WO2021196915A1 - Procédés et systèmes de transmission de données à base d'opérations de chiffrement et de déchiffrement, et dispositif informatique - Google Patents

Procédés et systèmes de transmission de données à base d'opérations de chiffrement et de déchiffrement, et dispositif informatique Download PDF

Info

Publication number
WO2021196915A1
WO2021196915A1 PCT/CN2021/077390 CN2021077390W WO2021196915A1 WO 2021196915 A1 WO2021196915 A1 WO 2021196915A1 CN 2021077390 W CN2021077390 W CN 2021077390W WO 2021196915 A1 WO2021196915 A1 WO 2021196915A1
Authority
WO
WIPO (PCT)
Prior art keywords
token information
message
encryption
encrypted message
mobile terminal
Prior art date
Application number
PCT/CN2021/077390
Other languages
English (en)
Chinese (zh)
Inventor
郝国钦
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021196915A1 publication Critical patent/WO2021196915A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • the embodiments of the present application relate to the field of blockchain and data transmission, and in particular to a data transmission method, system, computer device, and computer-readable storage medium based on encryption and decryption operations.
  • the issue of Internet information security has attracted more and more attention.
  • the application system is docked with the outside, the data is vulnerable to risks such as data leakage, data tampering, traffic hijacking, and phishing attacks.
  • the encryption of the message is very important.
  • the existing gateway system can perform a simple one-time encryption operation according to the request of all parties, and then forward it. The inventor realizes that this simple single encryption operation will cause a great risk once the key is leaked.
  • One of the purposes of the embodiments of the present application is to provide a data transmission method, system, computer equipment, and computer-readable storage medium based on encryption and decryption operations, so as to solve the relatively high data security risks of current messages in the circulation of multiple systems.
  • an embodiment of the present application provides a data transmission method based on an encryption operation, the method includes:
  • an embodiment of the present application provides a data transmission method based on a decryption operation, and the method includes:
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • an embodiment of the present application provides a data transmission system based on a decryption operation, including:
  • the request receiving module is used to receive the access request sent by the mobile terminal
  • the request response module is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can respond according to the first
  • the token information converts the message to be sent into the target encrypted message
  • a ciphertext receiving module configured to receive the target encrypted message sent by the mobile terminal
  • a ciphertext decryption module configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information
  • the same judging module is used to judge whether the first token information and the second token information are the same;
  • the message forwarding module is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • a computer program stored in the memory and capable of running on the processor.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and running on the processor.
  • a computer program stored in the memory and running on the processor.
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • the embodiments of the present application provide a computer-readable storage medium.
  • the computer-readable storage medium may be non-volatile or volatile.
  • the computer-readable storage medium stores a computer program. Realized when executed by the processor:
  • the embodiments of the present application provide a computer-readable storage medium.
  • the computer-readable storage medium may be non-volatile or volatile.
  • the computer-readable storage medium stores a computer program, and the computer program Realized when executed by the processor:
  • first token information is allocated to the mobile terminal, and the first token information is sent to the mobile terminal, so that the mobile terminal sends a report to be sent according to the first token information.
  • the text is converted into the target encrypted message;
  • the decrypted message is forwarded to the target terminal.
  • the embodiments of this application have the following beneficial effects: the data transmission methods, systems, computer equipment, and computer-readable storage media based on encryption and decryption operations provided by the embodiments of this application perform the Twice encryption improves the security during data transmission and avoids the problem of message leakage or garbled Chinese characters caused by a single encryption; by encrypting the second key once, the problem is reduced. There is a risk of the second secret key being leaked during the transmission process; gateway authentication is performed through the token information, which ensures the accuracy of data transmission and avoids the problem of incorrect transmission and wrong transmission of messages.
  • FIG. 1 is a schematic flowchart of a data transmission method based on an encryption operation in Embodiment 1 of this application.
  • FIG. 2 is a schematic flowchart of a data transmission method based on a decryption operation in Embodiment 2 of this application.
  • FIG. 3 is a schematic diagram of the specific flow of step S206 in the data transmission method based on the decryption operation in the second embodiment of the application.
  • FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application.
  • Fig. 5 is a schematic diagram of the hardware structure of the fourth embodiment of the computer equipment of this application.
  • FIG. 1 shows a flowchart of the steps of a data transmission method based on an encryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps.
  • the following is an exemplary description with a mobile terminal as an execution subject.
  • the mobile terminal is a data sending end and can perform an encryption operation on data. details as follows.
  • Step S100 Send an access request to the gateway system, so that the gateway system returns token information according to the access request.
  • the mobile terminal serves as a data encryption party, and the gateway system serves as a data decryption party.
  • the mobile terminal may be a device with a data transmission function, such as a mobile phone, a tablet personal computer, or a laptop computer.
  • An access request is sent to the gateway system through the mobile terminal correlation, and the gateway system generates a unique token (token) information corresponding to the mobile terminal according to the access request, and sends the token information back to all The mobile terminal; wherein the token information is used to identify an identity, and is a unique identifier that proves the identity of the data transmitter during data transmission.
  • token unique token
  • Step S102 Receive the token information returned by the gateway system.
  • the mobile terminal After receiving the token information returned by the gateway system, the mobile terminal will store the token information in the information to be sent, and send the token information together with the information to be sent for the decryption party The identity of the mobile terminal is confirmed and verified through the token information to ensure the accuracy of data transmission.
  • Step S104 Perform a first encryption operation on the message to be sent according to the first secret key to generate a first encrypted message, where the token information is located in the header of the first encrypted message.
  • the encryption algorithm used by the encryption method of the first encryption operation is an asymmetric encryption algorithm, and the asymmetric encryption algorithm may encrypt the message to be sent according to the first secret key.
  • the so-called asymmetric encryption algorithm requires two secret keys: a public key (publickey public key) and a private key (privatekey private key); among them, the public key and the private key are a pair. If the public key is used to encrypt data, only Use the corresponding private key to decrypt. Because encryption and decryption use two different secret keys, this algorithm is called an asymmetric encryption algorithm.
  • the gateway system will generate a public key and a private key in advance according to an asymmetric encryption algorithm, the gateway system will save the private key, and the public key will be pre-allocated to the mobile terminal.
  • the first secret key is the public key pre-allocated by the gateway system.
  • the encryption method of the first encryption operation may be an RSA (asymmetric encryption) algorithm, an Elgamal algorithm, a knapsack algorithm, a Rabin algorithm, a D-H algorithm, an ECC (elliptic curve encryption algorithm) algorithm, or an SM2 algorithm.
  • the asymmetric encryption algorithm is preferably the RSA algorithm; that is, the RSA encryption operation is performed on the message to be sent according to the first secret key to generate the first encrypted message.
  • the header of the first encrypted message also carries the token information, which is used by the decryption party to perform verification on the identity of the mobile terminal through the token information. Confirmation and verification.
  • Step S106 Perform a second encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
  • the encryption algorithm used in the encryption method of the second encryption operation is a symmetric encryption algorithm, and the symmetric encryption algorithm may encrypt the first encrypted message according to the second secret key.
  • the so-called symmetric encryption algorithm refers to an encryption algorithm that uses the same secret key for encryption and decryption. It is also called a traditional encryption algorithm.
  • the encryption key can be calculated from the decryption key, and the decryption key can also be calculated from the encryption key. come out.
  • the encryption key and decryption key of a general symmetric algorithm are the same, so this encryption algorithm is also called a secret key algorithm or a single key algorithm.
  • the encryption method of the second encryption operation may be DES algorithm, 3DES algorithm, TDEA (Triple Data Encryption Algorithm Triple data encryption algorithm) algorithm, Blowfish algorithm, RC5 algorithm, AES (symmetric encryption) algorithm or XOR encryption algorithm, etc.
  • the first symmetric encryption algorithm is preferably the AES algorithm. That is, perform an AES encryption operation on the first encrypted message according to the second secret key to generate a second encrypted message.
  • Step S108 Perform a third encryption operation on the second secret key to generate an encryption secret key string.
  • this embodiment will perform a third encryption operation to generate an encryption key string.
  • the step S108 may further include: performing an encryption operation on the second secret key according to BASE64 to obtain the encryption secret key string.
  • the BASE64 encoding method is used as the encryption method of the third encryption operation.
  • the so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters
  • the second secret key is BASE64 encoded. Operation to convert the second secret key into the encryption key string, so as to reduce the risk of leakage of the second secret key during transmission.
  • Step S110 Send the encryption key string and the second encrypted message to the gateway system for the gateway system to perform an authentication operation on the second encrypted message and in the case of successful authentication Forward the decrypted decrypted message to the target terminal.
  • the mobile terminal After the mobile terminal obtains the encryption key string and the second encrypted message, it can send the encryption key string and the second encrypted message to the gateway system through the gateway system Perform a decryption operation and an authentication operation on the second encrypted message.
  • the decryption operation is to decrypt the second encrypted message through the gateway system.
  • the authentication operation is to verify the decryption result.
  • authentication can be performed based on the token information. For example, the original token information in the gateway system and the token information in the decryption result can be compared. If the two are the same, the authentication is successful.
  • the decrypted decrypted message is forwarded to the target terminal; if the two are different, the authentication fails, the authentication failure information is sent to the mobile terminal, and the decrypted result is deleted.
  • This embodiment designs three encryption operations. By encrypting the message to be encrypted twice, the security during data transmission is improved, and the problem of data leakage caused by a single encryption is eliminated; by performing the second secret key One-time encryption reduces the risk of leakage of the second secret key during transmission.
  • the token information is authenticated to ensure the accuracy of data transmission and avoid problems such as mis-sending and wrong-sending of messages. .
  • FIG. 2 shows a flowchart of the steps of a data transmission method based on a decryption operation according to an embodiment of the present application. It can be understood that the flowchart in this method embodiment is not used to limit the order of execution of the steps.
  • the following is an exemplary description with a gateway system as the executive body.
  • the gateway system is a data forwarding terminal that can decrypt data and can authenticate data. details as follows.
  • Step S200 Receive an access request sent by a mobile terminal.
  • the gateway system will receive an access request sent from the mobile terminal.
  • the gateway system can also be called an internet connector or a protocol converter, and is a computer system or device that can serve as an important task of conversion.
  • the gateway can realize network interconnection on the transport layer. It is a complex network interconnection device, which can be used for wide area network interconnection and local area network interconnection.
  • the gateway system is used to decrypt, authenticate, and forward the transmitted data.
  • Step S202 In response to the access request, allocate first token information to the mobile terminal, and send the first token information to the mobile terminal, so that the mobile terminal will The message to be sent is converted into a target encrypted message.
  • the gateway system After receiving the access request sent by the mobile terminal, the gateway system will allocate a unique first token information corresponding to the mobile terminal to the mobile terminal, and send the first token information to the mobile terminal.
  • Mobile terminal wherein, the first token information is used to identify the identity of the mobile terminal, and is a unique identifier that proves the identity of the data transmitter during data transmission.
  • the mobile terminal After receiving the first token information, the mobile terminal encrypts the message to be sent according to the first token information to obtain a target encrypted message.
  • Step S204 Receive the target encrypted message sent by the mobile terminal.
  • the step S204 may further include: receiving an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
  • the AES key is encrypted by the BASE64 encoding method to obtain an encryption key string.
  • the so-called BASE64 encoding method is a method of representing binary data based on 64 printable characters. Perform a BASE64 encoding operation to convert the AES key into the encryption key string, so as to reduce the risk of the AES key being leaked during transmission.
  • the step S204 may further include: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  • the message to be sent is first encrypted according to the RSA public key and the asymmetric encryption algorithm, and then the first round of encryption is performed according to the AES key and the symmetric encryption algorithm. Encrypted.
  • the asymmetric encryption algorithm is the RSA algorithm
  • the symmetric encryption algorithm is the AES algorithm.
  • the RSA public key is generated by the gateway system in advance according to an asymmetric encryption algorithm and distributed to the mobile terminal.
  • Step S206 Decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
  • the step S206 may further include:
  • Step S206a Decrypt the encryption key string through BASE64 to obtain the AES key.
  • the encryption key string BASE64 encoding method is a predetermined decryption method, and the encryption key string is decrypted by the encryption key string BASE64 encoding method to obtain the AES key.
  • the encryption key string obtained by the BASE64 encoding method can be decoded according to the BASE64 encoding method to obtain the corresponding AES key.
  • Step S206b Perform a decryption operation on the target encrypted message using the AES key to obtain an intermediate encrypted message.
  • the target encrypted message is obtained by encrypting the intermediate encrypted message using the AES algorithm according to the AES key, so decrypting the target encrypted message is also performed using the AES key. Because the AES algorithm is a symmetric algorithm, the encryption key and the decryption key are the same key, that is, both are ASE keys.
  • Step S206c Perform a decryption operation on the intermediate encrypted message using the RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  • the intermediate encrypted message is obtained by encrypting the decrypted message using the RSA algorithm according to the RSA public key, so to decrypt the target encrypted message, the RSA corresponding to the RSA public key Private key.
  • the RSA public key and the RSA private key are a pair of different but corresponding secret keys, wherein the RSA public key and the RSA private key are obtained by the gateway system through the RSA algorithm in advance, and the RSA public key Assigned to the mobile terminal by the gateway system, the RSA private key is used to decrypt the encrypted message sent by the mobile terminal.
  • the decrypted message also carries second token information, and the second token information is generated by the mobile terminal according to the first token information.
  • Step S208 It is judged whether the first token information and the second token information are the same, and if the first token information and the second token information are the same, the decrypted message is forwarded to the target terminal.
  • the gateway system may authenticate the decrypted file according to the first token information and the second token information, that is, by comparing the first token information and the second token information, when the first token information is If the first token information is the same as the second token information, the authentication succeeds and the decrypted message is forwarded to the target terminal.
  • the step S208 may further include: if the first token information and the second token information are not the same, sending an authentication failure signal to the mobile terminal and stopping subsequent operations.
  • the gateway system sends an authentication failure signal to the mobile terminal and stops subsequent operations.
  • the mobile terminal Upon receiving the authentication failure signal, the mobile terminal will verify the data again, perform an encryption operation on the verified data, and send the new target encrypted message and the new encryption key string to the gateway system again.
  • FIG. 4 is a schematic diagram of program modules of Embodiment 3 of a data transmission system based on a decryption operation in this application.
  • the data transmission system 20 based on the decryption operation may include or be divided into one or more program modules.
  • the one or more program modules are stored in a storage medium and executed by one or more processors to complete this application. And can realize the above-mentioned data transmission method based on decryption operation.
  • the program module referred to in the embodiments of the present application refers to a series of computer program instruction segments capable of completing specific functions, and is more suitable for describing the execution process of the data transmission system 20 based on the decryption operation in the storage medium than the program itself. The following description will specifically introduce the functions of each program module in this embodiment:
  • the request receiving module 200 is configured to receive an access request sent by a mobile terminal.
  • the request response module 202 is configured to allocate first token information to the mobile terminal in response to the access request, and send the first token information to the mobile terminal, so that the mobile terminal can be A token information converts the message to be sent into a target encrypted message.
  • the ciphertext receiving module 204 is configured to receive the target encrypted message sent by the mobile terminal;
  • the ciphertext receiving module 204 is further configured to receive an encryption key string provided by the mobile terminal, where the encryption key string is obtained by encrypting an AES key through BSAE64.
  • the ciphertext receiving module 204 is further configured to: the target encrypted message is an encrypted message obtained by encrypting the message to be sent through two rounds of encryption with an RSA public key and an AES secret key.
  • the ciphertext decryption module 206 is configured to decrypt the target encrypted message to obtain a decrypted message, and the decrypted message includes the second token information.
  • the ciphertext decryption module 206 is further configured to: decrypt the encryption key string through BASE64 to obtain the AES secret key; and perform a decryption operation on the target encrypted message through the AES secret key to Obtain an intermediate encrypted message; perform a decryption operation on the intermediate encrypted message with an RSA private key to obtain the decrypted message, wherein the decrypted message includes the second token information.
  • the same judging module 208 is used to judge whether the first token information and the second token information are the same.
  • the message forwarding module 210 is configured to forward the decrypted message to the target terminal if the first token information and the second token information are the same.
  • the message forwarding module 210 is further configured to: if the first token information and the second token information are not the same, send an authentication failure signal to the mobile terminal and stop subsequent operations.
  • the computer device 2 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions.
  • the computer device 2 may be a rack server, a blade server, a tower server, or a cabinet server (including an independent server or a server cluster composed of multiple servers).
  • the computer device 2 at least includes, but is not limited to, a memory 21, a processor 22, a network interface 23, and a data transmission system (not shown) based on encryption operations that can communicate with each other through a system bus (not shown) or Data transmission system 20 for decryption operation.
  • the memory 21 includes at least one type of computer-readable storage medium.
  • the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory ( RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
  • the memory 21 may be an internal storage unit of the computer device 2, for example, a hard disk or a memory of the computer device 2.
  • the memory 21 may also be an external storage device of the computer device 2, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc.
  • the memory 21 may also include both the internal storage unit of the computer device 2 and its external storage device.
  • the memory 21 is generally used to store an operating system and various application software installed in the computer device 2, such as a data transmission system based on an encryption operation (not shown) or a data transmission system based on a decryption operation in the third embodiment. 20 program code and so on.
  • the memory 21 can also be used to temporarily store various types of data that have been output or will be output.
  • the processor 22 may be a central processing unit (Central Processing Unit) in some embodiments. Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip.
  • the processor 22 is generally used to control the overall operation of the computer device 2.
  • the processor 22 is used to run program codes or process data stored in the memory 21, for example, to run a data transmission system (not shown) based on an encryption operation or a data transmission system 20 based on a decryption operation to implement the embodiment The first data transmission method based on encryption operation or the second embodiment data transmission method based on decryption operation.
  • the network interface 23 may include a wireless network interface or a wired network interface, and the network interface 23 is generally used to establish a communication connection between the computer device 2 and other electronic devices.
  • the network interface 23 is used to connect the computer device 2 with an external terminal through a network, and establish a data transmission channel and a communication connection between the computer device 2 and the external terminal.
  • the network may be an intranet (Intranet), the Internet (Internet), a global system of mobile communication (GSM), a wideband code division multiple access (WCDMA), 4G network, 5G Network, Bluetooth (Bluetooth), Wi-Fi and other wireless or wired networks.
  • FIG. 5 only shows the computer device 2 with the components 20-23, but it should be understood that it is not required to implement all the components shown, and more or fewer components may be implemented instead.
  • the data transmission system 20 based on the decryption operation stored in the memory 21 can also be divided into one or more program modules, and the one or more program modules are stored in the memory 21 and consist of one Or executed by multiple processors (in this embodiment, the processor 22) to complete the application.
  • FIG. 4 shows a schematic diagram of the program modules of the data transmission system 20 based on the decryption operation described in the third embodiment of the present application.
  • the data transmission system 20 based on the decryption operation can be divided into request receiving The module 200, the request response module 202, the ciphertext receiving module 204, the ciphertext decryption module 206, the same judgment module 208, and the message forwarding module 210.
  • the program module referred to in this application refers to a series of computer program instruction segments that can complete specific functions, and is more suitable than a program to describe the execution process of the data transmission system 20 based on the decryption operation in the computer device 2.
  • the specific functions of the program modules 200-210 have been described in detail in the third embodiment, and will not be repeated here.
  • This embodiment also provides a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Readable memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc.
  • a computer-readable storage medium such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Readable memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc.
  • the computer-readable storage medium can be It is non-volatile or volatile, and a computer program is stored thereon, and the program realizes the corresponding function when executed by the processor.
  • the computer-readable storage medium of this embodiment is used in a data transmission system based on an encryption operation (not shown) or a data transmission system 20 based on a decryption operation.
  • the data transmission based on an encryption operation in the first embodiment can be realized.
  • the method or the data transmission method based on the decryption operation of the second embodiment can be realized.

Abstract

Les modes de réalisation de la présente invention concernent des procédés de transmission de données à base d'opérations de chiffrement et de déchiffrement. Le procédé de transmission de données à base d'opérations de chiffrement comprend : l'envoi d'une demande d'accès à un système de passerelle de sorte que le système de passerelle renvoie des informations de jeton selon la demande d'accès ; la réception des informations de jeton renvoyées par le système de passerelle ; la réalisation, selon une première clé, d'une première opération de chiffrement sur un message à envoyer de sorte à générer un premier message chiffré, les informations de jeton étant situées dans un en-tête de message du premier message chiffré ; la réalisation d'une deuxième opération de chiffrement sur le premier message chiffré selon une seconde clé de sorte à générer un second message chiffré ; la réalisation d'une troisième opération de chiffrement sur la seconde clé de sorte à générer une chaîne de clés chiffrées ; et l'envoi de la chaîne de clés chiffrées et du second message chiffré au système de passerelle de sorte que le système de passerelle réalise une opération d'authentification sur le second message chiffré et transfère un message déchiffré après déchiffrement à un terminal cible dans des cas d'authentification réussie. Les modes de réalisation de la présente invention réduisent la dépendance d'authentification de passerelle à des clés et améliorent la sécurité et l'intégrité de transmissions de messages.
PCT/CN2021/077390 2020-04-02 2021-02-23 Procédés et systèmes de transmission de données à base d'opérations de chiffrement et de déchiffrement, et dispositif informatique WO2021196915A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010253249.9 2020-04-02
CN202010253249.9A CN111556025B (zh) 2020-04-02 2020-04-02 基于加密、解密操作的数据传输方法、系统和计算机设备

Publications (1)

Publication Number Publication Date
WO2021196915A1 true WO2021196915A1 (fr) 2021-10-07

Family

ID=72007325

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/077390 WO2021196915A1 (fr) 2020-04-02 2021-02-23 Procédés et systèmes de transmission de données à base d'opérations de chiffrement et de déchiffrement, et dispositif informatique

Country Status (2)

Country Link
CN (1) CN111556025B (fr)
WO (1) WO2021196915A1 (fr)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992413A (zh) * 2021-10-28 2022-01-28 中国银行股份有限公司 混合应用的报文加解密方法及装置
CN114189394A (zh) * 2022-02-15 2022-03-15 北京安帝科技有限公司 数据解密方法、装置、电子设备及存储介质
CN114222005A (zh) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 请求处理方法、装置、设备、计算机可读存储介质及产品
CN114268467A (zh) * 2021-12-03 2022-04-01 中国联合网络通信集团有限公司 秘钥更新处理方法、装置、系统、设备及存储介质
CN114268449A (zh) * 2021-11-02 2022-04-01 浙江零跑科技股份有限公司 一种重要can加密方法
CN114285593A (zh) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 构建安全局域网协议的方法、装置、设备及存储介质
CN114520740A (zh) * 2022-02-16 2022-05-20 慕思健康睡眠股份有限公司 一种加密方法、装置、设备及存储介质
CN114567557A (zh) * 2022-03-07 2022-05-31 上海数禾信息科技有限公司 报文处理方法、装置、计算机设备和存储介质
CN115023920A (zh) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 股权激励系统中的数据处理的方法和装置
CN115296852A (zh) * 2022-07-08 2022-11-04 珠海市小源科技有限公司 数据加密、解密方法、装置及数据加密解密系统
CN115378743A (zh) * 2022-10-25 2022-11-22 北京国电通网络技术有限公司 信息加密传输方法、装置、设备和介质
CN115952518A (zh) * 2022-12-27 2023-04-11 元心信息科技集团有限公司 数据请求方法、装置、电子设备及存储介质
CN116318876A (zh) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统及其运行方法
CN116938603A (zh) * 2023-09-15 2023-10-24 杭州安恒信息技术股份有限公司 基于隐身网关的流量传输方法、装置、设备及存储介质
WO2023216531A1 (fr) * 2022-05-10 2023-11-16 中移(上海)信息通信科技有限公司 Procédé et appareil de traitement d'authentification de communication, dispositif et support de stockage lisible par ordinateur

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556025B (zh) * 2020-04-02 2023-06-02 深圳壹账通智能科技有限公司 基于加密、解密操作的数据传输方法、系统和计算机设备
CN112235261B (zh) * 2020-09-26 2023-04-07 建信金融科技有限责任公司 报文加密与解密方法、装置、电子设备及可读存储介质
CN112235299A (zh) * 2020-10-14 2021-01-15 杭州海康威视数字技术股份有限公司 数据加解密方法、装置、设备、系统及介质
CN114531235B (zh) * 2022-03-01 2023-06-13 中国科学院软件研究所 一种端对端加密的通信方法及系统
CN115001762A (zh) * 2022-05-20 2022-09-02 平安资产管理有限责任公司 数据安全传输方法及系统
CN115022000B (zh) * 2022-05-27 2023-12-01 北京交大微联科技有限公司 铁路信号系统的通信方法、装置及电子设备
CN115208626B (zh) * 2022-06-02 2023-12-01 北京交大微联科技有限公司 铁路信号系统中基于安全通信密文传输的通信方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107612691A (zh) * 2017-11-07 2018-01-19 世纪龙信息网络有限责任公司 认证信息传输方法和装置以及用户信息认证系统
CN108347419A (zh) * 2017-01-24 2018-07-31 腾讯科技(深圳)有限公司 数据传输方法和装置
CN109936524A (zh) * 2017-12-15 2019-06-25 深圳市伍壹卡科技有限公司 一种智能手机流量代理管理系统及方法
US20190273613A1 (en) * 2018-03-05 2019-09-05 International Business Machines Corporation Distributed encryption keys for tokens in a cloud environment
CN111556025A (zh) * 2020-04-02 2020-08-18 深圳壹账通智能科技有限公司 基于加密、解密操作的数据传输方法、系统和计算机设备

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429753A (zh) * 2015-12-30 2016-03-23 宇龙计算机通信科技(深圳)有限公司 提高VoLTE通信安全性的语音数据方法、系统及移动终端
CN107666383B (zh) * 2016-07-29 2021-06-18 阿里巴巴集团控股有限公司 基于https协议的报文处理方法以及装置
CN107040369B (zh) * 2016-10-26 2020-02-11 阿里巴巴集团控股有限公司 数据传输方法、装置及系统
CN106685969A (zh) * 2016-12-29 2017-05-17 武汉华安科技股份有限公司 一种混合加密的信息传输方法及传输系统
CN109802825A (zh) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 一种数据加密、解密的方法、系统及终端设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347419A (zh) * 2017-01-24 2018-07-31 腾讯科技(深圳)有限公司 数据传输方法和装置
CN107612691A (zh) * 2017-11-07 2018-01-19 世纪龙信息网络有限责任公司 认证信息传输方法和装置以及用户信息认证系统
CN109936524A (zh) * 2017-12-15 2019-06-25 深圳市伍壹卡科技有限公司 一种智能手机流量代理管理系统及方法
US20190273613A1 (en) * 2018-03-05 2019-09-05 International Business Machines Corporation Distributed encryption keys for tokens in a cloud environment
CN111556025A (zh) * 2020-04-02 2020-08-18 深圳壹账通智能科技有限公司 基于加密、解密操作的数据传输方法、系统和计算机设备

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992413A (zh) * 2021-10-28 2022-01-28 中国银行股份有限公司 混合应用的报文加解密方法及装置
CN114268449A (zh) * 2021-11-02 2022-04-01 浙江零跑科技股份有限公司 一种重要can加密方法
CN114268449B (zh) * 2021-11-02 2023-08-29 浙江零跑科技股份有限公司 一种重要can加密方法
CN115023920B (zh) * 2021-11-05 2024-01-19 富途网络科技(深圳)有限公司 股权激励系统中的数据处理的方法和装置
CN115023920A (zh) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 股权激励系统中的数据处理的方法和装置
CN114285593A (zh) * 2021-11-08 2022-04-05 深圳市联洲国际技术有限公司 构建安全局域网协议的方法、装置、设备及存储介质
CN114285593B (zh) * 2021-11-08 2024-03-29 深圳市联洲国际技术有限公司 构建安全局域网协议的方法、装置、设备及存储介质
CN114268467A (zh) * 2021-12-03 2022-04-01 中国联合网络通信集团有限公司 秘钥更新处理方法、装置、系统、设备及存储介质
CN114268467B (zh) * 2021-12-03 2023-09-05 中国联合网络通信集团有限公司 秘钥更新处理方法、装置、系统、设备及存储介质
CN114222005A (zh) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 请求处理方法、装置、设备、计算机可读存储介质及产品
CN114222005B (zh) * 2021-12-14 2024-04-26 中国建设银行股份有限公司 请求处理方法、装置、设备、计算机可读存储介质及产品
CN114189394A (zh) * 2022-02-15 2022-03-15 北京安帝科技有限公司 数据解密方法、装置、电子设备及存储介质
CN114520740A (zh) * 2022-02-16 2022-05-20 慕思健康睡眠股份有限公司 一种加密方法、装置、设备及存储介质
CN114567557A (zh) * 2022-03-07 2022-05-31 上海数禾信息科技有限公司 报文处理方法、装置、计算机设备和存储介质
WO2023216531A1 (fr) * 2022-05-10 2023-11-16 中移(上海)信息通信科技有限公司 Procédé et appareil de traitement d'authentification de communication, dispositif et support de stockage lisible par ordinateur
CN115296852B (zh) * 2022-07-08 2023-09-01 珠海市小源科技有限公司 数据加密、解密方法、装置及数据加密解密系统
CN115296852A (zh) * 2022-07-08 2022-11-04 珠海市小源科技有限公司 数据加密、解密方法、装置及数据加密解密系统
CN115378743A (zh) * 2022-10-25 2022-11-22 北京国电通网络技术有限公司 信息加密传输方法、装置、设备和介质
CN115952518B (zh) * 2022-12-27 2023-08-15 元心信息科技集团有限公司 数据请求方法、装置、电子设备及存储介质
CN115952518A (zh) * 2022-12-27 2023-04-11 元心信息科技集团有限公司 数据请求方法、装置、电子设备及存储介质
CN116318876A (zh) * 2023-02-16 2023-06-23 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统及其运行方法
CN116318876B (zh) * 2023-02-16 2023-09-12 江苏特视智能科技有限公司 一种情报板信息发布专用安全网关系统
CN116938603B (zh) * 2023-09-15 2023-12-05 杭州安恒信息技术股份有限公司 基于隐身网关的流量传输方法、装置、设备及存储介质
CN116938603A (zh) * 2023-09-15 2023-10-24 杭州安恒信息技术股份有限公司 基于隐身网关的流量传输方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN111556025A (zh) 2020-08-18
CN111556025B (zh) 2023-06-02

Similar Documents

Publication Publication Date Title
WO2021196915A1 (fr) Procédés et systèmes de transmission de données à base d'opérations de chiffrement et de déchiffrement, et dispositif informatique
WO2019174187A1 (fr) Procédé fondé sur une chaîne de blocs destiné à la communication de message entre de multiples terminaux, terminal et support d'informations
US10693848B2 (en) Installation of a terminal in a secure system
US9137223B2 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
US9838870B2 (en) Apparatus and method for authenticating network devices
US8745394B1 (en) Methods and systems for secure electronic communication
EP3205048B1 (fr) Génération d'une clé de cryptage symétrique
CN107404472B (zh) 用于加密密钥的迁移的方法和设备
CN106357690B (zh) 一种数据传输方法、数据发送装置及数据接收装置
US10356090B2 (en) Method and system for establishing a secure communication channel
WO2022022009A1 (fr) Procédé et appareil de traitement de message, dispositif et support de stockage
US10511596B2 (en) Mutual authentication
WO2015161689A1 (fr) Procédé de traitement de données basé sur une clé de négociation
US10733309B2 (en) Security through authentication tokens
WO2018120938A1 (fr) Procédé de transmission de clé hors ligne, terminal et support de stockage
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN104836784A (zh) 一种信息处理方法、客户端和服务器
CN112866237A (zh) 数据通讯方法、装置、设备和存储介质
CN111294203A (zh) 信息传输方法
CN112689014A (zh) 一种双全工通信方法、装置、计算机设备和存储介质
CN114142995B (zh) 面向区块链中继通信网络的密钥安全分发方法及装置
WO2022042198A1 (fr) Procédé et appareil d'authentification d'identité, dispositif informatique et support d'enregistrement
WO2015158173A1 (fr) Procédé de traitement de données à base de clé d'accord
US11170094B2 (en) System and method for securing a communication channel
CN111836260A (zh) 一种认证信息处理方法、终端和网络设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21779611

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/01/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21779611

Country of ref document: EP

Kind code of ref document: A1