CN111416788B - Method and device for preventing transmission data from being tampered - Google Patents

Method and device for preventing transmission data from being tampered Download PDF

Info

Publication number
CN111416788B
CN111416788B CN201910007286.9A CN201910007286A CN111416788B CN 111416788 B CN111416788 B CN 111416788B CN 201910007286 A CN201910007286 A CN 201910007286A CN 111416788 B CN111416788 B CN 111416788B
Authority
CN
China
Prior art keywords
data
check code
ciphertext
encryption
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910007286.9A
Other languages
Chinese (zh)
Other versions
CN111416788A (en
Inventor
陈果
张帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201910007286.9A priority Critical patent/CN111416788B/en
Publication of CN111416788A publication Critical patent/CN111416788A/en
Application granted granted Critical
Publication of CN111416788B publication Critical patent/CN111416788B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for preventing transmitted data from being tampered, and relates to the technical field of computers. The method for preventing the transmitted data from being tampered comprises the following steps: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a check code; and assembling the ciphertext character string and the check code into ciphertext data, and returning the ciphertext data to the first calling party. Through the steps, the data can be effectively prevented from being tampered in the transmission process, and the security risk that the data cannot be found in time after being tampered is reduced.

Description

Method and device for preventing transmission data from being tampered
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for preventing transmission data from being tampered.
Background
In order to ensure the security of the transmitted information on the devices such as the computer, the transmitted information often needs to be encrypted and decrypted. At present, the following two encryption and decryption modes mainly exist: symmetric encryption and decryption and asymmetric encryption and decryption. Compared with an asymmetric encryption and decryption mode, the symmetric encryption and decryption mode has the advantages of small calculated amount, high encryption and decryption speed, high encryption and decryption efficiency and the like.
In the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art:
while encrypted transmissions can improve the security of the transmitted information, there is still a data security risk that the transmitted information is tampered with. This is because: in the decryption process, the ciphertext data can be successfully decrypted as long as the ciphertext data meets a certain data format, so that the situation that the tampered ciphertext data is successfully decrypted is likely to occur, and a decryptor does not know that the data has been tampered.
Disclosure of Invention
In view of the above, the present invention provides a method and apparatus for preventing transmitted data from being tampered, which can effectively prevent the data from being tampered during transmission, and reduce the security risk that the data cannot be found in time after being tampered.
To achieve the above object, according to a first aspect of the present invention, there is provided a method of preventing transmission data from being tampered with.
The method for preventing the transmitted data from being tampered comprises the following steps: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a first check code; and assembling the ciphertext character string and the first check code into ciphertext data, and returning the ciphertext data to the first calling party.
Optionally, the method comprises: receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data to be decrypted; splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code; decrypting the ciphertext character string to generate plaintext data; encrypting preset check data by taking the plaintext data as an encryption key to generate a second check code; and returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
Optionally, the method further comprises: and returning error prompt information to the second calling party under the condition that the first check code is different from the second check code.
Optionally, the step of encrypting the plaintext data to be encrypted to generate a ciphertext character string includes: and encrypting the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string.
To achieve the above object, according to a second aspect of the present invention, there is provided a data encryption apparatus.
The data encryption device of the present invention includes: the receiving module is used for receiving the data encryption request of the first calling party; the data encryption request comprises plaintext data to be encrypted; the generation module is used for carrying out encryption processing on the plaintext data to be encrypted so as to generate a ciphertext character string; the method is also used for encrypting the preset data for verification by taking the plaintext data to be encrypted as an encryption key so as to generate a first verification code; the assembly module is used for assembling the ciphertext character string and the first check code into ciphertext data; and the sending module is used for returning the ciphertext data to the first calling party.
Optionally, the generating module performs encryption processing on the plaintext data to be encrypted, so as to generate a ciphertext character string, which includes: and the generation module performs encryption processing on the plaintext data to be encrypted based on a symmetric encryption algorithm so as to generate a ciphertext character string.
To achieve the above object, according to a third aspect of the present invention, there is provided a data decryption apparatus.
The data decryption device of the present invention includes: the receiving module is used for receiving a data decryption request of the second calling party; the data decryption request comprises ciphertext data to be decrypted; the splitting module is used for splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code; the generation module is used for decrypting the ciphertext character string to generate plaintext data; the method is also used for encrypting the preset check data by taking the plaintext data as an encryption key so as to generate a second check code; and the sending module is used for returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
Optionally, the sending module is further configured to return an error prompt message to the second caller when the first check code is different from the second check code.
To achieve the above object, according to a fourth aspect of the present invention, there is provided a data security system.
The data security system of the present invention includes: the data encryption device of the present invention and the data decryption device of the present invention.
To achieve the above object, according to a fifth aspect of the present invention, there is provided an electronic apparatus.
The electronic device of the present invention includes: one or more processors; and a storage means for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of preventing tampering of transmitted data of the present invention.
To achieve the above object, according to a sixth aspect of the present invention, a computer-readable medium is provided.
The computer readable medium of the present invention has stored thereon a computer program which, when executed by a processor, implements the method of the present invention for preventing tampering of transmitted data.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps of receiving a data encryption request of a first calling party, encrypting plaintext data to be encrypted carried by the data encryption request to generate a ciphertext character string, encrypting preset check data to generate a first check code by taking the plaintext data to be encrypted as an encryption key, assembling the ciphertext character string and the first check code into ciphertext data, and the like, so that the data can be effectively prevented from being tampered in transmission, and the security risk that the data cannot be found in time after being tampered is reduced.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic flow diagram of a method for preventing transmission data from being tampered with according to a first embodiment of the present invention;
FIG. 2 is a partial flow diagram of a method of preventing tampering with transmitted data according to a second embodiment of the invention;
fig. 3 is a schematic flow chart of a method for preventing transmission data from being tampered with according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of main blocks of a data encryption apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic diagram of main blocks of a data decryption apparatus according to a fifth embodiment of the present invention;
FIG. 6 is a schematic diagram showing the main constitution of a data security system according to a sixth embodiment of the present invention;
FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 8 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It is noted that embodiments of the invention and features of the embodiments may be combined with each other without conflict.
Before describing embodiments of the present invention in detail, some technical terms related to the embodiments of the present invention will be described first.
DES algorithm: the symmetric cryptosystem in the cryptosystem, which is also called as the American data encryption standard, is a symmetric cryptosystem encryption algorithm developed by the American IBM company in 1972.
3DES algorithm: or Triple DES algorithm, is a generic term for Triple data encryption algorithm (TDEA, triple Data Encryption Algorithm). It is equivalent to applying the DES encryption algorithm three times per data block.
Fig. 1 is a schematic flow chart of a method for preventing transmission data from being tampered according to a first embodiment of the present invention. As shown in fig. 1, the data encryption method according to the embodiment of the present invention includes:
step S101, receiving a data encryption request of a first calling party; the data encryption request includes plaintext data that needs to be encrypted.
Wherein the first caller may be a business system that requires data encryption.
Step S102, encrypting the plaintext data to be encrypted to generate a ciphertext character string; and taking the plaintext data to be encrypted as an encryption key, and carrying out encryption processing on preset data for verification to generate a first verification code.
In this step, the plaintext data and the data for verification may be encrypted based on the same encryption algorithm, or the plaintext data and the data for verification may be encrypted based on different encryption algorithms. For example, plaintext data and check data may be encrypted based on a DES algorithm; the plaintext data may be encrypted based on the DES algorithm, and the verification data may be encrypted based on the 3DES algorithm.
For example, assuming that the encryption algorithm used to encrypt the plaintext data and the check data is the DES algorithm, the plaintext data to be encrypted is "ABCDEF123456789", the key used to encrypt the plaintext data is "1111111122222222", the preset check data is "ABCDEFABCDEFABCD", the ciphertext string obtained by encrypting the plaintext data is "2E15BB363D942E5F", and the first check code obtained by using the plaintext data as the encryption key is "21C95B3F23610500".
In the embodiment of the invention, because the original text data to be encrypted is mostly different each time, the original text data is selected as the encryption key to encrypt the check data, so that the encryption key used for generating the check code each time is also different, the encrypted data can be better ensured not to be illegally tampered in the transmission and storage processes, the data security risk caused by repeatedly using the same encryption key to generate the check code is avoided, and the practicability and convenience are better.
And step 103, splicing the ciphertext character string and the first check code into ciphertext data, and returning the ciphertext data to the first calling party.
Illustratively, the ciphertext character string and the check code may be spliced together directly back and forth to obtain ciphertext data. For example, assuming that the encrypted ciphertext character string is "2E15BB363D942E5F", the encrypted first check code is "21C95B3F23610500", the concatenated ciphertext data is "2E15BB363D942E5F21C95B3F23610500".
In the embodiment of the invention, the plaintext data to be encrypted is used as the encryption key in the encryption process, and the preset check data is encrypted to generate the first check code, so that whether the encrypted data is tampered or not is verified based on the first check code in the subsequent decryption process, thereby effectively preventing the encrypted data from being tampered in the transmission and reducing the security risk that the encrypted data cannot be found in time after being tampered.
Fig. 2 is a partial flow diagram of a method of preventing transmission data from being tampered with according to a second embodiment of the present invention. The method for preventing the transmitted data from being tampered according to the embodiment of the invention comprises the flow shown in fig. 2 in addition to the flow shown in fig. 1. As shown in fig. 2, a method for preventing transmission data from being tampered according to an embodiment of the present invention includes:
step S201, receiving a data decryption request of a second calling party; the data decryption request includes ciphertext data that needs to be decrypted.
Wherein the second caller can be a service system that needs data decryption.
Step S202, splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code.
Step S203, the ciphertext character string is decrypted to generate plaintext data; and encrypting the preset check data by taking the plaintext data as an encryption key to generate a second check code.
For example, assuming that DES algorithm is selected for decrypting the ciphertext character string and encrypting the preset check data, the split ciphertext character string is "2E15BB363D942E5F", the first check code is "21C95B3F23610500", the preset check data is "ABCDEF abcdefabcd", the decrypted plaintext data is "ABCDEF123456789", and the second check code obtained by using the plaintext data as an encryption key is "21C95B3F23610500".
Step S204, returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
Further, the method of the embodiment of the invention can further comprise the following steps: and returning error prompt information to the second calling party under the condition that the first check code is different from the second check code.
In the embodiment of the invention, the plaintext data obtained by decryption is taken as the encryption key in the decryption process, the preset check data is encrypted to generate the second check code, and the second check code is compared with the first check code in the ciphertext data, so that the encrypted data can be effectively prevented from being tampered in transmission, and the encrypted data can be timely found after being tampered, thereby improving the safety of the data in the transmission and storage processes.
Fig. 3 is a schematic flow chart of a method for preventing transmission data from being tampered according to a third embodiment of the present invention. As shown in fig. 3, the method for preventing transmission data from being tampered according to an embodiment of the present invention includes:
step 301, the first service system sends a data encryption request to the data security system.
Wherein the data encryption request includes: encrypted plaintext data is required.
And step S302, the data security system generates a ciphertext character string and a first check code by symmetric encryption.
In the step, the data security system carries out symmetric encryption processing on the plaintext data to be encrypted so as to generate ciphertext character strings; the data security system performs symmetric encryption processing on preset check data to generate a first check code. Specifically, the data security system may use the plaintext data to be encrypted as an encryption key, and perform symmetric encryption processing on preset check data based on the encryption key, so as to generate a first check code.
Step S303, the data security system assembles the ciphertext character string and the first check code into ciphertext data.
For example, the data security system may splice the ciphertext character string and the first check code together directly back and forth to obtain ciphertext data.
And step S304, the data security system returns ciphertext data to the first service system.
Step S305, the first service system sends ciphertext data to the second service system.
Step S306, the second service system sends a data decryption request to the data security system.
Wherein the data decryption request includes the ciphertext data.
Step S307, the data security system breaks the ciphertext data into ciphertext character strings and a first check code.
Step S308, the data security system symmetrically decrypts the ciphertext character string into plaintext data and generates a second check code.
In this step, the data security system may perform symmetric decryption processing on the ciphertext character string to generate plaintext data; and carrying out symmetrical encryption processing on the preset data for verification to generate a second verification code. Specifically, the data security system may use the plaintext data as an encryption key, and perform symmetric encryption processing on preset verification data based on the encryption key to generate a second verification code.
In the embodiment of the invention, the ciphertext character string is decrypted by adopting a symmetrical decryption mode to generate the plaintext data, so that the decryption processing efficiency can be improved; the original text data is selected as the encryption key to encrypt the check data, so that the encryption keys used for generating the check code each time are different, the encrypted data can be better prevented from being illegally tampered in the transmission and storage processes, the data security risk caused by using the same encryption key for multiple times is avoided, and the practicability and convenience are better.
Step S309, if the first check code and the second check code are the same, the data security system returns the plaintext data to the second service system.
Further, the method of the embodiment of the invention further comprises the following steps: if the first check code is different from the second check code, the data security system returns error prompt information to the second service system.
In the embodiment of the invention, the higher encryption and decryption processing efficiency can be ensured through the steps, the data can be effectively prevented from being tampered in the transmission process, and the security risk that the data cannot be found in time after being tampered is reduced.
Fig. 4 is a schematic diagram of main blocks of a data encryption apparatus according to a fourth embodiment of the present invention. As shown in fig. 4, a data encryption apparatus 400 according to an embodiment of the present invention includes: a receiving module 401, a generating module 402, a splicing module 403 and a transmitting module 404.
A receiving module 401, configured to receive a data encryption request of a first caller; the data encryption request includes plaintext data that needs to be encrypted. Wherein the first caller may be a business system that requires data encryption.
A generating module 402, configured to encrypt the plaintext data to be encrypted, so as to generate a ciphertext character string; and the method is also used for encrypting the preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a first check code.
In particular, the generating module 402 may encrypt the plaintext data and the data for verification based on the same encryption algorithm, or may encrypt the plaintext data and the data for verification based on different encryption algorithms. For example, the generation module 402 may encrypt the plaintext data, the check data, based on a DES algorithm; the generation module 402 may encrypt the plaintext data based on the DES algorithm and encrypt the check data based on the 3DES algorithm.
In the embodiment of the invention, since the original text data to be encrypted is mostly different each time, the generation module encrypts the verification data by selecting the original text data as the encryption key, so that the encryption key used for generating the first verification code each time is also different, the encrypted data can be better prevented from being illegally tampered in the transmission and storage processes, the data security risk caused by using the same encryption key for generating the verification code for many times is avoided, and the practicability and convenience are better.
And the assembling module 403 is configured to assemble the ciphertext character string and the first check code into ciphertext data.
Illustratively, the assembling module 403 may directly assemble the ciphertext character string with the first check code back and forth to obtain ciphertext data. For example, assuming that the encrypted ciphertext character string is "2E15BB363D942E5F", the encrypted first check code is "21C95B3F23610500", the concatenated ciphertext data is "2E15BB363D942E5F21C95B3F23610500".
And a sending module 404, configured to return the ciphertext data to the first caller.
In the device provided by the embodiment of the invention, the plaintext data to be encrypted is used as the encryption key in the encryption process, and the preset check data is encrypted to generate the first check code, so that whether the data is tampered or not is verified based on the first check code in the subsequent decryption process, thereby effectively preventing the encrypted data from being tampered in the transmission and reducing the security risk that the encrypted data cannot be found in time after being tampered.
Fig. 5 is a schematic diagram of main blocks of a data decryption apparatus according to a fifth embodiment of the present invention. As shown in fig. 5, a data decryption apparatus 500 according to an embodiment of the present invention includes: a receiving module 501, a splitting module 502, a generating module 503, and a transmitting module 504.
A receiving module 501, configured to receive a data decryption request from a second caller; the data decryption request includes ciphertext data that needs to be decrypted. Wherein the second caller can be a service system that needs data decryption.
The splitting module 502 is configured to split the ciphertext data to be decrypted into a ciphertext character string and a first check code.
A generating module 503, configured to decrypt the ciphertext character string to generate plaintext data; the generating module 503 is further configured to encrypt the preset check data with the plaintext data as an encryption key, so as to generate a second check code.
For example, assuming that DES algorithm is selected for decrypting the ciphertext character string and encrypting the preset check data, the split ciphertext character string is "2E15BB363D942E5F", the first check code is "21C95B3F23610500", the preset check data is "ABCDEF abcdefabcd", the decrypted plaintext data is "ABCDEF123456789", and the second check code obtained by using the plaintext data as an encryption key is "21C95B3F23610500".
And the sending module 504 is configured to return the plaintext data to the second caller when the first check code is the same as the second check code. Further, the sending module 504 may be further configured to return an error prompt message to the second caller when the first check code is different from the second check code.
In the device provided by the embodiment of the invention, the plaintext data obtained by decryption is taken as the encryption key in the decryption process, the preset check data is encrypted to generate the second check code, and the second check code is compared with the first check code in the ciphertext data, so that the encrypted data can be effectively prevented from being tampered in transmission, the encrypted data can be timely found after being tampered, and the safety of the data in the transmission and storage processes is improved.
Fig. 6 is a schematic diagram of the main constitution of a data security system according to a sixth embodiment of the present invention. As shown in fig. 6, a data security system 600 of an embodiment of the present invention may include: a data encryption device 601 and a data decryption device 602.
The data encryption device 601 is mainly configured to receive a data encryption request of a first caller; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a first check code; and assembling the ciphertext character string and the first check code into ciphertext data, and returning the ciphertext data to the first calling party.
The data decryption device 602 is mainly configured to receive a data decryption request of the second caller; the data decryption request comprises ciphertext data to be decrypted; splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code; decrypting the ciphertext character string to generate plaintext data; encrypting preset check data by taking the plaintext data as an encryption key to generate a second check code; and returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
According to the data security system provided by the embodiment of the invention, the data for preset verification is encrypted to generate the first verification code by taking the plaintext data to be encrypted as the encryption key in the encryption process, so that whether the encrypted data is tampered or not can be verified based on the first verification code in the subsequent decryption process; in the decryption process, plaintext data obtained by decryption is used as an encryption key, preset check data are encrypted to generate a second check code, and the second check code is compared with the first check code in ciphertext data, so that the data can be effectively prevented from being tampered in transmission, and the security risk that the data cannot be found in time after being tampered is reduced.
Fig. 7 illustrates an exemplary system architecture 700 of a method or data security system for preventing tampering of transmitted data to which embodiments of the present invention may be applied.
As shown in fig. 7, the system architecture 700 may include a first application server 701, a data encryption and decryption server 702, a second application server 703, and a network 704. The network 704 is a medium for providing a communication link among the first application server 701, the data encryption/decryption server 702, and the second application server 703. The network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The first application server 701 may interact with the data encryption and decryption server 702, the second application server 703, to receive or send messages, etc., through the network 704. For example, the first application server 701 may send a data encryption request to the data encryption and decryption server 702, receive ciphertext data returned by the data encryption and decryption server 702, and send the ciphertext data to the second application server 703.
The second application server 703 may interact with the data encryption and decryption server 702, the first application server 701, to receive or send messages, etc. through the network 704. For example, the second application server 703 may send a data decryption request to the data encryption and decryption server 702, and receive plaintext data returned by the data encryption and decryption server 702.
The first application server 701 and the second application server 703 may be servers providing various services, such as various background management servers providing support for shopping websites browsed by the user using the terminal device.
It should be noted that, the method for preventing the transmitted data from being tampered provided by the embodiment of the present invention is generally executed by the data encryption and decryption server 702, and accordingly, the data security system is generally set in the data encryption and decryption server 702.
It should be understood that the number of first application servers, network and second application servers, data encryption and decryption servers in fig. 7 is merely illustrative. Any number of first application servers, second application servers and data encryption and decryption servers can be provided according to implementation requirements.
Referring now to FIG. 8, there is illustrated a schematic diagram of a computer system 800 suitable for use in implementing an electronic device of an embodiment of the present invention. The electronic device shown in fig. 8 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the invention.
As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU) 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to the bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 801.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: the processor comprises a receiving module, a generating module, an assembling module and a sending module. The names of these modules do not in any way constitute a limitation of the module itself, for example, the receiving module may also be described as "module receiving a data encryption request".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer-readable medium carries one or more programs which, when executed by one of the devices, cause the device to perform the following: receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted; encrypting the plaintext data to be encrypted to generate a ciphertext character string; encrypting preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a first check code; and assembling the ciphertext character string and the first check code into ciphertext data, and returning the ciphertext data to the first calling party.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (6)

1. A method of preventing tampering with transmitted data, the method comprising:
receiving a data encryption request of a first calling party; the data encryption request comprises plaintext data to be encrypted;
encrypting the plaintext data to be encrypted based on a symmetric encryption algorithm to generate a ciphertext character string; encrypting preset check data by taking the plaintext data to be encrypted as an encryption key so as to generate a first check code;
assembling the ciphertext character string and a first check code into ciphertext data, and returning the ciphertext data to the first calling party;
further comprises:
receiving a data decryption request of a second calling party; the data decryption request comprises ciphertext data to be decrypted;
splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code;
decrypting the ciphertext character string to generate plaintext data; encrypting preset check data by taking the plaintext data as an encryption key to generate a second check code;
and returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
2. The method according to claim 1, wherein the method further comprises:
and returning error prompt information to the second calling party under the condition that the first check code is different from the second check code.
3. A data security system, the system comprising:
a data encryption device and a data decryption device;
the data encryption device includes:
the receiving module is used for receiving the data encryption request of the first calling party; the data encryption request comprises plaintext data to be encrypted;
the generation module is used for carrying out encryption processing on the plaintext data to be encrypted based on a symmetric encryption algorithm so as to generate a ciphertext character string; the method is also used for encrypting the preset data for verification by taking the plaintext data to be encrypted as an encryption key so as to generate a first verification code;
the assembly module is used for assembling the ciphertext character string and the first check code into ciphertext data;
the sending module is used for returning the ciphertext data to the first calling party;
the data decryption apparatus includes:
the receiving module is used for receiving a data decryption request of the second calling party; the data decryption request comprises ciphertext data to be decrypted;
the splitting module is used for splitting the ciphertext data to be decrypted into a ciphertext character string and a first check code;
the generation module is used for decrypting the ciphertext character string to generate plaintext data; the method is also used for encrypting the preset check data by taking the plaintext data as an encryption key so as to generate a second check code;
and the sending module is used for returning the plaintext data to the second calling party under the condition that the first check code is the same as the second check code.
4. A system according to claim 3, wherein the sending module of the data decrypting apparatus is further configured to return an error indication message to the second caller if the first check code is different from the second check code.
5. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 or 2.
6. A computer readable medium on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1 or 2.
CN201910007286.9A 2019-01-04 2019-01-04 Method and device for preventing transmission data from being tampered Active CN111416788B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910007286.9A CN111416788B (en) 2019-01-04 2019-01-04 Method and device for preventing transmission data from being tampered

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910007286.9A CN111416788B (en) 2019-01-04 2019-01-04 Method and device for preventing transmission data from being tampered

Publications (2)

Publication Number Publication Date
CN111416788A CN111416788A (en) 2020-07-14
CN111416788B true CN111416788B (en) 2023-08-08

Family

ID=71493943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910007286.9A Active CN111416788B (en) 2019-01-04 2019-01-04 Method and device for preventing transmission data from being tampered

Country Status (1)

Country Link
CN (1) CN111416788B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112559497B (en) * 2020-12-25 2023-06-23 北京百度网讯科技有限公司 Data processing method, information transmission method, device and electronic equipment
CN112987942B (en) * 2021-03-10 2024-04-16 京东科技控股股份有限公司 Method, device and system for inputting information by keyboard, electronic equipment and storage medium
CN112995210B (en) * 2021-04-20 2023-04-07 全球能源互联网研究院有限公司 Data transmission method and device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102013976A (en) * 2010-12-20 2011-04-13 西安西电捷通无线网络通信股份有限公司 Key management method and system
CN103078841A (en) * 2012-12-03 2013-05-01 厦门市美亚柏科信息股份有限公司 Method and system for preventive electronic data security
CN105516204A (en) * 2016-01-27 2016-04-20 北京理工大学 Method for high-security network data storage
CN108768924A (en) * 2018-04-02 2018-11-06 广州广电运通金融电子股份有限公司 Cash processing terminal safety certifying method, device and cash processing terminal
CN108920971A (en) * 2018-07-06 2018-11-30 北京京东金融科技控股有限公司 The method of data encryption, the method for verification, the device of encryption and verification device
CN108959962A (en) * 2018-06-27 2018-12-07 杭州安恒信息技术股份有限公司 A kind of API secure calling method of dynamic base

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102013976A (en) * 2010-12-20 2011-04-13 西安西电捷通无线网络通信股份有限公司 Key management method and system
CN103078841A (en) * 2012-12-03 2013-05-01 厦门市美亚柏科信息股份有限公司 Method and system for preventive electronic data security
CN105516204A (en) * 2016-01-27 2016-04-20 北京理工大学 Method for high-security network data storage
CN108768924A (en) * 2018-04-02 2018-11-06 广州广电运通金融电子股份有限公司 Cash processing terminal safety certifying method, device and cash processing terminal
CN108959962A (en) * 2018-06-27 2018-12-07 杭州安恒信息技术股份有限公司 A kind of API secure calling method of dynamic base
CN108920971A (en) * 2018-07-06 2018-11-30 北京京东金融科技控股有限公司 The method of data encryption, the method for verification, the device of encryption and verification device

Also Published As

Publication number Publication date
CN111416788A (en) 2020-07-14

Similar Documents

Publication Publication Date Title
CN107888656B (en) Calling method and calling device of server-side interface
CN111416788B (en) Method and device for preventing transmission data from being tampered
CN108880812B (en) Method and system for data encryption
CN112055004A (en) Data processing method and system based on small program
CN108923925B (en) Data storage method and device applied to block chain
CN110519203B (en) Data encryption transmission method and device
CN112437044B (en) Instant messaging method and device
CN107920060B (en) Data access method and device based on account
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN111327605A (en) Method, terminal, server and system for transmitting private information
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
WO2024060630A1 (en) Data transmission management method, and data processing method and apparatus
CN107707528B (en) Method and device for isolating user information
CN111181920A (en) Encryption and decryption method and device
CN109995534B (en) Method and device for carrying out security authentication on application program
CN114499893B (en) Bidding file encryption and evidence storage method and system based on block chain
CN110166226B (en) Method and device for generating secret key
CN113507363B (en) Data processing method, device, electronic equipment and storage medium
CN112926076B (en) Data processing method, device and system
CN115378743B (en) Information encryption transmission method, device, equipment and medium
CN109302287A (en) Message forwarding method and system
CN116546500B (en) Terminal capability identification method, system, electronic equipment and medium
CN116112172B (en) Android client gRPC interface security verification method and device
CN114727238B (en) Message transmission method, message transmission device, medium and equipment
CN113420331B (en) Method and device for managing file downloading permission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant