CN111756737A - Data transmission method, device, system, computer equipment and readable storage medium - Google Patents
Data transmission method, device, system, computer equipment and readable storage medium Download PDFInfo
- Publication number
- CN111756737A CN111756737A CN202010587451.5A CN202010587451A CN111756737A CN 111756737 A CN111756737 A CN 111756737A CN 202010587451 A CN202010587451 A CN 202010587451A CN 111756737 A CN111756737 A CN 111756737A
- Authority
- CN
- China
- Prior art keywords
- service
- token
- information
- client
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a block chain technology, and discloses a data transmission method, a device, a system, equipment and a storage medium; the method part can be applied to a business server and comprises the following steps: receiving a first service request of a client sent by a gateway, wherein the first service request comprises a token, user information and service identification information; acquiring first encryption information according to the token and the user information, and acquiring target encryption information according to the service identification information and the first encryption information; sending the target encryption information to the client so that the client generates a second service request; receiving a second service request of the client sent by the gateway, wherein the second service request comprises a token and target encryption information; decrypting the token and the target encryption information to obtain service identification information, wherein the service identification information is stored in a block chain; and acquiring the service data requested by the client according to the service identification information in the storage block chain, and sending the service data to the client. The invention can improve the safety of the data transmission process.
Description
Technical Field
The present invention relates to the field of cloud security technologies, and in particular, to a data transmission method, apparatus, system, computer device, and readable storage medium.
Background
With the increasingly high-speed development of scientific technology and information, the requirement of enterprises for informatization is more and more complex, and more enterprises need to realize core services based on the mode of an overall application architecture. Under the traditional software Architecture mode, the problems of more and more bloated system or transmitted data volume, low expansion capability, higher and more complex and the like occur, flexible and variable service requirements are difficult to adapt, and higher system maintenance cost is brought along. Therefore, the micro-service architecture well solves the problems of low development efficiency, difficult expansibility, long development period, difficult maintenance and the like of the traditional system, and the system design concept gradually becomes the current mainstream business system architecture mode.
At present, a relatively complete scheme exists for constructing micro services based on springclosed and Kubernaters, but because a software system based on a micro service architecture consists of a plurality of micro services with fine granularity, more potential safety hazards are possibly introduced into complex intra-system communication, and the risk of being traversed and stolen by the outside easily occurs in the data transmission process, so that the problem of the potential safety hazards can be involved, and the selection and the use of the micro service architecture by a user can be influenced.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a data transmission method, apparatus, system, computer device and readable storage medium for improving the security of data transmission process, aiming at the problem in the prior art that the risk of external traversal and stealing is easy to occur in the data transmission process in the micro service scene, and the information security hidden danger is possibly involved.
A first aspect of the present invention provides a data transmission method, where the method includes:
a service server receives a first service request of a client sent by a gateway, wherein the first service request comprises a token, user information and service identification information;
the service server acquires first encryption information according to the token and the user information;
the service server acquires target encryption information according to the service identification information and the first encryption information;
the business server sends the target encryption information to the client so that the client generates a second business request comprising the target encryption information;
the service server receives a second service request of the client sent by the gateway, wherein the second service request comprises the token and the target encryption information;
the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain;
and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
Optionally, the method further comprises:
the service server sequences the token and the user information to obtain a first character string;
the service server splices the first character string to obtain a second character string;
the service server encrypts the second character string by adopting a first encryption algorithm to obtain first encryption information; wherein the first encryption Algorithm is an MD5(Message-Digest Algorithm5) encryption Algorithm.
Optionally, the method further comprises:
the service server performs data desensitization on the service identification information;
the service server encrypts the service identification information and the first encryption information after data desensitization by adopting a second encryption algorithm to obtain the target encryption information; wherein the second encryption algorithm is an aes (advanced encryption standard) encryption algorithm.
A second aspect of the present invention provides a data transmission method, including:
a gateway receives a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information;
the gateway sends the token to an authorization server so that the authorization server verifies the token, and the authorization server sends the generated first verification result to the gateway;
the gateway receives a first verification result sent by the authorization server, and when the first verification result is passed, the gateway sends the token, the user information and the service identification information to a service server, so that the service server obtains first encryption information according to the token and the user information and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to a client, and the client generates a second service request according to the target encryption information;
the gateway receives a second service request sent by the client, wherein the second service request comprises the token and the target encryption information;
the gateway sends the token to the authorization server so that the authorization server verifies the token, and the authorization server sends the generated second verification result to the gateway;
the gateway receives a second verification result sent by the authorization server, and when the second verification result is passed, the gateway sends the token and the target encryption information to the service server so that the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain; and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
Optionally, the method further comprises:
the gateway receives a login request sent by the client, wherein the login request comprises user identity information;
the gateway sends the login request to the authorization server so that the authorization server authenticates the user identity information included in the login request, and when the authentication result is passed, the authorization server sends the generated token to the gateway;
and the gateway sends the token to the client so that the client stores the token.
A third aspect of the present invention provides a data transmission apparatus, which is applied to a service server, and includes:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a first service request of a client, which is sent by a gateway, and the first service request comprises a token and user information;
the first obtaining module is used for obtaining first encryption information according to the token and the user information;
the second obtaining module is used for obtaining target encryption information according to the service identification information and the first encryption information;
the first sending module is used for sending the target encryption information to the client so that the client generates a second service request comprising the target encryption information;
a second receiving module, configured to receive a second service request of the client sent by the gateway, where the second service request includes the token and the target encryption information;
the decryption module is used for decrypting the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain;
and the second sending module is used for acquiring the service data requested by the client according to the service identification information stored in the block chain and sending the service data to the client.
A fourth aspect of the present invention provides a data transmission apparatus, which is applied to a gateway, and includes:
the first receiving module is used for receiving a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information;
the first sending module is used for sending the token to an authorization server so that the authorization server verifies the token, and the authorization server sends a generated first verification result to the gateway;
the first forwarding module is used for receiving a first verification result sent by the authorization server and received by the gateway, and when the first verification result is passed, the gateway sends the token, the user information and the service identification information to the service server, so that the service server obtains first encryption information according to the token and the user information and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to a client, and the client generates a second service request according to the target encryption information;
a second receiving module, configured to receive a second service request sent by the client, where the second service request includes the token and the target encryption information;
the second sending module is configured to send the token to the authorization server, so that the authorization server verifies the token, and the authorization server sends a generated second verification result to the gateway;
the second forwarding module is configured to receive a second verification result sent by the authorization server, and when the second verification result is that the second verification result passes, the gateway sends the token and the target encryption information to the service server, so that the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain; and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
A fifth aspect of the present invention provides a data transmission system, including:
a service server for executing the data transmission method according to the first aspect of the present invention;
a gateway for performing the data transmission method according to the second aspect of the present invention.
A sixth aspect of the present invention provides a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the data transmission method according to the first aspect of the present invention or the data transmission method according to the second aspect of the present invention when executing the computer program.
A seventh aspect of the present invention provides a computer-readable storage medium storing a computer program, wherein the computer program is configured to implement the data transmission method according to the first aspect of the present invention or the data transmission method according to the second aspect of the present invention when executed by a processor.
The invention provides a data transmission method, a device, a system, computer equipment and a storage medium, wherein the data transmission method can be applied to a service server, and comprises the following steps: the method comprises the steps that a service server receives a first service request of a client side, wherein the first service request comprises a token, user information and service identification information; the service server acquires first encryption information according to the token and the user information, and acquires target encryption information according to the service identification information and the first encryption information; the business server sends the target encryption information to the client so that the client generates a second business request comprising the target encryption information; the service server receives a second service request of the client sent by the gateway, wherein the second service request comprises a token and target encryption information; the service server decrypts the token and the target encryption information to obtain service identification information, and the service identification information is stored in the block chain; and the service server acquires service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client. The data transmission method provided by the invention is different from the prior art that the encryption processing is directly carried out by taking the service data as the object, but the service identification information of the query service data is encrypted and processed, so that the exposure easily caused by the direct processing of the service data can be avoided, the service identification information is stored in the block chain, the risk that the service identification information is stolen by the outside can be effectively reduced, and the safety of data transmission is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a block diagram of a data transmission system according to an embodiment of the present invention;
FIG. 2 is an interaction diagram of a data transmission method according to an embodiment of the invention;
fig. 3 is a schematic flow chart of a data transmission method according to an embodiment of the present invention, in which an authorization server verifies that a gateway forwards a client token;
FIG. 4 is a flow chart illustrating a data transmission method according to an embodiment of the present invention, wherein the data transmission method authorizes the server authentication gateway to forward the client login request;
fig. 5 is a schematic diagram of a data transmission apparatus applied to a service server according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a data transmission apparatus applied to a gateway according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The data transmission method provided by the embodiment of the invention can be applied to a data transmission system shown in fig. 1, wherein the data transmission system can comprise a client, a gateway, an authorization server and a service server. Specifically, in a user login stage, a user can send a login request to a gateway through a client, the gateway forwards the login request of the client to an authorization server, so that when the authorization server verifies that the user identity information of the current client is valid, the authorization server sends a generated token to the gateway, and the gateway sends the token to the client, so that the client stores the token, and the client sends the token when performing a service request afterwards. In a service data request phase, a user can send a service request to a gateway through a client, the service request can include a token issued by an authorization server in a login phase, the gateway sends the token included in the service request to the authorization server for verification, and when the gateway obtains that the verification result of the authorization server is passed, the gateway sends the service request sent by the client to the service server.
It can be understood that the gateway of the system of this embodiment, as a unified traffic entry, may be responsible for uniformly arranging the service request sent by the client, and after confirming the token validation result sent by the client with the authorization server, the gateway forwards the service request of the client to the corresponding service server, and by introducing the gateway, the client only needs to interact with the gateway, and does not need to connect with each service server for communication respectively, and meanwhile, through unified distribution of the gateway, the service server may be more dedicated to the service logic, and the efficiency of service data processing is improved.
The data transmission method of the present invention is described in detail below with reference to a specific embodiment, and specifically, as shown in fig. 2, in an embodiment, the data transmission method may include:
s01: the service server receives a first service request of the client sent by the gateway, wherein the first service request comprises a token, user information and service identification information.
In an application scenario, for example, when a user wants to search service data related to a specific service, the user may send a first service request to a gateway through a client, where the first service request may include, but is not limited to, a token, user information, service identification information, and the like, the current gateway needs to send the token to an authorization server for verification, when the gateway obtains that a verification result of the authorization server is passed, the gateway may send the first service request of the client to the service server, and the service server may receive the first service request of the client sent by the gateway, where the first service request may include the token, the user information, and the service identification information.
S02: and the service server acquires first encryption information according to the token and the user information.
After the service server obtains the first service request of the client sent by the gateway, the service server may obtain the first encryption information according to the token and the user information included in the first service request, for example, based on the received token and the user information, the service server may first perform a rule of disordering the original information in a manner of, for example, sorting and/or splicing on the token and the user information, and then may encrypt the information obtained in the manner of sorting and/or splicing by using an encryption algorithm to obtain the first encryption information.
In one embodiment, more specifically, the service server obtains the first encryption information according to the token and the user information, and the first encryption information can be obtained through the following steps S021 to S023:
s021: and the service server sequences the token and the user information to obtain a first character string.
In an embodiment, a service server receives a first service request of a client sent by a gateway, and the service server sorts a token and user information therein to obtain a first character string. In this embodiment, it is understood that the information related to the first service request may include, but is not limited to, one or more of numbers, letters, or symbols, for example. The user information may include, but is not limited to, information such as a user name, a user access time, and the like, and is not limited herein. The service server sorts the token and the user information of the first service request, specifically, when the token and the user information of the first service request relate to numbers and letters, the service server may sort the token and the user information in an ascending order or a descending order according to the order of the letters (for example, from a to Z) and the numbers (for example, from small to large), and the like, for example, the letters and the numbers in the token and the user information may be sorted according to an ascending order or a descending order, or the letters and the numbers in the token and the user information may be sorted in a reverse order; the sorting may also be performed by other preset manners, for example, sorting the letters and numbers into one category, and sorting the letters and numbers separately, which is not limited herein. It can be understood that, in this embodiment, by sorting the token and the user information included in the first service request, the rule of the original information may be disturbed, so as to improve the complexity of the information related to the first service request.
In another embodiment, the token and the user information of the received first service request may be salted. Specifically, by inserting a preset or randomly generated encryption salt value into the token and the user information, the lengths of the token and the user information may be lengthened, so as to increase the complexity of the information involved in the first service request. It is to be understood that the encryption salt in this embodiment may be a set of preset character strings, specifically, the encryption salt may be a fixed character string preset according to a preset rule, and the preset rule may be an encryption rule set according to an actual requirement or encryption security, for example, the preset rule is defined as a length, an element type, and the like of the encryption salt, or the encryption salt is inserted into a specific position in the first character string, and the like. Or may be a character string randomly generated by the authorization server, such as a string of pseudo-random numbers randomly generated according to a certain operation rule, which is not limited herein. In this embodiment, by inserting the encrypted salt value into the received token and other user information, the token and user information included in receiving the first service request may be different from the original token and other user information, and the complexity of the information may be further improved.
S022: and the service server splices the first character string to obtain a second character string.
Based on the sorted first character string, the service server can splice the first character string to obtain a second character string. In one embodiment, the first string may include a token, a user id, and a preset Salt value Salt, illustratively, where:
token ═ f7f983cdb0d 6963;
the user id is 0000;
salt addition value Salt 2a7b8d8f8aa3e7 e;
specifically, the service server splices the received token, the user id and the Salt value Salt, and the second character string obtained after splicing is: f7f983cdb0d696300002a7b8d8f8aa3e7 e. It can be understood that in this embodiment, the second character string is more convenient for unified processing by splicing the first character string according to a certain format.
S023: and the service server encrypts the second character string by adopting a first encryption algorithm to obtain first encryption information.
In one embodiment, the service server encrypts the second character string by using a first encryption algorithm to obtain first encryption information. The first encryption Algorithm may be an MD5(Message-Digest Algorithm) encryption Algorithm. The MD5 algorithm is one of irreversible encryption algorithms, and is mainly characterized in that no key is used in the encryption process, and when the service server processes the input character string into encrypted data through the MD5 encryption algorithm, the encrypted character string cannot be decrypted directly, and only by re-inputting the corresponding character string and processing the character string again through the same irreversible encryption algorithm, the character string can be decrypted really. Optionally, the first encryption Algorithm may also be a SHA (Secure Hash Algorithm) encryption Algorithm, and the second string may be encrypted by the SHA encryption Algorithm to obtain the first encryption information, which is not limited herein.
Specifically, since the MD5 encryption algorithm generates 32-bit MD5 codes and the SHA encryption algorithm generates 40-bit SHA codes, encryption using the SHA encryption algorithm is less susceptible to illegal cracking of the codes than encryption using the MD5 algorithm in terms of the security of cryptanalysis; at the running speed, the encryption using the MD5 algorithm runs faster and has higher performance than the encryption using the SHA algorithm. Specifically, the MD5 encryption algorithm may be selected in consideration of the encryption speed of data encryption, and the SHA encryption algorithm may be selected in consideration of the security of data encryption.
In this embodiment, by using the MD5 encryption algorithm or the SHA encryption algorithm, there is no key storage and distribution problem and the encryption algorithm has an irreversible characteristic, and it is difficult, even impossible, to deduce the original data through normal operation, and the security is higher than that of using other algorithms such as symmetric encryption and asymmetric encryption, so that the MD5 or the SHA encryption algorithm to process the second string can greatly improve the difficulty of information encryption, thereby improving the security of information transmission.
S03: and the service server acquires the target encryption information according to the service identification information and the first encryption information.
After obtaining the first Encryption information, the service server may obtain the target Encryption information according to the service identification information and the first Encryption information, for example, based on the obtained first Encryption information and the service identification information included in the received first service request, the service server may perform secondary Encryption on the service identification information and the first Encryption information to further improve the complexity of information Encryption, in this embodiment, the service identification information and the first Encryption information may be encrypted by using an Encryption algorithm such as AES (Advanced Encryption Standard: Advanced Encryption Standard) to obtain the target Encryption information, which is not limited herein.
In an embodiment, the service server obtains the target encryption information according to the service identification information and the first encryption information, and specifically, the target encryption information may be obtained through the following steps of S031-S032:
s031: and the service server performs data desensitization on the service identification information.
In an application scenario, when a user wants to search for service data related to specific service identification information, the user may send a specific service request to a gateway through a client, where the service request may include the service identification information, and a service server may determine corresponding service identification information according to the service request. That is, after obtaining the first encryption information, the service server may determine the service identification information of the first service request, and perform data desensitization on the service identification information. The service identification information of the first service request may be used to indicate corresponding service data, and specifically may include, but is not limited to, information such as a service ID, a service name, or a service number. In one embodiment, the service identification information may be a service ID, and desensitization processing is performed on the service ID, so that it is possible to prevent others from illegally obtaining the service ID and indirectly illegally obtaining other information, thereby causing a potential safety hazard to a user. Namely, the safety of information transmission can be further improved by encrypting the related service identification information.
S032: the service server encrypts the service identification information and the first encryption information after the data desensitization by adopting a second encryption algorithm to obtain target encryption information; wherein, the second Encryption algorithm is an AES (advanced Encryption Standard) Encryption algorithm.
After the service identification information is subjected to data desensitization processing, the service server performs second encryption processing on the first encryption information and the service identification information subjected to desensitization processing, and the complexity of information encryption can be further improved through the second encryption processing. And the service server performs second encryption processing on the first encryption information and the desensitized service identification information by adopting a second encryption algorithm to obtain target encryption information, and sends the target encryption information to the client.
In an embodiment, the second encryption algorithm may adopt, for example, an AES encryption algorithm, which may further improve data security based on the first encryption algorithm, and may also improve an operation speed of data encryption. AES, as an advanced encryption standard algorithm, is a symmetric encryption algorithm. The encryption algorithm process involves four operations, namely byte substitution, row shifting, column obfuscation and round key addition, and the decryption process is the corresponding inverse operation. Since each operation is reversible, decryption in the reverse order results in the recovered data. It can be seen that AES has the advantage of fast encryption speed, and can be quickly encrypted and decrypted in both software and hardware. In this embodiment, after the first encryption algorithm is used to complete encryption by the MD5, the first encryption information and the desensitized key service are actually encrypted by, for example, the AES encryption algorithm to perform the second encryption processing, which not only can improve the security of data, but also can improve the transmission efficiency of data.
In addition, the second Encryption Algorithm can be other Encryption algorithms, such as RC4(Rivest Cipher 4: stream Encryption Algorithm) or a symmetric Encryption Algorithm such as 3DES (Triple Data Encryption Algorithm: 3-fold Data Encryption Algorithm); alternatively, the first encryption information may be an asymmetric encryption algorithm such as rsa (rsa algorithms), which is not limited herein, and the first encryption information may be encrypted by another encryption algorithm, so that the data security is improved and the data transmission efficiency is also improved.
S04: and the service server sends the target encryption information to the client so that the client generates a second service request comprising the target encryption information.
Based on the above steps, the service server performs secondary encryption on the first encryption information and the service identification information after desensitization processing by using a second encryption algorithm, and the service server may send the obtained target encryption information to the client, so that the client generates a second service request including the target encryption information. When a user needs to acquire specific service data, a second service request containing a token and target encryption information can be sent by the client to perform the specific service data request.
S05: and the gateway sends a second service request of the client to the service server, wherein the second service request comprises a token and target encryption information.
When the gateway receives a second service request containing the token and the target encryption information sent by the client, the gateway needs to verify whether the token of the current client is valid, the gateway sends the token of the client to the authorization server for verification, and when the gateway obtains the verification result of the authorization server as pass, the gateway can send the second service request of the client to the service server.
S06: and the service server decrypts the token and the target encryption information to obtain service identification information, and the service identification information is stored in the block chain.
The service server receives a second service request of the client sent by the gateway, wherein the second service request comprises a token and target encryption information; in this embodiment, the service server may obtain the service identification information when the first service request is encrypted according to the token and the target encryption information included in the second service request. Specifically, as described in step S06, in one embodiment, the second encryption algorithm may be an AES encryption algorithm, and the service server may parse the target encryption information into the service identification information by using a decryption rule reversible by AES. In addition, it should be noted that, in order to further ensure the privacy and security of the service identification information, the service identification information of this embodiment may also be stored in a node of a block chain.
S07: and the service server acquires the service data requested by the client according to the service identification information stored in the block chain.
In one embodiment, when the service server parses the service identification information according to the encryption and decryption rules, the service identification information may be stored in a node of a block chain, and then the service server may find out corresponding service data according to the service identification information stored in the block chain. In this embodiment, it can be understood that the block chain technology is a technology that can perform storage, verification, transmission, and communication of network data through its own distributed nodes without depending on a third party, and has the characteristics of "unforgeable", "trace in the whole process", "traceable", "transparent to disclosure", "collective maintenance", and the like.
S08: and the service server sends the service data to the client.
When the service server finds out the service data requested by the client, the service server sends the service data to the client so that the user can obtain the service data related to the service identification information. In this embodiment, it can be understood that, based on the service server performing the second encryption processing on the first encryption information and the desensitized service identification information, the service server may analyze the token and the target encryption information included in the second service request to obtain the service identification information, and the service identification information may be stored in the block chain; the service server searches for corresponding service data through the service identification information stored in the block chain, so that the data can be effectively prevented from being stolen by external traversal, and the safety of information transmission is further improved.
In the foregoing embodiment, through steps S01-S08, steps S021-S023, and steps S031-S032, the service server encrypts the token and the user information of the first service request by using the first encryption algorithm, so as to obtain the first encryption information, desensitizes the service identification information of the first service request, performs the second encryption processing on the first encryption information and the service identification information subjected to the desensitization processing, so as to obtain the target encryption information, and the service server sends the target encryption information to the client, so that the client generates the second service request including the target encryption information. When the service server receives a second service request including target encryption information sent by the client, the service server can analyze service identification information according to a token and the target encryption information in the second service request, and the service identification information can be stored in a block chain; the service server inquires corresponding service data through the service identification information stored in the block chain, so that the service data is sent to the client, the encryption processing is different from the prior art that the service data is directly used as an object to be encrypted, the direct exposure of the service data can be avoided, the risk that the service identification information is stolen by the outside can be effectively reduced through the encryption and the processing of the service identification information, and the safety of data transmission is realized.
In one embodiment, before step S10, that is, before the gateway sends the first service request and the second service request of the client to the service server, specifically, as shown in fig. 3, the data transmission method further includes a process of sending, by the gateway, a token verification to the authorization server:
s010: the gateway receives a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information.
The gateway receives a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information, and before the first service request is sent to a service server, the gateway needs to confirm whether the token carried by the first service request of the client passes through or not, and then the gateway sends the token to an authorization server.
S011: the gateway sends the token to the authorization server so that the authorization server verifies the token, and the authorization server sends the generated first verification result to the gateway.
In this embodiment, the current gateway sends the token to the authorization server, which verifies the received token, it being understood that, in the early stage of user login authentication, a client side can send login authentication to an authorization server through a gateway, the generated token is sent to the gateway after the authorization server passes the authentication, the token is sent to the client side by the gateway, the token authenticated in advance can be sent when the client side initiates a service request, the authorization server can verify that the token passed, and in particular, the authorization server can decode the token, if it can, and acquires information contained in the token, such as user identity information and permission information, the token is proved to be issued by the authorization server, that is, the user holding the token is proved to have been authenticated and authenticated, and the current user is legal. More specifically, the authorization server may encrypt the token in a predetermined encryption manner when generating the token, and if the token can be decrypted in a corresponding decryption manner during verification, the token can be verified, which is not limited herein. And the authorization server sends the generated first verification result to the gateway.
S012: the gateway receives a first verification result sent by the authorization server, and when the first verification result is passed, the gateway sends the token, the user information and the service identification information to the service server, so that the service server obtains first encryption information according to the token and the user information and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to the client, and the client generates a second service request according to the target encryption information.
The authorization server sends the generated first verification result to the gateway, the gateway receives the first verification result sent by the authorization server, when the first verification result is passed, namely the current client is the client which is registered and authorized, the gateway can send the first service request to the service server, so that the service server obtains first encryption information according to the token and the user information, and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to the client, and the client generates a second service request according to the target encryption information.
In this embodiment, through steps S010-S012, when the authorization server verifies that the first verification result of the token of the client is passed, the gateway sends the first service request to the corresponding service server, so that the service server responds to the relevant service flow according to the received first service request; if the first verification result is that the verification fails, the gateway can also send a verification failure instruction to the client to prompt the client to check.
S013: and the gateway receives a second service request sent by the client, wherein the second service request comprises a token and target encryption information.
The gateway receives a second service request sent by the client, wherein the second service request comprises a token and target encryption information, before the gateway sends the second service request to the service server, the gateway needs to confirm whether the token carried by the second service request of the client passes through, and the gateway sends the token to the authorization server.
S014: and the gateway sends the token to the authorization server so that the authorization server verifies the token, and the authorization server sends the generated second verification result to the gateway.
In this embodiment, a second service request sent by a client is currently received, where the second service request includes a token, the gateway sends the token to an authorization server, and the authorization server verifies the token. Specifically, the authorization server may decode the token, and if the token can be decoded and information included in the token, for example, authority information or the like, is obtained, the token is proved to be issued by the authorization server, that is, the current user is proved to be a valid user. And the authorization server sends the second verification result decoded by the token to the gateway.
S015: and the gateway receives a second verification result sent by the authorization server, and when the second verification result is passed, the gateway sends the token and the target encryption information to the service server so that the service server decrypts the token and the target encryption information to obtain service identification information, and the service server acquires service data requested by the client according to the service identification information and sends the service data to the client.
The authorization server sends the generated second verification result to the gateway, the gateway receives the second verification result sent by the authorization server, when the second verification result is passed, that is, the current client is the client which is authorized to register, the gateway can send the token and the target encryption information to the service server, so that the service server decrypts the token and the target encryption information to obtain service identification information, the service identification information is stored in the block chain, and the service server obtains service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
In this embodiment, through steps S013 to S015, the gateway sends the token of the receiving client to the authorization server, the authorization server verifies whether the received token is valid, and when the second verification result is valid, the gateway sends the second service request sent by the client to the service server.
In one embodiment, before step S10, that is, before the first service request of the client is sent by the gateway to the service server, the data transmission method further includes a process that the gateway sends a client login request to the authorization server to obtain the token, specifically, as shown in fig. 4, the method includes:
s001: the gateway receives a login request sent by a client, wherein the login request comprises user identity information.
In one embodiment, for example, during a login phase of a user, the user may send a login request to the gateway through the client, where the login request may include, but is not limited to, user identity information, which may be, for example, a user name and a password, or a user ID and a password, and the gateway sends the login request to the authorization server after receiving the login request.
S002: and the gateway sends the login request to the authorization server so that the authorization server authenticates the user identity information included in the login request, and when the authentication result is passed, the authorization server sends the generated token to the gateway.
The authorization server authenticates the user identity information included in the login request, specifically, the authorization server may include an identity authentication process and an authentication process, wherein the authorization server may obtain pre-stored user information and corresponding preset authority information in advance, and perform authentication according to the user identity information, the pre-stored user information and the corresponding preset authority information. Of course, other authentication means may be adopted in the present embodiment, and the present invention is not limited thereto.
And the authorization server sends the generated token to the gateway after the authentication is passed, wherein the token may include user identity information and/or authority information, and the like, which is not limited herein.
S003: and the gateway sends the token to the client so that the client stores the token.
After the gateway acquires the token sent by the authorization server, the gateway sends the token to the client, and the token is stored by the client, so that the client can carry the token when sending the service request, and the quick and efficient verification can be realized in the service process.
In this embodiment, login authentication of the client and authorization of the token can be realized through steps S001 to S003. The token may be a string generated by the authorization server, and serves as a token requested by the client. After the client acquires the token issued by the authorization server, the client only needs to send the token to realize the service request, and the user name and the password do not need to be sent again. By establishing a connection through Token, frequent database queries can be reduced, thereby relieving the pressure of the server.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, a data transmission apparatus is provided, which is applied to a service server, and specifically, as shown in fig. 5, the data transmission apparatus includes a first receiving module 10, a first obtaining module 20, a second obtaining module 30, a first sending module 40, a second receiving module 50, a decryption module 60, and a second sending module 70. Wherein, each functional module is explained in detail as follows:
the first receiving module 10 is configured to receive a first service request of a client sent by a gateway, where the first service request includes a token, user information, and service identification information;
a first obtaining module 20, configured to obtain target encryption information according to the service identifier information and the first encryption information;
a second obtaining module 30, configured to obtain target encryption information according to the service identifier information and the first encryption information;
a first sending module 40, configured to send the target encryption information to the client, so that the client generates a second service request including the target encryption information;
a second receiving module 50, configured to receive a second service request of the client sent by the gateway, where the second service request includes a token and target encryption information;
the decryption module 60 is configured to decrypt the token and the target encryption information to obtain service identification information, where the service identification information is stored in the block chain;
and a second sending module 70, configured to obtain service data requested by the client according to the service identification information stored in the block chain, and send the service data to the client.
In one embodiment, a data transmission apparatus is provided, which is applied to a gateway, and specifically, as shown in fig. 6, the data transmission apparatus includes: the first receiving module 01, the first sending module 02, the first forwarding module 03, the second receiving module 04, the second sending module 05, and the second forwarding module 06, wherein the detailed description of each functional module is as follows:
the first receiving module 01 is configured to receive a first service request sent by a client, where the first service request includes a token, user information, and service identification information;
the first sending module 02 is configured to send the token to the authorization server, so that the authorization server verifies the token, and the authorization server sends the generated first verification result to the gateway;
the first forwarding module 03 is configured to receive a first verification result sent by the authorization server and received by the gateway, and when the first verification result is a pass-through result, the gateway sends the token, the user information, and the service identification information to the service server, so that the service server obtains first encryption information according to the token and the user information, and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to the client, and the client generates a second service request according to the target encryption information;
the second receiving module 04 is configured to receive a second service request sent by the client, where the second service request includes a token and target encryption information;
the second sending module 05 is configured to send the token to the authorization server, so that the authorization server verifies the token, and the authorization server sends the generated second verification result to the gateway;
the second forwarding module 06 is configured to receive a second verification result sent by the authorization server, and when the second verification result is that the token passes through the second forwarding module, the gateway sends the token and the target encryption information to the service server, so that the service server decrypts the token and the target encryption information to obtain service identification information, and the service identification information is stored in the block chain; and the service server acquires service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
For the specific limitations of the data transmission device, reference may be made to the limitations of the data transmission method above, and details are not repeated here. The modules in the data transmission device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In an embodiment, as shown in fig. 7, there is provided a computer device 6, which includes a memory 62, a processor 61, and a computer program 63 stored in the memory 62 and capable of running on the processor 61, where when the processor executes the computer program 63, the processor implements the steps of the service server or the gateway in the data transmission method according to the foregoing embodiment, and details are not described here again to avoid repetition. Alternatively, the functions of the modules in the above-described data transmission apparatus embodiment are implemented when the processor 61 executes the computer program 63, and are not described herein again to avoid repetition.
In an embodiment, a readable storage medium is provided, where the readable storage medium stores a computer program 63, and when executed by the processor 61, the computer program 63 implements the steps of the service server or the gateway in the account binding method according to the foregoing embodiment, and details are not described here to avoid repetition. Alternatively, the functions of the modules in the above-described data transmission apparatus embodiment are implemented when the processor 61 executes the computer program 63, and are not described herein again to avoid repetition.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, databases, or other media used in embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing functional units and modules are merely illustrated as being divided, and in practical applications, the foregoing functional allocation may be performed by different functional modules, sub-modules and units according to needs, that is, the internal structure of the device is divided into different functional units or modules to perform all or part of the above-described functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A method of data transmission, the method comprising:
a service server receives a first service request of a client sent by a gateway, wherein the first service request comprises a token, user information and service identification information;
the service server acquires first encryption information according to the token and the user information;
the service server acquires target encryption information according to the service identification information and the first encryption information;
the business server sends the target encryption information to the client so that the client generates a second business request comprising the target encryption information;
the service server receives a second service request of the client sent by the gateway, wherein the second service request comprises the token and the target encryption information;
the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain;
and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
2. The data transmission method according to claim 1, wherein the obtaining, by the service server, the first encryption information according to the token and the user information includes:
the service server sequences the token and the user information to obtain a first character string;
the service server splices the first character string to obtain a second character string;
the service server encrypts the second character string by adopting a first encryption algorithm to obtain first encryption information; wherein the first encryption Algorithm is an MD5(Message-Digest Algorithm5) encryption Algorithm.
3. The data transmission method according to claim 1, wherein the service server obtains target encryption information according to the service identification information and the first encryption information, and includes:
the service server performs data desensitization on the service identification information;
the service server encrypts the service identification information and the first encryption information after data desensitization by adopting a second encryption algorithm to obtain the target encryption information; wherein the second encryption algorithm is an aes (advanced encryption standard) encryption algorithm.
4. A method of data transmission, the method comprising:
a gateway receives a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information;
the gateway sends the token to an authorization server so that the authorization server verifies the token, and the authorization server sends the generated first verification result to the gateway;
the gateway receives a first verification result sent by the authorization server, and when the first verification result is passed, the gateway sends the token, the user information and the service identification information to a service server, so that the service server obtains first encryption information according to the token and the user information and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to a client, and the client generates a second service request according to the target encryption information;
the gateway receives a second service request sent by the client, wherein the second service request comprises the token and the target encryption information;
the gateway sends the token to the authorization server so that the authorization server verifies the token, and the authorization server sends the generated second verification result to the gateway;
the gateway receives a second verification result sent by the authorization server, and when the second verification result is passed, the gateway sends the token and the target encryption information to the service server so that the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain;
and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
5. The data transmission method of claim 4, wherein the method further comprises:
the gateway receives a login request sent by the client, wherein the login request comprises user identity information;
the gateway sends the login request to the authorization server so that the authorization server authenticates the user identity information included in the login request, and when the authentication result is passed, the authorization server sends the generated token to the gateway;
and the gateway sends the token to the client so that the client stores the token.
6. A data transmission apparatus, wherein the apparatus is applied to a service server, and comprises:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a first service request of a client, which is sent by a gateway, and the first service request comprises a token and user information;
the first obtaining module is used for obtaining first encryption information according to the token and the user information;
the second obtaining module is used for obtaining target encryption information according to the service identification information and the first encryption information;
the first sending module is used for sending the target encryption information to the client so that the client generates a second service request comprising the target encryption information;
a second receiving module, configured to receive a second service request of the client sent by the gateway, where the second service request includes the token and the target encryption information;
the decryption module is used for decrypting the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain;
and the second sending module is used for acquiring the service data requested by the client according to the service identification information stored in the block chain and sending the service data to the client.
7. A data transmission apparatus, applied to a gateway, comprising:
the first receiving module is used for receiving a first service request sent by a client, wherein the first service request comprises a token, user information and service identification information;
the first sending module is used for sending the token to an authorization server so that the authorization server verifies the token, and the authorization server sends a generated first verification result to the gateway;
the first forwarding module is used for receiving a first verification result sent by the authorization server and received by the gateway, and when the first verification result is passed, the gateway sends the token, the user information and the service identification information to the service server, so that the service server obtains first encryption information according to the token and the user information and obtains target encryption information according to the service identification information and the first encryption information, the service server sends the target encryption information to a client, and the client generates a second service request according to the target encryption information;
a second receiving module, configured to receive a second service request sent by the client, where the second service request includes the token and the target encryption information;
the second sending module is configured to send the token to the authorization server, so that the authorization server verifies the token, and the authorization server sends a generated second verification result to the gateway;
the second forwarding module is configured to receive a second verification result sent by the authorization server, and when the second verification result is that the second verification result passes, the gateway sends the token and the target encryption information to the service server, so that the service server decrypts the token and the target encryption information to obtain the service identification information, and the service identification information is stored in a block chain; and the service server acquires the service data requested by the client according to the service identification information stored in the block chain and sends the service data to the client.
8. A data transmission system, the system comprising:
a service server for performing the data transmission method according to any one of claims 1 to 3;
gateway for performing the data transmission method according to any of claims 4-5.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the data transmission method according to any one of claims 1-3 or the data transmission method according to any one of claims 4-5 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the data transmission method according to any one of claims 1 to 3 or the data transmission method according to any one of claims 4 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010587451.5A CN111756737B (en) | 2020-06-24 | 2020-06-24 | Data transmission method, device, system, computer equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010587451.5A CN111756737B (en) | 2020-06-24 | 2020-06-24 | Data transmission method, device, system, computer equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111756737A true CN111756737A (en) | 2020-10-09 |
| CN111756737B CN111756737B (en) | 2023-10-13 |
Family
ID=72677061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010587451.5A Active CN111756737B (en) | 2020-06-24 | 2020-06-24 | Data transmission method, device, system, computer equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756737B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112333199A (en) * | 2020-11-17 | 2021-02-05 | 珠海大横琴科技发展有限公司 | Data processing method and device |
| CN112532626A (en) * | 2020-11-30 | 2021-03-19 | 南威软件股份有限公司 | Point-to-point encrypted chatting method |
| CN112989426A (en) * | 2021-04-30 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authorization authentication method and device, and resource access token acquisition method |
| CN113905381A (en) * | 2021-10-18 | 2022-01-07 | 中国联合网络通信集团有限公司 | Service processing method, device, equipment and readable storage medium |
| CN114095502A (en) * | 2021-10-08 | 2022-02-25 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| CN114157712A (en) * | 2021-11-29 | 2022-03-08 | 平安科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN114172664A (en) * | 2021-12-07 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium |
| CN115396880A (en) * | 2022-08-09 | 2022-11-25 | 重庆长安汽车股份有限公司 | Encryption method, system, equipment and medium for internet of vehicles user information security |
| WO2023061108A1 (en) * | 2021-10-14 | 2023-04-20 | ***股份有限公司 | Data masking method, and federated learning method and system |
| WO2023078106A1 (en) * | 2021-11-02 | 2023-05-11 | 华为技术有限公司 | Access control method, apparatus and system for encrypted traffic |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685167A (en) * | 2011-03-17 | 2012-09-19 | 深圳市同洲软件有限公司 | Multi-terminal business switching method, business terminal and multi-terminal business switching system |
| CN107493280A (en) * | 2017-08-15 | 2017-12-19 | 中国联合网络通信集团有限公司 | Method, intelligent gateway and the certificate server of user authentication |
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| US20190058697A1 (en) * | 2017-08-17 | 2019-02-21 | Domanicom Corporation | Systems and methods for implementing data communication with security tokens |
| CN109446234A (en) * | 2018-10-12 | 2019-03-08 | Oppo广东移动通信有限公司 | Data processing method, device and electronic equipment |
| CN109886689A (en) * | 2019-03-05 | 2019-06-14 | 阿里巴巴集团控股有限公司 | Data based on block chain deposit card, evidence collecting method and device |
| CN110493229A (en) * | 2019-08-21 | 2019-11-22 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
-
2020
- 2020-06-24 CN CN202010587451.5A patent/CN111756737B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685167A (en) * | 2011-03-17 | 2012-09-19 | 深圳市同洲软件有限公司 | Multi-terminal business switching method, business terminal and multi-terminal business switching system |
| CN107493280A (en) * | 2017-08-15 | 2017-12-19 | 中国联合网络通信集团有限公司 | Method, intelligent gateway and the certificate server of user authentication |
| US20190058697A1 (en) * | 2017-08-17 | 2019-02-21 | Domanicom Corporation | Systems and methods for implementing data communication with security tokens |
| CN109446234A (en) * | 2018-10-12 | 2019-03-08 | Oppo广东移动通信有限公司 | Data processing method, device and electronic equipment |
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| CN109886689A (en) * | 2019-03-05 | 2019-06-14 | 阿里巴巴集团控股有限公司 | Data based on block chain deposit card, evidence collecting method and device |
| CN110493229A (en) * | 2019-08-21 | 2019-11-22 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112333199A (en) * | 2020-11-17 | 2021-02-05 | 珠海大横琴科技发展有限公司 | Data processing method and device |
| CN112532626A (en) * | 2020-11-30 | 2021-03-19 | 南威软件股份有限公司 | Point-to-point encrypted chatting method |
| CN112989426A (en) * | 2021-04-30 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authorization authentication method and device, and resource access token acquisition method |
| CN114095502A (en) * | 2021-10-08 | 2022-02-25 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| CN114095502B (en) * | 2021-10-08 | 2023-11-03 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| WO2023061108A1 (en) * | 2021-10-14 | 2023-04-20 | ***股份有限公司 | Data masking method, and federated learning method and system |
| CN113905381A (en) * | 2021-10-18 | 2022-01-07 | 中国联合网络通信集团有限公司 | Service processing method, device, equipment and readable storage medium |
| CN113905381B (en) * | 2021-10-18 | 2024-04-16 | 中国联合网络通信集团有限公司 | Service processing method, device, equipment and readable storage medium |
| WO2023078106A1 (en) * | 2021-11-02 | 2023-05-11 | 华为技术有限公司 | Access control method, apparatus and system for encrypted traffic |
| CN114157712B (en) * | 2021-11-29 | 2023-08-18 | 平安科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN114157712A (en) * | 2021-11-29 | 2022-03-08 | 平安科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN114172664A (en) * | 2021-12-07 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium |
| CN114172664B (en) * | 2021-12-07 | 2024-02-09 | 天融信雄安网络安全技术有限公司 | Data encryption and data decryption methods and devices, electronic equipment and storage medium |
| CN115396880A (en) * | 2022-08-09 | 2022-11-25 | 重庆长安汽车股份有限公司 | Encryption method, system, equipment and medium for internet of vehicles user information security |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111756737B (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111756737B (en) | Data transmission method, device, system, computer equipment and readable storage medium | |
| CN109600350B (en) | System and method for secure communication between controllers in a vehicle network | |
| US7925023B2 (en) | Method and apparatus for managing cryptographic keys | |
| US7992193B2 (en) | Method and apparatus to secure AAA protocol messages | |
| US10348706B2 (en) | Assuring external accessibility for devices on a network | |
| JP2017139811A5 (en) | ||
| US20160337354A1 (en) | System and method for securing machine-to-machine communications | |
| CN111512608B (en) | Trusted execution environment based authentication protocol | |
| US10771467B1 (en) | External accessibility for computing devices | |
| KR102364652B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF USING WHITE-BOX CRYPTOGRAPHY | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN109905384B (en) | Data migration method and system | |
| CN111800378A (en) | Login authentication method, device, system and storage medium | |
| JP2017524306A (en) | Protection against malicious changes in cryptographic operations | |
| CN115277168A (en) | Method, device and system for accessing server | |
| KR102364649B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| KR20130085492A (en) | Authentication system and method by use of non-fixed user id | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm | |
| US10015143B1 (en) | Methods for securing one or more license entitlement grants and devices thereof | |
| CN110912857A (en) | Method and storage medium for sharing login between mobile applications | |
| CN114039748A (en) | Identity authentication method, system, computer device and storage medium | |
| CN112291058A (en) | Communication method of management system and management system | |
| CN106790164B (en) | L2TP password modification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |