CN118250079B - A method, device and system for secure transmission of multi-terminal application data - Google Patents
A method, device and system for secure transmission of multi-terminal application dataInfo
- Publication number
- CN118250079B CN118250079B CN202410458029.8A CN202410458029A CN118250079B CN 118250079 B CN118250079 B CN 118250079B CN 202410458029 A CN202410458029 A CN 202410458029A CN 118250079 B CN118250079 B CN 118250079B
- Authority
- CN
- China
- Prior art keywords
- key
- application
- user
- mobile
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a multi-terminal application data security transmission method, device and system, and relates to the technical field of information security. The method comprises the steps of receiving an application registration request sent by a user, carrying out security authentication on the application registration request, sending a device key to the user after the authentication passes, receiving a first key synchronization request sent by the user through a first application, encrypting the first key synchronization request by the device key, sending a current key and a user history key to the first application according to the first key synchronization request, receiving a second key synchronization request sent by the user through a second application, sending the current key and the user history key to the second application according to the second key synchronization request, and transmitting the data encrypted by the first application according to the current key and the user history key to the second application. The invention can ensure the safe transmission of data in different mobile terminal applications and configure individual keys for each user.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, and a system for securely transmitting multi-terminal application data.
Background
With the continued development of the mobile internet, the use of mobile applications has become more and more common. More and more data is being generated by users through mobile applications and there is an increasing need to share data between different devices and applications. And thus, data security problems of data during storage of devices and transmission of the internet are inevitably considered. In order to realize data security, modern cryptographic algorithms are mainly used for actively protecting data, such as data confidentiality, data integrity, bidirectional body-building authentication and the like.
But these security management methods, such as using encryption protocols, mainly serve to protect the security and reliability of the data transmission process in the network. The encryption protocol establishes a secure channel between the client and the server by using encryption technology, so that sensitive data is not easy to eavesdrop, tamper or forge when being transmitted on the network. However, this is only encrypted in data transmission, and the data is stored in plaintext in mobile applications and back-end services, which is easily stolen, resulting in data leakage.
And if the application exists, generating a private key at the server side, and simultaneously injecting the public key into the mobile application for encrypting data in the application. However, in this way, if the key needs to be updated, the application needs to be repackaged and the user reinstalled. Many large applications, often with millions or even tens of millions of installations, are difficult to learn if each user's application is to be updated to the latest version of the key. Moreover, in this way, encryption is only at the application level, and the user does not have his own key. Once the key is compromised, security risks are enormous. And each application has own public and private key pair, when data transmission is encrypted between different applications, because the keys of the two parties are inconsistent, data can only be transmitted in a clear text, and serious data security risks exist.
In order to solve the above problems, the application system further uses a form of a key U shield, that is, a U shield is issued to each user, and when the user uses the mobile application to check the encrypted data, the user needs to insert the U shield first, acquire the key in the U shield, and then perform encryption and decryption operations on the data. This approach can naturally address the need for a user's personal key and address the key sharing problem for multiple different terminal mobile applications. However, hardware support is needed, the cost is high, the key lacks centralized management, and if the key needs to be updated, the U-shield needs to be manufactured again, so that the distribution efficiency is low.
Disclosure of Invention
The invention aims to provide a method, a device and a system for safely transmitting multi-terminal application data, which can ensure the safe transmission of the data in different mobile terminal applications and configure a separate secret key for each user.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a multi-terminal application data security transmission method is applied to a mobile key management system, and comprises the following steps:
receiving an application registration request sent by a user;
carrying out security authentication on the application registration request, and after the authentication is passed, sending a device key to a user;
receiving a first key synchronization request sent by a user through a first application, wherein the first key synchronization request is encrypted by adopting an equipment key;
According to the first key synchronization request, a user current key and a user history key are sent to the first application;
Receiving a second key synchronization request sent by the user through a second application;
Transmitting the current key of the user and the historical key of the user to the second application according to the second key synchronization request;
and the first application encrypts transmission data according to the current key of the user and the historical key of the user and transmits the transmission data to the second application.
Optionally, performing security authentication on the application registration request, and after passing the authentication, sending a device key to the user, including:
the application registration request comprises signature information constructed through an encryption algorithm;
carrying out security authentication verification on signature information carried in the application registration request and constructed through an encryption algorithm, and acquiring a device key after passing the authentication;
And saving the application information for sending the registration request and sending the equipment key to the user.
Optionally, according to the first key synchronization request, sending the user current key and the user history key to the first application includes:
analyzing the first key synchronization request to obtain a first local library memory key of a first application;
According to the timestamp information of the first local library storage key, when the first local library storage key is determined to be effective, sending a user history key corresponding to the first local library storage key to the first application, and taking the first local library storage key as a current key of a user;
and when the first local library key is invalid, sending the current user key and the historical user key to the first application according to the historical user key information stored in the database.
Optionally, when the first local repository key is invalid, sending the current user key and the historical user key to the first application according to the historical user key information stored in the database, including:
When the user history key information stored in the database is effective, sending a user current key and a user history key to the first application according to the user history key information stored in the database;
When the user history key information stored in the database is invalid, inquiring a key standby database in the database to obtain standby key information;
and sending the current key and the historical key of the user to the first application according to the spare key information.
Optionally, sending the current key of the user and the historical key of the user to the second application according to the second key synchronization request includes:
Analyzing the second key synchronization request to obtain a second local library memory key of a second application;
According to the timestamp information of the second local library storage key, when the second local library storage key is determined to be effective, sending a user history key corresponding to the second local library storage key to the second application, and taking the second local library storage key as a current key of a user;
and when the second local library key is invalid, sending the current key and the historical key of the user to the second application according to the historical key information of the user stored in the database.
Optionally, after the first application encrypts the transmission data according to the current key of the user and the historical key of the user, the transmission data is transmitted to a second application, including:
The first application encrypts transmission data through the current key of the user to obtain ciphertext data;
Sending the ciphertext data to a second application;
and the second application decrypts the ciphertext data through the current key of the user to obtain plaintext data.
The invention also provides a multi-terminal application data security transmission device, which comprises:
The system comprises an acquisition module, a user authentication module, a device key sending module and a user authentication module, wherein the acquisition module is used for receiving an application registration request sent by the user, carrying out security authentication on the application registration request, and sending the device key to the user after the authentication is passed;
The processing module is used for receiving a first key synchronization request sent by a user through a first application, wherein the first key synchronization request is encrypted by adopting a device key, sending a current key and a historical key of the user to the first application according to the first key synchronization request, receiving a second key synchronization request sent by the user through a second application, sending the current key and the historical key of the user to the second application according to the second key synchronization request, and transmitting transmission data to the second application after the first application encrypts the transmission data according to the current key and the historical key of the user.
The invention also provides a multi-terminal application data security transmission system, which comprises:
The terminal application safety protection module is used for sending an application registration request to the mobile key management system, and sending a key synchronization request to the mobile key management system after registration, and receiving a current key of a user and a historical key of the user according to the key synchronization request;
And the mobile key management system is used for receiving the application registration request and carrying out security authentication on the application registration request, receiving the key synchronization request and sending a current key and a historical key of a user according to the key synchronization request.
The invention also provides a computing device comprising a processor, a memory storing a computer program which, when executed by the processor, performs a method as described above.
The invention also provides a computer readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a method as described above.
The scheme of the invention at least comprises the following beneficial effects:
The scheme of the invention comprises the steps of receiving an application registration request sent by a user, carrying out security authentication on the application registration request, sending a device key to the user after the authentication is passed, receiving a first key synchronization request sent by the user through a first application, encrypting the first key synchronization request by adopting the device key, sending a user current key and a user history key to the first application according to the first key synchronization request, receiving a second key synchronization request sent by the user through a second application, sending the user current key and the user history key to the second application according to the second key synchronization request, and transmitting transmission data to the second application after the first application encrypts the transmission data according to the user current key and the user history key. Secure transmission of data in different mobile terminal applications can be ensured and a separate key is configured for each user.
Drawings
FIG. 1 is a flow chart of a method for secure transmission of multi-terminal application data according to an embodiment of the present invention;
FIG. 2 is a flow chart of encrypted data sharing for a multi-terminal application data secure transmission method according to an embodiment of the present invention;
FIG. 3 is a user current key synchronization flow chart of a multi-terminal application data secure transmission method of an embodiment of the present invention;
FIG. 4 is a block diagram of a multi-terminal application data security transmission system in accordance with an embodiment of the present invention;
FIG. 5 is a diagram illustrating multi-terminal application key synchronization for a multi-terminal application data secure transmission system in accordance with an embodiment of the present invention;
Fig. 6 is a block diagram of a multi-terminal application data security transmission device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides a multi-terminal application data security transmission method, which is applied to a mobile key management system, and includes:
step 11, receiving an application registration request sent by a user, carrying out security authentication on the application registration request, and sending a device key to the user after the authentication is passed;
step 12, receiving a first key synchronization request sent by a user through a first application, wherein the first key synchronization request is encrypted by adopting a device key;
Step 13, according to the first key synchronization request, sending a user current key and a user history key to the first application;
Step 14, receiving a second key synchronization request sent by the user through a second application;
Step 15, according to the second key synchronization request, the current key of the user and the historical key of the user are sent to the second application;
and step 16, the first application encrypts transmission data according to the current key of the user and the historical key of the user and transmits the transmission data to the second application.
As shown in fig. 2, in this embodiment, an implementation manner of secure sharing of multi-application encrypted data is provided. Firstly, an application with data transmission requirement is required to register in a mobile key management system, and after the registration is successful, the application receives a device key sent by the mobile key management system. Since data is encrypted by a user key when data transmission is performed between different applications, so that data leakage is avoided, the application is required to acquire the latest user key information. The acquisition method is that an application sends a key synchronization request to a mobile key management system, wherein the key synchronization request is encrypted through a device key. The mobile key management system receives the key synchronization request and sends the user current key and the user history key to the application.
In an alternative embodiment of the present invention, step 11 may include:
step 111, the application registration request comprises signature information constructed by an encryption algorithm, security authentication verification is carried out on the signature information constructed by the encryption algorithm carried in the application registration request, and after the authentication is passed, a device key is obtained;
and step 112, saving the application information for sending the registration request and sending the device key to the user.
In this embodiment, in order to obtain a user key to perform secure transmission between different applications, the application needs to send an application registration request to the mobile key management system. In the application registration request, an M-SDK module (terminal application security protection module) integrated in the application uses a built-in public key to add a current timestamp to the application unique ID, the application device information and the application operating system information, and uses RSAWITHSHA-1 (an encryption algorithm) algorithm to construct a unique signature. The mobile key management system receives the application registration request and carries out security authentication on the application registration request, namely, verifies that the application registration request is sent through the M-SDK according to the signature. After passing the authentication, the application information is recorded and the device key is sent to the application.
In an alternative embodiment of the present invention, step 13 may include:
Step 131, resolving the first key synchronization request to obtain a first local library memory key of the first application;
Step 132, when determining that the first local library storage key is valid according to the timestamp information of the first local library storage key, sending a user history key corresponding to the first local library storage key to the first application, and taking the first local library storage key as a current key of a user;
and step 133, when the first local library storage key is invalid, sending the current key and the historical key of the user to the first application according to the historical key information of the user stored in the database.
In this embodiment, as shown in fig. 3, when a first application logs in to a user a, the first application sends a first key synchronization request to the mobile key management system, where the first key synchronization request includes a first local library key locally stored by the first application. And the mobile key management system receives the first key synchronization request, performs security authentication and decryption operation on the request data, verifies whether the first local library storage key is in the validity period through timestamp information, returns the first local library storage key as a current key of a user to the first application if the first local library storage key is valid, and returns corresponding historical key information. And if the first local library key exceeds the validity period, querying a database, and returning the current key and the historical key of the user to the first application according to key information stored in the database.
In an alternative embodiment of the present invention, step 133 may include:
Step 1331, when the user history key information stored in the database is valid, sending a user current key and a user history key to the first application according to the user history key information stored in the database;
Step 1332, when the user history key information stored in the database is invalid, inquiring a key standby library in the database to obtain standby key information;
step 1333, sending the current key and the historical key of the user to the first application according to the spare key information.
As shown in fig. 3, in this embodiment, when the first local repository key is found to be invalid, the user history key information stored in the database is queried, and when the user history key information in the database is available, the user history key information is returned to the application. If the user history key information stored in the database is still invalid, the key standby library of the database is queried to obtain a standby key. And sending the spare key to an application and saving the spare key as an available key of the user.
In an alternative embodiment of the present invention, step 15 may include:
Step 151, resolving the second key synchronization request to obtain a second local library memory key of the second application;
step 152, when determining that the second local library storage key is valid according to the timestamp information of the second local library storage key, sending a user history key corresponding to the second local library storage key to the second application, and taking the second local library storage key as a current key of the user;
and step 153, when the second local library storage key is invalid, sending the current key and the historical key of the user to the second application according to the historical key information of the user stored in the database.
In this embodiment, as described above, the second application also needs to send a second key synchronization request to the mobile key management system. After the mobile key management system performs security authentication and decryption operation, judging whether the key is valid or not according to the time stamp information of the key, and then returning the current key and the historical key of the user to the second application. It should be noted that, the process of returning the key to the second application by the mobile key management system is the same as the process of returning the key to the first application, and the time stamp information needs to be verified and the database is queried according to the situation, which is not described herein.
In an alternative embodiment of the present invention, step 16 may include:
step 161, the first application encrypts transmission data through the current key of the user to obtain ciphertext data;
Step 162, sending the ciphertext data to a second application;
In step 163, the second application decrypts the ciphertext data with the current key of the user, to obtain plaintext data.
In this embodiment, as shown in fig. 2, after the first application and the second application are synchronized, the user a logs in to the first application and encrypts the data to be transmitted by using the current key of the user, and sends the encrypted data to the second application. And the second application receives the ciphertext data, calls the current key of the user A to decrypt and display the data.
The invention also provides a multi-terminal application data security transmission system, which comprises:
The terminal application safety protection module is used for sending an application registration request to the mobile key management system, and sending a key synchronization request to the mobile key management system after registration, and receiving a current key of a user and a historical key of the user according to the key synchronization request;
And the mobile key management system is used for receiving the application registration request and carrying out security authentication on the application registration request, receiving the key synchronization request and sending a current key and a historical key of a user according to the key synchronization request.
As shown in fig. 4 and 5, the terminal application security protection module (M-SDK) and the mobile key management system communicate through an encrypted channel. The M-SDK module is an SDK for mobile terminal integration, and has the main functions of acquiring a terminal and a mobile application and registering with a back-end mobile key management system according to the information. After successful registration, a key synchronization request is initiated to a mobile key management system, and a back-end system calculates according to a built-in algorithm and returns the used key and the historical key information corresponding to the user through a secure channel.
The M-SDK module mainly comprises the functions of acquiring mobile terminal equipment information, acquiring application information, acquiring an identity identification code authorized by a user, managing a mobile key bank, encrypting data, decrypting data, SDK operation behavior records, establishing a secure channel by a mobile key management system and the like. Android, hong Monte, IOS, linux and Windows systems are supported. The An Zhuohe HongMeng platform is composed of jar packages developed by java, ios and Linux platforms are composed of dynamic link library (so) files developed by C language, and windows platform is composed of dynamic link library (dll) files developed by C language. The device mainly comprises the following modules:
and the data encryption module acquires a current user available key from the SDK safe storage area and encrypts user data by using a national encryption SM4 algorithm.
And the data decryption module is used for checking the data format to be decrypted and checking whether decryption service should be provided. If decryption is needed, selecting a correct key from the key history information base of the secure storage area according to the data information, and then performing SM4 decryption operation on the data.
And the identity information module is used for acquiring and storing the identity identification codes of the current equipment, the application and the user authorization and checking whether the identity information is compliant according to the built-in algorithm.
And 1, a key management and control module which communicates with the mobile key management system to ensure that the key information of the current user in the local key store is consistent with that of the current user in the centralized key management system. 2. And providing a secure storage area to ensure the security of key storage. 3. Based on the user information and the data information, the correct key is provided for the data decryption module to use.
And the behavior recording module is used for recording sdk operation logs and sending the operation logs to the mobile key management module for log audit.
And a secure transmission channel is formed between the TLS bidirectional authentication system based on the national encryption algorithm and the back-end service, so that data is prevented from being stolen in the transmission process.
The mobile key management system is a centralized mobile key unified management system. And carrying out data interaction through the secure channel and the M-SDK. Consists of a software system and password security hardware. The cipher safety hardware is a cluster of cipher machine and signature verification server composed of cipher safety chip, central processing unit, data storage unit and high-speed cipher card, and provides basic cipher service and computing platform for software system. The software system consists of the following parts:
And the identity authentication module is used for providing management of system user information, and comprises a system user and a common mobile application key user. Providing different roles and rights. Each user can only access the user information belonging to the user under the corresponding role.
And the safety hardware management module provides a management function and a business function for the password safety hardware. The management function mainly comprises the functions of generating a master key and updating the master key, the master key is generated through a server cipher machine in the mobile key management system, the user key pair inside the server cipher machine is used for encryption, the user key pair of the server cipher machine cannot be led out without authorization, and the security of the master key in the mobile key management system is ensured. The service function is mainly to call password security hardware and provide basic calculation power guarantee for key generation, backup, export and other functions.
And the mobile application management module provides a management function of mobile application information in the mobile password management system. The operation includes adding mobile application information, deleting mobile application information, freezing mobile application information and recovering mobile application information. Multiple mobile application information can be created in the mobile key management system, and generation and issuing of keys are provided for multiple mobile applications.
And the mobile key management module provides a management function of the symmetric key and the asymmetric key. The operation of the method comprises key generation, key revocation, key destruction, key import, key export, key backup, key restarting, key archiving and key recovery. The generation of the secret key is generated by a server cipher machine, so that the randomness of the secret key generation is ensured. After the symmetric key and the asymmetric key private key generated in the mobile key management system are encrypted by the master key of the mobile key management system, the symmetric key and the asymmetric key private key are stored in a database of a server of the mobile key management system, and each key is verified by HMAC (hash algorithm) in the database, so that unauthorized key modification phenomenon can be prevented, and the problem key can be timely inspected.
And the log audit management module provides records of user operation information in the mobile key management system and the M-SDK. Through built-in algorithm analysis, the monitoring log can be tried out, and once potential security threats such as unauthorized access, malicious behaviors or abnormal operations are detected, system maintenance personnel can be timely reminded through mails and short messages, measures can be quickly taken, and further expansion of security events is prevented.
And the database module is a data access layer module used for interacting with the database in the system. User information, user state, key information, key state, etc. required by the system are obtained from the database.
The embodiment of the invention supports each user in the mobile application to have own unique key, supports the same user to share the own key in the same or different applications of different terminals through a secure channel, solves the problem that the mobile application key is leaked and tampered in the transmission process, supports the unified registration and authorization of the mobile terminal and the mobile application in a centralized mobile key management system, supports the centralized management of the mobile key management system on the mobile application key, can intensively display the key service condition, update, cancel, verify, synchronize and manage the key in real time, supports the secure storage of the mobile application key in the mobile terminal, and solves the problem that the mobile application key is stolen in the mobile terminal.
The application provides a secure key synchronization mode among different applications of different terminals, and simultaneously, the keys are centralized and controlled. The safe generation/transmission/storage of the secret key is realized, and the data security of the user on different devices is protected. The cost of user key management is greatly reduced, the key management efficiency is improved, and the number of maintenance history keys is reduced. Meanwhile, the provided safety management and control device can enable the mobile application to quickly access a mobile key management system on the premise of not making great modification.
The following describes an application scenario of the present application through a specific embodiment:
example 1
A large enterprise provides internal communication software and internal mailbox software for staff belonging to the enterprise. The M-SDK module in the invention is integrated in both types of software, and enterprises use the 'mobile key management' system at the back end of the invention in the background. Some staff installs the two types of software on their own android mobile phone.
The staff opens the internal communication software on the mobile phone of the staff, the software is connected with a background system, and the latest key information of the staff is automatically obtained. The staff receives file data sent by colleagues through internal communication software, and the software calls an encryption module in the M-SDK to encrypt the file by using the current user key. The user clicks to inquire the file, the software calls a decryption module in the M-SDK, decrypts the file by using the user key, and then the user can view the plaintext content.
The employee selects to share files to the mail software in the internal communication software. Then the employee opens the mail software and logs in to his own account number, assuming that at this time, the mail software fails to synchronize to the current user's key information. Then, mail software receives the file sent by the internal communication software, a user selects the file, the software calls a decryption module in the M-SDK to decrypt the file according to the file information, the fact that no corresponding key information exists in the current software storage key is found, then a key synchronization module is called, a request is sent to a rear-end system, a latest key list of the user is obtained, then a key suitable for the current file is selected from the list, and decryption operation is carried out on the file. The employee may then choose to view or distribute the current file via mail.
Example 2:
In the present invention, the user uses two different mobile terminals as an example, but the present invention is not limited to two applications, and the method flows are similar for more applications.
A large enterprise provides internal communication software for staff. A staff installs the software on his own ios system mobile phone and windows system computer. Wherein, the IOS system software integrates a dynamic link library (so file) containing the M-SDK module in the invention, and the Windows system software integrates a dynamic link library (dll file) containing the M-SDK module in the invention. The staff logs in the software at the computer end, receives the information sent by the user, and can normally check when opened. After working, the staff opens the software in the home mobile phone to check the files shared by the colleagues in the history record, and can also check the files normally (related flow see example 1). Then, the user finds the same file through the file management function of the mobile phone IOS operating system, and opens and views the same file, and at the moment, the user can find that the file is ciphertext and cannot view specific contents. And then, the staff opens communication software, exits the account, the M-SDK module detects that the user exits, deletes all key information of the user in the safe storage area, and sends an audit log to the back-end system for recording. Then, the staff logs in the account numbers of other staff B, then the same file is found from the software, the file is checked, the M-SDK decryption module starts decrypting the file, the key used for the file is found to be not locally present, then the key synchronization module is called, the back-end system is inquired, the back-end system returns key history information and current key information corresponding to the account numbers of the staff B, the decryption module tries to decrypt again, the decryption module still cannot find the corresponding key information, the decryption process is terminated, the user is prompted to have no decryption authority, meanwhile, an audit log is sent to the back-end system, and the action is recorded.
Example 3:
a large enterprise provides internal software for the staff. Some staff installs the software on the mobile device and uses it normally for some time. The employee is then away from the job. The enterprise information manager may log in to the mobile key management system to revoke the user-associated key. Then, the audit log is used for finding that the keys in all applications on all terminals of the user are revoked. The encrypted data on all devices of the employee will not be reusable.
As shown in fig. 6, the present invention further provides a multi-terminal application data security transmission device 60, including:
an acquisition module 61, configured to receive an application registration request sent by a user, perform security authentication on the application registration request, and send a device key to the user after passing the authentication;
The processing module 62 is configured to receive a first key synchronization request sent by a user through a first application, where the first key synchronization request is encrypted by using a device key, send a current key and a historical key of the user to the first application according to the first key synchronization request, receive a second key synchronization request sent by the user through a second application, send the current key and the historical key of the user to the second application according to the second key synchronization request, and transmit the transmission data to the second application after the first application encrypts the transmission data according to the current key and the historical key of the user.
Optionally, performing security authentication on the application registration request, and after passing the authentication, sending a device key to the user, including:
the application registration request comprises signature information constructed through an encryption algorithm;
carrying out security authentication verification on signature information carried in the application registration request and constructed through an encryption algorithm, and acquiring a device key after passing the authentication;
And saving the application information for sending the registration request and sending the equipment key to the user.
Optionally, according to the first key synchronization request, sending the user current key and the user history key to the first application includes:
analyzing the first key synchronization request to obtain a first local library memory key of a first application;
According to the timestamp information of the first local library storage key, when the first local library storage key is determined to be effective, sending a user history key corresponding to the first local library storage key to the first application, and taking the first local library storage key as a current key of a user;
and when the first local library key is invalid, sending the current user key and the historical user key to the first application according to the historical user key information stored in the database.
Optionally, when the first local repository key is invalid, sending the current user key and the historical user key to the first application according to the historical user key information stored in the database, including:
When the user history key information stored in the database is effective, sending a user current key and a user history key to the first application according to the user history key information stored in the database;
When the user history key information stored in the database is invalid, inquiring a key standby database in the database to obtain standby key information;
and sending the current key and the historical key of the user to the first application according to the spare key information.
Optionally, sending the current key of the user and the historical key of the user to the second application according to the second key synchronization request includes:
Analyzing the second key synchronization request to obtain a second local library memory key of a second application;
According to the timestamp information of the second local library storage key, when the second local library storage key is determined to be effective, sending a user history key corresponding to the second local library storage key to the second application, and taking the second local library storage key as a current key of a user;
and when the second local library key is invalid, sending the current key and the historical key of the user to the second application according to the historical key information of the user stored in the database.
Optionally, after the first application encrypts the transmission data according to the current key of the user and the historical key of the user, the transmission data is transmitted to a second application, including:
The first application encrypts transmission data through the current key of the user to obtain ciphertext data;
Sending the ciphertext data to a second application;
and the second application decrypts the ciphertext data through the current key of the user to obtain plaintext data.
It should be noted that, the device is a device corresponding to the above method, and all implementation manners in the above method embodiments are applicable to the embodiment of the device, so that the same technical effects can be achieved.
Embodiments of the present invention also provide a computing device comprising a processor, a memory storing a computer program which, when executed by the processor, performs a method as described above. All the implementation manners in the method embodiment are applicable to the embodiment, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a method as described above. All the implementation manners in the method embodiment are applicable to the embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes various media capable of storing program codes such as a U disk, a mobile hard disk, a ROM, a RAM, a magnetic disk or an optical disk.
Furthermore, it should be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. Also, the steps of performing the series of processes described above may naturally be performed in chronological order in the order of description, but are not necessarily performed in chronological order, and some steps may be performed in parallel or independently of each other. It will be appreciated by those of ordinary skill in the art that all or any of the steps or components of the methods and apparatus of the present invention may be implemented in hardware, firmware, software, or a combination thereof in any computing device (including processors, storage media, etc.) or network of computing devices, as would be apparent to one of ordinary skill in the art after reading this description of the invention.
The object of the invention can thus also be achieved by running a program or a set of programs on any computing device. The computing device may be a well-known general purpose device. The object of the invention can thus also be achieved by merely providing a program product containing program code for implementing said method or apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is apparent that the storage medium may be any known storage medium or any storage medium developed in the future. It should also be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. The steps of executing the series of processes may naturally be executed in chronological order in the order described, but are not necessarily executed in chronological order. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410458029.8A CN118250079B (en) | 2024-04-17 | A method, device and system for secure transmission of multi-terminal application data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410458029.8A CN118250079B (en) | 2024-04-17 | A method, device and system for secure transmission of multi-terminal application data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118250079A CN118250079A (en) | 2024-06-25 |
| CN118250079B true CN118250079B (en) | 2025-10-10 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105553950A (en) * | 2015-12-08 | 2016-05-04 | 金邦达有限公司 | Information security equipment and management method, management device and management system thereof |
| CN112470428A (en) * | 2018-06-08 | 2021-03-09 | 威睿公司 | Unmanaged secure inter-application data communications |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105553950A (en) * | 2015-12-08 | 2016-05-04 | 金邦达有限公司 | Information security equipment and management method, management device and management system thereof |
| CN112470428A (en) * | 2018-06-08 | 2021-03-09 | 威睿公司 | Unmanaged secure inter-application data communications |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110489996B (en) | Database data security management method and system | |
| US10063594B2 (en) | Network access control with compliance policy check | |
| CN101401387B (en) | Access Control Method for Embedded Devices | |
| US20080195740A1 (en) | Maintaining session state information in a client server system | |
| CN109361668A (en) | A method of reliable data transmission | |
| CN111159684B (en) | Safety protection system and method based on browser | |
| CN101965574B (en) | Authentication information generation system, authentication information generation method and a client device | |
| CN107517221B (en) | Centerless safe and trusted auditing method | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN106790045B (en) | distributed virtual machine agent device based on cloud environment and data integrity guarantee method | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| US20060095769A1 (en) | System and method for initializing operation for an information security operation | |
| CN109981255A (en) | The update method and system of pool of keys | |
| CN118890192A (en) | A data security management system based on cloud platform | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN112565265A (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN117454420A (en) | Cloud computing encryption storage service system and method | |
| CN119835079A (en) | Integrated information security system supporting multi-platform environment | |
| CN112202713A (en) | User data security protection method under Kubernetes environment | |
| CN112989320B (en) | User state management system and method for password equipment | |
| CN114745115A (en) | An information transmission method, device, computer equipment and storage medium | |
| CN118250079B (en) | A method, device and system for secure transmission of multi-terminal application data | |
| Jabbar et al. | Design and implementation of hybrid EC-RSA security algorithm based on TPA for cloud storage | |
| CN116702188A (en) | Management and control platform data management method and system | |
| CN118250079A (en) | Multi-terminal application data secure transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |