[go: up one dir, main page]

CN120200859B - A data transmission control method, device, program product and storage medium - Google Patents

A data transmission control method, device, program product and storage medium

Info

Publication number
CN120200859B
CN120200859B CN202510686200.5A CN202510686200A CN120200859B CN 120200859 B CN120200859 B CN 120200859B CN 202510686200 A CN202510686200 A CN 202510686200A CN 120200859 B CN120200859 B CN 120200859B
Authority
CN
China
Prior art keywords
data
encrypted
user information
information
symmetric key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202510686200.5A
Other languages
Chinese (zh)
Other versions
CN120200859A (en
Inventor
李树山
陈胜凯
李文辉
谭仪飞
詹安权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Guangdong Network Construction Co Ltd
Original Assignee
Digital Guangdong Network Construction Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Guangdong Network Construction Co Ltd filed Critical Digital Guangdong Network Construction Co Ltd
Priority to CN202510686200.5A priority Critical patent/CN120200859B/en
Publication of CN120200859A publication Critical patent/CN120200859A/en
Application granted granted Critical
Publication of CN120200859B publication Critical patent/CN120200859B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明实施例公开了一种数据传输控制方法、设备、程序产品和存储介质,包括:接收用户发送的用户信息和数据查询请求,并基于数据查询请求生成第一对称密钥;根据第一对称密钥、用户信息和预先获取到的第二非对称公钥生成数据请求信息,并将数据请求信息发送给数据存储系统;其中,数据请求信息包括加密用户信息、用户信息签名值和加密第一对称密钥;接收数据存储系统基于数据请求信息生成的加密数据信息;其中,加密数据信息包括加密目标数据、数据签名值和加密第二对称密钥;基于预先生成的第一非对称私钥和加密数据信息得到目标数据,并将目标数据展示给用户。本发明的方法可以提高数据传输过程的全链数据的安全性。

The embodiment of the present invention discloses a data transmission control method, device, program product and storage medium, including: receiving user information and data query request sent by a user, and generating a first symmetric key based on the data query request; generating data request information according to the first symmetric key, user information and a pre-acquired second asymmetric public key, and sending the data request information to a data storage system; wherein the data request information includes encrypted user information, a user information signature value and an encrypted first symmetric key; receiving encrypted data information generated by the data storage system based on the data request information; wherein the encrypted data information includes encrypted target data, a data signature value and an encrypted second symmetric key; obtaining target data based on the pre-generated first asymmetric private key and the encrypted data information, and displaying the target data to the user. The method of the present invention can improve the security of the full-chain data in the data transmission process.

Description

Data transmission control method, device, program product and storage medium
Technical Field
Embodiments of the present invention relate to the field of data processing, and in particular, to a data transmission control method, apparatus, program product, and storage medium.
Background
In the current digital age, with the rapid development and widespread use of information technology, more and more personal and business information is stored, transmitted, and processed in electronic form. Such information includes, but is not limited to, electronic certificates, personal identity information, financial data, medical records, and communication records, among others, which play an important role in various business scenarios. However, with the widespread use of data, security and protection issues of user privacy data are increasingly prominent.
In the present information systems, the user privacy data often exists in a plaintext form during the transmission and storage process. For example, in a government service scenario, a certification system (e.g., a government service hall or an online government platform) typically needs to request an electronic license required by a user from the certification system through sensitive information such as the user's identification number, name, license number, etc. as query conditions. The information is easy to intercept and tamper by network attacker in the transmission process, which leads to the leakage of user privacy data.
Disclosure of Invention
The embodiment of the invention provides a data transmission control method, equipment, a program product and a storage medium, which ensure that the identity information of a user and the queried privacy information cannot be intercepted and tampered by a network attacker in the process of querying non-public privacy information by using the identity information by the user, and improve the safety of full-chain data in the data transmission process.
In a first aspect, an embodiment of the present invention provides a data transmission control method, applied to a data request system, including:
receiving user information and a data query request sent by a user;
Generating data request information based on the data query request, the user information and a second asymmetric public key acquired in advance, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key;
transmitting the data request information to a data storage system, and receiving encrypted data information generated by the data storage system based on the data request information, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key;
and obtaining target data based on the first asymmetric private key and the encrypted data information which are generated in advance, and displaying the target data to the user.
In a second aspect, an embodiment of the present invention provides a data transmission control method, applied to a data storage system, where the method includes:
receiving data request information sent by a data request system, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key;
determining user information based on a pre-generated second asymmetric private key and the data request information, wherein the user information is the encrypted user information after decryption;
determining target data corresponding to the user information in a predetermined database for storing non-public data;
And generating encrypted data information based on the first asymmetric public key and the target data, which are acquired in advance, and sending the encrypted data information to the data request system, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key.
In a third aspect, an embodiment of the present invention provides a data transmission control apparatus, including:
the first data receiving module is used for receiving user information and a data query request sent by a user and generating a first symmetric key based on the data query request;
The data request module is used for generating data request information based on the data query request, the user information and a second asymmetric public key which is acquired in advance, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key;
The second data receiving module is used for sending the data request information to a data storage system and receiving encrypted data information generated by the data storage system based on the data request information, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key;
the first data generation module is used for obtaining target data based on a first asymmetric private key and the encrypted data information which are generated in advance, and displaying the target data to the user.
In a fourth aspect, an embodiment of the present invention provides a data transmission control apparatus, including:
the third data receiving module is used for receiving data request information sent by the data request system, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key;
the first data determining module is used for determining user information based on a second asymmetric private key which is generated in advance and the data request information, wherein the user information is the encrypted user information after decryption;
A second data determining module, configured to determine target data corresponding to the user information in a predetermined database for storing non-public data;
And the second data generation module is used for generating encrypted data information based on the first asymmetric public key and the target data, and sending the encrypted data information to the data request system, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the program, the processor implements a data transmission control method according to any one of the embodiments of the present invention.
In a sixth aspect, an embodiment of the present invention further provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data transmission control method according to any one of the embodiments of the present invention.
In a seventh aspect, embodiments of the present invention provide a computer program product comprising a computer program which, when executed by a processor, implements a data transmission control method according to any of the embodiments of the present invention.
The method comprises the steps of receiving user information and a data query request sent by a user, generating a first symmetric key based on the data query request, generating data request information according to the first symmetric key, the user information and a second asymmetric public key which is obtained in advance, and sending the data request information to a data storage system, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key, receiving encrypted data information generated by the data storage system based on the data request information, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key, obtaining target data based on the first asymmetric private key and the encrypted data information which are generated in advance, and displaying the target data to the user. According to the method provided by the embodiment of the invention, the encrypted user information is obtained through the first symmetric key, the user information and the second asymmetric public key, so that the user information can be ensured to be encrypted in the transmission process, and the user information is ensured not to be intercepted or leaked. Through the user information signature value and the encrypted first symmetric key, the user information can be ensured not to be tampered in the transmission process, and the user privacy is further protected. Meanwhile, the encrypted target data, the data signature value and the encrypted second symmetric key returned by the data storage system can ensure that the target data is encrypted in the transmission process, and ensure that the target data cannot be intercepted or leaked.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a data transmission control method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a data request system according to an embodiment of the present invention for distributing a first asymmetric public key;
FIG. 3 is a schematic flow chart of a data storage system according to an embodiment of the present invention distributing a second asymmetric public key;
FIG. 4 is a schematic flow chart of data transmission performed by the data request system and the data storage system according to the embodiment of the present invention;
fig. 5 is a schematic diagram of a first structure of a data transmission control device according to an embodiment of the present invention;
fig. 6 is a second schematic structural diagram of a data transmission control device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a flowchart of a data transmission control method provided by the embodiment of the present invention, where the method of the embodiment of the present invention can comprehensively and timely discover potential problems existing in a page, improve the robustness and stability of a service system, and further improve the interaction experience between a user and the service system. The information collected in the method of the embodiment of the invention is information and data which are authorized by a user or are fully authorized by each party, and the processing of the collection, storage, use, processing, transmission, provision, disclosure, application and the like of the related data all obeys the related laws and regulations and standards of the related country and region, necessary security measures are adopted, the public welfare is not violated, and corresponding operation entrance is provided for the user to select authorization or rejection. The method can be implemented by a data transmission control device provided by the embodiment of the invention, and the device can be implemented in a software and/or hardware mode. The following embodiments will be described taking the example that the apparatus is integrated in an electronic device, which may be a server or a computer device, etc., and referring to fig. 1, the method may specifically include the following steps:
And step 101, receiving user information and a data query request sent by a user.
The user information is related information which is sent to the data request system by the user when the user inquires the target data and is used for identifying the identity of the user. The data query request is an operation instruction sent by a user to the data request system for requesting target data. The data request system is used for searching target data corresponding to the data query request for the user according to the user information and the data query request.
Specifically, when a user needs to query data through the data request system, the user can send user information and a data query request to the data request system according to own needs. For example, in a business scenario where a user needs to transact an enterprise license query in a government platform, the data request system may be a certification system for transacting a license business. The user information includes, but is not limited to, an identification number, a user name, a login account, an email box, a cell phone number, a business name or business license number, and the like. The data query request includes query context information such as a time frame in which the user queried the data, a data type, and other relevant information to assist in querying or security verification, etc. When the user needs to inquire the license information, the user information can be uploaded on the license system, meanwhile, a data inquiry request is sent to the license system, and the license system can receive the user information and the data inquiry request sent by the user in real time.
Step 102, generating data request information based on the data query request, the user information and the second asymmetric public key acquired in advance.
The second asymmetric public key is a public key which is obtained in advance by the data request system, generated by the data storage system and distributed to the data request system. In particular, when data is transmitted between a data request system and a data storage system, it is necessary to ensure the security of the transmitted data. Thus, the data requesting system can establish a secure communication mechanism between the data storage system and distribute the asymmetric public keys to each other prior to receiving user information and data query requests sent by the user. In the scheme, optionally, before receiving user information and a data query request sent by a user, the method further comprises the steps of generating a first asymmetric public key and a first asymmetric private key according to a preset first asymmetric encryption algorithm, sending the first asymmetric public key to a data storage system, and obtaining a second asymmetric public key sent by the data storage system.
The second asymmetric public key is generated by the data storage system according to a preset second asymmetric encryption algorithm. An asymmetric encryption algorithm is an encryption technique that can generate a public key that is used to encrypt data and a private key that is used to decrypt data. The first asymmetric encryption algorithm is an asymmetric encryption algorithm predetermined by the data request system, for example, an elliptic curve digital signature algorithm, an elk-mar algorithm, or an RSA (Rivest-Shamir-Adleman) algorithm among the asymmetric encryption algorithms. The second asymmetric encryption algorithm is an asymmetric encryption algorithm predetermined by the data storage system, and the first asymmetric encryption algorithm and the second asymmetric encryption algorithm may be the same algorithm or different algorithms.
Specifically, the data request system generates a first asymmetric public key and a first asymmetric private key using a first asymmetric encryption algorithm. The data request system stores a first asymmetric private key for subsequent encrypted data decryption. The first asymmetric public key is sent to a data storage system, which stores the first asymmetric public key for subsequent encryption of data to be transmitted, thereby ensuring that only the data requesting system holding the first asymmetric private key is able to decrypt the transmitted data. The data storage system generates a second asymmetric public key and a second asymmetric private key using a second asymmetric encryption algorithm. The data storage system stores a second asymmetric private key for subsequent decryption of encrypted data. And sending the second asymmetric public key to the data request system, wherein the data request system stores the second asymmetric public key for encrypting the data to be transmitted subsequently, so that only the data storage system with the second asymmetric private key can decrypt the transmitted data.
Fig. 2 is a schematic flow chart of distributing a first asymmetric public key by the data request system according to an embodiment of the present invention. As shown in fig. 2, the data request system generates a first asymmetric public key and a first asymmetric private key according to a first symmetric encryption algorithm, and sends the first asymmetric public key to the data storage system. The data storage system stores the first asymmetric public key and returns a message to the data request system that the receipt was successful. After the data request system receives the message, the first asymmetric public key and the first asymmetric private key are stored. Fig. 3 is a schematic flow chart of distributing a second asymmetric public key by the data storage system according to an embodiment of the present invention. As shown in fig. 3, the data storage system generates a second asymmetric public key and a second asymmetric private key according to a second symmetric encryption algorithm, and sends the second asymmetric public key to the data request system. The data request system stores the second asymmetric public key and returns a message to the data storage system that the receipt was successful. After receiving the message, the data storage system stores the second asymmetric public key and the second asymmetric private key.
Through an asymmetric encryption mechanism, the storage system and the data request system can mutually verify the identity of the storage system and the data request system, and only the system with the correct private key can decrypt the data, so that the safety and reliability of both communication parties are ensured. Further, the integrity and authenticity of the data during transmission can be ensured.
Further, on the premise that the data request system and the data storage system mutually distribute respective asymmetric public keys, the data request system needs to send user information to the data storage system after receiving user information and a data query request sent by a user, so that the data storage system determines target data according to the user information. The user information may include sensitive information such as a phone number or a certificate number, and in order to ensure secure transmission of the user information, the data request system may encrypt the user information through a second asymmetric public key and a predetermined symmetric encryption algorithm, and generate data request information according to the encrypted user information, so as to request target data from the data request system through the data request information. In this scheme, the data request information includes encrypted user information, a user information signature value, and an encrypted first symmetric key. Optionally, generating the data request information based on the data query request, the user information and the pre-acquired second asymmetric public key includes generating a first symmetric key in response to the data query request, encrypting the user information according to the first symmetric key to obtain encrypted user information, performing one-way encryption calculation on the encrypted user information to obtain a user information signature value, and encrypting the first symmetric key according to the pre-acquired second asymmetric public key to obtain an encrypted first symmetric key.
Wherein the second asymmetric public key is generated by the data storage system and pre-distributed to the data request system. The first symmetric key is a key generated by the data request system according to a predetermined symmetric encryption algorithm. A symmetric encryption algorithm is an encryption technique that uses the same key for both encryption and decryption processes. The symmetric encryption algorithm comprises an advanced encryption standard algorithm, a data encryption standard algorithm, a triple data encryption algorithm and the like. The one-way encryption calculation refers to a process of encrypting data by a digest algorithm, which converts input data into a digest value of a fixed length using a one-way hash function, and the digest algorithm includes a secure hash algorithm-256, a secure hash algorithm-1, a message digest algorithm-5, and the like.
Specifically, the data request system generates a first symmetric key according to a predetermined symmetric encryption algorithm after receiving user information and a data query request. The user information is encrypted by the first symmetric key, for example, the user information may be divided into blocks with a fixed size, and then encrypted block by block to obtain encrypted user information. The encrypted user information becomes ciphertext, and cannot be directly read, and only a system with the same symmetric key can decrypt the encrypted user information. After the encrypted user information is obtained, the one-way encryption calculation is carried out on the encrypted user information by using a predetermined digest algorithm calculation, and a user information signature value is obtained. The user information signature value is used for verifying the integrity and authenticity of the data, and ensuring that the data is not tampered in the transmission process. After the user information signature value is obtained, the first symmetric key is encrypted by using a second asymmetric public key which is distributed in advance by the data storage system, and the encrypted first symmetric key is obtained. And packaging the encrypted user information, the user information signature value and the encrypted first symmetric key into a request data packet to obtain data request information.
The security and privacy protection of the user information in the transmission process are ensured by encrypting the user information, and the user information is prevented from being intercepted or tampered. By generating the signature value of the user information, the data storage system can verify the integrity and the authenticity of the encrypted user information, and the data is ensured not to be tampered in the transmission process. The symmetric key is encrypted by using an asymmetric encryption algorithm, so that the security of the symmetric key in the transmission process is ensured.
Step 103, sending the data request information to the data storage system, and receiving the encrypted data information generated by the data storage system based on the data request information.
The data storage system is used for searching target data corresponding to the data request message in the database according to the data request message. The data request system sends the data request information to the data storage system after determining the data request information. After receiving the data request information, the data storage system decrypts the encrypted user information in the data request information and queries the target data according to the encrypted user information. Encrypting the target data, generating encrypted data information, and returning the encrypted data information to the data request system. In this solution, after the data request system sends the data request information to the data storage system, the data storage system may execute the following steps A1 to A4:
and step A1, receiving data request information sent by a data request system.
The data request information includes encrypted user information, a user information signature value, and an encrypted first symmetric key.
And step A2, determining user information based on the second asymmetric private key and the data request information which are generated in advance.
The second asymmetric private key is an asymmetric private key that is generated in advance by the data storage system according to the second asymmetric encryption algorithm, that is, the asymmetric private key in fig. 2. Specifically, encrypting the first symmetric key is obtained by encrypting the first symmetric key by the data request system using the second asymmetric public key. Thus, the data storage system may decrypt the encrypted first symmetric key using the second asymmetric private key. And decrypting the encrypted user information by using the first symmetric key to obtain the user information. In this solution, optionally, determining the user information based on the second asymmetric private key and the data request information generated in advance includes the following steps a21 to a23:
and step A21, carrying out one-way encryption calculation on the user information signature value to obtain a user verification signature value of the user information signature value.
The one-way encryption computation refers to a process of encrypting data by a digest algorithm that converts input data into a digest value of a fixed length using a one-way hash function. In the digest algorithm, even if there is a slight change in the input data, the generated digest value will change significantly. Thus, it is possible to determine whether the user information is tampered with during transmission by comparing the user authentication signature value with the user information signature value. After receiving the data request information, the data storage system adopts the same digest algorithm as that of the data request system for calculating the user information signature value to carry out one-way encryption calculation on the user information signature value, so as to obtain the user verification signature value of the user information signature value.
And step A22, matching the user information signature value with the user verification signature value to obtain a user information matching result, and decrypting the encrypted first symmetric key according to the second asymmetric private key to obtain a first symmetric key when the user information matching result is that the user information matching result passes the matching.
Specifically, after the user verification signature value is obtained, the data storage system performs matching comparison on the user information signature value and the user verification signature value. If the user information signature value is completely consistent with the user verification signature value, the user information is not tampered in the transmission process, and the user information matching result can be further determined to be the matching passing. If the signature value of the user information is inconsistent with the signature value of the user verification, the user information is possibly tampered in the transmission process, and the data storage system can refuse to process the data request information.
In this scheme, encrypting the first symmetric key is obtained by encrypting the first symmetric key by the data request system using the second asymmetric public key. Therefore, when the matching result of the user information is that the matching is passed, the data storage system can directly decrypt the encrypted first symmetric key by adopting the second asymmetric private key to obtain the first symmetric key. By comparing the user information signature value with the user verification signature value, whether the data is tampered in the transmission process can be verified, and safe and error-free transmission of the data is ensured.
And step A23, decrypting the encrypted user information based on the first symmetric key to obtain the user information.
Specifically, the encrypted user information is obtained by encrypting the user information by the data request system through the first symmetric key, so that the data storage system can directly decrypt the encrypted user information by adopting the first symmetric key to obtain the user information. In the steps, the encrypted data can be accurately and rapidly decrypted through the asymmetric private key and the symmetric key, so that the overall efficiency of the system is improved.
And step A3, determining target data corresponding to the user information in a predetermined database for storing non-public data.
Wherein, the non-public data is data which is not suitable for random disclosure. For example, in a business scenario where users transact electronic licenses, the non-public data may be electronic licenses corresponding to each user, and the target data may be electronic licenses corresponding to user information. After obtaining the user information, the data storage system accesses a database for storing non-public data according to the user information (such as an identity card number or a license number) serving as a query condition, and searches target data corresponding to the user information in the database.
And A4, generating encrypted data information based on the first asymmetric public key and the target data, which are acquired in advance, and sending the encrypted data information to a data request system.
After obtaining the target data, the data storage system needs to return the target data to the data request system so that the data request system displays the target data for the user. The target data may include non-public data such as an electronic license, and in order to ensure secure transmission of the target data, the data storage system may encrypt the target data through a first asymmetric public key and a predetermined symmetric encryption algorithm, and send the encrypted target data, that is, encrypted data information, to the data request system. In this scheme, the encrypted data information includes the encrypted target data, the data signature value, and the encrypted second symmetric key. Optionally, generating encrypted data information based on the first asymmetric public key and the target data acquired in advance, and sending the encrypted data information to the data request system, including the following steps a 41-a 43:
And step A41, generating a second symmetric key, and encrypting the target data according to the second symmetric key to obtain the encrypted target data.
Wherein the second symmetric key is a key generated by the data storage system according to a predetermined symmetric encryption algorithm. A symmetric encryption algorithm is an encryption technique that uses the same key for both encryption and decryption processes. The symmetric encryption algorithm for generating the second symmetric key may be the same or different from the symmetric encryption algorithm for generating the first symmetric key. Specifically, after the target data is obtained, the data storage system generates a second symmetric key according to a predetermined symmetric encryption algorithm, and encrypts the target data through the second symmetric key to obtain encrypted target data. The encrypted target data becomes ciphertext, and cannot be directly read, and only a system with the same symmetric key can decrypt the target data.
And step A42, carrying out one-way encryption calculation on the encryption target data to obtain a data signature value.
The one-way encryption computation refers to a process of encrypting data by a digest algorithm that converts input data into a digest value of a fixed length using a one-way hash function. The digest algorithm is a one-way hash function that can convert data of arbitrary length into a digest value of fixed length. The data signature value obtained by carrying out one-way encryption calculation on the encrypted target data can be used for verifying the integrity and the authenticity of the license data, so that the encrypted target data is ensured not to be tampered in the transmission process.
And step A43, encrypting the second symmetric key according to the first asymmetric public key to obtain an encrypted second symmetric key.
Wherein the first asymmetric public key is pre-distributed to the data storage system by the data request system. The data storage system encrypts the second symmetric key by using the first asymmetric public key, so that the security of the second symmetric key in the transmission process can be ensured, and only the data request system with the first asymmetric private key can decrypt the encrypted second symmetric key.
Further, the data storage system generates encrypted data information according to the encrypted target data, the data signature value and the encrypted second symmetric key, and sends the encrypted data information to the data request system. The security of the target data in the transmission process is ensured by encrypting the target data, and the target data is prevented from being intercepted or tampered. By generating the data signature value, the data request system can verify the integrity and the authenticity of the encrypted target data, and the data is ensured not to be tampered in the transmission process. The symmetric key is encrypted by using an asymmetric encryption algorithm, so that the security of the symmetric key in the transmission process is ensured.
And 104, obtaining target data based on the first asymmetric private key and the encrypted data information which are generated in advance, and displaying the target data to a user.
Specifically, after receiving the encrypted data information, the data request system needs to decrypt the encrypted data information to obtain the target data. The encrypted second symmetric key in the encrypted data information is obtained by encrypting the second symmetric key by the data storage system using the first asymmetric public key. Thus, the data request system may decrypt the encrypted second symmetric key using the first asymmetric private key. And decrypting the encrypted target data by using the second symmetric key to obtain the target data. In this scheme, optionally, target data is obtained based on a first asymmetric private key and encrypted data information generated in advance, and the target data is displayed to a user, including the following steps B1-B3:
And B1, performing one-way encryption calculation on the data signature value to obtain a data verification signature value of the data signature value.
The one-way encryption computation refers to a process of encrypting data by a digest algorithm that converts input data into a digest value of a fixed length using a one-way hash function. In the digest algorithm, even if there is a slight change in the input data, the generated digest value will change significantly. Thus, whether the encryption target data is tampered with during transmission can be determined by verifying the signature value against the data and the data signature value. After the data storage system receives the encrypted data information, the data signature value is subjected to one-way encryption calculation by adopting a digest algorithm which is the same as a digest algorithm for calculating the data signature value by the data request system, so as to obtain a data verification signature value of the data signature value.
And B2, matching the data signature value and the data verification signature value to obtain a data information matching result, and decrypting the encrypted second symmetric key according to the first asymmetric private key to obtain a second symmetric key when the data information matching result is that the data information matching result passes the matching.
Specifically, after the data verification signature value is obtained, the data storage system performs matching comparison on the data signature value and the data verification signature value. If the data verification signature value and the data signature value are completely consistent, the fact that the encrypted target data is not tampered in the transmission process is indicated, and further the data information matching result can be determined to be that the matching is passed. If the data verification signature value and the data signature value are inconsistent, the encryption target data can be tampered in the transmission process, and the data request system can refuse to process the encrypted data information.
In this scheme, the second symmetric key is encrypted by the data request system using the first asymmetric public key to encrypt the second symmetric key. Therefore, when the data information matching result is that the matching is passed, the data request system can directly decrypt the encrypted second symmetric key by adopting the first asymmetric private key to obtain the second symmetric key.
And B3, decrypting the encrypted target data based on the second symmetric key to obtain the target data.
Specifically, the encrypted target data is obtained by encrypting the target data by the data request system through the second symmetric key, so that the data request system can directly decrypt the encrypted target data by adopting the second symmetric key to obtain the target data. In the steps, the encrypted target data can be accurately and rapidly decrypted through the asymmetric private key and the symmetric key, so that the overall efficiency of the system is improved.
Fig. 4 is a schematic flow chart of data transmission performed by the data request system and the data storage system according to the embodiment of the present invention. As shown in fig. 4, after receiving the user information and the data query request, the data request system generates a first symmetric key, encrypts the user information using the first symmetric key, and calculates a user information signature value. Encrypting the first symmetric key using the second asymmetric public key to obtain an encrypted first symmetric key. The encrypted user information, the user information signature value, and the encrypted first symmetric key are transmitted to a data storage system, which receives the encrypted user information, the user information signature value, and the encrypted first symmetric key. And the data storage system verifies the signature value of the user information, decrypts and encrypts the first symmetric key by using the second asymmetric private key after the verification is passed, so as to obtain the first symmetric key, and decrypts and encrypts the user information by using the first symmetric key so as to obtain the user information. Inquiring and acquiring target data according to the user information, generating a second symmetric key by using a second symmetric encryption algorithm, and encrypting the target data by using the second symmetric key to obtain encrypted target data. And calculating a target data signature value, and encrypting the second symmetric key by using the first asymmetric public key to obtain an encrypted second symmetric key. The encryption target data, the encryption target data signature value, and the encryption second symmetric key are transmitted to a data request system, which receives the encryption target data, the encryption target data signature value, and the encryption second symmetric key. And the data request system verifies the target data signature value, decrypts and encrypts the second symmetric key by using the first asymmetric private key after verification is passed, so as to obtain a second symmetric key, and decrypts and encrypts the target data by using the second symmetric key so as to obtain the target data. And displaying the target data to the user according to the target data.
Taking a business scenario that a user needs to transact enterprise license inquiry at a government platform as an example, the user uploads user information at a license system and sends a license inquiry instruction, the license system can encrypt the user information, and a data inquiry request is generated according to the encrypted user information and the license inquiry instruction. And sending the data query request to a license system, and decrypting the encrypted user information after the license system receives the data query request to obtain the user information. And searching a target license corresponding to the user information in the license database according to the user information, encrypting the target license, and returning the encrypted target license to the license system. And decrypting the encrypted target license by the license system to obtain the target license, and displaying the target license to the user. Therefore, when the certificate using system calls the electronic certificate of the certificate holder, the request parameters and the response message are all in an encrypted form, so that the security of sensitive data of the electronic certificate in the calling process is ensured.
The technical scheme of the embodiment includes that user information and a data query request sent by a user are received, data request information is generated based on the data query request, the user information and a second asymmetric public key which is obtained in advance, the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key, the data request information is sent to a data storage system, the encrypted data information generated by the data storage system based on the data request information is received, the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key, the target data is obtained based on the first asymmetric private key and the encrypted data information which are generated in advance, and the target data is displayed to the user. According to the technical scheme, the encrypted user information is obtained through the first symmetric key, the user information and the second asymmetric public key, so that the user information can be ensured to be encrypted in the transmission process, and the user information is ensured not to be intercepted or leaked. Through the user information signature value and the encrypted first symmetric key, the user information can be ensured not to be tampered in the transmission process, and the user privacy is further protected. Meanwhile, the encrypted target data, the data signature value and the encrypted second symmetric key returned by the data storage system can ensure that the target data is encrypted in the transmission process, and ensure that the target data cannot be intercepted or leaked.
Fig. 5 is a schematic diagram of a first structure of a data transmission control device according to an embodiment of the present invention, where the device is adapted to execute a data transmission control method according to an embodiment of the present invention. As shown in fig. 5, the apparatus may specifically include:
a first data receiving module 501, configured to receive user information and a data query request sent by a user, and generate a first symmetric key based on the data query request;
A data request module 502, configured to generate data request information based on the data query request, the user information, and a second asymmetric public key acquired in advance, where the data request information includes encrypted user information, a user information signature value, and an encrypted first symmetric key;
a second data receiving module 503, configured to send the data request information to a data storage system, and receive encrypted data information generated by the data storage system based on the data request information, where the encrypted data information includes encrypted target data, a data signature value, and an encrypted second symmetric key;
The first data generating module 504 is configured to obtain target data based on the first asymmetric private key and the encrypted data information, and display the target data to the user.
Optionally, the data request module 502 is specifically configured to generate a first symmetric key in response to the data query request, and encrypt the user information according to the first symmetric key to obtain the encrypted user information;
carrying out one-way encryption calculation on the encrypted user information to obtain the user information signature value;
And encrypting the first symmetric key according to the second asymmetric public key obtained in advance to obtain the encrypted first symmetric key.
Optionally, the first data generating module 504 is specifically configured to perform unidirectional encryption calculation on the data signature value to obtain a data verification signature value of the data signature value;
When the data information matching result is that the data information matching result passes through the matching, decrypting the encrypted second symmetric key according to the first asymmetric private key to obtain the second symmetric key;
And decrypting the encrypted data information based on the second symmetric key to obtain the target data.
Optionally, the data request module 502 is specifically configured to generate a first asymmetric public key and the first asymmetric private key according to a preset first asymmetric encryption algorithm, and send the first asymmetric public key to the data storage system;
And acquiring the second asymmetric public key sent by the data storage system, wherein the second asymmetric public key is generated by the data storage system according to a preset second asymmetric encryption algorithm.
The data transmission control device provided by the embodiment of the invention can execute the data transmission control method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Reference is made to the description of any method embodiment of the invention for details not described in this embodiment.
Fig. 6 is a second schematic structural diagram of a data transmission control device according to an embodiment of the present invention, where the device is adapted to execute the data transmission control method according to the embodiment of the present invention. As shown in fig. 6, the apparatus may specifically include:
A third data receiving module 601, configured to receive data request information sent by a data request system, where the data request information includes encrypted user information, a signature value of the user information, and an encrypted first symmetric key;
A first data determining module 602, configured to determine user information based on a second asymmetric private key that is generated in advance and the data request information, where the user information is the encrypted user information after decryption;
a second data determining module 603, configured to determine target data corresponding to the user information in a predetermined database for storing non-public data;
and a second data generating module 604, configured to generate encrypted data information based on the first asymmetric public key and the target data, and send the encrypted data information to the data request system, where the encrypted data information includes encrypted target data, a data signature value, and an encrypted second symmetric key.
Optionally, the first data determining module 602 is specifically configured to perform unidirectional encryption calculation on the user information signature value to obtain a user verification signature value of the user information signature value;
matching the user information signature value with the user verification signature value to obtain a user information matching result, and decrypting the encrypted first symmetric key according to the second asymmetric private key to obtain a first symmetric key when the user information matching result is that the user information matching result passes the matching;
And decrypting the encrypted user information based on the first symmetric key to obtain the user information.
Optionally, a second data generating module 604 is specifically configured to generate a second symmetric key, and encrypt the target data according to the second symmetric key to obtain the encrypted target data;
carrying out one-way encryption calculation on the encryption target data to obtain the data signature value;
And encrypting the second symmetric key according to the first asymmetric public key to obtain the encrypted second symmetric key.
The data transmission control device provided by the embodiment of the invention can execute the data transmission control method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Reference is made to the description of any method embodiment of the invention for details not described in this embodiment.
The embodiment of the invention also provides a computer program product.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer program products, which may include one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be a special or general purpose programmable processor, operable to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and referring to fig. 7, the electronic device 12 shown in fig. 7 is merely an example, and should not be construed as limiting the function and the application range of the embodiment of the present application. As shown in fig. 7, the electronic device 12 is in the form of a general purpose computing device. The components of the electronic device 12 may include, but are not limited to, one or more processors or processing units 16, a system memory 28, and a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, commonly referred to as a "hard disk drive"). Although not shown in fig. 7, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. The system memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of the embodiments of the application.
Program/utility 40 having a set (at least one) of program modules 46 may be stored in, for example, system memory 28, such program modules 46 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 46 generally perform the functions and/or methods of the embodiments described herein.
The electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the electronic device 12, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Also, the electronic device 12 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through a network adapter 20. As shown, the network adapter 20 communicates with other modules of the electronic device 12 over the bus 18. It should be appreciated that although not shown in FIG. 7, other hardware and/or software modules may be used in connection with electronic device 12, including, but not limited to, microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing by running a program stored in the system memory 28, for example, implements a data transmission control method provided by an embodiment of the present invention, which receives user information and a data query request sent by a user, generates data request information based on the data query request, the user information, and a second asymmetric public key acquired in advance, wherein the data request information includes encrypted user information, a user information signature value, and an encrypted first symmetric key, sends the data request information to a data storage system, and receives encrypted data information generated by the data storage system based on the data request information, wherein the encrypted data information includes encrypted target data, a data signature value, and an encrypted second symmetric key, obtains target data based on the first asymmetric private key generated in advance and the encrypted data information, and displays the target data to the user.
The embodiment of the invention provides a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the program is executed by a processor to realize the data transmission control method provided by all the embodiments of the invention, wherein the data transmission control method comprises the steps of receiving user information and a data query request sent by a user, generating data request information based on the data query request, the user information and a pre-acquired second asymmetric public key, wherein the data request information comprises encrypted user information, a user information signature value and an encrypted first symmetric key, sending the data request information to a data storage system, receiving encrypted data information generated by the data storage system based on the data request information, wherein the encrypted data information comprises encrypted target data, a data signature value and an encrypted second symmetric key, obtaining target data based on the pre-generated first asymmetric private key and the encrypted data information, and displaying the target data to the user. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic device, apparatus, or device of electronic, magnetic, optical, electromagnetic, infrared, or semiconductor, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution electronic device, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution electronic device, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (6)

1.一种数据传输控制方法,其特征在于,应用于数据请求系统,所述方法包括:1. A data transmission control method, characterized in that it is applied to a data request system, the method comprising: 接收用户发送的用户信息和数据查询请求;Receive user information and data query requests sent by users; 基于所述数据查询请求、所述用户信息和预先获取到的第二非对称公钥生成数据请求信息;其中,所述数据请求信息包括加密用户信息、用户信息签名值和加密第一对称密钥;包括:响应于所述数据查询请求生成第一对称密钥,并根据所述第一对称密钥对所述用户信息进行加密,得到所述加密用户信息;对所述加密用户信息进行单向加密计算,得到所述用户信息签名值;根据预先获取到的第二非对称公钥对所述第一对称密钥进行加密,得到所述加密第一对称密钥;其中,所述第二非对称公钥是数据存储系统根据预先设定的第二非对称加密算法生成并发送给所述数据请求系统的;将所述数据请求信息发送给数据存储系统,并接收所述数据存储系统基于所述数据请求信息生成的加密数据信息;其中,所述加密数据信息包括加密目标数据、数据签名值和加密第二对称密钥;所述数据签名值是所述数据存储系统对加密目标数据进行单向加密计算得到的;Generate data request information based on the data query request, the user information and the pre-acquired second asymmetric public key; wherein the data request information includes encrypted user information, a user information signature value and an encrypted first symmetric key; including: generating a first symmetric key in response to the data query request, and encrypting the user information according to the first symmetric key to obtain the encrypted user information; performing a one-way encryption calculation on the encrypted user information to obtain the user information signature value; encrypting the first symmetric key according to the pre-acquired second asymmetric public key to obtain the encrypted first symmetric key; wherein the second asymmetric public key is generated by the data storage system according to a pre-set second asymmetric encryption algorithm and sent to the data request system; sending the data request information to the data storage system, and receiving the encrypted data information generated by the data storage system based on the data request information; wherein the encrypted data information includes encrypted target data, a data signature value and an encrypted second symmetric key; the data signature value is obtained by the data storage system performing a one-way encryption calculation on the encrypted target data; 基于预先生成的第一非对称私钥和所述加密数据信息得到目标数据,包括:对所述数据签名值进行单向加密计算,得到所述数据签名值的数据验证签名值;对所述数据签名值和所述数据验证签名值进行匹配,得到数据信息匹配结果;当所述数据信息匹配结果为匹配通过时,根据所述第一非对称私钥对所述加密第二对称密钥进行解密,得到所述第二对称密钥;基于所述第二对称密钥对所述加密目标数据进行解密,得到所述目标数据;所述第一非对称私钥是所述数据请求系统根据预先设定的第一非对称加密算法生成的;Obtaining target data based on the pre-generated first asymmetric private key and the encrypted data information, including: performing one-way encryption calculation on the data signature value to obtain a data verification signature value of the data signature value; matching the data signature value with the data verification signature value to obtain a data information matching result; when the data information matching result is a match passed, decrypting the encrypted second symmetric key according to the first asymmetric private key to obtain the second symmetric key; decrypting the encrypted target data based on the second symmetric key to obtain the target data; the first asymmetric private key is generated by the data request system according to a pre-set first asymmetric encryption algorithm; 并将所述目标数据展示给所述用户。And display the target data to the user. 2.根据权利要求1所述的方法,其特征在于,在接收用户发送的用户信息和数据查询请求之前,所述方法还包括:2. The method according to claim 1, characterized in that before receiving the user information and data query request sent by the user, the method further comprises: 根据预先设定的第一非对称加密算法生成第一非对称公钥和所述第一非对称私钥,并将所述第一非对称公钥发送给所述数据存储系统;Generate a first asymmetric public key and the first asymmetric private key according to a preset first asymmetric encryption algorithm, and send the first asymmetric public key to the data storage system; 获取所述数据存储系统发送的所述第二非对称公钥。Acquire the second asymmetric public key sent by the data storage system. 3.一种数据传输控制方法,其特征在于,应用于数据存储系统,所述方法包括:3. A data transmission control method, characterized in that it is applied to a data storage system, the method comprising: 接收数据请求系统发送的数据请求信息;其中,所述数据请求信息包括加密用户信息、用户信息签名值和加密第一对称密钥;Receiving data request information sent by a data request system; wherein the data request information includes encrypted user information, a user information signature value and an encrypted first symmetric key; 基于预先生成的第二非对称私钥和所述数据请求信息确定用户信息;其中,所述用户信息是解密后的所述加密用户信息;包括:对所述用户信息签名值进行单向加密计算,得到所述用户信息签名值的用户验证签名值;对所述用户信息签名值和所述用户验证签名值进行匹配,得到用户信息匹配结果,当所述用户信息匹配结果为匹配通过时,根据所述第二非对称私钥对所述加密第一对称密钥进行解密,得到第一对称密钥;基于所述第一对称密钥对所述加密用户信息进行解密,得到所述用户信息;所述第二非对称私钥是所述数据存储系统使用第二非对称加密算法生成的;在预先确定的用于存储非公开数据的数据库中确定与所述用户信息对应的目标数据;Determine the user information based on the pre-generated second asymmetric private key and the data request information; wherein the user information is the encrypted user information after decryption; including: performing a one-way encryption calculation on the user information signature value to obtain a user verification signature value of the user information signature value; matching the user information signature value and the user verification signature value to obtain a user information matching result, and when the user information matching result is a match passed, decrypt the encrypted first symmetric key according to the second asymmetric private key to obtain a first symmetric key; decrypt the encrypted user information based on the first symmetric key to obtain the user information; the second asymmetric private key is generated by the data storage system using a second asymmetric encryption algorithm; determine the target data corresponding to the user information in a predetermined database for storing non-public data; 基于预先获取到的第一非对称公钥和所述目标数据生成加密数据信息,包括:生成第二对称密钥,并根据所述第二对称密钥对所述目标数据进行加密,得到加密目标数据;对所述加密目标数据进行单向加密计算,得到数据签名值;根据所述第一非对称公钥对所述第二对称密钥进行加密,得到所述加密第二对称密钥;所述第一非对称公钥是所述数据请求系统根据第一非对称加密算法生成的;Generate encrypted data information based on the pre-acquired first asymmetric public key and the target data, including: generate a second symmetric key, and encrypt the target data according to the second symmetric key to obtain encrypted target data; perform one-way encryption calculation on the encrypted target data to obtain a data signature value; encrypt the second symmetric key according to the first asymmetric public key to obtain the encrypted second symmetric key; the first asymmetric public key is generated by the data request system according to the first asymmetric encryption algorithm; 并将所述加密数据信息发送给所述数据请求系统;其中,所述加密数据信息包括加密目标数据、数据签名值和加密第二对称密钥。And send the encrypted data information to the data request system; wherein the encrypted data information includes encrypted target data, a data signature value and an encrypted second symmetric key. 4.一种计算机程序产品,包括计算机程序,其特征在于,所述计算机程序在被处理器执行时实现根据权利要求1-3中任一项所述的一种数据传输控制方法。4. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, it implements a data transmission control method according to any one of claims 1 to 3. 5.一种电子设备,所述电子设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现如权利要求1至3中任一所述的一种数据传输控制方法。5. An electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, a data transmission control method as described in any one of claims 1 to 3 is implemented. 6.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现如权利要求1至3中任一所述的一种数据传输控制方法。6. A computer-readable storage medium having a computer program stored thereon, wherein when the program is executed by a processor, the data transmission control method according to any one of claims 1 to 3 is implemented.
CN202510686200.5A 2025-05-27 2025-05-27 A data transmission control method, device, program product and storage medium Active CN120200859B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510686200.5A CN120200859B (en) 2025-05-27 2025-05-27 A data transmission control method, device, program product and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510686200.5A CN120200859B (en) 2025-05-27 2025-05-27 A data transmission control method, device, program product and storage medium

Publications (2)

Publication Number Publication Date
CN120200859A CN120200859A (en) 2025-06-24
CN120200859B true CN120200859B (en) 2025-07-22

Family

ID=96065303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510686200.5A Active CN120200859B (en) 2025-05-27 2025-05-27 A data transmission control method, device, program product and storage medium

Country Status (1)

Country Link
CN (1) CN120200859B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726597A (en) * 2022-03-25 2022-07-08 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium
CN118573666A (en) * 2024-04-23 2024-08-30 深圳市绿联科技股份有限公司 Communication method and device based on http protocol, storage medium and electronic equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040369B (en) * 2016-10-26 2020-02-11 阿里巴巴集团控股有限公司 Data transmission method, device and system
TWI677805B (en) * 2018-04-24 2019-11-21 大陸商物聯智慧科技(深圳)有限公司 Data encryption and decryption method and system and apparatus terminal and data encryption and decryption method thereof
CN115348077B (en) * 2022-08-12 2025-05-16 济南浪潮数据技术有限公司 A virtual machine encryption method, device, equipment, and storage medium
CN116961973A (en) * 2022-11-23 2023-10-27 腾讯科技(深圳)有限公司 Data transmission methods, devices, electronic equipment and computer-readable storage media
CN119094126A (en) * 2024-09-30 2024-12-06 南京北路智控科技股份有限公司 Double encrypted data processing method, device, equipment, medium and product

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726597A (en) * 2022-03-25 2022-07-08 华润数字科技(深圳)有限公司 Data transmission method, device, system and storage medium
CN118573666A (en) * 2024-04-23 2024-08-30 深圳市绿联科技股份有限公司 Communication method and device based on http protocol, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN120200859A (en) 2025-06-24

Similar Documents

Publication Publication Date Title
CN108076057B (en) Data security system and method based on block chain
US11411742B2 (en) Private set calculation using private intersection and calculation, and applications thereof
CN114024710A (en) Data transmission method, device, system and equipment
US11258617B1 (en) Device identity using key agreement
US20110099367A1 (en) Key certification in one round trip
TW201540040A (en) Authorization method, method and device for requesting authorization
CN113610526A (en) Data trust method and device, electronic equipment and storage medium
US12200118B1 (en) Application programming interface to generate data key pairs
US11436351B1 (en) Homomorphic encryption of secure data
CN114095165B (en) Key updating method, server device, client device and storage medium
US10462113B1 (en) Systems and methods for securing push authentications
CN112307515A (en) Database-based data processing method and device, electronic equipment and medium
CN116346822A (en) Data sharing method, device and storage medium
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN110659522A (en) Storage medium security authentication method and device, computer equipment and storage medium
CN111415155B (en) Encryption method, device, equipment and storage medium for falling-chain transaction data
CN111817856B (en) Identity authentication method and system based on zero-knowledge proof and password technology
CN118764383A (en) A method, system, device and medium for upgrading automotive embedded software based on dynamic key generation and encryption stream
CN118445855A (en) Private data processing method, device, equipment and medium based on blockchain
CN120200859B (en) A data transmission control method, device, program product and storage medium
CN111832046B (en) Trusted data certification method based on blockchain technology
US12095909B1 (en) Data integrity checks for reencryptions
US11626985B1 (en) Data reencryption techniques
CN115329359A (en) Secret query method and system
CN114386073A (en) Method, apparatus, electronic device, and storage medium for creating a security certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant