CN110505066A - A kind of data transmission method, device, equipment and storage medium - Google Patents

A kind of data transmission method, device, equipment and storage medium Download PDF

Info

Publication number
CN110505066A
CN110505066A CN201910821041.XA CN201910821041A CN110505066A CN 110505066 A CN110505066 A CN 110505066A CN 201910821041 A CN201910821041 A CN 201910821041A CN 110505066 A CN110505066 A CN 110505066A
Authority
CN
China
Prior art keywords
data
key
encrypted
transmitted
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910821041.XA
Other languages
Chinese (zh)
Inventor
陈平
余吉
魏自立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ByteDance Network Technology Co Ltd
Original Assignee
Beijing ByteDance Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ByteDance Network Technology Co Ltd filed Critical Beijing ByteDance Network Technology Co Ltd
Priority to CN201910821041.XA priority Critical patent/CN110505066A/en
Publication of CN110505066A publication Critical patent/CN110505066A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Present disclose provides a kind of data transmission method, device, equipment and storage mediums, this method comprises: the be-encrypted data in identification data to be transmitted;The be-encrypted data is the partial data in the data to be transmitted;The be-encrypted data is encrypted using first key, obtains ciphertext;The first data message is transmitted to receiving device, includes the ciphertext and the first key after public key encryption in first data message.Pass through the be-encrypted data in identification data to be transmitted, only be-encrypted data can be encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, it is possible thereby to reduce encryption amount, and since the data volume after encryption is often greater than original data volume, by the way that only part be-encrypted data is encrypted, the data volume of data transmission procedure also can be effectively reduced, promote data transmission performance.

Description

A kind of data transmission method, device, equipment and storage medium
Technical field
This disclosure relates to which field of computer technology, in particular to a kind of data transmission method, device, equipment and is deposited Storage media.
Background technique
In the data transmission procedure of front and back end equipment, if by the way of plaintext transmission, it is easy to transmission process occur The problem of intercepting user data by attack, causes the leakage of user data.As it can be seen that in data transmission procedure to the encryption of data at It manages particularly important.But on the one hand inappropriate data encryption mode may will affect data transmission performance, for example, if encryption Treated, and data are more huge, can reduce transmission performance, alternatively, on the other hand, can also there is encryption key in transmission process The problem of being intercepted, and then leading to leaking data.
Summary of the invention
In view of this, be designed to provide a kind of data transmission method, device, equipment and the storage of the embodiment of the present disclosure are situated between Matter.
In a first aspect, the disclosure provides a kind of data transmission method, it is applied in sending device, comprising:
Identify the be-encrypted data in data to be transmitted;The be-encrypted data is the part number in the data to be transmitted According to;The be-encrypted data is encrypted using first key, obtains ciphertext;The first datagram is transmitted to receiving device Text includes the ciphertext and the first key after public key encryption in first data message.
By the be-encrypted data in identification data to be transmitted, only be-encrypted data can be encrypted to obtain close Text, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, it is possible thereby to encryption amount is reduced, and by Data volume after encryption is often greater than original data volume, by the way that only part be-encrypted data is encrypted, Also the data volume of data transmission procedure can be effectively reduced, promote data transmission performance.In addition, passing through the first key that will be transmitted Using public key encryption, first key in data transmission procedure also can be effectively prevented and be stolen, so as to promote data transmission Safety.
It further include in the data to be transmitted in a kind of possible embodiment, in first data message except identification The clear data outside be-encrypted data out;Alternatively, also being wrapped after the be-encrypted data in the identification data to be transmitted Include: Xiang Suoshu receiving device transmits the second data message, includes except the be-encrypted data identified in second data message Outer clear data.
It, can by the way that encryption amount can be effectively reduced selectively by clear data by the transmission of plaintext message To promote data transmission performance.
Be-encrypted data in a kind of possible embodiment, in the identification data to be transmitted, comprising: described in identification At least one data attribute and the corresponding attribute value of every kind of data attribute that data to be transmitted includes;From at least one number According to filtering out the data attribute for meeting encryption condition in attribute;By the corresponding attribute value of the data attribute for meeting encryption condition As the be-encrypted data.
In present embodiment, by the way that data to be transmitted is split, can based on the data attribute obtained after fractionation come The corresponding attribute value of data attribute encrypted is screened, it is possible thereby to realize effective identification to be-encrypted data.
It further include corresponding with the be-encrypted data in first data message in a kind of possible embodiment The data attribute of unencryption.
In present embodiment, by also carrying data attribute corresponding with be-encrypted data in the first data message, It can make receiving device after receiving the first data message, the data attribute of ciphertext can be gone out with Direct Recognition, without It is identified again after being decrypted again to ciphertext.
It further include at least one of following information in first data message: institute in a kind of possible embodiment State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses Information.
In present embodiment, by carrying these information in the first data message, it can be solved in order to which receiving device determines Mode used by ciphertext is analysed, the efficiency of parsing ciphertext is promoted.
In a kind of possible embodiment, the first key is generated according to following manner:
Generate random code and current time stamp;According to the random code and the current time stamp, it is close to generate described first Key.
In present embodiment, first key is generated by random code and timestamp, first key has randomness, can be with Reinforce the difficulty of breaking cryptographic keys, promotes the security performance of data transmission.
Second aspect, the disclosure provide a kind of data transmission method, are applied in receiving device, comprising:
The first data message that sending device is sent is received, includes the after public key encryption in first data message One key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device is treated using the first key It is obtained after partial data encryption in transmission data;Using the private key with the public key match, to described after public key encryption First key be decrypted, obtain the first key;The ciphertext is decrypted using the first key, is obtained The partial data in the data to be transmitted after to decryption.
First key is parsed by using private key, ciphertext is further parsed using the first key of parsing, by double Parsing operates the data after available decryption again, thus can promote the safety of data transmission.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment Data;After receiving the first data message that the sending device is sent, further includes: in identification first data message The clear data;It is described decrypted after the data to be transmitted in partial data after, further includes: by the solution The partial data after close is synthesized with the clear data, obtains the data to be transmitted.
In a kind of possible embodiment, Data Identification is also carried in first data message, the method is also wrapped It includes: receiving the second data message that sending device is sent;The Data Identification carried in determining second data message and institute State the Data Identification carried in the first data message it is consistent after, by second data message clear data and decryption after The data to be transmitted in partial data synthesis, obtain the data to be transmitted.
The third aspect, the disclosure provide a kind of data transmission device, comprising:
Identification module, for identification be-encrypted data in data to be transmitted;The be-encrypted data is described to be transmitted Partial data in data;Encrypting module is obtained close for the be-encrypted data to be encrypted using first key Text;Sending module includes the ciphertext and warp in first data message for transmitting the first data message to receiving device The first key after public key encryption.
It further include in the data to be transmitted in first data message except identifying in a kind of possible embodiment Be-encrypted data outside clear data;
Alternatively, the sending module is also used to: Xiang Suoshu receiving device transmits the second data message, second datagram It include the clear data in addition to the be-encrypted data identified in text.
In a kind of possible embodiment, the identification module, when identifying the be-encrypted data in data to be transmitted, tool Body is used for: identifying at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes; The data attribute for meeting encryption condition is filtered out from least one data attribute;By the data for meeting encryption condition The corresponding attribute value of attribute is as the be-encrypted data.
In a kind of possible embodiment, further include in first data message it is corresponding with the be-encrypted data not The data attribute of encryption.
It further include at least one of following information in first data message: institute in a kind of possible embodiment State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses Information.
In a kind of possible embodiment, described device further include: generation module;The generation module, is used for: generate with Machine code and current time stamp;According to the random code and the current time stamp, the first key is generated.
Fourth aspect, the disclosure provide a kind of data transmission device, comprising:
Receiving module includes warp in first data message for receiving the first data message of sending device transmission First key after public key encryption and through the encrypted ciphertext of the first key;The ciphertext utilizes institute for the sending device First key is stated to obtaining after the partial data encryption in data to be transmitted;First deciphering module, for utilizing and the public affairs The matched private key of key is decrypted the first key after public key encryption, obtains the first key;Second decryption mould Block, for the ciphertext to be decrypted using the first key, in the data to be transmitted after being decrypted Partial data.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment Data;The receiving module is also used to after receiving the first data message that the sending device is sent: identification described the The clear data in one data message;Second deciphering module, in the data to be transmitted after being decrypted Partial data after, be also used to: the partial data after the decryption synthesized with the clear data, obtain described Data to be transmitted.
In a kind of possible embodiment, Data Identification is also carried in first data message, the receiving module, It is also used to: receiving the second data message that sending device is sent;The Data Identification carried in determining second data message After consistent with the Data Identification carried in first data message, by the clear data and solution in second data message Partial data synthesis in the data to be transmitted after close, obtains the data to be transmitted.
5th aspect, the disclosure provide a kind of electronic equipment, comprising: processor, memory and bus, the memory are deposited Contain the executable machine readable instructions of the processor, when electronic equipment operation, the processor and the memory it Between by bus communication, such as above-mentioned first aspect or any implementation is executed when the machine readable instructions are executed by the processor The step of data transmission method described in mode, alternatively, executing the data as described in above-mentioned second aspect or any embodiment The step of transmission method.
6th aspect, the disclosure provide a kind of computer readable storage medium, store on the computer readable storage medium Have computer program, when which is run by processor execute execute such as above-mentioned first party and or any embodiment institute The step of data transmission method stated, alternatively, executing the transmission side data as described in above-mentioned second aspect or any embodiment The step of method.
To enable the above objects, features, and advantages of the disclosure to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present disclosure Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the disclosure, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of flow chart of data transmission method provided by the embodiment of the present disclosure;
Fig. 2 shows the schematic diagrames of the protocol format of the first data message provided by the embodiment of the present disclosure;
Fig. 3 shows the flow chart of another kind data transmission method provided by the embodiment of the present disclosure;
Fig. 4 shows a kind of structural schematic diagram of data transmission device provided by the embodiment of the present disclosure;
Fig. 5 shows the structural schematic diagram of another kind data transmission device provided by the embodiment of the present disclosure;
Fig. 6 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present disclosure.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present disclosure clearer, below in conjunction with the embodiment of the present disclosure The technical solution in the embodiment of the present disclosure is clearly and completely described in middle attached drawing, it is clear that described embodiment is only It is disclosure a part of the embodiment, instead of all the embodiments.The disclosure being usually described and illustrated herein in the accompanying drawings is real The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the disclosure provided in the accompanying drawings The detailed description of embodiment is not intended to limit claimed the scope of the present disclosure, but is merely representative of the selected reality of the disclosure Apply example.Based on embodiment of the disclosure, those skilled in the art institute obtained without making creative work There are other embodiments, belongs to the range of disclosure protection.
The data transmission method that the disclosure provides can be applied under end-to-end data transmitting scene, illustratively, can be with It is under the scene that the data between headend equipment (such as user terminal) and rear end equipment (such as server) are transmitted.Wherein, user is whole End includes but is not limited to mobile phone, tablet computer, mobile unit, wearable device, personal digital assistant (Personal Digital Assistant, PDA), point-of-sale terminal (Point of Sales, POS) etc..User terminal installation application program, insertion it is small It can receive all types of user data of user's input in program and webpage and be uploaded to server, alternatively, receiving from server All kinds of this kind of user data of request, biography of these user data as data to be transmitted, between user terminal and server It needs to be encrypted in defeated process.
In view of being usually that user sensitive information needs are encrypted in user data, for some non-sensitive letters Breath, can also direct plaintext transmission, therefore in the disclosure, by the be-encrypted data in identification data to be transmitted, can only treat Encryption data is encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, by This can reduce encryption amount, and since the data volume after encryption is often greater than original data volume, by only right Part be-encrypted data is encrypted, and the data volume of data transmission procedure also can be effectively reduced, and promotes data transporting Energy.Also, the first key used when by encryption encrypts, and it is close to be also possible to prevent in data transmission procedure first Key is stolen, so as to effectively provide the safety of data transmission.
To be passed to a kind of data that the embodiment of the present disclosure provides first convenient for the understanding to technical solution provided by the present disclosure Transmission method describes in detail.
Shown in referring to Fig.1, for a kind of flow diagram for data transmission method that the embodiment of the present disclosure provides.The wherein number Can also be executed by sending device according to transmission method, sending device either headend equipment is also possible to rear end equipment, such as Sending device is either user terminal can also be with server.Specifically, the data transmission method the following steps are included:
Step 101, identify that the be-encrypted data in data to be transmitted, be-encrypted data are the part number in data to be transmitted According to.
Sending device can identify the number to be encrypted in data to be transmitted in the case where detecting available for transmission data According to.Illustratively, toward sending device be headend equipment in the case where, can toward receive user input transmission data command or In the case where person's request data instruction that end equipment is sent upon receipt, available for transmission data are confirmly detected.Alternatively, sending out In the case where sending equipment to be rear end equipment, it can be determined in the case where receiving the request data instruction of headend equipment transmission Detect available for transmission data.
In the embodiment of the present disclosure, it is contemplated that be not necessarily entirely the sensitive letter encrypted in data to be transmitted Breath, can identify the be-encrypted data in data to be transmitted.In a kind of possible embodiment, can to data to be transmitted into Row is split, and specifically includes following steps,
Step 1011, identify that at least one data attribute for including in data to be transmitted and every kind of data attribute are corresponding Attribute value.
Wherein, the form of data attribute and corresponding attribute value can be key (key)-value (value) pairs of form. Key indicates that data attribute, value indicate attribute value.Each data attribute can be corresponding with unique attribute value.
In one example, it is assumed that data to be transmitted is user data, including Zhang San, 18 years old, login account XXX, is logged in close Code be this field of xxx, identify the data attribute of the field and corresponding attribute value include name-Zhang San, the age -18, Login account-XXX and login password-xxx.
Step 1012, the data attribute for meeting encryption condition is filtered out from least one data attribute.
In a kind of possible embodiment, can make an appointment the data attribute set encrypted, and then sentence Whether there is data attribute in above-mentioned data attribute set in disconnected at least one data attribute, will be present in above-mentioned data attribute collection Data attribute in conjunction, as the data attribute for meeting encryption condition.
Step 1013, using the corresponding attribute value of the data attribute for meeting encryption condition as be-encrypted data.
Continue to use the example above, it is assumed that include name, year in the data attribute set encrypt made an appointment Age, login password, then name in above-mentioned field, age, login password can will be recognized as the number for meeting encryption condition Be-encrypted data is used as according to attribute, and then by attribute value " Zhang San ", " 18 ", " xxx ".
It in the above-described embodiment, can be based on the data category obtained after fractionation by splitting data to be transmitted Property screens the corresponding attribute value of data attribute encrypted, it is possible thereby to realize effective knowledge to be-encrypted data Not.
Step 102 is encrypted be-encrypted data using first key, obtains ciphertext.
In a kind of possible embodiment, first key can be generated according to following manner: generate random code and current Timestamp;According to random code and current time stamp, first key is generated.And then it can use first key to meeting encryption condition The corresponding attribute value of data attribute encrypted, obtain ciphertext.Generate first key by random code and timestamp, first Key has randomness, can reinforce the difficulty of breaking cryptographic keys, promotes the security performance of data transmission.
Above-mentioned random code can be generated with random algorithm, such as generate 8 random numbers.Above-mentioned current time stamp is Current point in time, such as be also 8 timestamps.Above-mentioned random code and above-mentioned current time stamp are combined, it is available Add salt figure, i.e. encryption salt value.Such as generation 8 random numbers and 8 timestamps be combined into 16 bit encryption salt values.It can be with By obtained encryption salt value directly as first key, alternatively, encryption salt value can also be turned by buffering (buffer) It changes, obtains first key.Wherein, the first key obtained is, for example, symmetric cryptographic key, for example, Advanced Encryption Standard (Advanced Encryption Standard, AES) key.Illustratively, be-encrypted data is being carried out using AES key In the case where encryption, be-encrypted data can be grouped, obtain data a group by a group, the equal length of every group of data, For every group of data, encrypted respectively using key corresponding with this group of data in AES key, it is to be added until encrypting complete Ciphertext data.
In an embodiment of the present disclosure, after generating first key, first key can also be carried out at encryption Reason.For example, first key is encrypted using pre-stored public key.Public key is used by the first key that will be transmitted Encryption, also can be effectively prevented first key in data transmission procedure and is stolen, so as to promote data transmission security.
Step 103 transmits the first data message to receiving device, includes ciphertext and through public key encryption in the first data message First key afterwards.
Wherein, first key after public key encryption is carried, in the first data message so that receiving device can be to the One key is parsed, further to parse ciphertext using the first key parsed, the data transmitted.
It can also include data attribute corresponding with be-encrypted data in the embodiment of the present disclosure, in the first data message.It is logical It crosses and also carries data attribute corresponding with be-encrypted data in the first data message, receiving device can be made to receive After first data message, the data attribute of ciphertext can be gone out with Direct Recognition, without identifying again after decrypting again to ciphertext.
It can also include at least one of following information: encryption in the first data message in the embodiment of the present disclosure The version information and data filling algorithm identification information of the encryption algorithm identification information, Encryption Algorithm that use.By first These information are carried in data message, and mode used by parsing ciphertext can be determined in order to receiving device, promotes parsing ciphertext Efficiency.
Wherein, due to Encryption Algorithm difference, the key length of first key is also different, therefore utilizes encryption algorithm identification information The Encryption Algorithm that encryption uses is identified, to know the key length of first key.Since Encryption Algorithm can constantly reach In generation, updates, therefore can be believed by the version for the first key that the version information of Encryption Algorithm is used to indicate that this encryption uses Breath.
In the case where encrypting be-encrypted data using AES key, need to be grouped be-encrypted data, and It is encrypted respectively for each group of data, due to requiring the length of each group of data identical, therefore not for last group of data In the case where meeting length requirement, it can identify that the data that can be used are filled by identification data filling algorithm identification information Algorithm may further carry out cover to last group of data using data filling algorithm, it is made to meet length requirement.Example Property, it is assumed that be-encrypted data is divided into N group data according to the length of 16 bytes, is grouped into N-1 group data from the 1st, is 16 bytes, N group data are 8 bytes, in this case, need to carry out data filling to N group data, for example, data are filled Algorithm can carry out zero padding operation to missing position, and N group data can be supplemented to the data for 16 byte lengths in this way.In view of The particularity of this Encryption Algorithm, by the way that data filling algorithm identification information can be carried in the first data message, to make Receiving device knows the data filling algorithm in packet data based on data filling algorithm identification information.
It illustratively, is the format for the first data message of one kind that the embodiment of the present disclosure provides, successively referring to shown in Fig. 2 Including version information, encryption algorithm identification information, encrypted treated first key, data filling algorithm identification information, symbol Close the data attribute and ciphertext of encryption condition.
Further include in the embodiment of the present disclosure, in the first data message in data to be transmitted in addition to the be-encrypted data identified Clear data;Alternatively, further including to receiving device transmission second after the be-encrypted data in identification data to be transmitted Data message includes the clear data in addition to the be-encrypted data identified in the second data message.Wherein, the second datagram It may include that other data that do not transmitted, i.e. clear data, this kind of clear data can be straight in data to be transmitted in text Connected plaintext transmission.For example, may include the corresponding attribute value of data attribute for not meeting encryption condition in data to be transmitted, The data attribute etc. of encryption condition is not met.Wherein, the disclosure does not limit the agreement that the second data message uses.By having The transmission that clear data is selectively passed through to plaintext message, can effectively reduce encryption amount, can promote data transmission Performance.
Referring to shown in Fig. 3, for a kind of flow diagram for data transmission method that the embodiment of the present disclosure provides.The wherein number It can be executed by receiving device according to transmission method, receiving device is either headend equipment is also possible to rear end equipment, such as connects Receiving unit is either user terminal can also be with server.Specifically, the data transmission method the following steps are included:
Step 301, the first data message that sending device is sent is received, wherein include through public key in the first data message Encrypted first key and through the encrypted ciphertext of first key.
Step 302, using the private key with public key match, the first key after public key encryption is decrypted, obtains One key.
Step 303, ciphertext is decrypted using first key, the part in data to be transmitted after being decrypted Data.
In the embodiment of the present disclosure, after receiving the first data message, the first data message can be parsed.Its In, it can first be resolved to the version information of Encryption Algorithm in the first data message, encryption algorithm identification information.By parsing Encryption Algorithm version information and identification information, can determine the decipherment algorithm used when decrypting ciphertext.Further, The private key made an appointment be can use to decrypt first key.Finally, can use first key using decipherment algorithm to ciphertext It is decrypted, the data after being decrypted.
In addition, passing through the unencryption in the first data-message transmission data to be transmitted in addition to the be-encrypted data identified In the case where data, receiving device can also parse the clear data of the data to be transmitted in the first data message, alternatively, In In the case where by the clear data in the second data-message transmission data to be transmitted in addition to the be-encrypted data identified, connect Receiving unit can also parse the clear data in the second data message;Then in the data to be transmitted after being decrypted After partial data, the partial data after decryption is synthesized with clear data, obtains data to be transmitted.
In practical application, it is contemplated that receiving device is likely to be received a plurality of data message, in order to guarantee the part after decryption Data are with the clear data parsed from same data to be transmitted, in a kind of possible embodiment, the first data Can also carry Data Identification in message, sending device by the second data-message transmission data to be transmitted except identifying Clear data outside be-encrypted data, and Data Identification is also carried in the second data message, receiving device is receiving Two data messages, and being parsed after obtaining the clear data in the second data message to the second data message, can be with After the Data Identification carried in determining the second data message and the Data Identification carried in the first data message are consistent, by second Clear data in data message is synthesized with the partial data in the data to be transmitted after decryption, obtains data to be transmitted.
It, can be only right by the be-encrypted data in identification data to be transmitted in the various embodiments described above that the disclosure provides Be-encrypted data is encrypted to obtain ciphertext, and the non-be-encrypted data in data to be transmitted can not be done the encryption process, It is possible thereby to encryption amount be reduced, and since the data volume after encryption is often greater than original data volume, by only Part be-encrypted data is encrypted, the data volume of data transmission procedure also can be effectively reduced, promotes data transmission Performance.In addition, using public key encryption by the first key that will be transmitted, private key decryption also can be effectively prevented data and be transmitted across First key is stolen in journey, so as to promote data transmission security.
Based on same technical concept, data transmission dress corresponding with data transmission method is additionally provided in the embodiment of the present disclosure It sets, since the principle that the device in the embodiment of the present disclosure solves the problems, such as is similar to the above-mentioned data transmission method of the embodiment of the present disclosure, Therefore the implementation of device may refer to the implementation of method, and overlaps will not be repeated.
Referring to shown in Fig. 4, for a kind of structural schematic diagram for data transmission device that the embodiment of the present disclosure provides, described device It include: identification module 401, encrypting module 402, sending module 403;Wherein,
Identification module 401, for identification be-encrypted data in data to be transmitted;The be-encrypted data is described to be passed Partial data in transmission of data;
Encrypting module 402 obtains ciphertext for the be-encrypted data to be encrypted using first key;
Sending module 403 includes described in first data message for transmitting the first data message to receiving device Ciphertext and the first key after public key encryption.
A kind of possible embodiment further includes in the data to be transmitted in first data message except identifying Clear data outside be-encrypted data;Alternatively, the sending module 403 is also used to: the second number of Xiang Suoshu receiving device transmission It include the clear data in addition to the be-encrypted data identified in second data message according to message.
In a kind of possible embodiment, the identification module 401, the be-encrypted data in identification data to be transmitted When, it is specifically used for:
Identify at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes;
The data attribute for meeting encryption condition is filtered out from least one data attribute;
Using the corresponding attribute value of the data attribute for meeting encryption condition as the be-encrypted data.
In a kind of possible embodiment, further include in first data message it is corresponding with the be-encrypted data not The data attribute of encryption.
It further include at least one of following information in first data message: institute in a kind of possible embodiment State the version information and data filling algorithm mark of encryption algorithm identification information, the Encryption Algorithm that encryption uses Information.
In a kind of possible embodiment, described device further include: generation module 404;The generation module 404, is used for:
Generate random code and current time stamp;
According to the random code and the current time stamp, the first key is generated.
Description about the interaction flow between the process flow and each module of each module in above-mentioned apparatus can be joined According to the related description in above method embodiment, I will not elaborate.
Referring to Figure 5, a kind of structural schematic diagram of the data transmission device provided for the embodiment of the present disclosure, described device It include: receiving module 501, the first deciphering module 502, the second deciphering module 503;Wherein,
Receiving module 501 includes for receiving the first data message of sending device transmission, in first data message First key after public key encryption and through the encrypted ciphertext of the first key;The ciphertext is sending device utilization What the first key obtained after encrypting to the partial data in data to be transmitted;
First deciphering module 502, for utilizing the private key with the public key match, to first after public key encryption Key is decrypted, and obtains the first key;
Second deciphering module 503, for the ciphertext to be decrypted using the first key, after obtaining decryption The data to be transmitted in partial data.
It further include the unencryption in the data to be transmitted in first data message in a kind of possible embodiment Data;
The receiving module 501 is also used to after receiving the first data message that the sending device is sent:
Identify the clear data in first data message;
Second deciphering module 503 is also used after the partial data in the data to be transmitted after being decrypted In:
The partial data after the decryption is synthesized with the clear data, obtains the data to be transmitted.
In a kind of possible embodiment, Data Identification, the receiving module are also carried in first data message 501, it is also used to:
Receive the second data message that sending device is sent;
The data carried in the Data Identification and first data message carried in determining second data message After mark is consistent, by the part number in the clear data in second data message and the data to be transmitted after decryption According to synthesis, the data to be transmitted is obtained.
Description about the interaction flow between the process flow and each module of each module in above-mentioned apparatus can be joined According to the related description in above method embodiment, I will not elaborate.
As shown in fig. 6, for 60 structural schematic diagram of electronic equipment that the embodiment of the present disclosure provides, including processor 61, storage Device 62 and bus 63;Memory 62 is executed instruction for storing, including memory 621 and external memory 622;Here memory 621 are also referred to as built-in storage, hand over for temporarily storing the operational data in processor 61, and with external memories 622 such as hard disks The data changed, processor 61 carry out data exchange by memory 621 and external memory 622, when the user equipment 60 is run When, it is communicated between the processor 61 and the memory 62 by bus 63, so that processor 61 executes following processing mode:
In a kind of possible processing mode, the be-encrypted data in data to be transmitted can be identified;The be-encrypted data For the partial data in the data to be transmitted;The be-encrypted data is encrypted using first key, is obtained close Text;The first data message is transmitted to receiving device, includes the ciphertext and after public key encryption in first data message The first key.
In alternatively possible processing mode, the first data message that sending device is sent, first datagram are received It include first key after public key encryption and through the encrypted ciphertext of the first key in text;The ciphertext is the transmission What first key described in equipment utilization obtained after encrypting to the partial data in data to be transmitted;Using with the public key match Private key is decrypted the first key after public key encryption, obtains the first key;Utilize the first key pair The ciphertext is decrypted, the partial data in the data to be transmitted after being decrypted.
In addition, the embodiment of the present disclosure also provides a kind of computer readable storage medium, on the computer readable storage medium It is stored with computer program, the transmission of data described in above method embodiment is executed when which is run by processor The step of method.
The computer program product of data transmission method provided by the embodiment of the present disclosure, including storing program code Computer readable storage medium, the instruction that said program code includes can be used for executing data described in above method embodiment The step of transmission method, for details, reference can be made to above method embodiments, and details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.In the disclosure In provided several embodiments, it should be understood that disclosed systems, devices and methods, it can be real by another way It is existing.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only a kind of logic function It can divide, there may be another division manner in actual implementation, in another example, multiple units or components can combine or can collect At another system is arrived, or some features can be ignored or not executed.Another point, shown or discussed mutual coupling Conjunction or direct-coupling or communication connection can be the indirect coupling or communication connection by some communication interfaces, device or unit, It can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the disclosure can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the disclosure Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies rice, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the disclosure State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit Store up the medium of program code.
The above is only the protection scopes of the specific embodiment of the disclosure, but the disclosure to be not limited thereto, any to be familiar with Those skilled in the art can easily think of the change or the replacement in the technical scope that the disclosure discloses, and should all cover Within the protection scope of the disclosure.Therefore, the protection scope of the disclosure should be subject to the protection scope in claims.

Claims (13)

1. a kind of data transmission method is applied in sending device characterized by comprising
Identify the be-encrypted data in data to be transmitted;The be-encrypted data is the partial data in the data to be transmitted;
The be-encrypted data is encrypted using first key, obtains ciphertext;
The first data message is transmitted to receiving device, includes the ciphertext and after public key encryption in first data message The first key.
2. the method according to claim 1, wherein further including the number to be transmitted in first data message Clear data in addition to the be-encrypted data identified;
Alternatively, after the be-encrypted data in the identification data to be transmitted, further includes: Xiang Suoshu receiving device transmission second Data message includes the clear data in addition to the be-encrypted data identified in second data message.
3. the method according to claim 1, wherein the be-encrypted data in the identification data to be transmitted, packet It includes:
Identify at least one data attribute and the corresponding attribute value of every kind of data attribute that the data to be transmitted includes;
The data attribute for meeting encryption condition is filtered out from least one data attribute:
Using the corresponding attribute value of the data attribute for meeting encryption condition as the be-encrypted data.
4. according to the method described in claim 3, it is characterized in that, further include in first data message with it is described to be encrypted The data attribute of the corresponding unencryption of data.
5. method according to any one of claims 1 to 4, which is characterized in that further include following in first data message At least one of information: the version information of encryption algorithm identification information, the Encryption Algorithm that the encryption uses, with And data filling algorithm identification information.
6. the method according to claim 1, wherein generating the first key according to following manner:
Generate random code and current time stamp;
According to the random code and the current time stamp, the first key is generated.
7. a kind of data transmission method is applied in receiving device characterized by comprising
The first data message that sending device is sent is received, includes first close after public key encryption in first data message Key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device utilizes the first key to be transmitted It is obtained after partial data encryption in data;
Using the private key with the public key match, the first key after public key encryption is decrypted, obtains described One key;
The ciphertext is decrypted using the first key, the part in the data to be transmitted after being decrypted Data.
8. the method according to the description of claim 7 is characterized in that further including the number to be transmitted in first data message Clear data in;
After receiving the first data message that the sending device is sent, further includes:
Identify the clear data in first data message;
It is described decrypted after the data to be transmitted in partial data after, further includes:
The partial data after the decryption is synthesized with the clear data, obtains the data to be transmitted.
9. the method according to the description of claim 7 is characterized in that also carry Data Identification in first data message, The method also includes:
Receive the second data message that sending device is sent;
The Data Identification carried in the Data Identification and first data message carried in determining second data message After consistent, the partial data in the clear data in second data message and the data to be transmitted after decryption is closed At obtaining the data to be transmitted.
10. a kind of data transmission device characterized by comprising
Identification module, for identification be-encrypted data in data to be transmitted;The be-encrypted data is the data to be transmitted In partial data;
Encrypting module obtains ciphertext for the be-encrypted data to be encrypted using first key;
Sending module, include for transmitting the first data message to receiving device, in first data message ciphertext and The first key after public key encryption.
11. a kind of data transmission device characterized by comprising
Receiving module includes through public key in first data message for receiving the first data message of sending device transmission Encrypted first key and through the encrypted ciphertext of the first key;The ciphertext is that the sending device utilizes described the It is obtained after partial data encryption in one key pair data to be transmitted;
First deciphering module, for using and the public key match private key, to the first key after public key encryption into Row decryption, obtains the first key;
Second deciphering module, it is described after being decrypted for the ciphertext to be decrypted using the first key Partial data in data to be transmitted.
12. a kind of electronic equipment characterized by comprising processor, memory and bus, the memory are stored with described The executable machine readable instructions of processor, when electronic equipment operation, by total between the processor and the memory Line communication executes the data transmission as described in claim 1 to 6 is any when the machine readable instructions are executed by the processor The step of method, alternatively, the step of executing the data transmission method as described in claim 7 to 9 is any.
13. a kind of computer readable storage medium, which is characterized in that be stored with computer journey on the computer readable storage medium Sequence, the step of data transmission method as described in claim 1 to 6 is any is executed when which is run by processor, Alternatively, the step of executing the data transmission method as described in claim 7 to 9 is any.
CN201910821041.XA 2019-08-30 2019-08-30 A kind of data transmission method, device, equipment and storage medium Pending CN110505066A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910821041.XA CN110505066A (en) 2019-08-30 2019-08-30 A kind of data transmission method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910821041.XA CN110505066A (en) 2019-08-30 2019-08-30 A kind of data transmission method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110505066A true CN110505066A (en) 2019-11-26

Family

ID=68590964

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910821041.XA Pending CN110505066A (en) 2019-08-30 2019-08-30 A kind of data transmission method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110505066A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740831A (en) * 2020-08-13 2020-10-02 国网浙江省电力有限公司 Electric power data encryption transmission method, system and readable medium for multiplex and production detection
CN111935122A (en) * 2020-07-31 2020-11-13 重庆小雨点小额贷款有限公司 Data security processing method and device
CN112987581A (en) * 2019-12-16 2021-06-18 华为技术有限公司 Control method for intelligent household equipment, medium and terminal thereof
CN112995096A (en) * 2019-12-13 2021-06-18 中移动信息技术有限公司 Data encryption and decryption method, device and equipment
CN113114648A (en) * 2021-04-01 2021-07-13 山东高云半导体科技有限公司 Method and device for realizing encrypted communication
CN113114457A (en) * 2021-04-06 2021-07-13 支付宝(杭州)信息技术有限公司 Data processing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5974141A (en) * 1995-03-31 1999-10-26 Mitsubishi Corporation Data management system
US6789195B1 (en) * 1999-06-07 2004-09-07 Siemens Aktiengesellschaft Secure data processing method
US20080046757A1 (en) * 2006-07-12 2008-02-21 Palo Alto Research Center Incorporated Method, Apparatus, and Program Product for Flexible Redaction of Content
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
CN109246130A (en) * 2018-10-17 2019-01-18 深圳壹账通智能科技有限公司 Data ciphering method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5974141A (en) * 1995-03-31 1999-10-26 Mitsubishi Corporation Data management system
US6789195B1 (en) * 1999-06-07 2004-09-07 Siemens Aktiengesellschaft Secure data processing method
US20080046757A1 (en) * 2006-07-12 2008-02-21 Palo Alto Research Center Incorporated Method, Apparatus, and Program Product for Flexible Redaction of Content
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
CN109246130A (en) * 2018-10-17 2019-01-18 深圳壹账通智能科技有限公司 Data ciphering method, device, computer equipment and storage medium

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995096A (en) * 2019-12-13 2021-06-18 中移动信息技术有限公司 Data encryption and decryption method, device and equipment
CN112995096B (en) * 2019-12-13 2023-04-25 中移动信息技术有限公司 Data encryption and decryption methods, devices and equipment
CN112987581A (en) * 2019-12-16 2021-06-18 华为技术有限公司 Control method for intelligent household equipment, medium and terminal thereof
CN111935122A (en) * 2020-07-31 2020-11-13 重庆小雨点小额贷款有限公司 Data security processing method and device
CN111935122B (en) * 2020-07-31 2022-09-20 重庆小雨点小额贷款有限公司 Data security processing method and device
CN111740831A (en) * 2020-08-13 2020-10-02 国网浙江省电力有限公司 Electric power data encryption transmission method, system and readable medium for multiplex and production detection
CN113114648A (en) * 2021-04-01 2021-07-13 山东高云半导体科技有限公司 Method and device for realizing encrypted communication
CN113114457A (en) * 2021-04-06 2021-07-13 支付宝(杭州)信息技术有限公司 Data processing method and device

Similar Documents

Publication Publication Date Title
CN110505066A (en) A kind of data transmission method, device, equipment and storage medium
CN105553951B (en) Data transmission method and device
US9430655B1 (en) Split tokenization
CN110335043B (en) Transaction privacy protection method, device and system based on blockchain system
US8989385B2 (en) Data encryption method, data verification method and electronic apparatus
CN108347419A (en) Data transmission method and device
CN107682141A (en) Data ciphering method and system for data transfer
CN106357396A (en) Digital signature method, digital signature system and quantum key card
AU2019271965A1 (en) POS System with white box encryption key sharing
CN104992119B (en) A kind of safe transmission method and system of sensitive information Anti-theft
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN113346997B (en) Method and device for communication of Internet of things equipment, Internet of things equipment and server
CN107590396A (en) Data processing method and device, storage medium, electronic equipment
US20100005307A1 (en) Secure approach to send data from one system to another
CN112039892B (en) Data sharing method and related device
CN108199847A (en) Security processing method, computer equipment and storage medium
CN102598575B (en) Method and system for the accelerated decryption of cryptographically protected user data units
CN110417544A (en) A kind of generation method of root key, device and medium
CN102088352A (en) Data encryption transmission method and system for message-oriented middleware
CN111192050A (en) Digital asset private key storage and extraction method and device
CN112947967B (en) Software updating method, blockchain application store and software uploading terminal
CN110198320B (en) Encrypted information transmission method and system
CN110598427A (en) Data processing method, system and storage medium
CN115021919A (en) SSL negotiation method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191126