CN110505066A - A kind of data transmission method, device, equipment and storage medium - Google Patents
A kind of data transmission method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110505066A CN110505066A CN201910821041.XA CN201910821041A CN110505066A CN 110505066 A CN110505066 A CN 110505066A CN 201910821041 A CN201910821041 A CN 201910821041A CN 110505066 A CN110505066 A CN 110505066A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encrypted
- transmitted
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Present disclose provides a kind of data transmission method, device, equipment and storage mediums, this method comprises: the be-encrypted data in identification data to be transmitted;The be-encrypted data is the partial data in the data to be transmitted;The be-encrypted data is encrypted using first key, obtains ciphertext;The first data message is transmitted to receiving device, includes the ciphertext and the first key after public key encryption in first data message.Pass through the be-encrypted data in identification data to be transmitted, only be-encrypted data can be encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, it is possible thereby to reduce encryption amount, and since the data volume after encryption is often greater than original data volume, by the way that only part be-encrypted data is encrypted, the data volume of data transmission procedure also can be effectively reduced, promote data transmission performance.
Description
Technical field
This disclosure relates to which field of computer technology, in particular to a kind of data transmission method, device, equipment and is deposited
Storage media.
Background technique
In the data transmission procedure of front and back end equipment, if by the way of plaintext transmission, it is easy to transmission process occur
The problem of intercepting user data by attack, causes the leakage of user data.As it can be seen that in data transmission procedure to the encryption of data at
It manages particularly important.But on the one hand inappropriate data encryption mode may will affect data transmission performance, for example, if encryption
Treated, and data are more huge, can reduce transmission performance, alternatively, on the other hand, can also there is encryption key in transmission process
The problem of being intercepted, and then leading to leaking data.
Summary of the invention
In view of this, be designed to provide a kind of data transmission method, device, equipment and the storage of the embodiment of the present disclosure are situated between
Matter.
In a first aspect, the disclosure provides a kind of data transmission method, it is applied in sending device, comprising:
Identify the be-encrypted data in data to be transmitted;The be-encrypted data is the part number in the data to be transmitted
According to;The be-encrypted data is encrypted using first key, obtains ciphertext;The first datagram is transmitted to receiving device
Text includes the ciphertext and the first key after public key encryption in first data message.
By the be-encrypted data in identification data to be transmitted, only be-encrypted data can be encrypted to obtain close
Text, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, it is possible thereby to encryption amount is reduced, and by
Data volume after encryption is often greater than original data volume, by the way that only part be-encrypted data is encrypted,
Also the data volume of data transmission procedure can be effectively reduced, promote data transmission performance.In addition, passing through the first key that will be transmitted
Using public key encryption, first key in data transmission procedure also can be effectively prevented and be stolen, so as to promote data transmission
Safety.
It further include in the data to be transmitted in a kind of possible embodiment, in first data message except identification
The clear data outside be-encrypted data out;Alternatively, also being wrapped after the be-encrypted data in the identification data to be transmitted
Include: Xiang Suoshu receiving device transmits the second data message, includes except the be-encrypted data identified in second data message
Outer clear data.
It, can by the way that encryption amount can be effectively reduced selectively by clear data by the transmission of plaintext message
To promote data transmission performance.
Be-encrypted data in a kind of possible embodiment, in the identification data to be transmitted, comprising: described in identification
At least one data attribute and the corresponding attribute value of every kind of data attribute that data to be transmitted includes;From at least one number
According to filtering out the data attribute for meeting encryption condition in attribute;By the corresponding attribute value of the data attribute for meeting encryption condition
As the be-encrypted data.
In present embodiment, by the way that data to be transmitted is split, can based on the data attribute obtained after fractionation come
The corresponding attribute value of data attribute encrypted is screened, it is possible thereby to realize effective identification to be-encrypted data.
It further include corresponding with the be-encrypted data in first data message in a kind of possible embodiment
The data attribute of unencryption.
In present embodiment, by also carrying data attribute corresponding with be-encrypted data in the first data message,
It can make receiving device after receiving the first data message, the data attribute of ciphertext can be gone out with Direct Recognition, without
It is identified again after being decrypted again to ciphertext.
It further include at least one of following information in first data message: institute in a kind of possible embodiment
State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses
Information.
In present embodiment, by carrying these information in the first data message, it can be solved in order to which receiving device determines
Mode used by ciphertext is analysed, the efficiency of parsing ciphertext is promoted.
In a kind of possible embodiment, the first key is generated according to following manner:
Generate random code and current time stamp;According to the random code and the current time stamp, it is close to generate described first
Key.
In present embodiment, first key is generated by random code and timestamp, first key has randomness, can be with
Reinforce the difficulty of breaking cryptographic keys, promotes the security performance of data transmission.
Second aspect, the disclosure provide a kind of data transmission method, are applied in receiving device, comprising:
The first data message that sending device is sent is received, includes the after public key encryption in first data message
One key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device is treated using the first key
It is obtained after partial data encryption in transmission data;Using the private key with the public key match, to described after public key encryption
First key be decrypted, obtain the first key;The ciphertext is decrypted using the first key, is obtained
The partial data in the data to be transmitted after to decryption.
First key is parsed by using private key, ciphertext is further parsed using the first key of parsing, by double
Parsing operates the data after available decryption again, thus can promote the safety of data transmission.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment
Data;After receiving the first data message that the sending device is sent, further includes: in identification first data message
The clear data;It is described decrypted after the data to be transmitted in partial data after, further includes: by the solution
The partial data after close is synthesized with the clear data, obtains the data to be transmitted.
In a kind of possible embodiment, Data Identification is also carried in first data message, the method is also wrapped
It includes: receiving the second data message that sending device is sent;The Data Identification carried in determining second data message and institute
State the Data Identification carried in the first data message it is consistent after, by second data message clear data and decryption after
The data to be transmitted in partial data synthesis, obtain the data to be transmitted.
The third aspect, the disclosure provide a kind of data transmission device, comprising:
Identification module, for identification be-encrypted data in data to be transmitted;The be-encrypted data is described to be transmitted
Partial data in data;Encrypting module is obtained close for the be-encrypted data to be encrypted using first key
Text;Sending module includes the ciphertext and warp in first data message for transmitting the first data message to receiving device
The first key after public key encryption.
It further include in the data to be transmitted in first data message except identifying in a kind of possible embodiment
Be-encrypted data outside clear data;
Alternatively, the sending module is also used to: Xiang Suoshu receiving device transmits the second data message, second datagram
It include the clear data in addition to the be-encrypted data identified in text.
In a kind of possible embodiment, the identification module, when identifying the be-encrypted data in data to be transmitted, tool
Body is used for: identifying at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes;
The data attribute for meeting encryption condition is filtered out from least one data attribute;By the data for meeting encryption condition
The corresponding attribute value of attribute is as the be-encrypted data.
In a kind of possible embodiment, further include in first data message it is corresponding with the be-encrypted data not
The data attribute of encryption.
It further include at least one of following information in first data message: institute in a kind of possible embodiment
State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses
Information.
In a kind of possible embodiment, described device further include: generation module;The generation module, is used for: generate with
Machine code and current time stamp;According to the random code and the current time stamp, the first key is generated.
Fourth aspect, the disclosure provide a kind of data transmission device, comprising:
Receiving module includes warp in first data message for receiving the first data message of sending device transmission
First key after public key encryption and through the encrypted ciphertext of the first key;The ciphertext utilizes institute for the sending device
First key is stated to obtaining after the partial data encryption in data to be transmitted;First deciphering module, for utilizing and the public affairs
The matched private key of key is decrypted the first key after public key encryption, obtains the first key;Second decryption mould
Block, for the ciphertext to be decrypted using the first key, in the data to be transmitted after being decrypted
Partial data.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment
Data;The receiving module is also used to after receiving the first data message that the sending device is sent: identification described the
The clear data in one data message;Second deciphering module, in the data to be transmitted after being decrypted
Partial data after, be also used to: the partial data after the decryption synthesized with the clear data, obtain described
Data to be transmitted.
In a kind of possible embodiment, Data Identification is also carried in first data message, the receiving module,
It is also used to: receiving the second data message that sending device is sent;The Data Identification carried in determining second data message
After consistent with the Data Identification carried in first data message, by the clear data and solution in second data message
Partial data synthesis in the data to be transmitted after close, obtains the data to be transmitted.
5th aspect, the disclosure provide a kind of electronic equipment, comprising: processor, memory and bus, the memory are deposited
Contain the executable machine readable instructions of the processor, when electronic equipment operation, the processor and the memory it
Between by bus communication, such as above-mentioned first aspect or any implementation is executed when the machine readable instructions are executed by the processor
The step of data transmission method described in mode, alternatively, executing the data as described in above-mentioned second aspect or any embodiment
The step of transmission method.
6th aspect, the disclosure provide a kind of computer readable storage medium, store on the computer readable storage medium
Have computer program, when which is run by processor execute execute such as above-mentioned first party and or any embodiment institute
The step of data transmission method stated, alternatively, executing the transmission side data as described in above-mentioned second aspect or any embodiment
The step of method.
To enable the above objects, features, and advantages of the disclosure to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present disclosure
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of flow chart of data transmission method provided by the embodiment of the present disclosure;
Fig. 2 shows the schematic diagrames of the protocol format of the first data message provided by the embodiment of the present disclosure;
Fig. 3 shows the flow chart of another kind data transmission method provided by the embodiment of the present disclosure;
Fig. 4 shows a kind of structural schematic diagram of data transmission device provided by the embodiment of the present disclosure;
Fig. 5 shows the structural schematic diagram of another kind data transmission device provided by the embodiment of the present disclosure;
Fig. 6 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present disclosure.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present disclosure clearer, below in conjunction with the embodiment of the present disclosure
The technical solution in the embodiment of the present disclosure is clearly and completely described in middle attached drawing, it is clear that described embodiment is only
It is disclosure a part of the embodiment, instead of all the embodiments.The disclosure being usually described and illustrated herein in the accompanying drawings is real
The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the disclosure provided in the accompanying drawings
The detailed description of embodiment is not intended to limit claimed the scope of the present disclosure, but is merely representative of the selected reality of the disclosure
Apply example.Based on embodiment of the disclosure, those skilled in the art institute obtained without making creative work
There are other embodiments, belongs to the range of disclosure protection.
The data transmission method that the disclosure provides can be applied under end-to-end data transmitting scene, illustratively, can be with
It is under the scene that the data between headend equipment (such as user terminal) and rear end equipment (such as server) are transmitted.Wherein, user is whole
End includes but is not limited to mobile phone, tablet computer, mobile unit, wearable device, personal digital assistant (Personal Digital
Assistant, PDA), point-of-sale terminal (Point of Sales, POS) etc..User terminal installation application program, insertion it is small
It can receive all types of user data of user's input in program and webpage and be uploaded to server, alternatively, receiving from server
All kinds of this kind of user data of request, biography of these user data as data to be transmitted, between user terminal and server
It needs to be encrypted in defeated process.
In view of being usually that user sensitive information needs are encrypted in user data, for some non-sensitive letters
Breath, can also direct plaintext transmission, therefore in the disclosure, by the be-encrypted data in identification data to be transmitted, can only treat
Encryption data is encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, by
This can reduce encryption amount, and since the data volume after encryption is often greater than original data volume, by only right
Part be-encrypted data is encrypted, and the data volume of data transmission procedure also can be effectively reduced, and promotes data transporting
Energy.Also, the first key used when by encryption encrypts, and it is close to be also possible to prevent in data transmission procedure first
Key is stolen, so as to effectively provide the safety of data transmission.
To be passed to a kind of data that the embodiment of the present disclosure provides first convenient for the understanding to technical solution provided by the present disclosure
Transmission method describes in detail.
Shown in referring to Fig.1, for a kind of flow diagram for data transmission method that the embodiment of the present disclosure provides.The wherein number
Can also be executed by sending device according to transmission method, sending device either headend equipment is also possible to rear end equipment, such as
Sending device is either user terminal can also be with server.Specifically, the data transmission method the following steps are included:
Step 101, identify that the be-encrypted data in data to be transmitted, be-encrypted data are the part number in data to be transmitted
According to.
Sending device can identify the number to be encrypted in data to be transmitted in the case where detecting available for transmission data
According to.Illustratively, toward sending device be headend equipment in the case where, can toward receive user input transmission data command or
In the case where person's request data instruction that end equipment is sent upon receipt, available for transmission data are confirmly detected.Alternatively, sending out
In the case where sending equipment to be rear end equipment, it can be determined in the case where receiving the request data instruction of headend equipment transmission
Detect available for transmission data.
In the embodiment of the present disclosure, it is contemplated that be not necessarily entirely the sensitive letter encrypted in data to be transmitted
Breath, can identify the be-encrypted data in data to be transmitted.In a kind of possible embodiment, can to data to be transmitted into
Row is split, and specifically includes following steps,
Step 1011, identify that at least one data attribute for including in data to be transmitted and every kind of data attribute are corresponding
Attribute value.
Wherein, the form of data attribute and corresponding attribute value can be key (key)-value (value) pairs of form.
Key indicates that data attribute, value indicate attribute value.Each data attribute can be corresponding with unique attribute value.
In one example, it is assumed that data to be transmitted is user data, including Zhang San, 18 years old, login account XXX, is logged in close
Code be this field of xxx, identify the data attribute of the field and corresponding attribute value include name-Zhang San, the age -18,
Login account-XXX and login password-xxx.
Step 1012, the data attribute for meeting encryption condition is filtered out from least one data attribute.
In a kind of possible embodiment, can make an appointment the data attribute set encrypted, and then sentence
Whether there is data attribute in above-mentioned data attribute set in disconnected at least one data attribute, will be present in above-mentioned data attribute collection
Data attribute in conjunction, as the data attribute for meeting encryption condition.
Step 1013, using the corresponding attribute value of the data attribute for meeting encryption condition as be-encrypted data.
Continue to use the example above, it is assumed that include name, year in the data attribute set encrypt made an appointment
Age, login password, then name in above-mentioned field, age, login password can will be recognized as the number for meeting encryption condition
Be-encrypted data is used as according to attribute, and then by attribute value " Zhang San ", " 18 ", " xxx ".
It in the above-described embodiment, can be based on the data category obtained after fractionation by splitting data to be transmitted
Property screens the corresponding attribute value of data attribute encrypted, it is possible thereby to realize effective knowledge to be-encrypted data
Not.
Step 102 is encrypted be-encrypted data using first key, obtains ciphertext.
In a kind of possible embodiment, first key can be generated according to following manner: generate random code and current
Timestamp;According to random code and current time stamp, first key is generated.And then it can use first key to meeting encryption condition
The corresponding attribute value of data attribute encrypted, obtain ciphertext.Generate first key by random code and timestamp, first
Key has randomness, can reinforce the difficulty of breaking cryptographic keys, promotes the security performance of data transmission.
Above-mentioned random code can be generated with random algorithm, such as generate 8 random numbers.Above-mentioned current time stamp is
Current point in time, such as be also 8 timestamps.Above-mentioned random code and above-mentioned current time stamp are combined, it is available
Add salt figure, i.e. encryption salt value.Such as generation 8 random numbers and 8 timestamps be combined into 16 bit encryption salt values.It can be with
By obtained encryption salt value directly as first key, alternatively, encryption salt value can also be turned by buffering (buffer)
It changes, obtains first key.Wherein, the first key obtained is, for example, symmetric cryptographic key, for example, Advanced Encryption Standard
(Advanced Encryption Standard, AES) key.Illustratively, be-encrypted data is being carried out using AES key
In the case where encryption, be-encrypted data can be grouped, obtain data a group by a group, the equal length of every group of data,
For every group of data, encrypted respectively using key corresponding with this group of data in AES key, it is to be added until encrypting complete
Ciphertext data.
In an embodiment of the present disclosure, after generating first key, first key can also be carried out at encryption
Reason.For example, first key is encrypted using pre-stored public key.Public key is used by the first key that will be transmitted
Encryption, also can be effectively prevented first key in data transmission procedure and is stolen, so as to promote data transmission security.
Step 103 transmits the first data message to receiving device, includes ciphertext and through public key encryption in the first data message
First key afterwards.
Wherein, first key after public key encryption is carried, in the first data message so that receiving device can be to the
One key is parsed, further to parse ciphertext using the first key parsed, the data transmitted.
It can also include data attribute corresponding with be-encrypted data in the embodiment of the present disclosure, in the first data message.It is logical
It crosses and also carries data attribute corresponding with be-encrypted data in the first data message, receiving device can be made to receive
After first data message, the data attribute of ciphertext can be gone out with Direct Recognition, without identifying again after decrypting again to ciphertext.
It can also include at least one of following information: encryption in the first data message in the embodiment of the present disclosure
The version information and data filling algorithm identification information of the encryption algorithm identification information, Encryption Algorithm that use.By first
These information are carried in data message, and mode used by parsing ciphertext can be determined in order to receiving device, promotes parsing ciphertext
Efficiency.
Wherein, due to Encryption Algorithm difference, the key length of first key is also different, therefore utilizes encryption algorithm identification information
The Encryption Algorithm that encryption uses is identified, to know the key length of first key.Since Encryption Algorithm can constantly reach
In generation, updates, therefore can be believed by the version for the first key that the version information of Encryption Algorithm is used to indicate that this encryption uses
Breath.
In the case where encrypting be-encrypted data using AES key, need to be grouped be-encrypted data, and
It is encrypted respectively for each group of data, due to requiring the length of each group of data identical, therefore not for last group of data
In the case where meeting length requirement, it can identify that the data that can be used are filled by identification data filling algorithm identification information
Algorithm may further carry out cover to last group of data using data filling algorithm, it is made to meet length requirement.Example
Property, it is assumed that be-encrypted data is divided into N group data according to the length of 16 bytes, is grouped into N-1 group data from the 1st, is
16 bytes, N group data are 8 bytes, in this case, need to carry out data filling to N group data, for example, data are filled
Algorithm can carry out zero padding operation to missing position, and N group data can be supplemented to the data for 16 byte lengths in this way.In view of
The particularity of this Encryption Algorithm, by the way that data filling algorithm identification information can be carried in the first data message, to make
Receiving device knows the data filling algorithm in packet data based on data filling algorithm identification information.
It illustratively, is the format for the first data message of one kind that the embodiment of the present disclosure provides, successively referring to shown in Fig. 2
Including version information, encryption algorithm identification information, encrypted treated first key, data filling algorithm identification information, symbol
Close the data attribute and ciphertext of encryption condition.
Further include in the embodiment of the present disclosure, in the first data message in data to be transmitted in addition to the be-encrypted data identified
Clear data;Alternatively, further including to receiving device transmission second after the be-encrypted data in identification data to be transmitted
Data message includes the clear data in addition to the be-encrypted data identified in the second data message.Wherein, the second datagram
It may include that other data that do not transmitted, i.e. clear data, this kind of clear data can be straight in data to be transmitted in text
Connected plaintext transmission.For example, may include the corresponding attribute value of data attribute for not meeting encryption condition in data to be transmitted,
The data attribute etc. of encryption condition is not met.Wherein, the disclosure does not limit the agreement that the second data message uses.By having
The transmission that clear data is selectively passed through to plaintext message, can effectively reduce encryption amount, can promote data transmission
Performance.
Referring to shown in Fig. 3, for a kind of flow diagram for data transmission method that the embodiment of the present disclosure provides.The wherein number
It can be executed by receiving device according to transmission method, receiving device is either headend equipment is also possible to rear end equipment, such as connects
Receiving unit is either user terminal can also be with server.Specifically, the data transmission method the following steps are included:
Step 301, the first data message that sending device is sent is received, wherein include through public key in the first data message
Encrypted first key and through the encrypted ciphertext of first key.
Step 302, using the private key with public key match, the first key after public key encryption is decrypted, obtains
One key.
Step 303, ciphertext is decrypted using first key, the part in data to be transmitted after being decrypted
Data.
In the embodiment of the present disclosure, after receiving the first data message, the first data message can be parsed.Its
In, it can first be resolved to the version information of Encryption Algorithm in the first data message, encryption algorithm identification information.By parsing
Encryption Algorithm version information and identification information, can determine the decipherment algorithm used when decrypting ciphertext.Further,
The private key made an appointment be can use to decrypt first key.Finally, can use first key using decipherment algorithm to ciphertext
It is decrypted, the data after being decrypted.
In addition, passing through the unencryption in the first data-message transmission data to be transmitted in addition to the be-encrypted data identified
In the case where data, receiving device can also parse the clear data of the data to be transmitted in the first data message, alternatively, In
In the case where by the clear data in the second data-message transmission data to be transmitted in addition to the be-encrypted data identified, connect
Receiving unit can also parse the clear data in the second data message;Then in the data to be transmitted after being decrypted
After partial data, the partial data after decryption is synthesized with clear data, obtains data to be transmitted.
In practical application, it is contemplated that receiving device is likely to be received a plurality of data message, in order to guarantee the part after decryption
Data are with the clear data parsed from same data to be transmitted, in a kind of possible embodiment, the first data
Can also carry Data Identification in message, sending device by the second data-message transmission data to be transmitted except identifying
Clear data outside be-encrypted data, and Data Identification is also carried in the second data message, receiving device is receiving
Two data messages, and being parsed after obtaining the clear data in the second data message to the second data message, can be with
After the Data Identification carried in determining the second data message and the Data Identification carried in the first data message are consistent, by second
Clear data in data message is synthesized with the partial data in the data to be transmitted after decryption, obtains data to be transmitted.
It, can be only right by the be-encrypted data in identification data to be transmitted in the various embodiments described above that the disclosure provides
Be-encrypted data is encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process,
It is possible thereby to encryption amount be reduced, and since the data volume after encryption is often greater than original data volume, by only
Part be-encrypted data is encrypted, the data volume of data transmission procedure also can be effectively reduced, promotes data transmission
Performance.In addition, using public key encryption by the first key that will be transmitted, private key decryption also can be effectively prevented data and be transmitted across
First key is stolen in journey, so as to promote data transmission security.
Based on same technical concept, data transmission dress corresponding with data transmission method is additionally provided in the embodiment of the present disclosure
It sets, since the principle that the device in the embodiment of the present disclosure solves the problems, such as is similar to the above-mentioned data transmission method of the embodiment of the present disclosure,
Therefore the implementation of device may refer to the implementation of method, and overlaps will not be repeated.
Referring to shown in Fig. 4, for a kind of structural schematic diagram for data transmission device that the embodiment of the present disclosure provides, described device
It include: identification module 401, encrypting module 402, sending module 403;Wherein,
Identification module 401, for identification be-encrypted data in data to be transmitted;The be-encrypted data is described to be passed
Partial data in transmission of data;
Encrypting module 402 obtains ciphertext for the be-encrypted data to be encrypted using first key;
Sending module 403 includes described in first data message for transmitting the first data message to receiving device
Ciphertext and the first key after public key encryption.
A kind of possible embodiment further includes in the data to be transmitted in first data message except identifying
Clear data outside be-encrypted data;Alternatively, the sending module 403 is also used to: the second number of Xiang Suoshu receiving device transmission
It include the clear data in addition to the be-encrypted data identified in second data message according to message.
In a kind of possible embodiment, the identification module 401, the be-encrypted data in identification data to be transmitted
When, it is specifically used for:
Identify at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes;
The data attribute for meeting encryption condition is filtered out from least one data attribute;
Using the corresponding attribute value of the data attribute for meeting encryption condition as the be-encrypted data.
In a kind of possible embodiment, further include in first data message it is corresponding with the be-encrypted data not
The data attribute of encryption.
It further include at least one of following information in first data message: institute in a kind of possible embodiment
State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses
Information.
In a kind of possible embodiment, described device further include: generation module 404;The generation module 404, is used for:
Generate random code and current time stamp;
According to the random code and the current time stamp, the first key is generated.
Description about the interaction flow between the process flow and each module of each module in above-mentioned apparatus can be joined
According to the related description in above method embodiment, I will not elaborate.
Referring to Figure 5, a kind of structural schematic diagram of the data transmission device provided for the embodiment of the present disclosure, described device
It include: receiving module 501, the first deciphering module 502, the second deciphering module 503;Wherein,
Receiving module 501 includes for receiving the first data message of sending device transmission, in first data message
First key after public key encryption and through the encrypted ciphertext of the first key;The ciphertext is sending device utilization
What the first key obtained after encrypting to the partial data in data to be transmitted;
First deciphering module 502, for utilizing the private key with the public key match, to first after public key encryption
Key is decrypted, and obtains the first key;
Second deciphering module 503, for the ciphertext to be decrypted using the first key, after obtaining decryption
The data to be transmitted in partial data.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment
Data;
The receiving module 501 is also used to after receiving the first data message that the sending device is sent:
Identify the clear data in first data message;
Second deciphering module 503 is also used after the partial data in the data to be transmitted after being decrypted
In:
The partial data after the decryption is synthesized with the clear data, obtains the data to be transmitted.
In a kind of possible embodiment, Data Identification, the receiving module are also carried in first data message
501, it is also used to:
Receive the second data message that sending device is sent;
The data carried in the Data Identification and first data message carried in determining second data message
After mark is consistent, by the part number in the clear data in second data message and the data to be transmitted after decryption
According to synthesis, the data to be transmitted is obtained.
Description about the interaction flow between the process flow and each module of each module in above-mentioned apparatus can be joined
According to the related description in above method embodiment, I will not elaborate.
As shown in fig. 6, for 60 structural schematic diagram of electronic equipment that the embodiment of the present disclosure provides, including processor 61, storage
Device 62 and bus 63;Memory 62 is executed instruction for storing, including memory 621 and external memory 622;Here memory
621 are also referred to as built-in storage, hand over for temporarily storing the operational data in processor 61, and with external memories 622 such as hard disks
The data changed, processor 61 carry out data exchange by memory 621 and external memory 622, when the user equipment 60 is run
When, it is communicated between the processor 61 and the memory 62 by bus 63, so that processor 61 executes following processing mode:
In a kind of possible processing mode, the be-encrypted data in data to be transmitted can be identified;The be-encrypted data
For the partial data in the data to be transmitted;The be-encrypted data is encrypted using first key, is obtained close
Text;The first data message is transmitted to receiving device, includes the ciphertext and after public key encryption in first data message
The first key.
In alternatively possible processing mode, the first data message that sending device is sent, first datagram are received
It include first key after public key encryption and through the encrypted ciphertext of the first key in text;The ciphertext is the transmission
What first key described in equipment utilization obtained after encrypting to the partial data in data to be transmitted;Using with the public key match
Private key is decrypted the first key after public key encryption, obtains the first key;Utilize the first key pair
The ciphertext is decrypted, the partial data in the data to be transmitted after being decrypted.
In addition, the embodiment of the present disclosure also provides a kind of computer readable storage medium, on the computer readable storage medium
It is stored with computer program, the transmission of data described in above method embodiment is executed when which is run by processor
The step of method.
The computer program product of data transmission method provided by the embodiment of the present disclosure, including storing program code
Computer readable storage medium, the instruction that said program code includes can be used for executing data described in above method embodiment
The step of transmission method, for details, reference can be made to above method embodiments, and details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.In the disclosure
In provided several embodiments, it should be understood that disclosed systems, devices and methods, it can be real by another way
It is existing.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only a kind of logic function
It can divide, there may be another division manner in actual implementation, in another example, multiple units or components can combine or can collect
At another system is arrived, or some features can be ignored or not executed.Another point, shown or discussed mutual coupling
Conjunction or direct-coupling or communication connection can be the indirect coupling or communication connection by some communication interfaces, device or unit,
It can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the disclosure can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the disclosure
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies rice, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the disclosure
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only
Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit
Store up the medium of program code.
The above is only the protection scopes of the specific embodiment of the disclosure, but the disclosure to be not limited thereto, any to be familiar with
Those skilled in the art can easily think of the change or the replacement in the technical scope that the disclosure discloses, and should all cover
Within the protection scope of the disclosure.Therefore, the protection scope of the disclosure should be subject to the protection scope in claims.
Claims (13)
1. a kind of data transmission method is applied in sending device characterized by comprising
Identify the be-encrypted data in data to be transmitted;The be-encrypted data is the partial data in the data to be transmitted;
The be-encrypted data is encrypted using first key, obtains ciphertext;
The first data message is transmitted to receiving device, includes the ciphertext and after public key encryption in first data message
The first key.
2. the method according to claim 1, wherein further including the number to be transmitted in first data message
Clear data in addition to the be-encrypted data identified;
Alternatively, after the be-encrypted data in the identification data to be transmitted, further includes: Xiang Suoshu receiving device transmission second
Data message includes the clear data in addition to the be-encrypted data identified in second data message.
3. the method according to claim 1, wherein the be-encrypted data in the identification data to be transmitted, packet
It includes:
Identify at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes;
The data attribute for meeting encryption condition is filtered out from least one data attribute:
Using the corresponding attribute value of the data attribute for meeting encryption condition as the be-encrypted data.
4. according to the method described in claim 3, it is characterized in that, further include in first data message with it is described to be encrypted
The data attribute of the corresponding unencryption of data.
5. method according to any one of claims 1 to 4, which is characterized in that further include following in first data message
At least one of information: the version information of encryption algorithm identification information, the Encryption Algorithm that the encryption uses, with
And data filling algorithm identification information.
6. the method according to claim 1, wherein generating the first key according to following manner:
Generate random code and current time stamp;
According to the random code and the current time stamp, the first key is generated.
7. a kind of data transmission method is applied in receiving device characterized by comprising
The first data message that sending device is sent is received, includes first close after public key encryption in first data message
Key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device utilizes the first key to be transmitted
It is obtained after partial data encryption in data;
Using the private key with the public key match, the first key after public key encryption is decrypted, obtains described
One key;
The ciphertext is decrypted using the first key, the part in the data to be transmitted after being decrypted
Data.
8. the method according to the description of claim 7 is characterized in that further including the number to be transmitted in first data message
Clear data in;
After receiving the first data message that the sending device is sent, further includes:
Identify the clear data in first data message;
It is described decrypted after the data to be transmitted in partial data after, further includes:
The partial data after the decryption is synthesized with the clear data, obtains the data to be transmitted.
9. the method according to the description of claim 7 is characterized in that also carry Data Identification in first data message,
The method also includes:
Receive the second data message that sending device is sent;
The Data Identification carried in the Data Identification and first data message carried in determining second data message
After consistent, the partial data in the clear data in second data message and the data to be transmitted after decryption is closed
At obtaining the data to be transmitted.
10. a kind of data transmission device characterized by comprising
Identification module, for identification be-encrypted data in data to be transmitted;The be-encrypted data is the data to be transmitted
In partial data;
Encrypting module obtains ciphertext for the be-encrypted data to be encrypted using first key;
Sending module, include for transmitting the first data message to receiving device, in first data message ciphertext and
The first key after public key encryption.
11. a kind of data transmission device characterized by comprising
Receiving module includes through public key in first data message for receiving the first data message of sending device transmission
Encrypted first key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device utilizes described the
It is obtained after partial data encryption in one key pair data to be transmitted;
First deciphering module, for using and the public key match private key, to the first key after public key encryption into
Row decryption, obtains the first key;
Second deciphering module, it is described after being decrypted for the ciphertext to be decrypted using the first key
Partial data in data to be transmitted.
12. a kind of electronic equipment characterized by comprising processor, memory and bus, the memory are stored with described
The executable machine readable instructions of processor, when electronic equipment operation, by total between the processor and the memory
Line communication executes the data transmission as described in claim 1 to 6 is any when the machine readable instructions are executed by the processor
The step of method, alternatively, the step of executing the data transmission method as described in claim 7 to 9 is any.
13. a kind of computer readable storage medium, which is characterized in that be stored with computer journey on the computer readable storage medium
Sequence, the step of data transmission method as described in claim 1 to 6 is any is executed when which is run by processor,
Alternatively, the step of executing the data transmission method as described in claim 7 to 9 is any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910821041.XA CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910821041.XA CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110505066A true CN110505066A (en) | 2019-11-26 |
Family
ID=68590964
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910821041.XA Pending CN110505066A (en) | 2019-08-30 | 2019-08-30 | A kind of data transmission method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110505066A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Electric power data encryption transmission method, system and readable medium for multiplex and production detection |
CN111935122A (en) * | 2020-07-31 | 2020-11-13 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
CN112995096A (en) * | 2019-12-13 | 2021-06-18 | 中移动信息技术有限公司 | Data encryption and decryption method, device and equipment |
CN113114648A (en) * | 2021-04-01 | 2021-07-13 | 山东高云半导体科技有限公司 | Method and device for realizing encrypted communication |
CN113114457A (en) * | 2021-04-06 | 2021-07-13 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5974141A (en) * | 1995-03-31 | 1999-10-26 | Mitsubishi Corporation | Data management system |
US6789195B1 (en) * | 1999-06-07 | 2004-09-07 | Siemens Aktiengesellschaft | Secure data processing method |
US20080046757A1 (en) * | 2006-07-12 | 2008-02-21 | Palo Alto Research Center Incorporated | Method, Apparatus, and Program Product for Flexible Redaction of Content |
CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
CN109246130A (en) * | 2018-10-17 | 2019-01-18 | 深圳壹账通智能科技有限公司 | Data ciphering method, device, computer equipment and storage medium |
-
2019
- 2019-08-30 CN CN201910821041.XA patent/CN110505066A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5974141A (en) * | 1995-03-31 | 1999-10-26 | Mitsubishi Corporation | Data management system |
US6789195B1 (en) * | 1999-06-07 | 2004-09-07 | Siemens Aktiengesellschaft | Secure data processing method |
US20080046757A1 (en) * | 2006-07-12 | 2008-02-21 | Palo Alto Research Center Incorporated | Method, Apparatus, and Program Product for Flexible Redaction of Content |
CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
CN109246130A (en) * | 2018-10-17 | 2019-01-18 | 深圳壹账通智能科技有限公司 | Data ciphering method, device, computer equipment and storage medium |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995096A (en) * | 2019-12-13 | 2021-06-18 | 中移动信息技术有限公司 | Data encryption and decryption method, device and equipment |
CN112995096B (en) * | 2019-12-13 | 2023-04-25 | 中移动信息技术有限公司 | Data encryption and decryption methods, devices and equipment |
CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
CN111935122A (en) * | 2020-07-31 | 2020-11-13 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
CN111935122B (en) * | 2020-07-31 | 2022-09-20 | 重庆小雨点小额贷款有限公司 | Data security processing method and device |
CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Electric power data encryption transmission method, system and readable medium for multiplex and production detection |
CN113114648A (en) * | 2021-04-01 | 2021-07-13 | 山东高云半导体科技有限公司 | Method and device for realizing encrypted communication |
CN113114457A (en) * | 2021-04-06 | 2021-07-13 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110505066A (en) | A kind of data transmission method, device, equipment and storage medium | |
CN105553951B (en) | Data transmission method and device | |
US9430655B1 (en) | Split tokenization | |
CN110335043B (en) | Transaction privacy protection method, device and system based on blockchain system | |
US8989385B2 (en) | Data encryption method, data verification method and electronic apparatus | |
CN108347419A (en) | Data transmission method and device | |
CN107682141A (en) | Data ciphering method and system for data transfer | |
CN106357396A (en) | Digital signature method, digital signature system and quantum key card | |
AU2019271965A1 (en) | POS System with white box encryption key sharing | |
CN104992119B (en) | A kind of safe transmission method and system of sensitive information Anti-theft | |
CN109067528A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN113346997B (en) | Method and device for communication of Internet of things equipment, Internet of things equipment and server | |
CN107590396A (en) | Data processing method and device, storage medium, electronic equipment | |
US20100005307A1 (en) | Secure approach to send data from one system to another | |
CN112039892B (en) | Data sharing method and related device | |
CN108199847A (en) | Security processing method, computer equipment and storage medium | |
CN102598575B (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
CN110417544A (en) | A kind of generation method of root key, device and medium | |
CN102088352A (en) | Data encryption transmission method and system for message-oriented middleware | |
CN111192050A (en) | Digital asset private key storage and extraction method and device | |
CN112947967B (en) | Software updating method, blockchain application store and software uploading terminal | |
CN110198320B (en) | Encrypted information transmission method and system | |
CN110598427A (en) | Data processing method, system and storage medium | |
CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191126 |