CN114553438A - Data transmission method and device, electronic equipment and storage medium - Google Patents
Data transmission method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114553438A CN114553438A CN202210200098.XA CN202210200098A CN114553438A CN 114553438 A CN114553438 A CN 114553438A CN 202210200098 A CN202210200098 A CN 202210200098A CN 114553438 A CN114553438 A CN 114553438A
- Authority
- CN
- China
- Prior art keywords
- timestamp
- public key
- preset
- signature
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000005540 biological transmission Effects 0.000 title claims abstract description 45
- 238000012545 processing Methods 0.000 claims description 17
- 238000004806 packaging method and process Methods 0.000 claims description 9
- 150000003839 salts Chemical class 0.000 claims description 9
- 238000013507 mapping Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 4
- 238000009938 salting Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application discloses a data transmission method and device, electronic equipment and a storage medium. The method comprises the following steps: receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request; based on the timestamp and the preset public key, decrypting the signature according to a first preset decryption algorithm, and verifying the decrypted signature; if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and the preset public key to obtain the decrypted request parameter; and acquiring target data according to the decrypted request parameters, and feeding the target data back to the application terminal. By using the uncertainty of the timestamp, each request can be ensured to face different decryption or encryption conditions to a certain extent, and the data security in the data transmission process is improved.
Description
Technical Field
The embodiment of the application relates to the technical field of data transmission, in particular to a data transmission method and device, electronic equipment and a storage medium.
Background
Along with the deepening of the data security attention degree, a plurality of applications can encrypt the background data interface of the applications, the difficulty of data crawling of a third party is increased, and therefore data security in the application platform is protected.
At present, data are encrypted by generally using a secret key and a corresponding encryption mode for encrypting a data interface, but in the mode, the encryption mode and the secret key are reversely cracked, the encryption rule can be always found, and therefore the data are cracked.
Disclosure of Invention
The embodiment of the application provides a data transmission method, a data transmission device, electronic equipment and a storage medium, so as to improve data security of data transmission.
In a first aspect, an embodiment of the present application provides a data transmission method, which is applied to a server, and the method includes:
receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
based on the timestamp and a preset public key, decrypting the signature according to a first preset decryption algorithm, and verifying the decrypted signature;
if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and a preset public key to obtain the decrypted request parameter;
and acquiring target data according to the decrypted request parameters, and feeding back the target data to the application terminal.
In a second aspect, an embodiment of the present application provides a data transmission method, which is applied to an application end, and the method includes:
and under the condition that target data needs to be requested from a server, generating request parameters corresponding to the target data and acquiring a timestamp corresponding to the current moment.
And encrypting the signature corresponding to the application terminal according to a first encryption algorithm based on the timestamp and a preset public key, and encrypting the request parameter according to a second encryption algorithm based on the timestamp and the preset public key.
And packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain a data acquisition request.
And sending the data acquisition request to the server, and receiving target data fed back by the server according to the data acquisition request.
In a third aspect, an embodiment of the present application further provides a data transmission apparatus, where the data transmission apparatus includes:
the device comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, and the data acquisition request comprises a timestamp, a signature and request parameters when the application terminal generates the data acquisition request;
the signature verification module is used for decrypting the signature according to a first preset decryption algorithm based on the timestamp and a preset public key and verifying the decrypted signature;
the decryption module is used for decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and a preset public key to obtain a decrypted request parameter if the decrypted signature is verified to be legal;
and the data feedback module is used for acquiring target data according to the decrypted request parameters and feeding the target data back to the application end.
In a fourth aspect, an embodiment of the present application further provides a data transmission apparatus, where the data transmission apparatus includes:
and the request generation module is used for generating a request parameter corresponding to the target data and acquiring a timestamp corresponding to the current moment under the condition that the target data needs to be requested from the server.
And the request encryption module is used for encrypting the signature corresponding to the application terminal according to a first encryption algorithm based on the timestamp and a preset public key, and encrypting the request parameter according to a second encryption algorithm based on the timestamp and the preset public key.
And the packaging module is used for packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain a data acquisition request.
And the request sending module is used for sending the data acquisition request to the server and receiving target data fed back by the server according to the data acquisition request.
In a fifth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the data transmission method provided by any embodiment of the present application.
In a sixth aspect, this application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the data transmission method provided in any embodiment of this application.
According to the technical scheme, the timestamp is added on the basis of the preset public key to serve as one of the decryption or encryption conditions, and by means of uncertainty of the timestamp, each request can be guaranteed to face different decryption or encryption conditions to a certain extent, so that after the encryption or decryption condition of one request data is cracked, other request data cannot be encrypted or decrypted according to the same condition, and data security in the data transmission process is improved.
Drawings
Fig. 1 is a schematic flowchart of a data transmission method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data transmission method according to a second embodiment of the present application;
fig. 3 is a schematic structural diagram of a data transmission device according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic flow chart of a data transmission method according to an embodiment of the present application, which is applicable to a data transmission scenario and applied to a server. The method can be executed by a data transmission device, which can be implemented by hardware and/or software, and can be generally integrated in an electronic device such as a computer with data operation capability, and specifically includes the following steps:
In this step, the server refers to a background server corresponding to the application, the background server may set a data interface, and the application acquires data through the data interface. The server may be an end that provides data services for the application, for example, the application is an end that is used to query information, the server is an end that stores information, the application sends a data request to the server when querying information, and the server obtains corresponding data according to the data request after receiving the data request and feeds the data back to the application.
In a specific example, the server may be a remote server, and the application may be a terminal loaded with an application, and the application performs network communication with the remote server through the terminal.
The method comprises the steps that an application terminal generates a corresponding data acquisition request under the condition that target data needs to be acquired, wherein the data acquisition request comprises a time stamp corresponding to the data acquisition request generation time, a signature corresponding to the application terminal and a request parameter corresponding to the target data needing to be requested. The signature and request parameters are data encrypted based on the timestamp and the public key, and specific signature content and content of the request parameters can be obtained only by subsequent decryption.
In order to further improve the security of the data, the application end can perform salting processing after encrypting the signature and the request parameter, and the salting rule can be diversified, for example, the data sequence is inverted, any two-bit value is added at the head, the request parameter before salting is '123', and the request parameter after salting is '87321'.
Correspondingly, after the data acquisition request is acquired, the data acquisition request can be subjected to salt spreading reverse processing to obtain a signature and request parameters before salt spreading, specifically, a pre-agreed salt spreading reverse processing algorithm can be acquired first, and then the request parameters and the signature in the data acquisition request are subjected to reverse processing according to the salt spreading reverse processing algorithm.
Taking the aforementioned "87321" as an example, the salt-spreading inverse processing algorithm may be to remove the first two bits of data, then invert the remaining data, and obtain the requested parameter before "123" by processing with the salt-spreading inverse processing algorithm.
It should be noted that the added numeric value may be a confusing numeric value, not only a numeric value, but also a character string, and the added digit and position may also be self-defined.
And 102, decrypting the signature according to a first preset decryption algorithm based on the timestamp and a preset public key, and verifying the decrypted signature.
In order to avoid obtaining data again through the previous data obtaining request, an expiration date can be set for each data obtaining request, therefore, before the step, the time difference between the obtained time information and the time stamp can be compared, if the time difference is smaller than the preset time length, the steps of decrypting the signature according to a first preset decryption algorithm based on the time stamp and a preset public key and verifying the decrypted signature are executed; and if the time difference is greater than or equal to the preset time length, rejecting the data acquisition request.
The preset time length is the aforementioned validity period, for example, 30 seconds may be set, if the time information is 8 o ' clock 15 min 25 s, the time corresponding to the timestamp added when the request is generated is 8 o ' clock 15 min 15 s, in this example, the time difference is 10 s, and 10 s are less than 30 s, which indicates that the time difference is less than the preset time length, at this time, the subsequent decryption step may be directly performed, if the time corresponding to the timestamp is 8 o ' clock 14 min 20 s, the time difference is 65 s, 65 s is greater than 30 s, which indicates that the time difference is greater than the preset time length, and the data acquisition request is rejected.
It should be noted that the preset time length is related to the time consumed by the application generating the timestamp until the server receives the data acquisition request, and statistics may be performed on the transmission conditions of the multiple data acquisition requests to determine the maximum time length during which most of the data acquisition requests can be successfully transmitted for the first time, and the maximum time length is used as the preset time length.
In addition, the first preset decryption algorithm corresponds to the first preset encryption algorithm and is used for decrypting the data encrypted by the first preset encryption algorithm. The first preset decryption algorithm and the first preset encryption algorithm are used for encrypting and decrypting by using different expression formats of the timestamp, and because the form modes of the timestamp are different, taking 11/18/2021 as an example, the form modes can be expressed as 211118, 20211118, 11182021, 18112021, 111821, 181121 and the like, in this scheme, the expression format used for decryption can be agreed first, in this step, the agreed timestamp decryption format and the preset public key are obtained first, the format of the timestamp is converted into the timestamp decryption format, and the signature is decrypted according to the first preset decryption algorithm based on the preset public key and the timestamp after the format conversion.
To further improve the security of the data, the expression format and the public key used for decryption may be set to be changed over time, for example, one set of expression format and public key used for decryption for each hour, as shown in table 1 below:
TABLE 1
| Time horizon | Time stamp expression format | Public key |
| 0 point to 1 point | Format 1 | Public key 1 |
| 1 point-2 points | Format 2 | Public key 2 |
| 2 point-3 point | Format 3 | Public key 3 |
| 3 point-4 point | Format 4 | Public key 4 |
| ...... | ...... | ...... |
The information in the table can be sent to the application terminal in advance, then the application terminal selects the expression format and the public key for encryption according to the table based on the time range of the timestamp, and the server terminal selects the expression format and the public key for decryption according to the table based on the time range of the timestamp in the data acquisition request.
Correspondingly, when the preset timestamp decryption format and the preset public key are obtained in the step, the target time range of the timestamp can be obtained firstly; determining a target timestamp expression format and a target public key corresponding to the target time range according to a preset time range, a timestamp expression format and a mapping relation of the public key; and determining the target timestamp expression format as a timestamp decryption format, and determining the target public key as a preset public key.
In a specific example, taking table 1 as an example, the time corresponding to the timestamp is 2 points, 15 minutes and 25 seconds, the target time range of the timestamp is 2 points to 3 points, the expression format of the corresponding target timestamp in table 1 is format 2, and the target public key is public key 2, at this time, format 2 is determined as the timestamp decryption format, and public key 2 is determined as the preset public key.
According to the method, different expression formats and public keys can be selected according to time, and even if a certain format or a public key is cracked, a data acquisition request encrypted by using other formats and the public key cannot be cracked, so that the safety of data is further improved.
Of course, in addition to the format and the public key selected by the time range, the format and the public key may also be selected by a simpler method, such as grouping the time expression format and the public key, and each group is assigned with an identifier, as shown in table 2 below:
TABLE 2
In this way, the data acquisition request needs to include the relevant information of the identifier, so that the target identifier in the data acquisition request can be acquired first when the predetermined timestamp decryption format and the preset public key are acquired in this step; determining a target timestamp expression format and a target public key corresponding to the target identification according to a preset mapping relation among the identification, the timestamp expression format and the public key; and determining the target timestamp expression format as a timestamp decryption format, and determining the target public key as a preset public key.
For the application end, the information in the table can be sent to the application end in advance, when the application end encrypts, a group corresponding to any identifier (the expression format and the public key in the same row in the table are a group) can be selected to encrypt, then the selected identifier is also added into the data acquisition request, and the server end determines the format and the public key required by decryption according to the identifier in the data acquisition request, so as to decrypt.
In a specific example, for example, the obtained target is identified as "3", and it can be known from table 2 that the target timestamp expression format corresponding to "3" is format 3, and the target public key is public key 3, so that format 3 is determined as the timestamp decryption format, and public key 3 is determined as the preset public key.
In this step, the signature may be an identifier of the application itself, that is, each application has its own identifier, the identifier is used as the signature, the encrypted identifier is encapsulated in the data acquisition request, the server stores the identifiers of the applications in advance, and after the signature is decrypted, if the signature is the same as one of the identifiers stored in the server in advance, the signature is verified to be legal, otherwise, the signature is illegal. It should be noted that if the signature is illegal, the data acquisition request is directly denied.
And 103, if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and the preset public key to obtain the decrypted request parameter.
In this step, the second preset decryption algorithm corresponds to the second preset encryption algorithm, and the second preset decryption algorithm is used for decrypting the data encrypted by using the second preset encryption algorithm. In this step, a predetermined timestamp decryption format and a predetermined public key are also required to be obtained, and the obtaining method may be as follows:
one is to determine the corresponding timestamp decryption format and the preset public key according to the time range of the timestamp, such as the implementation process shown in table 1; one is to determine the corresponding timestamp decryption format and the preset public key according to the identifier, as shown in the foregoing implementation process in table 2. It should be noted that the way of obtaining the timestamp decryption format and the preset public key in this step is the same as the foregoing process, and details are not described here.
In addition, in order to ensure that different decryption conditions (timestamp decryption format and preset public key) are used for decrypting the signature and decrypting the request parameter, the decryption conditions can be determined by decrypting the signature in the manner shown in table 1, and the decryption conditions can be determined by decrypting the request parameter in the manner shown in table 2; alternatively, decryption of the signature may determine the decryption conditions in the manner shown in table 2, and decryption of the request parameters may determine the decryption conditions in the manner shown in table 1.
And step 104, acquiring target data according to the decrypted request parameters, and feeding the target data back to the application terminal.
In this step, the obtained target data may be encrypted by using the first encryption algorithm or the second encryption algorithm and then fed back to the application terminal. It should be noted that the encryption process will be described in the following embodiments, and will not be described herein.
In the embodiment, the timestamp is added as one of the decryption or encryption conditions on the basis of the preset public key, and by utilizing the uncertainty of the timestamp, each request can be ensured to face different decryption or encryption conditions to a certain extent, so that after the encryption or decryption condition of one request data is cracked, other request data cannot be encrypted or decrypted according to the same condition, and the data security in the data transmission process is improved.
Example two
Fig. 2 is a schematic flow chart of a data transmission method according to an embodiment of the present disclosure, which is applicable to a data transmission scenario and is applied to an application. The method can be executed by a data transmission device, which can be implemented by hardware and/or software, and can be generally integrated in an electronic device such as a computer with data operation capability, and specifically includes the following steps:
The current time corresponding to the timestamp may be a time at which the timestamp is generated, and the timestamp generation is started after the request parameter is generated.
In this step, the timestamp encryption format and the preset public key also need to be determined, and the obtaining mode is the same as the mode of obtaining the timestamp decryption format and the preset public key in the foregoing process, except that the identifier can be randomly obtained by the application terminal by using the identifier obtaining mode (as shown in table 2), and the obtained identifier is packaged as a part of the data obtaining request.
And 203, packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain a data acquisition request.
And step 204, sending the data acquisition request to the server, and receiving target data fed back by the server according to the data acquisition request.
In the embodiment, the request parameters and the signature are encrypted by using the timestamp, and the uncertainty of the timestamp can ensure that each request can be oriented to different decryption or encryption conditions to a certain extent, so that after the encryption or decryption condition of one piece of request data is cracked, other pieces of request data cannot be encrypted or decrypted according to the same condition, and the data security in the data transmission process is improved.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a data transmission device according to a third embodiment of the present application. The data transmission device provided by the embodiment of the application can execute the data transmission method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method. The apparatus may be implemented in software and/or hardware, and as shown in fig. 3, the data transmission apparatus specifically includes: a receiving module 301, a signature verification module 302, a decryption module 303 and a data feedback module 304.
The receiving module is used for receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
the signature verification module is used for decrypting the signature according to a first preset decryption algorithm based on the timestamp and a preset public key and verifying the decrypted signature;
the decryption module is used for decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and the preset public key if the decrypted signature is verified to be legal, so as to obtain the decrypted request parameter;
and the data feedback module is used for acquiring the target data according to the decrypted request parameters and feeding the target data back to the application end.
Alternatively, the first and second electrodes may be,
and the request generation module is used for generating a request parameter corresponding to the target data and acquiring a timestamp corresponding to the current moment under the condition that the target data needs to be requested from the server.
And the request encryption module is used for encrypting the signature corresponding to the application terminal according to a first encryption algorithm based on the timestamp and the preset public key, and encrypting the request parameters according to a second encryption algorithm based on the timestamp and the preset public key.
And the packaging module is used for packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain the data acquisition request.
And the request sending module is used for sending the data acquisition request to the server and receiving target data fed back by the server according to the data acquisition request.
In the embodiment, the timestamp is added as one of the decryption or encryption conditions on the basis of the preset public key, and by utilizing the uncertainty of the timestamp, each request can be ensured to face different decryption or encryption conditions to a certain extent, so that after the encryption or decryption condition of one request data is cracked, other request data cannot be encrypted or decrypted according to the same condition, and the data security in the data transmission process is improved.
Further, the apparatus further comprises:
the comparison unit is used for comparing the time difference between the acquired moment information and the time stamp, and if the time difference is smaller than the preset time length, the steps of decrypting the signature according to a first preset decryption algorithm based on the time stamp and a preset public key and verifying the decrypted signature are executed;
and the rejection unit is used for rejecting the data acquisition request if the time difference is greater than or equal to the preset time length.
Further, the signature verification module comprises:
the decryption condition acquisition unit is used for acquiring a prearranged timestamp decryption format and a preset public key;
and the decryption unit is used for converting the format of the timestamp into a timestamp decryption format and decrypting the signature according to a first preset decryption algorithm based on the preset public key and the timestamp with the converted format.
Further, the decryption condition obtaining unit includes:
the target time range acquiring subunit is used for acquiring a target time range in which the timestamp is positioned;
the first determining subunit is used for determining a target timestamp expression format and a target public key corresponding to the target time range according to a preset time range, a timestamp expression format and a mapping relation of the public key;
and the second determining subunit is used for determining the target timestamp expression format as a timestamp decryption format and determining the target public key as a preset public key.
Further, the decryption condition obtaining unit includes:
the target identification obtaining subunit is used for obtaining the target identification in the data obtaining request;
the third determining subunit is used for determining a target timestamp expression format and a target public key corresponding to the target identifier according to the preset identifier, the timestamp expression format and the mapping relation of the public key;
and the fourth determining subunit is used for determining the target timestamp expression format as a timestamp decryption format and determining the target public key as the preset public key.
Further, the apparatus further comprises:
the algorithm acquisition unit is used for acquiring a pre-agreed salt spreading reverse processing algorithm;
and the salt spreading reverse processing unit is used for reversely processing the request parameters and the signatures in the data acquisition request according to a salt spreading reverse processing algorithm.
Example four
Fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present disclosure, as shown in fig. 4, the electronic device includes a processor 410, a memory 420, an input device 430, and an output device 440; the number of the processors 410 in the electronic device may be one or more, and one processor 410 is taken as an example in fig. 4; the processor 410, the memory 420, the input device 430 and the output device 440 in the electronic apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 4.
The memory 420 serves as a computer-readable storage medium, and may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the data transmission method in the embodiment of the present invention (for example, the receiving module 301, the signature verification module 302, the decryption module 303, and the data feedback module 304 in the data transmission apparatus). The processor 410 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 420, that is, the data transmission method described above is implemented:
acquiring entity mentions to be linked, context texts where the entity mentions are located, candidate entities and neighbor entities of each candidate entity in a knowledge graph;
receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
based on the timestamp and the preset public key, decrypting the signature according to a first preset decryption algorithm, and verifying the decrypted signature;
if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and the preset public key to obtain the decrypted request parameter;
and acquiring target data according to the decrypted request parameters, and feeding the target data back to the application terminal.
Alternatively, the first and second electrodes may be,
under the condition that target data need to be requested from a server, generating request parameters corresponding to the target data and acquiring a timestamp corresponding to the current moment;
encrypting the signature corresponding to the application terminal according to a first encryption algorithm based on the timestamp and a preset public key, and encrypting the request parameter according to a second encryption algorithm based on the timestamp and the preset public key;
packaging the timestamp, the encrypted signature and the encrypted request parameters to obtain a data acquisition request;
and sending the data acquisition request to the server, and receiving target data fed back by the server according to the data acquisition request.
The memory 420 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 420 may further include memory located remotely from processor 410, which may be connected to an electronic device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
EXAMPLE five
A fifth embodiment of the present application further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a data transmission method, the method including:
receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
based on the timestamp and the preset public key, decrypting the signature according to a first preset decryption algorithm, and verifying the decrypted signature;
if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and the preset public key to obtain the decrypted request parameter;
and acquiring target data according to the decrypted request parameters, and feeding the target data back to the application terminal.
Alternatively, the first and second electrodes may be,
under the condition that target data need to be requested from a server, generating request parameters corresponding to the target data and acquiring a timestamp corresponding to the current moment;
based on the timestamp and the preset public key, encrypting the signature corresponding to the application terminal according to a first encryption algorithm, and simultaneously based on the timestamp and the preset public key, encrypting the request parameter according to a second encryption algorithm;
packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain a data acquisition request;
and sending the data acquisition request to the server, and receiving target data fed back by the server according to the data acquisition request.
Of course, the storage medium provided in the embodiments of the present application contains computer-executable instructions, and the computer-executable instructions are not limited to the above method operations, and may also perform related operations in the data transmission method provided in any embodiments of the present application.
From the above description of the embodiments, it is obvious for those skilled in the art that the present application can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods of the embodiments of the present application.
It should be noted that, in the embodiment of the above search apparatus, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the application.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present application and the technical principles employed. It will be understood by those skilled in the art that the present application is not limited to the particular embodiments illustrated herein, and that various obvious changes, rearrangements and substitutions may be made therein by those skilled in the art without departing from the scope of the application. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the appended claims.
Claims (10)
1. A data transmission method is applied to a server side, and is characterized in that the method comprises the following steps:
receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, wherein the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
based on the timestamp and a preset public key, decrypting the signature according to a first preset decryption algorithm, and verifying the decrypted signature;
if the decrypted signature is verified to be legal, decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and a preset public key to obtain the decrypted request parameter;
and acquiring target data according to the decrypted request parameters, and feeding the target data back to the application terminal.
2. The method of claim 1, wherein before decrypting the signature according to the first predetermined decryption algorithm based on the timestamp and the predetermined public key and verifying the decrypted signature, the method further comprises:
comparing the time difference between the acquired time information and the timestamp, if the time difference is smaller than a preset time length, executing a step of decrypting the signature according to a first preset decryption algorithm based on the timestamp and a preset public key, and verifying the decrypted signature;
and if the time difference is greater than or equal to the preset time length, rejecting the data acquisition request.
3. The method of claim 1, wherein decrypting the signature according to a first predetermined decryption algorithm based on the timestamp and a predetermined public key comprises:
acquiring a prearranged timestamp decryption format and a preset public key;
and converting the format of the timestamp into a timestamp decryption format, and decrypting the signature according to a first preset decryption algorithm based on a preset public key and the timestamp after format conversion.
4. The method of claim 3, wherein obtaining the pre-agreed timestamp decryption format and the predetermined public key comprises:
acquiring a target time range in which the timestamp is positioned;
determining a target timestamp expression format and a target public key corresponding to the target time range according to a preset time range, a timestamp expression format and a mapping relation of the public key;
and determining the target timestamp expression format as a timestamp decryption format, and determining the target public key as a preset public key.
5. The method of claim 3, wherein obtaining the pre-agreed timestamp decryption format and the predetermined public key comprises:
acquiring a target identifier in a data acquisition request;
determining a target timestamp expression format and a target public key corresponding to the target identifier according to a preset identifier, a timestamp expression format and a mapping relation of the public key;
and determining the target timestamp expression format as a timestamp decryption format, and determining the target public key as a preset public key.
6. The method of claim 5, wherein after receiving the data acquisition request sent by the application, the method further comprises:
acquiring a pre-agreed salt spreading inverse processing algorithm;
and carrying out inverse processing on the request parameters and the signatures in the data acquisition request according to the salt spreading inverse processing algorithm.
7. A data transmission method is applied to an application terminal, and is characterized in that the method comprises the following steps:
under the condition that a server needs to request target data, generating request parameters corresponding to the target data and acquiring a timestamp corresponding to the current moment;
based on the timestamp and a preset public key, encrypting the signature corresponding to the application terminal according to a first encryption algorithm, and simultaneously based on the timestamp and the preset public key, encrypting the request parameter according to a second encryption algorithm;
packaging the timestamp, the encrypted signature and the encrypted request parameter to obtain a data acquisition request;
and sending the data acquisition request to the server, and receiving target data fed back by the server according to the data acquisition request.
8. A data transmission apparatus, characterized in that the apparatus comprises:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a data acquisition request sent by an application terminal and time information when the data acquisition request is acquired, and the data acquisition request comprises a timestamp, a signature and a request parameter when the application terminal generates the data acquisition request;
the signature verification module is used for decrypting the signature according to a first preset decryption algorithm based on the timestamp and a preset public key and verifying the decrypted signature;
the decryption module is used for decrypting the request parameter according to a second preset decryption algorithm based on the timestamp and a preset public key to obtain a decrypted request parameter if the decrypted signature is verified to be legal;
and the data feedback module is used for acquiring target data according to the decrypted request parameters and feeding the target data back to the application end.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a data transmission method as claimed in any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the data transmission method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200098.XA CN114553438A (en) | 2022-03-02 | 2022-03-02 | Data transmission method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210200098.XA CN114553438A (en) | 2022-03-02 | 2022-03-02 | Data transmission method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114553438A true CN114553438A (en) | 2022-05-27 |
Family
ID=81661912
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210200098.XA Pending CN114553438A (en) | 2022-03-02 | 2022-03-02 | Data transmission method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553438A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150280921A1 (en) * | 2014-03-28 | 2015-10-01 | Mohammed Alawi E GEOFFREY | Electronic biometric (dynamic) signature references enrollment method |
| US20180013555A1 (en) * | 2015-12-08 | 2018-01-11 | Tencent Technology (Shenzhen) Company Limited | Data transmission method and apparatus |
| CN109547471A (en) * | 2018-12-24 | 2019-03-29 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Network communication method and device |
| CN111510455A (en) * | 2020-04-16 | 2020-08-07 | 神州数码融信软件有限公司 | Request message authentication and data transmission method |
| CN111901124A (en) * | 2020-07-29 | 2020-11-06 | 北京天融信网络安全技术有限公司 | Communication safety protection method and device and electronic equipment |
| CN112688784A (en) * | 2020-12-23 | 2021-04-20 | 安徽中科美络信息技术有限公司 | Digital signature and verification method, device and system |
| CN113472542A (en) * | 2021-06-29 | 2021-10-01 | 广州炒米信息科技有限公司 | Network attack defense method and device based on SM3 algorithm, storage medium, client terminal and service terminal |
-
2022
- 2022-03-02 CN CN202210200098.XA patent/CN114553438A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150280921A1 (en) * | 2014-03-28 | 2015-10-01 | Mohammed Alawi E GEOFFREY | Electronic biometric (dynamic) signature references enrollment method |
| US20180013555A1 (en) * | 2015-12-08 | 2018-01-11 | Tencent Technology (Shenzhen) Company Limited | Data transmission method and apparatus |
| CN109547471A (en) * | 2018-12-24 | 2019-03-29 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Network communication method and device |
| CN111510455A (en) * | 2020-04-16 | 2020-08-07 | 神州数码融信软件有限公司 | Request message authentication and data transmission method |
| CN111901124A (en) * | 2020-07-29 | 2020-11-06 | 北京天融信网络安全技术有限公司 | Communication safety protection method and device and electronic equipment |
| CN112688784A (en) * | 2020-12-23 | 2021-04-20 | 安徽中科美络信息技术有限公司 | Digital signature and verification method, device and system |
| CN113472542A (en) * | 2021-06-29 | 2021-10-01 | 广州炒米信息科技有限公司 | Network attack defense method and device based on SM3 algorithm, storage medium, client terminal and service terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN109981285B (en) | Password protection method, password verification method and system | |
| CN105306194B (en) | For encrypted file and/or the multiple encryption method and system of communications protocol | |
| JP2001514834A (en) | Secure deterministic cryptographic key generation system and method | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN113347143B (en) | Identity verification method, device, equipment and storage medium | |
| CN114448714A (en) | Data encryption and decryption method, device, equipment and storage medium | |
| CN115905238A (en) | Method and device for hiding query, electronic equipment and storage medium | |
| CN112866227A (en) | File authorization protection method and system | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| CN101539977A (en) | Method for protecting computer software | |
| CN114205142B (en) | Data transmission method, device, electronic equipment and storage medium | |
| US8161295B2 (en) | Storing of data in a device | |
| CN113225180A (en) | Method and system for protecting communication key | |
| CN115567200B (en) | Http interface anti-brushing method, system and related equipment | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN116305013A (en) | Electronic file adding method and device of traceability information, electronic equipment and medium | |
| CN114553438A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| JPH09270784A (en) | Ciphering/decoding/digital signature generating/ verification device | |
| CN111431846B (en) | Data transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |