Nothing Special   »   [go: up one dir, main page]

WO2020237868A1 - Data transmission method, electronic device, server and storage medium - Google Patents

Data transmission method, electronic device, server and storage medium Download PDF

Info

Publication number
WO2020237868A1
WO2020237868A1 PCT/CN2019/102865 CN2019102865W WO2020237868A1 WO 2020237868 A1 WO2020237868 A1 WO 2020237868A1 CN 2019102865 W CN2019102865 W CN 2019102865W WO 2020237868 A1 WO2020237868 A1 WO 2020237868A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
server
electronic device
ciphertext
data
Prior art date
Application number
PCT/CN2019/102865
Other languages
French (fr)
Chinese (zh)
Inventor
赵勇
庄光雄
及晨光
李耀星
邹宗慧
李恒
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020237868A1 publication Critical patent/WO2020237868A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • This application relates to the field of data processing technology, and in particular to a data transmission method, electronic equipment and storage medium.
  • HyperText Transfer Protocol HTTP
  • HyperText Transfer Protocol over Secure Socket Layer, HTTPS
  • HTTPS HyperText Transfer Protocol
  • None of the above methods can effectively guarantee the security of data transmission.
  • data is transmitted directly in plain text without taking relevant protective measures, resulting in data being easily attacked by hackers during transmission. Give way.
  • the fingerprint of the device determine whether there is a communication record with the electronic device
  • the second ciphertext is fed back to the electronic device.
  • a data transmission device that runs on an electronic device, the electronic device communicates with a server, and the device includes:
  • the determining unit is configured to determine whether there is a communication record with the server according to the data transmission instruction when a data transmission instruction is received;
  • An acquiring unit configured to acquire the device fingerprint of the electronic device when there is no communication record with the server
  • a generating unit configured to randomly extract at least one character in the device fingerprint to generate a first key
  • the acquiring unit is further configured to acquire the first data to be transmitted according to the data transmission instruction;
  • An encryption unit configured to use an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain a first ciphertext
  • a sending unit configured to send the first ciphertext to the server
  • the decryption unit is configured to, when receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain second data to be transmitted.
  • a data transmission system runs on a server, the server communicates with electronic equipment, and the system includes:
  • An obtaining module configured to obtain the device fingerprint of the electronic device from the request header of the first ciphertext when the first ciphertext sent by the electronic device is received;
  • the determining module is configured to determine whether there is a communication record with the electronic device according to the device fingerprint
  • a generating module used to randomly extract at least one character in the fingerprint of the device when there is no communication record with the electronic device to generate a first key
  • a decryption module configured to decrypt the first ciphertext with the first key to obtain the first data to be transmitted
  • the acquiring module is further configured to perform retrieval based on the first data to be transmitted to obtain second data to be transmitted;
  • the generating module is also used to randomly determine any character string and generate the first temporary key
  • An encryption module configured to use an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext
  • the feedback module is used to feed back the second ciphertext to the electronic device.
  • An electronic device which includes:
  • the memory stores at least one computer readable instruction
  • the processor executes the at least one computer-readable instruction to implement the data transmission method.
  • a server includes:
  • Storage device storing at least one computer readable instruction
  • the processing device executes the at least one computer-readable instruction to implement the data transmission method.
  • a non-volatile readable storage medium stores at least one instruction, and the at least one instruction is executed by a processor in an electronic device to implement the data transmission method.
  • a non-volatile readable storage medium stores at least one instruction, and the at least one instruction is executed by a processing device in a server to implement the data transmission method.
  • this application can determine whether there is a communication record with the server according to the received data transmission instruction.
  • the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted
  • the first data to be transmitted according to the data transmission instruction adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key
  • Obtain the first ciphertext thereby increasing the complexity of data encryption
  • send the first ciphertext to the server and when the second ciphertext fed back by the server is received, decrypt it with the first key
  • the second ciphertext obtains the second data to be transmitted, so as to realize the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, the data is effectively prevented from being tampered with in the transmission process, and the data transmission is further improved Security.
  • Fig. 1 is an application environment diagram of a preferred embodiment of the data transmission method of the present application.
  • Fig. 2 is a flowchart of a preferred embodiment of the data transmission method of the present application applied to an electronic device.
  • Fig. 3 is a flowchart of a preferred embodiment of the data transmission method of the present application applied to a server.
  • Fig. 4 is a functional module diagram of an electronic device of a preferred embodiment of the data transmission device of the present application.
  • Fig. 5 is a functional module diagram of a server in a preferred embodiment of the data transmission system of the present application.
  • FIG. 6 is a schematic structural diagram of an electronic device implementing a preferred embodiment of the data transmission method according to the present application.
  • FIG. 7 is a schematic structural diagram of a server in a preferred embodiment of the data transmission method according to the present application.
  • the application environment diagram includes the electronic device 1 and the server 2.
  • the electronic device 1 communicates with the server 2.
  • the electronic device 1 is used to generate the first ciphertext.
  • the server 2 is configured to obtain second data to be transmitted according to the first ciphertext, generate a second ciphertext according to the second data to be transmitted, and feed back the second ciphertext to the electronic device 1.
  • the data transmission method of the present application is applied to one or more electronic devices 1 and one or more servers 2.
  • the electronic device 1 and the server 2 are a type that can be automatically set or stored in accordance with pre-set or stored instructions.
  • the electronic device 1 and the server 2 can be any electronic products that can interact with users with humans, such as personal computers, tablet computers, smart phones, personal digital assistants (PDAs), and game consoles. , Interactive Network Television (Internet Protocol Television, IPTV), smart wearable devices, etc.
  • the electronic device 1 and the server 2 may also include network devices and/or user equipment.
  • the network device includes, but is not limited to, a single network server, a server group composed of multiple network servers, or a cloud composed of a large number of hosts or network servers based on Cloud Computing.
  • the network where the electronic device 1 and the server 2 are located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
  • VPN Virtual Private Network
  • FIG. 2 it is a flowchart of a preferred embodiment of the data transmission method of the present application applied to an electronic device. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • the electronic device 1 determines to receive the data transmission instruction.
  • the preset service refers to a service that needs to obtain data from the server 2, such as a search service, a login service, and the like.
  • determining whether the electronic device 1 has a communication record with the server 2 according to the data transmission instruction includes:
  • the electronic device 1 obtains the application program corresponding to the data transmission instruction, further determines the storage directory of the application program, and detects whether the temporary key generated by the server 2 exists in the storage directory.
  • the electronic device 1 determines that there is a communication record with the server 2, or when the server 2 does not exist in the storage directory.
  • the electronic device 1 determines that there is no communication record with the server.
  • the electronic device 1 will respond differently to whether the electronic device 1 and the server 2 have a communication record, which will be described in detail later.
  • S11 Acquire the device fingerprint of the electronic device 1 when there is no communication record with the server.
  • the device fingerprint refers to a device feature or a unique device identifier that can be used to uniquely identify the electronic device 1.
  • the device fingerprint includes some unique device identifications that are inherently difficult to tamper with.
  • generating the device fingerprint by the electronic device 1 includes:
  • the electronic device 1 obtains the device information of the electronic device 1 and generates the device fingerprint according to the device information.
  • the device information includes, but is not limited to one or a combination of the following:
  • the serial number of the electronic device 1 The serial number of the electronic device 1, the SIM (Subscriber Identification Module) card number of the electronic device 1, the manufacturer code of the electronic device 1, the model of the electronic device 1, and the electronic device 1 Hardware identification code, etc.
  • the electronic device 1 generates a device fingerprint that can uniquely identify the electronic device 1, and the device fingerprint may consist of a string of characters.
  • the device fingerprint can consist of 32-bit numbers/letters.
  • S12 Randomly extract at least one character in the device fingerprint to generate a first key.
  • the first key is used to encrypt data to be transmitted by the electronic device 1.
  • the randomly extracting at least one character in the device fingerprint to generate the first key includes:
  • the electronic device 1 performs a remainder operation on the at least one character to obtain a first numerical value, and performs a logical operation on the first numerical value relative to the configuration numerical value to generate a first character string. Accumulate to obtain a second value, perform a remainder operation on the second value to obtain a third value, and perform a binary conversion on the third value to generate a second character string, and concatenate the first character string and the The second character string is used to obtain the first key.
  • the electronic device 1 performs an ASCII code-based operation on the at least one character to obtain 30 digits/letters, and performs an operation based on the obtained 30 digits/letters to generate two check digits, and then obtains a A 32-bit character string, and the obtained 32-bit character string is used as the first key.
  • the electronic device 1 randomly extracts at least one character in the device fingerprint to generate the first key, which can prevent the first key from being cracked due to the certainty of the device fingerprint
  • the electronic device 1 randomly extracting at least one character in the device fingerprint may include many possibilities, thus increasing the difficulty of cracking.
  • the electronic device 1 can obtain the user information of the user who triggered the data transmission instruction.
  • the electronic device 1 can also obtain relevant data corresponding to the preset service from the data transmission instruction, including the first data to be transmitted.
  • the electronic device 1 determines to obtain the data transmission instruction. Further, the electronic device 1 obtains the text B to be searched by the user A, and combines the The text B is determined as the first data to be transmitted.
  • the Advanced Encryption Standard is a symmetric encryption algorithm.
  • the algorithm is open and the amount of calculation is small, so the encryption speed is Faster and higher encryption efficiency.
  • the first ciphertext refers to data transmitted by the electronic device 1 to the server, so as to obtain data from the server 2 according to the first ciphertext.
  • the electronic device 1 transmits the first ciphertext containing the character B to the server 2, a search for the character B will be obtained result.
  • the server 2 is configured to receive the first ciphertext, and obtain the first data to be transmitted from the first ciphertext, and further according to the first data to be transmitted The data requested by the electronic device 1 to be returned is determined.
  • the electronic device 1 sends the first ciphertext to the server 2 to avoid data being intercepted due to plaintext transmission, which affects the security of the data during network transmission.
  • the second ciphertext is data fed back by the server 2 according to the first ciphertext.
  • the second data to be transmitted is data obtained by the electronic device 1 after decrypting the second ciphertext. After acquiring the second data to be transmitted, the electronic device 1 can complete the task of requesting data from the server 2.
  • the second ciphertext includes the search result of the character B.
  • the method further includes:
  • the electronic device 1 After decrypting the second ciphertext with the first key, the electronic device 1 obtains a first temporary key, encrypts the first temporary key, and further, the electronic device 1 determines with the The application program corresponding to the data transmission instruction saves the encrypted first temporary key in the storage directory of the application program.
  • the first temporary key is a string of random data.
  • the first temporary key may be a string of 16-bit random numbers/letters.
  • any encryption algorithm to encrypt the first temporary key can realize the encrypted storage of the first temporary key and ensure the security of the first temporary key.
  • the electronic device 1 encrypts and saves the first temporary key to the storage directory of the application program, so that it can be directly adjusted from the storage directory of the application program during subsequent data transmission.
  • the first temporary key is synchronized with the application program.
  • the first temporary key will also be deleted, which further improves security.
  • the method when there is a communication record with the server 2, the method further includes:
  • the electronic device 1 obtains the device fingerprint, randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key, and obtains the first key according to the data transmission instruction. For the data to be transmitted, further, the electronic device 1 uses advanced encryption standards to encrypt the first data to be transmitted with the second key to obtain a third ciphertext, and send the third ciphertext To the server 2.
  • the electronic device 1 when the electronic device 1 has a communication record with the server 2, the electronic device 1 generates the second key simultaneously based on the device fingerprint and the first temporary key, Further improve the security of data transmission.
  • this application can determine whether there is a communication record with the server according to the received data transmission instruction.
  • the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted
  • the first data to be transmitted according to the data transmission instruction adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key
  • Obtain the first ciphertext thereby increasing the complexity of data encryption
  • send the first ciphertext to the server and when the second ciphertext fed back by the server is received, decrypt it with the first key
  • the second ciphertext obtains the second data to be transmitted, thereby realizing the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, it effectively prevents the data from being tampered with during the transmission process, and further improves the data transmission Security.
  • FIG. 3 it is a flowchart of a preferred embodiment of the data transmission method of the present application applied to the server 2. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
  • the electronic device 1 when the electronic device 1 sends the first ciphertext to the server 2, it uses the device fingerprint as a request header, carries the first ciphertext, and sends it to the server 2. 2 Send a data request.
  • S21 Determine whether there is a communication record with the electronic device 1 according to the device fingerprint.
  • the server 2 after the server 2 has a communication record with the electronic device 1, the related information is recorded as a proof of communication, which will be described in detail later.
  • the method of generating the first key according to the device fingerprint is the same as the method of generating the first key by the electronic device 1 in the foregoing, which is not repeated in this application.
  • S23 Decrypt the first ciphertext with the first key to obtain first data to be transmitted.
  • the server 2 when the encryption method of the first key and the first ciphertext are the same, the server 2 can successfully decrypt the first ciphertext to obtain the first ciphertext. Data to be transmitted.
  • the server 2 When the encryption method of the first key and the first ciphertext are inconsistent, the server 2 will not be able to decrypt the first ciphertext, and thus cannot obtain the first ciphertext from the first ciphertext. A data to be transmitted.
  • S24 retrieve according to the first data to be transmitted to obtain second data to be transmitted.
  • the server 2 can determine the data that the electronic device 1 wants to acquire.
  • the server determines that the electronic device 1 needs to obtain the search result of the character B, and further, the server 2 searches for the character B The result is determined to be the second data to be transmitted.
  • the first temporary key is a string of random data.
  • the first temporary key may be a string of 16-bit random numbers/letters.
  • the method further includes:
  • the server 2 records the corresponding relationship between the first temporary key and the device fingerprint. Further, the server 2 saves the corresponding relationship in a pre-configured device list, where the device list is used for Store all terminal devices that have communication records with the server 2.
  • the server 2 can record the corresponding relationship in the device list, so that it is convenient to subsequently determine whether the electronic device 1 and the server 2 have communicated with the device list.
  • the determining whether there is a communication record with the electronic device 1 according to the device fingerprint includes:
  • the server 2 matches the device fingerprint with the device list, and when the device fingerprint exists in the device list, it determines that there is a communication record with the electronic device; or when all the device fingerprints do not exist in the device list. When the device fingerprints, it is determined that there is no communication record with the electronic device.
  • the generation of the second ciphertext is also combined with the first temporary key, which increases the complexity of data encryption. Due to the randomness of the first temporary key, the The cracking of the second ciphertext is more difficult to ensure that the security of the second ciphertext is higher.
  • the second ciphertext includes the content requested by the electronic device 1.
  • the method when there is a communication record with the electronic device 1, the method further includes:
  • the server 2 obtains the first temporary key corresponding to the device fingerprint from the device list, and randomly extracts at least one character from the device fingerprint and the first temporary key to generate the first temporary key Two keys, further, the server 2 uses advanced encryption standards to encrypt the second data to be transmitted with the second key to obtain a fourth ciphertext, and feeds back the fourth ciphertext to the ⁇ 1 ⁇ ⁇ 1.
  • the server 2 directly uses the stored first temporary key to generate the second key.
  • the method further includes:
  • the first temporary key is regenerated and saved.
  • the configuration service may include, but is not limited to: user login service, etc.
  • the first temporary key is regenerated and saved.
  • the method further includes:
  • the server 2 When it is detected that the decryption cannot be performed with the second key, the server 2 obtains the number of decryption failures within a preset time, and when the number is greater than or equal to a preset value, the electronic device 1 is locked.
  • the preset value can be customized, which is not limited in this application.
  • the second key cannot be used for decryption, it means that the electronic device 1 does not store the first temporary key. Therefore, since the data transmission between the server 2 and the electronic device 1 mainly depends on The first temporary key indicates that the electronic device 1 is likely to be in an abnormal situation of maliciously stealing information.
  • the server 2 When the electronic device 1 is locked, the server 2 will no longer accept the request data of the electronic device 1.
  • the server can also be configured to reject all requests of the electronic device within the configured time, and this application is not limited.
  • the data transmission device 11 includes a determination unit 100, an acquisition unit 101, a generation unit 102, an encryption unit 103, a transmission unit 104, a decryption unit 105, and a storage unit 106.
  • the unit referred to in this application refers to a series of computer-readable instruction segments that can be executed by the processor 13 and can complete fixed functions, and are stored in the memory 12. In this embodiment, the function of each unit will be described in detail in subsequent embodiments.
  • the determining unit 100 determines whether there is a communication record with the server 2 according to the data transmission instruction.
  • the determining unit 100 determines that the data transmission instruction is received.
  • the preset service refers to a service that needs to obtain data from the server 2, such as a search service, a login service, and the like.
  • the determining unit 100 determining whether there is a communication record with the server 2 according to the data transmission instruction includes:
  • the determining unit 100 obtains the application program corresponding to the data transmission instruction, further determines the storage directory of the application program, and detects whether the temporary key generated by the server exists in the storage directory.
  • the determining unit 100 determines that there is a communication record with the server 2, or when the server 2 does not exist in the storage directory.
  • the determining unit 100 determines that there is no communication record with the server.
  • the data transmission device 11 will respond differently as to whether there is a communication record between the data transmission device 11 and the server 2, which will be described in detail later.
  • the acquiring unit 101 acquires the device fingerprint of the electronic device 1.
  • the device fingerprint refers to a device feature or a unique device identifier that can be used to uniquely identify the electronic device 1.
  • the device fingerprint includes some unique device identifications that are inherently difficult to tamper with.
  • generating the device fingerprint by the acquiring unit 101 includes:
  • the acquiring unit 101 acquires the device information of the electronic device 1, and generates the device fingerprint according to the device information.
  • the device information includes, but is not limited to one or a combination of the following:
  • the serial number of the electronic device 1 The serial number of the electronic device 1, the SIM (Subscriber Identification Module) card number of the electronic device 1, the manufacturer code of the electronic device 1, the model of the electronic device 1, and the electronic device 1 Hardware identification code, etc.
  • the acquiring unit 101 generates a device fingerprint that can uniquely identify the electronic device 1, and the device fingerprint may be composed of a string of characters.
  • the device fingerprint can consist of 32-bit numbers/letters.
  • the generating unit 102 randomly extracts at least one character in the device fingerprint to generate a first key.
  • the first key is used to encrypt data to be transmitted by the electronic device 1.
  • the generating unit 102 randomly extracting at least one character in the device fingerprint to generate the first key includes:
  • the generating unit 102 performs a remainder operation on the at least one character to obtain a first numerical value, and performs a logical operation on the first numerical value relative to the configuration numerical value to generate a first character string. Accumulate to obtain a second value, perform a remainder operation on the second value to obtain a third value, and perform a binary conversion on the third value to generate a second character string, and concatenate the first character string and the The second character string is used to obtain the first key.
  • the generating unit 102 performs an ASCII code-based operation on the at least one character to obtain 30 digits/letters, and performs an operation based on the obtained 30 digits/letters to generate two check digits, thereby obtaining a A 32-bit character string, and the obtained 32-bit character string is used as the first key.
  • At least one character in the device fingerprint is randomly extracted to generate the first key, which can avoid the situation that the first key is cracked due to the certainty of the device fingerprint, and randomly extract At least one character in the device fingerprint can include many possibilities, thus increasing the difficulty of cracking.
  • the acquiring unit 101 acquires the first data to be transmitted according to the data transmission instruction.
  • the acquisition unit 101 can acquire the user information of the user who triggered the data transmission instruction.
  • the acquiring unit 101 can also acquire related data corresponding to the preset service from the data transmission instruction, including the first data to be transmitted.
  • the acquiring unit 101 determines that the data transmission instruction is acquired. Further, the acquiring unit 101 acquires the text B to be searched by the user A, and combines the The text B is determined as the first data to be transmitted.
  • the encryption unit 103 adopts an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext.
  • the Advanced Encryption Standard is a symmetric encryption algorithm.
  • the algorithm is open and the amount of calculation is small, so the encryption speed is Faster and higher encryption efficiency.
  • the first ciphertext refers to data transmitted to the server by the encryption unit 103, so as to obtain data from the server 2 according to the first ciphertext.
  • the encryption unit 103 transmits the first ciphertext containing the character B to the server 2 to obtain a search for the character B result.
  • the sending unit 104 sends the first ciphertext to the server 2.
  • the server 2 is configured to receive the first ciphertext, and obtain the first data to be transmitted from the first ciphertext, and further according to the first data to be transmitted The data requested by the electronic device 1 to be returned is determined.
  • the sending unit 104 sends the first ciphertext to the server 2 to avoid data interception due to plaintext transmission, which affects the security of the data during network transmission.
  • the decryption unit 105 When receiving the second ciphertext fed back by the server, the decryption unit 105 decrypts the second ciphertext with the first key to obtain the second data to be transmitted.
  • the second ciphertext is data fed back by the server 2 according to the first ciphertext.
  • the second data to be transmitted is the data obtained after the decryption unit 105 decrypts the second ciphertext. After obtaining the second data to be transmitted, the decryption unit 105 can complete the task of requesting data from the server 2.
  • the second ciphertext includes the search result of the character B.
  • the method further includes:
  • the decryption unit 105 obtains a first temporary key after decrypting the second ciphertext with the first key, the encryption unit 103 encrypts the first temporary key, and further, the determining unit 100 determines the application program corresponding to the data transmission instruction, and the saving unit 106 saves the encrypted first temporary key in the storage directory of the application program.
  • the first temporary key is a string of random data.
  • the first temporary key may be a string of 16-bit random numbers/letters.
  • any encryption algorithm to encrypt the first temporary key can realize the encrypted storage of the first temporary key and ensure the security of the first temporary key.
  • the first temporary key is encrypted and stored in the storage directory of the application program, so that when subsequent data transmission is performed, it can be directly retrieved from the storage directory of the application program, and all The first temporary key is synchronized with the application program.
  • the first temporary key will also be deleted, which further improves security.
  • the method when there is a communication record with the server 2, the method further includes:
  • the acquiring unit 101 acquires the device fingerprint, the generating unit 102 randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key, and the acquiring unit 101 according to The data transmission instruction acquires the first data to be transmitted, and further, the encryption unit 103 adopts an advanced encryption standard to encrypt the first data to be transmitted with the second key to obtain a third ciphertext , The sending unit 104 sends the third ciphertext to the server 2.
  • the generating unit 102 when there is a communication record with the server 2, the generating unit 102 generates the second key simultaneously based on the device fingerprint and the first temporary key, which further improves the data transmission Security.
  • this application can determine whether there is a communication record with the server according to the received data transmission instruction.
  • the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted
  • the first data to be transmitted according to the data transmission instruction adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key
  • Obtain the first ciphertext thereby increasing the complexity of data encryption
  • send the first ciphertext to the server and when the second ciphertext fed back by the server is received, decrypt it with the first key
  • the second ciphertext obtains the second data to be transmitted, thereby realizing the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, it effectively prevents the data from being tampered with during the transmission process, and further improves the data transmission Security.
  • the data transmission system 21 includes an acquisition module 200, a determination module 201, a generation module 202, a decryption module 203, an encryption module 204, a feedback module 205, a recording module 206, a storage module 207, and a locking module 208.
  • the module referred to in this application refers to a series of computer-readable instruction segments that can be executed by the processing device 23 and can complete fixed functions, and are stored in the storage device 22. In this embodiment, the function of each module will be described in detail in subsequent embodiments.
  • the acquiring module 200 obtains the device fingerprint of the electronic device 1 from the request header of the first ciphertext.
  • the electronic device 1 when the electronic device 1 sends the first ciphertext to the acquisition module 200, it uses the device fingerprint as a request header and carries the first ciphertext to The acquiring module 200 sends a data request.
  • the determining module 201 determines whether there is a communication record with the electronic device 1.
  • the server 2 after the server 2 has a communication record with the electronic device 1, the related information is recorded as a proof of communication, which will be described in detail later.
  • the generating module 202 randomly extracts at least one character in the fingerprint of the device to generate the first key.
  • the method of generating the first key according to the device fingerprint is the same as the method of generating the first key by the electronic device 1 in the foregoing, which is not repeated in this application.
  • the decryption module 203 decrypts the first ciphertext with the first key to obtain the first data to be transmitted.
  • the decryption module 203 can successfully decrypt the first ciphertext to obtain the first ciphertext. A data to be transmitted.
  • the decryption module 203 When the encryption method of the first key is inconsistent with the first ciphertext, the decryption module 203 will not be able to decrypt the first ciphertext, and therefore cannot obtain the first ciphertext from the The first data to be transmitted.
  • the acquisition module 200 searches according to the first data to be transmitted, and obtains the second data to be transmitted.
  • the acquisition module 200 can determine the data that the electronic device 1 wants to acquire.
  • the obtaining module 200 determines that the electronic device 1 needs to obtain the search result of the character B, and further, the obtaining module 200 converts the character
  • the search result of B is determined to be the second data to be transmitted.
  • the generating module 202 randomly determines any character string and generates a first temporary key.
  • the first temporary key is a string of random data.
  • the first temporary key may be a string of 16-bit random numbers/letters.
  • the recording module 206 after randomly determining any character string and generating the first temporary key, the recording module 206 records the correspondence between the first temporary key and the fingerprint of the device, and further, the storage module 207 saves the corresponding relationship in a pre-configured device list, where the device list is used to store all terminal devices that have communication records with the server 2.
  • the corresponding relationship can be recorded in the device list, which facilitates subsequent determination of whether the electronic device 1 and the server 2 have communicated with the device list.
  • the determining module 201 determining whether there is a communication record with the electronic device 1 according to the device fingerprint includes:
  • the determining module 201 matches the device fingerprint with the device list, and when the device fingerprint exists in the device list, it determines that there is a communication record with the electronic device; or when the device fingerprint does not exist in the device list When the device fingerprints, it is determined that there is no communication record with the electronic device.
  • the encryption module 204 adopts an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext.
  • the generation of the second ciphertext is also combined with the first temporary key, which increases the complexity of data encryption. Due to the randomness of the first temporary key, the The cracking of the second ciphertext is more difficult to ensure that the security of the second ciphertext is higher.
  • the feedback module 205 feeds back the second ciphertext to the electronic device.
  • the second ciphertext includes the content requested by the electronic device 1.
  • the acquisition module 200 acquires the first temporary key corresponding to the device fingerprint from the device list, so The generating module 202 randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key. Further, the encryption module 204 uses advanced encryption standards to use the second key The second data to be transmitted is encrypted to obtain a fourth ciphertext, and the feedback module 205 feeds back the fourth ciphertext to the electronic device 1.
  • the stored first temporary key is directly used to generate the second key.
  • the saving module 207 regenerates and saves the first temporary key. Temporary key.
  • the configuration service may include, but is not limited to: user login service, etc.
  • the first temporary key is regenerated and saved.
  • the obtaining module 200 when it is detected that decryption with the second key cannot be performed, the obtaining module 200 obtains the number of decryption failures within a preset time, and when the number of times is greater than or equal to a preset value , The locking module 208 locks the electronic device 1.
  • the preset value can be customized, which is not limited in this application.
  • the second key cannot be used for decryption, it means that the electronic device 1 does not store the first temporary key. Therefore, since the data transmission between the server 2 and the electronic device 1 mainly depends on The first temporary key indicates that the electronic device 1 is likely to be in an abnormal situation of maliciously stealing information.
  • the server 2 When the electronic device 1 is locked, the server 2 will no longer accept the request data of the electronic device 1.
  • the server can also be configured to reject all requests of the electronic device within the configured time, and this application is not limited.
  • FIG. 6 it is a schematic structural diagram of an electronic device implementing a preferred embodiment of the data transmission method of the present application.
  • the electronic device 1 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC) ), programmable gate array (Field-Programmable Gate Array, FPGA), digital processor (Digital Signal Processor, DSP), embedded equipment, etc.
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • DSP Digital Signal Processor
  • embedded equipment etc.
  • the electronic device 1 can also be, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, or a smart phone. , Cloud server, personal digital assistant (PDA), game console, interactive network television (Internet Protocol Television, IPTV), smart wearable devices, etc.
  • PDA personal digital assistant
  • IPTV Internet Protocol Television
  • smart wearable devices etc.
  • the network where the electronic device 1 is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
  • the electronic device 1 includes, but is not limited to, a memory 12, a processor 13, and a computer program stored in the memory 12 and running on the processor 13, such as Data transfer program.
  • the schematic diagram is only an example of the electronic device 1 and does not constitute a limitation on the electronic device 1. It may include more or less components than those shown in the figure, or a combination of certain components, or different components. Components, for example, the electronic device 1 may also include input and output devices, network access devices, buses, and the like.
  • the processor 13 may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (ASIC), Ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc.
  • the processor 13 is the computing core and control center of the electronic device 1 and connects the entire electronic device with various interfaces and lines. Each part of 1, and executes the operating system of the electronic device 1, and various installed applications, program codes, etc.
  • the processor 13 executes the operating system of the electronic device 1 and various installed applications.
  • the processor 13 executes the application program to implement the steps in the foregoing data transmission method embodiments, such as steps S10, S11, S12, S13, S14, S15, and S16 shown in FIG. 2.
  • the processor 13 executes the computer program, the function of each module/unit in the foregoing device embodiments is realized, for example: when a data transmission instruction is received, it determines whether there is a connection with the server according to the data transmission instruction. Communication record; when there is no communication record with the server, obtain the device fingerprint of the electronic device; randomly extract at least one character in the device fingerprint to generate the first key; obtain the first key according to the data transmission instruction A data to be transmitted; using advanced encryption standards to encrypt the first data to be transmitted with the first key to obtain a first ciphertext; sending the first ciphertext to the server; when received When the second ciphertext is fed back by the server, the second ciphertext is decrypted with the first key to obtain the second data to be transmitted.
  • the computer program may be divided into one or more modules/units, and the one or more modules/units are stored in the memory 12 and executed by the processor 13 to complete this Application.
  • the one or more modules/units may be a series of computer-readable instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program in the electronic device 1.
  • the computer program may be divided into a determination unit 100, an acquisition unit 101, a generation unit 102, an encryption unit 103, a transmission unit 104, a decryption unit 105, and a storage unit 106.
  • the memory 12 may be used to store the computer program and/or module, and the processor 13 runs or executes the computer program and/or module stored in the memory 12 and calls the data stored in the memory 12, Various functions of the electronic device 1 are realized.
  • the memory 12 may mainly include a storage program area and a storage data area.
  • the storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; the storage data area may Store data (such as audio data, etc.) created based on the use of electronic devices.
  • the memory 12 may include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, a flash memory card (Flash Card), At least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, a flash memory card (Flash Card), At least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
  • the memory 12 may be an external memory and/or an internal memory of the electronic device 1. Further, the memory 12 may also be a non-volatile memory in physical form, such as a memory stick, a TF card (Trans-flash Card), and so on.
  • TF card Trans-flash Card
  • the integrated module/unit of the electronic device 1 is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a non-volatile readable storage medium.
  • this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a non-volatile readable storage medium. When the computer program is executed by the processor, it can implement the steps of the foregoing method embodiments.
  • the computer program includes computer readable instruction code
  • the computer readable instruction code may be in the form of source code, object code, executable file, or some intermediate form.
  • the non-volatile readable medium may include: any entity or device capable of carrying the computer readable instruction code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) etc.
  • FIG. 7 it is a schematic diagram of the structure of the server in the preferred embodiment of the data transmission method according to the present application.
  • the server 2 is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor and an application specific integrated circuit (ASIC) , Field-Programmable Gate Array (FPGA), Digital Processor (Digital Signal Processor, DSP), embedded equipment, etc.
  • ASIC application specific integrated circuit
  • FPGA Field-Programmable Gate Array
  • DSP Digital Processor
  • embedded equipment etc.
  • the server 2 can also be, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, a smart phone, Personal digital assistants (Personal Digital Assistant, PDA), game consoles, interactive network television (Internet Protocol Television, IPTV), smart wearable devices, etc.
  • a keyboard a mouse
  • a remote control a touch panel
  • a voice control device for example, a personal computer, a tablet computer, a smart phone, Personal digital assistants (Personal Digital Assistant, PDA), game consoles, interactive network television (Internet Protocol Television, IPTV), smart wearable devices, etc.
  • PDA Personal Digital Assistant
  • IPTV Internet Protocol Television
  • smart wearable devices etc.
  • the server 2 may also be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the network where the server 2 is located includes but is not limited to the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
  • VPN Virtual Private Network
  • the server 2 includes, but is not limited to, a storage device 22, a processing device 23, and a computer program stored in the storage device 22 and running on the processing device 23, For example, data transfer programs.
  • the schematic diagram is only an example of the server 2 and does not constitute a limitation on the server 2. It may include more or fewer components than those shown in the figure, or a combination of certain components, or different components.
  • the server 2 may also include input and output devices, network access devices, buses, and the like.
  • the processing device 23 may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (ASIC), Ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc.
  • the processing device 23 is the computing core and control center of the server 2 and connects the entire server 2 with various interfaces and lines. Each part, and executes the operating system of the server 2 and various installed applications, program codes, etc.
  • the processing device 23 executes the operating system of the server 2 and various installed applications.
  • the processing device 23 executes the application program to implement the steps in the foregoing data transmission method embodiments, such as steps S20, S21, S22, S23, S24, S25, S26, and S27 shown in FIG. 3.
  • the function of each module/unit in the foregoing device embodiments is realized, for example: when the first ciphertext sent by the electronic device is received, the The device fingerprint of the electronic device is obtained from the request header of the text; according to the device fingerprint, it is determined whether there is a communication record with the electronic device; when there is no communication record with the electronic device, the device fingerprint is randomly extracted At least one character to generate the first key; decrypt the first cipher text with the first key to obtain the first data to be transmitted; search according to the first data to be transmitted to obtain the second data to be transmitted Data; randomly determine an arbitrary character string to generate a first temporary key; use advanced encryption standards to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second secret Text; feedback the second cipher text to the electronic device.
  • the computer program may be divided into one or more modules, and the one or more modules are stored in the storage device 22 and executed by the processing device 23 to complete the application.
  • the one or more modules may be a series of computer-readable instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program in the server 2.
  • the computer program can be divided into an acquisition module 200, a determination module 201, a generation module 202, a decryption module 203, an encryption module 204, a feedback module 205, a recording module 206, a saving module 207, and a locking module 208.
  • the storage device 22 can be used to store the computer program and/or module, and the processing device 23 runs or executes the computer program and/or module stored in the storage device 22 and calls the computer program and/or module stored in the storage device 22 , Realize various functions of the server 2.
  • the storage device 22 may mainly include a storage program area and a storage data area.
  • the storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; a storage data area Data (such as audio data, etc.) created according to the use of the server can be stored.
  • the storage device 22 may include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, and a flash memory card (Flash Card). , At least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, and a flash memory card (Flash Card).
  • the storage device 22 may be an external memory and/or an internal memory of the server 2. Further, the storage device 22 may be a non-volatile memory in physical form, such as a memory stick, a TF card (Trans-flash Card), and so on.
  • TF card Trans-flash Card
  • the integrated modules/units of the server 2 are implemented in the form of software functional units and sold or used as independent products, they can be stored in a non-volatile readable storage medium. Based on this understanding, this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a non-volatile readable storage medium. When the computer program is executed by the processing device, it can implement the steps of the foregoing method embodiments.
  • the computer program includes computer readable instruction code
  • the computer readable instruction code may be in the form of source code, object code, executable file, or some intermediate form.
  • the non-volatile readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read- Only Memory) and so on.
  • the functional modules in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The present application provides a data transmission method, an electronic device, a server and a storage medium. The data transmission method comprises: determining whether there is a communication record with the server according to a received data transmission instruction; if there is no communication record with the server, obtaining a device fingerprint of the electronic device, randomly extracting at least one character in the device fingerprint to generate a first key, and obtaining first data to be transmitted according to the data transmission instruction; using advanced encryption standards to encrypt said first data with the first key to obtain a first ciphertext; sending the first ciphertext to the server; and when a second ciphertext fed back by the server is received, decrypting the second ciphertext by using the first key to obtain second data to be transmitted, thereby realizing data processing, achieving encrypted transmission of the data between the electronic device and the server, and further improving the security of data transmission due to the complexity of an encryption mode.

Description

数据传输方法、电子设备、服务器及存储介质Data transmission method, electronic equipment, server and storage medium
本申请要求于2019年05月24日提交中国专利局,申请号为201910442274.9发明名称为“数据传输方法、电子设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims to be submitted to the Chinese Patent Office on May 24, 2019. The application number is 201910442274.9. The title of the invention is "Data transmission method, electronic equipment and storage medium". in.
技术领域Technical field
本申请涉及数据处理技术领域,尤其涉及一种数据传输方法、电子设备及存储介质。This application relates to the field of data processing technology, and in particular to a data transmission method, electronic equipment and storage medium.
背景技术Background technique
目前,在网络通讯中,通常采用超文本传输协议(HyperText Transfer Protocol,HTTP)、超文本传输安全协议(Hyper Text Transfer Protocol over Secure Socket Layer,HTTPS)等对传输的数据进行保护,或者简单地对数据进行签名验证,上述方法都无法有效保证数据传输的安全性,甚至在有些网络通讯中,直接以明文进行数据传输,而不采取相关保护措施,导致数据在传输过程中很容易被黑客攻击而泄露。At present, in network communication, HyperText Transfer Protocol (HTTP), HyperText Transfer Protocol (over Secure Socket Layer, HTTPS), etc. are usually used to protect the transmitted data, or simply Signature verification of data, none of the above methods can effectively guarantee the security of data transmission. Even in some network communications, data is transmitted directly in plain text without taking relevant protective measures, resulting in data being easily attacked by hackers during transmission. Give way.
发明内容Summary of the invention
鉴于以上内容,有必要提供一种数据传输方法、电子设备、服务器及存储介质,能够实现数据在电子设备与服务器间的加密传输,且由于加密方式的复杂性,有效避免数据在传输过程中被篡改,进一步提高了数据传输的安全性。In view of the above, it is necessary to provide a data transmission method, electronic device, server and storage medium, which can realize the encrypted transmission of data between the electronic device and the server, and due to the complexity of the encryption method, it is necessary to effectively avoid the data being transmitted during transmission. Tampering further improves the security of data transmission.
一种数据传输方法,应用于电子设备,所述电子设备与服务器相通信,所述方法包括:A data transmission method applied to an electronic device, the electronic device communicating with a server, the method including:
当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器是否有通信记录;When receiving a data transmission instruction, determine whether there is a communication record with the server according to the data transmission instruction;
当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;When there is no communication record with the server, acquiring the device fingerprint of the electronic device;
随机提取所述设备指纹中的至少一位字符,以生成第一密钥;Randomly extract at least one character in the device fingerprint to generate a first key;
根据所述数据传输指令获取第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext;
将所述第一密文发送至所述服务器;Sending the first ciphertext to the server;
当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。When receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain the second data to be transmitted.
一种数据传输方法,应用于服务器,所述服务器与电子设备相通信,所述方法包括:A data transmission method applied to a server, the server communicating with an electronic device, the method including:
当接收到所述电子设备发送的第一密文时,从所述第一密文的请求头中获取所述电子设备的设备指纹;When receiving the first ciphertext sent by the electronic device, obtain the device fingerprint of the electronic device from the request header of the first ciphertext;
根据所述设备指纹,确定与所述电子设备是否有通信记录;According to the fingerprint of the device, determine whether there is a communication record with the electronic device;
当与所述电子设备没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥;When there is no communication record with the electronic device, randomly extract at least one character in the fingerprint of the device to generate a first key;
以所述第一密钥解密所述第一密文,得到第一待传输数据;Decrypt the first ciphertext with the first key to obtain the first data to be transmitted;
根据所述第一待传输数据进行检索,得到第二待传输数据;Searching according to the first data to be transmitted to obtain the second data to be transmitted;
随机确定任意字符串,生成第一临时密钥;Randomly determine any character string and generate the first temporary key;
采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待 传输数据进行加密,得到第二密文;Using an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext;
将所述第二密文反馈至所述电子设备。The second ciphertext is fed back to the electronic device.
一种数据传输装置,运行于电子设备,所述电子设备与服务器相通信,所述装置包括:A data transmission device that runs on an electronic device, the electronic device communicates with a server, and the device includes:
确定单元,用于当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器是否有通信记录;The determining unit is configured to determine whether there is a communication record with the server according to the data transmission instruction when a data transmission instruction is received;
获取单元,用于当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;An acquiring unit, configured to acquire the device fingerprint of the electronic device when there is no communication record with the server;
生成单元,用于随机提取所述设备指纹中的至少一位字符,以生成第一密钥;A generating unit, configured to randomly extract at least one character in the device fingerprint to generate a first key;
所述获取单元,还用于根据所述数据传输指令获取第一待传输数据;The acquiring unit is further configured to acquire the first data to be transmitted according to the data transmission instruction;
加密单元,用于采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;An encryption unit, configured to use an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain a first ciphertext;
发送单元,用于将所述第一密文发送至所述服务器;A sending unit, configured to send the first ciphertext to the server;
解密单元,用于当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。The decryption unit is configured to, when receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain second data to be transmitted.
一种数据传输系统,运行于服务器,所述服务器与电子设备相通信,所述系统包括:A data transmission system runs on a server, the server communicates with electronic equipment, and the system includes:
获取模块,用于当接收到所述电子设备发送的第一密文时,从所述第一密文的请求头中获取所述电子设备的设备指纹;An obtaining module, configured to obtain the device fingerprint of the electronic device from the request header of the first ciphertext when the first ciphertext sent by the electronic device is received;
确定模块,用于根据所述设备指纹,确定与所述电子设备是否有通信记录;The determining module is configured to determine whether there is a communication record with the electronic device according to the device fingerprint;
生成模块,用于当与所述电子设备没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥;A generating module, used to randomly extract at least one character in the fingerprint of the device when there is no communication record with the electronic device to generate a first key;
解密模块,用于以所述第一密钥解密所述第一密文,得到第一待传输数据;A decryption module, configured to decrypt the first ciphertext with the first key to obtain the first data to be transmitted;
所述获取模块,还用于根据所述第一待传输数据进行检索,得到第二待传输数据;The acquiring module is further configured to perform retrieval based on the first data to be transmitted to obtain second data to be transmitted;
所述生成模块,还用于随机确定任意字符串,生成第一临时密钥;The generating module is also used to randomly determine any character string and generate the first temporary key;
加密模块,用于采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待传输数据进行加密,得到第二密文;An encryption module, configured to use an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext;
反馈模块,用于将所述第二密文反馈至所述电子设备。The feedback module is used to feed back the second ciphertext to the electronic device.
一种电子设备,所述电子设备包括:An electronic device, which includes:
存储器,存储至少一个计算机可读指令;及The memory stores at least one computer readable instruction; and
处理器,执行所述至少一个计算机可读指令以实现所述数据传输方法。The processor executes the at least one computer-readable instruction to implement the data transmission method.
一种服务器,所述服务器包括:A server, the server includes:
存储设备,存储至少一个计算机可读指令;及Storage device storing at least one computer readable instruction; and
处理设备,执行所述至少一个计算机可读指令以实现所述数据传输方法。The processing device executes the at least one computer-readable instruction to implement the data transmission method.
一种非易失性可读存储介质,所述非易失性可读存储介质中存储有至少一个指令,所述至少一个指令被电子设备中的处理器执行以实现所述数据传输方法。A non-volatile readable storage medium stores at least one instruction, and the at least one instruction is executed by a processor in an electronic device to implement the data transmission method.
一种非易失性可读存储介质,所述非易失性可读存储介质中存储有至少一个指令,所述至少一个指令被服务器中的处理设备执行以实现所述数据传输方法。A non-volatile readable storage medium stores at least one instruction, and the at least one instruction is executed by a processing device in a server to implement the data transmission method.
由以上技术方案可以看出,本申请能够根据接收的数据传输指令确定与服务器是否有通信记录,当与所述服务器没有通信记录时,获取电子设备的设备指纹,并随机提取所述设备指纹中的至少一位字符,以生成第一密钥,进一步根据所述数据传输指令获取第一待传输数据,采用高级加密标准,以所 述第一密钥对所述第一待传输数据进行加密,得到第一密文,从而增加了数据加密的复杂性,将所述第一密文发送至所述服务器,当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据,从而实现数据在电子设备与服务器间的加密传输,且由于加密方式的复杂性,有效避免数据在传输过程中被篡改,进一步提高了数据传输的安全性。It can be seen from the above technical solutions that this application can determine whether there is a communication record with the server according to the received data transmission instruction. When there is no communication record with the server, the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted To generate a first key, further obtain the first data to be transmitted according to the data transmission instruction, adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key, Obtain the first ciphertext, thereby increasing the complexity of data encryption, send the first ciphertext to the server, and when the second ciphertext fed back by the server is received, decrypt it with the first key The second ciphertext obtains the second data to be transmitted, so as to realize the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, the data is effectively prevented from being tampered with in the transmission process, and the data transmission is further improved Security.
附图说明Description of the drawings
图1是本申请实现数据传输方法的较佳实施例的应用环境图。Fig. 1 is an application environment diagram of a preferred embodiment of the data transmission method of the present application.
图2是本申请数据传输方法应用于电子设备的较佳实施例的流程图。Fig. 2 is a flowchart of a preferred embodiment of the data transmission method of the present application applied to an electronic device.
图3是本申请数据传输方法应用于服务器的较佳实施例的流程图。Fig. 3 is a flowchart of a preferred embodiment of the data transmission method of the present application applied to a server.
图4是本申请数据传输装置的较佳实施例的电子设备的功能模块图。Fig. 4 is a functional module diagram of an electronic device of a preferred embodiment of the data transmission device of the present application.
图5是本申请数据传输系统的较佳实施例的服务器的功能模块图。Fig. 5 is a functional module diagram of a server in a preferred embodiment of the data transmission system of the present application.
图6是本申请实现数据传输方法的较佳实施例的电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device implementing a preferred embodiment of the data transmission method according to the present application.
图7是本申请实现数据传输方法的较佳实施例的服务器的结构示意图。FIG. 7 is a schematic structural diagram of a server in a preferred embodiment of the data transmission method according to the present application.
具体实施方式Detailed ways
如图1所述,是本申请实现数据传输方法的较佳实施例的应用环境图。所述应用环境图包括电子设备1及服务器2。所述电子设备1与所述服务器2相通信。其中,所述电子设备1用于生成第一密文。所述服务器2用于根据所述第一密文获取第二待传输数据,根据所述第二待传输数据生成第二密文,并将所述第二密文反馈至所述电子设备1。As shown in Figure 1, it is an application environment diagram of a preferred embodiment of the data transmission method of the present application. The application environment diagram includes the electronic device 1 and the server 2. The electronic device 1 communicates with the server 2. Wherein, the electronic device 1 is used to generate the first ciphertext. The server 2 is configured to obtain second data to be transmitted according to the first ciphertext, generate a second ciphertext according to the second data to be transmitted, and feed back the second ciphertext to the electronic device 1.
优选地,本申请数据传输方法应用于一个或者多个电子设备1及一个或者多个服务器2中,所述电子设备1及所述服务器2是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。Preferably, the data transmission method of the present application is applied to one or more electronic devices 1 and one or more servers 2. The electronic device 1 and the server 2 are a type that can be automatically set or stored in accordance with pre-set or stored instructions. Equipment for numerical calculation and/or information processing. Its hardware includes, but is not limited to, microprocessors, Application Specific Integrated Circuits (ASICs), Field-Programmable Gate Arrays (FPGAs), digital processors (Digital Signal Processor, DSP), embedded devices, etc.
所述电子设备1及所述服务器2可以是任何一种可与用户进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、个人数字助理(Personal Digital Assistant,PDA)、游戏机、交互式网络电视(Internet Protocol Television,IPTV)、智能式穿戴式设备等。The electronic device 1 and the server 2 can be any electronic products that can interact with users with humans, such as personal computers, tablet computers, smart phones, personal digital assistants (PDAs), and game consoles. , Interactive Network Television (Internet Protocol Television, IPTV), smart wearable devices, etc.
所述电子设备1及所述服务器2还可以包括网络设备和/或用户设备。其中,所述网络设备包括,但不限于单个网络服务器、多个网络服务器组成的服务器组或基于云计算(Cloud Computing)的由大量主机或网络服务器构成的云。The electronic device 1 and the server 2 may also include network devices and/or user equipment. Wherein, the network device includes, but is not limited to, a single network server, a server group composed of multiple network servers, or a cloud composed of a large number of hosts or network servers based on Cloud Computing.
所述电子设备1及所述服务器2所处的网络包括但不限于互联网、广域网、城域网、局域网、虚拟专用网络(Virtual Private Network,VPN)等。The network where the electronic device 1 and the server 2 are located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
如图2所示,是本申请数据传输方法应用于电子设备的较佳实施例的流程图。根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。As shown in FIG. 2, it is a flowchart of a preferred embodiment of the data transmission method of the present application applied to an electronic device. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
S10,当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器2是否有通信记录。S10: When a data transmission instruction is received, determine whether there is a communication record with the server 2 according to the data transmission instruction.
在本申请的至少一个实施例中,当检测到用户触发预设服务的信号时,所述电子设备1确定接收到所述数据传输指令。In at least one embodiment of the present application, when a signal that a user triggers a preset service is detected, the electronic device 1 determines to receive the data transmission instruction.
具体地,所述预设服务是指需要向所述服务器2获取数据的服务,例如:搜索服务、登录服务等。Specifically, the preset service refers to a service that needs to obtain data from the server 2, such as a search service, a login service, and the like.
在本申请的至少一个实施例中,所述电子设备1根据所述数据传输指令 确定与所述服务器2是否有通信记录包括:In at least one embodiment of the present application, determining whether the electronic device 1 has a communication record with the server 2 according to the data transmission instruction includes:
所述电子设备1获取与所述数据传输指令对应的应用程序,进一步确定所述应用程序的存储目录,检测所述存储目录中是否存在所述服务器2生成的临时密钥。The electronic device 1 obtains the application program corresponding to the data transmission instruction, further determines the storage directory of the application program, and detects whether the temporary key generated by the server 2 exists in the storage directory.
更进一步地,当所述存储目录中存在所述服务器2生成的临时密钥时,所述电子设备1确定与所述服务器2有通信记录,或者当所述存储目录中不存在所述服务器2生成的临时密钥时,所述电子设备1确定与所述服务器没有通信记录。Furthermore, when the temporary key generated by the server 2 exists in the storage directory, the electronic device 1 determines that there is a communication record with the server 2, or when the server 2 does not exist in the storage directory. When the temporary key is generated, the electronic device 1 determines that there is no communication record with the server.
可以理解的是,针对所述电子设备1与所述服务器2是否有通信记录,所述电子设备1将进行不同的响应,具体将在后文详细阐述。It is understandable that the electronic device 1 will respond differently to whether the electronic device 1 and the server 2 have a communication record, which will be described in detail later.
S11,当与所述服务器没有通信记录时,获取所述电子设备1的设备指纹。S11: Acquire the device fingerprint of the electronic device 1 when there is no communication record with the server.
在本申请的至少一个实施例中,所述设备指纹是指可以用于唯一标识出所述电子设备1的设备特征或者独特的设备标识。所述设备指纹包括一些固有的、较难篡改且唯一的设备标识。In at least one embodiment of the present application, the device fingerprint refers to a device feature or a unique device identifier that can be used to uniquely identify the electronic device 1. The device fingerprint includes some unique device identifications that are inherently difficult to tamper with.
具体地,所述电子设备1生成所述设备指纹包括:Specifically, generating the device fingerprint by the electronic device 1 includes:
所述电子设备1获取所述电子设备1的设备信息,并根据所述设备信息生成所述设备指纹。The electronic device 1 obtains the device information of the electronic device 1 and generates the device fingerprint according to the device information.
其中,所述设备信息包括,但不限于以下一种或者多种的组合:Wherein, the device information includes, but is not limited to one or a combination of the following:
所述电子设备1的序列号、所述电子设备1的SIM(Subscriber Identification Module,用户身份识别模块)卡号、所述电子设备1的厂商代码、所述电子设备1的型号、所述电子设备1的硬件标识码等。The serial number of the electronic device 1, the SIM (Subscriber Identification Module) card number of the electronic device 1, the manufacturer code of the electronic device 1, the model of the electronic device 1, and the electronic device 1 Hardware identification code, etc.
通过上述实施方式,所述电子设备1生成能够唯一标识所述电子设备1的设备指纹,且所述设备指纹可以由一串字符组成。Through the foregoing implementation manners, the electronic device 1 generates a device fingerprint that can uniquely identify the electronic device 1, and the device fingerprint may consist of a string of characters.
例如:所述设备指纹可以由32位数字/字母组成。For example: the device fingerprint can consist of 32-bit numbers/letters.
S12,随机提取所述设备指纹中的至少一位字符,以生成第一密钥。S12: Randomly extract at least one character in the device fingerprint to generate a first key.
在本申请的至少一个实施例中,所述第一密钥用于对所述电子设备1要传输的数据进行加密。In at least one embodiment of the present application, the first key is used to encrypt data to be transmitted by the electronic device 1.
具体地,所述随机提取所述设备指纹中的至少一位字符,以生成第一密钥包括:Specifically, the randomly extracting at least one character in the device fingerprint to generate the first key includes:
所述电子设备1对所述至少一位字符进行取余运算,得到第一数值,将所述第一数值相对配置数值进行逻辑运算,生成第一字符串,将所述第一字符串的各位累加,得到第二数值,对所述第二数值进行取余运算,得到第三数值,并对所述第三数值进行进制转换,生成第二字符串,拼接所述第一字符串及所述第二字符串,得到所述第一密钥。The electronic device 1 performs a remainder operation on the at least one character to obtain a first numerical value, and performs a logical operation on the first numerical value relative to the configuration numerical value to generate a first character string. Accumulate to obtain a second value, perform a remainder operation on the second value to obtain a third value, and perform a binary conversion on the third value to generate a second character string, and concatenate the first character string and the The second character string is used to obtain the first key.
例如:所述电子设备1对所述至少一位字符进行基于ASCII码的运算,得到30位数字/字母,并根据得到的30位数字/字母进行运算,产生两位校验位,进而得到一个32位的字符串,并以得到的32位字符串作为所述第一密钥。For example: the electronic device 1 performs an ASCII code-based operation on the at least one character to obtain 30 digits/letters, and performs an operation based on the obtained 30 digits/letters to generate two check digits, and then obtains a A 32-bit character string, and the obtained 32-bit character string is used as the first key.
通过上述实施方式,所述电子设备1随机提取所述设备指纹中的至少一位字符生成所述第一密钥,能够避免由于所述设备指纹的确定性,导致所述第一密钥被破解的情况,所述电子设备1随机提取所述设备指纹中的至少一位字符可以包括很多种可能性,因此提高了破解的难度。Through the foregoing implementation manner, the electronic device 1 randomly extracts at least one character in the device fingerprint to generate the first key, which can prevent the first key from being cracked due to the certainty of the device fingerprint In the case of the electronic device 1 randomly extracting at least one character in the device fingerprint may include many possibilities, thus increasing the difficulty of cracking.
S13,根据所述数据传输指令获取第一待传输数据。S13: Acquire first data to be transmitted according to the data transmission instruction.
在本申请的至少一个实施例中,根据所述数据传输指令,所述电子设备1能够获取到触发所述数据传输指令的用户用户信息。In at least one embodiment of the present application, according to the data transmission instruction, the electronic device 1 can obtain the user information of the user who triggered the data transmission instruction.
同时,所述电子设备1还能从所述数据传输指令中获取到与所述预设服务对应的相关数据,包括所述第一待传输数据。At the same time, the electronic device 1 can also obtain relevant data corresponding to the preset service from the data transmission instruction, including the first data to be transmitted.
例如:当检测到用户A触发的搜索服务时,所述电子设备1确定获取到所述数据传输指令,进一步地,所述电子设备1获取所述用户A要搜索的文字B,并将所述文字B确定为所述第一待传输数据。For example: when a search service triggered by user A is detected, the electronic device 1 determines to obtain the data transmission instruction. Further, the electronic device 1 obtains the text B to be searched by the user A, and combines the The text B is determined as the first data to be transmitted.
S14,采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文。S14. Using an advanced encryption standard, encrypt the first data to be transmitted with the first key to obtain a first ciphertext.
在本申请的至少一个实施例中,所述高级加密标准(Advanced Encryption Standard,AES)是一种对称式加密算法,在保证了数据安全的前提下,由于算法公开、计算量小,因此加密速度快,加密效率更高。In at least one embodiment of the present application, the Advanced Encryption Standard (AES) is a symmetric encryption algorithm. Under the premise of ensuring data security, the algorithm is open and the amount of calculation is small, so the encryption speed is Faster and higher encryption efficiency.
在本申请的至少一个实施例中,所述第一密文是指所述电子设备1传输至所述服务器的数据,以便根据所述第一密文从所述服务器2中获取数据。In at least one embodiment of the present application, the first ciphertext refers to data transmitted by the electronic device 1 to the server, so as to obtain data from the server 2 according to the first ciphertext.
例如:当所述第一待传输数据为所述文字B时,则所述电子设备1将包含所述文字B的第一密文传输至所述服务器2后,将得到所述文字B的搜索结果。For example: when the first data to be transmitted is the character B, after the electronic device 1 transmits the first ciphertext containing the character B to the server 2, a search for the character B will be obtained result.
S15,将所述第一密文发送至所述服务器2。S15: Send the first ciphertext to the server 2.
在本申请的至少一个实施例中,所述服务器2用于接收所述第一密文,并从所述第一密文中获取所述第一待传输数据,进一步根据所述第一待传输数据确定所述电子设备1所请求回传的数据。In at least one embodiment of the present application, the server 2 is configured to receive the first ciphertext, and obtain the first data to be transmitted from the first ciphertext, and further according to the first data to be transmitted The data requested by the electronic device 1 to be returned is determined.
在本申请的至少一个实施例中,所述电子设备1将所述第一密文发送至所述服务器2,避免由于明文传输造成数据被截取,影响网络传输过程中数据的安全性。In at least one embodiment of the present application, the electronic device 1 sends the first ciphertext to the server 2 to avoid data being intercepted due to plaintext transmission, which affects the security of the data during network transmission.
S16,当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。S16: When the second ciphertext fed back by the server is received, decrypt the second ciphertext with the first key to obtain second data to be transmitted.
在本申请的至少一个实施例中,所述第二密文是所述服务器2根据所述第一密文反馈的数据。In at least one embodiment of the present application, the second ciphertext is data fed back by the server 2 according to the first ciphertext.
在本申请的至少一个实施例中,所述第二待传输数据是所述电子设备1解密所述第二密文后得到的数据,获取到所述第二待传输数据后,所述电子设备1即可完成向所述服务器2请求数据的任务。In at least one embodiment of the present application, the second data to be transmitted is data obtained by the electronic device 1 after decrypting the second ciphertext. After acquiring the second data to be transmitted, the electronic device 1 can complete the task of requesting data from the server 2.
例如:当所述第一密文中的第一待传输数据为所述文字B时,则所述第二密文包括所述文字B的搜索结果。For example: when the first data to be transmitted in the first ciphertext is the character B, the second ciphertext includes the search result of the character B.
在本申请的至少一个实施例中,所述方法还包括:In at least one embodiment of the present application, the method further includes:
所述电子设备1在以所述第一密钥解密所述第二密文后,得到第一临时密钥,加密所述第一临时密钥,进一步地,所述电子设备1确定与所述数据传输指令对应的应用程序,将加密后的第一临时密钥保存在所述应用程序的存储目录中。After decrypting the second ciphertext with the first key, the electronic device 1 obtains a first temporary key, encrypts the first temporary key, and further, the electronic device 1 determines with the The application program corresponding to the data transmission instruction saves the encrypted first temporary key in the storage directory of the application program.
具体地,所述第一临时密钥是一串随机数据。Specifically, the first temporary key is a string of random data.
例如:所述第一临时密钥可以是一串16位的随机数字/字母。For example: the first temporary key may be a string of 16-bit random numbers/letters.
进一步地,采用任意加密算法对所述第一临时密钥进行加密,能够实现对所述第一临时密钥的加密保存,确保所述第一临时密钥的安全性。Further, using any encryption algorithm to encrypt the first temporary key can realize the encrypted storage of the first temporary key and ensure the security of the first temporary key.
通过上述实施方式,所述电子设备1将所述第一临时密钥加密保存至所述应用程序的存储目录中,以方便后续进行数据传输时,能够直接从所述应用程序的存储目录中调取,同时使所述第一临时密钥与所述应用程序同步,当所述应用程序被卸载时,所述第一临时密钥也将被删除,进一步提高了安全性。Through the foregoing implementation manner, the electronic device 1 encrypts and saves the first temporary key to the storage directory of the application program, so that it can be directly adjusted from the storage directory of the application program during subsequent data transmission. At the same time, the first temporary key is synchronized with the application program. When the application program is uninstalled, the first temporary key will also be deleted, which further improves security.
在本申请的至少一个实施例中,当与所述服务器2有通信记录时,所述方法还包括:In at least one embodiment of the present application, when there is a communication record with the server 2, the method further includes:
所述电子设备1获取所述设备指纹,从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥,根据所述数据传输指令获取所述第一待传输数据,进一步地,所述电子设备1采用高级加密标准,以所 述第二密钥对所述第一待传输数据进行加密,得到第三密文,并将所述第三密文发送至所述服务器2。The electronic device 1 obtains the device fingerprint, randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key, and obtains the first key according to the data transmission instruction. For the data to be transmitted, further, the electronic device 1 uses advanced encryption standards to encrypt the first data to be transmitted with the second key to obtain a third ciphertext, and send the third ciphertext To the server 2.
通过上述实施方式,当所述电子设备1与所述服务器2有通信记录时,所述电子设备1同时以所述设备指纹及所述第一临时密钥为依据生成所述第二密钥,进一步提高了数据传输的安全性。Through the foregoing implementation manner, when the electronic device 1 has a communication record with the server 2, the electronic device 1 generates the second key simultaneously based on the device fingerprint and the first temporary key, Further improve the security of data transmission.
由以上技术方案可以看出,本申请能够根据接收的数据传输指令确定与服务器是否有通信记录,当与所述服务器没有通信记录时,获取电子设备的设备指纹,并随机提取所述设备指纹中的至少一位字符,以生成第一密钥,进一步根据所述数据传输指令获取第一待传输数据,采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文,从而增加了数据加密的复杂性,将所述第一密文发送至所述服务器,当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据,从而实现数据在电子设备与服务器间的加密传输,且由于加密方式的复杂性,有效避免数据在传输过程中被篡改,进一步提高了数据传输的安全性。It can be seen from the above technical solutions that this application can determine whether there is a communication record with the server according to the received data transmission instruction. When there is no communication record with the server, the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted To generate a first key, further obtain the first data to be transmitted according to the data transmission instruction, adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key, Obtain the first ciphertext, thereby increasing the complexity of data encryption, send the first ciphertext to the server, and when the second ciphertext fed back by the server is received, decrypt it with the first key The second ciphertext obtains the second data to be transmitted, thereby realizing the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, it effectively prevents the data from being tampered with during the transmission process, and further improves the data transmission Security.
如图3所示,是本申请数据传输方法应用于服务器2的较佳实施例的流程图。根据不同的需求,该流程图中步骤的顺序可以改变,某些步骤可以省略。As shown in FIG. 3, it is a flowchart of a preferred embodiment of the data transmission method of the present application applied to the server 2. According to different needs, the order of the steps in the flowchart can be changed, and some steps can be omitted.
S20,当接收到电子设备1发送的第一密文时,从所述第一密文的请求头中获取所述电子设备1的设备指纹。S20: When the first ciphertext sent by the electronic device 1 is received, obtain the device fingerprint of the electronic device 1 from the request header of the first ciphertext.
在本申请的至少一个实施例中,所述电子设备1在向服务器2发送所述第一密文时,将所述设备指纹作为请求头,并携带所述第一密文,向所述服务器2发送数据请求。In at least one embodiment of the present application, when the electronic device 1 sends the first ciphertext to the server 2, it uses the device fingerprint as a request header, carries the first ciphertext, and sends it to the server 2. 2 Send a data request.
S21,根据所述设备指纹,确定与所述电子设备1是否有通信记录。S21: Determine whether there is a communication record with the electronic device 1 according to the device fingerprint.
在本申请的至少一个实施例中,所述服务器2与所述电子设备1有过通信记录后,将记录相关信息作为通信过的凭证,具体将在后文阐述。In at least one embodiment of the present application, after the server 2 has a communication record with the electronic device 1, the related information is recorded as a proof of communication, which will be described in detail later.
S22,当与所述电子设备1没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥。S22: When there is no communication record with the electronic device 1, at least one character in the fingerprint of the device is randomly extracted to generate a first key.
在本申请的至少一个实施例中,根据所述设备指纹生成所述第一密钥的方式与前文中所述电子设备1生成所述第一密钥的方式一致,本申请在此不赘述。In at least one embodiment of the present application, the method of generating the first key according to the device fingerprint is the same as the method of generating the first key by the electronic device 1 in the foregoing, which is not repeated in this application.
S23,以所述第一密钥解密所述第一密文,得到第一待传输数据。S23: Decrypt the first ciphertext with the first key to obtain first data to be transmitted.
在本申请的至少一个实施例中,当所述第一密钥与所述第一密文的加密方式一致时,所述服务器2则可以成功解密所述第一密文,得到所述第一待传输数据。In at least one embodiment of the present application, when the encryption method of the first key and the first ciphertext are the same, the server 2 can successfully decrypt the first ciphertext to obtain the first ciphertext. Data to be transmitted.
而当所述第一密钥与所述第一密文的加密方式不一致时,所述服务器2将无法解密所述第一密文,也就无法从所述第一密文中获取到所述第一待传输数据。When the encryption method of the first key and the first ciphertext are inconsistent, the server 2 will not be able to decrypt the first ciphertext, and thus cannot obtain the first ciphertext from the first ciphertext. A data to be transmitted.
通过上述实施方式,能够有效保证网络传输中数据的安全性。Through the foregoing implementation manners, the security of data during network transmission can be effectively guaranteed.
S24,根据所述第一待传输数据进行检索,得到第二待传输数据。S24: Retrieve according to the first data to be transmitted to obtain second data to be transmitted.
在本申请的至少一个实施例中,根据所述第一待传输数据,所述服务器2能够确定所述电子设备1想要获取的数据。In at least one embodiment of the present application, based on the first data to be transmitted, the server 2 can determine the data that the electronic device 1 wants to acquire.
例如:当所述第一待传输数据是所述文字B时,所述服务器确定所述电子设备1需要获取所述文字B的搜索结果,进一步地,所述服务器2将所述文字B的搜索结果确定为所述第二待传输数据。For example: when the first data to be transmitted is the character B, the server determines that the electronic device 1 needs to obtain the search result of the character B, and further, the server 2 searches for the character B The result is determined to be the second data to be transmitted.
S25,随机确定任意字符串,生成第一临时密钥。S25, randomly determining any character string, and generating a first temporary key.
在本申请的至少一个实施例中,所述第一临时密钥是一串随机数据。In at least one embodiment of the present application, the first temporary key is a string of random data.
例如:所述第一临时密钥可以是一串16位的随机数字/字母。For example: the first temporary key may be a string of 16-bit random numbers/letters.
在本申请的至少一个实施例中,在随机确定任意字符串,生成第一临时密钥后,所述方法还包括:In at least one embodiment of the present application, after randomly determining any character string and generating the first temporary key, the method further includes:
所述服务器2记录所述第一临时密钥与所述设备指纹的对应关系,进一步地,所述服务器2将所述对应关系保存至预先配置的设备列表中,其中,所述设备列表用于存储与所述服务器2有通信记录的所有终端设备。The server 2 records the corresponding relationship between the first temporary key and the device fingerprint. Further, the server 2 saves the corresponding relationship in a pre-configured device list, where the device list is used for Store all terminal devices that have communication records with the server 2.
通过上述实施方式,所述服务器2能够将所述对应关系记录到所述设备列表中,便于后续根据所述设备列表确定所述电子设备1与所述服务器2是否有通信过。Through the foregoing implementation manner, the server 2 can record the corresponding relationship in the device list, so that it is convenient to subsequently determine whether the electronic device 1 and the server 2 have communicated with the device list.
在本申请的至少一个实施例中,所述根据所述设备指纹,确定与所述电子设备1是否有通信记录包括:In at least one embodiment of the present application, the determining whether there is a communication record with the electronic device 1 according to the device fingerprint includes:
所述服务器2将所述设备指纹与所述设备列表进行匹配,当所述设备列表中存在所述设备指纹时,确定与所述电子设备有通信记录;或者当所述设备列表中不存在所述设备指纹时,确定与所述电子设备没有通信记录。The server 2 matches the device fingerprint with the device list, and when the device fingerprint exists in the device list, it determines that there is a communication record with the electronic device; or when all the device fingerprints do not exist in the device list. When the device fingerprints, it is determined that there is no communication record with the electronic device.
通过上述实施方式,能够确定所述电子设备1是否与所述服务器2有通信过,并进一步采取不同的应对措施。Through the foregoing implementation manners, it can be determined whether the electronic device 1 has communicated with the server 2, and further different countermeasures can be taken.
S26,采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待传输数据进行加密,得到第二密文。S26. Using an advanced encryption standard, encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext.
在本申请的至少一个实施例中,所述第二密文的生成还结合了所述第一临时密钥,提高了数据加密的复杂度,由于所述第一临时密钥的随机性,使所述第二密文的破解更加困难,以确保所述第二密文的安全性更高。In at least one embodiment of the present application, the generation of the second ciphertext is also combined with the first temporary key, which increases the complexity of data encryption. Due to the randomness of the first temporary key, the The cracking of the second ciphertext is more difficult to ensure that the security of the second ciphertext is higher.
S27,将所述第二密文反馈至所述电子设备。S27: Feed back the second ciphertext to the electronic device.
在本申请的至少一个实施例中,所述第二密文中包括所述电子设备1所请求的内容。In at least one embodiment of the present application, the second ciphertext includes the content requested by the electronic device 1.
在本申请的至少一个实施例中,当与所述电子设备1有通信记录时,所述方法还包括:In at least one embodiment of the present application, when there is a communication record with the electronic device 1, the method further includes:
所述服务器2从所述设备列表中获取与所述设备指纹对应的所述第一临时密钥,从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥,进一步地,所述服务器2采用高级加密标准,以所述第二密钥对所述第二待传输数据进行加密,得到第四密文,将所述第四密文反馈至所述电子设备1。The server 2 obtains the first temporary key corresponding to the device fingerprint from the device list, and randomly extracts at least one character from the device fingerprint and the first temporary key to generate the first temporary key Two keys, further, the server 2 uses advanced encryption standards to encrypt the second data to be transmitted with the second key to obtain a fourth ciphertext, and feeds back the fourth ciphertext to the述电子设备1。 述电子设备1.
通过上述实施方式,所述服务器2直接利用存储的所述第一临时密钥生成所述第二密钥。Through the foregoing implementation manner, the server 2 directly uses the stored first temporary key to generate the second key.
接下来,所述服务器2与所述电子设备1间的通信将都依赖于所述第二密钥,直到有特殊情况发生。Next, the communication between the server 2 and the electronic device 1 will all rely on the second key until a special situation occurs.
具体地,所述方法还包括:Specifically, the method further includes:
当检测到所述电子设备1及所述服务器2中的任意一方丢失所述第一临时密钥,及/或配置服务启动时,重新生成并保存所述第一临时密钥。When it is detected that any one of the electronic device 1 and the server 2 loses the first temporary key, and/or the configuration service is started, the first temporary key is regenerated and saved.
具体地,所述配置服务可以包括,但不限于:用户登陆服务等。Specifically, the configuration service may include, but is not limited to: user login service, etc.
例如:当所述第一临时密钥存储的应用程序被卸载,导致所述第一临时密钥丢失时,重新生成并保存所述第一临时密钥。For example: when the application program stored in the first temporary key is uninstalled, causing the loss of the first temporary key, the first temporary key is regenerated and saved.
通过上述实施方式,在保证所述服务器2与所述电子设备1进行正常数据通信的前提下,还能进一步确保数据传输的安全性。Through the foregoing implementation manners, on the premise of ensuring that the server 2 and the electronic device 1 conduct normal data communication, the security of data transmission can be further ensured.
在本申请的至少一个实施例中,所述方法还包括:In at least one embodiment of the present application, the method further includes:
当检测到以所述第二密钥无法解密时,所述服务器2获取预设时间内解密失败的次数,当所述次数大于或者等于预设值时,锁定所述电子设备1。When it is detected that the decryption cannot be performed with the second key, the server 2 obtains the number of decryption failures within a preset time, and when the number is greater than or equal to a preset value, the electronic device 1 is locked.
具体地,所述预设值可以进行自定义配置,本申请不限制。Specifically, the preset value can be customized, which is not limited in this application.
可以理解的是,如果以所述第二密钥无法解密,说明所述电子设备1没有存储所述第一临时密钥,因此,鉴于所述服务器2与所述电子设备1的数 据传输主要依赖于所述第一临时密钥,说明所述电子设备1很可能处于恶意盗取信息的非正常情况。It is understandable that if the second key cannot be used for decryption, it means that the electronic device 1 does not store the first temporary key. Therefore, since the data transmission between the server 2 and the electronic device 1 mainly depends on The first temporary key indicates that the electronic device 1 is likely to be in an abnormal situation of maliciously stealing information.
当所述电子设备1被锁住后,所述服务器2将不再接受所述电子设备1的请求数据。When the electronic device 1 is locked, the server 2 will no longer accept the request data of the electronic device 1.
当然,在其他实施例中,还可以配置所述服务器在配置时间内拒绝所述电子设备的所有请求,本申请不限制。Of course, in other embodiments, the server can also be configured to reject all requests of the electronic device within the configured time, and this application is not limited.
通过上述实施方式,可以有效避免数据窃取的情况发生,使数据传输过程的防护更强,避免信息泄露。Through the foregoing implementation manners, data theft can be effectively avoided, the protection of the data transmission process is stronger, and information leakage can be avoided.
如图4所示,是本申请数据传输装置的较佳实施例的电子设备的功能模块图。所述数据传输装置11包括确定单元100、获取单元101、生成单元102、加密单元103、发送单元104、解密单元105以及保存单元106。本申请所称的单元是指一种能够被处理器13所执行,并且能够完成固定功能的一系列计算机可读指令段,其存储在存储器12中。在本实施例中,关于各单元的功能将在后续的实施例中详述。As shown in FIG. 4, it is a functional module diagram of the electronic device of the preferred embodiment of the data transmission device of the present application. The data transmission device 11 includes a determination unit 100, an acquisition unit 101, a generation unit 102, an encryption unit 103, a transmission unit 104, a decryption unit 105, and a storage unit 106. The unit referred to in this application refers to a series of computer-readable instruction segments that can be executed by the processor 13 and can complete fixed functions, and are stored in the memory 12. In this embodiment, the function of each unit will be described in detail in subsequent embodiments.
当接收到数据传输指令时,确定单元100根据所述数据传输指令确定与所述服务器2是否有通信记录。When receiving the data transmission instruction, the determining unit 100 determines whether there is a communication record with the server 2 according to the data transmission instruction.
在本申请的至少一个实施例中,当检测到用户触发预设服务的信号时,所述确定单元100确定接收到所述数据传输指令。In at least one embodiment of the present application, when a signal that a user triggers a preset service is detected, the determining unit 100 determines that the data transmission instruction is received.
具体地,所述预设服务是指需要向所述服务器2获取数据的服务,例如:搜索服务、登录服务等。Specifically, the preset service refers to a service that needs to obtain data from the server 2, such as a search service, a login service, and the like.
在本申请的至少一个实施例中,所述确定单元100根据所述数据传输指令确定与所述服务器2是否有通信记录包括:In at least one embodiment of the present application, the determining unit 100 determining whether there is a communication record with the server 2 according to the data transmission instruction includes:
所述确定单元100获取与所述数据传输指令对应的应用程序,进一步确定所述应用程序的存储目录,检测所述存储目录中是否存在所述服务器生成的临时密钥。The determining unit 100 obtains the application program corresponding to the data transmission instruction, further determines the storage directory of the application program, and detects whether the temporary key generated by the server exists in the storage directory.
更进一步地,当所述存储目录中存在所述服务器2生成的临时密钥时,所述确定单元100确定与所述服务器2有通信记录,或者当所述存储目录中不存在所述服务器2生成的临时密钥时,所述确定单元100确定与所述服务器没有通信记录。Furthermore, when the temporary key generated by the server 2 exists in the storage directory, the determining unit 100 determines that there is a communication record with the server 2, or when the server 2 does not exist in the storage directory. When the temporary key is generated, the determining unit 100 determines that there is no communication record with the server.
可以理解的是,针对数据传输装置11与所述服务器2是否有通信记录,所述数据传输装置11将进行不同的响应,具体将在后文详细阐述。It is understandable that the data transmission device 11 will respond differently as to whether there is a communication record between the data transmission device 11 and the server 2, which will be described in detail later.
当与所述服务器没有通信记录时,获取单元101获取所述电子设备1的设备指纹。When there is no communication record with the server, the acquiring unit 101 acquires the device fingerprint of the electronic device 1.
在本申请的至少一个实施例中,所述设备指纹是指可以用于唯一标识出所述电子设备1的设备特征或者独特的设备标识。所述设备指纹包括一些固有的、较难篡改且唯一的设备标识。In at least one embodiment of the present application, the device fingerprint refers to a device feature or a unique device identifier that can be used to uniquely identify the electronic device 1. The device fingerprint includes some unique device identifications that are inherently difficult to tamper with.
具体地,所述获取单元101生成所述设备指纹包括:Specifically, generating the device fingerprint by the acquiring unit 101 includes:
所述获取单元101获取所述电子设备1的设备信息,并根据所述设备信息生成所述设备指纹。The acquiring unit 101 acquires the device information of the electronic device 1, and generates the device fingerprint according to the device information.
其中,所述设备信息包括,但不限于以下一种或者多种的组合:Wherein, the device information includes, but is not limited to one or a combination of the following:
所述电子设备1的序列号、所述电子设备1的SIM(Subscriber Identification Module,用户身份识别模块)卡号、所述电子设备1的厂商代码、所述电子设备1的型号、所述电子设备1的硬件标识码等。The serial number of the electronic device 1, the SIM (Subscriber Identification Module) card number of the electronic device 1, the manufacturer code of the electronic device 1, the model of the electronic device 1, and the electronic device 1 Hardware identification code, etc.
通过上述实施方式,所述获取单元101生成能够唯一标识所述电子设备1的设备指纹,且所述设备指纹可以由一串字符组成。Through the foregoing implementation manner, the acquiring unit 101 generates a device fingerprint that can uniquely identify the electronic device 1, and the device fingerprint may be composed of a string of characters.
例如:所述设备指纹可以由32位数字/字母组成。For example: the device fingerprint can consist of 32-bit numbers/letters.
生成单元102随机提取所述设备指纹中的至少一位字符,以生成第一密钥。The generating unit 102 randomly extracts at least one character in the device fingerprint to generate a first key.
在本申请的至少一个实施例中,所述第一密钥用于对所述电子设备1要传输的数据进行加密。In at least one embodiment of the present application, the first key is used to encrypt data to be transmitted by the electronic device 1.
具体地,所述生成单元102随机提取所述设备指纹中的至少一位字符,以生成第一密钥包括:Specifically, the generating unit 102 randomly extracting at least one character in the device fingerprint to generate the first key includes:
所述生成单元102对所述至少一位字符进行取余运算,得到第一数值,将所述第一数值相对配置数值进行逻辑运算,生成第一字符串,将所述第一字符串的各位累加,得到第二数值,对所述第二数值进行取余运算,得到第三数值,并对所述第三数值进行进制转换,生成第二字符串,拼接所述第一字符串及所述第二字符串,得到所述第一密钥。The generating unit 102 performs a remainder operation on the at least one character to obtain a first numerical value, and performs a logical operation on the first numerical value relative to the configuration numerical value to generate a first character string. Accumulate to obtain a second value, perform a remainder operation on the second value to obtain a third value, and perform a binary conversion on the third value to generate a second character string, and concatenate the first character string and the The second character string is used to obtain the first key.
例如:所述生成单元102对所述至少一位字符进行基于ASCII码的运算,得到30位数字/字母,并根据得到的30位数字/字母进行运算,产生两位校验位,进而得到一个32位的字符串,并以得到的32位字符串作为所述第一密钥。For example, the generating unit 102 performs an ASCII code-based operation on the at least one character to obtain 30 digits/letters, and performs an operation based on the obtained 30 digits/letters to generate two check digits, thereby obtaining a A 32-bit character string, and the obtained 32-bit character string is used as the first key.
通过上述实施方式,随机提取所述设备指纹中的至少一位字符生成所述第一密钥,能够避免由于所述设备指纹的确定性,导致所述第一密钥被破解的情况,随机提取所述设备指纹中的至少一位字符可以包括很多种可能性,因此提高了破解的难度。Through the foregoing implementation manners, at least one character in the device fingerprint is randomly extracted to generate the first key, which can avoid the situation that the first key is cracked due to the certainty of the device fingerprint, and randomly extract At least one character in the device fingerprint can include many possibilities, thus increasing the difficulty of cracking.
所述获取单元101根据所述数据传输指令获取第一待传输数据。The acquiring unit 101 acquires the first data to be transmitted according to the data transmission instruction.
在本申请的至少一个实施例中,根据所述数据传输指令,所述获取单元101能够获取到触发所述数据传输指令的用户用户信息。In at least one embodiment of the present application, according to the data transmission instruction, the acquisition unit 101 can acquire the user information of the user who triggered the data transmission instruction.
同时,所述获取单元101还能从所述数据传输指令中获取到与所述预设服务对应的相关数据,包括所述第一待传输数据。At the same time, the acquiring unit 101 can also acquire related data corresponding to the preset service from the data transmission instruction, including the first data to be transmitted.
例如:当检测到用户A触发的搜索服务时,所述获取单元101确定获取到所述数据传输指令,进一步地,所述获取单元101获取所述用户A要搜索的文字B,并将所述文字B确定为所述第一待传输数据。For example: when a search service triggered by user A is detected, the acquiring unit 101 determines that the data transmission instruction is acquired. Further, the acquiring unit 101 acquires the text B to be searched by the user A, and combines the The text B is determined as the first data to be transmitted.
加密单元103采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文。The encryption unit 103 adopts an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext.
在本申请的至少一个实施例中,所述高级加密标准(Advanced Encryption Standard,AES)是一种对称式加密算法,在保证了数据安全的前提下,由于算法公开、计算量小,因此加密速度快,加密效率更高。In at least one embodiment of the present application, the Advanced Encryption Standard (AES) is a symmetric encryption algorithm. Under the premise of ensuring data security, the algorithm is open and the amount of calculation is small, so the encryption speed is Faster and higher encryption efficiency.
在本申请的至少一个实施例中,所述第一密文是指所述加密单元103传输至所述服务器的数据,以便根据所述第一密文从所述服务器2中获取数据。In at least one embodiment of the present application, the first ciphertext refers to data transmitted to the server by the encryption unit 103, so as to obtain data from the server 2 according to the first ciphertext.
例如:当所述第一待传输数据为所述文字B时,则所述加密单元103将包含所述文字B的第一密文传输至所述服务器2后,将得到所述文字B的搜索结果。For example: when the first data to be transmitted is the character B, the encryption unit 103 transmits the first ciphertext containing the character B to the server 2 to obtain a search for the character B result.
发送单元104将所述第一密文发送至所述服务器2。The sending unit 104 sends the first ciphertext to the server 2.
在本申请的至少一个实施例中,所述服务器2用于接收所述第一密文,并从所述第一密文中获取所述第一待传输数据,进一步根据所述第一待传输数据确定所述电子设备1所请求回传的数据。In at least one embodiment of the present application, the server 2 is configured to receive the first ciphertext, and obtain the first data to be transmitted from the first ciphertext, and further according to the first data to be transmitted The data requested by the electronic device 1 to be returned is determined.
在本申请的至少一个实施例中,所述发送单元104将所述第一密文发送至所述服务器2,避免由于明文传输造成数据被截取,影响网络传输过程中数据的安全性。In at least one embodiment of the present application, the sending unit 104 sends the first ciphertext to the server 2 to avoid data interception due to plaintext transmission, which affects the security of the data during network transmission.
当接收到所述服务器反馈的第二密文时,解密单元105以所述第一密钥解密所述第二密文,得到第二待传输数据。When receiving the second ciphertext fed back by the server, the decryption unit 105 decrypts the second ciphertext with the first key to obtain the second data to be transmitted.
在本申请的至少一个实施例中,所述第二密文是所述服务器2根据所述第一密文反馈的数据。In at least one embodiment of the present application, the second ciphertext is data fed back by the server 2 according to the first ciphertext.
在本申请的至少一个实施例中,所述第二待传输数据是所述解密单元105解密所述第二密文后得到的数据,获取到所述第二待传输数据后,所述 解密单元105即可完成向所述服务器2请求数据的任务。In at least one embodiment of the present application, the second data to be transmitted is the data obtained after the decryption unit 105 decrypts the second ciphertext. After obtaining the second data to be transmitted, the decryption unit 105 can complete the task of requesting data from the server 2.
例如:当所述第一密文中的第一待传输数据为所述文字B时,则所述第二密文包括所述文字B的搜索结果。For example: when the first data to be transmitted in the first ciphertext is the character B, the second ciphertext includes the search result of the character B.
在本申请的至少一个实施例中,所述方法还包括:In at least one embodiment of the present application, the method further includes:
所述解密单元105在以所述第一密钥解密所述第二密文后,得到第一临时密钥,所述加密单元103加密所述第一临时密钥,进一步地,所述确定单元100确定与所述数据传输指令对应的应用程序,保存单元106将加密后的第一临时密钥保存在所述应用程序的存储目录中。The decryption unit 105 obtains a first temporary key after decrypting the second ciphertext with the first key, the encryption unit 103 encrypts the first temporary key, and further, the determining unit 100 determines the application program corresponding to the data transmission instruction, and the saving unit 106 saves the encrypted first temporary key in the storage directory of the application program.
具体地,所述第一临时密钥是一串随机数据。Specifically, the first temporary key is a string of random data.
例如:所述第一临时密钥可以是一串16位的随机数字/字母。For example: the first temporary key may be a string of 16-bit random numbers/letters.
进一步地,采用任意加密算法对所述第一临时密钥进行加密,能够实现对所述第一临时密钥的加密保存,确保所述第一临时密钥的安全性。Further, using any encryption algorithm to encrypt the first temporary key can realize the encrypted storage of the first temporary key and ensure the security of the first temporary key.
通过上述实施方式,将所述第一临时密钥加密保存至所述应用程序的存储目录中,以方便后续进行数据传输时,能够直接从所述应用程序的存储目录中调取,同时使所述第一临时密钥与所述应用程序同步,当所述应用程序被卸载时,所述第一临时密钥也将被删除,进一步提高了安全性。Through the above implementation, the first temporary key is encrypted and stored in the storage directory of the application program, so that when subsequent data transmission is performed, it can be directly retrieved from the storage directory of the application program, and all The first temporary key is synchronized with the application program. When the application program is uninstalled, the first temporary key will also be deleted, which further improves security.
在本申请的至少一个实施例中,当与所述服务器2有通信记录时,所述方法还包括:In at least one embodiment of the present application, when there is a communication record with the server 2, the method further includes:
所述获取单元101获取所述设备指纹,所述生成单元102从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥,所述获取单元101根据所述数据传输指令获取所述第一待传输数据,进一步地,所述加密单元103采用高级加密标准,以所述第二密钥对所述第一待传输数据进行加密,得到第三密文,所述发送单元104将所述第三密文发送至所述服务器2。The acquiring unit 101 acquires the device fingerprint, the generating unit 102 randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key, and the acquiring unit 101 according to The data transmission instruction acquires the first data to be transmitted, and further, the encryption unit 103 adopts an advanced encryption standard to encrypt the first data to be transmitted with the second key to obtain a third ciphertext , The sending unit 104 sends the third ciphertext to the server 2.
通过上述实施方式,当与所述服务器2有通信记录时,所述生成单元102同时以所述设备指纹及所述第一临时密钥为依据生成所述第二密钥,进一步提高了数据传输的安全性。Through the foregoing implementation manner, when there is a communication record with the server 2, the generating unit 102 generates the second key simultaneously based on the device fingerprint and the first temporary key, which further improves the data transmission Security.
由以上技术方案可以看出,本申请能够根据接收的数据传输指令确定与服务器是否有通信记录,当与所述服务器没有通信记录时,获取电子设备的设备指纹,并随机提取所述设备指纹中的至少一位字符,以生成第一密钥,进一步根据所述数据传输指令获取第一待传输数据,采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文,从而增加了数据加密的复杂性,将所述第一密文发送至所述服务器,当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据,从而实现数据在电子设备与服务器间的加密传输,且由于加密方式的复杂性,有效避免数据在传输过程中被篡改,进一步提高了数据传输的安全性。It can be seen from the above technical solutions that this application can determine whether there is a communication record with the server according to the received data transmission instruction. When there is no communication record with the server, the device fingerprint of the electronic device is obtained, and the device fingerprint is randomly extracted To generate a first key, further obtain the first data to be transmitted according to the data transmission instruction, adopt advanced encryption standards, and encrypt the first data to be transmitted with the first key, Obtain the first ciphertext, thereby increasing the complexity of data encryption, send the first ciphertext to the server, and when the second ciphertext fed back by the server is received, decrypt it with the first key The second ciphertext obtains the second data to be transmitted, thereby realizing the encrypted transmission of the data between the electronic device and the server, and due to the complexity of the encryption method, it effectively prevents the data from being tampered with during the transmission process, and further improves the data transmission Security.
如图5所示,是本申请数据传输系统的较佳实施例服务器的功能模块图。所述数据传输系统21包括获取模块200、确定模块201、生成模块202、解密模块203、加密模块204、反馈模块205、记录模块206、保存模块207、以及锁定模块208。本申请所称的模块是指一种能够被处理设备23所执行,并且能够完成固定功能的一系列计算机可读指令段,其存储在存储设备22中。在本实施例中,关于各模块的功能将在后续的实施例中详述。As shown in FIG. 5, it is a functional module diagram of a server in a preferred embodiment of the data transmission system of the present application. The data transmission system 21 includes an acquisition module 200, a determination module 201, a generation module 202, a decryption module 203, an encryption module 204, a feedback module 205, a recording module 206, a storage module 207, and a locking module 208. The module referred to in this application refers to a series of computer-readable instruction segments that can be executed by the processing device 23 and can complete fixed functions, and are stored in the storage device 22. In this embodiment, the function of each module will be described in detail in subsequent embodiments.
当接收到电子设备1发送的第一密文时,从所述第一密文的请求头中获取模块200获取所述电子设备1的设备指纹。When the first ciphertext sent by the electronic device 1 is received, the acquiring module 200 obtains the device fingerprint of the electronic device 1 from the request header of the first ciphertext.
在本申请的至少一个实施例中,所述电子设备1在向所述获取模块200发送所述第一密文时,将所述设备指纹作为请求头,并携带所述第一密文,向所述获取模块200发送数据请求。In at least one embodiment of the present application, when the electronic device 1 sends the first ciphertext to the acquisition module 200, it uses the device fingerprint as a request header and carries the first ciphertext to The acquiring module 200 sends a data request.
根据所述设备指纹,确定模块201确定与所述电子设备1是否有通信记录。According to the device fingerprint, the determining module 201 determines whether there is a communication record with the electronic device 1.
在本申请的至少一个实施例中,服务器2与所述电子设备1有过通信记录后,将记录相关信息作为通信过的凭证,具体将在后文阐述。In at least one embodiment of the present application, after the server 2 has a communication record with the electronic device 1, the related information is recorded as a proof of communication, which will be described in detail later.
当与所述电子设备1没有通信记录时,生成模块202随机提取所述设备指纹中的至少一位字符,以生成第一密钥。When there is no communication record with the electronic device 1, the generating module 202 randomly extracts at least one character in the fingerprint of the device to generate the first key.
在本申请的至少一个实施例中,根据所述设备指纹生成所述第一密钥的方式与前文中所述电子设备1生成所述第一密钥的方式一致,本申请在此不赘述。In at least one embodiment of the present application, the method of generating the first key according to the device fingerprint is the same as the method of generating the first key by the electronic device 1 in the foregoing, which is not repeated in this application.
解密模块203以所述第一密钥解密所述第一密文,得到第一待传输数据。The decryption module 203 decrypts the first ciphertext with the first key to obtain the first data to be transmitted.
在本申请的至少一个实施例中,当所述第一密钥与所述第一密文的加密方式一致时,所述解密模块203则可以成功解密所述第一密文,得到所述第一待传输数据。In at least one embodiment of the present application, when the encryption method of the first key and the first ciphertext are the same, the decryption module 203 can successfully decrypt the first ciphertext to obtain the first ciphertext. A data to be transmitted.
而当所述第一密钥与所述第一密文的加密方式不一致时,所述解密模块203将无法解密所述第一密文,也就无法从所述第一密文中获取到所述第一待传输数据。When the encryption method of the first key is inconsistent with the first ciphertext, the decryption module 203 will not be able to decrypt the first ciphertext, and therefore cannot obtain the first ciphertext from the The first data to be transmitted.
通过上述实施方式,能够有效保证网络传输中数据的安全性。Through the foregoing implementation manners, the security of data during network transmission can be effectively guaranteed.
所述获取模块200根据所述第一待传输数据进行检索,得到第二待传输数据。The acquisition module 200 searches according to the first data to be transmitted, and obtains the second data to be transmitted.
在本申请的至少一个实施例中,根据所述第一待传输数据,所述获取模块200能够确定所述电子设备1想要获取的数据。In at least one embodiment of the present application, according to the first data to be transmitted, the acquisition module 200 can determine the data that the electronic device 1 wants to acquire.
例如:当所述第一待传输数据是所述文字B时,所述获取模块200确定所述电子设备1需要获取所述文字B的搜索结果,进一步地,所述获取模块200将所述文字B的搜索结果确定为所述第二待传输数据。For example: when the first data to be transmitted is the character B, the obtaining module 200 determines that the electronic device 1 needs to obtain the search result of the character B, and further, the obtaining module 200 converts the character The search result of B is determined to be the second data to be transmitted.
所述生成模块202随机确定任意字符串,生成第一临时密钥。The generating module 202 randomly determines any character string and generates a first temporary key.
在本申请的至少一个实施例中,所述第一临时密钥是一串随机数据。In at least one embodiment of the present application, the first temporary key is a string of random data.
例如:所述第一临时密钥可以是一串16位的随机数字/字母。For example: the first temporary key may be a string of 16-bit random numbers/letters.
在本申请的至少一个实施例中,在随机确定任意字符串,生成第一临时密钥后,记录模块206记录所述第一临时密钥与所述设备指纹的对应关系,进一步地,保存模块207将所述对应关系保存至预先配置的设备列表中,其中,所述设备列表用于存储与所述服务器2有通信记录的所有终端设备。In at least one embodiment of the present application, after randomly determining any character string and generating the first temporary key, the recording module 206 records the correspondence between the first temporary key and the fingerprint of the device, and further, the storage module 207 saves the corresponding relationship in a pre-configured device list, where the device list is used to store all terminal devices that have communication records with the server 2.
通过上述实施方式,能够将所述对应关系记录到所述设备列表中,便于后续根据所述设备列表确定所述电子设备1与所述服务器2是否有通信过。Through the foregoing implementation manners, the corresponding relationship can be recorded in the device list, which facilitates subsequent determination of whether the electronic device 1 and the server 2 have communicated with the device list.
在本申请的至少一个实施例中,所述确定模块201根据所述设备指纹,确定与所述电子设备1是否有通信记录包括:In at least one embodiment of the present application, the determining module 201 determining whether there is a communication record with the electronic device 1 according to the device fingerprint includes:
所述确定模块201将所述设备指纹与所述设备列表进行匹配,当所述设备列表中存在所述设备指纹时,确定与所述电子设备有通信记录;或者当所述设备列表中不存在所述设备指纹时,确定与所述电子设备没有通信记录。The determining module 201 matches the device fingerprint with the device list, and when the device fingerprint exists in the device list, it determines that there is a communication record with the electronic device; or when the device fingerprint does not exist in the device list When the device fingerprints, it is determined that there is no communication record with the electronic device.
通过上述实施方式,能够确定所述电子设备1是否与所述服务器2有通信过,并进一步采取不同的应对措施。Through the foregoing implementation manners, it can be determined whether the electronic device 1 has communicated with the server 2, and further different countermeasures can be taken.
加密模块204采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待传输数据进行加密,得到第二密文。The encryption module 204 adopts an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext.
在本申请的至少一个实施例中,所述第二密文的生成还结合了所述第一临时密钥,提高了数据加密的复杂度,由于所述第一临时密钥的随机性,使所述第二密文的破解更加困难,以确保所述第二密文的安全性更高。In at least one embodiment of the present application, the generation of the second ciphertext is also combined with the first temporary key, which increases the complexity of data encryption. Due to the randomness of the first temporary key, the The cracking of the second ciphertext is more difficult to ensure that the security of the second ciphertext is higher.
反馈模块205将所述第二密文反馈至所述电子设备。The feedback module 205 feeds back the second ciphertext to the electronic device.
在本申请的至少一个实施例中,所述第二密文中包括所述电子设备1所请求的内容。In at least one embodiment of the present application, the second ciphertext includes the content requested by the electronic device 1.
在本申请的至少一个实施例中,当与所述电子设备1有通信记录时,所述获取模块200从所述设备列表中获取与所述设备指纹对应的所述第一临时密钥,所述生成模块202从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥,进一步地,加密模块204采用高级加密标准,以所述第二密钥对所述第二待传输数据进行加密,得到第四密文,所述反馈模块205将所述第四密文反馈至所述电子设备1。In at least one embodiment of the present application, when there is a communication record with the electronic device 1, the acquisition module 200 acquires the first temporary key corresponding to the device fingerprint from the device list, so The generating module 202 randomly extracts at least one character from the device fingerprint and the first temporary key to generate a second key. Further, the encryption module 204 uses advanced encryption standards to use the second key The second data to be transmitted is encrypted to obtain a fourth ciphertext, and the feedback module 205 feeds back the fourth ciphertext to the electronic device 1.
通过上述实施方式,直接利用存储的所述第一临时密钥生成所述第二密钥。Through the foregoing implementation manner, the stored first temporary key is directly used to generate the second key.
接下来,所述服务器2与所述电子设备1间的通信将都依赖于所述第二密钥,直到有特殊情况发生。Next, the communication between the server 2 and the electronic device 1 will all rely on the second key until a special situation occurs.
具体地,当检测到所述电子设备1及所述服务器2中的任意一方丢失所述第一临时密钥,及/或配置服务启动时,所述保存模块207重新生成并保存所述第一临时密钥。Specifically, when it is detected that any one of the electronic device 1 and the server 2 has lost the first temporary key, and/or the configuration service is started, the saving module 207 regenerates and saves the first temporary key. Temporary key.
具体地,所述配置服务可以包括,但不限于:用户登陆服务等。Specifically, the configuration service may include, but is not limited to: user login service, etc.
例如:当所述第一临时密钥存储的应用程序被卸载,导致所述第一临时密钥丢失时,重新生成并保存所述第一临时密钥。For example: when the application program stored in the first temporary key is uninstalled, causing the loss of the first temporary key, the first temporary key is regenerated and saved.
通过上述实施方式,在保证所述服务器2与所述电子设备1进行正常数据通信的前提下,还能进一步确保数据传输的安全性。Through the foregoing implementation manners, on the premise of ensuring that the server 2 and the electronic device 1 conduct normal data communication, the security of data transmission can be further ensured.
在本申请的至少一个实施例中,当检测到以所述第二密钥无法解密时,所述获取模块200获取预设时间内解密失败的次数,当所述次数大于或者等于预设值时,锁定模块208锁定所述电子设备1。In at least one embodiment of the present application, when it is detected that decryption with the second key cannot be performed, the obtaining module 200 obtains the number of decryption failures within a preset time, and when the number of times is greater than or equal to a preset value , The locking module 208 locks the electronic device 1.
具体地,所述预设值可以进行自定义配置,本申请不限制。Specifically, the preset value can be customized, which is not limited in this application.
可以理解的是,如果以所述第二密钥无法解密,说明所述电子设备1没有存储所述第一临时密钥,因此,鉴于所述服务器2与所述电子设备1的数据传输主要依赖于所述第一临时密钥,说明所述电子设备1很可能处于恶意盗取信息的非正常情况。It is understandable that if the second key cannot be used for decryption, it means that the electronic device 1 does not store the first temporary key. Therefore, since the data transmission between the server 2 and the electronic device 1 mainly depends on The first temporary key indicates that the electronic device 1 is likely to be in an abnormal situation of maliciously stealing information.
当所述电子设备1被锁住后,所述服务器2将不再接受所述电子设备1的请求数据。When the electronic device 1 is locked, the server 2 will no longer accept the request data of the electronic device 1.
当然,在其他实施例中,还可以配置所述服务器在配置时间内拒绝所述电子设备的所有请求,本申请不限制。Of course, in other embodiments, the server can also be configured to reject all requests of the electronic device within the configured time, and this application is not limited.
通过上述实施方式,可以有效避免数据窃取的情况发生,使数据传输过程的防护更强,避免信息泄露。Through the foregoing implementation manners, data theft can be effectively avoided, the protection of the data transmission process is stronger, and information leakage can be avoided.
如图6所示,是本申请实现数据传输方法的较佳实施例的电子设备的结构示意图。As shown in FIG. 6, it is a schematic structural diagram of an electronic device implementing a preferred embodiment of the data transmission method of the present application.
所述电子设备1是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。The electronic device 1 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC) ), programmable gate array (Field-Programmable Gate Array, FPGA), digital processor (Digital Signal Processor, DSP), embedded equipment, etc.
所述电子设备1还可以是但不限于任何一种可与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、云端服务器、个人数字助理(Personal Digital Assistant,PDA)、游戏机、交互式网络电视(Internet Protocol Television,IPTV)、智能式穿戴式设备等。The electronic device 1 can also be, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, or a smart phone. , Cloud server, personal digital assistant (PDA), game console, interactive network television (Internet Protocol Television, IPTV), smart wearable devices, etc.
所述电子设备1所处的网络包括但不限于互联网、广域网、城域网、局域网、虚拟专用网络(Virtual Private Network,VPN)等。The network where the electronic device 1 is located includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
在本申请的一个实施例中,所述电子设备1包括,但不限于,存储器12、处理器13,以及存储在所述存储器12中并可在所述处理器13上运行的计算 机程序,例如数据传输程序。In an embodiment of the present application, the electronic device 1 includes, but is not limited to, a memory 12, a processor 13, and a computer program stored in the memory 12 and running on the processor 13, such as Data transfer program.
本领域技术人员可以理解,所述示意图仅仅是电子设备1的示例,并不构成对电子设备1的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述电子设备1还可以包括输入输出设备、网络接入设备、总线等。Those skilled in the art can understand that the schematic diagram is only an example of the electronic device 1 and does not constitute a limitation on the electronic device 1. It may include more or less components than those shown in the figure, or a combination of certain components, or different components. Components, for example, the electronic device 1 may also include input and output devices, network access devices, buses, and the like.
所述处理器13可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等,所述处理器13是所述电子设备1的运算核心和控制中心,利用各种接口和线路连接整个电子设备1的各个部分,及执行所述电子设备1的操作系统以及安装的各类应用程序、程序代码等。The processor 13 may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (ASIC), Ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc. The processor 13 is the computing core and control center of the electronic device 1 and connects the entire electronic device with various interfaces and lines. Each part of 1, and executes the operating system of the electronic device 1, and various installed applications, program codes, etc.
所述处理器13执行所述电子设备1的操作系统以及安装的各类应用程序。所述处理器13执行所述应用程序以实现上述各个数据传输方法实施例中的步骤,例如图2所示的步骤S10、S11、S12、S13、S14、S15、S16。The processor 13 executes the operating system of the electronic device 1 and various installed applications. The processor 13 executes the application program to implement the steps in the foregoing data transmission method embodiments, such as steps S10, S11, S12, S13, S14, S15, and S16 shown in FIG. 2.
或者,所述处理器13执行所述计算机程序时实现上述各装置实施例中各模块/单元的功能,例如:当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器是否有通信记录;当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;随机提取所述设备指纹中的至少一位字符,以生成第一密钥;根据所述数据传输指令获取第一待传输数据;采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;将所述第一密文发送至所述服务器;当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。Alternatively, when the processor 13 executes the computer program, the function of each module/unit in the foregoing device embodiments is realized, for example: when a data transmission instruction is received, it determines whether there is a connection with the server according to the data transmission instruction. Communication record; when there is no communication record with the server, obtain the device fingerprint of the electronic device; randomly extract at least one character in the device fingerprint to generate the first key; obtain the first key according to the data transmission instruction A data to be transmitted; using advanced encryption standards to encrypt the first data to be transmitted with the first key to obtain a first ciphertext; sending the first ciphertext to the server; when received When the second ciphertext is fed back by the server, the second ciphertext is decrypted with the first key to obtain the second data to be transmitted.
示例性的,所述计算机程序可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器12中,并由所述处理器13执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令段,该指令段用于描述所述计算机程序在所述电子设备1中的执行过程。例如,所述计算机程序可以被分割成确定单元100、获取单元101、生成单元102、加密单元103、发送单元104、解密单元105以及保存单元106。Exemplarily, the computer program may be divided into one or more modules/units, and the one or more modules/units are stored in the memory 12 and executed by the processor 13 to complete this Application. The one or more modules/units may be a series of computer-readable instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program in the electronic device 1. For example, the computer program may be divided into a determination unit 100, an acquisition unit 101, a generation unit 102, an encryption unit 103, a transmission unit 104, a decryption unit 105, and a storage unit 106.
所述存储器12可用于存储所述计算机程序和/或模块,所述处理器13通过运行或执行存储在所述存储器12内的计算机程序和/或模块,以及调用存储在存储器12内的数据,实现所述电子设备1的各种功能。所述存储器12可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据电子设备的使用所创建的数据(比如音频数据等)等。此外,存储器12可以包括非易失性存储器,例如硬盘、内存、插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)、至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。The memory 12 may be used to store the computer program and/or module, and the processor 13 runs or executes the computer program and/or module stored in the memory 12 and calls the data stored in the memory 12, Various functions of the electronic device 1 are realized. The memory 12 may mainly include a storage program area and a storage data area. The storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; the storage data area may Store data (such as audio data, etc.) created based on the use of electronic devices. In addition, the memory 12 may include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, a flash memory card (Flash Card), At least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
所述存储器12可以是电子设备1的外部存储器和/或内部存储器。进一步地,所述存储器12也可以是具有实物形式的非易失性存储器,如内存条、TF卡(Trans-flash Card)等。The memory 12 may be an external memory and/or an internal memory of the electronic device 1. Further, the memory 12 may also be a non-volatile memory in physical form, such as a memory stick, a TF card (Trans-flash Card), and so on.
所述电子设备1集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个非易失性可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以 通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。If the integrated module/unit of the electronic device 1 is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a non-volatile readable storage medium. Based on this understanding, this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile readable storage medium. When the computer program is executed by the processor, it can implement the steps of the foregoing method embodiments.
其中,所述计算机程序包括计算机可读指令代码,所述计算机可读指令代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述非易失性可读介质可以包括:能够携带所述计算机可读指令代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)等。Wherein, the computer program includes computer readable instruction code, and the computer readable instruction code may be in the form of source code, object code, executable file, or some intermediate form. The non-volatile readable medium may include: any entity or device capable of carrying the computer readable instruction code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) etc.
如图7所示,是本申请实现数据传输方法的较佳实施例的服务器的结构示意图。As shown in FIG. 7, it is a schematic diagram of the structure of the server in the preferred embodiment of the data transmission method according to the present application.
所述服务器2是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。The server 2 is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor and an application specific integrated circuit (ASIC) , Field-Programmable Gate Array (FPGA), Digital Processor (Digital Signal Processor, DSP), embedded equipment, etc.
所述服务器2还可以是但不限于任何一种可与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互的电子产品,例如,个人计算机、平板电脑、智能手机、个人数字助理(Personal Digital Assistant,PDA)、游戏机、交互式网络电视(Internet Protocol Television,IPTV)、智能式穿戴式设备等。The server 2 can also be, but is not limited to, any electronic product that can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device, for example, a personal computer, a tablet computer, a smart phone, Personal digital assistants (Personal Digital Assistant, PDA), game consoles, interactive network television (Internet Protocol Television, IPTV), smart wearable devices, etc.
所述服务器2还可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。The server 2 may also be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
所述服务器2所处的网络包括但不限于互联网、广域网、城域网、局域网、虚拟专用网络(Virtual Private Network,VPN)等。The network where the server 2 is located includes but is not limited to the Internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), etc.
在本申请的一个实施例中,所述服务器2包括,但不限于,存储设备22、处理设备23,以及存储在所述存储设备22中并可在所述处理设备23上运行的计算机程序,例如数据传输程序。In an embodiment of the present application, the server 2 includes, but is not limited to, a storage device 22, a processing device 23, and a computer program stored in the storage device 22 and running on the processing device 23, For example, data transfer programs.
本领域技术人员可以理解,所述示意图仅仅是服务器2的示例,并不构成对服务器2的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述服务器2还可以包括输入输出设备、网络接入设备、总线等。Those skilled in the art can understand that the schematic diagram is only an example of the server 2 and does not constitute a limitation on the server 2. It may include more or fewer components than those shown in the figure, or a combination of certain components, or different components. For example, the server 2 may also include input and output devices, network access devices, buses, and the like.
所述处理设备23可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等,所述处理设备23是所述服务器2的运算核心和控制中心,利用各种接口和线路连接整个服务器2的各个部分,及执行所述服务器2的操作系统以及安装的各类应用程序、程序代码等。The processing device 23 may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (ASIC), Ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc. The processing device 23 is the computing core and control center of the server 2 and connects the entire server 2 with various interfaces and lines. Each part, and executes the operating system of the server 2 and various installed applications, program codes, etc.
所述处理设备23执行所述服务器2的操作系统以及安装的各类应用程序。所述处理设备23执行所述应用程序以实现上述各个数据传输方法实施例中的步骤,例如图3所示的步骤S20、S21、S22、S23、S24、S25、S26、S27。The processing device 23 executes the operating system of the server 2 and various installed applications. The processing device 23 executes the application program to implement the steps in the foregoing data transmission method embodiments, such as steps S20, S21, S22, S23, S24, S25, S26, and S27 shown in FIG. 3.
或者,所述处理设备23执行所述计算机程序时实现上述各装置实施例中各模块/单元的功能,例如:当接收到所述电子设备发送的第一密文时,从所述第一密文的请求头中获取所述电子设备的设备指纹;根据所述设备指纹,确定与所述电子设备是否有通信记录;当与所述电子设备没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥;以所述第一密钥解密所述第一密文,得到第一待传输数据;根据所述第一待传输数据进行 检索,得到第二待传输数据;随机确定任意字符串,生成第一临时密钥;采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待传输数据进行加密,得到第二密文;将所述第二密文反馈至所述电子设备。Alternatively, when the processing device 23 executes the computer program, the function of each module/unit in the foregoing device embodiments is realized, for example: when the first ciphertext sent by the electronic device is received, the The device fingerprint of the electronic device is obtained from the request header of the text; according to the device fingerprint, it is determined whether there is a communication record with the electronic device; when there is no communication record with the electronic device, the device fingerprint is randomly extracted At least one character to generate the first key; decrypt the first cipher text with the first key to obtain the first data to be transmitted; search according to the first data to be transmitted to obtain the second data to be transmitted Data; randomly determine an arbitrary character string to generate a first temporary key; use advanced encryption standards to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second secret Text; feedback the second cipher text to the electronic device.
示例性的,所述计算机程序可以被分割成一个或多个模块,所述一个或者多个模块被存储在所述存储设备22中,并由所述处理设备23执行,以完成本申请。所述一个或多个模块可以是能够完成特定功能的一系列计算机可读指令段,该指令段用于描述所述计算机程序在所述服务器2中的执行过程。例如,所述计算机程序可以被分割成获取模块200、确定模块201、生成模块202、解密模块203、加密模块204、反馈模块205、记录模块206、保存模块207以及锁定模块208。Exemplarily, the computer program may be divided into one or more modules, and the one or more modules are stored in the storage device 22 and executed by the processing device 23 to complete the application. The one or more modules may be a series of computer-readable instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program in the server 2. For example, the computer program can be divided into an acquisition module 200, a determination module 201, a generation module 202, a decryption module 203, an encryption module 204, a feedback module 205, a recording module 206, a saving module 207, and a locking module 208.
所述存储设备22可用于存储所述计算机程序和/或模块,所述处理设备23通过运行或执行存储在所述存储设备22内的计算机程序和/或模块,以及调用存储在存储设备22内的数据,实现所述服务器2的各种功能。所述存储设备22可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据服务器的使用所创建的数据(比如音频数据等)等。此外,存储设备22可以包括非易失性存储器,例如硬盘、内存、插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)、至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。The storage device 22 can be used to store the computer program and/or module, and the processing device 23 runs or executes the computer program and/or module stored in the storage device 22 and calls the computer program and/or module stored in the storage device 22 , Realize various functions of the server 2. The storage device 22 may mainly include a storage program area and a storage data area. The storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; a storage data area Data (such as audio data, etc.) created according to the use of the server can be stored. In addition, the storage device 22 may include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a Secure Digital (SD) card, and a flash memory card (Flash Card). , At least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
所述存储设备22可以是服务器2的外部存储器和/或内部存储器。进一步地所述存储设备22可以是具有实物形式的非易失性存储器,如内存条、TF卡(Trans-flash Card)等等。The storage device 22 may be an external memory and/or an internal memory of the server 2. Further, the storage device 22 may be a non-volatile memory in physical form, such as a memory stick, a TF card (Trans-flash Card), and so on.
所述服务器2集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个非易失性可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性可读存储介质中,该计算机程序在被处理设备执行时,可实现上述各个方法实施例的步骤。If the integrated modules/units of the server 2 are implemented in the form of software functional units and sold or used as independent products, they can be stored in a non-volatile readable storage medium. Based on this understanding, this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile readable storage medium. When the computer program is executed by the processing device, it can implement the steps of the foregoing method embodiments.
其中,所述计算机程序包括计算机可读指令代码,所述计算机可读指令代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述非易失性可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)等。Wherein, the computer program includes computer readable instruction code, and the computer readable instruction code may be in the form of source code, object code, executable file, or some intermediate form. The non-volatile readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read- Only Memory) and so on.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the modules is only a logical function division, and there may be other division methods in actual implementation.
另外,在本申请各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能模块的形式实现。In addition, the functional modules in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional modules.
此外,显然“包括”一词不排除其他单元或步骤,单数不排除复数。系统权利要求中陈述的多个单元或装置也可以由一个单元或装置通过软件或者硬件来实现。第二等词语用来表示名称,而并不表示任何特定的顺序。In addition, it is obvious that the word "including" does not exclude other units or steps, and the singular does not exclude the plural. Multiple units or devices stated in the system claims can also be implemented by one unit or device through software or hardware. The second class words are used to indicate names, and do not indicate any specific order.
最后应说明的是,以上实施例仅用以说明本申请的技术方案而非限制,尽管参照较佳实施例对本申请进行了详细说明,本领域的普通技术人员应当理解,可以对本申请的技术方案进行修改或等同替换,而不脱离本申请技术 方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the application and not to limit them. Although the application has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the application can be Modifications or equivalent replacements are made without departing from the spirit and scope of the technical solution of this application.

Claims (20)

  1. 一种数据传输方法,应用于电子设备,所述电子设备与服务器相通信,其特征在于,所述方法包括:A data transmission method applied to an electronic device that communicates with a server, characterized in that the method includes:
    当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器是否有通信记录;When receiving a data transmission instruction, determine whether there is a communication record with the server according to the data transmission instruction;
    当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;When there is no communication record with the server, acquiring the device fingerprint of the electronic device;
    随机提取所述设备指纹中的至少一位字符,以生成第一密钥;Randomly extract at least one character in the device fingerprint to generate a first key;
    根据所述数据传输指令获取第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext;
    将所述第一密文发送至所述服务器;Sending the first ciphertext to the server;
    当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。When receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain the second data to be transmitted.
  2. 如权利要求1所述的数据传输方法,其特征在于,所述随机提取所述设备指纹中的至少一位字符,以生成第一密钥包括:The data transmission method according to claim 1, wherein said randomly extracting at least one character in said device fingerprint to generate a first key comprises:
    对所述至少一位字符进行取余运算,得到第一数值;Performing a remainder operation on the at least one character to obtain a first value;
    将所述第一数值相对配置数值进行逻辑运算,生成第一字符串;Performing a logical operation on the first value relative to the configuration value to generate a first character string;
    将所述第一字符串的各位累加,得到第二数值;Accumulate the bits of the first character string to obtain the second value;
    对所述第二数值进行取余运算,得到第三数值;Performing a remainder operation on the second value to obtain a third value;
    对所述第三数值进行进制转换,生成第二字符串;Performing a hexadecimal conversion on the third value to generate a second character string;
    拼接所述第一字符串及所述第二字符串,得到所述第一密钥。Splicing the first character string and the second character string to obtain the first key.
  3. 如权利要求1所述的数据传输方法,其特征在于,所述方法还包括:The data transmission method according to claim 1, wherein the method further comprises:
    在以所述第一密钥解密所述第二密文后,得到第一临时密钥;After decrypting the second ciphertext with the first key, a first temporary key is obtained;
    加密所述第一临时密钥;Encrypting the first temporary key;
    确定与所述数据传输指令对应的应用程序;Determining the application program corresponding to the data transmission instruction;
    将加密后的第一临时密钥保存在所述应用程序的存储目录中。The encrypted first temporary key is stored in the storage directory of the application program.
  4. 如权利要求3所述的数据传输方法,其特征在于,当与所述服务器有通信记录时,所述方法还包括:The data transmission method according to claim 3, wherein when there is a communication record with the server, the method further comprises:
    获取所述设备指纹;Acquiring the device fingerprint;
    从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥;Randomly extract at least one character from the device fingerprint and the first temporary key to generate a second key;
    根据所述数据传输指令获取所述第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第二密钥对所述第一待传输数据进行加密,得到第三密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the second key to obtain a third ciphertext;
    将所述第三密文发送至所述服务器。Sending the third ciphertext to the server.
  5. 一种数据传输方法,应用于服务器,所述服务器与电子设备相通信,其特征在于,所述方法包括:A data transmission method applied to a server that communicates with an electronic device, characterized in that the method includes:
    当接收到所述电子设备发送的第一密文时,从所述第一密文的请求头中获取所述电子设备的设备指纹;When receiving the first ciphertext sent by the electronic device, obtain the device fingerprint of the electronic device from the request header of the first ciphertext;
    根据所述设备指纹,确定与所述电子设备是否有通信记录;According to the fingerprint of the device, determine whether there is a communication record with the electronic device;
    当与所述电子设备没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥;When there is no communication record with the electronic device, randomly extract at least one character in the fingerprint of the device to generate a first key;
    以所述第一密钥解密所述第一密文,得到第一待传输数据;Decrypt the first ciphertext with the first key to obtain the first data to be transmitted;
    根据所述第一待传输数据进行检索,得到第二待传输数据;Searching according to the first data to be transmitted to obtain the second data to be transmitted;
    随机确定任意字符串,生成第一临时密钥;Randomly determine any character string and generate the first temporary key;
    采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待 传输数据进行加密,得到第二密文;Using an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext;
    将所述第二密文反馈至所述电子设备。The second ciphertext is fed back to the electronic device.
  6. 如权利要求5所述的数据传输方法,其特征在于,在随机确定任意字符串,生成第一临时密钥后,所述方法还包括:The data transmission method according to claim 5, wherein after randomly determining an arbitrary character string and generating the first temporary key, the method further comprises:
    记录所述第一临时密钥与所述设备指纹的对应关系;Record the correspondence between the first temporary key and the device fingerprint;
    将所述对应关系保存至预先配置的设备列表中;Saving the corresponding relationship to a pre-configured device list;
    其中,所述设备列表用于存储与所述服务器有通信记录的所有终端设备。Wherein, the device list is used to store all terminal devices that have communication records with the server.
  7. 如权利要求6所述的数据传输方法,其特征在于,所述根据所述设备指纹,确定与所述电子设备是否有通信记录包括:7. The data transmission method according to claim 6, wherein the determining whether there is a communication record with the electronic device according to the device fingerprint comprises:
    将所述设备指纹与所述设备列表进行匹配;Matching the device fingerprint with the device list;
    当所述设备列表中存在所述设备指纹时,确定与所述电子设备有通信记录;或者When the device fingerprint exists in the device list, it is determined that there is a communication record with the electronic device; or
    当所述设备列表中不存在所述设备指纹时,确定与所述电子设备没有通信记录。When the device fingerprint does not exist in the device list, it is determined that there is no communication record with the electronic device.
  8. 如权利要求5所述的数据传输方法,其特征在于,所述方法还包括:The data transmission method according to claim 5, wherein the method further comprises:
    当与所述电子设备有通信记录时,从所述设备列表中获取与所述设备指纹对应的所述第一临时密钥;When there is a communication record with the electronic device, obtain the first temporary key corresponding to the device fingerprint from the device list;
    从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥;Randomly extract at least one character from the device fingerprint and the first temporary key to generate a second key;
    当检测到以所述第二密钥无法解密时,获取预设时间内解密失败的次数;When it is detected that decryption cannot be performed with the second key, obtain the number of decryption failures within a preset time;
    当所述次数大于或者等于预设值时,锁定所述电子设备。When the number of times is greater than or equal to a preset value, the electronic device is locked.
  9. 一种电子设备,所述电子设备与服务器相通信,其特征在于,所述电子设备包括:An electronic device that communicates with a server, wherein the electronic device includes:
    存储器,存储至少一个计算机可读指令;及The memory stores at least one computer readable instruction; and
    处理器,执行所述至少一个计算机可读指令以实现以下步骤:The processor executes the at least one computer-readable instruction to implement the following steps:
    当接收到数据传输指令时,根据所述数据传输指令确定与所述服务器是否有通信记录;When receiving a data transmission instruction, determine whether there is a communication record with the server according to the data transmission instruction;
    当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;When there is no communication record with the server, acquiring the device fingerprint of the electronic device;
    随机提取所述设备指纹中的至少一位字符,以生成第一密钥;Randomly extract at least one character in the device fingerprint to generate a first key;
    根据所述数据传输指令获取第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext;
    将所述第一密文发送至所述服务器;Sending the first ciphertext to the server;
    当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。When receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain the second data to be transmitted.
  10. 如权利要求9所述的电子设备,其特征在于,所述处理器执行至少一个计算机可读指令以实现所述随机提取所述设备指纹中的至少一位字符,以生成第一密钥时,包括以下步骤:The electronic device according to claim 9, wherein the processor executes at least one computer-readable instruction to implement the random extraction of at least one character in the device fingerprint to generate the first key, It includes the following steps:
    对所述至少一位字符进行取余运算,得到第一数值;Performing a remainder operation on the at least one character to obtain a first value;
    将所述第一数值相对配置数值进行逻辑运算,生成第一字符串;Performing a logical operation on the first value relative to the configuration value to generate a first character string;
    将所述第一字符串的各位累加,得到第二数值;Accumulate the bits of the first character string to obtain the second value;
    对所述第二数值进行取余运算,得到第三数值;Performing a remainder operation on the second value to obtain a third value;
    对所述第三数值进行进制转换,生成第二字符串;Performing a hexadecimal conversion on the third value to generate a second character string;
    拼接所述第一字符串及所述第二字符串,得到所述第一密钥。Splicing the first character string and the second character string to obtain the first key.
  11. 如权利要求9所述的电子设备,其特征在于,所述处理器执行至少一个计算机可读指令还用以实现以下步骤:9. The electronic device of claim 9, wherein the processor executing at least one computer readable instruction is further used to implement the following steps:
    在以所述第一密钥解密所述第二密文后,得到第一临时密钥;After decrypting the second ciphertext with the first key, a first temporary key is obtained;
    加密所述第一临时密钥;Encrypting the first temporary key;
    确定与所述数据传输指令对应的应用程序;Determining the application program corresponding to the data transmission instruction;
    将加密后的第一临时密钥保存在所述应用程序的存储目录中。The encrypted first temporary key is stored in the storage directory of the application program.
  12. 如权利要求11所述的电子设备,其特征在于,当与所述服务器有通信记录时,所述处理器执行至少一个计算机可读指令还用以实现以下步骤:The electronic device of claim 11, wherein when there is a communication record with the server, the processor executing at least one computer-readable instruction is further used to implement the following steps:
    获取所述设备指纹;Acquiring the device fingerprint;
    从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥;Randomly extract at least one character from the device fingerprint and the first temporary key to generate a second key;
    根据所述数据传输指令获取所述第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第二密钥对所述第一待传输数据进行加密,得到第三密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the second key to obtain a third ciphertext;
    将所述第三密文发送至所述服务器。Sending the third ciphertext to the server.
  13. 一种服务器,所述服务器与电子设备相通信,其特征在于,所述服务器包括:A server that communicates with an electronic device, wherein the server includes:
    存储器,存储至少一个计算机可读指令;及The memory stores at least one computer readable instruction; and
    处理器,执行所述至少一个计算机可读指令以实现以下步骤:The processor executes the at least one computer-readable instruction to implement the following steps:
    当接收到所述电子设备发送的第一密文时,从所述第一密文的请求头中获取所述电子设备的设备指纹;When receiving the first ciphertext sent by the electronic device, obtain the device fingerprint of the electronic device from the request header of the first ciphertext;
    根据所述设备指纹,确定与所述电子设备是否有通信记录;According to the fingerprint of the device, determine whether there is a communication record with the electronic device;
    当与所述电子设备没有通信记录时,随机提取所述设备指纹中的至少一位字符,以生成第一密钥;When there is no communication record with the electronic device, randomly extract at least one character in the fingerprint of the device to generate a first key;
    以所述第一密钥解密所述第一密文,得到第一待传输数据;Decrypt the first ciphertext with the first key to obtain the first data to be transmitted;
    根据所述第一待传输数据进行检索,得到第二待传输数据;Searching according to the first data to be transmitted to obtain the second data to be transmitted;
    随机确定任意字符串,生成第一临时密钥;Randomly determine any character string and generate the first temporary key;
    采用高级加密标准,以所述第一密钥对所述第一临时密钥及所述第二待传输数据进行加密,得到第二密文;Using an advanced encryption standard to encrypt the first temporary key and the second data to be transmitted with the first key to obtain a second ciphertext;
    将所述第二密文反馈至所述电子设备。The second ciphertext is fed back to the electronic device.
  14. 如权利要求13所述的服务器,其特征在于,在随机确定任意字符串,生成第一临时密钥后,所述处理器执行至少一个计算机可读指令还用以实现以下步骤:The server of claim 13, wherein after randomly determining an arbitrary character string and generating the first temporary key, the processor executes at least one computer-readable instruction to further implement the following steps:
    记录所述第一临时密钥与所述设备指纹的对应关系;Record the correspondence between the first temporary key and the device fingerprint;
    将所述对应关系保存至预先配置的设备列表中;Saving the corresponding relationship to a pre-configured device list;
    其中,所述设备列表用于存储与所述服务器有通信记录的所有终端设备。Wherein, the device list is used to store all terminal devices that have communication records with the server.
  15. 如权利要求14所述的服务器,其特征在于,所述处理器执行至少一个计算机可读指令以实现所述根据所述设备指纹,确定与所述电子设备是否有通信记录时,包括:The server of claim 14, wherein the processor executes at least one computer-readable instruction to implement the determining whether there is a communication record with the electronic device according to the device fingerprint, comprising:
    将所述设备指纹与所述设备列表进行匹配;Matching the device fingerprint with the device list;
    当所述设备列表中存在所述设备指纹时,确定与所述电子设备有通信记录;或者When the device fingerprint exists in the device list, it is determined that there is a communication record with the electronic device; or
    当所述设备列表中不存在所述设备指纹时,确定与所述电子设备没有通信记录。When the device fingerprint does not exist in the device list, it is determined that there is no communication record with the electronic device.
  16. 如权利要求13所述的服务器,其特征在于,所述处理器执行至少一个计算机可读指令还用以实现以下步骤:The server of claim 13, wherein the processor executes at least one computer readable instruction to further implement the following steps:
    当与所述电子设备有通信记录时,从所述设备列表中获取与所述设备指纹对应的所述第一临时密钥;When there is a communication record with the electronic device, obtain the first temporary key corresponding to the fingerprint of the device from the device list;
    从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥;Randomly extract at least one character from the device fingerprint and the first temporary key to generate a second key;
    当检测到以所述第二密钥无法解密时,获取预设时间内解密失败的次数;When it is detected that decryption cannot be performed with the second key, obtain the number of decryption failures within a preset time;
    当所述次数大于或者等于预设值时,锁定所述电子设备。When the number of times is greater than or equal to a preset value, the electronic device is locked.
  17. 一种非易失性可读存储介质,其特征在于,所述非易失性可读存储介质中存储有至少一个计算机可读指令,所述至少一个计算机可读指令被电子设备中的处理器执行以实现以下步骤:A non-volatile readable storage medium, wherein the non-volatile readable storage medium stores at least one computer readable instruction, and the at least one computer readable instruction is used by a processor in an electronic device Perform the following steps:
    当接收到数据传输指令时,根据所述数据传输指令确定与服务器是否有通信记录;When receiving a data transmission instruction, determine whether there is a communication record with the server according to the data transmission instruction;
    当与所述服务器没有通信记录时,获取所述电子设备的设备指纹;When there is no communication record with the server, acquiring the device fingerprint of the electronic device;
    随机提取所述设备指纹中的至少一位字符,以生成第一密钥;Randomly extract at least one character in the device fingerprint to generate a first key;
    根据所述数据传输指令获取第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第一密钥对所述第一待传输数据进行加密,得到第一密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the first key to obtain the first ciphertext;
    将所述第一密文发送至所述服务器;Sending the first ciphertext to the server;
    当接收到所述服务器反馈的第二密文时,以所述第一密钥解密所述第二密文,得到第二待传输数据。When receiving the second ciphertext fed back by the server, decrypt the second ciphertext with the first key to obtain the second data to be transmitted.
  18. 如权利要求17所述的存储介质,其特征在于,所述至少一个计算机可读指令被处理器执行以实现所述随机提取所述设备指纹中的至少一位字符,以生成第一密钥时,包括以下步骤:The storage medium of claim 17, wherein the at least one computer-readable instruction is executed by a processor to implement the random extraction of at least one character in the device fingerprint to generate the first key , Including the following steps:
    对所述至少一位字符进行取余运算,得到第一数值;Performing a remainder operation on the at least one character to obtain a first value;
    将所述第一数值相对配置数值进行逻辑运算,生成第一字符串;Performing a logical operation on the first value relative to the configuration value to generate a first character string;
    将所述第一字符串的各位累加,得到第二数值;Accumulate the bits of the first character string to obtain the second value;
    对所述第二数值进行取余运算,得到第三数值;Performing a remainder operation on the second value to obtain a third value;
    对所述第三数值进行进制转换,生成第二字符串;Performing a hexadecimal conversion on the third value to generate a second character string;
    拼接所述第一字符串及所述第二字符串,得到所述第一密钥。Splicing the first character string and the second character string to obtain the first key.
  19. 如权利要求17所述的存储介质,其特征在于,所述至少一个计算机可读指令被处理器执行还用以实现以下步骤:18. The storage medium of claim 17, wherein the at least one computer readable instruction is executed by the processor to further implement the following steps:
    在以所述第一密钥解密所述第二密文后,得到第一临时密钥;After decrypting the second ciphertext with the first key, a first temporary key is obtained;
    加密所述第一临时密钥;Encrypting the first temporary key;
    确定与所述数据传输指令对应的应用程序;Determining the application program corresponding to the data transmission instruction;
    将加密后的第一临时密钥保存在所述应用程序的存储目录中。The encrypted first temporary key is stored in the storage directory of the application program.
  20. 如权利要求19所述的存储介质,其特征在于,当与所述服务器有通信记录时,所述至少一个计算机可读指令被处理器执行还用以实现以下步骤:The storage medium of claim 19, wherein when there is a communication record with the server, the at least one computer readable instruction is executed by the processor to further implement the following steps:
    获取所述设备指纹;Acquiring the device fingerprint;
    从所述设备指纹及所述第一临时密钥中随机提取至少一位字符,以生成第二密钥;Randomly extract at least one character from the device fingerprint and the first temporary key to generate a second key;
    根据所述数据传输指令获取所述第一待传输数据;Acquiring the first data to be transmitted according to the data transmission instruction;
    采用高级加密标准,以所述第二密钥对所述第一待传输数据进行加密,得到第三密文;Using an advanced encryption standard to encrypt the first data to be transmitted with the second key to obtain a third ciphertext;
    将所述第三密文发送至所述服务器。Sending the third ciphertext to the server.
PCT/CN2019/102865 2019-05-24 2019-08-27 Data transmission method, electronic device, server and storage medium WO2020237868A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910442274.9 2019-05-24
CN201910442274.9A CN110324143B (en) 2019-05-24 2019-05-24 Data transmission method, electronic device and storage medium

Publications (1)

Publication Number Publication Date
WO2020237868A1 true WO2020237868A1 (en) 2020-12-03

Family

ID=68119092

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/102865 WO2020237868A1 (en) 2019-05-24 2019-08-27 Data transmission method, electronic device, server and storage medium

Country Status (2)

Country Link
CN (1) CN110324143B (en)
WO (1) WO2020237868A1 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112637225A (en) * 2020-12-28 2021-04-09 厦门市美亚柏科信息股份有限公司 Data sending method, data receiving method, client and server
CN112637836A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112653539A (en) * 2020-12-29 2021-04-13 杭州趣链科技有限公司 Method, device and equipment for storing data to be stored
CN112738080A (en) * 2020-12-28 2021-04-30 中科恒运股份有限公司 Administrative data transmission encryption method and terminal equipment
CN112765615A (en) * 2020-12-07 2021-05-07 北京百度网讯科技有限公司 Data storage method and device and electronic equipment
CN113132484A (en) * 2021-04-20 2021-07-16 北京奇艺世纪科技有限公司 Data transmission method and device
CN113343662A (en) * 2021-06-28 2021-09-03 平安信托有限责任公司 Data landing method and device, electronic equipment and medium
CN113407964A (en) * 2021-06-17 2021-09-17 上海明略人工智能(集团)有限公司 Method, system, device, electronic equipment and readable storage medium for information encryption
CN113609366A (en) * 2021-08-04 2021-11-05 深圳市元征科技股份有限公司 Data acquisition method and device, terminal equipment and readable storage medium
CN113703995A (en) * 2021-08-13 2021-11-26 深圳市中博科创信息技术有限公司 Front-end and back-end data interaction method and device, electronic equipment and storage medium
CN113810189A (en) * 2021-10-27 2021-12-17 中电金信软件有限公司 Method and device for generating key picture
CN114120496A (en) * 2021-12-01 2022-03-01 中国建设银行股份有限公司 Unlocking control method, server, encryption component and device
CN114301681A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Service data transmission method and device, storage medium and electronic device
CN114401101A (en) * 2021-11-04 2022-04-26 华能信息技术有限公司 Data transmission method
CN114445922A (en) * 2022-01-11 2022-05-06 中国第一汽车股份有限公司 Secondary issuing method, device, equipment and storage medium for charging equipment
CN114499969A (en) * 2021-12-27 2022-05-13 天翼云科技有限公司 Communication message processing method and device, electronic equipment and storage medium
CN114553532A (en) * 2022-02-22 2022-05-27 深圳壹账通智能科技有限公司 Data secure transmission method and device, electronic equipment and storage medium
CN115331330A (en) * 2021-04-26 2022-11-11 华为技术有限公司 Unlocking method, key resetting method, device, terminal, lock and system
CN115348050A (en) * 2022-06-24 2022-11-15 国网浙江省电力有限公司嘉兴供电公司 Abnormal data transmission method for power distribution network equipment
WO2023046207A1 (en) * 2021-09-27 2023-03-30 苏州浪潮智能科技有限公司 Data transmission method and apparatus, and non-volatile computer-readable storage medium
CN115935388A (en) * 2022-12-05 2023-04-07 广州通则康威智能科技有限公司 Software package safety sending method, device, equipment and storage medium
CN117014229A (en) * 2023-09-28 2023-11-07 广州尚航信息科技股份有限公司 Service data safety transmission method and system
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication
CN117596086A (en) * 2024-01-19 2024-02-23 广东海洋大学 Commodity data encryption transmission method and system based on supply chain

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958218B (en) * 2019-10-16 2022-01-28 平安国际智慧城市科技股份有限公司 Data transmission method based on multi-network communication and related equipment
CN110855628A (en) * 2019-10-21 2020-02-28 南京磐固信息科技有限公司 Data transmission method and system
CN112825095B (en) * 2019-11-20 2024-10-18 北京京东尚科信息技术有限公司 Method, apparatus, electronic device and medium for protecting sensitive information in application
CN111159386A (en) * 2019-11-26 2020-05-15 深圳壹账通智能科技有限公司 Data generation method and device, electronic equipment and storage medium
CN111314320B (en) * 2020-01-20 2022-05-10 北京无限光场科技有限公司 Communication method, terminal, server and system based on HTTP
CN111783115A (en) * 2020-06-28 2020-10-16 京东数字科技控股有限公司 Data encryption storage method and device, electronic equipment and storage medium
CN112202557B (en) * 2020-11-17 2023-05-30 平安科技(深圳)有限公司 Encryption method, device, equipment and storage medium based on key update distribution
CN114205142B (en) * 2021-12-09 2023-05-30 建信金融科技有限责任公司 Data transmission method, device, electronic equipment and storage medium
CN114640510B (en) * 2022-03-02 2023-07-04 宁波三星医疗电气股份有限公司 Method for communication by adopting separated encryption server
CN114827671B (en) * 2022-03-21 2023-04-25 慧之安信息技术股份有限公司 Streaming media encryption transmission method based on hardware fingerprint

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010089723A1 (en) * 2009-02-08 2010-08-12 Infinite Memories Ltd. A circuit, system, device and method of authenticating a communication session and encrypting data thereof
CN105516183A (en) * 2015-12-30 2016-04-20 小米科技有限责任公司 Device connection method and device
CN106850220A (en) * 2017-02-22 2017-06-13 腾讯科技(深圳)有限公司 Data ciphering method, data decryption method and device
CN108718313A (en) * 2018-05-31 2018-10-30 深圳市文鼎创数据科技有限公司 Application of software data uses method, terminal device and server safely
CN109361508A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method, electronic equipment and computer readable storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4703591B2 (en) * 2007-03-20 2011-06-15 株式会社東芝 Information distribution system, distribution center apparatus, user terminal apparatus, and information distribution method
CN103118363B (en) * 2011-11-17 2016-07-27 中国电信股份有限公司 A kind of method of mutual biography secret information, system, terminal unit and platform device
CN107294937B (en) * 2016-04-11 2020-11-24 平安科技(深圳)有限公司 Data transmission method based on network communication, client and server
CN107707347B (en) * 2017-10-27 2020-10-23 深圳市文鼎创数据科技有限公司 User key backup method and device and user key importing method and device
CN107819569B (en) * 2017-12-14 2018-09-11 平安科技(深圳)有限公司 The encryption method and terminal device of log-on message
CN108718302A (en) * 2018-05-09 2018-10-30 北京邦邦共赢网络科技有限公司 A kind of synchronous method of Message Record, device and equipment
CN109150499B (en) * 2018-08-29 2021-06-08 深圳市迷你玩科技有限公司 Method and device for dynamically encrypting data, computer equipment and storage medium
CN109361512A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010089723A1 (en) * 2009-02-08 2010-08-12 Infinite Memories Ltd. A circuit, system, device and method of authenticating a communication session and encrypting data thereof
CN105516183A (en) * 2015-12-30 2016-04-20 小米科技有限责任公司 Device connection method and device
CN106850220A (en) * 2017-02-22 2017-06-13 腾讯科技(深圳)有限公司 Data ciphering method, data decryption method and device
CN108718313A (en) * 2018-05-31 2018-10-30 深圳市文鼎创数据科技有限公司 Application of software data uses method, terminal device and server safely
CN109361508A (en) * 2018-10-11 2019-02-19 深圳市捷恩斯威科技有限公司 Data transmission method, electronic equipment and computer readable storage medium

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112765615A (en) * 2020-12-07 2021-05-07 北京百度网讯科技有限公司 Data storage method and device and electronic equipment
CN112637836A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112637836B (en) * 2020-12-18 2023-08-11 珠海格力电器股份有限公司 Data processing method and device, electronic equipment and storage medium
CN112637225A (en) * 2020-12-28 2021-04-09 厦门市美亚柏科信息股份有限公司 Data sending method, data receiving method, client and server
CN112738080A (en) * 2020-12-28 2021-04-30 中科恒运股份有限公司 Administrative data transmission encryption method and terminal equipment
CN112637225B (en) * 2020-12-28 2023-04-14 厦门市美亚柏科信息股份有限公司 Data sending method, data receiving method, client and server
CN112653539B (en) * 2020-12-29 2023-06-20 杭州趣链科技有限公司 Storage method, device and equipment for data to be stored
CN112653539A (en) * 2020-12-29 2021-04-13 杭州趣链科技有限公司 Method, device and equipment for storing data to be stored
CN113132484A (en) * 2021-04-20 2021-07-16 北京奇艺世纪科技有限公司 Data transmission method and device
CN115331330A (en) * 2021-04-26 2022-11-11 华为技术有限公司 Unlocking method, key resetting method, device, terminal, lock and system
CN113407964A (en) * 2021-06-17 2021-09-17 上海明略人工智能(集团)有限公司 Method, system, device, electronic equipment and readable storage medium for information encryption
CN113407964B (en) * 2021-06-17 2024-02-13 上海明略人工智能(集团)有限公司 Method, system, device, electronic equipment and readable storage medium for information encryption
CN113343662A (en) * 2021-06-28 2021-09-03 平安信托有限责任公司 Data landing method and device, electronic equipment and medium
CN113609366A (en) * 2021-08-04 2021-11-05 深圳市元征科技股份有限公司 Data acquisition method and device, terminal equipment and readable storage medium
CN113703995B (en) * 2021-08-13 2024-04-16 深圳市中博科创信息技术有限公司 Front-end and back-end data interaction method and device, electronic equipment and storage medium
CN113703995A (en) * 2021-08-13 2021-11-26 深圳市中博科创信息技术有限公司 Front-end and back-end data interaction method and device, electronic equipment and storage medium
WO2023046207A1 (en) * 2021-09-27 2023-03-30 苏州浪潮智能科技有限公司 Data transmission method and apparatus, and non-volatile computer-readable storage medium
CN113810189A (en) * 2021-10-27 2021-12-17 中电金信软件有限公司 Method and device for generating key picture
CN113810189B (en) * 2021-10-27 2024-01-09 中电金信软件有限公司 Method and device for generating key picture
CN114401101A (en) * 2021-11-04 2022-04-26 华能信息技术有限公司 Data transmission method
CN114120496A (en) * 2021-12-01 2022-03-01 中国建设银行股份有限公司 Unlocking control method, server, encryption component and device
CN114499969A (en) * 2021-12-27 2022-05-13 天翼云科技有限公司 Communication message processing method and device, electronic equipment and storage medium
CN114499969B (en) * 2021-12-27 2023-06-23 天翼云科技有限公司 Communication message processing method and device, electronic equipment and storage medium
CN114301681A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Service data transmission method and device, storage medium and electronic device
CN114445922A (en) * 2022-01-11 2022-05-06 中国第一汽车股份有限公司 Secondary issuing method, device, equipment and storage medium for charging equipment
CN114553532A (en) * 2022-02-22 2022-05-27 深圳壹账通智能科技有限公司 Data secure transmission method and device, electronic equipment and storage medium
CN115348050A (en) * 2022-06-24 2022-11-15 国网浙江省电力有限公司嘉兴供电公司 Abnormal data transmission method for power distribution network equipment
CN115935388B (en) * 2022-12-05 2023-06-23 广州通则康威智能科技有限公司 Software package safe sending method, device, equipment and storage medium
CN115935388A (en) * 2022-12-05 2023-04-07 广州通则康威智能科技有限公司 Software package safety sending method, device, equipment and storage medium
CN117014229A (en) * 2023-09-28 2023-11-07 广州尚航信息科技股份有限公司 Service data safety transmission method and system
CN117014229B (en) * 2023-09-28 2024-01-05 广州尚航信息科技股份有限公司 Service data safety transmission method and system
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication
CN117336100B (en) * 2023-11-27 2024-02-23 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication
CN117596086A (en) * 2024-01-19 2024-02-23 广东海洋大学 Commodity data encryption transmission method and system based on supply chain
CN117596086B (en) * 2024-01-19 2024-04-05 广东海洋大学 Commodity data encryption transmission method and system based on supply chain

Also Published As

Publication number Publication date
CN110324143A (en) 2019-10-11
CN110324143B (en) 2022-03-11

Similar Documents

Publication Publication Date Title
WO2020237868A1 (en) Data transmission method, electronic device, server and storage medium
CN110799941B (en) Anti-theft and tamper-proof data protection
CN113545006B (en) Remote authorized access locked data storage device
US10284372B2 (en) Method and system for secure management of computer applications
CN113691502B (en) Communication method, device, gateway server, client and storage medium
JP4240297B2 (en) Terminal device, authentication terminal program, device authentication server, device authentication program
TWI578749B (en) Methods and apparatus for migrating keys
CN101051904B (en) Method for landing by account number cipher for protecting network application sequence
US9219722B2 (en) Unclonable ID based chip-to-chip communication
US8369521B2 (en) Smart card based encryption key and password generation and management
CN109714176B (en) Password authentication method, device and storage medium
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
CN113557689B (en) Initializing a data storage device with a manager device
US9641328B1 (en) Generation of public-private key pairs
CN114244508B (en) Data encryption method, device, equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN112948903A (en) Secret state search technical architecture and method for big data storage
WO2018043466A1 (en) Data extraction system, data extraction method, registration device, and program
WO2023061320A1 (en) Device identifier counterfeiting prevention method and apparatus, and electronic device
CN111935122B (en) Data security processing method and device
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
TW202222051A (en) Encryption method, terminal device, encryption system, and program
CN108985079B (en) Data verification method and verification system
KR20210129981A (en) Blockchain-based authentication system and method for preventing interception hacking attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19930342

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19930342

Country of ref document: EP

Kind code of ref document: A1