CN113794553A - Data transmission method and device, electronic equipment and storage medium - Google Patents
Data transmission method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113794553A CN113794553A CN202011344298.XA CN202011344298A CN113794553A CN 113794553 A CN113794553 A CN 113794553A CN 202011344298 A CN202011344298 A CN 202011344298A CN 113794553 A CN113794553 A CN 113794553A
- Authority
- CN
- China
- Prior art keywords
- key
- message
- encrypted
- request
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 96
- 230000005540 biological transmission Effects 0.000 title claims abstract description 83
- 238000012545 processing Methods 0.000 claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 43
- 238000012546 transfer Methods 0.000 claims abstract description 15
- 230000004044 response Effects 0.000 claims description 58
- 238000004458 analytical method Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 10
- 230000008569 process Effects 0.000 description 21
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides a data transmission method, a data transmission device, electronic equipment and a computer-readable storage medium, and relates to the field of network communication. The data transmission method comprises the following steps: encrypting the first original message based on the first key and generating a first encrypted message; encrypting the first secret key based on a public key of a second secret key, and generating encryption verification data; adding the encrypted verification data to the first encrypted message to update the first encrypted message into a request message; and sending the request message to the second electronic equipment based on the hypertext transfer protocol so as to execute the processing operation corresponding to the request message by the second electronic equipment. Through the technical scheme disclosed by the invention, the risk of sensitive data being tampered can be reduced, and the safety of data transmission is improved.
Description
Technical Field
The present disclosure relates to the field of network communication technologies, and in particular, to a data transmission method and apparatus, an electronic device, and a computer-readable storage medium.
Background
In the related art, the Secure transmission of the sensitive data may be performed through an HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, HTTP channel targeting security), whereas in the existing service network architecture, because an ssl (Secure Socket Layer) certificate of an HTTPS service (including a public key and a private key, the public key is used for encrypting information, and the private key is used for interpreting encrypted information) is placed on a proxy server, and in a scenario where a large amount of cloud hosts and cloud services are used, the encrypted sensitive data is decrypted on the proxy server and then transmitted to a server in a plaintext form, which results in a risk of the sensitive data being leaked in the transmission process.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure aims to provide a data transmission method, a data transmission apparatus, an electronic device, and a computer-readable storage medium, which overcome, at least to some extent, the problem in the related art that http-transmitted data has a risk of being tampered with.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, there is provided a data transmission method including: encrypting the first original message based on the first key and generating a first encrypted message; encrypting the first secret key based on a public key of a second secret key, and generating encryption verification data; adding the encrypted verification data to the first encrypted message to update the first encrypted message to be a request message; and sending the request message to a second electronic device based on a hypertext transfer protocol so that the second electronic device executes processing operation corresponding to the request message.
In one embodiment, the encrypting the first key based on the public key of the second key and generating the encrypted verification data comprises: encrypting the first secret key based on the public key of the second secret key to generate an encryption secret key; and performing digest processing on the first encrypted message and the first key, and generating first signature information so as to determine the first signature information and the encryption key as the encrypted verification data.
In one embodiment, the adding the encrypted verification data to the first encrypted message to update the first encrypted message to a request message includes: and adding the encrypted verification data to a request header of the first encrypted message.
In one embodiment, before sending the request message to the second electronic device based on the hypertext transfer protocol, the method further includes: adding an encrypted identification to the request header.
In one embodiment, further comprising: receiving a response message sent by the second electronic equipment based on the processing operation; performing digest processing on the response message and the first secret key, and generating fourth signature information; and under the condition that the fourth signature information is detected to be matched with the response header of the response message, performing decryption operation on the response message based on the first secret key to generate a second original message.
In one embodiment, further comprising: and determining that the response message is invalid when the fourth signature information is detected not to be matched with the response header of the response message.
In one embodiment, before encrypting the first original message based on the first key and generating the first encrypted message, the method further comprises: and loading a first plug-in to call the first plug-in to configure the first original message into the request message when detecting that the first original message needs to be encrypted and transmitted.
According to another aspect of the present disclosure, there is provided a data transmission method including: receiving a request message sent by first electronic equipment; analyzing the request message based on a private key of a second key to obtain a first key from the request message; performing digest processing on the request message and the first secret key, and generating second signature information; under the condition that the second signature information is detected to be matched with the request message, performing decryption operation on the request message based on the first secret key to generate a first original message; and executing processing operation based on the first original message.
In one embodiment, before performing a parsing operation on the request packet based on a private key of a second key to obtain a first key from the request packet, the method further includes: loading a second plug-in unit to intercept the request message; and when detecting that the request header of the request message comprises the encryption identifier, calling the second plug-in to configure the request message into the first original message.
In one embodiment, the performing, by the private key based on the second key, a parsing operation on the request packet to obtain the first key from the request packet includes: extracting an encryption key in a request header of the request message; decrypting the encrypted key based on a private key of the second key to generate the first key.
In one embodiment, the performing, in the case that it is detected that the second signature information matches the request packet, a decryption operation on the request packet based on the first key to generate a first original packet includes: extracting first signature information in a request header of the request message; and when the first signature information is determined to be consistent with the second signature information, determining that the second signature information is matched with the request header so as to execute decryption operation on the request message based on the first key.
In one embodiment, further comprising: and sending error information to the first electronic equipment when the first signature information is determined to be inconsistent with the second signature information.
In one embodiment, further comprising: generating a second original message based on the processing operation; encrypting the second original message based on the first key to generate a second encrypted message; performing digest processing on the second encrypted message and the first key, and generating third signature information; adding the third signature information to a response header of the second encrypted message to update the second encrypted message to a response message; and sending the response message to the first electronic equipment based on a hypertext transfer protocol.
According to still another aspect of the present disclosure, there is provided a data transmission apparatus including: the encryption module is used for encrypting the first original message based on the first secret key and generating a first encrypted message; the generating module is used for encrypting the first secret key based on the public key of the second secret key and generating encryption verification data; an adding module, configured to add the encrypted verification data to the first encrypted message, so as to update the first encrypted message to a request message; and the sending module is used for sending the request message to second electronic equipment based on a hypertext transfer protocol so that the second electronic equipment executes processing operation corresponding to the request message.
According to still another aspect of the present disclosure, there is provided a data transmission apparatus including: the receiving module is used for receiving a request message sent by first electronic equipment; the analysis module is used for carrying out analysis operation on the request message based on a private key of a second key so as to obtain a first key from the request message; the processing module is used for performing digest processing on the request message and the first secret key and generating second signature information; the decryption module is used for executing decryption operation on the request message based on the first secret key under the condition that the second signature information is detected to be matched with the request message so as to generate a first original message; and the execution module is used for executing processing operation based on the first original message.
According to yet another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions for the processor; wherein the processor is configured to perform the data transmission method of any one of the above via execution of the executable instructions.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the data transmission method of any one of the above.
According to the data transmission scheme provided by the embodiment of the disclosure, when a first original message including sensitive data needs to be encrypted, on the basis of encrypting the first original message based on a first secret key to obtain a first encrypted message, encryption verification data is added into the first encrypted message to generate a request message, the encryption verification data is generated by encrypting the first secret key by using a second secret key, so that the first secret key is sent along with the encrypted message to ensure that the request message is in an encrypted state before reaching a second electronic device and being decrypted, the risk of sensitive data being tampered can be reduced, namely the safety coefficient of encryption operation is improved, and further, the request message is sent to the second electronic device to realize the safe transmission of data between the first electronic device and the second electronic device.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
Fig. 1 is a schematic diagram illustrating a system structure of a data transmission method in an embodiment of the present disclosure;
FIG. 2 shows a flow chart of a data transmission method in an embodiment of the disclosure;
FIG. 3 shows a flow diagram of another method of data transmission in an embodiment of the disclosure;
FIG. 4 is a flow chart illustrating a further method of data transmission in an embodiment of the present disclosure;
FIG. 5 shows a flow chart of yet another data transmission method in an embodiment of the present disclosure;
FIG. 6 shows a flow chart of yet another data transmission method in an embodiment of the present disclosure;
FIG. 7 shows a flow chart of yet another data transmission method in an embodiment of the disclosure;
FIG. 8 is a flow chart illustrating a method for data transmission in which a first electronic device interacts with a second electronic device in an embodiment of the present disclosure;
fig. 9 shows a flow chart of another data transmission method in which a first electronic device interacts with a second electronic device in an embodiment of the disclosure;
FIG. 10 is a schematic diagram of a data transmission device in an embodiment of the disclosure;
FIG. 11 is a schematic diagram of another data transmission device in an embodiment of the disclosure;
fig. 12 shows a schematic diagram of an electronic device in an embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
According to the scheme provided by the application, the encrypted verification data is added into the first encrypted message to generate the request message, the encrypted verification data is generated based on the first secret key, the risk that sensitive data is tampered can be reduced, namely the safety factor of encryption operation is improved, further, the request message is sent to the second electronic equipment, and the data can be safely transmitted between the first electronic equipment and the second electronic equipment.
For ease of understanding, the following first explains several terms referred to in this application.
Asymmetric key: the asymmetric cryptosystem is also called as public key cryptosystem and double key cryptosystem. The principle is that the encryption key is different from the decryption key to form a key pair, and the result encrypted by one key can be decrypted by the other key, wherein one key is public and used as a public key, and the other key is secret and used as a private key.
Symmetric key: symmetric encryption algorithms, i.e., algorithms that use the same key for encryption and decryption.
The scheme provided by the embodiment of the application relates to technologies based on data encryption transmission and the like, and is specifically explained by the following embodiment.
Fig. 1 shows a schematic structural diagram of a system of a data transmission method in an embodiment of the present disclosure, which includes a plurality of terminals 120 and a server cluster 140.
The terminal 120 may be a mobile terminal such as a mobile phone, a game console, a tablet Computer, an e-book reader, smart glasses, an MP4(Moving Picture Experts Group Audio Layer IV) player, an intelligent home device, an AR (Augmented Reality) device, a VR (Virtual Reality) device, or a Personal Computer (PC), such as a laptop Computer and a desktop Computer.
Among them, an application program for providing a data transmission method may be installed in the terminal 120.
The terminals 120 are connected to the server cluster 140 through a communication network. Optionally, the communication network is a wired network or a wireless network.
The server cluster 140 is a server, or is composed of a plurality of servers, or is a virtualization platform, or is a cloud computing service center. The server cluster 140 is used to provide background services for providing data transfer applications. Optionally, the server cluster 140 undertakes primary computational work and the terminal 120 undertakes secondary computational work; alternatively, the server cluster 140 undertakes secondary computing work and the terminal 120 undertakes primary computing work; alternatively, the terminal 120 and the server cluster 140 perform cooperative computing by using a distributed computing architecture.
In some optional embodiments, the server cluster 140 is used to store data transmission models, prediction methods, and the like.
Alternatively, the clients of the applications installed in different terminals 120 are the same, or the clients of the applications installed on two terminals 120 are clients of the same type of application of different control system platforms. Based on different terminal platforms, the specific form of the client of the application program may also be different, for example, the client of the application program may be a mobile phone client, a PC client, or a World Wide Web (Web) client.
Those skilled in the art will appreciate that the number of terminals 120 described above may be greater or fewer. For example, the number of the terminals may be only one, or several tens or hundreds of the terminals, or more. The number of terminals and the type of the device are not limited in the embodiments of the present application.
Optionally, the system may further include a management device (not shown in fig. 1), and the management device is connected to the server cluster 140 through a communication network. Optionally, the communication network is a wired network or a wireless network.
Optionally, the wireless network or wired network described above uses standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet protocol Security (IPsec). In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.
Hereinafter, each step in the data transmission method in the present exemplary embodiment will be described in more detail with reference to the drawings and examples.
Fig. 2 shows a flow chart of a data transmission method in an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be performed by any electronic device with computing processing capability, for example, the terminal 120 and/or the server cluster 140 in fig. 1. In the following description, the terminal 120 is taken as an execution subject for illustration.
As shown in fig. 2, the terminal 120 is specifically a first electronic device, and data interaction can be performed between the first electronic device and a second electronic device, where the first electronic device is a request end, the second electronic device is a response end, and the terminal 120 performs a data transmission method, including the following steps:
step S202, the first original message is encrypted based on the first key, and a first encrypted message is generated.
The first original message may specifically include sensitive data, the first key may be a random symmetric key, and by using the symmetric key as the first key, the first original message is encrypted and is also conveniently decrypted by the second electronic device that receives the first original message.
Step S204, the first secret key is encrypted based on the public key of the second secret key, and encryption verification data is generated.
The encryption verification data is used for verifying the reliability and the safety of the encryption operation.
Specifically, the encryption verification data may be signature information, an encryption identifier, an encrypted first key, and the like of the first encrypted message.
Step S206, adding the encrypted verification data to the first encrypted message to update the first encrypted message to a request message.
The first encrypted message added with the encrypted verification data is called a request message by adding the encrypted verification data generated by the first secret key into the first encrypted message, so that the security of the request message is improved.
The request message may include a request line, a request header and a request body, and the encrypted verification data may be added to the first encrypted message and may be added to at least one of the request line, the request header and the request body.
And step S208, sending the request message to the second electronic equipment based on the hypertext transfer protocol so that the second electronic equipment executes the processing operation corresponding to the request message.
The secure transmission of sensitive data under the existing system is realized by sending a request message based on HTTP.
In this embodiment, when it is determined that a first original message including sensitive data needs to be encrypted, on the basis of encrypting the first original message based on a first key to obtain a first encrypted message, encryption verification data is added to the first encrypted message to generate a request message, the encryption verification data is generated by encrypting the first key with a second key, so that the first key is sent along with the encrypted message to ensure that the request message is in an encrypted state before reaching a second electronic device and being decrypted, the risk of sensitive data being tampered can be reduced, that is, the security coefficient of the encryption operation is improved, and further, the request message is sent to the second electronic device to realize secure transmission of data between the first electronic device and the second electronic device.
In one embodiment, adding the encrypted verification data to the first encrypted message to update the first encrypted message to the request message comprises: and adding the encrypted verification data to the request header of the first encrypted message.
In this embodiment, by adding the encrypted verification data to the request header of the first encrypted message, the response end can conveniently and quickly determine whether the request message and the response message need to be processed.
As shown in fig. 3, in one embodiment, the step S204 of encrypting the first key based on the public key of the second key and generating the encrypted verification data includes:
step S302, the first key is encrypted based on the public key of the second key, and an encryption key is generated.
The second key may specifically be an asymmetric key, and the first key is encrypted based on the second key, that is, the public key of the asymmetric key is used to encrypt the first key, and in combination with an encryption manner in which a random symmetric key is used as the first key, the security coefficient for encrypting the first original message can be improved.
Step S304, perform digest processing on the first encrypted message and the first key, and generate first signature information, so as to determine the first signature information and the first key as encryption verification data.
On the basis of encrypting the first original message to generate the first encrypted message, the first encrypted message and the first key are signed to obtain first signature information, and the integrity of data transmission is guaranteed.
In one embodiment, before sending the request message to the second electronic device based on the hypertext transfer protocol, the method further includes:
step S306, the encrypted identification is added to the request header.
The encrypted identifier is used for representing that the request message is an encrypted message, and if the encrypted identifier can be analyzed at a response end, namely the second electronic equipment end, the request message needs to be decrypted, so that dynamic adaptive decryption can be realized at the response end.
Step S308, updating the first encryption message based on the encryption identification and the encryption verification data to obtain a request message.
In this embodiment, by adding the first signature information, the encryption key, and the encryption identifier to the first encrypted message, preferably, adding the above information to a request header of the first encrypted message, so as to facilitate analysis of the above information by a response terminal, where the first signature information is used to verify reliability of data transmission, the encryption key can ensure security of the first key used for decryption, and the encryption identifier is used to indicate that the request message needs to be analyzed, so that while the security of request message transmission is improved, it is also beneficial to improve the efficiency of analyzing the request message by the second electronic device terminal.
As shown in fig. 4, in an embodiment, after step S208, the data transmission method further includes:
step S402, receiving a response message sent by the second electronic device based on the processing operation.
After the request message is sent to the second electronic device, the response message of the response is received.
Step S404, performing digest processing on the response packet and the first key, and generating fourth signature information.
And the fourth signature information is used for detecting whether the response message is tampered.
In step S406, in the case that it is detected that the fourth signature information matches the response header of the response packet, a decryption operation is performed on the response packet based on the first key to generate a second original packet.
And detecting whether the fourth signature information is matched with a response header of the response message, namely whether the fourth signature information is consistent with the third signature information in the response header, if so, indicating that the fourth signature information is matched with the third signature information, and if not, indicating that the fourth signature information is not matched with the third signature information in the response header.
Step S408, determining that the response message is invalid when the fourth signature information is detected not to match the response header of the response message.
In this embodiment, at the first electronic device, after receiving a response packet fed back by the second electronic device based on the request packet, the fourth signature information generated by performing digest processing on the response packet and the first key is compared with a packet header of the response packet, so as to determine whether the response packet is tampered based on a comparison result, thereby ensuring security of data interaction in the whole transmission process.
In one embodiment, before encrypting the first original message based on the first key and generating the first encrypted message, the method further comprises: and loading the first plug-in to call the first plug-in to configure the first original message into a request message when detecting that the first original message needs to be encrypted and transmitted.
In this embodiment, the Plug-in (Plug-in, also called addin, add-in, addon, or add-on, also called Plug-in) is a program written by an application program interface following a certain specification, so that the first Plug-in only wants the above message encryption operation, and does not need to modify the interface parameters for executing the above operation in the operating system, thereby reducing the intrusiveness into the operating system.
In addition, a first plug-in is loaded on the first electronic device, the first plug-in is a request end plug-in, the data transmission method is executed through the first plug-in, whether the first original message needs to be encrypted and transmitted or not can be determined by the first plug-in according to needs in the using process, and a business layer of the electronic device does not need to care about the encryption and decryption process, so that the safety of output transmission is guaranteed, and meanwhile, the transformation cost of system service can be reduced.
In the embodiment, the request plug-in and the server plug-in are respectively provided for the request end and the service end to complete the end-to-end data security transmission
Fig. 5 shows a flowchart of a data transmission method in an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be performed by any electronic device with computing processing capability, for example, the terminal 120 and/or the server cluster 140 in fig. 1. In the following description, the terminal 120 is taken as an execution subject for illustration.
As shown in fig. 5, the terminal 120 performs a data transmission method, including the steps of:
step S502, receiving a request message sent by the first electronic device.
Step S504, an analysis operation is performed on the request packet based on the private key of the second key, so as to obtain the first key from the request packet.
Step S506, perform digest processing on the request message and the first key, and generate second signature information.
Step S508, in a case that it is detected that the second signature information matches the request packet, performing a decryption operation on the request packet based on the first key to generate a first original packet.
Step S510, a processing operation is performed based on the first primitive packet.
The processing operation executed based on the first original packet includes but is not limited to: storing the data in the first original message, triggering the corresponding processing program based on the instruction in the first original message, and the like.
In this embodiment, after the second electronic device receives the request message, when it is determined that the first original message including the sensitive data needs to be encrypted, the encrypted verification data is added to the first encrypted message to generate the request message on the basis that the first original message is encrypted based on the first key to obtain the first encrypted message, and the encrypted verification data is generated based on the first key, so that the risk of tampering the sensitive data can be reduced, that is, the security coefficient of the encryption operation is improved, and further, the request message is sent to the second electronic device, thereby realizing the secure transmission of data between the first electronic device and the second electronic device.
In one embodiment, before performing a parsing operation on the request message based on the private key of the second key to obtain the first key from the request message in step S504, the method further includes:
step S602, loading a second plug-in interception request message.
Step S604, when detecting that the request header of the request packet includes the encrypted identifier, invoking the second plug-in to configure the request packet as the first original packet.
In this embodiment, a second plugin is loaded on a second electronic device, after a request message is received, the second plugin is directly used to perform an analysis operation on the request message, after a first key is decrypted, a first original message is continuously decrypted by using the first key, and when the second electronic device directly performs a corresponding operation based on the obtained first original message, so that the second electronic device does not need to modify interface parameters for performing the decryption operation in order to improve security, so as to reduce intrusiveness on an operating system of the second electronic device.
In the using process, the first plug-in can request whether the message data needs to be encrypted for transmission according to needs, and the second plug-in carries out dynamic adaptation, so that the business layers of the first electronic device and the second electronic device do not need to participate in the encryption and decryption process.
Specifically, by adding the encryption identifier in the header of the request message, if the encryption identifier is added, the decryption operation is executed by the second plug-in, and if the encryption identifier is not added, it indicates that the received request message is not encrypted, that is, it is known that the corresponding processing operation is executed based on the request message, that is, the addition of the encryption identifier is performed, which is helpful for the second electronic device to respond to the request message in time.
In an embodiment, as a specific implementation manner of step S504, performing an analysis operation on the request packet based on the private key of the second key to obtain the first key from the request packet, the method includes:
step S606, the encryption key in the request header of the request message is extracted.
In step S608, the encrypted key is decrypted based on the private key of the second key to generate the first key.
The second key is an asymmetric key, and the encryption key is decrypted based on a private key of the second key, that is, the encryption key is decrypted by using the private key of the asymmetric key, so that the transmission security of the first key is ensured.
Before executing step S508, the method further includes:
step S610, performing digest processing on the request packet and the first key, and generating second signature information, that is, step S506 described above.
In an embodiment, as a specific implementation manner of step S508, in a case that it is detected that the second signature information matches the request message, performing a decryption operation on the request message based on the first key to generate a first original message, includes:
step S612, extracting the first signature information in the request header of the request packet.
Step S614, when it is determined that the first signature information is consistent with the second signature information, determining that the second signature information matches the request header, so as to perform a decryption operation on the request packet based on the first key.
Step S616, when it is determined that the first signature information is inconsistent with the second signature information, sending error information to the first electronic device.
In this embodiment, after receiving the request message, the second electronic device detects whether the request message is a message sent by the first electronic device, that is, whether the request message is tampered in the middle of the process. Therefore, the signature is decrypted by taking the own public key to obtain first signature information, then the HASH algorithm same as that of the sender is used for calculating the digest value to obtain second signature information, and when the first signature information is compared with the second signature information and the two signature information are determined to be consistent, the description text is not tampered.
Further, after performing step S510 to perform a processing operation based on the first original packet, in an embodiment, the data transmission method of the present disclosure further includes:
step S702 generates a second original packet based on the processing operation.
Step S704, encrypts the second original message based on the first key, and generates a second encrypted message.
Step S706, performs digest processing on the second encrypted message and the first key, and generates third signature information.
Step S708, add the third signature information to the response header of the second encrypted message to update the second encrypted message to a response message.
Step S710, sending the response message to the first electronic device based on the hypertext transfer protocol.
In this embodiment, when it is determined that a second original message including sensitive data needs to be encrypted, on the basis of encrypting the second original message based on a first key to obtain a second encrypted message, encryption verification data is added to the second encrypted message to generate a response message, the encryption verification data is generated based on the first key, so that the risk of tampering the sensitive data can be reduced, that is, the security coefficient of the encryption operation is improved, further, the response message is sent to the first electronic device, and the first electronic device is enabled to obtain accurate feedback based on the sent request message while the secure transmission of data between the first electronic device and the second electronic device is realized.
The data transmission scheme of the present disclosure is further described below in conjunction with fig. 8 and 9 based on data interaction between the first electronic device and the second electronic device. Specifically, the request end in the following description is a first electronic device, and the response end is a second electronic device.
As shown in fig. 8, a data transmission method for a first electronic device to interact with a second electronic device includes:
step S802, the first electronic device requests the first original message.
Step S804, the first electronic device loads the first plug-in to encrypt the first original message, so as to obtain the request message.
Step S806, the request message is transmitted through HTTP/HTTPS.
Step S808, the second electronic device loads the second plug-in unit to decrypt data according to the encrypted identifier, so as to obtain the first original message and verify the validity.
Step S810, the second electronic device executes a service process according to the first original message, and generates a second original message.
In step S812, the second plug-in encrypts the second original message according to the request identifier to generate a response message.
Step S814, the response message is transmitted through the HTTP/HTTPS.
Step S816, the first plug-in decrypts the response packet to obtain the second original packet.
In step S818, the first electronic device processes the second original message.
As shown in fig. 9, another data transmission method for a first electronic device to interact with a second electronic device includes:
a first electronic device side:
in step S902, a request is generated.
A first plug-in:
step S904, intercepts the request, and obtains REQ _ BODY.
Wherein REQ _ BODY is the first original message
In step S906, it is detected whether encryption is necessary, and if yes, the process proceeds to step S908, and if no, the process proceeds to step S920.
In step S908, a random symmetric KEY is generated.
Wherein, the random symmetric KEY is the first KEY.
Step S910, the REQ _ BODY is encrypted by using the KEY to obtain an encrypted ciphertext.
In step S912, digest processing is performed on the KEY + encrypted ciphertext to generate R _ SIGN.
Where R _ SIGN is the first signature information.
In step S914, the public KEY PUB _ KEY of the asymmetric KEY is used to encrypt the KEY, so as to generate R _ KEY.
Wherein, the asymmetric KEY is the second KEY, and R _ KEY is the encryption KEY.
In step S916, the encryption flag, R _ KEY, and R _ Sign are added to the request header to generate REQ _ NB.
REQ _ NB is transmitted to the second electronic device.
The request header is a request header, and the REQ _ NB is a request message.
A second plug-in:
step S918, intercept the request.
Step S920, requesting whether the header includes the encryption identifier, if yes, proceeding to step S922, and if no, proceeding to step S930.
Step S922, the private KEY PRI _ KEY of the asymmetric KEY is used for analyzing the R _ KEY to obtain the KEY.
In step S924, digest processing is performed on the KEY + REQ _ NB to generate C _ SIGN.
Where C _ SIGN is the second signature information.
In step S926, it is detected whether C _ Sign is equal to R _ Sign, and if yes, the process proceeds to step S928, and if no, the process proceeds to step S948.
In step S928, REQ _ NB is decrypted by KEY to obtain REQ _ BODY.
A second electronic device side:
and step S930, performing service processing to generate RESP _ BODY.
Wherein ESP _ BODY is the second original message.
A second plug-in:
in step S932, whether the RESP _ BODY needs to be encrypted is determined, and if yes, the process proceeds to step S934, and if no, the process proceeds to step S952.
In step S934, symmetric encryption (KEY, RESP _ BODY).
Wherein the symmetric encryption (KEY, RESP _ BODY) obtains a second encrypted message
In step S936, RESP _ SIGH is digest (KEY, second encrypted message).
Here, RESP _ SIGH is third signature information.
In step S938, the encryption flag, R _ KEY, and RESP _ Sign are added to the request header, and RESP _ N _ BODY is generated.
And sending the response message to the first electronic equipment.
Wherein, RESP _ N _ BODY is a response message.
A first plug-in:
in step S940, whether decryption is necessary is detected, and if yes, the process proceeds to step S942, and if no, the process proceeds to step S952.
In step S942, the KEY + RESP _ N _ BODY is stripped to generate RC _ SIGN.
Wherein RC _ SIGN is fourth signature information.
In step S944, it is detected whether C _ Sign is equal to R _ Sign, and if yes, the process proceeds to step S946, and if no, the process proceeds to step S952.
In step S946, the RESP _ N _ BODY is decrypted by the KEY to obtain the RESP _ BODY.
A first electronic device side:
step S948, error is reported.
In step S950, the data is tampered with.
In step S952, RESP _ BODY is processed.
It is to be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
A data transmission apparatus 1000 according to this embodiment of the present invention is described below with reference to fig. 10. The data transmission apparatus 1000 shown in fig. 10 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
The data transmission device 1000 is represented in the form of a hardware module. The components of the data transmission device 1000 may include, but are not limited to: the encryption module 1002 is configured to encrypt the first original packet based on the first key, and generate a first encrypted packet; a generating module 1004, configured to encrypt the first key based on a public key of a second key, and generate encrypted verification data; an adding module 1006, configured to add the encrypted verification data to the first encrypted message, so as to update the first encrypted message into a request message; a sending module 1008, configured to send the request packet to a second electronic device based on a hypertext transfer protocol, so that the second electronic device executes a processing operation corresponding to the request packet.
A data transmission apparatus 1100 according to this embodiment of the present invention is described below with reference to fig. 11. The data transmission apparatus 1100 shown in fig. 11 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
The data transmission device 1100 is represented in the form of a hardware module. The components of the data transmission device 1100 may include, but are not limited to: a receiving module 1102, configured to receive a request packet sent by a first electronic device; the analysis module 1104 is configured to perform analysis operation on the request packet based on a private key of a second key, so as to obtain a first key from the request packet; a processing module 1106, configured to perform digest processing on the request packet and the first key, and generate second signature information; a decryption module 1108, configured to, when it is detected that the second signature information matches the request packet, perform a decryption operation on the request packet based on the first key, so as to generate a first original packet; an executing module 1110, configured to execute a processing operation based on the first primitive packet.
An electronic device 1200 according to this embodiment of the invention is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 12, the electronic device 1200 is embodied in the form of a general purpose computing device. The components of the electronic device 1200 may include, but are not limited to: the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the various system components including the memory unit 1220 and the processing unit 1210.
Where the memory unit stores program code that may be executed by the processing unit 1010 to cause the processing unit 1210 to perform steps according to various exemplary embodiments of the present invention as described in the "exemplary methods" section above in this specification. For example, the processing unit 1010 may perform steps S202, S204, S2012, and S208 as shown in fig. 2, and other steps defined in the data transmission method of the present disclosure.
The storage unit 1220 may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM)12201 and/or a cache memory unit 12202, and may further include a read only memory unit (ROM) 12203.
The electronic device 1200 may also communicate with one or more external devices 1260 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 1250. Also, the electronic device 1200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) through the network adapter 1250. As shown, the network adapter 1250 communicates with the other modules of the electronic device 1200 via the bus 1230. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above-mentioned "exemplary methods" section of the present description, when the program product is run on the terminal device.
According to the program product for realizing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (17)
1. A data transmission method, adapted to a first electronic device, comprising:
encrypting the first original message based on the first key and generating a first encrypted message;
encrypting the first secret key based on a public key of a second secret key, and generating encryption verification data;
adding the encrypted verification data to the first encrypted message to update the first encrypted message to be a request message;
and sending the request message to a second electronic device based on a hypertext transfer protocol so that the second electronic device executes processing operation corresponding to the request message.
2. The data transmission method according to claim 1, wherein the encrypting the first key based on the public key of the second key and generating encryption verification data comprises:
encrypting the first secret key based on the public key of the second secret key to generate an encryption secret key;
and performing digest processing on the first encrypted message and the first key, and generating first signature information so as to determine the first signature information and the encryption key as the encrypted verification data.
3. The data transmission method according to claim 1, wherein the first encrypted message includes a request header and a request body, and the adding the encrypted verification data to the first encrypted message to update the first encrypted message to the request message includes:
and adding the encrypted verification data to a request header of the first encrypted message.
4. The data transmission method according to claim 3, wherein before sending the request message to the second electronic device based on the hypertext transfer protocol, the method further comprises:
and adding an encryption identifier into the request header, wherein the encryption identifier is used for indicating that the request message is an encryption message.
5. The data transmission method according to any one of claims 1 to 4, further comprising:
receiving a response message sent by the second electronic equipment based on the processing operation;
performing digest processing on the response message and the first secret key, and generating fourth signature information;
and under the condition that the fourth signature information is detected to be matched with the response header of the response message, performing decryption operation on the response message based on the first secret key to generate a second original message.
6. The data transmission method according to claim 5, further comprising:
and determining that the response message is invalid when the fourth signature information is detected not to be matched with the response header of the response message.
7. The data transmission method according to any one of claims 1 to 4, wherein before encrypting the first original message based on the first key and generating the first encrypted message, the method further comprises:
and loading a first plug-in to call the first plug-in to configure the first original message into the request message when detecting that the first original message needs to be encrypted and transmitted.
8. A data transmission method, adapted to a second electronic device, comprising:
receiving a request message sent by first electronic equipment;
analyzing the request message based on a private key of a second key to obtain a first key from the request message;
performing digest processing on the request message and the first secret key, and generating second signature information;
under the condition that the second signature information is detected to be matched with the request message, performing decryption operation on the request message based on the first secret key to generate a first original message;
and executing processing operation based on the first original message.
9. The data transmission method according to claim 8, wherein before performing a parsing operation on the request packet based on a private key of a second key to obtain a first key from the request packet, the method further comprises:
loading a second plug-in unit to intercept the request message; and when detecting that the request header of the request message comprises the encryption identifier, calling the second plug-in to configure the request message into the first original message.
10. The data transmission method according to claim 8, wherein the performing a parsing operation on the request packet based on the private key of the second key to obtain the first key from the request packet comprises:
extracting an encryption key in a request header of the request message;
decrypting the encrypted key based on a private key of the second key to generate the first key.
11. The data transmission method according to claim 8, wherein the performing, in the case that it is detected that the second signature information matches the request packet, a decryption operation on the request packet based on the first key to generate a first original packet comprises:
extracting first signature information in a request header of the request message;
and when the first signature information is determined to be consistent with the second signature information, determining that the second signature information is matched with the request header so as to execute decryption operation on the request message based on the first key.
12. The data transmission method according to claim 11, further comprising:
and sending error information to the first electronic equipment when the first signature information is determined to be inconsistent with the second signature information.
13. The data transmission method according to any one of claims 8 to 12, further comprising:
generating a second original message based on the processing operation;
encrypting the second original message based on the first key to generate a second encrypted message;
performing digest processing on the second encrypted message and the first key, and generating third signature information;
adding the third signature information to a response header of the second encrypted message to update the second encrypted message to a response message;
and sending the response message to the first electronic equipment based on a hypertext transfer protocol.
14. A data transmission apparatus, comprising:
the encryption module is used for encrypting the first original message based on the first secret key and generating a first encrypted message;
the generating module is used for encrypting the first secret key based on the public key of the second secret key and generating encryption verification data;
an adding module, configured to add the encrypted verification data to the first encrypted message, so as to update the first encrypted message to a request message;
and the sending module is used for sending the request message to second electronic equipment based on a hypertext transfer protocol so that the second electronic equipment executes processing operation corresponding to the request message.
15. A data transmission apparatus, comprising:
the receiving module is used for receiving a request message sent by first electronic equipment;
the analysis module is used for carrying out analysis operation on the request message based on a private key of a second key so as to obtain a first key from the request message;
the processing module is used for performing digest processing on the request message and the first secret key and generating second signature information;
the decryption module is used for executing decryption operation on the request message based on the first secret key under the condition that the second signature information is detected to be matched with the request message so as to generate a first original message;
and the execution module is used for executing processing operation based on the first original message.
16. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the data transmission method of any one of claims 1 to 7 and/or 8 to 13 via execution of the executable instructions.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the data transmission method according to any one of claims 1 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011344298.XA CN113794553A (en) | 2020-11-25 | 2020-11-25 | Data transmission method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011344298.XA CN113794553A (en) | 2020-11-25 | 2020-11-25 | Data transmission method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113794553A true CN113794553A (en) | 2021-12-14 |
Family
ID=79181097
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011344298.XA Pending CN113794553A (en) | 2020-11-25 | 2020-11-25 | Data transmission method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113794553A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499969A (en) * | 2021-12-27 | 2022-05-13 | 天翼云科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN115242486A (en) * | 2022-07-19 | 2022-10-25 | 阿里巴巴(中国)有限公司 | Data processing method, device and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN105429753A (en) * | 2015-12-30 | 2016-03-23 | 宇龙计算机通信科技(深圳)有限公司 | Voice data method for improving security of VoLTE communication, system and mobile terminal |
| CN107666383A (en) * | 2016-07-29 | 2018-02-06 | 阿里巴巴集团控股有限公司 | Message processing method and device based on HTTPS agreements |
| CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
| CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
-
2020
- 2020-11-25 CN CN202011344298.XA patent/CN113794553A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN105429753A (en) * | 2015-12-30 | 2016-03-23 | 宇龙计算机通信科技(深圳)有限公司 | Voice data method for improving security of VoLTE communication, system and mobile terminal |
| CN107666383A (en) * | 2016-07-29 | 2018-02-06 | 阿里巴巴集团控股有限公司 | Message processing method and device based on HTTPS agreements |
| CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
| CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499969A (en) * | 2021-12-27 | 2022-05-13 | 天翼云科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN114499969B (en) * | 2021-12-27 | 2023-06-23 | 天翼云科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN115242486A (en) * | 2022-07-19 | 2022-10-25 | 阿里巴巴(中国)有限公司 | Data processing method, device and computer readable storage medium |
| CN115242486B (en) * | 2022-07-19 | 2024-04-19 | 阿里巴巴(中国)有限公司 | Data processing method, device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107888656B (en) | Calling method and calling device of server-side interface | |
| US11159498B1 (en) | Information security proxy service | |
| CN111131278A (en) | Data processing method and device, computer storage medium and electronic equipment | |
| US10963593B1 (en) | Secure data storage using multiple factors | |
| CN112131599A (en) | Method, device, equipment and computer readable medium for checking data | |
| CN108923925B (en) | Data storage method and device applied to block chain | |
| JP2022546470A (en) | Decentralized techniques for validation of data in transport layer security and other contexts | |
| WO2021088659A1 (en) | Electronic signature loading method and device | |
| EP4350556A1 (en) | Information verification method and apparatus | |
| CN111199037A (en) | Login method, system and device | |
| CN113794553A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN113918899A (en) | Identity authentication method, certificate holding system and verification system | |
| CN111249740A (en) | Resource data access method and system | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN111416788A (en) | Method and device for preventing transmitted data from being tampered | |
| CN109711178A (en) | A kind of storage method of key-value pair, device, equipment and storage medium | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN113810779B (en) | Code stream signature verification method, device, electronic equipment and computer readable medium | |
| CN115589316B (en) | Data encryption transmission method and device, electronic equipment and storage medium | |
| CN114745207B (en) | Data transmission method, device, equipment, computer readable storage medium and product | |
| CN114499893B (en) | Bidding file encryption and evidence storage method and system based on block chain | |
| CN115484080A (en) | Data processing method, device and equipment of small program and storage medium | |
| CN114036364B (en) | Method, apparatus, device, medium, and system for identifying crawlers | |
| CN113992734A (en) | Session connection method, device and equipment | |
| CN113890759A (en) | File transmission method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |