[go: up one dir, main page]

CN114205142A - Data transmission method and device, electronic equipment and storage medium - Google Patents

Data transmission method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114205142A
CN114205142A CN202111500861.2A CN202111500861A CN114205142A CN 114205142 A CN114205142 A CN 114205142A CN 202111500861 A CN202111500861 A CN 202111500861A CN 114205142 A CN114205142 A CN 114205142A
Authority
CN
China
Prior art keywords
ciphertext
data
message
sampling
sampled
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111500861.2A
Other languages
Chinese (zh)
Other versions
CN114205142B (en
Inventor
刘永昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202111500861.2A priority Critical patent/CN114205142B/en
Publication of CN114205142A publication Critical patent/CN114205142A/en
Application granted granted Critical
Publication of CN114205142B publication Critical patent/CN114205142B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data transmission method, a data transmission device, electronic equipment and a storage medium, and relates to the field of computer data security. The data transmission method is executed by a client and comprises the following steps: generating a symmetric encryption key for a data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server; generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext; and sending a second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message. The embodiment of the invention can improve the data encryption efficiency and the data transmission safety.

Description

Data transmission method and device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computer data security, in particular to a data transmission method, a data transmission device, electronic equipment and a storage medium.
Background
When various network activities are performed through a network, data transmission is involved, and data transmission safety needs to be guaranteed. To prevent data from being snooped, intercepted, and falsified in the transmitted sum, data is typically transmitted encrypted.
The asymmetric encryption algorithm and the traditional symmetric encryption algorithm are two encryption algorithms commonly used in the data transmission process.
However, the conventional symmetric encryption algorithm is poor in security, and the asymmetric encryption algorithm is inefficient.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission device, electronic equipment and a storage medium, which are used for improving the data encryption efficiency and the data transmission safety.
In a first aspect, an embodiment of the present invention provides a data transmission method, which is executed by a client, and includes:
generating a symmetric encryption key for a data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
and sending a second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a second aspect, an embodiment of the present invention provides a data transmission method, which is executed by a server, and includes:
receiving a sampled ciphertext from a client; the sampled ciphertext is obtained by the following method: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting the asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by using the asymmetric private key to obtain a message;
and restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a third aspect, an embodiment of the present invention further provides a data transmission apparatus, which is executed by a client, and includes:
the first ciphertext acquisition module is used for generating a symmetric encryption key for the data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module is used for sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
the second ciphertext acquisition module is used for generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext;
the first ciphertext decryption module is configured to send a second ciphertext to the server, so that the server performs the following: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a fourth aspect, an embodiment of the present invention further provides a data transmission apparatus, which is executed by a server, and includes:
the sampled ciphertext receiving module is used for receiving a sampled ciphertext from the client; the sampled ciphertext is obtained by the following method: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
the second ciphertext receiving module is used for receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting the asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
the second ciphertext decryption module is used for decrypting the second ciphertext by using the asymmetric private key to obtain a message;
and the first ciphertext decryption module is used for restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the data transmission method provided by the embodiment of the invention.
In a sixth aspect, the present invention further provides a storage medium including computer-executable instructions, which when executed by a computer processor, are used to perform the data transmission method provided by the present invention.
In a seventh aspect, an embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the data transmission method provided in the embodiment of the present invention.
The embodiment of the invention generates a symmetric encryption key by a client, encrypts a data original text by the symmetric encryption key to obtain a first ciphertext, adopts a symmetric encryption method to improve the efficiency of encrypting the original text, samples the first ciphertext, sends the sampled first ciphertext to a server, destroys the integrity of the first ciphertext by sampling to prevent the first ciphertext from being decoded, improves the security of the first ciphertext, generates a message by sampling data and the symmetric encryption key, asymmetrically encrypts the message to obtain a second ciphertext, and sends the second ciphertext to the server, wherein the asymmetric encryption can improve the security of the second ciphertext, namely improve the security of the symmetric encryption key and the transmission of the sampled data, the data volume of the second ciphertext is relatively small, the efficiency of the asymmetric encryption can be improved, and the problems of poor security and low efficiency of the asymmetric encryption algorithm of the traditional symmetric encryption algorithm are solved, the effects of improving the data encryption efficiency and the data transmission safety are achieved.
Drawings
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention;
fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a first ciphertext sampling according to a second embodiment of the present invention;
fig. 4 is a flowchart of a data transmission method according to a third embodiment of the present invention;
fig. 5 is a flowchart of a client data transmission method according to a fourth embodiment of the present invention;
fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a data transmission apparatus according to a fifth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a data transmission apparatus according to a sixth embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention, where the method is applicable to a case of encrypting data transmission, and the method may be executed by a data transmission apparatus, and the apparatus may be implemented in a software and/or hardware manner. The device can be configured in the electronic equipment and executed by the client, and the method specifically comprises the following steps:
and 110, generating a symmetric encryption key for the data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext.
The symmetric encryption key is a key used in the encryption process of the original data text in the data transmission process, and is used for encrypting the original data text to be transmitted, and when the symmetric encryption key is used for encrypting the transmission data, the same key is used for encrypting the original data text in the transmission process and decrypting the original data text in the receiving process. The first ciphertext is data obtained by encrypting a data original text to be transmitted by a symmetric encryption key, and specifically, after the symmetric encryption key is generated, the symmetric encryption key and the data original text to be transmitted are subjected to certain operation by an encryption algorithm to obtain the first ciphertext. Exemplary, common symmetric Encryption algorithms include DES (Data Encryption Standard) Algorithm, AES (Advanced Encryption Standard) Algorithm, IDEA (International Data Encryption Algorithm) Algorithm, and the like, and preferably, the present invention uses ChaCha20 Algorithm, which is a ChaCha series stream cipher and has stronger characteristics against cryptanalysis attack, where "20" indicates that the Algorithm has 20 rounds of Encryption calculation, and is a novel stream Encryption Algorithm with high efficiency and high security. The symmetric encryption key is adopted to encrypt the data original text to obtain the first ciphertext, the calculation amount is small, and the encryption speed can be improved.
In an optional embodiment, generating a symmetric encryption key for a data plaintext to be transmitted includes: generating a key random number for a data original text to be transmitted; and generating a symmetric encryption key according to the key random number.
The key random number is randomly generated data for generating a symmetric encryption key, and for example, the key random number may be generated by a random function, the random number generated each time is different, and the symmetric encryption key generated according to the key random number is a random key. Specifically, the symmetric encryption key is generated by the client, and the key is a random key with a fixed length of 32 bits or more, for example, the generation of the symmetric encryption key may be performed in combination with information such as a key random number, a date, a time, and a clock sequence, for example, the key random number, the date, the time, and the clock sequence information are sequentially formed into the symmetric encryption key, and the symmetric encryption key does not include specific information.
The key random number is generated randomly and has randomness, the symmetric encryption key is generated according to the key random number, and the symmetric secret key also has randomness, so that the security of the key can be improved.
And 120, sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server.
The sampling is data of a preset position for collecting the first ciphertext, namely data of the preset position in the first ciphertext is extracted, the extracted data are sampling data, the sampled ciphertext is the first ciphertext after sampling, exemplarily, the data of the preset position of the first ciphertext can be removed or replaced to obtain the sampled ciphertext, and the preset position is a preset position for sampling the first ciphertext. And the client sends the sampled ciphertext to the server. By sampling the first ciphertext, the integrity of the first ciphertext data is damaged, original text data information cannot be acquired even if the first ciphertext is intercepted by a third party in the transmission process, and the safety of data transmission is improved.
And step 130, generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext.
The message is composed of sampling data, a symmetric encryption key and the like, and is used for the server to obtain decryption information of the first ciphertext, specifically, the message adopts a JSON format, the sampling data adopts a key value pair to sequentially encapsulate an array, for example, the key value pair may be in a form of { sampling position: first ciphertext }. The asymmetric public key is a secret key used when a message is encrypted through an asymmetric encryption Algorithm and used for encrypting the message, different secret keys are used in the encryption and decryption processes of the asymmetric encryption Algorithm, the secret key used in the encryption process is a public key, the secret key used in the decryption process is a private key, the public key and the private key are a pair of secret keys, after the message is encrypted through the public key, only the corresponding private key can be decrypted, and the safety of message transmission is improved. The second ciphertext is a message encrypted by the asymmetric public key and is used for sending the sampling data of the original text of the data to be transmitted and the symmetric encryption key of the first ciphertext to the server. And the asymmetric public key is adopted to encrypt the message to obtain a second ciphertext, so that the security of the second ciphertext can be improved.
In an alternative embodiment, generating a message based on the sampled data and the symmetric encryption key comprises: determining the abstract of the first ciphertext to obtain the abstract of the first ciphertext; and generating a message comprising the sampling data, the symmetric encryption key and the first ciphertext abstract, and verifying the restored first ciphertext by the server side according to the first ciphertext abstract in the message.
The digest of the first ciphertext is digest information calculated by the first ciphertext through a hash algorithm, and is used for the server to verify the restored first ciphertext, specifically, the first ciphertext is mapped into the digest information through a hash function, and the digest information is a character string with a fixed length, for example, the hash algorithm may be MACTripleDES, MD5, ripemm 160, SHA1, SHA256, SHA384, SHA512, or the like, preferably, the MD5 algorithm is adopted in this embodiment, the MD5 algorithm has higher efficiency, the efficiency of subsequent verification through the digest can be improved, the output result of the MD5 algorithm is relatively short, the length of a transmission message can be effectively reduced, and the efficiency of asymmetric encryption is improved. The method comprises the steps that a message is generated by sampling data, a symmetric encryption key and a first ciphertext digest, the ciphertext digest is extracted from the message after a server side receives a second ciphertext, verification can be conducted on the restored first ciphertext, specifically, after the server side receives the second ciphertext, the digest of the restored first ciphertext is obtained through an MD5 algorithm and is verified through comparison with the digest of the first ciphertext in the message, and the restored first ciphertext is obtained through restoring the sampled ciphertext through the server side according to the sampling data.
The first ciphertext abstract is obtained through calculation, the sampled data, the symmetric encryption key and the first ciphertext abstract are generated into a message, the first ciphertext abstract can be used for verifying the restored first ciphertext by the server, verifying whether the first ciphertext received by the server is tampered or lost in the transmission process or not, and the like, so that the correctness of the first ciphertext is confirmed, meanwhile, the length of the message can be effectively reduced by obtaining the first ciphertext abstract through a Hash algorithm, and the efficiency of asymmetric encryption of the message and the transmission efficiency are improved.
In an alternative embodiment, generating a message from the sampled data and the symmetric encryption key includes: determining the abstract of the data original text to obtain the original text abstract; and generating a message comprising the sampling data, the symmetric encryption key and the original text abstract, and verifying the decryption result of the first ciphertext by the server side according to the original text abstract in the message.
The original text abstract is abstract information obtained by calculating the original text of the data to be transmitted through a Hash algorithm, and the obtaining method is the same as the first ciphertext abstract obtaining method, namely, the MD5 algorithm is adopted to obtain the original text abstract, and the original text abstract is used for verifying the decryption result of the first ciphertext by the server side, namely, verifying whether the decryption result of the first ciphertext is the same as the original text of the data to be transmitted sent by the client side. Specifically, an original text of data to be transmitted is calculated through an MD5 algorithm to obtain an original text abstract, sampled data, a symmetric encryption key and the original text abstract are generated into a message, a server side receives the message and verifies a decryption result of a first ciphertext according to the original text abstract, and specifically, after the server side decrypts the first ciphertext, the server side calculates according to an MD5 algorithm to obtain an abstract of the decryption result of the first ciphertext and verifies the abstract by comparing the abstract with the original text abstract.
The method comprises the steps of obtaining an original text abstract through calculation, generating a message by using sampled data, a symmetric encryption key, the original text abstract and the like, wherein the original text abstract can be used for verifying the original text, verifying whether the original text received by a server side is tampered or lost in the transmission process or not, and the like, and confirming the correctness of the original text, and meanwhile, the length of the message can be effectively reduced by obtaining the original text abstract through a Hash algorithm, and the efficiency and the transmission efficiency of asymmetric encryption of the message are improved.
