CN115022027A - Data processing method, device, system, equipment and readable storage medium - Google Patents
Data processing method, device, system, equipment and readable storage medium Download PDFInfo
- Publication number
- CN115022027A CN115022027A CN202210612214.9A CN202210612214A CN115022027A CN 115022027 A CN115022027 A CN 115022027A CN 202210612214 A CN202210612214 A CN 202210612214A CN 115022027 A CN115022027 A CN 115022027A
- Authority
- CN
- China
- Prior art keywords
- negotiation
- encryption algorithm
- key
- center
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
本申请公开了计算机技术领域内的一种数据处理方法、装置、系统、设备及可读存储介质。在本申请中,设有协商中心的一端接收未设有协商中心的一端发送的包括该端所用加密算法集合的协商消息后,在加密算法集合中选择能够被两端使用且安全优先级最高的目标加密算法;将目标加密算法和随机选择的密钥生成规则发送至未设有协商中心的一端,未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,利用目标加密算法和密钥加密数据得到数据密文,发送数据密文至设有协商中心的一端。本申请可保障加密算法、密钥生成规则的随机性,提升数据在传输过程中的安全。本申请提供的一种数据处理装置、系统、设备及可读存储介质,同样具有上述技术效果。
The present application discloses a data processing method, apparatus, system, device and readable storage medium in the field of computer technology. In this application, after the end with the negotiation center receives the negotiation message including the encryption algorithm set used by the end sent by the end without the negotiation center, it selects the encryption algorithm set that can be used by both ends and has the highest security priority. Target encryption algorithm; send the target encryption algorithm and the randomly selected key generation rule to the end without a negotiation center, and the end without a negotiation center uses the key generation rule to determine the key from the target string, and uses the target encryption The algorithm and key encrypt the data to obtain the data ciphertext, and send the data ciphertext to the end with the negotiation center. This application can guarantee the randomness of encryption algorithms and key generation rules, and improve the security of data during transmission. The data processing apparatus, system, device and readable storage medium provided by the present application also have the above technical effects.
Description
技术领域technical field
本申请涉及计算机技术领域,特别涉及一种数据处理方法、装置、系统、设备及可读存储介质。The present application relates to the field of computer technology, and in particular, to a data processing method, apparatus, system, device, and readable storage medium.
背景技术Background technique
目前需要持久化存储的数据,一般情况下都是存储在数据库中,而这些数据不免需要被访问。如果没有安全的数据传输机制,非法用户可能会非法窃取数据库中的数据,因此数据库的客户端与数据库本地之间的数据传输通道的安全尤为重要。当前虽然可以加密此客户端与数据库本地之间传输的数据,但是加密密钥容易被窃取。Currently, the data that needs to be persistently stored is generally stored in the database, and these data inevitably need to be accessed. If there is no secure data transmission mechanism, illegal users may illegally steal data in the database. Therefore, the security of the data transmission channel between the client of the database and the local database is particularly important. Although the data transmitted between this client and the local database can currently be encrypted, the encryption key is easy to be stolen.
因此,如何提升两端之间的数据传输安全性,是本领域技术人员需要解决的问题。Therefore, how to improve the security of data transmission between two ends is a problem to be solved by those skilled in the art.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本申请的目的在于提供一种数据处理方法、装置、系统、设备及可读存储介质,以提升两端之间的数据传输安全性。其具体方案如下:In view of this, the purpose of this application is to provide a data processing method, apparatus, system, device and readable storage medium, so as to improve the security of data transmission between two ends. Its specific plan is as follows:
第一方面,本申请提供了一种数据处理方法,应用于设有协商中心的一端,包括:In a first aspect, the present application provides a data processing method, which is applied to one end with a negotiation center, including:
接收未设有协商中心的一端发送的协商消息;所述协商消息包括所述未设有协商中心的一端使用的加密算法集合;receiving a negotiation message sent by the end without a negotiation center; the negotiation message includes an encryption algorithm set used by the end without a negotiation center;
在所述加密算法集合中选择能够被所述设有协商中心的一端使用且安全优先级最高的目标加密算法;Selecting the target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority from the encryption algorithm set;
随机选择密钥生成规则,并将所述目标加密算法和所述密钥生成规则发送至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥生成规则从目标字符串中确定密钥,并利用所述目标加密算法和所述密钥加密目标数据得到数据密文,发送所述数据密文至所述设有协商中心的一端。Randomly select a key generation rule, and send the target encryption algorithm and the key generation rule to the end without a negotiation center, so that the end without a negotiation center uses the key to generate The rule determines the key from the target string, encrypts the target data with the target encryption algorithm and the key to obtain a data ciphertext, and sends the data ciphertext to the end provided with the negotiation center.
可选地,所述未设有协商中心的一端发送所述数据密文至所述设有协商中心的一端之后,还包括:Optionally, after the end without the negotiation center sends the data ciphertext to the end with the negotiation center, the method further includes:
利用所述密钥生成规则从所述目标字符串中确定所述密钥;Determine the key from the target string using the key generation rule;
利用所述密钥和所述目标加密算法对应的解密算法对所述数据密文进行解密,得到所述目标数据;Decrypt the data ciphertext by using the decryption algorithm corresponding to the key and the target encryption algorithm to obtain the target data;
处理所述目标数据得到处理结果;processing the target data to obtain a processing result;
利用所述目标加密算法和所述密钥加密所述处理结果得到结果密文,发送所述结果密文至所述未设有协商中心的一端。Encrypt the processing result with the target encryption algorithm and the key to obtain a result ciphertext, and send the resultant ciphertext to the end without a negotiation center.
可选地,还包括:Optionally, also include:
若再次接收到所述未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被所述设有协商中心的一端使用、安全优先级最高、且与所述目标加密算法不同的加密算法。If the negotiation message sent by the end without the negotiation center is received again, select the encryption algorithm set included in the current negotiation message that can be used by the end with the negotiation center, has the highest security priority, and is compatible with all encryption algorithms. The encryption algorithm described in the target encryption algorithm is different.
可选地,还包括:Optionally, also include:
若所选择的加密算法有多个,则随机选择一个。If there are more than one encryption algorithm selected, select one at random.
可选地,还包括:Optionally, also include:
利用所述密钥和所述目标加密算法加密新字符串得到字符串密文,发送所述字符串密文至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥和所述目标加密算法对应的解密算法对所述字符串密文进行解密,得到所述新字符串,利用所述密钥生成规则从新字符串中确定新密钥。Encrypt a new string with the key and the target encryption algorithm to obtain a string ciphertext, and send the string ciphertext to the end without a negotiation center, so that the end without a negotiation center Decrypt the character string ciphertext by using the key and the decryption algorithm corresponding to the target encryption algorithm to obtain the new character string, and use the key generation rule to determine a new key from the new character string.
可选地,所述新字符串由用户提交至所述协商中心。Optionally, the new character string is submitted to the negotiation center by the user.
第二方面,本申请提供了一种数据处理装置,应用于设有协商中心的一端,包括:In a second aspect, the present application provides a data processing device, which is applied to one end with a negotiation center, including:
接收模块,用于接收未设有协商中心的一端发送的协商消息;所述协商消息包括所述未设有协商中心的一端使用的加密算法集合;a receiving module, configured to receive a negotiation message sent by an end without a negotiation center; the negotiation message includes an encryption algorithm set used by the end without a negotiation center;
选择模块,用于在所述加密算法集合中选择能够被所述设有协商中心的一端使用且安全优先级最高的目标加密算法;a selection module, configured to select a target encryption algorithm that can be used by the end provided with the negotiation center and has the highest security priority from the encryption algorithm set;
同步模块,用于随机选择密钥生成规则,并将所述目标加密算法和所述密钥生成规则发送至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥生成规则从目标字符串中确定密钥,并利用所述目标加密算法和所述密钥加密目标数据得到数据密文,发送所述数据密文至所述设有协商中心的一端。The synchronization module is used to randomly select a key generation rule, and send the target encryption algorithm and the key generation rule to the end without a negotiation center, so that the end without a negotiation center can use the The key generation rule determines the key from the target string, encrypts the target data with the target encryption algorithm and the key to obtain a data ciphertext, and sends the data ciphertext to the end with the negotiation center .
可选地,还包括:Optionally, also include:
返回模块,用于所述未设有协商中心的一端发送所述数据密文至所述设有协商中心的一端之后,利用所述密钥生成规则从所述目标字符串中确定所述密钥;利用所述密钥和所述目标加密算法对应的解密算法对所述数据密文进行解密,得到所述目标数据;处理所述目标数据得到处理结果;利用所述目标加密算法和所述密钥加密所述处理结果得到结果密文,发送所述结果密文至所述未设有协商中心的一端。Returning module, used for determining the key from the target string by using the key generation rule after the end without the negotiation center sends the data ciphertext to the end with the negotiation center ; Utilize the decryption algorithm corresponding to the key and the target encryption algorithm to decrypt the data ciphertext to obtain the target data; Process the target data to obtain a processing result; Use the target encryption algorithm and the encryption The key encrypts the processing result to obtain a result ciphertext, and sends the resultant ciphertext to the end without the negotiation center.
可选地,还包括:Optionally, also include:
随机性保障模块,用于若再次接收到所述未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被所述设有协商中心的一端使用、安全优先级最高、且与所述目标加密算法不同的加密算法。The randomness guarantee module is configured to select, from the set of encryption algorithms included in the current negotiation message, which can be used by the end with the negotiation center, if the negotiation message sent by the end without the negotiation center is received again. The encryption algorithm with the highest priority and different from the target encryption algorithm.
可选地,还包括:Optionally, also include:
密钥更改模块,用于利用所述密钥和所述目标加密算法加密新字符串得到字符串密文,发送所述字符串密文至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥和所述目标加密算法对应的解密算法对所述字符串密文进行解密,得到所述新字符串,利用所述密钥生成规则从新字符串中确定新密钥。The key changing module is configured to encrypt a new character string with the key and the target encryption algorithm to obtain a character string ciphertext, and send the character string ciphertext to the end without a negotiation center, so that the The end that does not have a negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain the new string, and use the key generation rule to extract the new string from the new string. Determine the new key.
第三方面,本申请提供了一种数据处理系统,包括:第一端和第二端,所述第一端或所述第二端设有协商中心,设有协商中心的一端用于执行上述任一项所述的方法。其中,设有协商中心的一端具体用于:接收未设有协商中心的一端发送的协商消息;所述协商消息包括所述未设有协商中心的一端使用的加密算法集合;在所述加密算法集合中选择能够被所述设有协商中心的一端使用且安全优先级最高的目标加密算法;随机选择密钥生成规则,并将所述目标加密算法和所述密钥生成规则发送至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥生成规则从目标字符串中确定密钥,并利用所述目标加密算法和所述密钥加密目标数据得到数据密文,发送所述数据密文至所述设有协商中心的一端。In a third aspect, the present application provides a data processing system, comprising: a first end and a second end, the first end or the second end is provided with a negotiation center, and the end provided with the negotiation center is used for performing the above The method of any one. The end with the negotiation center is specifically used to: receive the negotiation message sent by the end without the negotiation center; the negotiation message includes the encryption algorithm set used by the end without the negotiation center; Select the target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority from the set; randomly select a key generation rule, and send the target encryption algorithm and the key generation rule to the One end with a negotiation center, so that the end without a negotiation center uses the key generation rule to determine the key from the target string, and encrypts the target data with the target encryption algorithm and the key to obtain Data cipher text, send the data cipher text to the end provided with the negotiation center.
可选地,设有协商中心的一端具体用于:在所述未设有协商中心的一端发送所述数据密文至所述设有协商中心的一端之后,还包括:利用所述密钥生成规则从所述目标字符串中确定所述密钥;利用所述密钥和所述目标加密算法对应的解密算法对所述数据密文进行解密,得到所述目标数据;处理所述目标数据得到处理结果;利用所述目标加密算法和所述密钥加密所述处理结果得到结果密文,发送所述结果密文至所述未设有协商中心的一端。Optionally, the end provided with the negotiation center is specifically used for: after the end without the negotiation center sends the data ciphertext to the end provided with the negotiation center, the method further includes: generating using the key The rule determines the key from the target string; decrypts the data ciphertext by using the key and a decryption algorithm corresponding to the target encryption algorithm to obtain the target data; processes the target data to obtain Processing result; encrypting the processing result with the target encryption algorithm and the key to obtain a result ciphertext, and sending the resultant ciphertext to the end without a negotiation center.
可选地,设有协商中心的一端具体用于:若再次接收到所述未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被所述设有协商中心的一端使用、安全优先级最高、且与所述目标加密算法不同的加密算法。Optionally, the end with the negotiation center is specifically configured to: if the negotiation message sent by the end without the negotiation center is received again, select from the set of encryption algorithms included in the current negotiation message that can be One end of the negotiation center uses the encryption algorithm with the highest security priority and different from the target encryption algorithm.
可选地,设有协商中心的一端具体用于:若所选择的加密算法有多个,则随机选择一个。Optionally, the end with the negotiation center is specifically used for: if there are multiple selected encryption algorithms, randomly select one.
可选地,设有协商中心的一端具体用于:利用所述密钥和所述目标加密算法加密新字符串得到字符串密文,发送所述字符串密文至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥和所述目标加密算法对应的解密算法对所述字符串密文进行解密,得到所述新字符串,利用所述密钥生成规则从新字符串中确定新密钥。Optionally, the end with the negotiation center is specifically used for: encrypting a new string with the key and the target encryption algorithm to obtain a string ciphertext, and sending the string ciphertext to the non-negotiating center. so that the end that does not have a negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain the new string, and use the encryption The key generation rule determines the new key from the new string.
第四方面,本申请提供了一种电子设备,包括:In a fourth aspect, the present application provides an electronic device, comprising:
存储器,用于存储计算机程序;memory for storing computer programs;
处理器,用于执行所述计算机程序,以实现前述公开的数据处理方法。A processor for executing the computer program to implement the data processing method disclosed above.
第五方面,本申请提供了一种可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现前述公开的数据处理方法。In a fifth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program implements the data processing method disclosed above when executed by a processor.
通过以上方案可知,本申请提供了一种数据处理方法,应用于设有协商中心的一端,包括:接收未设有协商中心的一端发送的协商消息;所述协商消息包括所述未设有协商中心的一端使用的加密算法集合;在所述加密算法集合中选择能够被所述设有协商中心的一端使用且安全优先级最高的目标加密算法;随机选择密钥生成规则,并将所述目标加密算法和所述密钥生成规则发送至所述未设有协商中心的一端,以使所述未设有协商中心的一端利用所述密钥生成规则从目标字符串中确定密钥,并利用所述目标加密算法和所述密钥加密目标数据得到数据密文,发送所述数据密文至所述设有协商中心的一端。It can be seen from the above solutions that the present application provides a data processing method, which is applied to an end with a negotiation center, including: receiving a negotiation message sent by an end without a negotiation center; the negotiation message includes the The set of encryption algorithms used by one end of the center; the target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority is selected from the set of encryption algorithms; the key generation rule is randomly selected, and the target The encryption algorithm and the key generation rule are sent to the end without a negotiation center, so that the end without a negotiation center uses the key generation rule to determine the key from the target string, and uses The target encryption algorithm and the key encrypt the target data to obtain a data ciphertext, and the data ciphertext is sent to the end provided with the negotiation center.
可见,本申请基于协商中心使需要进行通信的两端同步了加密算法和密钥生成规则,从而使需要进行通信的两端完成加密算法和加密密钥的同步。其中,设有协商中心的一端在未设有协商中心的一端使用的加密算法集合中选择能够被两端都能用且安全优先级最高的目标加密算法,不仅可完成加密算法的同步,还可使所选加密算法的加密安全优先级维持在较高水平,从而提升二者之间的数据传输安全。同时,设有协商中心的一端随机选择密钥生成规则可以保障加密密钥的随机性,从而提升加密密钥的安全性。可见,二者之间并未传输真正的加密密钥,而仅仅传输了加密算法和密钥生成规则,因此就算第三方窃取了加密算法和密钥生成规则,第三方也不能窃取通信双方之间所传输的原生数据,提升了原生数据在传输过程中的安全性。It can be seen that, based on the negotiation center, the present application synchronizes the encryption algorithm and the key generation rule between the two ends that need to communicate, so that the two ends that need to communicate complete the synchronization of the encryption algorithm and the encryption key. Among them, the end with the negotiation center selects the target encryption algorithm that can be used by both ends and has the highest security priority from the set of encryption algorithms used by the end that does not have the negotiation center, which can not only complete the synchronization of encryption algorithms, but also The encryption security priority of the selected encryption algorithm is maintained at a high level, thereby improving the security of data transmission between the two. At the same time, the random selection of the key generation rule at the end with the negotiation center can ensure the randomness of the encryption key, thereby improving the security of the encryption key. It can be seen that the real encryption key is not transmitted between the two, but only the encryption algorithm and key generation rules are transmitted. Therefore, even if the third party steals the encryption algorithm and key generation rules, the third party cannot steal the communication between the two parties. The transmitted native data improves the security of the native data during transmission.
相应地,本申请提供的一种数据处理装置、系统、设备及可读存储介质,也同样具有上述技术效果。Correspondingly, a data processing apparatus, system, device and readable storage medium provided by the present application also have the above technical effects.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required for the description of the embodiments or the prior art. Obviously, the drawings in the following description are only It is an embodiment of the present application. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without any creative effort.
图1为本申请公开的一种数据处理方法流程图;1 is a flowchart of a data processing method disclosed in the application;
图2为本申请公开的一种通道建立流程示意图;2 is a schematic flow chart of a channel establishment disclosed in the application;
图3为本申请公开的一种数据处理装置示意图;3 is a schematic diagram of a data processing apparatus disclosed in the application;
图4为本申请公开的一种数据处理系统示意图;4 is a schematic diagram of a data processing system disclosed in the application;
图5为本申请公开的一种电子设备示意图。FIG. 5 is a schematic diagram of an electronic device disclosed in this application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
目前,需要持久化存储的数据,一般情况下都是存储在数据库中,而这些数据不免需要被访问。如果没有安全的数据传输机制,非法用户可能会非法窃取数据库中的数据,因此数据库的客户端与数据库本地之间的数据传输通道的安全尤为重要。当前虽然可以加密此客户端与数据库本地之间传输的数据,但是加密密钥容易被窃取。为此,本申请提供了一种数据处理方案,能够提升两端之间的数据传输安全性。At present, the data that needs to be persistently stored is generally stored in the database, and these data inevitably need to be accessed. If there is no secure data transmission mechanism, illegal users may illegally steal data in the database. Therefore, the security of the data transmission channel between the client of the database and the local database is particularly important. Although the data transmitted between this client and the local database can currently be encrypted, the encryption key is easy to be stolen. To this end, the present application provides a data processing solution, which can improve the security of data transmission between two ends.
参见图1所示,本申请实施例公开了一种数据处理方法,应用于设有协商中心的一端,包括:Referring to FIG. 1 , an embodiment of the present application discloses a data processing method, which is applied to one end with a negotiation center, including:
S101、接收未设有协商中心的一端发送的协商消息;协商消息包括未设有协商中心的一端使用的加密算法集合。S101. Receive a negotiation message sent by the end without a negotiation center; the negotiation message includes an encryption algorithm set used by the end without a negotiation center.
在本实施例中,设有协商中心的一端可以为服务端,那么未设有协商中心的一端为该服务端的客户端。例如:设有协商中心的一端为数据库、分布式存储系统等。当然,也可以将协商中心设在客户端,即:设有协商中心的一端为客户端,未设有协商中心的一端为该客户端的服务端。数据库是“按照数据结构来组织、存储和管理数据的仓库”,是一个长期存储在计算机内的、有组织的、可共享的、统一管理的大量数据的集合。In this embodiment, the end with the negotiation center may be the server, and then the end without the negotiation center is the client of the server. For example, one end with a negotiation center is a database, a distributed storage system, and so on. Of course, the negotiation center can also be set at the client, that is, the end with the negotiation center is the client, and the end without the negotiation center is the server of the client. A database is a "warehouse that organizes, stores and manages data according to data structures", and is a collection of large amounts of data that is organized, shared, and managed in a long-term computer.
其中,未设有协商中心的一端使用的加密算法集合由该端的用户指定。例如:未设有协商中心的一端的用户指定AES、DES、3DES、Blowfish、IDEA、RC4、RC5、RC6等算法组成加密算法集合。本实施例优先选择计算量较少的对称加密算法。在一种示例中,加密算法集合默认包括M个算法,后续允许用户对加密算法集合中的算法进行增删改操作。The set of encryption algorithms used by the end without the negotiation center is specified by the user of the end. For example, the user at the end without the negotiation center specifies algorithms such as AES, DES, 3DES, Blowfish, IDEA, RC4, RC5, and RC6 to form an encryption algorithm set. In this embodiment, a symmetric encryption algorithm with less computation load is preferentially selected. In an example, the encryption algorithm set includes M algorithms by default, and the user is allowed to add, delete, or modify algorithms in the encryption algorithm set subsequently.
在对称加密算法中,数据发信方将明文和加密密钥一起经过特殊的加密算法处理后,使其变成复杂的加密密文发送出去,收信方收到密文后,若想解读出原文,则需要使用加密时用的密钥以及相同加密算法的逆算法对密文进行解密,才能使其回复成可读明文。在对称加密算法中,使用的密钥只有一个,收发双方都使用这个密钥,这就需要解密方事先知道加密密钥。因此本实施例才进行了密钥同步,即:同步加密算法和密钥生成规则。In the symmetric encryption algorithm, the sender of the data processes the plaintext and the encryption key together with a special encryption algorithm to turn it into a complex encrypted ciphertext and sends it out. In the original text, the ciphertext needs to be decrypted using the key used for encryption and the inverse algorithm of the same encryption algorithm, so that it can be returned to readable plaintext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver use this key, which requires the decryptor to know the encryption key in advance. Therefore, the key synchronization is performed in this embodiment, that is, the encryption algorithm and the key generation rule are synchronized.
S102、在加密算法集合中选择能够被设有协商中心的一端使用且安全优先级最高的目标加密算法。S102. Select a target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority from the encryption algorithm set.
一般地,设有协商中心的一端支持使用的加密算法组成的集合等于未设有协商中心的一端使用的加密算法集合。未设有协商中心的一端使用的加密算法集合也可以是设有协商中心的一端支持使用的加密算法集合的子集。当然,也可能出现:未设有协商中心的一端支持使用的某一加密算法在设有协商中心的一端不支持使用,此时可以在设有协商中心的一端提示增加该算法。例如:由设有协商中心的一端的用户手动在该端增加算法。Generally, the set of encryption algorithms supported and used by the end with the negotiation center is equal to the set of encryption algorithms used by the end without the negotiation center. The set of encryption algorithms used by the end without a negotiation center may also be a subset of the set of encryption algorithms supported by the end with a negotiation center. Of course, it may also happen that a certain encryption algorithm supported by the end without a negotiation center is not supported by the end with a negotiation center. In this case, the end with a negotiation center can be prompted to add the algorithm. For example: the user at the end with the negotiation center manually adds the algorithm at the end.
其中,本实施例根据各算法的安全性高低给各算法设置了安全优先级。假设设定2个安全优先级:高(用标签1表示)、低(用标签2表示),然后给各算法打上相应的安全优先级标签。例如:给AES、DES、3DES打上标签1,给Blowfish、IDEA打上标签2。各算法的安全优先级标签由用户自行配置。Wherein, this embodiment sets a security priority for each algorithm according to the security level of each algorithm. Suppose two security priorities are set: high (represented by label 1) and low (represented by label 2), and then each algorithm is labeled with the corresponding security priority. For example: label 1 for AES, DES, and 3DES, and label 2 for Blowfish and IDEA. The security priority label of each algorithm is configured by the user.
在一种示例中,假设未设有协商中心的一端发送的协商消息中的加密算法集合为:AES、DES、3DES、IDEA,且该集合是设有协商中心的一端支持使用的加密算法集合的子集,那么意味着从该集合中选择安全优先级最高的算法即可。按照上述示例的安全优先级,“AES、DES、3DES”都属于高优先级,此时从AES、DES、3DES中随机选一个作为目标加密算法,保障加密算法的随机性。In an example, it is assumed that the set of encryption algorithms in the negotiation message sent by the end without the negotiation center is: AES, DES, 3DES, IDEA, and the set is a set of encryption algorithms supported by the end with the negotiation center. subset, it means that the algorithm with the highest security priority can be selected from the set. According to the security priority of the above example, "AES, DES, 3DES" are all high priorities. At this time, one of AES, DES, and 3DES is randomly selected as the target encryption algorithm to ensure the randomness of the encryption algorithm.
如果再次接收到未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被设有协商中心的一端使用、安全优先级最高、且与目标加密算法不同的加密算法。如此可保障本次选择的加密算法与前次选择的加密算法不同,从而保障加密算法的随机性。If the negotiation message sent by the end without the negotiation center is received again, the encryption algorithm set that can be used by the end with the negotiation center and has the highest security priority and is different from the target encryption algorithm is selected from the set of encryption algorithms included in the current negotiation message. Encryption Algorithm. This ensures that the encryption algorithm selected this time is different from the encryption algorithm selected last time, thereby ensuring the randomness of the encryption algorithm.
在一种具体实施方式中,若所选择的加密算法有多个,则随机选择一个。In a specific implementation manner, if there are multiple selected encryption algorithms, one is randomly selected.
S103、随机选择密钥生成规则,并将目标加密算法和密钥生成规则发送至未设有协商中心的一端,以使未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,并利用目标加密算法和密钥加密目标数据得到数据密文,发送数据密文至设有协商中心的一端。S103. Randomly select a key generation rule, and send the target encryption algorithm and key generation rule to the end without a negotiation center, so that the end without a negotiation center can use the key generation rule to determine the encryption key from the target string. and encrypt the target data with the target encryption algorithm and the key to obtain the data ciphertext, and send the data ciphertext to the end with the negotiation center.
需要说明的是,设有协商中心的一端中包括一个规则库,该规则库中包括多个密钥生成规则,因此可以从预设规则库中随机选择密钥生成规则。示例性的,密钥生成规则可以是:截取前N个字符作为密钥,或截取后N个字符作为密钥等。由此通信双方获得密钥生成规则后,两者都可以从目标字符串中确定密钥。其中,目标字符串可以是访问所使用的账户+密码。第一次协商时,通信双方使用默认字符串(如账户+密码)作为目标字符串。It should be noted that the end provided with the negotiation center includes a rule base, and the rule base includes a plurality of key generation rules, so the key generation rules can be randomly selected from the preset rule base. Exemplarily, the key generation rule may be: truncate the first N characters as the key, or truncate the last N characters as the key, or the like. After the two communicating parties obtain the key generation rules, both parties can determine the key from the target string. The target string can be the account + password used for access. During the first negotiation, both parties use the default string (such as account + password) as the target string.
当然,目标字符串允许设有协商中心的一端的用户进行修改,修改流程包括:设有协商中心的一端利用密钥和目标加密算法加密新字符串得到字符串密文,发送字符串密文至未设有协商中心的一端,以使未设有协商中心的一端利用密钥和目标加密算法对应的解密算法对字符串密文进行解密,得到新字符串,利用密钥生成规则从新字符串中确定新密钥。在一种具体实施方式中,新字符串由设有协商中心的一端的用户提交至协商中心。其中,新字符串以密文形式传输,可保障其安全性。Of course, the target string can be modified by the user at the end with the negotiation center. The modification process includes: the end with the negotiation center encrypts the new string with the key and the target encryption algorithm to obtain the ciphertext of the string, and sends the ciphertext of the string to The end without a negotiation center, so that the end without a negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain a new string. Determine the new key. In a specific implementation, the new character string is submitted to the negotiation center by the user at the end with the negotiation center. Among them, the new string is transmitted in the form of cipher text, which can ensure its security.
在一种具体实施方式中,未设有协商中心的一端发送数据密文至设有协商中心的一端之后,还包括:设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥;利用密钥和目标加密算法对应的解密算法对数据密文进行解密,得到目标数据;处理目标数据得到处理结果;利用目标加密算法和密钥加密处理结果得到结果密文,发送结果密文至未设有协商中心的一端。当然,设有协商中心的一端也可以主动发送数据给未设有协商中心的一端,具体发送过程为:设有协商中心的一端利用目标加密算法和密钥加密待发数据得到数据密文,发送数据密文至未设有协商中心的一端。In a specific implementation manner, after the end without the negotiation center sends the data ciphertext to the end with the negotiation center, the method further includes: the end with the negotiation center uses the key generation rule to determine the key from the target string ; Decrypt the data ciphertext using the decryption algorithm corresponding to the key and the target encryption algorithm to obtain the target data; process the target data to obtain the processing result; use the target encryption algorithm and the key encryption processing result to obtain the result ciphertext, and send the result ciphertext to The end that does not have a negotiation center. Of course, the end with the negotiation center can also actively send data to the end without the negotiation center. The specific sending process is as follows: the end with the negotiation center uses the target encryption algorithm and key to encrypt the data to be sent to obtain the data ciphertext, and send Data ciphertext to the end that does not have a negotiation center.
可见,本实施例基于协商中心使需要进行通信的两端同步了加密算法和密钥生成规则,从而使需要进行通信的两端完成加密算法和加密密钥的同步。其中,设有协商中心的一端在未设有协商中心的一端使用的加密算法集合中选择能够被两端都能用且安全优先级最高的目标加密算法,不仅可完成加密算法的同步,还可使所选加密算法的加密安全优先级维持在较高水平,从而提升二者之间的数据传输安全。同时,设有协商中心的一端随机选择密钥生成规则可以保障加密密钥的随机性,从而提升加密密钥的安全性。可见,二者之间并未传输真正的加密密钥,而仅仅传输了加密算法和密钥生成规则,因此就算第三方窃取了加密算法和密钥生成规则,第三方也不能窃取通信双方之间所传输的原生数据,提升了原生数据在传输过程中的安全性。It can be seen that, based on the negotiation center, in this embodiment, the two ends that need to communicate can synchronize the encryption algorithm and the key generation rule, so that the two ends that need to communicate can complete the synchronization of the encryption algorithm and the encryption key. Among them, the end with the negotiation center selects the target encryption algorithm that can be used by both ends and has the highest security priority from the set of encryption algorithms used by the end that does not have the negotiation center, which can not only complete the synchronization of encryption algorithms, but also The encryption security priority of the selected encryption algorithm is maintained at a high level, thereby improving the security of data transmission between the two. At the same time, the random selection of the key generation rule at the end with the negotiation center can ensure the randomness of the encryption key, thereby improving the security of the encryption key. It can be seen that the real encryption key is not transmitted between the two, but only the encryption algorithm and key generation rules are transmitted. Therefore, even if the third party steals the encryption algorithm and key generation rules, the third party cannot steal the communication between the two parties. The transmitted native data improves the security of the native data during transmission.
下述实施例以数据库服务端及其客户端之间的通信为例,进一步介绍本申请。The following embodiments further introduce the present application by taking the communication between the database server and its client as an example.
首先,我们需要明确的是数据库分为很多种,但都无外乎都拥有自己的服务端和客户端。对于两者之间想要进行通信,则必须先建立通道。对于客户端我们可以理解为向服务端发送指令的一端,它不进行存储数据的。服务端则是执行指令的一端,它是需要进行数据的处理及存储。First of all, we need to be clear that there are many types of databases, but they all have their own servers and clients. For communication between the two, a channel must be established first. For the client, we can understand it as the end that sends instructions to the server, and it does not store data. The server is the end that executes the instruction, and it needs to process and store the data.
一般而言,客户端和服务端可以是在同一台主机上的,也可以在不同主机上,可根据具体业务来决定的。一般地,可以配备专门的物理服务器作为数据库服务器来存储必要的数据,而数据库客户端都是和自己的业务放在一起。因此,把数据库的客户端和服务端放在同一台主机上的意义就没那么大了,但需要说明的是,通道的建立是不关注客户端和服务端是否在同一台主机上,只要是客户端和服务端有数据交互,就必须有通道。因此,建立客户端和服务端之间的传输通道是必要的。Generally speaking, the client and server can be on the same host or on different hosts, which can be determined according to the specific business. Generally, a dedicated physical server can be used as a database server to store necessary data, and the database client is placed with its own business. Therefore, putting the client and server of the database on the same host does not make much sense, but it should be noted that the establishment of the channel does not pay attention to whether the client and the server are on the same host, as long as it is If the client and the server have data interaction, there must be a channel. Therefore, it is necessary to establish a transmission channel between the client and the server.
为了保障数据在通道中的安全性,本实施例按照如下方案建立服务端和客户端之间的传输通道,具体可参照图2。如图2所示,首先在服务端增加一个抽象组件作为协商中心,当客户端和服务端建立连接时,客户端先和协商中心进行“沟通”,该“沟通”的主要目的是:告诉服务端自己都支持哪些对称加密算法。协商中心收到客户端发来的一些加密算法后进行筛选,可以选择安全性相对比较高的、且自己也支持的加密算法,然后把所选择的加密算法名称和本次随机选择的密钥生成规则发给客户端。客户端收到密钥生成规则和加密算法后,生成本次传输密钥,后续客户端可利用密钥和加密算法进行数据加密后发送,至此加密通道建立成功。In order to ensure the security of data in the channel, this embodiment establishes a transmission channel between the server and the client according to the following scheme. For details, please refer to FIG. 2 . As shown in Figure 2, an abstract component is first added to the server as the negotiation center. When the client establishes a connection with the server, the client first "communicates" with the negotiation center. The main purpose of this "communication" is to tell the service Which symmetric encryption algorithms are supported by the terminal itself. After receiving some encryption algorithms sent by the client, the negotiation center can select the encryption algorithm with relatively high security and also supported by itself, and then generate the name of the selected encryption algorithm and the key randomly selected this time. The rules are sent to the client. After the client receives the key generation rules and encryption algorithm, it generates the key for this transmission, and the client can use the key and encryption algorithm to encrypt the data and send it, so far the encryption channel is successfully established.
当然,由于协商中心在服务端中,因此服务端肯定知道密钥生成规则和加密算法。服务端在收到客户端发来的加密数据后,可根据加密算法和密钥进行解密。服务端解密后处理解密所得,后续可对相应的数据处理结果进行加密处理后,再发送至客户端。客户端收到服务端发来的数据密文后,进行解密处理。Of course, since the negotiation center is in the server, the server must know the key generation rules and encryption algorithms. After receiving the encrypted data sent by the client, the server can decrypt it according to the encryption algorithm and key. The server decrypts and processes the decrypted results, and then encrypts the corresponding data processing results before sending them to the client. After the client receives the data ciphertext sent by the server, it decrypts it.
其中,服务端的协商中心内置了很多常见的对称加密算法,例如:AES、DES、3DES、Blowfish、IDEA、RC4、RC5、RC6,但不局限于该类型的算法。客户端和协商中心的“沟通”内容为:协商本次密钥生成规则和本次加密算法。具体的,基于密钥生成规则对默认字符进行处理,可获得本次密钥。例如:默认字符串为:用户名+密码。若用户名为username,密码为password。则默认字符串为usernamepassword。当然默认字符也可以配置为其它,但需要使客户端和服务端都知晓此字符。当然,协商中心不是必须在服务端,也可以在客户端,如果在客户端则实现步骤相应调整即可。Among them, the negotiation center of the server has built-in many common symmetric encryption algorithms, such as: AES, DES, 3DES, Blowfish, IDEA, RC4, RC5, RC6, but not limited to this type of algorithm. The "communication" content between the client and the negotiation center is: negotiate the current key generation rules and the current encryption algorithm. Specifically, the default character is processed based on the key generation rule to obtain the current key. For example: the default string is: username + password. If the user name is username, the password is password. The default string is usernamepassword. Of course, the default character can also be configured to other characters, but both the client and the server need to know this character. Of course, the negotiation center does not have to be on the server side, but can also be on the client side. If it is on the client side, the implementation steps can be adjusted accordingly.
需要说明的是,每一次建立加密连接通道时,所选择的密钥生成规则都不统一,例如:某一次的规则可以是取默认字符的第2个字符到第9个字符,下一次的规则为取第1、2、5、6、9个字符,可见密钥生成规则可随机设定,且本次与前次所选择的密钥生成规则不同。It should be noted that each time an encrypted connection channel is established, the selected key generation rules are not uniform. For example, the rule for a certain time can be the 2nd to 9th characters of the default characters, and the rule for the next time. In order to take the 1st, 2nd, 5th, 6th, and 9th characters, it can be seen that the key generation rule can be set randomly, and the key generation rule selected this time is different from the previous key generation rule.
本实施例之所以选择对称加密算法,是因为非对称加密算法的加解密效率较低,不适用于数据库服务端与客户端之间。因为在数据库的应用场景中,通常服务端与客户端之间存在大量的交互,因此非对称加密的效率无法被数据库访问场景所接受。本实施例默认用于确定密码的字符串为用户名加密码,当然也可以配置为其它的字符串。The reason why the symmetric encryption algorithm is selected in this embodiment is that the encryption and decryption efficiency of the asymmetric encryption algorithm is low, and it is not applicable between the database server and the client. Because in the database application scenario, there is usually a lot of interaction between the server and the client, so the efficiency of asymmetric encryption cannot be accepted by the database access scenario. In this embodiment, by default, the character string used to determine the password is the user name plus the password, and of course, it can also be configured as other character strings.
需要说明的是,协商中心中可设置加密策略库。在加密策略库中,每个加密都提前设置了安全优先级。加密策略库具体可以按照下述结构进行呈现:It should be noted that the encryption policy library can be set in the negotiation center. In the encryption policy library, each encryption has a security priority set in advance. The encryption policy library can be presented according to the following structure:
1:AES、DES、3DES;1: AES, DES, 3DES;
2:Blowfish、IDEA;2: Blowfish, IDEA;
其中,1,2代表两个不同的安全优先级,数字越小则优先在该等级中选择加密算法。这里的优先级对应的算法用户可以自行配置。Among them, 1 and 2 represent two different security priorities, and the smaller the number is, the priority is to select the encryption algorithm in this level. The algorithm corresponding to the priority here can be configured by the user.
需要注意的是,同一客户端与服务端每次协商选择的加密算法可能不同。例如:一客户端发来支持AES,DES,3DES的协商信息,之后服务端选择了3DES,针对该客户端下次发来的协商信息,服务端选择了AES,从而可实现同安全等级下算法的随机性选择。It should be noted that the encryption algorithm selected by the same client and server during each negotiation may be different. For example, a client sends negotiation information that supports AES, DES, and 3DES, and then the server selects 3DES. For the next negotiation information sent by the client, the server selects AES, so that the algorithm at the same security level can be implemented. random selection.
进一步地,当用户想要更改默认字符串时,需要在“协商中心”内修改,修改完成后,“协商中心”会向客户端发送更改命令。此时,新字符串会通过当前协商的出的密钥和加密算法进行加密后传输到客户端,客户端进行解密后拿到新字符串,以更改密钥。比如:新字符串为userword,当前目标字符串为usernamepassword,新字符串通过当前密钥和当前加密算法加密传输至客户端。客户端收到后解密拿到新字符串后,基于原来的密钥生成规则从新字符串userword中重新确定加密密钥,并回复给服务端一个密钥更改完成的通知消息。下次进行数据传输时双方会使用新密钥加密数据。之前的usernamepassword将会被丢弃。Further, when the user wants to change the default string, it needs to be modified in the "Negotiation Center". After the modification is completed, the "Negotiation Center" will send a change command to the client. At this time, the new string will be encrypted by the currently negotiated key and encryption algorithm and then transmitted to the client, and the client will decrypt and get the new string to change the key. For example: the new string is username, the current target string is usernamepassword, and the new string is encrypted and transmitted to the client through the current key and the current encryption algorithm. After the client receives and decrypts the new string, it re-determines the encryption key from the new string userword based on the original key generation rule, and replies to the server with a notification message that the key has been changed. The next time the data is transferred, both parties will use the new key to encrypt the data. The previous usernamepassword will be discarded.
可见,本实施例基于协商中心建立了服务端与客户端之间的传输通道,在该过程中同步了本次密钥生成规则和本次加密算法,在数据传输时使用密钥生成规则确定加密密钥,并进行数据加密,避免了非法用户通过窃取的手段去获取原生数据,从而保障数据在传输过程中的安全性。It can be seen that this embodiment establishes a transmission channel between the server and the client based on the negotiation center, synchronizes this key generation rule and this encryption algorithm in the process, and uses the key generation rule to determine encryption during data transmission. The key is encrypted, and data encryption is performed to prevent illegal users from obtaining original data by stealing, thereby ensuring the security of data during transmission.
下面对本申请实施例提供的一种数据处理装置进行介绍,下文描述的一种数据处理装置与上文描述的一种数据处理方法可以相互参照。The following describes a data processing apparatus provided by an embodiment of the present application, and a data processing apparatus described below and a data processing method described above can be referred to each other.
参见图3所示,本申请实施例公开了一种数据处理装置,应用于设有协商中心的一端,包括:Referring to FIG. 3 , an embodiment of the present application discloses a data processing apparatus, which is applied to one end with a negotiation center, including:
接收模块301,用于接收未设有协商中心的一端发送的协商消息;协商消息包括未设有协商中心的一端使用的加密算法集合;A receiving
选择模块302,用于在加密算法集合中选择能够被设有协商中心的一端使用且安全优先级最高的目标加密算法;A
同步模块303,用于随机选择密钥生成规则,并将目标加密算法和密钥生成规则发送至未设有协商中心的一端,以使未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,并利用目标加密算法和密钥加密目标数据得到数据密文,发送数据密文至设有协商中心的一端。The
在一种具体实施方式中,还包括:In a specific embodiment, it also includes:
返回模块,用于未设有协商中心的一端发送数据密文至设有协商中心的一端之后,利用密钥生成规则从目标字符串中确定密钥;利用密钥和目标加密算法对应的解密算法对数据密文进行解密,得到目标数据;处理目标数据得到处理结果;利用目标加密算法和密钥加密处理结果得到结果密文,发送结果密文至未设有协商中心的一端。The return module is used for the end without a negotiation center to send the data ciphertext to the end with a negotiation center, and then use the key generation rule to determine the key from the target string; use the key and the decryption algorithm corresponding to the target encryption algorithm Decrypt the data ciphertext to obtain the target data; process the target data to obtain the processing result; use the target encryption algorithm and the key encryption processing result to obtain the resultant ciphertext, and send the resultant ciphertext to the end without a negotiation center.
在一种具体实施方式中,还包括:In a specific embodiment, it also includes:
随机性保障模块,用于若再次接收到未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被设有协商中心的一端使用、安全优先级最高、且与目标加密算法不同的加密算法。The randomness guarantee module is used to select, from the set of encryption algorithms included in the current negotiation message, the end that can be used by the end with the negotiation center, the highest security priority, and the and an encryption algorithm that is different from the target encryption algorithm.
在一种具体实施方式中,还包括:In a specific embodiment, it also includes:
密钥更改模块,用于利用密钥和目标加密算法加密新字符串得到字符串密文,发送字符串密文至未设有协商中心的一端,以使未设有协商中心的一端利用密钥和目标加密算法对应的解密算法对字符串密文进行解密,得到新字符串,利用密钥生成规则从新字符串中确定新密钥。The key change module is used to encrypt a new string with the key and the target encryption algorithm to obtain a string ciphertext, and send the string ciphertext to the end without a negotiation center, so that the end without a negotiation center can use the key The decryption algorithm corresponding to the target encryption algorithm decrypts the ciphertext of the string to obtain a new string, and uses the key generation rule to determine the new key from the new string.
其中,关于本实施例中各个模块、单元更加具体的工作过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。For the more specific working process of each module and unit in this embodiment, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.
可见,本实施例提供了一种数据处理装置,该装置基于协商中心使需要进行通信的两端同步了加密算法和密钥生成规则,从而使需要进行通信的两端完成加密算法和加密密钥的同步。其中,设有协商中心的一端在未设有协商中心的一端使用的加密算法集合中选择能够被两端都能用且安全优先级最高的目标加密算法,不仅可完成加密算法的同步,还可使所选加密算法的加密安全优先级维持在较高水平,从而提升二者之间的数据传输安全。同时,设有协商中心的一端随机选择密钥生成规则可以保障加密密钥的随机性,从而提升加密密钥的安全性。可见,二者之间并未传输真正的加密密钥,而仅仅传输了加密算法和密钥生成规则,因此就算第三方窃取了加密算法和密钥生成规则,第三方也不能窃取通信双方之间所传输的原生数据,提升了原生数据在传输过程中的安全性。It can be seen that this embodiment provides a data processing device. Based on the negotiation center, the device synchronizes the encryption algorithm and the key generation rule between the two ends that need to communicate, so that the two ends that need to communicate complete the encryption algorithm and the encryption key. synchronization. Among them, the end with the negotiation center selects the target encryption algorithm that can be used by both ends and has the highest security priority from the set of encryption algorithms used by the end that does not have the negotiation center, which can not only complete the synchronization of encryption algorithms, but also The encryption security priority of the selected encryption algorithm is maintained at a high level, thereby improving the security of data transmission between the two. At the same time, the random selection of the key generation rule at the end with the negotiation center can ensure the randomness of the encryption key, thereby improving the security of the encryption key. It can be seen that the real encryption key is not transmitted between the two, but only the encryption algorithm and key generation rules are transmitted. Therefore, even if the third party steals the encryption algorithm and key generation rules, the third party cannot steal the communication between the two parties. The transmitted native data improves the security of the native data during transmission.
下面对本申请实施例提供的一种数据处理系统进行介绍,下文描述的一种数据处理系统与上文描述的一种数据处理方法及装置可以相互参照。A data processing system provided by an embodiment of the present application is introduced below, and a data processing system described below and a data processing method and apparatus described above can be referred to each other.
参见图4所示,本申请实施例公开了一种数据处理系统,包括:第一端和第二端,第一端或第二端设有协商中心,设有协商中心的一端用于执行上述任一项的方法。其中,设有协商中心的一端具体用于:接收未设有协商中心的一端发送的协商消息;协商消息包括未设有协商中心的一端使用的加密算法集合;在加密算法集合中选择能够被设有协商中心的一端使用且安全优先级最高的目标加密算法;随机选择密钥生成规则,并将目标加密算法和密钥生成规则发送至未设有协商中心的一端,以使未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,并利用目标加密算法和密钥加密目标数据得到数据密文,发送数据密文至设有协商中心的一端。Referring to FIG. 4 , an embodiment of the present application discloses a data processing system, including: a first end and a second end, the first end or the second end is provided with a negotiation center, and the end provided with the negotiation center is used to execute the above any of the methods. The end with the negotiation center is specifically used for: receiving the negotiation message sent by the end without the negotiation center; the negotiation message includes the encryption algorithm set used by the end without the negotiation center; The end with the negotiation center uses the target encryption algorithm with the highest security priority; randomly selects the key generation rules, and sends the target encryption algorithm and key generation rules to the end without the negotiation center, so that there is no negotiation center. The one end uses the key generation rule to determine the key from the target string, and uses the target encryption algorithm and the key to encrypt the target data to obtain the data ciphertext, and sends the data ciphertext to the end with the negotiation center.
在一种具体实施方式中,设有协商中心的一端具体用于:在未设有协商中心的一端发送数据密文至设有协商中心的一端之后,还包括:利用密钥生成规则从目标字符串中确定密钥;利用密钥和目标加密算法对应的解密算法对数据密文进行解密,得到目标数据;处理目标数据得到处理结果;利用目标加密算法和密钥加密处理结果得到结果密文,发送结果密文至未设有协商中心的一端。In a specific embodiment, the end with the negotiation center is specifically used for: after the end without the negotiation center sends the data ciphertext to the end with the negotiation center, it also includes: using the key generation rule to generate the target character from the target character Determine the key in the string; use the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the data ciphertext to obtain the target data; process the target data to obtain the processing result; use the target encryption algorithm and the key encryption processing result to obtain the result ciphertext, Send the resulting ciphertext to the end that does not have a negotiation center.
在一种具体实施方式中,设有协商中心的一端具体用于:若再次接收到未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被设有协商中心的一端使用、安全优先级最高、且与目标加密算法不同的加密算法。In a specific implementation manner, the end with the negotiation center is specifically used for: if the negotiation message sent by the end without the negotiation center is received again, select from the encryption algorithm set included in the current negotiation message that can be set with the negotiation center. One end of the negotiation center uses the encryption algorithm with the highest security priority and different from the target encryption algorithm.
在一种具体实施方式中,设有协商中心的一端具体用于:若所选择的加密算法有多个,则随机选择一个。In a specific implementation manner, the end provided with the negotiation center is specifically used for: if there are multiple selected encryption algorithms, randomly select one.
在一种具体实施方式中,设有协商中心的一端具体用于:利用密钥和目标加密算法加密新字符串得到字符串密文,发送字符串密文至未设有协商中心的一端,以使未设有协商中心的一端利用密钥和目标加密算法对应的解密算法对字符串密文进行解密,得到新字符串,利用密钥生成规则从新字符串中确定新密钥。In a specific embodiment, the end with the negotiation center is specifically used for: encrypting a new string with a key and a target encryption algorithm to obtain a string ciphertext, and sending the string ciphertext to the end without a negotiation center, to The end that does not have a negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain a new string, and use the key generation rule to determine the new key from the new string.
可见,本实施例提供了一种数据处理装置,该系统可使需要进行通信的两端同步加密算法和密钥生成规则,从而使需要进行通信的两端完成加密算法和加密密钥的同步。其中,设有协商中心的一端在未设有协商中心的一端使用的加密算法集合中选择能够被两端都能用且安全优先级最高的目标加密算法,不仅可完成加密算法的同步,还可使所选加密算法的加密安全优先级维持在较高水平,从而提升二者之间的数据传输安全。同时,设有协商中心的一端随机选择密钥生成规则可以保障加密密钥的随机性,从而提升加密密钥的安全性。可见,二者之间并未传输真正的加密密钥,而仅仅传输了加密算法和密钥生成规则,因此就算第三方窃取了加密算法和密钥生成规则,第三方也不能窃取通信双方之间所传输的原生数据,提升了原生数据在传输过程中的安全性。It can be seen that this embodiment provides a data processing device, the system can synchronize encryption algorithms and key generation rules between two ends that need to communicate, so that the two ends that need to communicate can synchronize encryption algorithms and encryption keys. Among them, the end with the negotiation center selects the target encryption algorithm that can be used by both ends and has the highest security priority from the set of encryption algorithms used by the end without the negotiation center, which can not only complete the synchronization of encryption algorithms, but also The encryption security priority of the selected encryption algorithm is maintained at a high level, thereby improving the security of data transmission between the two. At the same time, the random selection of the key generation rule at the end with the negotiation center can ensure the randomness of the encryption key, thereby improving the security of the encryption key. It can be seen that the real encryption key is not transmitted between the two, but only the encryption algorithm and key generation rules are transmitted. Therefore, even if the third party steals the encryption algorithm and key generation rules, the third party cannot steal the communication between the two parties. The transmitted native data improves the security of the native data during transmission.
下面对本申请实施例提供的一种电子设备进行介绍,下文描述的一种电子设备与上文描述的一种数据处理方法及装置可以相互参照。An electronic device provided by an embodiment of the present application is introduced below. An electronic device described below and a data processing method and apparatus described above can be referred to each other.
参见图5所示,本申请实施例公开了一种电子设备,包括:Referring to FIG. 5 , an embodiment of the present application discloses an electronic device, including:
存储器501,用于保存计算机程序;
处理器502,用于执行所述计算机程序,以实现上述任意实施例公开的方法。The
在本实施例中,所述处理器执行所述存储器中保存的计算机程序时,可以具体实现以下步骤:接收未设有协商中心的一端发送的协商消息;协商消息包括未设有协商中心的一端使用的加密算法集合;在加密算法集合中选择能够被设有协商中心的一端使用且安全优先级最高的目标加密算法;随机选择密钥生成规则,并将目标加密算法和密钥生成规则发送至未设有协商中心的一端,以使未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,并利用目标加密算法和密钥加密目标数据得到数据密文,发送数据密文至设有协商中心的一端。In this embodiment, when the processor executes the computer program stored in the memory, the following steps may be specifically implemented: receiving a negotiation message sent by the end without a negotiation center; the negotiation message includes the end without a negotiation center. The set of encryption algorithms used; select the target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority from the set of encryption algorithms; randomly select the key generation rule, and send the target encryption algorithm and key generation rule to The end without a negotiation center enables the end without a negotiation center to determine the key from the target string using the key generation rule, and encrypt the target data with the target encryption algorithm and the key to obtain the data ciphertext, and send the data encrypted. Wenzhi has the end of the consultation center.
在本实施例中,所述处理器执行所述存储器中保存的计算机程序时,可以具体实现以下步骤:利用密钥生成规则从目标字符串中确定密钥;利用密钥和目标加密算法对应的解密算法对数据密文进行解密,得到目标数据;处理目标数据得到处理结果;利用目标加密算法和密钥加密处理结果得到结果密文,发送结果密文至未设有协商中心的一端。In this embodiment, when the processor executes the computer program stored in the memory, the following steps may be specifically implemented: determining the key from the target character string by using the key generation rule; using the key corresponding to the target encryption algorithm The decryption algorithm decrypts the data ciphertext to obtain the target data; processes the target data to obtain the processing result; uses the target encryption algorithm and the key encryption processing result to obtain the resultant ciphertext, and sends the resultant ciphertext to the end without a negotiation center.
在本实施例中,所述处理器执行所述存储器中保存的计算机程序时,可以具体实现以下步骤:若再次接收到未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被设有协商中心的一端使用、安全优先级最高、且与目标加密算法不同的加密算法。In this embodiment, when the processor executes the computer program stored in the memory, the following steps may be specifically implemented: if the negotiation message sent by the end without the negotiation center is received again, the current negotiation message includes the following steps: From the encryption algorithm set, select the encryption algorithm that can be used by the end with the negotiation center, has the highest security priority, and is different from the target encryption algorithm.
在本实施例中,所述处理器执行所述存储器中保存的计算机程序时,可以具体实现以下步骤:若所选择的加密算法有多个,则随机选择一个。In this embodiment, when the processor executes the computer program stored in the memory, the following steps may be specifically implemented: if there are multiple selected encryption algorithms, one is randomly selected.
在本实施例中,所述处理器执行所述存储器中保存的计算机程序时,可以具体实现以下步骤:利用密钥和目标加密算法加密新字符串得到字符串密文,发送字符串密文至未设有协商中心的一端,以使未设有协商中心的一端利用密钥和目标加密算法对应的解密算法对字符串密文进行解密,得到新字符串,利用密钥生成规则从新字符串中确定新密钥。In this embodiment, when the processor executes the computer program stored in the memory, the following steps may be specifically implemented: encrypting a new string with a key and a target encryption algorithm to obtain a string ciphertext, and sending the string ciphertext to The end without a negotiation center, so that the end without a negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain a new string. Determine the new key.
下面对本申请实施例提供的一种可读存储介质进行介绍,下文描述的一种可读存储介质与上文描述的一种数据处理方法、装置及设备可以相互参照。A readable storage medium provided by an embodiment of the present application is introduced below. A readable storage medium described below and a data processing method, apparatus, and device described above can be referred to each other.
一种可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现前述实施例公开的数据处理方法。关于该方法的具体步骤可以参考前述实施例中公开的相应内容,在此不再进行赘述。A readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the data processing methods disclosed in the foregoing embodiments are implemented. For the specific steps of the method, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.
在本实施例中,所述处理器执行的计算机程序,可以具体实现以下步骤:接收未设有协商中心的一端发送的协商消息;协商消息包括未设有协商中心的一端使用的加密算法集合;在加密算法集合中选择能够被设有协商中心的一端使用且安全优先级最高的目标加密算法;随机选择密钥生成规则,并将目标加密算法和密钥生成规则发送至未设有协商中心的一端,以使未设有协商中心的一端利用密钥生成规则从目标字符串中确定密钥,并利用目标加密算法和密钥加密目标数据得到数据密文,发送数据密文至设有协商中心的一端。In this embodiment, the computer program executed by the processor may specifically implement the following steps: receiving a negotiation message sent by the end without a negotiation center; the negotiation message includes an encryption algorithm set used by the end without a negotiation center; Select the target encryption algorithm that can be used by the end with the negotiation center and has the highest security priority from the encryption algorithm set; randomly select the key generation rule, and send the target encryption algorithm and key generation rule to the end without the negotiation center. One end, so that the end without the negotiation center uses the key generation rule to determine the key from the target string, and uses the target encryption algorithm and the key to encrypt the target data to obtain the data ciphertext, and sends the data ciphertext to the negotiation center. one end.
在本实施例中,所述处理器执行的计算机程序,可以具体实现以下步骤:利用密钥生成规则从目标字符串中确定密钥;利用密钥和目标加密算法对应的解密算法对数据密文进行解密,得到目标数据;处理目标数据得到处理结果;利用目标加密算法和密钥加密处理结果得到结果密文,发送结果密文至未设有协商中心的一端。In this embodiment, the computer program executed by the processor may specifically implement the following steps: determining the key from the target character string by using the key generation rule; Decrypt to obtain the target data; process the target data to obtain the processing result; use the target encryption algorithm and the key to encrypt the processing result to obtain the resulting ciphertext, and send the resulting ciphertext to the end that does not have a negotiation center.
在本实施例中,所述处理器执行的计算机程序,可以具体实现以下步骤:若再次接收到未设有协商中心的一端发送的协商消息,则在当前协商消息包括的加密算法集合中选择能够被设有协商中心的一端使用、安全优先级最高、且与目标加密算法不同的加密算法。In this embodiment, the computer program executed by the processor may specifically implement the following steps: if the negotiation message sent by the end that does not have a negotiation center is received again, select a set of encryption algorithms that can be included in the current negotiation message. An encryption algorithm that is used by the side with the negotiation center, has the highest security priority, and is different from the target encryption algorithm.
在本实施例中,所述处理器执行的计算机程序,可以具体实现以下步骤:若所选择的加密算法有多个,则随机选择一个。In this embodiment, the computer program executed by the processor may specifically implement the following steps: if there are multiple selected encryption algorithms, randomly select one.
在本实施例中,所述处理器执行的计算机程序,可以具体实现以下步骤:利用密钥和目标加密算法加密新字符串得到字符串密文,发送字符串密文至未设有协商中心的一端,以使未设有协商中心的一端利用密钥和目标加密算法对应的解密算法对字符串密文进行解密,得到新字符串,利用密钥生成规则从新字符串中确定新密钥。In this embodiment, the computer program executed by the processor may specifically implement the following steps: encrypting a new string with a key and a target encryption algorithm to obtain a string ciphertext, and sending the string ciphertext to a non-negotiating center One end, so that the end without the negotiation center uses the key and the decryption algorithm corresponding to the target encryption algorithm to decrypt the ciphertext of the string to obtain a new string, and use the key generation rule to determine the new key from the new string.
本申请涉及的“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法或设备固有的其它步骤或单元。References in this application to "first", "second", "third", "fourth", etc. (if any) are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that data so used can be interchanged under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion, for example, a process, method or apparatus comprising a series of steps or elements is not necessarily limited to those steps or elements expressly listed , but may include other steps or elements not expressly listed or inherent to these processes, methods or apparatus.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions involving "first", "second", etc. in this application are only for the purpose of description, and should not be construed as indicating or implying their relative importance or implying the number of indicated technical features . Thus, a feature delimited with "first", "second" may expressly or implicitly include at least one of that feature. In addition, the technical solutions between the various embodiments can be combined with each other, but must be based on the realization by those of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be realized, it should be considered that the combination of such technical solutions does not exist. , is not within the scope of protection claimed in this application.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments may be referred to each other.
结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的可读存储介质中。The steps of a method or algorithm described in conjunction with the embodiments disclosed herein may be directly implemented in hardware, a software module executed by a processor, or a combination of the two. A software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other in the technical field. in any other form of readable storage medium that is well known.
本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The principles and implementations of the present application are described herein by using specific examples. The descriptions of the above embodiments are only used to help understand the methods and core ideas of the present application. There will be changes in the specific implementation and application scope. To sum up, the content of this specification should not be construed as a limitation to the application.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210612214.9A CN115022027B (en) | 2022-05-31 | 2022-05-31 | A data processing method, device, system, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210612214.9A CN115022027B (en) | 2022-05-31 | 2022-05-31 | A data processing method, device, system, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115022027A true CN115022027A (en) | 2022-09-06 |
| CN115022027B CN115022027B (en) | 2024-03-29 |
Family
ID=83070146
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210612214.9A Active CN115022027B (en) | 2022-05-31 | 2022-05-31 | A data processing method, device, system, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115022027B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115776373A (en) * | 2022-11-23 | 2023-03-10 | 北京天融信网络安全技术有限公司 | Encrypted communication method, system, electronic device, and computer-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994112A (en) * | 2015-07-23 | 2015-10-21 | 陈昊 | Method for encrypting communication data chain between unmanned aerial vehicle and ground station |
| CN106453380A (en) * | 2016-10-28 | 2017-02-22 | 美的智慧家居科技有限公司 | Secret key negotiation method and apparatus |
| CN113422758A (en) * | 2021-06-08 | 2021-09-21 | 深圳市欢太数字科技有限公司 | Data encryption method and device, Internet of things system, electronic equipment and storage medium |
-
2022
- 2022-05-31 CN CN202210612214.9A patent/CN115022027B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994112A (en) * | 2015-07-23 | 2015-10-21 | 陈昊 | Method for encrypting communication data chain between unmanned aerial vehicle and ground station |
| CN106453380A (en) * | 2016-10-28 | 2017-02-22 | 美的智慧家居科技有限公司 | Secret key negotiation method and apparatus |
| CN113422758A (en) * | 2021-06-08 | 2021-09-21 | 深圳市欢太数字科技有限公司 | Data encryption method and device, Internet of things system, electronic equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115776373A (en) * | 2022-11-23 | 2023-03-10 | 北京天融信网络安全技术有限公司 | Encrypted communication method, system, electronic device, and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115022027B (en) | 2024-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| JP3657396B2 (en) | Key management system, key management apparatus, information encryption apparatus, information decryption apparatus, and storage medium storing program | |
| US6125185A (en) | System and method for encryption key generation | |
| EP2491672B1 (en) | Low-latency peer session establishment | |
| CN107086915B (en) | Data transmission method, data sending end and data receiving end | |
| JP2021022945A (en) | Data security using request-supplied keys | |
| US9118645B2 (en) | Distributed authentication using persistent stateless credentials | |
| US20140355757A1 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
| TW202127830A (en) | Secure Multiparty loss resistant Storage and Transfer of Cryptographic Keys for blockchain based systems in conjunction with a wallet management system | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| US12225106B2 (en) | File sharing method and system, electronic device and readable storage medium | |
| CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
| US20080306875A1 (en) | Method and system for secure network connection | |
| US9641328B1 (en) | Generation of public-private key pairs | |
| JP2004336794A (en) | Method and apparatus for generation of public key based on user-defined id in cryptosystem | |
| CN115567263A (en) | Data transmission management method, data processing method and device | |
| CN115269938A (en) | Keyword track hiding query method and system based on homomorphic encryption and related device | |
| CN114443718A (en) | A data query method and system | |
| CN110690967B (en) | Instant communication key establishment method independent of server security | |
| US11451518B2 (en) | Communication device, server device, concealed communication system, methods for the same, and program | |
| CN114499836B (en) | Key management method, device, computer equipment and readable storage medium | |
| CN115022027B (en) | A data processing method, device, system, equipment and readable storage medium | |
| CN109274659B (en) | Certificateless online/offline searchable ciphertext method | |
| US10050943B2 (en) | Widely distributed parameterization | |
| CN115955306B (en) | Data encryption transmission method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd. Country or region after: China Address before: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Country or region before: China |