CN115396153A - Data communication method, computer equipment and storage medium - Google Patents

Data communication method, computer equipment and storage medium Download PDF

Info

Publication number
CN115396153A
CN115396153A CN202210891800.1A CN202210891800A CN115396153A CN 115396153 A CN115396153 A CN 115396153A CN 202210891800 A CN202210891800 A CN 202210891800A CN 115396153 A CN115396153 A CN 115396153A
Authority
CN
China
Prior art keywords
message
client
key
information
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210891800.1A
Other languages
Chinese (zh)
Inventor
王涛聪
刘涛
翁亦发
曾祥林
陈志峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Gever Software Technology Co ltd
Original Assignee
Guangdong Gever Software Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Gever Software Technology Co ltd filed Critical Guangdong Gever Software Technology Co ltd
Priority to CN202210891800.1A priority Critical patent/CN115396153A/en
Publication of CN115396153A publication Critical patent/CN115396153A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明公开了一种数据通信方法、服务器及计算机设备,该方法包括,由服务端执行,获取客户端的标识信息,根据客户端的标识信息可以生成以与客户端所对应的唯一的非对称加密的公钥和私钥,进一步地将生成的公钥发送至客户端,并获取客户端反馈的根据公钥进行加密后的报文信息,由于与客户端对应的公钥和私钥只有服务端知道,因此在获取到客户端的报文信息之后,可以根据私钥对报文信息进行直接解密,准确的获取报文信息中的客户端的对称加密的密钥,并在获取密钥之后,根据密钥加密应答报文,并发送至客户端进行应答,同时将密钥进行存储以便在后续与客户端根据此密钥进行数据通信。

Figure 202210891800

The invention discloses a data communication method, server and computer equipment. The method includes: executing by the server, acquiring the identification information of the client, and generating a unique asymmetrically encrypted data corresponding to the client according to the identification information of the client. Public key and private key, and further send the generated public key to the client, and obtain the message information encrypted by the public key fed back by the client, because only the server knows the public key and private key corresponding to the client , so after obtaining the message information of the client, the message information can be directly decrypted according to the private key, and the symmetric encryption key of the client in the message information can be accurately obtained, and after obtaining the key, according to the key The response message is encrypted and sent to the client for response, and the key is stored for subsequent data communication with the client based on the key.

Figure 202210891800

Description

一种数据通信方法、计算机设备及存储介质A data communication method, computer equipment and storage medium

技术领域technical field

本发明涉及通信技术领域,具体涉及一种数据通信方法、计算机设备及存储介质。The present invention relates to the technical field of communication, in particular to a data communication method, computer equipment and a storage medium.

背景技术Background technique

目前企业在进行财务结算,工资方法等需要去银行进行对接的业务时,往往需要借助各类安全硬件或者软件来进行多次信息录入来确保信息的安全。这种企业和银行对接的方法同时也存在着操作步骤繁琐,进一步导致工作效率低的问题。因此,亟待提出一种安全的企业和银行直接对接的方法。At present, when enterprises need to go to the bank for docking business such as financial settlement and salary method, they often need to use various security hardware or software to perform multiple information entry to ensure information security. At the same time, this method of connecting enterprises and banks also has cumbersome operation steps, which further leads to the problem of low work efficiency. Therefore, it is urgent to propose a safe method for direct connection between enterprises and banks.

发明内容Contents of the invention

因此,为解决现有技术的不足,本发明实施例提供了一种数据通信方法、装置及计算机设备。Therefore, in order to solve the deficiencies of the prior art, embodiments of the present invention provide a data communication method, device and computer equipment.

根据第一方面,本发明实施例公开了一种数据通信方法,包括:由服务端执行,包括:获取客户端的标识信息;According to the first aspect, the embodiment of the present invention discloses a data communication method, including: executed by the server, including: acquiring identification information of the client;

根据标识信息生成非对称加密的公钥和私钥;Generate public and private keys for asymmetric encryption based on identification information;

将公钥发送至与客户端;Send the public key to the client;

获取客户端反馈的利用公钥进行加密后的报文信息;Obtain the message information encrypted by the public key fed back by the client;

利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥,并根据标识信息对密钥进行存储,以便向客户端发送利用密钥加密后的应答报文。Use the private key to decrypt the message information to obtain the symmetric encryption key sent by the client, and store the key according to the identification information, so as to send the response message encrypted with the key to the client.

可选地,报文信息包括报文首部和报文正文,利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥,具体包括:Optionally, the message information includes the message header and the message body, and the private key is used to decrypt the message information to obtain the symmetric encryption key sent by the client, which specifically includes:

根据报文首部,确定报文正文的报文类型;Determine the message type of the message body according to the message header;

根据报文类型,利用与报文信息对应的私钥对报文正文进行解密,得到客户端发送的对称加密的密钥,其中客户端仅利用公钥对报文正文进行加密。According to the message type, use the private key corresponding to the message information to decrypt the message body to obtain the symmetric encryption key sent by the client, where the client only uses the public key to encrypt the message body.

可选地,服务端包括多个处理器,在根据报文标识,利用与报文标识对应的私钥对报文正文进行解密,得到客户端发送的对称加密的密钥之后,方法还包括:Optionally, the server includes a plurality of processors, and after decrypting the message body with a private key corresponding to the message ID according to the message ID to obtain the symmetric encryption key sent by the client, the method further includes:

根据报文类型,将报文正文对应的业务发送至对应的处理器进行处理。According to the message type, the service corresponding to the message body is sent to the corresponding processor for processing.

根据第二方面,本发明实施例还公开了一种数据通信方法,由客户端执行,包括:获取客户端的标识信息;According to the second aspect, the embodiment of the present invention also discloses a data communication method executed by a client, including: acquiring identification information of the client;

根据标识信息生成对称加密的密钥;Generate a symmetric encryption key based on the identification information;

获取服务端发送的公钥;Obtain the public key sent by the server;

利用公钥对密钥进行加密,得到报文信息;Use the public key to encrypt the key to obtain message information;

将报文信息发送至服务端;Send the message information to the server;

在获取到服务端根据报文信息反馈的应答报文后,将密钥进行存储,以便根据密钥对报文正文进行加密。After obtaining the response message fed back by the server according to the message information, the key is stored so as to encrypt the message body according to the key.

可选地,报文信息包括报文首部和报文正文,利用与标识信息对应的公钥对密钥进行加密,得到报文信息,具体包括:Optionally, the message information includes a message header and a message body, and the public key corresponding to the identification information is used to encrypt the key to obtain the message information, which specifically includes:

利用公钥对密钥进行加密,得到报文正文;Use the public key to encrypt the key to obtain the text of the message;

根据标识信息和报文正文,确定报文首部;Determine the message header according to the identification information and the message body;

根据报文正文和报文首部,得到报文信息。According to the message body and the message header, the message information is obtained.

可选地,标识信息包括客户端ID和客户端进程,Optionally, the identification information includes a client ID and a client process,

每隔预设时间,客户端根据客户端ID和客户端进程生成对称加密的密钥,以便后续根据服务端发送的公钥对密钥进行加密,得到新的报文信息。Every preset time, the client generates a symmetric encryption key according to the client ID and the client process, so that the key can be encrypted according to the public key sent by the server to obtain new message information.

根据第三方面,本发明实施例还公开了一种服务器,包括:至少一个处理器;以及与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器执行如第一方面或第一方面任一可选实施方式的数据通信方法的步骤。According to the third aspect, the embodiment of the present invention also discloses a server, including: at least one processor; and a memory connected in communication with the at least one processor; wherein, the memory stores instructions that can be executed by the at least one processor, the instruction Executed by at least one processor, so that at least one processor executes the steps of the data communication method according to the first aspect or any optional implementation manner of the first aspect.

根据第四方面,本发明实施例还公开了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被服务器执行时实现如第一方面或第一方面任一可选实施方式的数据通信方法的步骤。According to the fourth aspect, the embodiment of the present invention also discloses a computer-readable storage medium, on which a computer program is stored. When the computer program is executed by the server, the data according to the first aspect or any optional implementation manner of the first aspect can be realized. The steps of the communication method.

根据第五方面,本发明实施例还公开了一种计算机设备,包括:至少一个处理器;以及与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器执行如第二方面或第二方面任一可选实施方式的数据通信方法的步骤。According to the fifth aspect, the embodiment of the present invention also discloses a computer device, including: at least one processor; and a memory connected in communication with the at least one processor; wherein, the memory stores instructions executable by the at least one processor, The instructions are executed by at least one processor, so that the at least one processor executes the steps of the data communication method according to the second aspect or any optional implementation manner of the second aspect.

根据第五方面,本发明实施例还公开了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被计算机设备执行时实现如第二方面或第二方面任一可选实施方式的数据通信方法的步骤。According to the fifth aspect, the embodiment of the present invention also discloses a computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a computer device, the second aspect or any optional implementation manner of the second aspect can be realized. The steps of the data communication method.

本发明技术方案,具有如下优点:The technical solution of the present invention has the following advantages:

本发明提供的数据通信方法、装置及计算机设备,应用于服务端,获取客户端的标识信息,根据标识信息生成非对称加密的公钥和私钥后,将公钥发送至客户端,进一步获取客户端反馈的利用公钥进行加密后的报文信息,最后利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥,并根据标识信息对密钥进行存储,以便向客户端发送利用该密钥加密后的应答报文。The data communication method, device and computer equipment provided by the present invention are applied to the server to obtain the identification information of the client, and after generating an asymmetrically encrypted public key and private key according to the identification information, the public key is sent to the client to further obtain the client The message information that is encrypted by the public key fed back by the client, and finally the message information is decrypted by the private key to obtain the symmetric encryption key sent by the client, and the key is stored according to the identification information, so as to send the message to the client Send the response message encrypted with the key.

通过此方式,获取客户端的标识信息,根据客户端的标识信息可以生成以与客户端所对应的唯一的非对称加密的公钥和私钥,进一步地将生成的公钥发送至客户端,并获取客户端反馈的根据公钥进行加密后的报文信息,由于与客户端对应的公钥和私钥只有服务端知道,因此在获取到客户端的报文信息之后,可以根据私钥对报文信息进行直接解密,准确的获取报文信息中的客户端的对称加密的密钥,并在获取密钥之后,根据密钥加密应答报文,并发送至客户端进行应答,同时将密钥进行存储以便在后续与客户端根据此密钥进行数据通信。In this way, the identification information of the client is obtained, and the unique asymmetric encrypted public key and private key corresponding to the client can be generated according to the identification information of the client, and the generated public key is further sent to the client, and obtained The client feeds back the message information encrypted according to the public key. Since the public key and private key corresponding to the client are only known by the server, after obtaining the message information of the client, the message information can be encrypted according to the private key. Perform direct decryption, accurately obtain the client's symmetric encryption key in the message information, and after obtaining the key, encrypt the response message according to the key, send it to the client for response, and store the key for In the subsequent data communication with the client according to this key.

附图说明Description of drawings

为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the specific implementation of the present invention or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings that need to be used in the specific implementation or description of the prior art. Obviously, the accompanying drawings in the following description The drawings show some implementations of the present invention, and those skilled in the art can obtain other drawings based on these drawings without any creative work.

图1为本发明实施例中数据通信方法的一个具体示例的流程图;Fig. 1 is a flowchart of a specific example of a data communication method in an embodiment of the present invention;

图2为本发明实施例中数据通信系统的一个具体示例的流程图;Fig. 2 is the flowchart of a specific example of the data communication system in the embodiment of the present invention;

图3为本发明实施例中数据通信方法的一个具体示例的流程图;FIG. 3 is a flowchart of a specific example of a data communication method in an embodiment of the present invention;

图4为本发明实施例中数据通信方法的一个具体示例的示意图;FIG. 4 is a schematic diagram of a specific example of a data communication method in an embodiment of the present invention;

图5为本发明实施例中数据通信方法的一个具体示例的流程图;FIG. 5 is a flowchart of a specific example of a data communication method in an embodiment of the present invention;

图6为本发明实施例中数据通信方法的一个具体示例的流程图;FIG. 6 is a flowchart of a specific example of a data communication method in an embodiment of the present invention;

图7为本发明实施例中数据通信系统的一个具体示例的交互示意图;FIG. 7 is an interactive schematic diagram of a specific example of a data communication system in an embodiment of the present invention;

图8为本发明实施例中数据通信装置的一个具体示例的原理框图;FIG. 8 is a functional block diagram of a specific example of a data communication device in an embodiment of the present invention;

图9为本发明实施例中数据通信装置的一个具体示例的原理框图;FIG. 9 is a functional block diagram of a specific example of a data communication device in an embodiment of the present invention;

图10为本发明实施例中计算机设备的一个具体示例图;Fig. 10 is a specific example diagram of computer equipment in the embodiment of the present invention;

图11为本发明实施例中计算机设备的一个具体示例图。Fig. 11 is a diagram of a specific example of computer equipment in the embodiment of the present invention.

具体实施方式Detailed ways

下面将结合附图对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below in conjunction with the accompanying drawings. Apparently, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

在本发明的描述中,需要说明的是,术语“中心”、“上”、“下”、“左”、“右”、“竖直”、“水平”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。此外,术语“第一”、“第二”、“第三”仅用于描述目的,而不能理解为指示或暗示相对重要性。In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer" etc. The indicated orientation or positional relationship is based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the present invention and simplifying the description, rather than indicating or implying that the referred device or element must have a specific orientation, or in a specific orientation. construction and operation, therefore, should not be construed as limiting the invention. In addition, the terms "first", "second", and "third" are used for descriptive purposes only, and should not be construed as indicating or implying relative importance.

在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,还可以是两个元件内部的连通,可以是无线连接,也可以是有线连接。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。In the description of the present invention, it should be noted that unless otherwise specified and limited, the terms "installation", "connection" and "connection" should be understood in a broad sense, for example, it can be a fixed connection or a detachable connection. Connected, or integrally connected; it can be mechanically or electrically connected; it can be directly connected, or indirectly connected through an intermediary, or it can be the internal communication of two components, which can be wireless or wired connect. Those of ordinary skill in the art can understand the specific meanings of the above terms in the present invention in specific situations.

此外,下面所描述的本发明不同实施方式中所涉及的技术特征只要彼此之间未构成冲突就可以相互结合。In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as there is no conflict with each other.

针对背景技术中所提及的技术问题,本申请实施例提供了一种数据通信方法,具体参见图1所示,图1为本发明实施例提供的一种数据通信方法流程示意图。在介绍该方法实施步骤之前,首先说明该方法适用的其中一种数据通信系统。如图2所示,为本发明一个具体实施例的应用场景示意图。在本发明实施例中,该数据通信系统可以应用于银企直连的环境中,其中服务端为银行和企业直连环境中的银行服务器,客户端为与银行有业务往来的各种企业等,本发明实施例中的客户端为银行和企业直连环境中客户端的任一个。以下有关实施例中均以银行和企业直连环境为例进行介绍。Aiming at the technical problems mentioned in the background technology, the embodiment of the present application provides a data communication method, as shown in FIG. 1 for details. FIG. 1 is a schematic flowchart of a data communication method provided by the embodiment of the present invention. Before introducing the implementation steps of the method, one of the data communication systems to which the method is applicable is first described. As shown in FIG. 2 , it is a schematic diagram of an application scenario of a specific embodiment of the present invention. In the embodiment of the present invention, the data communication system can be applied in the environment of direct connection between banks and enterprises, wherein the server is the bank server in the environment of direct connection between the bank and the enterprise, and the client is various enterprises that have business dealings with the bank, etc. , the client in the embodiment of the present invention is any one of the clients in the direct connection environment of the bank and the enterprise. In the following related embodiments, the direct connection environment between a bank and an enterprise is taken as an example for introduction.

以下介绍有关数据通信系统各模块的具体执行过程。The following describes the specific implementation process of each module of the data communication system.

具体的,参见图1所示,数据通信方法包括如下步骤:Specifically, as shown in FIG. 1, the data communication method includes the following steps:

步骤101,获取客户端的标识信息。Step 101, acquire identification information of a client.

示例性地,客户端的标识信息为可以表示客户端身份信息的数据,具体可以是客户端的应用ID等信息。例如,银行的服务端会预先存储与银行和有合作关系的企业的应用ID,或者接收对应客户端发送的应用ID等信息,其中接收应用ID的前提是建立与银行的合作关系。本发明实施例对获取标识信息的手段不做限定,本领域技术人员可以根据实际情况进行调整。Exemplarily, the identification information of the client is data that can represent the identity information of the client, and specifically may be information such as an application ID of the client. For example, the bank's server will pre-store the application ID of the bank and the enterprise that has a cooperative relationship, or receive information such as the application ID sent by the corresponding client. The premise of receiving the application ID is to establish a cooperative relationship with the bank. The embodiment of the present invention does not limit the means for obtaining the identification information, and those skilled in the art can make adjustments according to actual conditions.

步骤102,根据标识信息生成非对称加密的公钥和私钥。Step 102, generate an asymmetric encrypted public key and private key according to the identification information.

示例性地,在获取到客户端的标识信息之后,服务端根据标识信息生成与标识信息唯一对应的非对称加密的公钥和私钥。例如,客户端的标识信息为14536,根据标识信息14536生成对应的公钥和私钥,生成的公钥和私钥中包括标识信息的内容,本申请对公钥的生成方法和具体公钥形式不做限定,本领域技术人员可以根据实际情况确定。优选的,为进一步确保公钥的安全性,可以随机生成五位随机数,可以根据标识信息和随机数生成对应的公钥和私钥,该公钥和私钥中包括标识信息和随机数,因此公钥和私钥对标识信息唯一对应,且更加安全不容易被破解。Exemplarily, after obtaining the identification information of the client, the server generates an asymmetrically encrypted public key and private key uniquely corresponding to the identification information according to the identification information. For example, the identification information of the client is 14536, and the corresponding public key and private key are generated according to the identification information 14536. The generated public key and private key include the content of the identification information. Limitations can be determined by those skilled in the art according to actual conditions. Preferably, in order to further ensure the security of the public key, a five-digit random number can be randomly generated, and a corresponding public key and private key can be generated according to the identification information and the random number, the public key and the private key include the identification information and the random number, Therefore, the public key and the private key uniquely correspond to the identification information, and are more secure and difficult to be cracked.

步骤103,将公钥发送至与客户端。Step 103, sending the public key to the client.

步骤104,获取客户端反馈的利用公钥进行加密后的报文信息。Step 104, obtaining message information fed back by the client and encrypted with the public key.

示例性地,在根据标识信息得到公钥和私钥之后,将公钥发送至客户端,并获取客户端利用公钥进行加密后的报文信息。其中公钥的发送和报文信息的获取都可以通过socket连接进行发送和获取。Exemplarily, after the public key and the private key are obtained according to the identification information, the public key is sent to the client, and message information encrypted by the client using the public key is obtained. The sending of the public key and the obtaining of message information can both be sent and obtained through the socket connection.

步骤105,利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥,并根据标识信息对密钥进行存储,以便后续向客户端发送利用密钥加密后的应答报文。Step 105, use the private key to decrypt the message information, obtain the symmetric encryption key sent by the client, and store the key according to the identification information, so as to send a response message encrypted with the key to the client later.

示例性地,由于只有服务端有与公钥所对应的私钥,在获取到报文信息之后,服务端可以根据私钥对报文信息进行解密,从而得到客户端发送的对应的密钥,并将密钥存储到本地内存中,后续服务端可以根据存储到本地内存中的密钥进行解密。For example, since only the server has the private key corresponding to the public key, after obtaining the message information, the server can decrypt the message information according to the private key to obtain the corresponding key sent by the client, And store the key in the local memory, and the subsequent server can decrypt it according to the key stored in the local memory.

在一个具体的实施例中,报文信息包括报文首部和报文正文,步骤105中,利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥的实现方法,如图3所示,具体包括如下步骤:In a specific embodiment, the message information includes a message header and a message body. In step 105, the private key is used to decrypt the message information to obtain the implementation method of the symmetric encryption key sent by the client, as shown in FIG. 3, specifically including the following steps:

步骤1051,根据报文首部,确定报文正文的报文标识。Step 1051, determine the message identifier of the message body according to the message header.

示例性地,将报文信息分为报文首部和报文正文,可以极大的改善数据通信过程中报文信息的数据包过大导致数据通信性能不佳的问题,缩短数据访问延迟,快速实现服务端与客户端的数据通信和一致性处理问题。For example, dividing the message information into the message header and the message body can greatly improve the problem of poor data communication performance caused by the large data packet of the message information in the data communication process, shorten the data access delay, and quickly Realize the data communication and consistency processing between the server and the client.

通过对报文首部中每一个字节对应的内容,进行识别,从而得到报文首部中的报文标识,其中报文标识也就是发送报文的客户端的标识信息。如图4所示,报文首部可以包括加密类型、应用进程ID、应用ID、报文类型、正文长度和时间戳。在进行报文标识的识别时,根据报文首部的中每一个字节的内容与预设类型进行比对,得到对应的报文标识。在本申请实施例中加密类型可以是对称加密和非对称加密;报文类型可以是注册报文或者远程调用报文;应用ID表示客户端的身份信息;应用进程ID可以表示客户端的实际运行进程,当在同一环境中部署两个同样的客户端时,通过客户端的应用ID无法识别时,可以根据应用进程ID进行区分;正文长度为根据报文正文的长度进行设定,当报文正文一共占用128个字节时,正文长度显示128字节;时间戳表示生成报文信息是的时间信息。By identifying the content corresponding to each byte in the message header, the message identifier in the message header is obtained, where the message identifier is the identification information of the client sending the message. As shown in FIG. 4 , the message header may include encryption type, application process ID, application ID, message type, text length and time stamp. When identifying the message identifier, the content of each byte in the message header is compared with the preset type to obtain the corresponding message identifier. In the embodiment of this application, the encryption type can be symmetric encryption and asymmetric encryption; the message type can be a registration message or a remote call message; the application ID represents the identity information of the client; the application process ID can represent the actual running process of the client, When deploying two identical clients in the same environment, if the application ID of the client cannot be identified, they can be distinguished according to the application process ID; the text length is set according to the length of the message body, when the message body occupies a total When it is 128 bytes, the text length displays 128 bytes; the timestamp indicates the time information when the message information is generated.

步骤1052,根据报文标识,利用与报文信息对应的私钥对报文正文进行解密,得到客户端发送的对称加密的密钥,其中客户端仅利用公钥对报文正文进行加密。Step 1052, according to the message identifier, use the private key corresponding to the message information to decrypt the message body to obtain the symmetric encryption key sent by the client, wherein the client only uses the public key to encrypt the message body.

示例性地,客户端在对报文信息进行加密的过程中,只对报文正文进行了加密,没有对报文首部进行加密,这样可以使得服务端在获取到报文信息之后,直接识别报文首部的内容,从而得到对应的报文标识。进一步的,根据报文标识从本地存储中,选择与报文标识对应的密钥对报文正文进行解密,以及根据需要,利用该密钥加密对应的应答报文,同样可以通过socket连接将应答报文发送至客户端。For example, in the process of encrypting the message information, the client only encrypts the message body and does not encrypt the message header, so that the server can directly identify the message after obtaining the message information. The content of the header of the message, so as to obtain the corresponding message identifier. Further, according to the message ID, select the key corresponding to the message ID from the local storage to decrypt the message body, and use the key to encrypt the corresponding response message as required, and the response message can also be sent through the socket connection. The message is sent to the client.

服务端在获取到报文标识之后,可以根据报文首部的信息,快速准确的提取到有关报文正文的信息。例如,在后续进行数据通信时,服务端可以根据报文首部的应用ID和应用进程ID快速获取客户端的ID和客户端的进程,并根据ID和进程确定对应的对称加密密钥、加密算法,以及根据报文首部的报文类型确定报文信息的具体的业务类型。After obtaining the message identifier, the server can quickly and accurately extract information about the message body according to the information in the message header. For example, during subsequent data communication, the server can quickly obtain the client ID and client process according to the application ID and application process ID in the message header, and determine the corresponding symmetric encryption key, encryption algorithm, and The specific service type of the message information is determined according to the message type of the message header.

进一步地,服务端包括多个处理器,在得到密钥后,该方法还包括:根据报文标识,将报文正文对应的业务发送是对应的处理器进行处理。进一步加快了在数据通信过程中的数据通信时间和处理时间,从而达到近乎无等待的将对应数据进行应答或者传输。Further, the server includes multiple processors, and after obtaining the key, the method further includes: according to the message identifier, sending the service corresponding to the message text to the corresponding processor for processing. The data communication time and processing time in the data communication process are further accelerated, so that the corresponding data is answered or transmitted almost without waiting.

通过此方式,获取客户端的标识信息,根据客户端的标识信息可以生成以与客户端所对应的唯一的非对称加密的公钥和私钥,进一步地将生成的公钥发送至客户端,并获取客户端反馈的根据公钥进行加密后的报文信息,由于与客户端对应的公钥和私钥只有服务端知道,因此在获取到客户端的报文信息之后,可以根据私钥对报文信息进行直接解密,准确的获取报文信息中的客户端的对称加密的密钥,并在获取密钥之后,根据密钥加密应答报文,并发送至客户端进行应答,同时将密钥进行存储以便在后续与客户端根据此密钥进行数据通信。In this way, the identification information of the client is obtained, and the unique asymmetric encrypted public key and private key corresponding to the client can be generated according to the identification information of the client, and the generated public key is further sent to the client, and obtained The client feeds back the message information encrypted according to the public key. Since the public key and private key corresponding to the client are only known by the server, after obtaining the message information of the client, the message information can be encrypted according to the private key. Perform direct decryption, accurately obtain the client's symmetric encryption key in the message information, and after obtaining the key, encrypt the response message according to the key, send it to the client for response, and store the key for In the subsequent data communication with the client according to this key.

与上述方法实施例相对应的,本发明实施例还提供了一种数据通信方法,如图5所示,由客户端执行,Corresponding to the above method embodiment, the embodiment of the present invention also provides a data communication method, as shown in FIG. 5, executed by the client,

步骤501,获取客户端的标识信息。Step 501, acquire the identification information of the client.

示例性地,在获取客户端的标识信息时,客户端通过查询自身的应用ID等信息作为对应的标识信息,具体查询自身应用ID的方法可以通过查询客户端内部的相应的文件得到,本申请实施例对获取客户端标识信息的具体方式不做限制,本领域技术人员可以根据实际情况进行调整。Exemplarily, when acquiring the identification information of the client, the client queries its own application ID and other information as corresponding identification information. The specific method of querying its own application ID can be obtained by querying the corresponding file inside the client. This application implements This example does not limit the specific manner of obtaining the client identification information, and those skilled in the art can make adjustments according to actual conditions.

步骤502,根据标识信息生成对称加密的密钥。Step 502, generate a symmetric encryption key according to the identification information.

示例性地,在获取到标识信息之后,会根据标识信息确定与标识信息唯一对应的对称加密的密钥,在得到密钥在之后,数据传输中根据该密钥对报文正文进行加密。例如,当标识信息为A,根据标识信息A生成对应的公钥和私钥,生成的公钥和私钥中包括标识信息的内容,本申请对公钥的生成方法和具体公钥形式不做限定,本领域技术人员可以根据实际情况确定。优选的,为进一步确保公钥的安全性,可以随机生成随机数B,根据A和B得到对称加密的密钥“A+B”,其中,对“A+B”的具体内容不做限定,本领域技术人员可以根据实际情况调整密钥的生成方法及最终密钥的形式。Exemplarily, after the identification information is obtained, a symmetric encryption key uniquely corresponding to the identification information is determined according to the identification information, and after the key is obtained, the message body is encrypted according to the key during data transmission. For example, when the identification information is A, the corresponding public key and private key are generated according to the identification information A, and the generated public key and private key include the content of the identification information. The limit can be determined by those skilled in the art according to the actual situation. Preferably, in order to further ensure the security of the public key, a random number B can be randomly generated, and a symmetrically encrypted key "A+B" can be obtained according to A and B, wherein the specific content of "A+B" is not limited, Those skilled in the art can adjust the method of generating the key and the form of the final key according to the actual situation.

步骤503,获取服务端发送的公钥。Step 503, obtain the public key sent by the server.

步骤504,利用公钥对密钥进行加密,得到报文信息;Step 504, using the public key to encrypt the key to obtain message information;

示例性地,服务端根据客户端的标识信息会生成,与标识信息唯一对应的非对称加密的公钥和私钥,客户端通过socket连接获取服务端发送的公钥。在获取到服务端的公钥之后,利用公钥对客户端在步骤402中生成的对称加密的密钥进行加密,得到报文信息。Exemplarily, the server generates an asymmetrically encrypted public key and private key according to the identification information of the client, and the client obtains the public key sent by the server through a socket connection. After obtaining the public key of the server, use the public key to encrypt the symmetric encryption key generated by the client in step 402 to obtain message information.

在一个具体的实施例中,在生成报文信息时,报文信息包括报文首部和报文正文,利用与标识信息对应的公钥对密钥进行加密,得到报文信息,如图6所示,具体包括:In a specific embodiment, when the message information is generated, the message information includes the message header and the message body, and the public key corresponding to the identification information is used to encrypt the key to obtain the message information, as shown in Figure 6 , specifically include:

步骤5041,利用公钥对密钥进行加密,得到报文正文。Step 5041, use the public key to encrypt the key to obtain the text of the message.

步骤5042,根据标识信息和报文正文,确定报文首部。Step 5042, determine the header of the message according to the identification information and the message body.

示例性地,利用公钥对密钥进行加密的过程中,密钥即为对应的明文数据,进行利用公钥对明文数据进行加密后,得到密文数据,此时密文数据就是报文正文。在得到报文正文之后,根据客户端的信息实时填充报文首部的内容,例如客户端的应用进程ID、应用ID、根据报文正文得到的报文长度,以及生成报文正文时的时间戳等。填充的这些信息共同组成报文首部。For example, in the process of encrypting the key with the public key, the key is the corresponding plaintext data. After encrypting the plaintext data with the public key, the ciphertext data is obtained. At this time, the ciphertext data is the text of the message . After obtaining the message body, fill in the content of the message header in real time according to the client's information, such as the client's application process ID, application ID, the length of the message obtained from the message body, and the timestamp when the message body was generated. These filled information together form the header of the message.

步骤5043,根据报文正文和报文首部,得到报文信息。Step 5043, obtain message information according to message body and message header.

示例性地,在得到报文正文和报文首部之后,将报文正文和报文首部得到报文信息,从而可以使得服务端根据报文首部的内容,直接快速的得到报文正文的相关信息,并进一步实现对报文正文内容的急速处理。其中报文首部和报文正相关格式和内容如图4所示,图4中的详细内容见上述实施例中的内容,此处不再赘述。Exemplarily, after obtaining the message body and the message header, the message body and the message header are used to obtain the message information, so that the server can directly and quickly obtain the relevant information of the message body according to the contents of the message header , and further realize the rapid processing of the content of the message body. The format and content of the message header and positive correlation of the message are shown in FIG. 4 . For the detailed content in FIG. 4 , refer to the content in the above-mentioned embodiments, which will not be repeated here.

步骤505,将报文信息发送至服务端。Step 505, sending the message information to the server.

步骤506,在获取到服务端根据报文信息反馈的应答报文后,将密钥进行存储,以便根据密钥对报文正文进行加密。Step 506: After obtaining the response message fed back by the server according to the message information, store the key so as to encrypt the message body according to the key.

示例性地,在得到报文信息之后,将报文信息通过socket连接发送至服务端,服务端在获取到报文信息之后,会根据报文信息反馈与报文信息对应的应答报文。例如,当报文信息为注册报文时,应答报文的内容内注册成功,当注册不成功时,则应答报文,其中注册不成功可能存在两种情况,一种情况是,报文信息没有成功的发送到服务端;另一种情况是服务端在获取到报文信息时,这是对应的客户端的标识信息不符合服务端的要求等。Exemplarily, after obtaining the message information, send the message information to the server through the socket connection, and after obtaining the message information, the server will feed back a response message corresponding to the message information according to the message information. For example, when the message information is a registration message, the registration in the content of the response message is successful; In another case, when the server obtains the message information, the identification information of the corresponding client does not meet the requirements of the server.

在接收到服务端发送的应答报文之后,将之前客户端生成对称加密的密钥进行存储,后续与服务端进行数据传输或者业务往来时,直接通过对称加密的密钥对报文正文进行加密后传输,这样提高了数据的交互速度,同时也确保了数据在传输过程中的安全。After receiving the response message sent by the server, store the symmetric encryption key generated by the client before, and then encrypt the message body directly with the symmetric encryption key when performing data transmission or business transactions with the server Post-transmission, which improves the speed of data interaction and also ensures the security of data during transmission.

在一个可选的实施例中,标识信息包括客户端ID和客户端进程,每隔预设时间,客户端根据客户端ID和客户端进程生成对称加密的密钥,以便后续根据服务端发送的公钥对密钥进行加密,得到新的报文信息。In an optional embodiment, the identification information includes the client ID and the client process. Every preset time, the client generates a symmetric encryption key according to the client ID and the client process, so that the subsequent The public key encrypts the key to obtain new message information.

示例性地,客户端的标识信息包括客户端ID和客户端进程,客户端ID也就是客户端的应用ID,客户端进程为客户端的应用进程ID,客户端进程为客户端在实际运行过程中的时间或者进度信息。为确保对称加密密钥的实时性和安全性,根据客户端的ID和客户端进程,每隔预设时间,生成一个新的密钥,用于在下一个密钥生成之前对报文信息的加密密钥,其中预设时间可以是半个小时或者是一个小时,对预设时间的具体时间间隔不做限定,本领域技术人员可以根据实际情况进行确定。Exemplarily, the identification information of the client includes a client ID and a client process, the client ID is the application ID of the client, the client process is the application process ID of the client, and the client process is the time when the client is actually running or progress information. In order to ensure the real-time and security of the symmetric encryption key, according to the client ID and client process, a new key is generated every preset time, which is used to encrypt the message information before the next key is generated. key, wherein the preset time can be half an hour or one hour, and the specific time interval of the preset time is not limited, and those skilled in the art can determine it according to the actual situation.

通过此方式,获取客户端的标识信息,根据客户端的标识信息可以生成以与客户端所对应的唯一的对称加密的密钥,进一步地根据从服务端获取到非对称加密的公钥对密钥进行加密,得到报文信息,并将报文信息发送至服务端进行数据,当获取到服务端发送的应答报文后,可以确定客户端在服务端已经注册成功,后续的数据通信可以根据对称加密的密钥进行加密,大大提高了数据传输的效率,同时也确保了数据在传输过程中的安全性。In this way, the identification information of the client is obtained, and the unique symmetric encryption key corresponding to the client can be generated according to the identification information of the client, and the key is further encrypted according to the asymmetric encryption public key obtained from the server. Encrypt, get the message information, and send the message information to the server for data. After obtaining the response message sent by the server, it can be determined that the client has successfully registered on the server, and subsequent data communication can be encrypted according to symmetric The encrypted key is encrypted, which greatly improves the efficiency of data transmission and also ensures the security of data during transmission.

在上述数据通信方法的基础上,以一个具体的实例对应用于客户端和服务端的数据通信方法的交互过程进行解释,如图7所示为客户端和服务端的详细交互过程。On the basis of the above data communication method, a specific example is used to explain the interaction process of the data communication method applied to the client and the server, as shown in Figure 7, which shows the detailed interaction process between the client and the server.

客户端:client:

1、在启动时,会启动密钥注册流程,首先会按照对称加密算法生成一个对称加密密钥。1. At startup, the key registration process will be started, and a symmetric encryption key will be generated first according to the symmetric encryption algorithm.

2、生成密钥注册报文,把1中生成对称加密密钥设置为报文的正文,并设报文类型为注册密钥报文及加密类型为非对称加密,并填充其他报文头信息(应用进程ID、应用ID、报文长度、时间戳等)。2. Generate a key registration message, set the symmetric encryption key generated in 1 as the body of the message, set the message type as registration key message and the encryption type as asymmetric encryption, and fill in other message header information (application process ID, application ID, packet length, timestamp, etc.).

3、根据报文设置的加密类型,使用与服务端约定好的非对称加密公钥对报文正文加密并把报文正文覆盖为报文正文,最后根据密文长度设置报文头的正文长度。3. According to the encryption type set in the message, use the asymmetric encryption public key agreed with the server to encrypt the message body and overwrite the message body with the message body, and finally set the body length of the message header according to the length of the ciphertext .

4、使用socket连接把注册密钥请求报文发送给服务端。4. Use the socket connection to send the registration key request message to the server.

服务端:Server:

5、在收到报文后,根据报文加密类型使用约定好的非对称加密私钥对报文解密,并根据报文类型提交给对应的处理器处理。5. After receiving the message, use the agreed asymmetric encryption private key to decrypt the message according to the message encryption type, and submit it to the corresponding processor for processing according to the message type.

6、密钥注册处理器在接收到报文后,会提取报文首部中的应用进程ID、应用ID以及socket连接中的对方IP根据一定的算法生成key,使用生成出来的key保存正文中的对称密钥。6. After the key registration processor receives the message, it will extract the application process ID, application ID and IP of the other party in the socket connection in the message header to generate a key according to a certain algorithm, and use the generated key to save the key in the text. Symmetric key.

7、密钥注册处理器会生成注册密钥应答报文,使用请求报文中的应用进程ID、应用ID作为报文的应用进程ID、应用ID,在报文正文中设置“注册成功”提示信息,并设置报文类型为注册密钥应答报文及加密类型为对称加密。7. The key registration processor will generate a registration key response message, use the application process ID and application ID in the request message as the application process ID and application ID of the message, and set the "registration successful" prompt in the message body information, and set the message type to registration key response message and the encryption type to symmetric encryption.

8、服务端根据报文的加密类型使用对应加密算法对报文正文加密并重新设置报文首部的正文长度,若算法为对称加密时,根据报文首部中的应用进程ID、应用ID以及socket连接中的对方IP根据一定的算法生成key获取对应加密密钥。8. The server uses the corresponding encryption algorithm to encrypt the text of the message according to the encryption type of the message and resets the length of the text of the message header. If the algorithm is symmetric encryption, according to the application process ID, application ID and socket The IP of the other party in the connection generates a key according to a certain algorithm to obtain the corresponding encryption key.

9、服务端通过在客户端发送注册密钥请求报文时建立的socket连接把应答报文发送给对应客户端。9. The server sends the response message to the corresponding client through the socket connection established when the client sends the registration key request message.

客户端:client:

10、客户端会使用本地已生成的对称加密密钥对应答报文进行验证。10. The client will use the locally generated symmetric encryption key to verify the response message.

11、当应答报文验证成功后,客户端会把步骤1生成的对称加密密钥保存在本地缓存中。11. After the verification of the response message is successful, the client will save the symmetric encryption key generated in step 1 in the local cache.

12、客户端会定时执行1-11,保证对称加密密钥的时效性。12. The client will execute 1-11 regularly to ensure the timeliness of the symmetric encryption key.

13、当客户端触发业务调用时,会根据业务数据生成业务请求报文,设置报文类型为远程调用报文和加密类型为对称加密。13. When the client triggers a service call, it will generate a service request message based on the service data, and set the message type to remote call message and the encryption type to symmetric encryption.

14、根据报文加密类型,在对称加密时,会从本地缓存中获取对称加密密钥,使用该密钥对报文正文加密并替换报文头的正文长度,若从本地缓存中获取不到对称加密密钥则重复执行1-11直到可重本地缓存中获得对称加密密钥。14. According to the message encryption type, during symmetric encryption, the symmetric encryption key will be obtained from the local cache, and the key will be used to encrypt the message body and replace the text length of the message header. If it cannot be obtained from the local cache For the symmetric encryption key, repeat steps 1-11 until the symmetric encryption key can be obtained from the local cache.

15、使用socket连接把请求报文发送给服务端。15. Use the socket connection to send the request message to the server.

16、服务端在收到报文后,根据报文加密类型,在对称加密时,从报文头中提取应用进程ID、应用ID以及从socket连接中提取对方IP,以这三个信息按照算法生成key,通过该key获取对应的对称加密密钥对报文正文解密,并根据报文类型提交给对应的处理器处理。16. After receiving the message, the server extracts the application process ID and application ID from the message header and the IP of the other party from the socket connection according to the message encryption type during symmetric encryption, and uses these three information according to the algorithm Generate a key, use the key to obtain the corresponding symmetric encryption key to decrypt the message body, and submit it to the corresponding processor for processing according to the message type.

17、业务处理器收到业务请求报文后按照业务逻辑处理业务数据。17. After receiving the service request message, the service processor processes the service data according to the service logic.

18、业务处理器在处理完成业务请求后会生成业务应答报文,把响应数据设置到报文正文中,并填充报文首部,使用请求报文中的应用进程ID、应用ID作为报文的应用进程ID、应用ID并设置报文类型为业务应答报文及加密类型为对称加密。18. After processing the business request, the business processor will generate a business response message, set the response data into the message body, fill in the message header, and use the application process ID and application ID in the request message as the message Application process ID, application ID, and set the message type to business response message and the encryption type to symmetric encryption.

19、服务端根据报文的加密类型使用对应加密算法对报文正文加密并重新设置报文头的正文长度,若算法为对称加密时,通报文头中的应用进程ID、应用ID以及socket连接中的对方IP根据一定的算法生成key获取对应加密密钥。19. The server uses the corresponding encryption algorithm to encrypt the message text according to the encryption type of the message and resets the text length of the message header. If the algorithm is symmetric encryption, the application process ID, application ID and socket connection in the message header are notified. The IP of the other party generates a key according to a certain algorithm to obtain the corresponding encryption key.

20、服务端通过在客户端发送请求报文时建立的socket连接把应答报文发送给对应客户端。20. The server sends the response message to the corresponding client through the socket connection established when the client sends the request message.

21、客户端在收到应答报文后,会对报文解密并验证,验证通过后会把报文正文中的响应数据返回给上层业务处理层处理。21. After receiving the response message, the client will decrypt and verify the message. After the verification is passed, it will return the response data in the message body to the upper business processing layer for processing.

以上为本申请的数据通信方法的具体实施例,下文则介绍说明本申请所提供的其他实施例,具体参见如下。The above are the specific embodiments of the data communication method of the present application. The following describes other embodiments provided by the present application. For details, refer to the following.

本发明实施例还公开一种数据通信装置,如图8所示,该装置包括:The embodiment of the present invention also discloses a data communication device, as shown in Figure 8, the device includes:

第一获取模块801,用于获取客户端的标识信息.The first acquiring module 801 is configured to acquire the identification information of the client.

非对称密钥生成模块802,用于根据标识信息生成非对称加密的公钥和私钥;An asymmetric key generation module 802, configured to generate an asymmetrically encrypted public key and private key according to the identification information;

第一发送模块803,用于将公钥发送至与客户端;The first sending module 803 is configured to send the public key to the client;

第二获取模块804,用于获取客户端反馈的利用公钥进行加密后的报文信息;The second acquiring module 804 is configured to acquire the message information fed back by the client and encrypted with the public key;

解密模块805,用于利用私钥对报文信息进行解密,得到客户端发送的对称加密的密钥,并根据标识信息对密钥进行存储,以便向客户端发送利用密钥加密后的应答报文。The decryption module 805 is configured to use the private key to decrypt the message information, obtain the symmetric encryption key sent by the client, and store the key according to the identification information, so as to send a response message encrypted with the key to the client. arts.

可选地,报文信息包括报文首部和报文正文,解密模块805,具体用于:根据报文首部,确定报文正文的报文标识;Optionally, the message information includes a message header and a message body, and the decryption module 805 is specifically used to: determine the message identifier of the message body according to the message header;

根据报文标识,利用与报文标识对应的私钥对报文正文进行解密,得到客户端发送的对称加密的密钥,其中客户端仅利用公钥对报文正文进行加密。According to the message identifier, use the private key corresponding to the message identifier to decrypt the message body to obtain the symmetric encryption key sent by the client, wherein the client only uses the public key to encrypt the message body.

可选地,服务端包括多个处理器,在得到密钥后,装置还用于:根据报文标识,将报文正文对应的业务发送至对应的处理器进行处理。Optionally, the server includes multiple processors, and after obtaining the key, the device is further configured to: send the service corresponding to the message text to the corresponding processor for processing according to the message identifier.

通过执行该装置,获取客户端的标识信息,根据客户端的标识信息可以生成以与客户端所对应的唯一的非对称加密的公钥和私钥,进一步地将生成的公钥发送至客户端,并获取客户端反馈的根据公钥进行加密后的报文信息,由于与客户端对应的公钥和私钥只有服务端知道,因此在获取到客户端的报文信息之后,可以根据私钥对报文信息进行直接解密,准确的获取报文信息中的客户端的对称加密的密钥,并在获取密钥之后,根据密钥加密应答报文,并发送至客户端进行应答,同时将密钥进行存储以便在后续与客户端根据此密钥进行数据通信。By executing the device, the identification information of the client is obtained, and a unique asymmetric encrypted public key and private key corresponding to the client can be generated according to the identification information of the client, and the generated public key is further sent to the client, and Obtain the message information that is encrypted according to the public key fed back by the client. Since the public key and private key corresponding to the client are only known by the server, after obtaining the message information of the client, the message can be encrypted according to the private key. The information is directly decrypted, and the client's symmetric encryption key in the message information is accurately obtained, and after the key is obtained, the response message is encrypted according to the key, and sent to the client for response, and the key is stored at the same time In order to carry out data communication with the client based on this key in the future.

本发明实施例还公开一种数据通信装置,由客户端执行,如图9所示,包括:The embodiment of the present invention also discloses a data communication device, executed by a client, as shown in FIG. 9 , including:

第三获取模块901,用于获取客户端的标识信息。The third obtaining module 901 is configured to obtain identification information of the client.

对称加密密钥生成模块902,用于根据标识信息生成对称加密的密钥。The symmetric encryption key generation module 902 is configured to generate a symmetric encryption key according to the identification information.

第四获取模块903,用于获取服务端发送的公钥。The fourth obtaining module 903 is configured to obtain the public key sent by the server.

加密模块904,用于利用公钥对密钥进行加密,得到报文信息。The encryption module 904 is configured to encrypt the key with the public key to obtain message information.

第二发明模块905,用于将报文信息发送至服务端。The second inventive module 905 is configured to send message information to the server.

存储模块906,用于在获取到服务端根据报文信息反馈的应答报文后,将密钥进行存储,以便根据密钥对报文正文进行加密。The storage module 906 is configured to store the key after obtaining the response message fed back by the server according to the message information, so as to encrypt the message body according to the key.

可选地,报文信息包括报文首部和报文正文,加密模块904,具体用于:Optionally, the message information includes a message header and a message body, and the encryption module 904 is specifically used for:

利用公钥对密钥进行加密,得到报文正文;Use the public key to encrypt the key to obtain the text of the message;

根据标识信息和报文正文,确定报文首部;Determine the message header according to the identification information and the message body;

根据报文正文和报文首部,得到报文信息。According to the message body and the message header, the message information is obtained.

可选地,标识信息包括客户端ID和客户端进程,该装置还用于:每隔预设时间,客户端根据客户端ID和客户端进程生成对称加密的密钥,以便后续根据服务端发送的公钥对密钥进行加密,得到新的报文信息。Optionally, the identification information includes the client ID and the client process, and the device is also used for: every preset time, the client generates a symmetric encryption key according to the client ID and the client process, so that the subsequent information sent by the server Encrypt the key with the public key to obtain new message information.

通过执行该装置,获取客户端的标识信息,并根据标识信息生成对称加密的密钥,使得该密钥对客户端的标识信息一一对应;进一步地,获取服务端发送的公钥,并利用公钥对密钥进行加密,得到报文信息,将报文信息发送至服务端进行注册,在获取到服务端根据报文信息反馈的应答报文后,后续利用密钥对进行数据传输或者业务往来的数据加密,从而提高了数据传输的速度,并进一步提高了数据的安全性。By executing the device, the identification information of the client is obtained, and a symmetrically encrypted key is generated according to the identification information, so that the key corresponds to the identification information of the client one by one; further, the public key sent by the server is obtained, and the public key is used to Encrypt the key to obtain the message information, send the message information to the server for registration, and obtain the response message fed back by the server according to the message information, and then use the key pair for data transmission or business transactions Data encryption, which improves the speed of data transmission and further improves the security of data.

本发明实施例还提供了一种计算机设备,如图10所示,该计算机设备可以包括处理器1001和存储器1002,其中处理器1001和存储器1002可以通过总线或者其他方式连接,图3中以通过总线连接为例。The embodiment of the present invention also provides a computer device. As shown in FIG. 10, the computer device may include a processor 1001 and a memory 1002, wherein the processor 1001 and the memory 1002 may be connected through a bus or in other ways. In FIG. Take the bus connection as an example.

处理器1001可以为中央处理器(Central Processing Unit,CPU)。处理器1001还可以为其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等芯片,或者上述各类芯片的组合。The processor 1001 may be a central processing unit (Central Processing Unit, CPU). The processor 1001 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or Other chips such as programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations of the above-mentioned types of chips.

存储器1002作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本发明实施例中的数据通信方法对应的程序指令/模块。处理器1001通过运行存储在存储器1002中的非暂态软件程序、指令以及模块,从而执行处理器的各种功能应用以及数据处理,即实现上述方法实施例中的数据通信方法。As a non-transitory computer-readable storage medium, the memory 1002 can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions/modules corresponding to the data communication method in the embodiment of the present invention. The processor 1001 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 1002, that is, implements the data communication method in the above method embodiments.

存储器1002可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储处理器1001所创建的数据等。此外,存储器1002可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器1002可选包括相对于处理器1001远程设置的存储器,这些远程存储器可以通过网络连接至处理器1001。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 1002 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and an application program required by at least one function; the data storage area may store data created by the processor 1001 and the like. In addition, the memory 1002 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices. In some embodiments, the storage 1002 may optionally include storages that are remotely located relative to the processor 1001, and these remote storages may be connected to the processor 1001 through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

一个或者多个模块存储在存储器1002中,当被处理器1001执行时,执行如图1所示实施例中的数据通信方法。One or more modules are stored in the memory 1002, and when executed by the processor 1001, execute the data communication method in the embodiment shown in FIG. 1 .

上述计算机设备具体细节可以对应参阅图1所示的实施例中对应的相关描述和效果进行理解,此处不再赘述。The specific details of the above computer device can be understood by correspondingly referring to the corresponding description and effects in the embodiment shown in FIG. 1 , and will not be repeated here.

本领域技术人员可以理解,实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard Disk Drive,缩写:HDD)或固态硬盘(SolID-StateDrive,SSD)等;存储介质还可以包括上述种类的存储器的组合。Those skilled in the art can understand that all or part of the processes in the methods of the above-mentioned embodiments can be completed by instructing related hardware through computer programs, and the programs can be stored in a computer-readable storage medium. , may include the flow of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard Disk Drive) , abbreviation: HDD) or a solid-state hard drive (SolID-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

本发明实施例还提供了一种计算机设备,如图11所示,该计算机设备可以包括处理器1101和存储器1102,其中处理器1101和存储器1102可以通过总线或者其他方式连接,图3中以通过总线连接为例。The embodiment of the present invention also provides a computer device. As shown in FIG. 11, the computer device may include a processor 1101 and a memory 1102, wherein the processor 1101 and the memory 1102 may be connected through a bus or in other ways. In FIG. Take the bus connection as an example.

处理器1101可以为中央处理器(Central Processing Unit,CPU)。处理器1101还可以为其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等芯片,或者上述各类芯片的组合。The processor 1101 may be a central processing unit (Central Processing Unit, CPU). The processor 1101 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or Other chips such as programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations of the above-mentioned types of chips.

存储器1102作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本发明实施例中的数据通信方法对应的程序指令/模块。处理器1101通过运行存储在存储器1102中的非暂态软件程序、指令以及模块,从而执行处理器的各种功能应用以及数据处理,即实现上述方法实施例中的数据通信方法。The memory 1102, as a non-transitory computer-readable storage medium, can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions/modules corresponding to the data communication method in the embodiment of the present invention. The processor 1101 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 1102, that is, implements the data communication method in the above method embodiments.

存储器1102可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储处理器1101所创建的数据等。此外,存储器1102可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器1102可选包括相对于处理器1101远程设置的存储器,这些远程存储器可以通过网络连接至处理器1101。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 1102 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and an application program required by at least one function; the data storage area may store data created by the processor 1101 and the like. In addition, the memory 1102 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices. In some embodiments, the storage 1102 may optionally include storages that are remotely located relative to the processor 1101, and these remote storages may be connected to the processor 1101 through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

一个或者多个模块存储在存储器1102中,当被处理器1101执行时,执行如图1所示实施例中的数据通信方法。One or more modules are stored in the memory 1102, and when executed by the processor 1101, execute the data communication method in the embodiment shown in FIG. 1 .

上述计算机设备具体细节可以对应参阅图1所示的实施例中对应的相关描述和效果进行理解,此处不再赘述。The specific details of the above computer device can be understood by correspondingly referring to the corresponding description and effects in the embodiment shown in FIG. 1 , and will not be repeated here.

本领域技术人员可以理解,实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard Disk Drive,缩写:HDD)或固态硬盘(SolID-StateDrive,SSD)等;存储介质还可以包括上述种类的存储器的组合。Those skilled in the art can understand that all or part of the processes in the methods of the above-mentioned embodiments can be completed by instructing related hardware through computer programs, and the programs can be stored in a computer-readable storage medium. , may include the flow of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard Disk Drive) , abbreviation: HDD) or a solid-state hard drive (SolID-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

虽然结合附图描述了本发明的实施例,但是本领域技术人员可以在不脱离本发明的精神和范围的情况下作出各种修改和变型,这样的修改和变型均落入由所附权利要求所限定的范围之内。Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention, and such modifications and variations all fall into the scope of the appended claims. within the limited range.

Claims (10)

1. A data communication method, performed by a server, comprising:
acquiring identification information of a client;
generating an asymmetric encrypted public key and a private key according to the identification information;
sending the public key to the client;
obtaining message information which is fed back by the client and encrypted by using the public key;
and decrypting the message information by using the private key to obtain a symmetrically encrypted key sent by the client, and storing the key according to the identification information so as to send a response message encrypted by using the key to the client later.
2. The method according to claim 1, wherein the message information includes a message header and a message body, and the decrypting the message information with the private key to obtain the symmetrically encrypted key sent by the client specifically includes:
determining the message identification of the message text according to the message header;
and decrypting the message text by using a private key corresponding to the message identification according to the message identification to obtain a symmetrically encrypted key sent by the client.
3. The method according to claim 2, wherein the server includes a plurality of processors, and after the message body is decrypted by using a private key corresponding to the message identifier according to the message identifier to obtain a symmetrically encrypted key sent by the client, the method further includes:
and sending the service corresponding to the message text to a corresponding processor for processing according to the message identifier.
4. A data communication method, performed by a client, comprising:
acquiring identification information of the client;
generating a symmetric encrypted key according to the identification information;
acquiring a public key sent by a server;
encrypting the secret key by using the public key to obtain message information;
sending the message information to the server;
and after acquiring a response message fed back by the server according to the message information, storing the key so as to encrypt the message text in the message information according to the key subsequently.
5. The method according to claim 4, wherein the message information includes a message header and a message body, and the encrypting the secret key with the public key corresponding to the identification information to obtain the message information specifically includes:
encrypting the secret key by using the public key to obtain a message text;
determining the message header according to the identification information and the message text;
and obtaining the message information according to the message text and the message header.
6. The method of claim 4, wherein the identification information comprises a client ID and a client process,
and at preset intervals, the client generates a symmetric encrypted key according to the client ID and the client process so as to encrypt the key according to a public key sent by the server subsequently to obtain new message information.
7. A server, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the data communication method of any of claims 1-3.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a server, carries out the steps of the data communication method according to any one of claims 1 to 3.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the data communication method of any of claims 4-6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a computer device, carries out the steps of the data communication method according to any one of claims 4-6.
CN202210891800.1A 2022-07-27 2022-07-27 Data communication method, computer equipment and storage medium Pending CN115396153A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210891800.1A CN115396153A (en) 2022-07-27 2022-07-27 Data communication method, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210891800.1A CN115396153A (en) 2022-07-27 2022-07-27 Data communication method, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115396153A true CN115396153A (en) 2022-11-25

Family

ID=84116704

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210891800.1A Pending CN115396153A (en) 2022-07-27 2022-07-27 Data communication method, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115396153A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545673A (en) * 2023-04-24 2023-08-04 西安广和通无线软件有限公司 Data transmission method and device, cloud loudspeaker, electronic equipment and storage medium
CN116668133A (en) * 2023-06-06 2023-08-29 平安银行股份有限公司 Data encryption transmission method and system
CN118199880A (en) * 2024-05-15 2024-06-14 上海黑瞳信息技术有限公司 Communication protocol, system, equipment and medium based on ECDH algorithm
CN118432935A (en) * 2024-05-30 2024-08-02 中国工商银行股份有限公司 Information authentication method, device, equipment, medium and program product
CN119012188A (en) * 2024-10-24 2024-11-22 中联重科股份有限公司 Control method, storage medium, system and engineering machinery for executing auxiliary action
CN121151417A (en) * 2025-09-04 2025-12-16 宁波港信息通信有限公司 A data synchronization method and related equipment based on node services

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer
CN108282332A (en) * 2018-01-23 2018-07-13 北京深思数盾科技股份有限公司 A kind of data signature method and device
CN112073193A (en) * 2020-09-07 2020-12-11 江苏徐工工程机械研究院有限公司 Information safety processing method, device and system and engineering vehicle
CN112929169A (en) * 2021-02-07 2021-06-08 成都薯片科技有限公司 Key negotiation method and system
CN113411345A (en) * 2021-06-29 2021-09-17 中国农业银行股份有限公司 Method and device for secure session
US20220173903A1 (en) * 2020-11-30 2022-06-02 EMC IP Holding Company LLC Method and system for encrypting and decrypting secrets using escrow agents

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer
CN108282332A (en) * 2018-01-23 2018-07-13 北京深思数盾科技股份有限公司 A kind of data signature method and device
CN112073193A (en) * 2020-09-07 2020-12-11 江苏徐工工程机械研究院有限公司 Information safety processing method, device and system and engineering vehicle
US20220173903A1 (en) * 2020-11-30 2022-06-02 EMC IP Holding Company LLC Method and system for encrypting and decrypting secrets using escrow agents
CN112929169A (en) * 2021-02-07 2021-06-08 成都薯片科技有限公司 Key negotiation method and system
CN113411345A (en) * 2021-06-29 2021-09-17 中国农业银行股份有限公司 Method and device for secure session

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545673A (en) * 2023-04-24 2023-08-04 西安广和通无线软件有限公司 Data transmission method and device, cloud loudspeaker, electronic equipment and storage medium
CN116668133A (en) * 2023-06-06 2023-08-29 平安银行股份有限公司 Data encryption transmission method and system
CN118199880A (en) * 2024-05-15 2024-06-14 上海黑瞳信息技术有限公司 Communication protocol, system, equipment and medium based on ECDH algorithm
CN118432935A (en) * 2024-05-30 2024-08-02 中国工商银行股份有限公司 Information authentication method, device, equipment, medium and program product
CN119012188A (en) * 2024-10-24 2024-11-22 中联重科股份有限公司 Control method, storage medium, system and engineering machinery for executing auxiliary action
CN121151417A (en) * 2025-09-04 2025-12-16 宁波港信息通信有限公司 A data synchronization method and related equipment based on node services

Similar Documents

Publication Publication Date Title
CN115396153A (en) Data communication method, computer equipment and storage medium
US11303431B2 (en) Method and system for performing SSL handshake
CN111147472B (en) A lightweight authentication method and system for smart meters in an edge computing scenario
CN111585749B (en) Data transmission method, device, system and equipment
WO2022111102A1 (en) Method, system and apparatus for establishing secure connection, electronic device, and machine-readable storage medium
WO2022021992A1 (en) Data transmission method and system based on nb-iot communication, and medium
CN110839240B (en) Method and device for establishing connection
US10257171B2 (en) Server public key pinning by URL
CN114650181B (en) E-mail encryption and decryption method, system, device and computer-readable storage medium
CN111901335B (en) Block chain data transmission management method and system based on middle station
CN113382002B (en) Data request method, request response method, data communication system, and storage medium
CN114830572A (en) Data transmission method, device, equipment, system and storage medium
CN115766119A (en) Communication method, device, communication system and storage medium
CN114707158B (en) TEE-based network communication authentication method and network communication authentication system
CN116132025A (en) Key negotiation method, device and communication system based on preset key group
CN118827070A (en) Network communication method, device, computer equipment and storage medium
CN108418679A (en) The method, apparatus and electronic equipment of key are handled under a kind of multiple data centers
WO2020093609A1 (en) Block generation method, apparatus and device for blockchain, and non-volatile readable storage medium
CN109995723A (en) A kind of method, apparatus and system of the interaction of domain name analysis system DNS information
CN114928503B (en) Method for realizing secure channel and data transmission method
CN115102698A (en) Digital signature method and system for quantum encryption
CN115529128B (en) SD-WAN-based end-to-end negotiation communication method, terminal equipment and server
CN114978564B (en) Data transmission method and device based on multiple encryption
CN121309210A (en) Information transmission methods, equipment and program products
CN115941338A (en) Session encryption method and device in microservice scenario

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20221125

RJ01 Rejection of invention patent application after publication