CN111107066A - Sensitive data transmission method and system, electronic device, storage medium - Google Patents
Sensitive data transmission method and system, electronic device, storage mediumDownload PDFInfo
- Publication number
- CN111107066A CN111107066ACN201911239322.0ACN201911239322ACN111107066ACN 111107066 ACN111107066 ACN 111107066ACN 201911239322 ACN201911239322 ACN 201911239322ACN 111107066 ACN111107066 ACN 111107066A
- Authority
- CN
- China
- Prior art keywords
- key
- sensitive data
- server
- browser
- encrypted file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription66
- 230000005540biological transmissionEffects0.000titleclaimsabstractdescription29
- 238000012545processingMethods0.000claimsdescription20
- 238000004891communicationMethods0.000claimsdescription19
- 230000004044responseEffects0.000claimsdescription4
- 230000008569processEffects0.000description8
- 238000010586diagramMethods0.000description7
- 238000005516engineering processMethods0.000description6
- 230000003993interactionEffects0.000description3
- 238000012795verificationMethods0.000description2
- 238000004590computer programMethods0.000description1
- 238000011161developmentMethods0.000description1
- 238000000802evaporation-induced self-assemblyMethods0.000description1
- 230000006870functionEffects0.000description1
- 238000012986modificationMethods0.000description1
- 230000004048modificationEffects0.000description1
- 230000003287optical effectEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Translated fromChinese
Description
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a data processing technology, and in particular, to a method and system for transmitting sensitive data, a server, a browser, an electronic device, and a storage medium.
Background
With the development of the internet, the financial industry and the information security technology, the transmission technology of sensitive data becomes a ring which cannot be lost in the real life of people. The security of the transmission technology of the sensitive data is the most concerned problem, so that all the transmission technologies of the sensitive data involve many encryption and decryption links.
In the prior art, each business system of each enterprise is provided with its own encryption and decryption module, and if the sensitive data is transmitted in the internet payment process, the encryption and decryption module of the corresponding enterprise performs decryption processing.
However, in the process of implementing the present disclosure, the inventors found that at least the following problems exist: the encryption and decryption flexibility is not strong due to the distributed management of the encryption module, and large-area data leakage is easily caused when the encryption module is attacked.
Disclosure of Invention
The disclosure provides a transmission method and system of sensitive data, a server, a browser, an electronic device and a storage medium, which are used for solving the problems that in the prior art, encryption and decryption flexibility is not strong due to decentralized management of encryption modules, and large-area data leakage is easily caused when the encryption modules are attacked.
In one aspect, an embodiment of the present disclosure provides a method for transmitting sensitive data, where the method includes:
receiving a request sent by a browser and used for acquiring a secret key;
randomly selecting a key pair from a database;
storing a private key in the key pair, and sending a public key in the key pair to the browser so that the browser can encrypt sensitive data based on the public key to obtain an encrypted file;
receiving an encrypted file sent by the browser;
and decrypting the encrypted file according to the private key so as to verify the sensitive data obtained by decryption.
In some embodiments, before the receiving a request sent by a browser for obtaining a key, the method includes:
randomly generating a plurality of key pairs;
storing the plurality of key pairs to the database.
In some embodiments, after said storing said plurality of key pairs to said database, said method further comprises:
and updating the plurality of key pairs in the database according to a preset time interval.
According to another aspect of the embodiments of the present disclosure, there is also provided a method for transmitting sensitive data, the method including:
in response to receiving the sensitive data, sending a request for obtaining a key to the server;
receiving a public key fed back by the server, wherein the public key is a public key in a key pair randomly selected by the server from a database;
encrypting the sensitive data based on the public key to obtain an encrypted file;
and sending the encrypted file to the server so that the server can decrypt the encrypted file based on a private key in the key pair to obtain the sensitive data and verify the sensitive data.
On the other hand, the embodiment of the present disclosure further provides a server, where the server includes:
the first communication module is used for receiving a request sent by a browser and used for acquiring a secret key and randomly selecting a secret key pair from a database;
the first processing module is used for storing a private key in the key pair and sending a public key in the key pair to the browser so that the browser can encrypt sensitive data based on the public key to obtain an encrypted file;
the first communication module is further used for receiving the encrypted file sent by the browser;
the first processing module is further configured to decrypt the encrypted file according to the private key, so as to verify the decrypted sensitive data.
In some embodiments, the first processing module is further configured to randomly generate a plurality of key pairs;
the first communication module is further configured to store the plurality of key pairs to the database;
the first processing module is further configured to update the plurality of key pairs in the database according to a preset time interval.
In some embodiments, the browser comprises:
the second communication module is used for responding to the received sensitive data, sending a request for obtaining a secret key to the server, and receiving a public key fed back by the server, wherein the public key is a public key in a secret key pair randomly selected by the server from a database;
the second processing module is used for encrypting the sensitive data based on the public key to obtain an encrypted file;
the second communication module is further configured to send the encrypted file to the server, so that the server decrypts the encrypted file based on a private key in the key pair to obtain the sensitive data, and verifies the sensitive data.
In another aspect, an embodiment of the present disclosure further provides a system for transmitting sensitive data, where the system includes: a server as in any preceding embodiment and a browser as in the preceding embodiment.
In another aspect, an embodiment of the present disclosure further provides an electronic device, including: a memory, a processor;
a memory for storing the processor-executable instructions;
wherein the processor, when executing the instructions in the memory, is configured to implement a method as in any of the embodiments above.
In another aspect, the disclosed embodiments also provide a computer-readable storage medium, in which computer-executable instructions are stored, and when executed by a processor, the computer-executable instructions are used to implement the method according to any one of the above embodiments.
The present disclosure provides a method and a system for transmitting sensitive data, a server, a browser, an electronic device, and a storage medium, including: the method comprises the steps of receiving a request sent by a browser and used for obtaining a secret key, randomly selecting a secret key pair from a database, storing a private key in the secret key pair, sending a public key in the secret key pair to the browser, so that the browser can encrypt sensitive data based on the public key to obtain an encrypted file, receiving the encrypted file sent by the browser, decrypting the encrypted file according to the private key to verify the decrypted sensitive data, saving the time for subsequently encrypting and decrypting the sensitive data by pre-generating and storing the secret key pair, improving the transmission efficiency of the sensitive data, and ensuring the security and reliability of encrypting and decrypting the sensitive data by randomly selecting the secret key pair.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic view of a scene of a transmission method of sensitive data according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of a transmission method of sensitive data according to an embodiment of the present disclosure;
fig. 3 is a schematic flow chart of a transmission method of sensitive data according to an embodiment of the present disclosure;
fig. 4 is an interaction diagram of a transmission method of sensitive data according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a server of an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a browser of an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure;
with the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
In the prior art, different enterprises are mainly used for setting different encryption and decryption modules to encrypt and decrypt the transmission of corresponding sensitive data, however, on one hand, the business systems of all enterprises are provided with the encryption and decryption modules, so that the flexibility of encryption and decryption in the transmission process of the sensitive data is not strong; on the other hand, when an encryption and decryption module of a certain enterprise is attacked, large-area leakage of corresponding sensitive data is easily caused. In order to solve the problems caused by the fact that different encryption and decryption modules are arranged through different enterprises to encrypt and decrypt transmission of corresponding sensitive data in the prior art, the inventor obtains the technical scheme implemented by the disclosure through creative labor. In the embodiment of the disclosure, a massive amount of key pairs are stored in a database in advance, when sensitive data needs to be transmitted, a request for obtaining a secret key is sent to a server by a browser, the server randomly selects a pair of key pairs from the massive amount of key pairs stored in the database, sends a public key in the key pair to the browser, encrypts the sensitive data based on the public key by the browser, and sends an encrypted file to the server, so that the server decrypts the encrypted file based on a private key in the key pair, since the massive amount of key pairs are stored in advance, time for generating the key pairs can be saved, and since the key pairs are randomly selected from the massive amount of key pairs, a 'one-time secret key pair' can be ensured, thereby improving security, and since encryption and decryption are realized through interaction between the browser and the server, therefore, the flexibility of encryption and decryption can be realized, and the encrypted data is prevented from being leaked in a large area.
The transmission method of the sensitive data provided by the embodiment of the disclosure can be applied to the application scenario shown in fig. 1.
In the application scenario shown in fig. 1, theuser 100 purchases a train ticket through theuser terminal 200, selects a payment treasure manner to pay a fee, and theuser 100 inputs a payment password on a payment interface displayed on theuser terminal 200. In order to prevent the payment password of theuser 100 from being leaked and to secure the property of theuser 100, the browser (not shown) sends a request for obtaining the key to theserver 300 when receiving the payment password.
Theserver 300 randomly selects a pair of key pairs from a database (wherein the database may be a local database set in theserver 300, or a database set independently of theserver 300, and theserver 300 may be a local server, or a cloud server), stores the private keys of the key pairs, and sends the public keys of the key pairs to the browser.
The browser encrypts the payment password based on the public key transmitted by theserver 300 to obtain an encrypted file, and transmits the encrypted file to theserver 300.
Theserver 300 decrypts the encrypted file sent by the browser based on the private key to obtain a payment password, verifies the payment password, and if the payment password is the same as the payment password set by theuser 100, executes a deduction operation and sends a prompt message for prompting that the payment is successful to the browser.
Theuser terminal 200 displays the prompt information. So far, theuser 100 succeeds in ticket purchase.
It should be noted that the above application scenarios are only used for exemplary illustration, and are not to be construed as limiting the application scenarios of the transmission method of sensitive data according to the embodiments of the present disclosure. For example, the transmission method of sensitive data according to the embodiment of the present disclosure may also be applied to mailbox binding, in an application scenario where the identity card information of a user needs to be verified; for another example, the transmission method of sensitive data according to the embodiment of the present disclosure may also be applied to an application scenario in which the academic background information of the user is verified, and the like.
The following describes the technical solutions of the present disclosure and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present disclosure will be described below with reference to the accompanying drawings.
In one aspect, the embodiment of the present disclosure provides a method for transmitting sensitive data suitable for the application scenario.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for transmitting sensitive data according to an embodiment of the disclosure.
As shown in fig. 2, the method includes:
s101: and receiving a request sent by the browser for obtaining the secret key.
The main body executing the transmission method of the sensitive data according to the embodiment of the present disclosure may be a server in the application scenario, and the detailed description will be given by taking the executing main body as the server.
S102: a key pair is randomly selected from the database.
The database may be a database in the server, or may be a database independent of the server. In the database, a large number of key pairs are stored in advance.
S103: and storing a private key in the key pair, and sending a public key in the key pair to the browser so that the browser can encrypt the sensitive data based on the public key to obtain an encrypted file.
Sensitive data, which may also be referred to as private data, includes, but is not limited to, name, identification number, address, phone, bank account, mailbox, password, medical information, and educational background.
The server sends the public key to the browser, and stores the private key so as to decrypt the encrypted file based on the public key.
S104: and receiving the encrypted file sent by the browser.
S105: and decrypting the encrypted file according to the private key so as to verify the sensitive data obtained by decryption.
In some embodiments, prior to S101, the method further comprises:
s011: a plurality of key pairs are randomly generated.
S012: a plurality of key pairs are stored to a database.
In some embodiments, a plurality of key pairs may be randomly generated by the server, where the number of key pairs is large, for example, the server randomly generates at least 500 ten thousand pairs of key pairs, so that the key pairs can be taken out of the database for use whenever they are needed. In addition, the huge number of key pairs also ensures that the key pairs taken each time are random enough, thereby ensuring the realization of one-time pad and improving the safety.
It should be noted that, a key generator may be provided in the server, the key generator generates a large number of key pairs, and the generated large number of key pairs are stored in the database; it is also possible to randomly generate a large number of key pairs by a key generator independent of the server and store the large number of key pairs in a database of the server or in a database independent of the server.
In some embodiments, the method further comprises: and updating the plurality of key pairs in the database according to a preset time interval.
According to another aspect of the embodiments of the present disclosure, a method for transmitting sensitive data is also provided.
Referring to fig. 3, fig. 3 is a flowchart illustrating a method for transmitting sensitive data according to an embodiment of the disclosure.
As shown in fig. 3, the method includes:
s201: in response to receiving the sensitive data, a request to obtain a key is sent to the server.
The main body of the method for transmitting the sensitive data according to the embodiment of the present disclosure may be a browser, and the method according to the embodiment of the present disclosure is described in detail by taking the browser as an example.
Based on the application scenario, if the browser receives the payment password sent by the user, a request for obtaining the secret key is sent to the server, so that the payment password is encrypted based on the public key fed back by the server, the security in the transmission process of the payment password is further realized, and the property loss of the user caused by the fact that the payment password is stolen is avoided.
In some embodiments, the browser sets a data type in advance, determines the type of certain data when the data is received, and if the data is determined to be the data type of sensitive data, executes S201; and if the data is judged to be non-sensitive data, namely the data is judged to be the data type of the common data, directly sending the data to the server.
S202: and receiving a public key fed back by the server, wherein the public key is the public key of a key pair randomly selected by the server from the database.
After the browser sends a request for obtaining the secret key to the server, the server randomly selects a secret key pair from the database and sends a public key in the secret key pair to the browser.
S203: and encrypting the sensitive data based on the public key to obtain an encrypted file.
In some embodiments, the browser encrypts the sensitive data through an RSA encryption algorithm to obtain an encrypted file.
S204: and sending the encrypted file to the server so that the server decrypts the encrypted file based on a private key in the key pair to obtain sensitive data and verifies the sensitive data.
The browser encrypts the sensitive data to obtain an encrypted file, then sends the obtained encrypted file to the server, and the server decrypts the encrypted file according to the private key to obtain the sensitive data and verifies the sensitive data.
For a more detailed understanding of the transmission method of the sensitive data according to the embodiment of the present disclosure, the transmission method of the sensitive data according to the embodiment of the present disclosure is described in detail with reference to fig. 4 (fig. 4 is an interaction schematic diagram of the transmission method of the sensitive data according to the embodiment of the present disclosure) as follows:
s1: the key generator generates a large number of key pairs including public keys and private keys, the number of key pairs being greater than or equal to 500 ten thousand pairs.
On one hand, the secret key generator generates the secret key pair in advance, so that the time for transmitting subsequent sensitive data can be saved, and the transmission efficiency is improved; on the other hand, a key generator generates a large number of key pairs in advance, so that a subsequent server can randomly select the key pairs from the large number of key pairs, the randomness of encryption and decryption is ensured, the reliability of encryption and decryption is improved, and the safety and reliability of sensitive data transmission are realized.
In some embodiments, the key generator regenerates the key pair according to a preset time interval to update the key pair.
S2: the key generator sends the mass key pairs to the database.
S3: the database stores the massive key pairs.
S4: the browser receives sensitive data sent by a user based on a user terminal.
S5: the browser sends a request for obtaining the key to the server.
S6: the server randomly chooses a key pair from the database.
The server can randomly select the key pair from the massive key pair, so that the realization of the one-time key pair can be ensured, and the safety is improved.
S7: and the server stores the private key in the key pair.
S8: the server sends the public key of the key pair to the browser.
S9: the browser encrypts the sensitive data according to the RSA and the public key to generate an encrypted file.
S10: the browser sends the encrypted file to the server.
S11: and the server decrypts the encrypted file according to the private key to obtain the sensitive data.
S12: and the server verifies the sensitive data to obtain a verification result.
S13: and the server sends the verification result to the browser.
According to another aspect of the embodiments of the present disclosure, there is also provided a server.
Referring to fig. 5, fig. 5 is a schematic diagram of a server according to an embodiment of the disclosure.
As shown in fig. 5, the server includes:
thefirst communication module 11 is configured to receive a request sent by a browser for obtaining a secret key, and randomly select a secret key pair from a database;
thefirst processing module 12 is configured to store a private key in the key pair, and send a public key in the key pair to the browser, so that the browser encrypts sensitive data based on the public key to obtain an encrypted file;
thefirst communication module 11 is further configured to receive an encrypted file sent by the browser;
thefirst processing module 12 is further configured to decrypt the encrypted file according to the private key, so as to verify the decrypted sensitive data.
In some embodiments, thefirst processing module 12 is further configured to randomly generate a plurality of key pairs;
thefirst communication module 11 is further configured to store the plurality of key pairs in the database;
thefirst processing module 12 is further configured to update the plurality of key pairs in the database according to a preset time interval.
According to another aspect of the disclosed embodiment, the disclosed embodiment further provides a browser.
Referring to fig. 6, fig. 6 is a schematic view of a browser according to an embodiment of the disclosure.
As shown in fig. 6, the browser includes:
thesecond communication module 21 is configured to send a request for obtaining a key to a server in response to receiving sensitive data, and receive a public key fed back by the server, where the public key is a public key in a key pair randomly selected by the server from a database;
thesecond processing module 22 is configured to encrypt the sensitive data based on the public key to obtain an encrypted file;
thesecond communication module 21 is further configured to send the encrypted file to the server, so that the server decrypts the encrypted file based on a private key in the key pair to obtain the sensitive data, and verifies the sensitive data.
According to another aspect of the embodiments of the present disclosure, there is also provided a transmission system of sensitive data, the system including: a server as claimed in any preceding embodiment and a browser as claimed in any preceding embodiment.
According to another aspect of the embodiments of the present disclosure, there is also provided an electronic device, including: a memory, a processor;
a memory for storing processor-executable instructions;
wherein, when executing the instructions in the memory, the processor is configured to implement the method of any of the embodiments above.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
As shown in fig. 7, the electronic device includes a memory and a processor, and the electronic device may further include a communication interface and a bus, wherein the processor, the communication interface, and the memory are connected by the bus; the processor is used to execute executable modules, such as computer programs, stored in the memory.
The Memory may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Via at least one communication interface, which may be wired or wireless), the communication connection between the network element of the system and at least one other network element may be implemented using the internet, a wide area network, a local network, a metropolitan area network, etc.
The bus may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc.
The memory is used for storing a program, and the processor executes the program after receiving an execution instruction.
The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The steps of the method disclosed in connection with the embodiments of the present disclosure may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
According to another aspect of the embodiments of the present disclosure, there is also provided a computer-readable storage medium having stored therein computer-executable instructions, which when executed by a processor, are configured to implement the method according to any one of the embodiments.
The reader should understand that in the description of this specification, reference to the description of the terms "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present disclosure. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present disclosure.
In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be substantially or partially contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should also be understood that, in the embodiments of the present disclosure, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present disclosure.
While the present disclosure has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (10)
1. A method for transmitting sensitive data, the method comprising:
receiving a request sent by a browser and used for acquiring a secret key;
randomly selecting a key pair from a database;
storing a private key in the key pair, and sending a public key in the key pair to the browser so that the browser can encrypt sensitive data based on the public key to obtain an encrypted file;
receiving an encrypted file sent by the browser;
and decrypting the encrypted file according to the private key so as to verify the sensitive data obtained by decryption.
2. The method according to claim 1, wherein before the receiving the request for obtaining the key sent by the browser, the method comprises:
randomly generating a plurality of key pairs;
storing the plurality of key pairs to the database.
3. The method of claim 1, wherein after said storing the plurality of key pairs to the database, the method further comprises:
and updating the plurality of key pairs in the database according to a preset time interval.
4. A method for transmitting sensitive data, the method comprising:
in response to receiving the sensitive data, sending a request for obtaining a key to the server;
receiving a public key fed back by the server, wherein the public key is a public key in a key pair randomly selected by the server from a database;
encrypting the sensitive data based on the public key to obtain an encrypted file;
and sending the encrypted file to the server so that the server can decrypt the encrypted file based on a private key in the key pair to obtain the sensitive data and verify the sensitive data.
5. A server, characterized in that the server comprises:
the first communication module is used for receiving a request sent by a browser and used for acquiring a secret key and randomly selecting a secret key pair from a database;
the first processing module is used for storing a private key in the key pair and sending a public key in the key pair to the browser so that the browser can encrypt sensitive data based on the public key to obtain an encrypted file;
the first communication module is further used for receiving the encrypted file sent by the browser;
the first processing module is further configured to decrypt the encrypted file according to the private key, so as to verify the decrypted sensitive data.
6. The server according to claim 5, wherein the first processing module is further configured to randomly generate a plurality of key pairs;
the first communication module is further configured to store the plurality of key pairs to the database;
the first processing module is further configured to update the plurality of key pairs in the database according to a preset time interval.
7. A browser, the browser comprising:
the second communication module is used for responding to the received sensitive data, sending a request for obtaining a secret key to the server, and receiving a public key fed back by the server, wherein the public key is a public key in a secret key pair randomly selected by the server from a database;
the second processing module is used for encrypting the sensitive data based on the public key to obtain an encrypted file;
the second communication module is further configured to send the encrypted file to the server, so that the server decrypts the encrypted file based on a private key in the key pair to obtain the sensitive data, and verifies the sensitive data.
8. A system for transmission of sensitive data, the system comprising: a server according to claim 5 and a browser according to claim 7.
9. An electronic device, comprising: a memory, a processor;
a memory for storing the processor-executable instructions;
wherein the processor, when executing the instructions in the memory, is configured to implement the method of any of claims 1 to 3; or,
the processor, when executing the instructions in the memory, is configured to implement the method of claim 4.
10. A computer-readable storage medium having stored therein computer-executable instructions for implementing the method of any one of claims 1 to 3 when executed by a processor; or,
the computer executable instructions when executed by a processor are for implementing the method of claim 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911239322.0ACN111107066A (en) | 2019-12-06 | 2019-12-06 | Sensitive data transmission method and system, electronic device, storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911239322.0ACN111107066A (en) | 2019-12-06 | 2019-12-06 | Sensitive data transmission method and system, electronic device, storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111107066Atrue CN111107066A (en) | 2020-05-05 |
Family
ID=70422460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911239322.0APendingCN111107066A (en) | 2019-12-06 | 2019-12-06 | Sensitive data transmission method and system, electronic device, storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111107066A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111596938A (en)* | 2020-05-15 | 2020-08-28 | 青岛海米飞驰智能科技有限公司 | Embedded device firmware security upgrade method, system, terminal and storage medium |
| CN111756522A (en)* | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN111783115A (en)* | 2020-06-28 | 2020-10-16 | 京东数字科技控股有限公司 | Data encryption storage method, device, electronic device and storage medium |
| CN111783120A (en)* | 2020-06-30 | 2020-10-16 | 曙光信息产业(北京)有限公司 | A data interaction method, computing device, BMC chip and electronic device |
| CN111832040A (en)* | 2020-05-27 | 2020-10-27 | 福建亿能达信息技术股份有限公司 | Risk coefficient evaluation system, device and medium based on public and private key encryption |
| CN112235261A (en)* | 2020-09-26 | 2021-01-15 | 建信金融科技有限责任公司 | Message encryption and decryption method and device, electronic equipment and readable storage medium |
| CN112688989A (en)* | 2020-12-08 | 2021-04-20 | 北京北信源软件股份有限公司 | Document transmission method and system |
| CN113794735A (en)* | 2021-09-29 | 2021-12-14 | 北京雅丁信息技术有限公司 | Sensitive data security protection method under SAAS system scene |
| CN114024754A (en)* | 2021-11-08 | 2022-02-08 | 浙江力石科技股份有限公司 | Method and system for running encryption of application system software |
| CN114244522A (en)* | 2021-12-09 | 2022-03-25 | 山石网科通信技术股份有限公司 | Information protection method and device, electronic equipment and computer readable storage medium |
| CN114363894A (en)* | 2020-09-27 | 2022-04-15 | 华为技术有限公司 | Data transmission method and device |
| CN114826729A (en)* | 2022-04-22 | 2022-07-29 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN115033864A (en)* | 2021-09-14 | 2022-09-09 | 荣耀终端有限公司 | Authentication method, system and electronic device |
| CN115065561A (en)* | 2022-08-17 | 2022-09-16 | 深圳市乙辰科技股份有限公司 | Information interaction method and system based on database data storage |
| CN115632844A (en)* | 2022-10-12 | 2023-01-20 | 珠海格力电器股份有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN116418527A (en)* | 2021-12-30 | 2023-07-11 | 北京国双科技有限公司 | Front-end and back-end separated data transmission method, system and device |
| CN116668133A (en)* | 2023-06-06 | 2023-08-29 | 平安银行股份有限公司 | Data encryption transmission method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991563A (en)* | 2015-02-05 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and apparatus of protecting safety of sensitive data, and third party service system |
| CN106302452A (en)* | 2016-08-15 | 2017-01-04 | 北京信安世纪科技有限公司 | Data encryption and decryption method and apparatus |
| CN107147636A (en)* | 2017-05-03 | 2017-09-08 | 北京小米移动软件有限公司 | Mail transmission method and device |
| CN108156143A (en)* | 2017-12-14 | 2018-06-12 | 上海格尔安全科技有限公司 | Safety communicating method between Android application programs based on credible performing environment |
| CN110071940A (en)* | 2019-05-06 | 2019-07-30 | 深圳市网心科技有限公司 | Software package encipher-decipher method, server, user equipment and storage medium |
- 2019
- 2019-12-06CNCN201911239322.0Apatent/CN111107066A/enactivePending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991563A (en)* | 2015-02-05 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and apparatus of protecting safety of sensitive data, and third party service system |
| CN106302452A (en)* | 2016-08-15 | 2017-01-04 | 北京信安世纪科技有限公司 | Data encryption and decryption method and apparatus |
| CN107147636A (en)* | 2017-05-03 | 2017-09-08 | 北京小米移动软件有限公司 | Mail transmission method and device |
| CN108156143A (en)* | 2017-12-14 | 2018-06-12 | 上海格尔安全科技有限公司 | Safety communicating method between Android application programs based on credible performing environment |
| CN110071940A (en)* | 2019-05-06 | 2019-07-30 | 深圳市网心科技有限公司 | Software package encipher-decipher method, server, user equipment and storage medium |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111596938A (en)* | 2020-05-15 | 2020-08-28 | 青岛海米飞驰智能科技有限公司 | Embedded device firmware security upgrade method, system, terminal and storage medium |
| CN111832040A (en)* | 2020-05-27 | 2020-10-27 | 福建亿能达信息技术股份有限公司 | Risk coefficient evaluation system, device and medium based on public and private key encryption |
| CN111756522A (en)* | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN111783115A (en)* | 2020-06-28 | 2020-10-16 | 京东数字科技控股有限公司 | Data encryption storage method, device, electronic device and storage medium |
| CN111783120A (en)* | 2020-06-30 | 2020-10-16 | 曙光信息产业(北京)有限公司 | A data interaction method, computing device, BMC chip and electronic device |
| CN112235261A (en)* | 2020-09-26 | 2021-01-15 | 建信金融科技有限责任公司 | Message encryption and decryption method and device, electronic equipment and readable storage medium |
| CN114363894A (en)* | 2020-09-27 | 2022-04-15 | 华为技术有限公司 | Data transmission method and device |
| CN114363894B (en)* | 2020-09-27 | 2024-06-04 | 花瓣云科技有限公司 | Data transmission method and device |
| CN112688989A (en)* | 2020-12-08 | 2021-04-20 | 北京北信源软件股份有限公司 | Document transmission method and system |
| CN115033864A (en)* | 2021-09-14 | 2022-09-09 | 荣耀终端有限公司 | Authentication method, system and electronic device |
| CN113794735A (en)* | 2021-09-29 | 2021-12-14 | 北京雅丁信息技术有限公司 | Sensitive data security protection method under SAAS system scene |
| CN114024754A (en)* | 2021-11-08 | 2022-02-08 | 浙江力石科技股份有限公司 | Method and system for running encryption of application system software |
| CN114244522B (en)* | 2021-12-09 | 2024-05-03 | 山石网科通信技术股份有限公司 | Information protection method, device, electronic equipment and computer readable storage medium |
| CN114244522A (en)* | 2021-12-09 | 2022-03-25 | 山石网科通信技术股份有限公司 | Information protection method and device, electronic equipment and computer readable storage medium |
| CN116418527A (en)* | 2021-12-30 | 2023-07-11 | 北京国双科技有限公司 | Front-end and back-end separated data transmission method, system and device |
| CN114826729A (en)* | 2022-04-22 | 2022-07-29 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN114826729B (en)* | 2022-04-22 | 2024-05-28 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN115065561A (en)* | 2022-08-17 | 2022-09-16 | 深圳市乙辰科技股份有限公司 | Information interaction method and system based on database data storage |
| CN115632844A (en)* | 2022-10-12 | 2023-01-20 | 珠海格力电器股份有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN116668133A (en)* | 2023-06-06 | 2023-08-29 | 平安银行股份有限公司 | Data encryption transmission method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111107066A (en) | Sensitive data transmission method and system, electronic device, storage medium | |
| AU2021203815B2 (en) | Methods for secure cryptogram generation | |
| CN110519260B (en) | Information processing method and information processing device | |
| CN108809646B (en) | Secure shared key sharing system | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| US12273440B2 (en) | Blockchain data access authorization method, apparatus, and device | |
| CN113572715A (en) | Blockchain-based data transmission method and system | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| US20220286291A1 (en) | Secure environment for cryptographic key generation | |
| CN113592484B (en) | Account opening method, system and device | |
| CN107707562A (en) | Method and device for asymmetric dynamic token encryption and decryption algorithm | |
| CN111628863A (en) | Data signature method and device, electronic equipment and storage medium | |
| CN113868713A (en) | Data verification method and device, electronic equipment and storage medium | |
| CN115914294A (en) | Vehicle system upgrading method, device and equipment | |
| CN109688158B (en) | Financial execution chain authentication method, electronic device and storage medium | |
| CN115134093B (en) | Digital signature method and computing device | |
| JP2013179473A (en) | Account generation management system, account generation management server, account generation management method, account generation management program | |
| CN119918038A (en) | Data processing method and device based on blockchain wallet | |
| CN111641507A (en) | Software communication system structure component registration management method and device | |
| CN116132086A (en) | Network communication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20200505 |