CN115442127A - Transmission data processing method and device - Google Patents

Abstract

The invention provides a transmission data processing method and device, and relates to the technical field of information security. The method comprises the following steps: obtaining a first intermediate number according to a first public key, a first random integer and a first prime number, and obtaining a first ciphertext according to a first public number, the first random integer and the first prime number; wherein the first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance; encrypting data to be transmitted according to the first intermediate number and the first prime number to obtain a second ciphertext; obtaining a first transmission ciphertext according to the first ciphertext and the second ciphertext; sending first transmission data to the second terminal; wherein the first transmission data comprises the first transmission ciphertext and the first public key. The device is used for executing the method. The transmission data processing method and device provided by the embodiment of the invention improve the safety of data transmission.

Description

Transmission data processing method and device

technical field

The invention relates to the technical field of information security, in particular to a transmission data processing method and device.

Background technique

At present, most domestic banks are using File Transfer Protocol (FTP for short) technology for information transmission.

FTP technology does not provide for password security. On the client side and server side using FTP technology, data is transmitted in plain text, and there is a risk of data leakage, such as obtaining data through sniffing. In order to improve the security of data transmission, Secure Socket Layer (SSL) is used to encapsulate FTP. Since FTP transmits data by establishing multiple links, it is difficult to guarantee the security of data transmission even if the password security is protected.

Contents of the invention

Aiming at the problems in the prior art, embodiments of the present invention provide a transmission data processing method and device, which can at least partly solve the problems in the prior art.

In a first aspect, the present invention proposes a transmission data processing method, including:

Obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the first ciphertext according to the first public number, the first random integer and the first prime number; wherein, The first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance;

Encrypting data to be transmitted according to the first intermediate number and the first prime number to obtain a second ciphertext;

Obtain a first transmission ciphertext according to the first ciphertext and the second ciphertext;

Sending first transmission data to the second terminal; wherein, the first transmission data includes the first transmission ciphertext and the first public key.

In a second aspect, the present invention provides a transmission data processing method, including:

receiving first transmission data sent by the first terminal; wherein the first transmission data includes a first transmission ciphertext and a first public key;

Obtaining a first ciphertext and a second ciphertext by parsing the first transmission ciphertext;

Obtaining a second intermediate number according to the first ciphertext, the first private key and the first prime number; wherein the first private key is obtained according to the first public key;

Decrypt the second ciphertext according to the second intermediate number and the first prime number to obtain original data corresponding to the second ciphertext.

In a third aspect, the present invention provides a transmission data processing method, including:

receiving a data forwarding request sent by a third terminal; wherein the data forwarding request includes forwarding data and a fourth terminal identifier, and the forwarding data is encrypted data by the third terminal;

According to the second public key, the second random integer and the second prime number, obtain the third intermediate number, and obtain the third ciphertext according to the second public number, the second random integer and the second prime number; wherein, the The second public key is obtained according to the fourth terminal identifier; the second public number and the second prime number are obtained in advance;

Encrypting the forwarded data according to the third intermediate number and the second prime number to obtain a fourth ciphertext;

Obtain a second transmission ciphertext according to the third ciphertext and the fourth ciphertext;

Sending second transmission data to the fourth terminal; wherein, the second transmission data includes the second transmission ciphertext and the second public key.

In a fourth aspect, the present invention provides a transmission data processing method, including:

receiving second transmission data sent by the server; wherein the second transmission data includes a second transmission ciphertext and a second public key;

Analyzing the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext; according to the third ciphertext, the second private key and the second prime number, a fourth intermediate number is obtained; wherein the second private key obtained according to the second public key;

Decrypting the fourth ciphertext according to the fourth intermediate number and the second prime number to obtain original data corresponding to the fourth ciphertext;

Decrypt the original data corresponding to the fourth ciphertext to obtain the original data.

In a fifth aspect, the present invention provides a transmission data processing device, including:

The first obtaining module is used to obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the second public number according to the first public number, the first random integer and the first prime number A ciphertext; wherein, the first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance;

A second obtaining module, configured to encrypt data to be transmitted according to the first intermediate number and the first prime number, and obtain a second ciphertext;

A third obtaining module, configured to obtain a first transmission ciphertext according to the first ciphertext and the second ciphertext;

A first sending module, configured to send first transmission data to the second terminal; wherein the first transmission data includes the first transmission ciphertext and the first public key.

In a sixth aspect, the present invention provides a transmission data processing device, including:

The first receiving module is configured to receive the first transmission data sent by the first terminal; wherein the first transmission data includes a first transmission ciphertext and a first public key;

A first parsing module, configured to analyze and obtain a first ciphertext and a second ciphertext from the first transmission ciphertext;

A fifth obtaining module, configured to obtain a second intermediate number according to the first ciphertext, the first private key and the first prime number; wherein the first private key is obtained according to the first public key;

A first decryption module, configured to decrypt the second ciphertext according to the second intermediate number and the first prime number, and obtain original data corresponding to the second ciphertext.

In a seventh aspect, the present invention provides a transmission data processing device, including:

The second receiving module is configured to receive a data forwarding request sent by a third terminal; wherein the data forwarding request includes forwarding data and a fourth terminal identifier, and the forwarding data is encrypted data by the third terminal;

The sixth obtaining module is used to obtain the third intermediate number according to the second public key, the second random integer and the second prime number, and obtain the third intermediate number according to the second public number, the second random integer and the second prime number Three ciphertexts; wherein, the second public key is obtained according to the fourth terminal identification; the second public number and the second prime number are obtained in advance;

A seventh obtaining module, configured to encrypt the forwarded data according to the third intermediate number and the second prime number to obtain a fourth ciphertext;

An eighth obtaining module, configured to obtain a second transmission ciphertext according to the third ciphertext and the fourth ciphertext;

A second sending module, configured to send second transmission data to the fourth terminal; wherein the second transmission data includes the second transmission ciphertext and the second public key.

In an eighth aspect, the present invention provides a transmission data processing device, including:

The third receiving module is configured to receive the second transmission data sent by the server; wherein, the second transmission data includes a second transmission ciphertext and a second public key;

A second parsing module, configured to parse the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext;

A ninth obtaining module, configured to obtain a fourth intermediate number according to the third ciphertext, the second private key and the second prime number; wherein the second private key is obtained according to the second public key;

A tenth obtaining module, configured to decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, and obtain original data corresponding to the fourth ciphertext;

The second decryption module is configured to decrypt the original data corresponding to the fourth ciphertext to obtain the original data.

In a ninth aspect, the present invention provides a computer device, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the program, it implements any of the above-mentioned embodiments. Transfer data processing method.

In a tenth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the transmission data processing method described in any one of the above-mentioned embodiments is implemented.

In an eleventh aspect, the present invention provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the transmission data processing method described in any one of the above embodiments is implemented.

The transmission data processing method and device provided by the embodiments of the present invention can obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the first intermediate number according to the first public number, the first random integer and the first prime number , obtain the first ciphertext, encrypt the data to be transmitted according to the first intermediate number and the first prime number, obtain the second ciphertext, obtain the first transmission ciphertext according to the first ciphertext and the second ciphertext, and send The first transmission data of the ciphertext and the first public key are sent to the second terminal, and the security of data transmission is improved by encrypting the data to be transmitted.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work. In the attached picture:

FIG. 1 is a schematic structural diagram of a transmission data processing system provided by a first embodiment of the present invention.

Fig. 2 is a schematic flowchart of a transmission data processing method provided by a second embodiment of the present invention.

Fig. 3 is a schematic flowchart of a transmission data processing method provided by a third embodiment of the present invention.

Fig. 4 is a schematic flowchart of a transmission data processing method provided by a fourth embodiment of the present invention.

Fig. 5 is a schematic flowchart of a transmission data processing method provided by a fifth embodiment of the present invention.

Fig. 6 is a schematic structural diagram of a transmission data processing system provided by a sixth embodiment of the present invention.

Fig. 7 is a schematic flowchart of a transmission data processing method provided by a seventh embodiment of the present invention.

Fig. 8 is a schematic flowchart of a transmission data processing method provided by an eighth embodiment of the present invention.

FIG. 9 is a schematic flowchart of a transmission data processing method provided by a ninth embodiment of the present invention.

Fig. 10 is a schematic structural diagram of a transmission data processing device provided by a tenth embodiment of the present invention.

Fig. 11 is a schematic structural diagram of a transmission data processing device provided by an eleventh embodiment of the present invention.

Fig. 12 is a schematic structural diagram of a transmission data processing device provided by a twelfth embodiment of the present invention.

Fig. 13 is a schematic structural diagram of a transmission data processing device provided by a thirteenth embodiment of the present invention.

Fig. 14 is a schematic structural diagram of a transmission data processing device provided by a fourteenth embodiment of the present invention.

Fig. 15 is a schematic structural diagram of a transmission data processing device provided by a fifteenth embodiment of the present invention.

Fig. 16 is a schematic structural diagram of a transmission data processing device provided by a sixteenth embodiment of the present invention.

Fig. 17 is a schematic structural diagram of a transmission data processing device provided by a seventeenth embodiment of the present invention.

Fig. 18 is a schematic diagram of the physical structure of the electronic device provided by the eighteenth embodiment of the present invention.

detailed description

In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings. Here, the exemplary embodiments and descriptions of the present invention are used to explain the present invention, but not to limit the present invention. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

In order to facilitate the understanding of the technical solution provided by the present application, the relevant content of the technical solution of the present application will be described below first.

At present, the internal data transmission of the bank is directly transmitted through email or communication software. This form of direct transmission in clear text is difficult to guarantee the security of data. If the transmitted data involves confidential or sensitive data in the industry, if personal information or credit card data and other information are leaked during the transmission process, the losses and consequences caused are unimaginable. In order to improve the security of data transmission, the embodiment of the present invention proposes a transmission data processing method, which encrypts the data to be transmitted, and then transmits the encrypted data.

Fig. 1 is a schematic structural diagram of the transmission data processing system provided by the first embodiment of the present invention. As shown in Fig. 1, the transmission data processing system provided by the embodiment of the present invention includes a first terminal 1 and a second terminal 2, wherein:

The first terminal 1 and the second terminal 2 are connected in communication. The first terminal 1 includes but not limited to desktop computers, notebook computers, servers and other devices. The second terminal 2 includes but not limited to desktop computers, notebook computers, servers and other devices.

The specific implementation process of the transmission data processing method provided in the embodiment of the present invention will be described below by taking the first terminal as an execution subject as an example.

Fig. 2 is a schematic flow chart of a transmission data processing method provided in the second embodiment of the present invention. As shown in Fig. 2, the transmission data processing method provided in the embodiment of the present invention includes:

S201. Obtain a first intermediate number according to the first public key, a first random integer, and a first prime number, and obtain a first ciphertext according to a first public number, the first random integer, and the first prime number; wherein , the first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance;

Specifically, the first terminal can obtain the first intermediate number according to the first public key, the first random integer, and the first prime number. The first terminal may obtain a first ciphertext according to the first public number, the first random integer, and the first prime number. Wherein, the first random integer is a randomly selected integer, preferably selected from a range greater than 1 and less than the first prime number minus 1. The first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance.

Further, said obtaining the first intermediate number according to the first public key, the first random integer and the first prime number includes: calculating the result of modulo the first prime number of the first random integer power of the first public key, as the first an intermediate number.

First calculate the value of the first random integer power of the first public key, and then calculate the result modulo the first prime number of the above value to obtain the first intermediate number.

For example, the first intermediate number U is calculated according to the formula U=y ^k (mod p), where y represents the first public key, k represents the first random integer, p represents the first prime number, and mod represents a modulo operator.

Further, the obtaining the first ciphertext according to the first public number, the first random integer and the first prime number includes: calculating the result of modulo the first prime number of the first random integer power of the first public number, as the first ciphertext.

First calculate the value of the first random integer power of the first public number, and then calculate the result modulo the first prime number to obtain the first ciphertext.

For example, the first ciphertext C1 is calculated according to the formula C1=a ^k (mod p), where a represents the first public number, k represents the first random integer, p represents the first prime number, and mod represents the modulus operator.

S202. Encrypt data to be transmitted according to the first intermediate number and the first prime number to obtain a second ciphertext;

Specifically, the first terminal may obtain a second ciphertext by encrypting the data to be transmitted by using the first intermediate number and the first prime number.

Further, said encrypting the data to be transmitted according to the first intermediate number and the first prime number, and obtaining the second ciphertext includes: calculating the result of the product of the first intermediate number and the data to be transmitted modulo the first prime number, as the State the second ciphertext.

First calculate the product of the first intermediate number and the data to be transmitted, and then calculate the result of the above product modulo the first prime number to obtain the second ciphertext.

For example, the second ciphertext C2 is obtained according to the formula C2=UMmodp, where U represents the first intermediate number, M represents the data to be transmitted, p represents the first prime number, and mod represents a modulo operator.

S203. Obtain a first transmission ciphertext according to the first ciphertext and the second ciphertext;

Specifically, the first terminal processes the first ciphertext and the second ciphertext to obtain a first transmission ciphertext.

Further, the obtaining the first transmission ciphertext according to the first ciphertext and the second ciphertext includes:

Combining the first ciphertext and the second ciphertext with preset characters to obtain the first transmission ciphertext.

For example, the first ciphertext and the second ciphertext are combined with a comma to obtain the first transmission ciphertext C, and C is expressed as (C1, C2).

S204. Send first transmission data to the second terminal; wherein the first transmission data includes the first transmission ciphertext and the first public key.

Specifically, the first terminal carries the first transmission ciphertext and the first public key in the first transmission data and sends it to the second terminal. After receiving the first transmission data, the second terminal decrypts the first transmission ciphertext to obtain the data to be transmitted.

The transmission data processing method provided by the embodiment of the present invention can obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the first intermediate number according to the first public number, the first random integer and the first prime number The first ciphertext, encrypt the data to be transmitted according to the first intermediate number and the first prime number, obtain the second ciphertext, obtain the first transmission ciphertext according to the first ciphertext and the second ciphertext, and send the first transmission ciphertext The first transmission data and the first public key are sent to the second terminal, and the security of data transmission is improved by encrypting the data to be transmitted.

On the basis of the above embodiments, further, the data to be transmitted is symmetrically encrypted data.

Specifically, in order to further improve the security of data transmission, the first terminal performs symmetric encryption on the original data to obtain the data to be transmitted, and then encrypts the data to be transmitted. Wherein, the specific process of symmetric encryption is the prior art, and will not be repeated here. It can be understood that, before data transmission, the first terminal and the second terminal may exchange public keys, and the second terminal may decrypt the data to be transmitted based on the public key received from the first terminal. Wherein, the original data may be plain text.

On the basis of the foregoing embodiments, further, the first transmission data further includes a digest value of the data to be transmitted.

Specifically, in order to verify the authenticity and integrity of the data to be transmitted, the first terminal calculates the digest value of the data to be transmitted, carries the digest value of the data to be transmitted in the first transmission data and sends to the second terminal. The second terminal may recalculate the digest value of the data to be transmitted, so as to verify the authenticity and integrity of the data to be transmitted.

For example, the first terminal uses a secure hash algorithm (Secure Hash Algorithm), such as the Sha1 algorithm, to calculate the digest value of the data to be transmitted. The second terminal can also recalculate the digest value of the data to be transmitted obtained after decryption with the same algorithm.

The following describes the specific implementation process of the transmission data processing method provided by the embodiment of the present invention by taking the second terminal as an execution subject as an example.

Fig. 3 is a schematic flowchart of a transmission data processing method provided in a third embodiment of the present invention. As shown in Fig. 3, the transmission data processing method provided in the embodiment of the present invention includes:

S301. Receive first transmission data sent by a first terminal; wherein, the first transmission data includes a first transmission ciphertext and a first public key;

Specifically, the first terminal sends first transmission data to the second terminal, where the first transmission data includes a first transmission ciphertext and a first public key. The second terminal receives the first transmission data, and obtains the first transmission ciphertext and the first public key from the first transmission data. Wherein, the first terminal sends the first transmission data after step S201, step S202 and step S203.

S302. Obtain a first ciphertext and a second ciphertext by analyzing the first transmission ciphertext; specifically, the second terminal analyzes the first transmission ciphertext to obtain the first ciphertext and the second ciphertext . Wherein, the parsing method for the first transmission ciphertext is preset.

For example, the first transmission ciphertext C is expressed as (C1, C2), and the second terminal uses the data before the comma in the brackets as the first ciphertext, and uses the data after the comma in the brackets as the second ciphertext.

S303. Obtain a second intermediate number according to the first ciphertext, the first private key, and the first prime number; wherein, the first private key is obtained according to the first public key;

Specifically, the second terminal obtains the first private key corresponding to the first public key according to the first public key query, and then according to the first ciphertext, the first private key and the first prime number, can Get the second median. Wherein, the first public key and the first private key are uniquely corresponding. The first prime number and the first public number are obtained in advance.

For example, the second intermediate number V is calculated according to the formula V=C1 ^e modp, where e represents the first private key, C1 represents the first ciphertext, p represents the first prime number, and mod represents a modulo operator.

S304. Decrypt the second ciphertext according to the second intermediate number and the first prime number, and obtain original data corresponding to the second ciphertext.

Specifically, the second terminal decrypts the second ciphertext by using the second intermediate number and the first prime number to obtain the original data corresponding to the second ciphertext, and the first and second ciphertext The original data corresponding to the text is the data to be transmitted.

For example, according to the formula M=C2V ^-1 modp, decrypt to obtain the original data M corresponding to the second ciphertext, wherein, V represents the second intermediate number, C2 represents the second ciphertext, V ^-1 represents V to the power of -1, p represents the first prime number, and mod represents the modulo operator.

The transmission data processing method provided by the embodiment of the present invention receives the first transmission data sent by the first terminal, analyzes and obtains the first ciphertext and the second ciphertext from the first transmission ciphertext, and obtains the first ciphertext and the second ciphertext according to the first ciphertext and the first private key. and the first prime number, obtain the second intermediate number, decrypt the second ciphertext according to the second intermediate number and the first prime number, obtain the original data corresponding to the second ciphertext, and decrypt the first transmission data to obtain the second ciphertext The original data corresponding to the ciphertext improves the security of data usage.

On the basis of the above embodiments, further, the original data corresponding to the second ciphertext is symmetrically encrypted data; correspondingly, the method further includes:

The original data corresponding to the second ciphertext is decrypted by using a symmetric encryption key to obtain the original data; wherein the symmetric encryption key is obtained in advance.

Specifically, the first terminal encrypts the original data using a symmetric encryption algorithm to obtain the data to be transmitted, that is, the original data corresponding to the second ciphertext. After the second terminal decrypts and obtains the original data corresponding to the second ciphertext, it decrypts the original data corresponding to the second ciphertext by using a symmetric encryption key, so as to obtain the original data. Wherein, the symmetric encryption key is obtained in advance. The second terminal and the first terminal may exchange keys to obtain a symmetric encryption key. Wherein, the specific process of decrypting through the symmetric encryption algorithm is the prior art, and will not be repeated here.

Fig. 4 is a schematic flowchart of a transmission data processing method provided by the fourth embodiment of the present invention. As shown in Fig. 4, on the basis of the above-mentioned embodiments, further, the first transmission data further includes a digest value; correspondingly , the method also includes:

S401. Perform digest value calculation on the original data corresponding to the first transmission ciphertext to obtain a digest value to be verified;

Specifically, the first terminal calculates the digest value of the data to be transmitted, carries the digest value of the data to be transmitted in the first transmission data and sends it to the second terminal. After the second terminal decrypts and obtains the original data corresponding to the second ciphertext, it performs digest value calculation on the original data corresponding to the second ciphertext to obtain a digest value to be verified.

S402. If it is determined that the digest value to be verified is the same as the digest value, determine that the original data corresponding to the second ciphertext is complete.

Specifically, the second terminal compares the digest value to be verified with the digest value included in the first transmission data, and if the digest value to be verified is the same as the digest value included in the first transmission data, it means that the The data to be transmitted is the same as the original data corresponding to the second ciphertext, the data has not been tampered with during transmission, and the original data corresponding to the second ciphertext is complete.

A security algorithm is used for message digest calculation. Different message files have different digest values. Therefore, the digest values generated by double transmission can be compared to determine whether the message is consistent before and after transmission, so as to ensure the integrity and integrity of the message. authenticity.

Fig. 5 is a schematic flow chart of a transmission data processing method provided in the fifth embodiment of the present invention. As shown in Fig. 5, on the basis of the above-mentioned embodiments, further, the transmission data processing method provided in the embodiment of the present invention further includes:

S501. Obtain a first public key according to the first private key, the first prime number, and the first public number; wherein, the first prime number is randomly selected, and the first public number is one modulo the first prime number The original root, the first private key is a randomly selected integer;

Specifically, the second terminal may obtain the first public key according to the first private key, the first prime number, and the first public number. The first private key is a randomly selected integer, preferably selected from a range greater than 1 and less than the first prime number minus 1. The first prime number is a randomly selected prime number, preferably greater than a preset value and the value of the first prime number minus 1 can decompose a prime number greater than the preset value. The first public number is a primitive root modulo the first prime number. The first public number and the first prime number are public.

Further, said obtaining the first public key according to the first private key, the first prime number and the first public number includes: calculating the result of the first private key power modulo the first prime number of the first public number, as the first public key.

First calculate the value of the first public number raised to the power of the first private key, and then calculate the result of modulo the above value by the first prime number to obtain the first public key.

For example, the first public key y is calculated according to the formula y=a ^e (mod p), where a represents the first public number, e represents the first private key, p represents the first prime number, and mod represents a modulo operator.

S502. Send the first public key, the first public number, and the first prime number to a first terminal.

Specifically, after the second terminal obtains the first public key, it can send the first public key, the first public number and the first prime number to the first terminal, so that the first terminal can send data to the second terminal Previously, data decryption is performed using the first public key, the first public number and the first prime number.

The following is an embodiment of the internal data transmission of the bank to illustrate the specific implementation process of the transmission data processing method provided by the embodiment of the present invention.

A certain branch needs to transmit data to the head office, that is, the branch server A transmits data to the head office server B. Before data transmission, identity verification can be performed between branch server A and head office server B to ensure that the identities of both communication parties are credible. Identity verification adopts dynamic password technology, such as through Kerberos computer network authorization protocol for identity verification. Branch server A and head office server B can complete the exchange of symmetric encryption keys through the DH protocol.

The branch server A uses the symmetric encryption key key1 to symmetric encrypt the original data to obtain the data to be transmitted. The head office server B calculates the first public key y according to the formula y=a ^e (mod p), where a represents the first public number, e represents the first private key, p represents the first prime number, and mod represents a modulo operator. The first prime number p is greater than a preset value, and p-1 can be decomposed into a prime number greater than the preset value. The first public number a is a primitive root modulo p, 1<e<p-1. The head office server B sends the first public key y, the first public number a and the first prime number p to the branch server A. Wherein, the head office server B will store the first private key e and the first public key y correspondingly, so that when the first private key e is to be used later, the first private key e can be obtained by querying the first public key y.

The branch server A calculates the first intermediate number U according to the formula U=y ^k (mod p), where y represents the first public key, k represents the first random integer, p represents the first prime number, and mod represents a modulo operator. Sub-branch server A calculates the first ciphertext C1 with the formula C1=a ^k (modp), where a represents the first public number, k represents the first random integer, p represents the first prime number, and mod represents the modulus operator.

The branch server A obtains the second ciphertext C2 according to the formula C2=UMmodp, where U represents the first intermediate number, M represents the data to be transmitted, p represents the first prime number, and mod represents a modulo operator.

The branch server A divides the first ciphertext C1 and the second ciphertext C2 with a comma to obtain the first transmission ciphertext C. Then carry the first transmission ciphertext C and the first public key y in the first transmission data and send it to the head office server B.

The head office server B receives the first transmission data, and obtains the first transmission ciphertext C and the first public key y from the first transmission data.

The head office server B parses the first transmission ciphertext C to obtain the first ciphertext C1 and the second ciphertext C2. And obtain the first private key e according to the query of the first public key y.

The head office server B calculates the second intermediate number V according to the formula V=C1 ^e modp, where e represents the first private key, C1 represents the first ciphertext, p represents the first prime number, and mod represents a modulo operator.

The head office server B decrypts and obtains the original data M corresponding to the second ciphertext according to the formula M=C2V ^-1 modp, where V represents the second intermediate number, C2 represents the second ciphertext, and V ^-1 represents the -1 power of V , p represents the first prime number, and mod represents the modulo operator.

The head office server B decrypts the original data corresponding to the first transmission ciphertext according to the symmetric encryption key key2 to obtain the original data.

Fig. 6 is a schematic structural diagram of a transmission data processing system provided by the sixth embodiment of the present invention. As shown in Fig. 6, the transmission data processing system provided by the embodiment of the present invention includes a server 601 and a plurality of data terminals 602, wherein:

The server 601 communicates with each data terminal 602 . Wherein, the data terminal 602 includes but not limited to desktop computers, notebook computers, servers and other devices.

When two data terminals 602 need to transmit data, they do not directly transmit data, but transfer it through the server 601, and the encryption process of the forwarded data only needs to be deployed on the server 601, and does not need to be deployed on each data terminal 602 , improving deployment efficiency. For the convenience of subsequent description, a data terminal that sends data is called a third terminal, and a data terminal that receives data is called a fourth terminal.

Each data terminal 602 generates its own second public key in advance, and sends it to the server 601 . The server 601 stores the second public key of each data terminal 602 in correspondence with the terminal identifier of each data terminal, so that the corresponding second public key can be obtained by querying the terminal identifier of the data terminal during use.

The specific implementation process of the transmission data processing method provided by the embodiment of the present invention will be described below by taking the server as an execution subject as an example.

Fig. 7 is a schematic flowchart of a transmission data processing method provided by the seventh embodiment of the present invention. As shown in Fig. 7, the transmission data processing method provided by the embodiment of the present invention includes:

S701. Receive a data forwarding request sent by a third terminal; wherein, the data forwarding request includes forwarding data and a fourth terminal identifier, and the forwarding data is encrypted data by the third terminal;

Specifically, when the third terminal needs to send data to the fourth terminal, the third terminal will encrypt the original data, and then send the encrypted original data and the third terminal identifier in the data forwarding request to the server . The server will receive the data forwarding request, and use the encrypted original data of the third terminal as the forwarded data. Wherein, the fourth terminal identifier uniquely corresponds to the fourth terminal.

For example, the third terminal may use a symmetric encryption algorithm to encrypt the original data.

S702. Obtain a third intermediate number according to the second public key, a second random integer, and a second prime number, and obtain a third ciphertext according to the second public number, the second random integer, and the second prime number; wherein , the second public key is obtained according to the fourth terminal identifier; the second public number and the second prime number are obtained in advance;

Specifically, the server obtains the second public key corresponding to the fourth terminal according to the fourth terminal identification query, and then obtains the third intermediate number according to the second public key, the second random integer and the second prime number . The server can obtain the second ciphertext according to the second public number, the second random integer and the second prime number. Wherein, the second random integer is a randomly selected integer, preferably selected from a range greater than 1 and less than the second prime number minus 1. The second public key and the second public number are obtained in advance.

Further, the obtaining the third intermediate number according to the second public key, the second random integer and the second prime number includes: calculating the result of modulo the second prime number of the second random integer power of the second public key, as the first Three middle numbers.

First calculate the value of the second random integer power of the second public key, and then calculate the result of modulo the above value by the second prime number to obtain the third intermediate number.

For example, the third intermediate number W is calculated according to the formula W= ^xi (mod q), where x represents the second public key, i represents the second random integer, q represents the second prime number, and mod represents the modulus operator.

Further, the obtaining the third ciphertext according to the second public number, the second random integer and the second prime number includes: calculating the result of modulo the second prime number of the second random integer power of the second public number, as the third ciphertext.

First calculate the value of the second public number raised to the power of the second random integer, and then calculate the result of modulo the above value by the second prime number to obtain the third ciphertext.

For example, the third ciphertext C3 is calculated according to the formula C3=bi (mod q), where b represents the second public number, ⁱ represents the second random integer, q represents the second prime number, and mod represents the modulus operator.

S703. Encrypt the forwarded data according to the third intermediate number and the second prime number to obtain a fourth ciphertext;

Specifically, the server may obtain a fourth ciphertext by encrypting and forwarding data with the third intermediate number and the second prime number.

Further, the encrypting the forwarded data according to the third intermediate number and the second prime number, and obtaining the fourth ciphertext includes: calculating the result of the product of the third intermediate number and the forwarded data modulo the second prime number, as the fourth ciphertext.

First calculate the product of the third intermediate number and the forwarded data, and then calculate the result of the above product modulo the second prime number to obtain the fourth ciphertext.

For example, the fourth ciphertext C4 is calculated according to the formula C4=WNmodq, where W represents the third intermediate number, N represents forwarded data, q represents the second prime number, and mod represents a modulo operator.

S704. Obtain a second transmission ciphertext according to the third ciphertext and the fourth ciphertext;

Specifically, the server processes the third ciphertext and the fourth ciphertext to obtain a second transmission ciphertext.

Further, the obtaining the second transmission ciphertext according to the third ciphertext and the fourth ciphertext includes:

Combining the third ciphertext and the fourth ciphertext with preset characters to obtain the first transmission ciphertext.

For example, the first ciphertext and the second ciphertext are combined with a comma to obtain the second transmission ciphertext S, C3 represents the third ciphertext, and C4 represents the fourth ciphertext.

S705. Send second transmission data to the fourth terminal; wherein the second transmission data includes the second transmission ciphertext and the second public key.

Specifically, the server sends the second transmission ciphertext and the second public key in second transmission data to the fourth terminal. After receiving the second transmission data, the fourth terminal decrypts the second transmission ciphertext to obtain forwarded data.

The transmission data processing method provided by the embodiment of the present invention can receive the data forwarding request sent by the third terminal, obtain the third intermediate number according to the second public key, the second random integer and the second prime number, and obtain the third intermediate number according to the second public number, The second random integer and the second prime number obtain the third ciphertext, encrypt the forwarded data according to the third intermediate number and the second prime number, obtain the fourth ciphertext, and obtain the second ciphertext according to the third ciphertext and the fourth ciphertext. The ciphertext is transmitted, the second transmission data is sent to the fourth terminal, and the security of data transmission is improved by re-encrypting the forwarded data.

Fig. 8 is a schematic flowchart of a transmission data processing method provided by the eighth embodiment of the present invention. As shown in Fig. 8, on the basis of the above-mentioned embodiments, further, according to the second public key, the second random integer and the first The second prime number, before obtaining the third intermediate number, also includes:

S801. Receive a second public key sent by the fourth terminal, where the second public key is the first public key obtained by the fourth terminal according to the second private key, the second prime number, and the second public number The second public number is a primitive root modulo the second prime number, and the second private key is an integer selected at random.

Specifically, the fourth terminal may obtain the second public key according to the second private key, the second prime number, and the second public number. The second private key is a randomly selected integer, preferably selected from a range greater than 1 and less than the second prime number minus 1. The second prime number is a randomly selected prime number, preferably greater than a preset value and the second prime number minus 1 can decompose a prime number greater than the preset value. The second public number is a primitive root modulo the second prime number. The fourth terminal sends the second public key to the server, and the server receives the second public key. The fourth terminal may also publicly send the second public number and the second prime number used to generate the second public key to the server.

Further, according to the second private key, the second prime number and the second public number, obtaining the second public key includes: calculating the second private key power of the second public number modulo the second prime number The result, as the second public key.

First calculate the value of the second public number raised to the power of the second private key, and then calculate the result of modulo the above value by the second prime number to obtain the second public key.

For example, the second public key x is calculated according to the formula x=b ^d (mod q), where b represents the second public number, d represents the second private key, q represents the second prime number, and mod represents a modulo operator.

S802. Store the fourth terminal identifier in association with the second public key; wherein, the fourth terminal uniquely corresponds to the fourth terminal identifier.

Specifically, after the server receives the second public key sent by the fourth terminal, it will store the second public key in correspondence with the fourth terminal ID, so that the fourth terminal ID can be used later. The corresponding second public key may be obtained through the fourth terminal identification query.

The following describes the specific implementation process of the method for processing transmission data provided in the embodiment of the present invention by taking the fourth terminal as an execution subject as an example.

Fig. 9 is a schematic flowchart of a transmission data processing method provided by the ninth embodiment of the present invention. As shown in Fig. 9, the transmission data processing method provided by the embodiment of the present invention includes:

S901. Receive second transmission data sent by the server; wherein the second transmission data includes a second transmission ciphertext and a second public key;

Specifically, the server sends second transmission data to the fourth terminal, where the second transmission data includes a second transmission ciphertext and a second public key. The fourth terminal receives the second transmission data, and obtains the second transmission ciphertext and the second public key from the second transmission data. Wherein, the server sends the second transmission data after step S701, step S702, step S703 and step S704.

S902. Analyze the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext;

Specifically, the second terminal parses the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext. Wherein, the parsing method for the first transmission ciphertext is preset.

For example, the second transmission ciphertext S is expressed as (C3, C4), the fourth terminal uses the data before the comma in the brackets as the third ciphertext C3, and uses the data after the comma in the brackets as the second ciphertext C4.

S903. Obtain a fourth intermediate number according to the third ciphertext, the second private key, and a second prime number; wherein, the second private key is obtained according to the second public key;

Specifically, the fourth terminal obtains the second private key corresponding to the second public key according to the second public key query, and then according to the third ciphertext, the second private key and the second prime number, can Get the fourth median number. Wherein, the first public key and the first private key are uniquely corresponding. The second prime number and the second public number are obtained in advance.

Further, the obtaining the fourth intermediate number according to the third ciphertext, the second private key and the second prime number includes: calculating the result of modulo the second prime number of the second private key of the third ciphertext, as the result of the second prime number State the fourth median number.

First calculate the value of the second private key power of the third ciphertext, and then calculate the result of modulo the second prime number of the above value to obtain the fourth intermediate number.

For example, according to the formula Z=C3 ^d modq, calculate the fourth intermediate number Z, where d represents the second private key, C3 represents the third ciphertext, C3 ^d represents the d power of C3, q represents the second prime number, and mod represents Modulo operator.

S904. Decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, and obtain original data corresponding to the fourth ciphertext;

Specifically, the fourth terminal decrypts the fourth ciphertext by using the fourth intermediate number and the second prime number to obtain original data corresponding to the fourth ciphertext, and the fourth ciphertext The corresponding original data is the forwarded data.

For example, according to the formula N=C4Z ^-1 modq, decrypt to obtain the original data N corresponding to the fourth ciphertext, where Z represents the fourth intermediate number, C4 represents the fourth ciphertext, q represents the second prime number, and mod represents the modulo operation symbol.

S905. Decrypt the original data corresponding to the fourth ciphertext to obtain the original data.

Specifically, the third terminal encrypts the original data, and sends the encrypted original data to the server. The server takes the received decrypted original data as forwarding data. After the fourth terminal decrypts and obtains the original data corresponding to the fourth ciphertext, it decrypts the original data corresponding to the fourth ciphertext to obtain the original data. Wherein, the process of the fourth terminal decrypting the original data corresponding to the fourth ciphertext corresponds to the process of the third terminal encrypting the original data.

For example, if the third terminal uses a symmetric encryption algorithm to encrypt the original data, then the fourth terminal will use a symmetric encryption algorithm to encrypt the fourth ciphertext after decrypting the original data corresponding to the fourth ciphertext. The corresponding original data is decrypted to obtain the original data. Wherein, the specific process of encrypting and decrypting through the symmetric encryption algorithm is the prior art, and will not be repeated here.

In the transmission data processing method provided by the embodiment of the present invention, the second transmission data sent by the server is received, the second transmission ciphertext is analyzed to obtain the third ciphertext and the fourth ciphertext, and according to the third ciphertext, the second private key and the second prime number, obtain the fourth intermediate number, decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, obtain the original data corresponding to the fourth ciphertext, and decrypt the original data corresponding to the fourth ciphertext , the original data can be obtained, the second transmission data can be decrypted, the original data corresponding to the fourth ciphertext can be obtained, and the original data can be obtained by further decryption, so as to improve the security of data use.

On the basis of the foregoing embodiments, further, the transmission data processing method provided in the embodiment of the present invention further includes:

According to the second private key, the second prime number and the second public number, obtain the second public key; wherein, the second prime number is randomly selected, and the second public number is a primitive root modulo the second prime number , the second private key is a randomly selected integer;

Specifically, the specific implementation process of this step is similar to the specific implementation process of step S501, and will not be repeated here.

Further, for the second private key, the second prime number and the second public number, obtaining the second public key includes: calculating the result of the second private key power modulo the second prime number of the second public number, as the first public key.

Send the second public key, the second public number and the second prime number to the server.

Specifically, the specific implementation process of this step is similar to the specific implementation process of step S502, and will not be repeated here.

For banks, cloud servers can be established. When there is data to be transmitted between branches or between branches and branches of business outlets, the data can be transferred through cloud services, and the cloud server will perform steps S701, S702, and S703. And step S704, encrypting the forwarded data again to improve the security of data transmission. In addition, deploying related encryption algorithms on cloud servers reduces deployment costs.

Fig. 10 is a schematic structural diagram of the transmission data processing device provided by the tenth embodiment of the present invention. As shown in Fig. 10, the transmission data processing device provided by the embodiment of the present invention includes a first obtaining module 1001, a second obtaining module 1002, a third The obtaining module 1003 and the first sending module 1004, wherein:

The first obtaining module 1001 is used to obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the first intermediate number according to the first public number, the first random integer and the first prime number A ciphertext; wherein, the first public key is pre-received from the second terminal; the first prime number and the first public number are pre-obtained; the second obtaining module 1002 is configured to The intermediate number and the first prime number encrypt the data to be transmitted to obtain a second ciphertext; the third obtaining module 1003 is used to obtain a first transmission ciphertext according to the first ciphertext and the second ciphertext; the first The sending module 1004 is configured to send first transmission data to the second terminal; wherein, the first transmission data includes the first transmission ciphertext and the first public key.

Specifically, the first obtaining module 1001 can obtain the first intermediate number according to the first public key, the first random integer and the first prime number. The first terminal may obtain a first ciphertext according to the first private key, the first random integer, and the first prime number. Wherein, the first random integer is a randomly selected integer, preferably selected from a range greater than 1 and less than the first prime number minus 1. The first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance.

The second obtaining module 1002 can obtain a second ciphertext by encrypting the data to be transmitted by the first intermediate number and the first prime number.

The third obtaining module 1003 processes the first ciphertext and the second ciphertext to obtain a first transmission ciphertext.

The first sending module 1004 carries the first transmission ciphertext and the first public key in the first transmission data and sends it to the second terminal. After receiving the first transmission data, the second terminal decrypts the first transmission ciphertext to obtain the data to be transmitted.

The transmission data processing device provided by the embodiment of the present invention can obtain the first intermediate number according to the first public key, the first random integer and the first prime number, and obtain the first intermediate number according to the first public number, the first random integer and the first prime number The first ciphertext, encrypt the data to be transmitted according to the first intermediate number and the first prime number, obtain the second ciphertext, obtain the first transmission ciphertext according to the first ciphertext and the second ciphertext, and send the first transmission ciphertext The first transmission data and the first public key are sent to the second terminal, and the security of data transmission is improved by encrypting the data to be transmitted.

On the basis of the above embodiments, further, the data to be transmitted is symmetrically encrypted data.

On the basis of the foregoing embodiments, further, the first transmission data further includes a digest value of the data to be transmitted.

FIG. 11 is a schematic structural diagram of a transmission data processing device provided by an eleventh embodiment of the present invention. As shown in FIG. Fifth, obtain module 1103 and first decryption module 1104, wherein:

The first receiving module 901 is configured to receive the first transmission data sent by the first terminal; wherein, the first transmission data includes a first transmission ciphertext and a first public key; the first parsing module 1102 is configured to obtain the first The transmission ciphertext is analyzed to obtain the first ciphertext and the second ciphertext; the fifth obtaining module 1103 is used to obtain the second intermediate number according to the first ciphertext, the first private key and the first prime number; wherein, the first A private key is obtained according to the first public key; the first decryption module 1104 is configured to decrypt the second ciphertext according to the second intermediate number and the first prime number, and obtain the corresponding original data.

Specifically, the first terminal sends first transmission data to the first receiving module 1101, where the first transmission data includes a first transmission ciphertext and a first public key. The first receiving module 1101 will receive the first transmission data, and obtain the first transmission ciphertext and the first public key from the first transmission data.

The first parsing module 1102 parses the first transmission ciphertext to obtain the first ciphertext and the second ciphertext. Wherein, the parsing method for the first transmission ciphertext is preset.

The fifth obtaining module 1103 obtains the first private key corresponding to the first public key according to the first public key query, and then according to the first ciphertext, the first private key and the first prime number, can obtain the second middle number. Wherein, the first public key and the first private key are uniquely corresponding. The first prime number and the first public number are obtained in advance.

The first decryption module 1104 decrypts the second ciphertext by using the second intermediate number and the first prime number to obtain the original data corresponding to the second ciphertext, and the original data corresponding to the first and second ciphertexts. The original data is the data to be transmitted.

The transmission data processing device provided by the embodiment of the present invention receives the first transmission data sent by the first terminal, analyzes and obtains the first ciphertext and the second ciphertext from the first transmission ciphertext, and obtains the first ciphertext and the second ciphertext according to the first ciphertext and the first private key. and the first prime number, obtain the second intermediate number, decrypt the second ciphertext according to the second intermediate number and the first prime number, obtain the original data corresponding to the second ciphertext, and decrypt the first transmission data to obtain the second ciphertext The original data corresponding to the ciphertext improves the security of data usage.

On the basis of the above embodiments, further, the original data corresponding to the first transmission ciphertext is symmetrically encrypted data; correspondingly, the first decryption module 1104 is also used to:

The original data corresponding to the first transmission ciphertext is decrypted by using a symmetric encryption key to obtain the original data; wherein, the symmetric encryption key is obtained in advance.

Fig. 12 is a schematic structural diagram of a transmission data processing device provided by the twelfth embodiment of the present invention. As shown in Fig. 12, on the basis of the above-mentioned embodiments, further, the first transmission data further includes a digest value; correspondingly Specifically, the transmission data processing device provided in the embodiment of the present invention further includes a calculation module 1105 and a judgment module 1106, wherein:

The calculation module 1105 is used to calculate the digest value of the original data corresponding to the first transmission ciphertext to obtain the digest value to be verified; the judging module 1106 is used to determine that the digest value to be verified is the same as the digest value, It is determined that the original data corresponding to the first transmission ciphertext is complete.

Fig. 13 is a schematic structural diagram of the transmission data processing device provided by the thirteenth embodiment of the present invention. As shown in Fig. 13, on the basis of the above-mentioned embodiments, further, the transmission data processing device provided by the embodiment of the present invention further includes The eleventh obtaining module 1107 and the third sending module 1108, wherein:

The eleventh obtaining module 1107 is used to obtain the first public key according to the first private key, the first prime number and the first public number; wherein, the first prime number is randomly selected, and the first public number is Modulo a primitive root of the first prime number, the first private key is a randomly selected integer; the third sending module 1108 is used to send the first public key, the first public number and the first prime number to the first terminal.

Fig. 14 is a schematic structural diagram of a transmission data processing device provided in a fourteenth embodiment of the present invention. As shown in Fig. 14 , the transmission data processing device provided in this embodiment of the present invention includes a second receiving module 1401, a sixth obtaining module 1402, The seventh obtaining module 1403, the eighth obtaining module 1404 and the second sending module 1405, wherein:

The second receiving module 1401 is configured to receive a data forwarding request sent by a third terminal; wherein, the data forwarding request includes forwarding data and a fourth terminal identifier, and the forwarding data is encrypted data of the third terminal; sixth The obtaining module 1402 is used to obtain a third intermediate number according to the second public key, the second random integer and the second prime number, and obtain a third secret key according to the second public number, the second random integer and the second prime number Wherein, the second public key is obtained according to the fourth terminal identification; the second public number and the second prime number are obtained in advance; the seventh obtaining module 1403 is used to obtain the second public key according to the third intermediate number and the second prime number to encrypt the forwarded data to obtain a fourth ciphertext; the eighth obtaining module 1404 is used to obtain a second transmission ciphertext according to the third ciphertext and the fourth ciphertext; The second sending module 1405 is configured to send second transmission data to the fourth terminal; wherein, the second transmission data includes the second transmission ciphertext and the second public key.

Specifically, when the third terminal needs to send data to the fourth terminal, the third terminal will encrypt the original data, and then send the encrypted original data and the third terminal identifier in the data forwarding request to the fourth terminal. Two receiving module 1401. The second receiving module 1401 receives the data forwarding request, and uses the encrypted original data of the third terminal as forwarding data. Wherein, the fourth terminal identifier uniquely corresponds to the fourth terminal.

The sixth obtaining module 1402 obtains the second public key corresponding to the fourth terminal according to the fourth terminal identification query, and then obtains the third intermediate number according to the second random integer and the second prime number of the second public key. The seventh obtaining module 1102 can obtain the second ciphertext according to the second public number, the second random integer and the second prime number. Wherein, the second random integer is a randomly selected integer, preferably selected from a range greater than 1 and less than the second prime number minus 1. The second public key and the second public number are obtained in advance.

The seventh obtaining module 1403 may obtain a fourth ciphertext by encrypting and forwarding data with the third intermediate number and the second prime number.

The eighth obtaining module 1404 processes the third ciphertext and the fourth ciphertext to obtain a second transmission ciphertext.

The second sending module 1405 carries the second transmission ciphertext and the second public key in the second transmission data and sends it to the fourth terminal. After receiving the second transmission data, the fourth terminal decrypts the second transmission ciphertext to obtain forwarded data.

The transmission data processing device provided by the embodiment of the present invention can receive the data forwarding request sent by the third terminal, obtain the third intermediate number according to the second public key, the second random integer and the second prime number, and obtain the third intermediate number according to the second public number, The second random integer and the second prime number obtain the third ciphertext, encrypt the forwarded data according to the third intermediate number and the second prime number, obtain the fourth ciphertext, and obtain the second ciphertext according to the third ciphertext and the fourth ciphertext. The ciphertext is transmitted, the second transmission data is sent to the fourth terminal, and the security of data transmission is improved by re-encrypting the forwarded data.

Fig. 15 is a schematic structural diagram of the transmission data processing device provided by the fifteenth embodiment of the present invention. As shown in Fig. 15, on the basis of the above-mentioned embodiments, further, the transmission data processing device provided by the embodiment of the present invention further includes The fourth receiving module 1406 and the storage module 1407, wherein:

The fourth receiving module 1406 is configured to receive the second public key sent by the fourth terminal, where the second public key is obtained by the fourth terminal according to the second private key, the second prime number, and the second public number obtained, the second public number is a primitive root modulo a second prime number, and the second private key is a randomly selected integer;

The storage module 1407 is configured to store the fourth terminal identifier corresponding to the second public key; wherein, the fourth terminal uniquely corresponds to the fourth terminal identifier.

Fig. 16 is a schematic structural diagram of a transmission data processing device provided by a sixteenth embodiment of the present invention. As shown in Fig. The ninth obtaining module 1603, the tenth obtaining module 1604 and the second decrypting module 1605, wherein:

The third receiving module 1601 is used to receive the second transmission data sent by the server; wherein, the second transmission data includes the second transmission ciphertext and the second public key; the second parsing module 1602 is used to analyze the second transmission ciphertext obtain the third ciphertext and the fourth ciphertext; the ninth obtaining module 1603 is used to obtain the fourth intermediate number according to the third ciphertext, the second private key and the second prime number; wherein, the second private key obtained according to the second public key; the tenth obtaining module 1604 is configured to decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, and obtain the original data corresponding to the fourth ciphertext ; The second decryption module 1605 is used to decrypt the original data corresponding to the fourth ciphertext to obtain the original data. Specifically, the server sends second transmission data to the third receiving module 1601, where the second transmission data includes a second transmission ciphertext and a second public key. The third receiving module 1601 will receive the second transmission data, and obtain the second transmission ciphertext and the second public key from the second transmission data.

The second parsing module 1602 parses the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext. Wherein, the parsing method for the first transmission ciphertext is preset.

The ninth obtaining module 1603 obtains the second private key corresponding to the second public key according to the second public key query, and then according to the third ciphertext, the second private key and the second prime number, the fourth middle number. Wherein, the first public key and the first private key are uniquely corresponding. The second prime number and the second public number are obtained in advance.

The tenth obtaining module 1604 decrypts the fourth ciphertext by using the fourth intermediate number and the second prime number to obtain the original data corresponding to the fourth ciphertext, and the original data corresponding to the fourth ciphertext The data is the forwarded data.

The second decryption module 1605 encrypts the original data, and sends the encrypted original data to the server. The server takes the received decrypted original data as forwarding data. After obtaining the original data corresponding to the fourth ciphertext through decryption, the second decryption module 1605 will decrypt the original data corresponding to the fourth ciphertext to obtain the original data. Wherein, the process of decrypting the original data corresponding to the fourth ciphertext by the second decryption module 1605 corresponds to the process of encrypting the original data by the third terminal.

The transmission data processing device provided by the embodiment of the present invention receives the second transmission data sent by the server, analyzes the second transmission ciphertext to obtain the third ciphertext and the fourth ciphertext, and according to the third ciphertext, the second private key and the second prime number, obtain the fourth intermediate number, decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, obtain the original data corresponding to the fourth ciphertext, and decrypt the original data corresponding to the fourth ciphertext , the original data can be obtained, the second transmission data can be decrypted, the original data corresponding to the fourth ciphertext can be obtained, and the original data can be obtained by further decryption, so as to improve the security of data use.

Fig. 17 is a schematic structural diagram of the transmission data processing device provided by the seventeenth embodiment of the present invention. As shown in Fig. 17, on the basis of the above-mentioned embodiments, further, the transmission data processing device provided by the embodiment of the present invention further includes The twelfth obtaining module 1606 and the fourth sending module 1607, wherein:

The twelfth obtaining module 1606 is used to obtain a second public key according to the second private key, the second prime number and the second public number; wherein, the second prime number is randomly selected, and the second public number is A primitive root modulo a second prime number, the second private key is a randomly selected integer; the fourth sending module 1607 is used to send the second public key, the second public number and the second prime number to the server.

The embodiment of the device provided by the embodiment of the present invention can be specifically used to execute the processing flow of the above corresponding method embodiment, and its function will not be described in detail here, and the detailed description of the above method embodiment can be referred to.

It should be noted that the transmission data processing method and device provided by the embodiment of the present invention can be used in the financial field, and can also be used in any technical field except the financial field. The embodiment of the present invention does not apply to the application field of the transmission data processing method and device. Do limited.

FIG. 18 is a schematic diagram of the physical structure of an electronic device provided in an eighteenth embodiment of the present invention. As shown in FIG. 18, the electronic device may include: a processor (processor) 1801, a communication interface (Communications Interface) 1802, and a memory 1803 and a communication bus 1804, wherein the processor 1801, the communication interface 1802, and the memory 1803 communicate with each other through the communication bus 1804. The processor 1801 may call logic instructions in the memory 1803 to execute the method described in any one of the foregoing embodiments.

In addition, the above-mentioned logic instructions in the memory 1803 may be implemented in the form of software function units and when sold or used as an independent product, may be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

This embodiment discloses a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by the computer, the computer can execute the above-mentioned The method provided by each method embodiment.

This embodiment provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program causes the computer to execute the methods provided in the foregoing method embodiments.

Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

In the description of this specification, descriptions referring to the terms "one embodiment", "a specific embodiment", "some embodiments", "for example", "examples", "specific examples", or "some examples" etc. mean It means that a specific feature, structure, material or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (18)

1. A method for processing transmission data, comprising:

obtaining a first intermediate number according to a first public key, a first random integer and a first prime number, and obtaining a first ciphertext according to a first public number, the first random integer and the first prime number; wherein the first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance;

encrypting data to be transmitted according to the first intermediate number and the first prime number to obtain a second ciphertext;

obtaining a first transmission ciphertext according to the first ciphertext and the second ciphertext;

sending first transmission data to the second terminal; wherein the first transmission data comprises the first transmission ciphertext and the first public key.

2. The method according to claim 1, wherein the data to be transmitted is symmetrically encrypted data.

3. The method of claim 1, wherein the first transmission data further comprises a digest value of the data to be transmitted.

4. A method for processing transmission data, comprising:

receiving first transmission data sent by a first terminal; wherein the first transmission data comprises a first transmission ciphertext and a first public key;

analyzing the first transmission ciphertext to obtain a first ciphertext and a second ciphertext;

obtaining a second intermediate number according to the first ciphertext, the first private key and the first prime number; wherein the first private key is obtained from the first public key;

and decrypting the second ciphertext according to the second intermediate number and the first prime number to obtain original data corresponding to the second ciphertext.

5. The method according to claim 4, wherein the original data corresponding to the second ciphertext is symmetrically encrypted data; accordingly, the method further comprises:

decrypting the original data corresponding to the second ciphertext through a symmetric encryption key to obtain original data; wherein the symmetric encryption key is obtained in advance.

6. The method of claim 4, wherein the first transmission data further comprises a digest value; correspondingly, the method further comprises:

calculating the abstract value of the original data corresponding to the first transmission ciphertext to obtain an abstract value to be verified;

and if the abstract value to be verified is identical to the abstract value through judgment, determining that the original data corresponding to the first transmission ciphertext is complete.

7. The method of any of claims 4 to 6, further comprising:

obtaining a first public key according to the first private key, the first prime number and the first public number; wherein the first prime number is randomly selected, the first public number is a primitive root modulo the first prime number, and the first private key is a randomly selected integer;

and sending the first public key, the first public number and the first prime number to a first terminal.

8. A method for processing transmission data, comprising:

receiving a data forwarding request sent by a third terminal; the data forwarding request comprises forwarding data and a fourth terminal identifier, wherein the forwarding data is data encrypted by the third terminal;

obtaining a third intermediate number according to a second public key, a second random integer and a second prime number, and obtaining a third ciphertext according to a second public number, the second random integer and the second prime number; the second public key is obtained according to a fourth terminal identification; the second public number and the second prime number are obtained in advance;

encrypting the forwarding data according to the third intermediate number and the second prime number to obtain a fourth ciphertext;

obtaining a second transmission ciphertext according to the third ciphertext and the fourth ciphertext;

sending second transmission data to the fourth terminal; wherein the second transmission data includes the second transmission ciphertext and the second public key.

9. The method of claim 8, before encrypting the forwarding data with the second public key to obtain a forwarding data ciphertext, further comprising:

receiving a second public key sent by the fourth terminal, where the second public key is an original root of a modulo second prime number, which is a second public number obtained by the fourth terminal according to a second private key, the second prime number, and the second public number, and the second private key is a randomly selected integer;

correspondingly storing the fourth terminal identification and the second public key; and the fourth terminal is uniquely corresponding to the fourth terminal identifier.

10. A method for processing transmission data, comprising:

receiving second transmission data sent by the server; wherein the second transmission data comprises a second transmission ciphertext and a second public key;

analyzing the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext;

obtaining a fourth intermediate number according to the third ciphertext, the second private key and the second prime number; wherein the second private key is obtained from the second public key;

decrypting the fourth ciphertext according to the fourth intermediate number and the second prime number to obtain original data corresponding to the fourth ciphertext;

and decrypting the original data corresponding to the fourth ciphertext to obtain the original data.

11. The method of claim 10, further comprising:

obtaining a second public key according to the second private key, the second prime number and the second public number; wherein the second prime number is randomly selected, the second public number is a primitive root modulo the second prime number, and the second private key is a randomly selected integer;

and sending the second public key, the second public number and the second prime number to the server.

12. A transmission data processing apparatus, comprising:

a first obtaining module, configured to obtain a first intermediate number according to a first public key, a first random integer, and a first prime number, and obtain a first ciphertext according to a first public number, the first random integer, and the first prime number; wherein the first public key is received from the second terminal in advance; the first prime number and the first public number are obtained in advance;

a second obtaining module, configured to encrypt data to be transmitted according to the first intermediate number and the first prime number, and obtain a second ciphertext;

a third obtaining module, configured to obtain a first transmission ciphertext according to the first ciphertext and the second ciphertext;

a first sending module, configured to send first transmission data to the second terminal; wherein the first transmission data comprises the first transmission ciphertext and the first public key.

13. A transmission data processing apparatus, comprising:

the first receiving module is used for receiving first transmission data sent by a first terminal; wherein the first transmission data comprises a first transmission ciphertext and a first public key;

the first analysis module is used for analyzing the first transmission ciphertext to obtain a first ciphertext and a second ciphertext;

a fifth obtaining module, configured to obtain a second intermediate number according to the first ciphertext, the first private key, and the first prime number; wherein the first private key is obtained from the first public key;

and the first decryption module is used for decrypting the second ciphertext according to the second intermediate number and the first prime number to obtain original data corresponding to the second ciphertext.

14. A transmission data processing apparatus, comprising:

the second receiving module is used for receiving a data forwarding request sent by a third terminal; the data forwarding request comprises forwarding data and a fourth terminal identifier, wherein the forwarding data is data encrypted by the third terminal;

a sixth obtaining module, configured to obtain a third intermediate number according to a second public key, a second random integer, and a second prime number, and obtain a third ciphertext according to a second public number, the second random integer, and the second prime number; the second public key is obtained according to a fourth terminal identification; the second public number and the second prime number are obtained in advance;

a seventh obtaining module, configured to encrypt the forwarding data according to the third intermediate number and the second prime number, and obtain a fourth ciphertext;

an eighth obtaining module, configured to obtain a second transmission ciphertext according to the third ciphertext and the fourth ciphertext;

a second sending module, configured to send second transmission data to the fourth terminal; wherein the second transmission data includes the second transmission ciphertext and the second public key.

15. A transmission data processing apparatus, comprising:

the third receiving module is used for receiving second transmission data sent by the server; wherein the second transmission data comprises a second transmission ciphertext and a second public key;

the second analysis module is used for analyzing the second transmission ciphertext to obtain a third ciphertext and a fourth ciphertext;

a ninth obtaining module, configured to obtain a fourth intermediate number according to the third ciphertext, the second private key, and the second prime number; wherein the second private key is obtained from the second public key;

a tenth obtaining module, configured to decrypt the fourth ciphertext according to the fourth intermediate number and the second prime number, to obtain original data corresponding to the fourth ciphertext;

and the second decryption module is used for decrypting the original data corresponding to the fourth ciphertext to obtain the original data.

16. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 11 when executing the computer program.

17. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 11.

18. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 11.

Images