Step 140, sending a second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
The client sends a second ciphertext to the server, and is used for decrypting the second ciphertext according to a private key of the server after the server receives the second ciphertext to obtain a message, restoring the first ciphertext according to sampling data in the message to obtain a first ciphertext, and decrypting the first ciphertext according to a symmetric encryption key in the message to obtain a data original text.
The network has been deeply developed in aspects of our life, such as car taking, shopping and mobile payment on the internet, and data transmission, such as identity authentication, face recognition, data backup and confidential file transmission, is required to be performed in network activities, so that security of data transmission needs to be guaranteed, and generally, in order to prevent data from being snooped, intercepted and falsified in the transmission process, data needs to be encrypted and transmitted. For example, in the context of identity authentication, an identity card needs to be photographed and uploaded, in order to realize transmission security, in the prior art, after photographing, a picture needs to be compressed first, converted into a Base64 text, and then converted into a ciphertext through asymmetric encryption for transmission, which is time-consuming in the process and causes poor user experience. The asymmetric encryption algorithm has relatively high security, and after the image is converted into the text, the data volume is relatively large, so that the time consumption of encryption and decryption is relatively long, and the efficiency of the whole process is low. On the other hand, the traditional symmetric encryption algorithm is simple and efficient in encryption and decryption, but the key is easy to intercept in the process of sending the key, and if a relatively fixed key is adopted, the risk of leakage exists, and the security is low.
The technical scheme of this embodiment includes generating a symmetric encryption key by a client, encrypting a data plaintext by the symmetric encryption key to obtain a first ciphertext, increasing the efficiency of encrypting the plaintext by a symmetric encryption method, sampling the first ciphertext, sending the sampled first ciphertext to a server, destroying the integrity of the first ciphertext by sampling to prevent the first ciphertext from being decoded, increasing the security of the first ciphertext, generating a message by using the sampled data and the symmetric encryption key, asymmetrically encrypting the message to obtain a second ciphertext, sending the second ciphertext to the server, wherein the asymmetric encryption can increase the security of the second ciphertext, i.e., increase the security of the symmetric encryption key and the transmission of the sampled data, and the amount of the second ciphertext is relatively small, thereby increasing the efficiency of the asymmetric encryption and solving the problem of poor security of the conventional symmetric encryption algorithm, and the asymmetric encryption algorithm has low efficiency, and the effects of improving the data encryption efficiency and the data transmission safety are realized.
Example two
Fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention, where this embodiment is further refined on the basis of the above embodiment, specifically, the step of obtaining a sampled ciphertext and sampled data by sampling a first ciphertext is refined as follows: determining at least one sampling position in the first ciphertext; the method includes the steps that preset data are adopted to replace a first ciphertext at a sampling position to obtain a sampled ciphertext, the sampling data are determined according to the sampling position and the first ciphertext at the sampling position, and the server restores the sampled ciphertext according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext, and comprises the following steps:
step 210, generating a symmetric encryption key for the original data text to be transmitted, and encrypting the original data text by using the symmetric encryption key to obtain a first ciphertext.
Step 220, at least one sampling position in the first ciphertext is determined.
The sampling position is a position for extracting the sampling data in the first ciphertext, and the sampling position may be sequentially generated according to a certain rule, that is, sequentially sampled, for example, the first byte of every 5120 bytes is a sampling point, or randomly generated, that is, randomly sampled, for example, a series of random numbers are generated by a random function as the sampling position. The number of sampling positions in the first ciphertext is at least one, and generally a plurality of sampling positions are provided for destroying the integrity of the first ciphertext, increasing the difficulty of a third party in decoding the first ciphertext and improving the security of file transmission.
In an alternative embodiment, determining at least one sampling location in the first ciphertext comprises: determining the sampling times according to a preset sampling data quantity threshold value and the length of preset data; and determining a sampling position according to the data volume and the sampling times of the first ciphertext.
The preset threshold value of the sampled data amount is a preset maximum value of the data amount of all the sampled data, that is, a total data amount of the sampled data, and is used for limiting the sampled data amount, for example, the preset threshold value of the sampled data amount is 4K. When the sampling data volume is too large, the generated message data volume is too large, the calculation amount is large when the message is encrypted by the asymmetric encryption algorithm, the encryption efficiency is reduced, and the efficiency of the message for asymmetric encryption can be guaranteed by setting the threshold value of the sampling data volume. The length of the preset data is the length of each sample data, that is, the data length of each sample position. The sampling frequency may be determined according to a preset threshold value of the sampling data amount and a length of preset data, and specifically, the sampling frequency may be obtained by dividing the preset threshold value of the sampling data amount by the length of the preset data, that is, the sampling frequency is equal to the preset threshold value of the sampling data amount/the length of the preset data. The data volume of the first ciphertext is the data volume of data included in the first ciphertext, and according to the data volume of the first ciphertext and the sampling frequency, a sampling frequency may be obtained, specifically, the sampling frequency is equal to the data volume/the sampling frequency of the first ciphertext, for example, the data volume of the first ciphertext is 10M, a preset sampling data volume threshold value is 2K, the length of the preset data is 1 byte, the sampling frequency is 2048 bytes, the sampling frequency is 5120 bytes per sampling point, that is, sampling is performed every 5120 bytes, for example, sequential sampling is performed, and a position where a first byte in every 5120 bytes in the first ciphertext is located may be determined as a sampling position.
The sampling times are determined according to the preset sampling data volume threshold value and the length of the preset data, the sampling data volume can be guaranteed not to be too large, the data volume of the message is guaranteed not to be too large, the efficiency of asymmetric encryption is improved, the sampling position is determined according to the data volume of the first ciphertext and the sampling times, the method is simple, the position of a sampling point can be obtained quickly, and the sampling efficiency is improved.
In an alternative embodiment, determining the sampling position according to the data amount and the sampling times of the first ciphertext comprises: dividing the first ciphertext into N first sub-ciphertexts according to the data volume of the first ciphertext; wherein N is the sampling frequency; generating a sampling random number; and determining the sampling position in the first subconclaim according to the sampling random number.
According to the data volume of the first ciphertext, the first ciphertext is divided into N first sub-ciphertexts, that is, the first ciphertext is divided into N first sub-ciphertexts according to the sampling frequency, the length of each first sub-ciphertext is equal to the value of the sampling frequency value, that is, the length of the first sub-ciphertext is equal to the data volume/N of the first ciphertext, the first ciphertext is uniformly divided into N, for example, the data volume of the first ciphertext is 10M, the sampling times is 2048, the length of the first sub-ciphertext is 5120 bytes, that is, the first ciphertext is divided into 2048 first sub-ciphertexts, and each first sub-ciphertext is 5120 bytes. The sampling random number is a random number used for determining a sampling position of each first sub-ciphertext, specifically, the random number may be generated by a random function, for example, a random number between 0 and 1 is generated by the random function, the length of the first sub-ciphertext is multiplied by the random number to obtain the sampling random number, and the sampling random number is used as the sampling position; or directly generating a random number which is less than or equal to the length value of the first sub-ciphertext through a random function, taking the random number as a sampling random number, and taking the sampling random number as a sampling position.
By dividing the first ciphertext into N first sub-ciphertexts and determining the sampling position in the first sub-ciphertext according to the sampling random number, the sampling position can be kept random on the whole, the generated random numbers are prevented from being concentrated at a certain position of the first ciphertext, for example, the generated random numbers are concentrated at the beginning part of the first ciphertext, so that the sampling position loses randomness, the randomness of the sampling position is improved, the difficulty of restoring the file after being intercepted and captured during data transmission is improved, and the safety of data transmission is improved.
And 230, replacing the first ciphertext at the sampling position with preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
The preset data is a set of data having the same size as the sample position data set in advance for replacing the sample data of the sample position, for example, 00000000. And replacing the first ciphertext of the sampling position with preset data, and taking the sampling position and the first ciphertext of the sampling position as sampling data. And the server side obtains sampling data according to the received message, and restores the sampled first ciphertext to obtain the first ciphertext. Fig. 3 is a schematic diagram of a first ciphertext sample. In the first ciphertext, there are three random sampling points, where sampling point 1 and sampling point 2 have been sampled and sampling point 3 has not been sampled. As shown in fig. 3: sample point 1: 01001000, sample point 2: 01111000, sample point 3: 01001110, preset data: 00000000, sampling sample 1 and sample 2 to obtain two groups of data: 01001000 and 01111000, the two groups of data and the sampling position information are sampling data, and the sampling point 1 and the sampling point 2 are replaced by 00000000 respectively to obtain a first ciphertext after sampling, so as to ensure that the size and the data sequence of the first ciphertext after sampling are consistent with those before sampling. Preferably, in order to improve the security of the first ciphertext, the first ciphertext may be sampled after being integrally shifted, and during the restoration, the sampled data needs to be restored and then integrally shifted reversely, and meanwhile, the shifted data is recorded. By sampling the first ciphertext, the integrity of the first ciphertext is damaged, the first ciphertext can be prevented from being cracked in the transmission process, and the safety of the first ciphertext is improved.
And step 240, sending the sampled ciphertext to the server.
And step 250, generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext.
Step 260, sending a second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
According to the technical scheme, at least one sampling position is determined, the sampling position first ciphertext is replaced by the preset data, the integrity of the first ciphertext can be damaged, the content and the sequence of the first ciphertext in other positions are not damaged, the difficulty of decoding the first ciphertext is improved, the transmission safety of the first ciphertext after sampling is improved, the service end is convenient to restore the first ciphertext, and the decryption efficiency is improved.
EXAMPLE III
Fig. 4 is a flowchart of a data transmission method according to a third embodiment of the present invention, where the method is applicable to decrypting data transmission, and the method may be executed by a data transmission apparatus, and the apparatus may be implemented in a software and/or hardware manner. The device can be configured in the electronic equipment and executed by the server side, and the method specifically comprises the following steps:
step 310, receiving a sampled ciphertext from a client; the sampled ciphertext is obtained by the following method: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; and sampling the first ciphertext to obtain a sampled ciphertext and sampled data.
And the server receives the sampled ciphertext sent by the client. The sampled ciphertext is generated by the client, the client generates a symmetric encryption key, the data original text to be transmitted is symmetrically encrypted through a symmetric encryption algorithm to obtain a first ciphertext, the obtained first ciphertext is sampled to obtain the sampled first ciphertext, the sampled first ciphertext is sent to the server, and the obtained sampled data is used for generating a message.
Step 320, receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting the asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key.
And the server receives the second ciphertext sent by the client. The second ciphertext is a message encrypted by the client according to the asymmetric public key, and the message comprises sampling data and a symmetric encryption key.
And step 330, decrypting the second ciphertext by using the asymmetric private key to obtain a message.
And the server decrypts the received second ciphertext according to the asymmetric private key to obtain a message, specifically, the message comprises sampling data and a symmetric encryption key, wherein the sampling data is used for restoring the sampled ciphertext, and the symmetric encryption key is used for decrypting the first ciphertext.
And 340, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
And acquiring sampling data in the message, restoring preset data at the sampling position according to the first ciphertext at the sampling position, namely restoring the sampled ciphertext to obtain the first ciphertext, acquiring a symmetric encryption key in the message, decrypting the restored first ciphertext to obtain a data original text to be transmitted, which is sent by the client.
In an optional embodiment, the recovering the sampled ciphertext using the sampled data in the message to obtain the first ciphertext includes: extracting a sampling position and a first ciphertext at the sampling position from sampling data in the ciphertext; and replacing the preset data at the sampling position in the sampled ciphertext by using the first ciphertext at the sampling position, and restoring to obtain the first ciphertext.
The sampling data in the message comprises a sampling position and a first ciphertext of the sampling position, the first ciphertext of the sampling position and the sampling position is extracted from the sampling data in the message, the first ciphertext of the sampling position is used for replacing preset data of the sampling position in the ciphertext after sampling, the ciphertext after sampling is restored, and the first ciphertext after restoration is obtained.
The sampling position and the first ciphertext of the sampling position are extracted from the sampling data, the preset data corresponding to the sampling position are restored, the first ciphertext is obtained, and accuracy of the restored first ciphertext can be improved.
In an optional embodiment, before decrypting the restored first ciphertext with the symmetric encryption key in the message, the method further includes: and verifying the first ciphertext obtained by restoring by adopting the first ciphertext abstract in the message.
The server side performs hash calculation on the restored first ciphertext to obtain an abstract of the restored first ciphertext, the abstract of the restored first ciphertext is used for verifying the restored first ciphertext, a hash algorithm adopted by the server side is the same as that adopted by the client side, specifically, the abstract of the restored first ciphertext obtained by the server side is compared with the abstract of the first ciphertext in the message, if the abstract of the restored first ciphertext is equal to that adopted by the client side, the verification is successful, the first ciphertext is safe and effective in the transmission process, and if the abstract of the restored first ciphertext is not equal to that adopted by the server side, the verification is unsuccessful, and failure information is sent to the client side.
The first ciphertext is verified through the first ciphertext abstract in the message, whether the first ciphertext generates errors in the transmission process can be verified, and the original text obtained through decryption is guaranteed to be correct.
In an optional embodiment, after decrypting the restored first ciphertext with the symmetric encryption key in the message, the method further includes: and verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
The server side performs hash calculation on the first ciphertext decryption result to obtain an abstract of the first ciphertext decryption result, the abstract is used for verifying the first ciphertext decryption result, a hash algorithm adopted by the server side is the same as that of the client side, specifically, the abstract of the first ciphertext decryption result obtained by the server side is compared with an original text abstract in the message, if the abstract of the first ciphertext decryption result obtained by the server side is equal to that of the client side, verification is successful, the fact that the original text is safe and effective in a transmission process is indicated, and if the abstract of the first ciphertext decryption result is not equal to that of the original text, verification is unsuccessful, and failure information is sent to the client side.
The original text is verified through the original text abstract in the message, so that whether the original text has errors in the transmission process can be verified, and the accuracy of file transmission is guaranteed.
According to the technical scheme, the sampled ciphertext and the second ciphertext are received, the asymmetric public key is used for decrypting the second ciphertext to obtain the message, the safety of the message is improved, the first ciphertext is restored according to the sampled data in the message, the first ciphertext is decrypted according to the symmetric secret key in the message to obtain the first ciphertext, the decryption efficiency of the first ciphertext is improved, and the data decryption efficiency is improved while the safety of data transmission is improved by comprehensively using asymmetric encryption and symmetric encryption.
Example four
Fig. 5 is a flowchart of a client data transmission method according to a fourth embodiment of the present invention, and fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention, where this embodiment is applicable to a case of encrypting and decrypting data transmission, and the method includes:
fig. 5 is a flowchart illustrating a client data transmission method according to a fourth embodiment of the present invention, which includes the following specific processes:
and step 410, acquiring the abstract of the original text. And acquiring an original text abstract of the original text of the data to be transmitted through an MD5 algorithm. Preferably, in order to increase the calculation speed of the original text abstract, when the data volume of the original document is large, the original text abstract is calculated by using a document block reading method. It should be noted that the computing methods of the client device and the server device must be consistent to obtain consistent computing results for verification. For the data original text to be transmitted is an ultra-large file, for example, video data, a special data packet and the like, in order to safely transmit the ultra-large file, the file is firstly split into the specified size, for example, 128M, the split data is used as the data original text to be transmitted, data transmission is sequentially carried out, the data original text to be transmitted is combined at a server after transmission is finished, the data original text to be transmitted is combined into an original transmission file, and the encryption and decryption efficiency of the file is improved.
Step 420, generating a first ciphertext. The client generates a symmetric encryption key and encrypts the original text to obtain a first ciphertext. The symmetric encryption key is generated by the client, so that the symmetric encryption key generated by the server can be prevented from being obtained by the third party in the process of returning the symmetric encryption key to the client, the asymmetric encryption key public key can be obtained by the third party, the returned symmetric encryption key is visible to the third party, the symmetric encryption key is generated by the client, the asymmetric encryption key is encrypted by the asymmetric encryption key and then is sent, and the third party cannot decrypt and check the symmetric encryption key through the asymmetric encryption key, so that the transmission safety of the symmetric encryption key is improved.
And step 430, acquiring the first ciphertext abstract. And acquiring a first ciphertext abstract through an MD5 algorithm, wherein the first ciphertext abstract is used for the server to verify the first ciphertext.
And step 440, acquiring the sampled ciphertext and sending the ciphertext. Sampling the first ciphertext, moving a part of data in the first ciphertext into the second ciphertext for transmission through sampling, improving the transmission security of the first ciphertext, forming a sampled ciphertext after the first ciphertext is sampled, sending the sampled ciphertext to the server, and performing first transmission on the server.
Preferably, in order to improve overall security, the first ciphertext can be sampled after being subjected to overall displacement, and correspondingly, when the server side restores the sampled ciphertext, the sampled ciphertext needs to be restored and then subjected to overall reverse displacement, and displacement data is recorded. Optionally, can will encrypt the sending data and sample two steps to the data after encrypting, combine together, it is concrete, to sending data whole shift, use first secret key to carry out the XOR calculation after the shift to sample in the computational process, in order to promote data computational efficiency, whole process is equal to once duplicates sending data, can the quickly separating out sampling data and sample back ciphertext, promotes encryption and sampling efficiency.
And step 450, forming a message. And composing the sampled data, the original text abstract, the first ciphertext abstract and the symmetric encryption key into a message.
And step 460, acquiring and sending the second ciphertext. And encrypting the message by using the asymmetric encryption public key to obtain a second ciphertext, sending the second ciphertext to the server, and transmitting the second ciphertext to the server for the second time. And finishing the data transmission process of the client.
Fig. 6 is a flowchart of a server data transmission method according to a fourth embodiment of the present invention, which includes the following specific processes:
and step 510, decrypting the second ciphertext. And the server receives the second ciphertext, decrypts the second ciphertext by using the asymmetric private key to obtain a message, wherein the message comprises the sampling data, the original text digest, the first ciphertext digest and the symmetric encryption key.
And step 520, restoring the sampled ciphertext. And extracting the sampling data in the message, and restoring the sampled ciphertext to obtain a first ciphertext.
Step 530, the first ciphertext is verified. Calculating the restored first ciphertext abstract, comparing the first ciphertext abstract with the first ciphertext abstract in the message, and if the first ciphertext abstract and the first ciphertext abstract are equal, successfully verifying; if not, the verification is unsuccessful.
Step 540, is the first ciphertext verified successfully? If yes, go to step 550; if not, go to step 590.
And step 550, decrypting the first ciphertext. And extracting the symmetric encryption key in the message to decrypt the restored first ciphertext to obtain the data original text.
And step 560, verifying the original text. Calculating the decrypted first ciphertext abstract, comparing the decrypted first ciphertext abstract with the original text abstract in the message, and if the decrypted first ciphertext abstract is equal to the original text abstract in the message, successfully verifying; if not, the verification is unsuccessful.
Step 570, success of original text verification? If yes, go to step 570; if not, go to step 590.
And step 580, acquiring the original text data. And taking the decrypted first ciphertext as original text data, and ending the decryption process.
Step 590, return failure information. Optionally, after the failure information is returned, the log is recorded first, if the data is incomplete, a corresponding failure code is sent to request the client to retransmit, if the data is changed after verification, a failure message is returned, and further, the client sending the information is added to a suspicious list.
In the encryption process of the data at the client, the security and the encryption efficiency of data transmission are improved by applying symmetric encryption and asymmetric encryption, the security of data transmission is improved by sampling a first ciphertext, in the decryption process of the server, verification before and after symmetric encryption of the transmitted data is carried out through a first ciphertext abstract and an original text abstract, the sampled ciphertext is restored, and the transmitted data original text is obtained by decryption twice, so that the accuracy of the obtained data original text is ensured, and the security of data transmission is improved.
EXAMPLE five
Fig. 7 is a schematic structural diagram of a data transmission device according to a fifth embodiment of the present invention. The fifth embodiment is a corresponding device for implementing the client data transmission method provided by the foregoing embodiments of the present invention, and the device may be implemented in a software and/or hardware manner, and may be generally integrated in an electronic device of a client. The data transmission device includes:
the first ciphertext obtaining module 610 is configured to generate a symmetric encryption key for a data plaintext to be transmitted, and encrypt the data plaintext by using the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module 620 is configured to sample the first ciphertext to obtain a sampled ciphertext and sampled data, and send the sampled ciphertext to the server;
a second ciphertext obtaining module 630, configured to generate a message according to the sample data and the symmetric encryption key, and encrypt the message by using the asymmetric public key to obtain a second ciphertext;
the first ciphertext decryption module 640 is configured to send the second ciphertext to the server, so that the server performs the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
The technical scheme of this embodiment includes generating a symmetric encryption key by a client, encrypting a data plaintext by the symmetric encryption key to obtain a first ciphertext, increasing the efficiency of encrypting the plaintext by a symmetric encryption method, sampling the first ciphertext, sending the sampled first ciphertext to a server, destroying the integrity of the first ciphertext by sampling to prevent the first ciphertext from being decoded, increasing the security of the first ciphertext, generating a message by using the sampled data and the symmetric encryption key, asymmetrically encrypting the message to obtain a second ciphertext, sending the second ciphertext to the server, wherein the asymmetric encryption can increase the security of the second ciphertext, i.e., increase the security of the symmetric encryption key and the transmission of the sampled data, and the amount of the second ciphertext is relatively small, thereby increasing the efficiency of the asymmetric encryption and solving the problem of poor security of the conventional symmetric encryption algorithm, and the asymmetric encryption algorithm has low efficiency, and the effects of improving the data encryption efficiency and the data transmission safety are realized.
Further, the ciphertext sending module 620 includes:
a sampling position determination unit for determining at least one sampling position in the first ciphertext;
and the ciphertext sampling unit is used for replacing the first ciphertext at the sampling position with preset data to obtain a sampled ciphertext, determining the sampling data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampling data and the first ciphertext at the sampling position to obtain the first ciphertext.
Further, the sampling position determination unit includes:
the sampling frequency determining subunit is used for determining the sampling frequency according to a preset sampling data quantity threshold value and the length of preset data;
and the sampling position calculating subunit is used for determining the sampling position according to the data volume and the sampling times of the first ciphertext.
Further, the sampling position calculating subunit is specifically configured to divide the first ciphertext into N first sub-ciphertexts according to the data amount of the first ciphertext; wherein N is the sampling frequency; generating a sampling random number; and determining the sampling position in the first subconclaim according to the sampling random number.
Further, the second ciphertext obtaining module 630 includes:
the first ciphertext abstract acquiring unit is used for determining an abstract of a first ciphertext to obtain a first ciphertext abstract;
and the first-time message generation unit is used for generating a message comprising the sampling data, the symmetric encryption key and the first ciphertext abstract, and the server side verifies the restored first ciphertext according to the first ciphertext abstract in the message.
Further, the second ciphertext obtaining module 630 includes:
the original text abstract acquiring unit is used for determining an abstract of the data original text to obtain an original text abstract;
and the second-time message generation unit is used for generating a message comprising the sampling data, the symmetric encryption key and the original text abstract, and the server side verifies the decryption result of the first ciphertext according to the original text abstract in the message.
Further, the first ciphertext obtaining module 610 includes:
the random number generating unit is used for generating a secret key random number for a data original text to be transmitted;
and the key generation unit is used for generating a symmetric encryption key according to the key random number.
The device can execute the data transmission method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
EXAMPLE six
Fig. 8 is a schematic structural diagram of a data transmission device according to a sixth embodiment of the present invention. The sixth embodiment is a corresponding apparatus for implementing the server data transmission method provided by the foregoing embodiments of the present invention, and the apparatus may be implemented in a software and/or hardware manner, and may be generally integrated in an electronic device at a server. The data transmission device includes:
a sampled ciphertext receiving module 710, configured to receive a sampled ciphertext from a client; the sampled ciphertext is obtained by the following method: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
a second ciphertext receiving module 720, configured to receive a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting the asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
the second ciphertext decryption module 730 is configured to decrypt the second ciphertext with the asymmetric private key to obtain a message;
the first ciphertext decryption module 740 is configured to restore the sampled ciphertext with the sample data in the message to obtain a first ciphertext, and decrypt the restored first ciphertext with the symmetric encryption key in the message.
According to the embodiment of the invention, the sampled ciphertext and the second ciphertext are received, the asymmetric public key is used for decrypting the second ciphertext to obtain the message, the safety of the message is improved, the first ciphertext is restored according to the sampled data in the message, the first ciphertext is decrypted according to the symmetric secret key in the message to obtain the first ciphertext, the decryption efficiency of the first ciphertext is improved, and the data decryption efficiency is improved while the safety of data transmission is improved by comprehensively using asymmetric encryption and symmetric encryption.
Further, the first ciphertext decryption module 740 includes:
the sampling first ciphertext extraction unit is used for extracting a sampling position and a first ciphertext at the sampling position from the sampling data in the message;
and the first ciphertext restoration unit is used for replacing the preset data at the sampling position in the sampled ciphertext by adopting the first ciphertext at the sampling position, and restoring to obtain the first ciphertext.
Further, the first ciphertext decryption module 740 further includes:
and the restoration result verification unit is used for verifying the restored first ciphertext by adopting the first ciphertext abstract in the message.
Further, the first ciphertext decryption module 740 further includes:
and the decryption result verification unit is used for verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
The device can execute the data transmission method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the data transmission method.
EXAMPLE seven
Fig. 9 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present invention, where the electronic device may be configured to a client or a server, as shown in fig. 9, the electronic device includes a processor 810, a memory 820, an input device 830, and an output device 840; the number of the processors 810 in the electronic device may be one or more, and one processor 810 is taken as an example in fig. 9; the processor 810, the memory 820, the input device 830 and the output device 840 in the apparatus may be connected by a bus or other means, for example, in fig. 9.
The memory 820 is a computer-readable storage medium and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules (e.g., the first ciphertext acquisition module 610, the ciphertext transmission module 620, the second ciphertext acquisition module 630, and the first ciphertext decryption module 640) corresponding to the data transmission method in the embodiment of the present invention. The processor 810 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 820, that is, implements the data transmission method described above.
The memory 820 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 820 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 820 may further include memory located remotely from the processor 810, which may be connected to an electronic device/terminal/server through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 830 may be used to receive input point cloud data and generate key signal inputs related to user settings and function control of the electronic apparatus. The output device 840 may include a display device such as a display screen.
Example eight
An eighth embodiment of the present invention also provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a data transmission method, the method including (performed by a client):
generating a symmetric encryption key for a data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
and sending a second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
The method further comprises (performed by the server):
receiving a sampled ciphertext from a client; the sampled ciphertext is obtained by the following method: encrypting the data original text by adopting a symmetric encryption key generated for the data original text to be transmitted to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting the asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by using the asymmetric private key to obtain a message;
and restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the data transmission method provided by any embodiment of the present invention.
An embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the data transmission method according to any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the above search apparatus, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (16)

1. A data transmission method, performed by a client, the method comprising:
generating a symmetric encryption key for a data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to a server;
generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting an asymmetric public key to obtain a second ciphertext;
and sending the second ciphertext to the server, so that the server executes the following steps: and decrypting the second ciphertext by using an asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using a symmetric encryption key in the message.
2. The method of claim 1, wherein sampling the first ciphertext to obtain a sampled ciphertext and sampled data, comprises:
determining at least one sampling position in the first ciphertext;
and replacing the first ciphertext at the sampling position by adopting preset data to obtain a sampled ciphertext, determining the sampled data according to the sampling position and the first ciphertext at the sampling position, and restoring the sampled ciphertext by the server according to the sampling position in the sampled data and the first ciphertext at the sampling position to obtain the first ciphertext.
3. The method of claim 2, wherein determining at least one sampling location in the first ciphertext comprises:
determining the sampling times according to a preset sampling data quantity threshold value and the length of the preset data;
and determining a sampling position according to the data volume and the sampling times of the first ciphertext.
4. The method of claim 3, wherein determining the sampling position based on the data size and the number of samples of the first ciphertext comprises:
dividing the first ciphertext into N first sub-ciphertexts according to the data volume of the first ciphertext; wherein N is the sampling frequency;
generating a sampling random number;
and determining the sampling position in the first subconclaim according to the sampling random number.
5. The method of claim 1, wherein generating a message based on the sampled data and the symmetric encryption key comprises:
determining the abstract of the first ciphertext to obtain a first ciphertext abstract;
and generating a message comprising the sampling data, the symmetric encryption key and the first ciphertext abstract, and verifying the restored first ciphertext by the server side according to the first ciphertext abstract in the message.
6. The method of claim 1, wherein generating a message based on the sampled data and the symmetric encryption key comprises:
determining the abstract of the data original text to obtain an original text abstract;
and generating a message comprising the sampling data, the symmetric encryption key and the original text abstract, and verifying a decryption result of the first ciphertext by the server side according to the original text abstract in the message.
7. The method of claim 1, wherein generating a symmetric encryption key for the data plaintext to be transmitted comprises:
generating a key random number for a data original text to be transmitted;
and generating a symmetric encryption key according to the key random number.
8. A data transmission method, performed by a server, the method comprising:
receiving a sampled ciphertext from a client; the sampled ciphertext is obtained by the following method: encrypting a data original text to be transmitted by adopting a symmetric encryption key generated for the data original text to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
decrypting the second ciphertext by using an asymmetric private key to obtain a message;
and restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
9. The method of claim 8, wherein the recovering the sampled ciphertext using the sampled data in the message to obtain the first ciphertext comprises:
extracting a sampling position and a first ciphertext at the sampling position from sampling data in the ciphertext;
and replacing the preset data at the sampling position in the sampled ciphertext by using the first ciphertext at the sampling position, and restoring to obtain the first ciphertext.
10. The method of claim 8, wherein before decrypting the recovered first ciphertext using the symmetric encryption key in the message, further comprising:
and verifying the first ciphertext obtained by restoring by adopting the first ciphertext abstract in the message.
11. The method of claim 8, wherein after decrypting the recovered first ciphertext with the symmetric encryption key in the message, further comprising:
and verifying the decryption result of the first ciphertext by adopting the original text abstract in the message.
12. A data transmission apparatus, executed by a client, comprising:
the first ciphertext acquisition module is used for generating a symmetric encryption key for the data original text to be transmitted, and encrypting the data original text by adopting the symmetric encryption key to obtain a first ciphertext;
the ciphertext sending module is used for sampling the first ciphertext to obtain a sampled ciphertext and sampled data, and sending the sampled ciphertext to the server;
the second ciphertext acquisition module is used for generating a message according to the sampling data and the symmetric encryption key, and encrypting the message by adopting the asymmetric public key to obtain a second ciphertext;
the first ciphertext decryption module is configured to send a second ciphertext to the server, so that the server performs the following: and decrypting the second ciphertext by using the asymmetric private key to obtain a message, restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext, and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
13. A data transmission apparatus, implemented by a server, comprising:
the sampled ciphertext receiving module is used for receiving a sampled ciphertext from the client; the sampled ciphertext is obtained by the following method: encrypting a data original text to be transmitted by adopting a symmetric encryption key generated for the data original text to obtain a first ciphertext; sampling the first ciphertext to obtain a sampled ciphertext and sampled data;
the second ciphertext receiving module is used for receiving a second ciphertext from the client; the second ciphertext is obtained by encrypting the message by adopting an asymmetric public key; the message is generated according to the sampling data and the symmetric encryption key;
the second ciphertext decryption module is used for decrypting the second ciphertext by using an asymmetric private key to obtain a message;
and the first ciphertext decryption module is used for restoring the sampled ciphertext by using the sampling data in the message to obtain a first ciphertext and decrypting the restored first ciphertext by using the symmetric encryption key in the message.
14. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a data transmission method as claimed in any one of claims 1-11.
15. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the data transmission method according to any one of claims 1 to 11.
16. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-11.
CN202111500861.2A 2021-12-09 2021-12-09 Data transmission method, device, electronic equipment and storage medium Active CN114205142B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111500861.2A CN114205142B (en) 2021-12-09 2021-12-09 Data transmission method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111500861.2A CN114205142B (en) 2021-12-09 2021-12-09 Data transmission method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114205142A true CN114205142A (en) 2022-03-18
CN114205142B CN114205142B (en) 2023-05-30

Family

ID=80651760

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111500861.2A Active CN114205142B (en) 2021-12-09 2021-12-09 Data transmission method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114205142B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114745207A (en) * 2022-06-10 2022-07-12 国汽智控(北京)科技有限公司 Data transmission method, device, equipment, computer readable storage medium and product
CN117955637A (en) * 2024-03-25 2024-04-30 中国铁塔股份有限公司 Data encryption method and device, and data decryption method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048852A (en) * 2019-03-29 2019-07-23 如般量子科技有限公司 Quantum communications service station Signcryption method and system based on unsymmetrical key pond
CN110214325A (en) * 2017-01-27 2019-09-06 国际商业机器公司 Data mask
US20190297074A1 (en) * 2018-03-26 2019-09-26 Matrics2, Inc. Secure communication with random numbers
CN110324143A (en) * 2019-05-24 2019-10-11 平安科技(深圳)有限公司 Data transmission method, electronic equipment and storage medium
CN113067828A (en) * 2021-03-25 2021-07-02 中国建设银行股份有限公司 Message processing method and device, server, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110214325A (en) * 2017-01-27 2019-09-06 国际商业机器公司 Data mask
US20190297074A1 (en) * 2018-03-26 2019-09-26 Matrics2, Inc. Secure communication with random numbers
CN110048852A (en) * 2019-03-29 2019-07-23 如般量子科技有限公司 Quantum communications service station Signcryption method and system based on unsymmetrical key pond
CN110324143A (en) * 2019-05-24 2019-10-11 平安科技(深圳)有限公司 Data transmission method, electronic equipment and storage medium
CN113067828A (en) * 2021-03-25 2021-07-02 中国建设银行股份有限公司 Message processing method and device, server, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114745207A (en) * 2022-06-10 2022-07-12 国汽智控(北京)科技有限公司 Data transmission method, device, equipment, computer readable storage medium and product
CN117955637A (en) * 2024-03-25 2024-04-30 中国铁塔股份有限公司 Data encryption method and device, and data decryption method and device

Also Published As

Publication number Publication date
CN114205142B (en) 2023-05-30

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
CN111555872B (en) Communication data processing method, device, computer system and storage medium
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
TWI489847B (en) Data encryption method, data verification method and electronic apparatus
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN112202754B (en) Data encryption method and device, electronic equipment and storage medium
CN110611670A (en) API request encryption method and device
CN105760764A (en) Encryption and decryption methods and devices for embedded storage device file and terminal
CN111526007B (en) Random number generation method and system
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN115277094B (en) Communication method, terminal, system and storage medium based on block chain
CN114205142B (en) Data transmission method, device, electronic equipment and storage medium
CN111010399A (en) Data transmission method and device, electronic equipment and storage medium
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN109299618B (en) Quantum-resistant computing cloud storage method and system based on quantum key card
CN117640256A (en) Data encryption method, recommendation device and storage medium of wireless network card
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN111786777A (en) Stream data encryption and decryption method, device, system and storage medium
CN112069472A (en) User login authentication method and system
CN109302283B (en) Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool
CN111049641A (en) Bidirectional authentication based image multiple secret transmission method, device and system
CN110889695A (en) Method and device for saving and recovering private data based on secure multi-party computing
CN111177748A (en) Fingerprint storage encryption method, device and system
CN111131158A (en) Single byte symmetric encryption and decryption method, device and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant