WO2022126980A1

WO2022126980A1 - Data transmission method and apparatus, terminal, and storage medium

Info

Publication number: WO2022126980A1
Application number: PCT/CN2021/091116
Authority: WO
Inventors: 徐志文
Original assignee: 平安科技（深圳）有限公司
Priority date: 2020-12-15
Filing date: 2021-04-29
Publication date: 2022-06-23
Also published as: CN112637166B; CN112637166A

Abstract

Disclosed in the present application are a data transmission method and apparatus, a terminal, and a storage medium, applied to a first client. The method comprises: loading a pre-configured asymmetric encryption algorithm table when it is detected that plaintext data to be transmitted exists; obtaining priorities of asymmetric encryption algorithms in the asymmetric encryption algorithm table, and determining an optimal asymmetric encryption algorithm on the basis of the priorities; detecting whether data communication between multiple internal chips is subjected to intrusion, when the data communication is not subjected to intrusion, acquiring a current face image for authority authentication, and after the authentication succeeds, extracting private key data from a preset key database; encrypting the plaintext data on the basis of the optimal asymmetric encryption algorithm and the private key data so as to generate ciphertext data; and sending the ciphertext data to a second client by means of a pre-established data sharing network. By using embodiments of the present application, during data transmission, data can be prevented from being tampered and the risk of data leakage can be reduced. Moreover, the present application is also applicable to a blockchain technology.

Description

A data transmission method, device, terminal and storage medium

priority information

This application claims the priority of the Chinese patent application filed on December 15, 2020 with the application number 202011476863.8 and titled "A data transmission method, device, terminal and storage medium", the entire contents of which are by reference Incorporated in this application.

technical field

The present application relates to the field of information security, and in particular, to a data transmission method, device, terminal and storage medium.

Background technique

Encrypted transmission of data is an important technology in the field of data security. With the advent of the era of big data, more and more attention has been paid to data security issues, especially in the financial field, such as: sensitive information of customers, access rights of financial information systems, Transaction quantitative sensitive information encryption, etc. The leakage of sensitive information will not only cause losses to the operation of the enterprise, but also affect the reputation of the enterprise. Therefore, in the modern Internet industry, especially the financial and insurance industry, it is very important to encrypt and transmit sensitive data well.

In the existing data transmission, the inventor realized that the current data transmission method is mainly that the transmitter and the receiver jointly establish a secure channel for data transmission, and the transmitter and the receiver perform data exchange processing operations in the secure channel. In this way, the security of data is ensured. Since this data transmission method currently requires a lot of manpower and material resources to establish and maintain a secure channel for data transmission, it increases the cost of data transmission between different hosts and the complexity of data transmission. The data transmission process There may also be a risk of tampering in the data, thereby increasing the possibility of data leakage.

SUMMARY OF THE INVENTION

Based on this, it is necessary to provide a data transmission method, device, terminal and storage medium for the problem that there may be a risk of being tampered with during data transmission.

A data transmission method, applied to a first client, includes: when detecting that there is plaintext data to be transmitted, loading a preconfigured asymmetric encryption algorithm table; obtaining each asymmetric encryption algorithm in the asymmetric encryption algorithm table The priority of the algorithm, the optimal asymmetric encryption algorithm is determined based on the order of priority; it detects whether the data communication between multiple internal chips has been intruded, and when there is no intrusion, the current face image is collected for authorization authentication. After the authentication is successful Extract private key data from a preset key database; encrypt the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data; convert the ciphertext data It is sent to the second client through the pre-established data sharing network.

A data transmission method, applied to a second client, the method comprising: when receiving a data access request sent by the first client for the second client, acquiring The ciphertext data sent by the second client; obtaining the public key of the first client, and decrypting the ciphertext data based on the public key of the first client, and generating plaintext data after successful decryption; based on the plaintext data Obtain the data information required by the first client, and load the asymmetric encryption algorithm table; determine the security level corresponding to the data information required by the first client; based on the security level from the asymmetric encryption algorithm table The asymmetric encryption algorithm corresponding to the current moment is obtained from ; based on the public key of the first client and the asymmetric encryption algorithm corresponding to the current moment, the data information required by the first client is encrypted, and the encrypted data is generated. Data information; detect whether the data communication between multiple internal chips has been intruded, collect the current face image for authorization authentication when not intruded, and extract the second private key data from the preset key database after successful authentication; based on The second private key data and the asymmetric encryption algorithm corresponding to the current moment re-encrypt the encrypted data information to generate ciphertext data after secondary encryption; The response is sent to the first client through the pre-established data sharing network.

A data transmission device, applied to a first client, includes: a data-to-be-transmitted detection module, configured to load a pre-configured asymmetric encryption algorithm table when detecting that there is plaintext data to be transmitted; an optimal asymmetric encryption The algorithm determination module is used to obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and the optimal asymmetric encryption algorithm is determined based on the priority order; the private key data extraction module is used to detect the internal multiple chips. Whether the data communication between them has been invaded, when not invaded, the current face image is collected for authorization authentication, and the private key data is extracted from the preset key database after the authentication is successful; the data encryption module is used for The symmetric encryption algorithm and the private key data encrypt the plaintext data to be transmitted to generate ciphertext data; the ciphertext data sending module is used for sending the ciphertext data to the second through the pre-established data sharing network client.

A terminal includes a memory and a processor, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the processor executes the steps of the above data transmission method.

A storage medium storing computer-readable instructions, when the computer-readable instructions are executed by one or more processors, cause the one or more processors to perform the steps of the above data transmission method.

For the above data transmission method, device, terminal, and storage medium, in the embodiments of the present application, the first client first loads a preconfigured asymmetric encryption algorithm table when detecting that there is plaintext data to be transmitted, and obtains the asymmetric encryption algorithm The priority of each asymmetric encryption algorithm in the table, and then determine the optimal asymmetric encryption algorithm based on the priority order, and then detect whether the data communication between multiple internal chips is intrusion, and collect the current face when it is not intrusion. Perform authority authentication on the image, extract the private key data from the preset key database after successful authentication, and then encrypt the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate a password. and finally sending the ciphertext data to the second client through the pre-established data sharing network. Since the present application selects the optimal asymmetric encryption algorithm according to the priority from the preset asymmetric encryption algorithm table during data transmission, and performs data encryption and decryption in combination with the pre-saved asymmetric encryption public key and private key files, it can prevent Data is tampered with during transmission, further reducing the possibility of data leakage.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description serve to explain the principles of the application.

1 is an implementation environment diagram of a data transmission method provided in an embodiment of the present application;

2 is a schematic diagram of an internal structure of a terminal in an embodiment of the present application;

3 is a schematic diagram of a data transmission method provided in an embodiment of the present application;

4 is a schematic diagram of another data transmission method provided in an embodiment of the present application;

FIG. 5 is an apparatus schematic diagram of a data transmission apparatus provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.

It will be understood that the terms "first", "second", etc. used in this application may be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish a first element from another element.

FIG. 1 is an implementation environment diagram of a data transmission method provided in an embodiment. As shown in FIG. 1 , the implementation environment includes a first client 110 and a second client 120 .

The first client 110 is a computer device, for example, a computer device that performs operations such as encryption of sensitive data to be transmitted, and a data encryption tool is installed on the first client 110 . An application that needs to decrypt the data corresponding to the task to be transmitted is installed on the second client 120. When data encryption is required, the sensitive data to be transmitted can be encrypted at the first client 110, and the first client 110 Detecting plaintext data to be transmitted, the first client 110 loads a preconfigured asymmetric encryption algorithm table when detecting that there is plaintext data to be transmitted; the first client 110 obtains the data of each asymmetric encryption algorithm in the asymmetric encryption algorithm table. Priority, the first client 110 determines the optimal asymmetric encryption algorithm based on the order of priority; the first client 110 detects whether the data communication between multiple internal chips is intruded, and collects the current face when not intruded The image performs authority authentication, and after the authentication is successful, the private key data is extracted from the preset key database; the first client 110 performs the operation on the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data. Encryption to generate ciphertext data; the first client 110 sends the ciphertext data to the second client 120 through a pre-established data sharing network.

When receiving the data access request sent by the first client to the second client, the second client 120 obtains the ciphertext data sent to the second client; the second client 120 obtains the public key of the first client, and The ciphertext data is decrypted based on the public key of the first client, and the plaintext data is generated after the decryption is successful; The priority of the encryption algorithm, and the optimal asymmetric encryption algorithm is determined based on the priority order; the second client 120 encrypts the data information required by the first client based on the public key of the first client and the optimal asymmetric encryption algorithm , and generate encrypted data information; the second client 120 detects whether the data communication between multiple internal chips is intruded, and collects the current face image for authorization authentication when it is not intruded. The private key data is extracted from the key database; the second client 120 re-encrypts the encrypted data information based on the private key data and the optimal asymmetric encryption algorithm to generate secondary encrypted data information; the second client 120 encrypts the data twice The latter data information is responded to the first client 110 through the pre-established data sharing network.

When the first client 110 receives the data response sent by the second client to the first client, the first client 110 obtains the ciphertext data sent to the first client; the first client 110 obtains the data of the second client. public key, and decrypt the ciphertext data sent to the first client based on the public key of the second client, and obtain the decrypted data after successful decryption; the first client 110 decrypts the decrypted data based on the extracted private key data Secondary decryption to generate plaintext data.

It should be noted that the client 120 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto. The server 110 and the client 120 may be connected through Bluetooth, USB (Universal Serial Bus, Universal Serial Bus) or other communication connection methods, which are not limited in this application.

FIG. 2 is a schematic diagram of an internal structure of a terminal in an embodiment. As shown in FIG. 2, the terminal includes a processor, a non-volatile storage medium, a memory and a network interface connected through a system bus. The non-volatile storage medium of the terminal stores an operating system, a database, and computer-readable instructions, and the database may store a sequence of control information. When the computer-readable instructions are executed by the processor, the processor can implement a data transfer method. The processor of the terminal is used to provide computing and control capabilities to support the operation of the entire terminal. Computer-readable instructions may be stored in the memory of the terminal, and when executed by the processor, the computer-readable instructions may cause the processor to execute a data transmission method. The network interface of the terminal is used to connect and communicate with the terminal. Those skilled in the art can understand that the structure shown in FIG. 2 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the terminal to which the solution of the present application is applied. More or fewer components are shown in the figures, either in combination or with different arrangements of components.

The data transmission method provided by the embodiment of the present application will be described in detail below with reference to FIG. 3 to FIG. 4 . The method can be implemented by relying on a computer program, and can be run on a data transmission device based on the von Neumann system. The computer program can be integrated into an application or run as a stand-alone utility application.

Referring to FIG. 3 , an embodiment of the present application provides a schematic flowchart of a data transmission method, which is applied to a first client. As shown in FIG. 3, the method of this embodiment of the present application may include the following steps:

S101, when detecting that there is plaintext data to be transmitted, load a preconfigured asymmetric encryption algorithm table;

Generally, when multiple clients perform data transmission, the present application establishes a data sharing network in advance. The data sharing network can be regarded as an internally established local area network, and the network only provides data transmission services for clients that have successfully joined the data sharing network. . Among them, the data sharing network can also be regarded as the company's intranet, which only provides network transmission services for the company's clients. Other external clients cannot access the hosts that join the data sharing network. The establishment of the data sharing network can guarantee the company's The security of the internal host can also monitor the data transmission between the company's various hosts to further improve the security level of the company's data.

Further, the shared network is in communication connection with the blockchain network deployed by the cloud service, and the blockchain stores the private key of the current host for data encryption. Saving the private key in the blockchain network can further improve the security of the private key.

Further, after the data sharing network is established, when multiple hosts join the data sharing network, the multiple hosts can perform data transmission based on the network.

In the embodiment of the present application, the pre-configured asymmetric encryption algorithm table is an asymmetric encryption algorithm library set by an administrator. The asymmetric encryption algorithm library stores a plurality of different asymmetric encryption algorithms, and a plurality of different Each of the asymmetric encryption algorithms has a priority. When the client encrypts plaintext data, it can obtain the encryption algorithm from the asymmetric encryption algorithm library for encryption. Since the asymmetric encryption algorithm library is managed by the administrator, the asymmetric encryption algorithms in the asymmetric encryption algorithm library can be updated in real time as time changes. When it needs to be explained, when adding, deleting, modifying and checking the algorithms in the asymmetric encryption algorithm library, the parameter information will be recorded corresponding to the operation time and the number of operations.

In a possible implementation, when two clients join the data sharing network for data transmission, the client detects in real time whether there is plaintext data to be transmitted. The detection method can be hardware detection, or software. Detection methods, for example, hardware detection methods can be detected by traffic probes, and software detection methods can be detected by detection methods identified in packets. An encryption algorithm library, from which a pre-configured asymmetric encryption algorithm table is loaded.

Further, when detecting whether there is plaintext data to be transmitted by the software detection method, first obtain all the message data generated by the current client in real time, and the message data includes the data encryption instruction generated by the user by pressing the button, and the instruction includes the software. The identifier set in advance in the system, for example, the identifier of the data encryption instruction is "encryption". After the user generates a data encryption command by pressing the client button, the message in the command is in the form of plaintext data + identification. At this time, when the identification mark is found in the message, the plaintext data is detected.

S102, obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determine the optimal asymmetric encryption algorithm based on the high and low order of the priority;

Usually, the priority of each asymmetric encryption algorithm is preset by the administrator, and the priority setting can be limited in many ways.

For example, in a possible implementation manner, the client first obtains the algorithm setting time indicated by each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and then determines the priority of each encryption algorithm based on the length of the algorithm setting time from the current time. class. In a possible implementation manner, the present application defines that the priority of each algorithm in the preset algorithm table is determined according to the set time, that is to say, the shorter the set time, the more the algorithm is newly added. The added algorithm shows that the encryption strength is a bit stronger.

Specifically, when determining the priority order of each algorithm in the algorithm table, first obtain the set time of each encryption algorithm in the encryption algorithm table, and obtain the time interval set by each algorithm by making a difference between the set time and the current time, and select the time The encryption algorithm with the smallest interval is the most optimal encryption algorithm for encryption operation. In the present application, the optimal encryption algorithm is selected by calculating the setting time of each algorithm in the encryption algorithm table, which ensures that the encryption strength is higher.

For example, in another possible implementation manner, the client first obtains the frequency of use of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and finally determines the priority of each asymmetric encryption algorithm based on the frequency of use of each asymmetric encryption algorithm . In another possible implementation, the present application defines that the algorithm priority is determined according to the frequency of use. The less the algorithm is used, the lower the risk of the algorithm not being cracked. higher strength.

Specifically, when determining the priority order of each encryption algorithm in the encryption algorithm table, first obtain the use frequency of each encryption algorithm in the encryption algorithm table, and determine the encryption algorithm with the least frequency of use according to the use frequency data of each encryption algorithm, and finally The encryption algorithm with the least frequency is determined as the current optimal encryption algorithm. The present application selects the optimal encryption algorithm by using the frequency of use of each algorithm in the encryption algorithm table, which ensures higher encryption strength.

It should be noted that the priority may also be set in other manners, which will not be repeated here.

S103, detecting whether the data communication between the multiple internal chips has been invaded, and when not being invaded, collect the current face image to perform authority authentication, and extract private key data from a preset key database after the authentication is successful;

Usually, multiple internal chips are communication chip devices during data transmission in the data sharing network. By detecting multiple internal communication chips, it is judged whether the current data sharing network has been invaded by the outside. The attack initiated by the private key stored in the computer equipment in the data sharing network, this step can stop the data transmission in time to ensure the security of the data transmission when the private key stored in the computer equipment in the data sharing network is leaked .

Specifically, when detecting whether the data communication between multiple internal chips is invaded, the protocol analysis, comparison and analysis are usually performed on the two non-similar communication modes between multiple communication chips in the shared data network. If the amount of data is the same as the content of the communication data, it is considered that it has not been invaded, and if the amount of communication data is different from the content of the communication data, it is considered that it has been invaded.

Further, it also includes detecting whether the computer equipment in the data sharing network is implanted with a virus, and obtaining the private key file data saved in the computer equipment by implanting a virus. Check and/or check through a third-party trusted security company, check the capacity of your own program storage area by checking the capacity of your own program storage area, and when the capacity is found to become larger, search for the newly added program file by traversing, and check the program file itself. The parameters are parsed. When the parsed parameters are unrecognized parameter information, an early warning is issued and the program is automatically deleted.

Further, when no intrusion is found, at this time, the face image of the current user is collected by the camera of the computer equipment to be encrypted at this time for identification, and after the identification passes the authority verification, the computer equipment is connected to the blockchain network through the data sharing network, and Send the current user information to the blockchain network for re-authentication. After the authentication is successful, the blockchain network responds the private key of the current computer device to the computer device through the shared network, connects to the database that saves the key file, and automatically obtains the key file. private key data in .

By checking whether the current shared data network is invaded, whether the current computer equipment has viruses, and whether the current user is a person with authority. When all three verifications are passed, the computer device will connect to the key database to obtain the private key. This method further ensures the security of data transmission and prevents the data from being hijacked and tampered with during transmission due to the leakage of the private key.

S104, encrypting the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data;

In a possible implementation manner, after the optimal asymmetric encryption algorithm is obtained based on step S102 and the private key data is obtained according to step S103, the plaintext data and private key data to be transmitted are input into the optimal asymmetric encryption algorithm The encryption operation is performed in the algorithm, and the ciphertext data is generated after the encryption is completed.

For example, the plaintext data to be transmitted is a, and a is encrypted with the asymmetric encryption algorithm and the public key ek to obtain the ciphertext s=Eek(a), where Eek() is the public key encryption operation of the asymmetric encryption algorithm.

The asymmetric encryption algorithms in the asymmetric encryption algorithm table used in the embodiments of the present application may include hash algorithm, Hash algorithm, MD5 (Message Digest Algorithm 5) algorithm, SHA (Secure Hash Algorithm) algorithm, etc. , when performing encryption operations, if the optimal asymmetric encryption algorithm is RSA, it is preferred to use a 1024-bit private key number; if the optimal asymmetric encryption algorithm is ECC, a 160-bit private key is preferred. When the symmetric encryption algorithm is AES, the 128-bit private key data is preferentially used.

S105: Send the ciphertext data to the second client through a pre-established data sharing network.

Usually, the second client is the client that receives the ciphertext data.

For example, if host A needs to query a certain data on host B, first host A encrypts the data to be queried as a with its own private key, and host A sends a to host B.

Further, step S102 also includes: the optimal encryption algorithm can also be selected by calculating the data volume of the plaintext data to be encrypted, or the encryption algorithm can be selected according to the data importance of the data to be encrypted, specifically according to the actual data information to be transmitted. Make a determination, which is not limited here.

Further, in step S103, the key database generation method includes: the current computer equipment can generate private keys of different digits according to several set methods, then generate public key data according to the private key data of different digits, and finally The generated private keys of different digits and the public keys corresponding to the private keys of different digits are sent to the key database for storage. Among them, the method of generating the private key includes not limited to generating the private key by generating a random number, but also generating the private key by the current time + random number. The specific generation method can be set by yourself according to the actual application scenario, here No more restrictions.

Further, in order to ensure faster data transmission and save time, the encrypted data compression can be optimized. Currently, a commonly used algorithm is to transmit changed data items and ignore unchanged data items. When the amount of data change is not large, there are many redundant bits transmitted, which leads to slow transmission speed. Therefore, the changing bits and non-changing bits are clearly separated, and the compression is performed at the level of the unit, so that even if a very simple run-length coding compression algorithm is used, a very high compression rate can be obtained.

Further, the data transmission mode of the TCP/IP protocol is preferred during data transmission.

Further, when receiving the data response sent by the second client to the first client, first obtain the ciphertext data sent to the first client, then obtain the public key of the second client, and based on the second client's The public key decrypts the ciphertext data sent by the first client, and after successful decryption, the decrypted data is obtained, and finally the decrypted data is decrypted twice based on the extracted private key data to generate plaintext data.

In this embodiment of the present application, the first client first loads a preconfigured asymmetric encryption algorithm table when detecting that there is plaintext data to be transmitted, obtains the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and then Determine the optimal asymmetric encryption algorithm based on the high and low order of priorities, and then detect whether the data communication between multiple internal chips is intruded. The private key data is extracted from the key database, and the plaintext data to be transmitted is encrypted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data. The established data sharing network is sent to the second client. Since the present application selects the optimal asymmetric encryption algorithm according to the priority from the preset asymmetric encryption algorithm table during data transmission, and performs data encryption and decryption in combination with the pre-saved asymmetric encryption public key and private key files, it can prevent Data is tampered with during transmission, further reducing the possibility of data leakage.

Referring to FIG. 4, an embodiment of the present application provides a schematic flowchart of a data transmission method, which is applied to a first client. As shown in FIG. 4 , the method of this embodiment of the present application may include the following steps:

S201, when receiving a data access request sent by the first client to the second client, obtain ciphertext data sent by the first client to the second client;

S202, obtaining the public key of the first client, and decrypting the ciphertext data based on the public key of the first client, and generating plaintext data after successful decryption;

S203, determining the security level corresponding to the data information required by the first client, and obtaining the asymmetric encryption algorithm corresponding to the current moment from the asymmetric encryption algorithm table based on the security level;

S204, encrypting data information required by the first client based on the public key of the first client and the asymmetric encryption algorithm corresponding to the current moment, to generate encrypted data information;

S205, detecting whether the data communication between the multiple internal chips has been invaded, and when not being invaded, collect the current face image for authorization authentication, and extract the second private key data from the preset key database after the authentication is successful;

S206, re-encrypting the encrypted data information based on the second private key data and the asymmetric encryption algorithm corresponding to the current moment to generate secondary encrypted ciphertext data;

S207, responding the ciphertext data after the secondary encryption to the first client through a pre-established data sharing network.

The following are apparatus embodiments of the present invention, which can be used to execute method embodiments of the present invention. For details not disclosed in the device embodiments of the present invention, please refer to the method embodiments of the present invention.

Please refer to FIG. 5 , which shows a schematic structural diagram of a data transmission apparatus provided by an exemplary embodiment of the present application, which is applied to a first client. The data transmission system can be implemented as all or a part of the terminal through software, hardware or a combination of the two. The device 1 includes a data to be transmitted detection module 10 , an optimal asymmetric encryption algorithm determination module 20 , a private key data extraction module 30 , a data encryption module 40 , and a ciphertext data transmission module 50 .

The data-to-be-transmitted detection module 10 is configured to load a pre-configured asymmetric encryption algorithm table when detecting that there is plaintext data to be transmitted;

The optimal asymmetric encryption algorithm determination module 20 is used to obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determine the optimal asymmetric encryption algorithm based on the high and low order of the priority;

The private key data extraction module 30 is used to detect whether the data communication between multiple internal chips has been invaded, and when it has not been invaded, the current face image is collected for authorization authentication, and after the authentication is successful, the private key is extracted from the preset key database. key data;

a data encryption module 40, configured to encrypt the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data;

The ciphertext data sending module 50 is configured to send the ciphertext data to the second client through a pre-established data sharing network.

It should be noted that, when the data transmission system provided in the above-mentioned embodiments executes the data transmission method, only the division of the above-mentioned functional modules is used for illustration. , that is, dividing the internal structure of the device into different functional modules to complete all or part of the functions described above. In addition, the data transmission system and the data transmission method provided by the above embodiments belong to the same concept, and the implementation process of the data transmission system is described in the method embodiment, which will not be repeated here.

The above-mentioned serial numbers of the embodiments of the present application are only for description, and do not represent the advantages or disadvantages of the embodiments.

In one embodiment, a terminal is proposed. The terminal includes a memory, a processor, and a computer program stored in the memory and running on the processor. When the processor executes the computer program, the following steps are implemented: when the first client detects When there is plaintext data to be transmitted, load the pre-configured asymmetric encryption algorithm table; obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determine the optimal asymmetric encryption algorithm based on the priority order; Whether the data communication between multiple internal chips has been invaded, when not invaded, the current face image is collected for authorization authentication, and the private key data is extracted from the preset key database after successful authentication; based on the optimal asymmetric The encryption algorithm and the private key data encrypt the plaintext data to be transmitted to generate ciphertext data; and send the ciphertext data to the second client through a pre-established data sharing network. When receiving the data access request sent by the first client to the second client, the second client obtains the ciphertext data sent to the second client; obtains the public key of the first client, and based on the public key of the first client The key decrypts the ciphertext data, and after the decryption is successful, the plaintext data is generated; based on the plaintext data, the data information required by the first client is obtained, and the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table is based on the priority. Determine the optimal asymmetric encryption algorithm in sequence; encrypt the data information required by the first client based on the public key of the first client and the optimal asymmetric encryption algorithm, and generate encrypted data information; Whether the data communication has been invaded, if not, the current face image is collected for authorization authentication. After the authentication is successful, the private key data is extracted from the preset key database; based on the private key data and the optimal asymmetric encryption algorithm, the encrypted The data information is encrypted again to generate the data information after the secondary encryption; the data information after the secondary encryption is responded to the first client through the pre-established data sharing network. When receiving the data response sent by the second client to the first client, the first client obtains the ciphertext data sent to the first client; obtains the public key of the second client, and based on the public key of the second client Decrypt the ciphertext data sent to the first client, and obtain decrypted data after successful decryption; decrypt the decrypted data twice based on the extracted private key data to generate plaintext data.

In an embodiment, when the first client executed by the processor detects the plaintext data to be transmitted, the following step is further performed: the first client connects to a pre-created data sharing network.

In one embodiment, when the processor performs the detection of the plaintext data to be transmitted, the following steps are specifically performed: when the first client detects the plaintext data to be transmitted in the hardware mode, collects the plaintext to be transmitted in real time through a traffic probe data; or when detecting the plaintext data to be transmitted in software mode, obtain the currently generated message information in real time through the application programming interface; parse the message information, and find the encrypted identifier in the parsed message information; When encrypting the identifier, obtain the plaintext data to be transmitted corresponding to the encrypted identifier.

In one embodiment, when the processor executes the first client to obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, the processor specifically performs the following steps: the first client obtains each asymmetric encryption algorithm in the asymmetric encryption algorithm table. The set time indicated by the algorithm; the priority of each asymmetric encryption algorithm is determined based on the length of the set time from the current time.

In one embodiment, when the processor executes the first client to obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, the processor specifically performs the following steps: the first client obtains each asymmetric encryption algorithm in the asymmetric encryption algorithm table. The usage frequency of the algorithm; the priority of each asymmetric encryption algorithm is determined based on the usage frequency of each asymmetric encryption algorithm.

In one embodiment, a storage medium storing computer-readable instructions is provided, the computer-readable storage medium may be non-volatile or volatile, and the computer-readable instructions are stored by one or more When the processor executes, one or more processors are caused to execute the following steps: when the first client detects that there is plaintext data to be transmitted, loads a preconfigured asymmetric encryption algorithm table; obtains each non-symmetric encryption algorithm table in the asymmetric encryption algorithm table. The priority of the symmetric encryption algorithm, the optimal asymmetric encryption algorithm is determined based on the priority order; it detects whether the data communication between multiple internal chips has been intruded, and when there is no intrusion, the current face image is collected for authorization authentication. After success, extract private key data from a preset key database; encrypt the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data; The text data is sent to the second client through the pre-established data sharing network. When receiving the data access request sent by the first client to the second client, the second client obtains the ciphertext data sent to the second client; obtains the public key of the first client, and based on the public key of the first client The key decrypts the ciphertext data, and after the decryption is successful, the plaintext data is generated; based on the plaintext data, the data information required by the first client is obtained, and the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table is based on the priority. Determine the optimal asymmetric encryption algorithm in sequence; encrypt the data information required by the first client based on the public key of the first client and the optimal asymmetric encryption algorithm, and generate encrypted data information; Whether the data communication has been invaded, if not, the current face image is collected for authorization authentication. After the authentication is successful, the private key data is extracted from the preset key database; based on the private key data and the optimal asymmetric encryption algorithm, the encrypted The data information is encrypted again to generate the data information after the secondary encryption; the data information after the secondary encryption is responded to the first client through the pre-established data sharing network. When receiving the data response sent by the second client to the first client, the first client obtains the ciphertext data sent to the first client; obtains the public key of the second client, and based on the public key of the second client Decrypt the ciphertext data sent to the first client, and obtain decrypted data after successful decryption; decrypt the decrypted data twice based on the extracted private key data to generate plaintext data.

Those of ordinary skill in the art can understand that the realization of all or part of the processes in the methods of the above embodiments can be accomplished by instructing the relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium, and the program is During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a read-only storage memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

The technical features of the above embodiments can be combined arbitrarily. In order to make the description simple, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features It is considered to be the range described in this specification.

The above examples only represent several embodiments of the present application, and the descriptions thereof are relatively specific and detailed, but should not be construed as a limitation on the scope of the patent of the present application. It should be pointed out that for those skilled in the art, without departing from the concept of the present application, several modifications and improvements can be made, which all belong to the protection scope of the present application. Therefore, the scope of protection of the patent of the present application shall be subject to the appended claims.

Claims

A data transmission method, applied to a first client, wherein the method includes:

When detecting that there is plaintext data to be transmitted, load the pre-configured asymmetric encryption algorithm table;

Obtain the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determine the optimal asymmetric encryption algorithm based on the order of the priorities;

Detect whether the data communication between multiple internal chips has been intruded, and collect the current face image for authorization authentication when not intruded, and extract the private key data from the preset key database after successful authentication;

Encrypting the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data;

Sending the ciphertext data to the second client through a pre-established data sharing network.
The method according to claim 1, wherein the obtaining the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determining the optimal asymmetric encryption algorithm based on the high and low order of the priority, comprises:

Parse the plaintext data to be transmitted, and determine the security level of the plaintext data to be transmitted;

The asymmetric encryption algorithm corresponding to the current moment is acquired from the asymmetric encryption algorithm table based on the security level.
The method according to claim 1, wherein the method of detecting the plaintext data to be transmitted comprises hardware detection or software detection;

Detecting the plaintext data to be transmitted includes:

When it is detected that the transmission mode of the plaintext data to be transmitted is the hardware mode, the plaintext data to be transmitted is collected in real time through the traffic probe; or

When it is detected that the transmission mode of the plaintext data to be transmitted is the software mode, the currently generated message information is obtained in real time through the application programming interface;

Parse the message information, and find out whether there is an encryption identifier in the parsed message information;

When the encrypted identifier exists in the parsed message information, the plaintext data to be transmitted corresponding to the encrypted identifier is acquired from the message information.
The method according to claim 1, wherein the obtaining the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table comprises:

Obtain the set time indicated by each asymmetric encryption algorithm in the asymmetric encryption algorithm table;

The priority of each asymmetric encryption algorithm is determined based on the respective durations between the set times indicated by the asymmetric encryption algorithms and the current time.
The method according to claim 1, wherein the obtaining the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table comprises:

Obtain the frequency of use of each asymmetric encryption algorithm in the asymmetric encryption algorithm table;

The priority of each asymmetric encryption algorithm is determined based on the frequency of use of each asymmetric encryption algorithm.
The method of claim 1, wherein the method further comprises:

When receiving a response from the second client to the ciphertext data sent by the first client, acquiring the ciphertext data sent by the second client to the first client;

obtaining the public key of the second client, and decrypting the ciphertext data sent by the second client to the first client based on the public key of the second client, and obtaining decrypted data after successful decryption;

The decrypted data is decrypted twice based on the extracted private key data to generate plaintext data.
The method according to claim 1, wherein when it is detected that there is plaintext data to be transmitted, before loading the preconfigured asymmetric encryption algorithm table, the method further comprises:

Establish a data sharing network.
The method according to claim 7, wherein the data sharing network is an internally established local area network or an intranet.
The method of claim 8, wherein the data sharing network is connected to a blockchain network.
The method according to claim 9, wherein the blockchain network stores the private key of the current host for data encryption.
The method according to claim 7, wherein after establishing the data sharing network, the method further comprises:

Multiple hosts join the data sharing network.
The method according to claim 1, wherein the asymmetric encryption algorithm table is a preset asymmetric encryption algorithm library, and a plurality of different asymmetric encryption algorithms are stored in the asymmetric encryption algorithm library.
The method according to claim 12, wherein each asymmetric encryption algorithm in the plurality of different asymmetric encryption algorithms has a priority.
[Corrected 19.05.2021 according to Rule 26]
The method according to claim 12, wherein the asymmetric encryption algorithms in the asymmetric encryption algorithm library are automatically updated as time changes.
[Corrected 19.05.2021 according to Rule 26]
13. The method of claim 12, wherein the priority of each asymmetric encryption algorithm is preset.
[Corrected 19.05.2021 according to Rule 26]
The method according to claim 1, wherein the plurality of internal chips are communication chips during data transmission in the data sharing network.
A data transmission method, applied to a second client, wherein the method comprises:

When receiving a data access request sent by the first client to the second client, acquiring ciphertext data sent by the first client to the second client;

Obtaining the public key of the first client, and decrypting the ciphertext data based on the public key of the first client, and generating plaintext data after successful decryption;

Obtain data information required by the first client based on the plaintext data, and load the asymmetric encryption algorithm table;

determining the security level corresponding to the data information required by the first client;

Obtain the asymmetric encryption algorithm corresponding to the current moment from the asymmetric encryption algorithm table based on the security level;

Encrypting the data information required by the first client based on the public key of the first client and the asymmetric encryption algorithm corresponding to the current moment, to generate encrypted data information;

Detect whether the data communication between multiple internal chips has been intruded, and collect the current face image for authorization authentication when not intruded, and extract the second private key data from the preset key database after the authentication is successful;

Re-encrypt the encrypted data information based on the second private key data and the asymmetric encryption algorithm corresponding to the current moment to generate secondary encrypted ciphertext data;

The ciphertext data after the secondary encryption is responded to the first client through the pre-established data sharing network.
A data transmission device, applied to a first client, wherein the device comprises:

A data-to-be-transmitted detection module, configured to load a pre-configured asymmetric encryption algorithm table when it is detected that there is plaintext data to be transmitted;

an optimal asymmetric encryption algorithm determination module, used for obtaining the priority of each asymmetric encryption algorithm in the asymmetric encryption algorithm table, and determining the optimal asymmetric encryption algorithm based on the high and low order of the priority;

The private key data extraction module is used to detect whether the data communication between multiple internal chips has been intruded. When there is no intrusion, the current face image is collected for authorization authentication. After the authentication is successful, the private key is extracted from the preset key database. data;

a data encryption module, configured to encrypt the plaintext data to be transmitted based on the optimal asymmetric encryption algorithm and the private key data to generate ciphertext data;

The ciphertext data sending module is configured to send the ciphertext data to the second client through the pre-established data sharing network.
A terminal, comprising a memory and a processor, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the processor causes the processor to execute any one of claims 1 to 17 The steps of the data transmission method of claim 1.
A storage medium storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform the execution of any one of claims 1 to 17 Steps of data transfer.