-Erasable Programmable Read-Only Memory
  • CD-ROM
  • the at least one processor 22 may be composed of integrated circuits, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions, including one Or a combination of multiple central processing units (CPU), microprocessors, digital processing chips, graphics processors, and various control chips.
  • the at least one processor 22 is the control core (Control Unit) of the server 2, which uses various interfaces and lines to connect the various components of the entire server 2, by running or executing programs stored in the memory 21 or Modules, and call data stored in the memory 21 to perform various functions of the server 2 and process data, for example, for the purpose of secure information transmission.
  • Control Unit Control Unit
  • the at least one communication bus 23 is configured to implement connection and communication between the memory 21 and the at least one processor 22 and the like.
  • the server 2 may also include a power source (such as a battery) for supplying power to various components.
  • the power source may be logically connected to the at least one processor 22 through a power management device, thereby being implemented by a power management device.
  • Manage functions such as charging, discharging, and power management.
  • the power supply may also include one or more DC or AC power supplies, recharging devices, power failure detection circuits, power converters or inverters, power supply status indicators and other arbitrary components.
  • the server 2 may also include various sensors, Bluetooth modules, Wi-Fi modules, etc., which will not be repeated here.
  • the above-mentioned integrated unit implemented in the form of a software function module may be stored in a computer readable storage medium.
  • the above-mentioned software function module is stored in a storage medium and includes several instructions to make a computer device (which may be a personal computer, a terminal, or a network device, etc.) or a processor execute the method described in each embodiment of the present application. section.
  • the at least one processor 22 can execute the operating device of the server 2 and various installed applications (the information transmission device 40 described above), program codes, etc., For example, the various modules mentioned above.
  • the memory 21 stores computer readable instructions
  • the at least one processor 22 can call the computer readable instructions stored in the memory 21 to perform related functions.
  • each module described in FIG. 5 is a series of computer-readable instructions stored in the memory 21 and executed by the at least one processor 22, so as to realize the functions of the various modules to achieve information security. The purpose of the transmission.
  • the memory 21 stores a plurality of computer readable instructions, and the plurality of computer readable instructions are executed by the at least one processor 22 to achieve the purpose of secure information transmission.
  • the at least one processor 22 for the specific implementation method of the at least one processor 22 on the foregoing instructions, reference may be made to the description of the relevant steps in the embodiment corresponding to FIG. 3, which is not repeated here.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé de transmission d'informations, le procédé utilisant une clé publique RSA pour chiffrer des informations de connexion lorsqu'un utilisateur se connecte à un système de services et la transmettant ensuite à un serveur, et mettant en œuvre une transmission d'informations après que des informations de confirmation sont chiffrées à l'aide d'une première clé AES et que des paquets d'origine d'une demande de service sont chiffrés à l'aide d'une seconde clé AES, ce qui permet de mettre en œuvre une transmission d'informations à l'aide d'un procédé de chiffrement combiné asymétrique (RSA) et symétrique (AES). Le chiffrement symétrique est avantageux pour augmenter la vitesse de transmission d'informations, et le chiffrement asymétrique assure une sécurité relative aux informations élevée. Ainsi, des informations de clé (telles que les informations de connexion) peuvent être transmises au moyen d'un chiffrement asymétrique, et des informations de non-clé (telles que les informations de confirmation) peuvent être transmises au moyen d'un chiffrement symétrique, ce qui permet d'obtenir l'effet d'augmentation de l'efficacité de transmission d'informations et d'amélioration de la sécurité relative aux informations. La présente invention concerne également un appareil de transmission d'informations, un terminal client, un serveur et un support d'informations.
PCT/CN2019/116768 2019-08-08 2019-11-08 Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations WO2021022701A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910729055.9 2019-08-08
CN201910729055.9A CN110460439A (zh) 2019-08-08 2019-08-08 信息传输方法、装置、客户端、服务端及存储介质

Publications (1)

Publication Number Publication Date
WO2021022701A1 true WO2021022701A1 (fr) 2021-02-11

Family

ID=68485318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/116768 WO2021022701A1 (fr) 2019-08-08 2019-11-08 Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations

Country Status (2)

Country Link
CN (1) CN110460439A (fr)
WO (1) WO2021022701A1 (fr)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408013A (zh) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 多种算法规则混合的加解密芯片构架
CN113709217A (zh) * 2021-08-11 2021-11-26 写逸网络科技(上海)有限公司 一种基于点对点通讯软件的安全加密方法
CN113742752A (zh) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 接口对接的统一认证方法、装置、计算机设备和存储介质
CN114024710A (zh) * 2021-09-27 2022-02-08 中诚信征信有限公司 一种数据传输方法、装置、系统及设备
CN114124557A (zh) * 2021-11-30 2022-03-01 袁林英 一种基于大数据的信息安全访问控制方法
CN114218598A (zh) * 2022-02-22 2022-03-22 北京指掌易科技有限公司 一种业务处理方法、装置、设备和存储介质
CN114338091A (zh) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 数据传输方法、装置、电子设备及存储介质
CN114499837A (zh) * 2021-12-29 2022-05-13 广州蚁比特区块链科技有限公司 一种报文防泄露方法、装置、系统和设备
CN114710409A (zh) * 2022-03-24 2022-07-05 北京和利时电机技术有限公司 软件升级方法和装置、电子设备和可读存储介质
CN114826623A (zh) * 2022-06-28 2022-07-29 云账户技术(天津)有限公司 一种mock测试报文的处理方法及装置
CN114912131A (zh) * 2022-04-19 2022-08-16 山东鲸鲨信息技术有限公司 数据加密方法、系统以及电子设备
CN115225352A (zh) * 2022-06-30 2022-10-21 厦门职行力信息科技有限公司 混合加密方法及系统
CN115473731A (zh) * 2022-09-09 2022-12-13 北京融和友信科技股份有限公司 一种混淆http网络协议接口地址的方法
CN115695048A (zh) * 2022-12-29 2023-02-03 南京马斯克信息技术有限公司 一种安全网络数据处理方法及系统
CN115865532A (zh) * 2023-02-27 2023-03-28 北京徐工汉云技术有限公司 离线业务数据的通信处理方法和装置
CN116055207A (zh) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 一种物联网通讯数据的加密方法及系统
CN113709217B (zh) * 2021-08-11 2024-06-07 写逸网络科技(上海)有限公司 一种基于点对点通讯软件的安全加密方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107060B (zh) * 2019-11-29 2022-11-29 视联动力信息技术股份有限公司 一种登录请求处理方法、服务器、电子设备及存储介质
CN110955542B (zh) * 2019-12-11 2023-03-24 深圳盈佳信联科技有限公司 一种数据集成服务平台
CN111400735B (zh) * 2020-03-17 2023-06-16 阿波罗智联(北京)科技有限公司 数据传输方法、装置、电子设备及计算机可读存储介质
CN112153015A (zh) * 2020-09-09 2020-12-29 杭州安恒信息技术股份有限公司 多重加密的接口认证方法、装置、设备和可读存储介质
CN112511514A (zh) * 2020-11-19 2021-03-16 平安普惠企业管理有限公司 一种http加密传输方法、装置、计算机设备及存储介质
CN112713998B (zh) * 2020-12-16 2022-10-18 华人运通(上海)云计算科技有限公司 充电桩的证书申请方法、系统、设备及存储介质
CN112688949B (zh) * 2020-12-25 2022-12-06 北京浪潮数据技术有限公司 一种访问方法、装置、设备及计算机可读存储介质
CN113573306A (zh) * 2021-04-29 2021-10-29 中国南方电网有限责任公司 一种融合5g的异构组网网关加密方法及系统
CN113438083B (zh) * 2021-06-22 2023-04-07 中国工商银行股份有限公司 基于接口自动化测试的加验签方法及装置
CN113872979B (zh) * 2021-09-29 2023-11-24 北京高途云集教育科技有限公司 登录认证的方法、装置、电子设备和计算机可读存储介质
CN114124534A (zh) * 2021-11-24 2022-03-01 航天信息股份有限公司 一种数据交互系统及方法
CN115396880A (zh) * 2022-08-09 2022-11-25 重庆长安汽车股份有限公司 用于车联网用户信息安全的加密方法、系统、设备、介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111416A (zh) * 2011-02-28 2011-06-29 南京邮电大学 一种用于VoIP的实时数据加密传输方法
US20120321088A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellschaft Method And System For The Accelerated Decryption Of Cryptographically Protected User Data Units
CN108848091A (zh) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 一种用于即时通讯的混合加密方法
CN109639702A (zh) * 2018-12-25 2019-04-16 歌尔科技有限公司 一种数据通信方法、系统及电子设备和存储介质

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911663A (zh) * 2016-11-16 2017-06-30 上海艾融软件股份有限公司 一种直销银行混合模式全报文加密系统及方法
CN108650208A (zh) * 2018-03-05 2018-10-12 西安理工大学 一种个人文件安全传输的云打印服务平台的构建方法
CN109362074B (zh) * 2018-09-05 2022-12-06 福建福诺移动通信技术有限公司 一种混合模式APP中h5与服务端安全通讯的方法
CN109756343B (zh) * 2019-01-31 2021-07-20 平安科技(深圳)有限公司 数字签名的认证方法、装置、计算机设备和存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120321088A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellschaft Method And System For The Accelerated Decryption Of Cryptographically Protected User Data Units
CN102111416A (zh) * 2011-02-28 2011-06-29 南京邮电大学 一种用于VoIP的实时数据加密传输方法
CN108848091A (zh) * 2018-06-20 2018-11-20 上海织语网络科技有限公司 一种用于即时通讯的混合加密方法
CN109639702A (zh) * 2018-12-25 2019-04-16 歌尔科技有限公司 一种数据通信方法、系统及电子设备和存储介质

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408013A (zh) * 2021-05-29 2021-09-17 国网辽宁省电力有限公司辽阳供电公司 多种算法规则混合的加解密芯片构架
CN113709217A (zh) * 2021-08-11 2021-11-26 写逸网络科技(上海)有限公司 一种基于点对点通讯软件的安全加密方法
CN113709217B (zh) * 2021-08-11 2024-06-07 写逸网络科技(上海)有限公司 一种基于点对点通讯软件的安全加密方法
CN113742752A (zh) * 2021-09-13 2021-12-03 杭州安恒信息技术股份有限公司 接口对接的统一认证方法、装置、计算机设备和存储介质
CN113742752B (zh) * 2021-09-13 2024-03-26 杭州安恒信息技术股份有限公司 接口对接的统一认证方法、装置、计算机设备和存储介质
CN114024710A (zh) * 2021-09-27 2022-02-08 中诚信征信有限公司 一种数据传输方法、装置、系统及设备
CN114024710B (zh) * 2021-09-27 2024-04-16 中诚信征信有限公司 一种数据传输方法、装置、系统及设备
CN114124557A (zh) * 2021-11-30 2022-03-01 袁林英 一种基于大数据的信息安全访问控制方法
CN114124557B (zh) * 2021-11-30 2024-05-14 袁林英 一种基于大数据的信息安全访问控制方法
CN114338091A (zh) * 2021-12-08 2022-04-12 杭州逗酷软件科技有限公司 数据传输方法、装置、电子设备及存储介质
CN114338091B (zh) * 2021-12-08 2024-05-07 杭州逗酷软件科技有限公司 数据传输方法、装置、电子设备及存储介质
CN114499837B (zh) * 2021-12-29 2023-09-26 广州蚁比特区块链科技有限公司 一种报文防泄露方法、装置、系统和设备
CN114499837A (zh) * 2021-12-29 2022-05-13 广州蚁比特区块链科技有限公司 一种报文防泄露方法、装置、系统和设备
CN114218598A (zh) * 2022-02-22 2022-03-22 北京指掌易科技有限公司 一种业务处理方法、装置、设备和存储介质
CN114710409A (zh) * 2022-03-24 2022-07-05 北京和利时电机技术有限公司 软件升级方法和装置、电子设备和可读存储介质
CN114912131A (zh) * 2022-04-19 2022-08-16 山东鲸鲨信息技术有限公司 数据加密方法、系统以及电子设备
CN114826623A (zh) * 2022-06-28 2022-07-29 云账户技术(天津)有限公司 一种mock测试报文的处理方法及装置
CN115225352A (zh) * 2022-06-30 2022-10-21 厦门职行力信息科技有限公司 混合加密方法及系统
CN115225352B (zh) * 2022-06-30 2024-04-23 厦门职行力信息科技有限公司 混合加密方法及系统
CN115473731A (zh) * 2022-09-09 2022-12-13 北京融和友信科技股份有限公司 一种混淆http网络协议接口地址的方法
CN115473731B (zh) * 2022-09-09 2023-09-19 北京融和友信科技股份有限公司 一种混淆http网络协议接口地址的方法
CN115695048A (zh) * 2022-12-29 2023-02-03 南京马斯克信息技术有限公司 一种安全网络数据处理方法及系统
CN116055207B (zh) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 一种物联网通讯数据的加密方法及系统
CN116055207A (zh) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 一种物联网通讯数据的加密方法及系统
CN115865532B (zh) * 2023-02-27 2023-04-21 北京徐工汉云技术有限公司 离线业务数据的通信处理方法和装置
CN115865532A (zh) * 2023-02-27 2023-03-28 北京徐工汉云技术有限公司 离线业务数据的通信处理方法和装置

Also Published As

Publication number Publication date
CN110460439A (zh) 2019-11-15

Similar Documents

Publication Publication Date Title
WO2021022701A1 (fr) Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations
US11223485B2 (en) Verifiable encryption based on trusted execution environment
US10142107B2 (en) Token binding using trust module protected keys
CN109074449B (zh) 在安全飞地中灵活地供应证明密钥
CN108667608B (zh) 数据密钥的保护方法、装置和系统
CN110492990B (zh) 区块链场景下的私钥管理方法、装置及系统
TWI734854B (zh) 資訊安全的驗證方法、裝置和系統
CN1708942B (zh) 设备特定安全性数据的安全实现及利用
US7697691B2 (en) Method of delivering Direct Proof private keys to devices using an on-line service
CN111737366B (zh) 区块链的隐私数据处理方法、装置、设备以及存储介质
WO2020042822A1 (fr) Procédé d'opération de chiffrement, procédé de création de clé de travail, et plateforme et dispositif de service de chiffrement
EP1763721A1 (fr) Systemes et procedes etablissant une communication sure entre une plate-forme informatique autorisee et un composant materiel
CN108200078B (zh) 签名认证工具的下载安装方法及终端设备
CN109309566B (zh) 一种认证方法、装置、系统、设备及存储介质
CN112003697B (zh) 密码模块加解密方法、装置、电子设备及计算机存储介质
CN114629639A (zh) 基于可信执行环境的密钥管理方法、装置和电子设备
CN115348023A (zh) 一种数据安全处理方法和装置
CN114362951A (zh) 用于更新证书的方法和装置
CN116599719A (zh) 一种用户登录认证方法、装置、设备、存储介质
EP4375861A1 (fr) Procédé et appareil de traitement de sécurité de données
US20240113898A1 (en) Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity
JP2019057827A (ja) 分散認証システムおよびプログラム
CN114124440A (zh) 安全传输方法、装置、计算机设备和存储介质
CN112861156A (zh) 显示数据的安全通信方法、装置、电子设备及存储介质
CN110601841B (zh) Sm2协同签名及解密方法、装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19940629

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19940629

Country of ref document: EP

Kind code of ref document: A1