CN113315844A

CN113315844A - File encryption transmission method, device, equipment and computer readable storage medium

Info

Publication number: CN113315844A
Application number: CN202110670390.3A
Authority: CN
Inventors: 高晓鹏; 孙志斌; 冉丁; 王勇; 王天航
Original assignee: Agricultural Bank of China
Current assignee: Agricultural Bank of China
Priority date: 2021-06-17
Filing date: 2021-06-17
Publication date: 2021-08-27

Abstract

According to the file encryption transmission method, the file encryption transmission device, the file encryption transmission equipment and the computer readable storage medium, transmission configuration information sent by a server is obtained, the transmission configuration information comprises an encryption algorithm, a file segmentation number and an occupation number of encrypted file blocks, an original text is segmented based on the file segmentation number, the partially segmented file blocks are encrypted based on the occupation number of the encrypted file blocks, and a transmission file with a plurality of encrypted file blocks and residual unencrypted file blocks is sent to the server, so that the server decrypts the encrypted file blocks according to the transmission file and an obtained client public key.

Description

File encryption transmission method, device, equipment and computer readable storage medium

Technical Field

The present invention relates to file transmission technologies, and in particular, to a file encryption transmission method, device, apparatus, and computer readable storage medium.

Background

In the file transmission process of the current network environment, the risk of intercepting and capturing data packets and revealing transmission information exists, so that under the normal condition, important files are firstly integrally encrypted before being sent and then transmitted, and a receiver receives the files and then decrypts the files for use. However, the existing File encryption transmission mode generally guarantees the security of data transmission in the network, and when a Secure File Transfer Protocol (SFTP) is used to transmit a File, the File is encrypted and transmitted no matter the size of the File, which greatly affects the transmission efficiency when the File becomes large, and causes the problems of high system resource consumption and long encryption and decryption time.

Disclosure of Invention

The invention provides a file encryption transmission method, a file encryption transmission device, file encryption transmission equipment and a computer readable storage medium, which are used for solving the problems of high system resource consumption, long encryption and decryption time and low transmission efficiency caused by the fact that the whole file needs to be encrypted and decrypted when the file is encrypted and transmitted in the prior art.

In one aspect, the present invention provides a file encryption transmission method applied to a client, including:

acquiring transmission configuration information sent by a server, wherein the transmission configuration information comprises an encryption algorithm, a file division number and a proportion number of encrypted file blocks;

segmenting an original file according to the file segmentation number to generate a plurality of file blocks, wherein the original file is a file which is not encrypted;

determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks, and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks;

and sending a transmission file to the server so that the server decrypts the encrypted file blocks according to the transmission file and the acquired client public key and then sends file transmission completion information to the client, wherein the transmission file is a file combined by the encrypted file blocks and the rest unencrypted file blocks.

Optionally, the encryption algorithm comprises an asymmetric encryption algorithm and a symmetric encryption algorithm;

before the segmenting the original file according to the file segmentation number to generate a plurality of file blocks, the method further includes:

initiating a client file transmission task to the server based on the transmission configuration information, wherein the client file transmission task is a task of sending a file to the server by the client;

and generating a file transmission key according to the file name information and the system time corresponding to the original file by the symmetric encryption algorithm.

Optionally, the transmission configuration information includes a server public key;

before initiating a client file transfer task to the server based on the transfer configuration information, the method further includes:

and generating a client public key and a client private key according to the asymmetric encryption algorithm and the server public key, and sending the client public key to the server.

Optionally, the determining, according to the percentage of the encrypted file blocks, a plurality of file blocks to be encrypted from the plurality of file blocks, and encrypting the plurality of file blocks to be encrypted by using the encryption algorithm to generate a plurality of encrypted file blocks includes:

determining n file blocks to be encrypted from m file blocks according to the percentage of the encrypted file blocks, and randomly generating non-repeated number numbers within n m as the serial numbers of the file blocks to be encrypted, wherein m represents the file division number, n represents the number of the file blocks to be encrypted, p represents the percentage of the encrypted file blocks, and n represents the number obtained by rounding after m x p;

and encrypting the n file blocks to be encrypted through the symmetric encryption algorithm and the file transmission key according to the serial numbers of the file blocks to be encrypted to generate n encrypted file blocks, wherein the serial numbers of the file blocks to be encrypted are the same as the serial numbers of the encrypted file blocks.

Optionally, the sending the transmission file to the server, so that the server decrypts the plurality of encrypted file blocks according to the transmission file and the obtained client public key, and then sends file transmission completion information to the client, includes:

encrypting the file transmission key by using the server public key to generate an encrypted file transmission key;

the serial numbers of the n encrypted file blocks form a first character string, and the first character string is encrypted by the server public key through an asymmetric encryption algorithm to generate a second character string;

and sending the transmission file, the encrypted file transmission key and the second character string to the server so that the server can decrypt the encrypted file blocks according to the transmission file, the client public key, the encrypted file transmission key and the second character string and then send file transmission completion information to the client, wherein the transmission file is a file formed by combining the encrypted file blocks and the rest of unencrypted file blocks.

Optionally, before acquiring the transmission configuration information sent by the server, the method further includes:

and sending a connection request to a server, wherein the connection request comprises the address information of the client, so that the server establishes communication connection with the client through the address information.

On the other hand, the invention provides a file transmission method, which is applied to a server and comprises the following steps:

sending transmission configuration information to a client, wherein the transmission configuration information comprises an encryption algorithm, a file division number and an occupation ratio of encrypted file blocks, so that the client divides an original file according to the file division number to generate a plurality of file blocks, the original file is an unencrypted file, a plurality of file blocks to be encrypted are determined from the file blocks according to the occupation ratio of the encrypted file blocks, and the plurality of file blocks to be encrypted are encrypted through the encryption algorithm to generate a plurality of encrypted file blocks;

acquiring a transmission file sent by the client, wherein the transmission file is a file combined by a plurality of encrypted file blocks and the remaining unencrypted file blocks;

and decrypting the encrypted file blocks according to the transmission file and the acquired client public key, and sending file transmission completion information to the client.

Optionally, after sending the transmission configuration information to the client, the method further includes:

receiving a client file transmission task initiated by the client, wherein the client file transmission task is a task of sending a file to the server by the client;

optionally, the configuration information includes a server public key, and the encryption algorithm includes an asymmetric encryption algorithm and a symmetric encryption algorithm;

before the receiving the client-initiated client file transfer task, further comprising:

and receiving a client public key sent by the client, wherein the client public key is a client public key generated by the client according to the asymmetric encryption algorithm and the server public key.

Optionally, the decrypting the plurality of encrypted file blocks according to the transmission file and the obtained client public key, and sending file transmission completion information to the client includes:

acquiring an encrypted file transmission key and a second character string which are sent by the client, wherein the encrypted file transmission key is generated after the client encrypts a pre-generated file transmission key by using the server public key, and the second character string is generated after the client encrypts the serial numbers of a plurality of encrypted file blocks into a first character string and encrypts the first character string by using the server public key through an asymmetric encryption algorithm;

decrypting the plurality of encrypted file blocks according to the transmission file, the encrypted file transmission key, the second character string and the client public key through a symmetric encryption algorithm to determine an original file corresponding to the transmission file;

and sending file transmission completion information to the client.

Optionally, before sending the transmission configuration information to the client, the method further includes:

receiving a connection request sent by the client, wherein the connection request comprises address information of the client;

completing a connection with the client based on the address information.

In another aspect, the present invention provides a file encryption transmission apparatus, including:

the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring transmission configuration information sent by a server, and the transmission configuration information comprises an encryption algorithm, a file division number and a proportion number of encrypted file blocks;

the segmentation module is used for segmenting an original file according to the file segmentation number to generate a plurality of file blocks, wherein the original file is a file which is not encrypted;

the generating module is used for determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks;

the first sending module is used for sending a transmission file to the server so that the server can send file transmission completion information to the client after decrypting the encrypted file blocks according to the transmission file and the acquired client public key, wherein the transmission file is a file formed by combining the encrypted file blocks and the rest unencrypted file blocks.

the second sending module is used for sending transmission configuration information to a client, wherein the transmission configuration information comprises an encryption algorithm, a file division number and an occupation ratio number of encrypted file blocks, so that the client divides an original file according to the file division number to generate a plurality of file blocks, the original file is an unencrypted file, a plurality of file blocks to be encrypted are determined from the file blocks according to the occupation ratio number of the encrypted file blocks, and the file blocks to be encrypted are encrypted through the encryption algorithm to generate a plurality of encrypted file blocks;

a receiving module, configured to obtain a transmission file sent by the client, where the transmission file is a file in which a plurality of encrypted file blocks and remaining unencrypted file blocks are combined;

the second sending module is further configured to decrypt the plurality of encrypted file blocks according to the transmission file and the acquired client public key, and send file transmission completion information to the client.

In another aspect, the present invention provides a file encryption transmission device, including: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executes the computer-executable instructions stored by the memory, so that the at least one processor executes the file encryption transmission method.

In another aspect, the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the file encryption transmission method is implemented.

In another aspect, the present invention provides a program product comprising a computer program which, when executed by a processor, implements the file encryption transmission method described above.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

Fig. 1 is a schematic diagram of a file encryption transmission system according to an embodiment of the present invention;

fig. 2a is a schematic view of an application scenario of file encryption transmission according to an embodiment of the present invention;

fig. 2b is a schematic view of an application scenario of file encryption transmission according to an embodiment of the present invention;

fig. 3 is a schematic flowchart of a file encryption transmission method according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention;

fig. 5 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention;

fig. 6 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention;

fig. 7 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a file encryption transmission apparatus according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of another file encryption transmission apparatus according to an embodiment of the present invention;

fig. 10 is a block diagram of a client according to an embodiment of the present invention.

With the above figures, certain embodiments of the invention have been illustrated and described in more detail below. The drawings and the description are not intended to limit the scope of the inventive concept in any way, but rather to illustrate it by those skilled in the art with reference to specific embodiments.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

The terms to which the present invention relates will be explained first:

asymmetric encryption algorithm: it refers to encryption and decryption using different keys, and asymmetric encryption algorithm is also called public-private key encryption. For example, data is encrypted using a public key and decrypted only with a corresponding private key, wherein asymmetric encryption algorithms include RSA algorithm, DSA algorithm, etc.,

symmetric encryption algorithm: refers to an encryption algorithm using the same key for encryption and decryption, wherein, the symmetric encryption algorithm comprises DES algorithm, AES algorithm and the like

File Transfer Protocol (FTP): the TCP transmission is connection-oriented transmission, and a three-way handshake process is required before the client establishes connection with the server, so that the previous connection between the client and the server is ensured to be reliable, and reliable guarantee is provided for data transmission.

Secure File Transfer Protocol (SFTP): SFTP can transfer files to provide a secure encryption method, but since this transfer method uses encryption and decryption techniques, the transfer efficiency is much lower than that of ordinary FTP transfer.

File segmentation: which is a way to divide a large file into several files.

Fig. 1 is a schematic structural diagram of a file encryption transmission system according to an embodiment of the present invention, and the file encryption transmission method according to the present invention is applicable to fig. 1. As shown in fig. 1, the file encryption transmission system includes: a client 1 and a server 2. It should be noted that the file encryption transmission System shown in fig. 1 may be applicable to different network formats, for example, may be applicable to network formats such as Global System of Mobile communication (GSM), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Time Division-Synchronous Code Division Multiple Access (TD-SCDMA), Long Term Evolution (Long Term Evolution, LTE), and future 5G. Optionally, the file encryption transmission system may be a system in a scenario of high-Reliable and Low Latency Communications (URLLC) transmission in a 5G file encryption transmission system.

The client may be a wireless terminal or a wired terminal. A wireless terminal may refer to a device that provides voice and/or other traffic data connectivity to a user, a handheld device having wireless connection capability, or other processing device connected to a wireless modem. A wireless terminal, which may be a mobile terminal such as a mobile telephone (or "cellular" telephone) and a computer having a mobile terminal, for example, a portable, pocket, hand-held, computer-included, or vehicle-mounted mobile device, may communicate with one or more core Network devices via a Radio Access Network (RAN), and may exchange language and/or data with the RAN. For another example, the Wireless terminal may also be a Personal Communication Service (PCS) phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), and other devices. A wireless Terminal may also be referred to as a system, a Subscriber Unit (Subscriber Unit), a Subscriber Station (Subscriber Station), a Mobile Station (Mobile), a Remote Station (Remote Station), a Remote Terminal (Remote Terminal), an Access Terminal (Access Terminal), a User Terminal (User Terminal), a User Agent (User Agent), and a User Device or User Equipment (User Equipment), which are not limited herein. Optionally, the client may also be a smart watch, a tablet computer, or the like.

The following introduces an application scenario of file encryption transmission and a workflow of file encryption transmission performed by a client:

fig. 2a is a schematic view of an application scenario of file encryption transmission according to an embodiment of the present invention. As shown in fig. 2a, the process of encrypted transmission of the file involves devices including: a client 1 and a server 2.

In the embodiment of the present invention, as an optional application scenario, the client 1 is configured to send a transmission file to the server, and the server 2 is configured to decrypt the transmission file and send file transmission completion information to the client 1.

Specifically, the client 1 obtains transmission configuration information sent by the server 2, wherein the transmission configuration information comprises an encryption algorithm, a file division number and an occupation number of encrypted file blocks, divides an original text based on the file division number, encrypts the partially divided file blocks based on the occupation number of the encrypted file blocks, sends a transmission file with a plurality of encrypted file blocks and the remaining unencrypted file blocks to the server 2, decrypts the encrypted file blocks according to the transmission file 2 and an obtained client public key, and sends file transmission completion information to the client 1.

Fig. 2b is a schematic view of an application scenario of file encryption transmission according to an embodiment of the present invention. As shown in fig. 2b, the process of encrypted transmission of the file involves devices including: a client 1 and a server 2.

As another optional application scenario, the server 2 is configured to send the transmission file to the client 1, and the client 1 is configured to decrypt the transmission file and send file transmission completion information to the server 2.

Specifically, the server 2 divides the original text based on the file division number of its own transmission configuration information (the transmission configuration information includes an encryption algorithm, a file division number, and a ratio of encrypted file blocks), encrypts the partially divided file blocks based on the ratio of the encrypted file blocks, and sends the transmission file with the plurality of encrypted file blocks and the remaining unencrypted file blocks to the client 1, and the client 1 decrypts the plurality of encrypted file blocks according to the transmission file and the acquired server public key, and sends the file transmission completion information to the server 2.

In the two schemes, the invention reduces the consumption of system resources, shortens the time for encryption and decryption and improves the transmission efficiency by encrypting part of file blocks. The following describes the technical solution of the present invention and how to solve the above technical problems with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.

Fig. 3 is a flowchart illustrating a file encryption transmission method according to an embodiment of the present invention, where the method may be executed by a client. As shown in fig. 3, the method of this embodiment may include:

s101, obtaining transmission configuration information sent by a server, wherein the transmission configuration information comprises an encryption algorithm, a file division number and a ratio number of encrypted file blocks.

In this step, the transmission configuration information is initial setting information of file transmission, wherein the transmission configuration information may include information such as a server public key, in addition to the encryption algorithm, the number of file partitions, and the fraction number of encrypted file blocks. Specifically, the encryption algorithm includes an asymmetric encryption algorithm and a symmetric encryption algorithm. The percentage number of the encrypted file blocks is the ratio of the number of the encrypted file blocks to the number of the file partitions.

In the embodiment of the present invention, a manner of acquiring the transmission configuration information sent by the server may be that a connection request is sent to the server, where the connection request includes address information of the client, so that the server establishes a communication connection with the client through the address information, and acquires the transmission configuration information sent by the server based on the communication connection.

And S102, segmenting the original file according to the file segmentation number to generate a plurality of file blocks.

In this step, the original file is a file that is not encrypted, and the original file of the present invention may include a large file. The number of file divisions is an integer, for example, 98.

In the embodiment of the present invention, for example, the number of file partitions is 98, and the original file is partitioned based on the number of file partitions to generate 98 file blocks.

S103, determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks, and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks.

In the step, the percentage of the encrypted file blocks is the ratio of the number of the encrypted file blocks to the number of the file partitions, and the percentage can be any value between 0 and 100 percent. For example, if the percentage of the encrypted file blocks is 10%, the number of the encrypted file blocks is 10% of the file division number, and the number of the encrypted file blocks is an integer.

In an embodiment of the present invention, the encryption algorithm includes a symmetric encryption algorithm. For example, taking the file division number of 98 and the share number of the encrypted file blocks of 10% as an example, the calculated number of the encrypted file blocks is 10 or 10, and the 10 file blocks to be encrypted are encrypted by a symmetric encryption algorithm to generate 10 encrypted file blocks.

It should be noted that the present invention can set the custom configuration of the percentage of the encrypted file blocks, and can select the appropriate percentage of the encrypted file blocks according to the actual needs, thereby improving the flexibility.

And S104, transmitting the transmission file to the server so that the server decrypts the encrypted file blocks according to the transmission file and the acquired client public key and transmits file transmission completion information to the client.

In this step, the transmission file is a file having a combination of a plurality of the encrypted file blocks and the remaining unencrypted file blocks.

In the embodiment of the present invention, for example, when 10 encrypted file blocks are generated in the above step, a file in which the 10 encrypted file blocks and 88 unencrypted file blocks are combined is used as a transmission file, and the transmission file is sent to the server, so that the server decrypts the plurality of encrypted file blocks according to the transmission file and the acquired client public key, and then sends file transmission completion information to the client.

In the embodiment of the invention, the file is divided into the plurality of file blocks, and the partial file blocks are encrypted, so that the security of the transmitted file can be ensured, and the server only needs to decrypt the encrypted file blocks when correspondingly decrypting because only the partial file blocks are encrypted, thereby reducing the consumption of system resources and the time for decryption, and improving the transmission efficiency. It should be noted that even if a third party intercepts the transmission file, the original file cannot be obtained only from the remaining unencrypted file blocks without the corresponding key, and therefore, the manner of encrypting part of the file blocks is also secure as compared with the manner of encrypting the whole file.

In the embodiment of the file encryption transmission method provided by the invention, transmission configuration information sent by a server is obtained, wherein the transmission configuration information comprises an encryption algorithm, a file division number and an occupation number of encrypted file blocks, an original text is divided based on the file division number, the partially divided file blocks are encrypted based on the occupation number of the encrypted file blocks, and a transmission file with a plurality of encrypted file blocks and residual unencrypted file blocks is sent to the server, so that the server decrypts the encrypted file blocks according to the transmission file and an obtained client public key.

Fig. 4 is a flowchart illustrating a file encryption transmission method according to an embodiment of the present invention, where the method may be executed by a client. As shown in fig. 4, the method of this embodiment may include:

s201, sending a connection request to a server, wherein the connection request comprises address information of the client, so that the server establishes communication connection with the client through the address information.

In the embodiment of the present invention, specifically, the client may send the connection request to the server through a File Transfer Protocol (FTP). By using the FTP protocol, the client is subjected to a three-way handshake process before establishing connection with the server, so that the previous connection between the client and the server is ensured to be reliable, and reliable guarantee is provided for file transmission. The purpose of establishing a communication connection is to facilitate the transmission and reception of transmission files between the client and the server in the subsequent steps.

S202, acquiring transmission configuration information sent by the server, wherein the transmission configuration information comprises an encryption algorithm, a file division number and a ratio number of encrypted file blocks.

In the embodiment of the present invention, the execution process of this step may refer to step S101, which is not described again in the embodiment of the present invention.

S203, generating a client public key and a client private key according to the asymmetric encryption algorithm and the server public key, and sending the client public key to the server.

In this step, the transmission configuration information further includes a server public key, and the encryption algorithm includes an asymmetric encryption algorithm.

In the embodiment of the present invention, the purpose of sending the client public key to the server is that, when the subsequent client encrypts the transmission file key and part of the file blocks using the client private key, and sends the transmission file to the server, the server can decrypt the transmission file based on the client public key sent by the client.

And S204, initiating a client file transmission task to the server based on the transmission configuration information.

In which the client file transfer task is a task in which the client sends a file to the server,

in the embodiment of the present invention, the execution process of step S204 to step S208 is the execution process of the client in the client file transfer task. In another embodiment, the execution process of steps S404 to S408 is the execution process of the client in the client file transfer task.

S205, generating a file transmission key according to the file name information and the system time corresponding to the original file through the symmetric encryption algorithm.

In this step, the encryption algorithm comprises a symmetric encryption algorithm.

In the embodiment of the invention, the file transmission key is used for encrypting the transmission file, and the purpose of generating the file transmission key is to ensure the security of the file to be transmitted in the file transmission task of the client in the transmission process.

It should be noted that, by generating the file transmission key and performing encryption transmission on the file transmission key in each transmission, the file transmission key is only used once in the transmission of the specified file, which increases the difficulty of being decrypted.

S206, segmenting the original file according to the file segmentation number to generate a plurality of file blocks, wherein the original file is an unencrypted file.

In the embodiment of the present invention, the execution process of this step may refer to step S102, which is not described again in the embodiment of the present invention.

S207, determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks, and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks.

In this step, the percentage of the encrypted file blocks is the ratio between the number of the encrypted file blocks and the number of the file partitions. For example, if the percentage of the encrypted file blocks is 10%, the number of the encrypted file blocks is 10% of the file division number, and the number of the encrypted file blocks is an integer.

In the embodiment of the present invention, step S207 may specifically include:

and S2071, determining n file blocks to be encrypted from the m file blocks according to the percentage of the encrypted file blocks, and randomly generating non-repeated number numbers within n m as the serial numbers of the file blocks to be encrypted, wherein m represents the number of file partitions, n represents the number of the file blocks to be encrypted, p represents the percentage of the encrypted file blocks, and n represents a value obtained by rounding after m x p.

In this step, the number of file blocks to be encrypted (n) < the number of file divisions (m).

In the embodiment of the present invention, for example, m is 98, and p is 10%, then the file block n to be encrypted is m p 10, that is, the number of file blocks to be encrypted is 10. Since the sequence number of the file block to be encrypted is a non-repeated number within n m randomly generated, for example, the sequence number of the file block to be encrypted may include {1, 5, 10, 20, 24, 28, 30, 45, 70, 89}, that is, the generated sequence number is within the number of file partitions, and the sequence number of the file block to be encrypted may be understood as that the file block to be encrypted includes a 1 st file block, a 5 th file block, a 10 th file block, a 20 th file block, a 24 th file block, a 28 th file block, a 30 th file block, a 45 th file block, a 70 th file block, and a 89 th file block.

S2072, encrypting the n file blocks to be encrypted through the symmetric encryption algorithm and the file transmission key according to the serial numbers of the file blocks to be encrypted to generate n encrypted file blocks, wherein the serial numbers of the file blocks to be encrypted are the same as the serial numbers of the encrypted file blocks.

In the embodiment of the present invention, the 10 file blocks to be encrypted (the 1 st file block, the 5 th file block, the 10 th file block, the 20 th file block, the 24 th file block, the 28 th file block, the 30 th file block, the 45 th file block, the 70 th file block, and the 89 th file block) are encrypted by using a symmetric encryption algorithm, so as to generate 10 encrypted file blocks. The sequence number of the file block to be encrypted is the same as the sequence number of the encrypted file block, which can be understood as that the encrypted file block includes the 1 st file block, the 5 th file block, the 10 th file block, the 20 th file block, the 24 th file block, the 28 th file block, the 30 th file block, the 45 th file block, the 70 th file block and the 89 th file block.

It should be noted that, the present invention can simultaneously satisfy the requirements of transmission safety and efficiency by adopting the way of file segmentation and random encryption of file blocks.

And S208, transmitting the transmission file to the server so that the server decrypts the encrypted file blocks according to the transmission file and the acquired client public key and transmits file transmission completion information to the client.

In the embodiment of the present invention, step S208 may specifically include:

s2081, encrypting the file transmission key by using the server public key to generate an encrypted file transmission key.

In this embodiment of the present invention, the encryption algorithm used in S2081 includes an asymmetric encryption algorithm. The file transmission key is encrypted, so that the security of the file transmission key can be ensured, and the security of the whole file encryption transmission process is further improved.

S2082, forming the serial numbers of the n encrypted file blocks into a first character string, and encrypting the first character string by adopting the server public key through an asymmetric encryption algorithm to generate a second character string.

In the embodiment of the invention, the first character string is encrypted, so that the safety of the first character string can be ensured, and the safety of the whole file encryption transmission process can be further improved.

S2083, the transmission file, the encrypted file transmission key and the second character string are sent to the server, so that the server can decrypt the encrypted file blocks according to the transmission file, the client public key, the encrypted file transmission key and the second character string and then send file transmission completion information to the client.

In the embodiment of the present invention, after the client sends the transmission file, the encrypted file transmission key, and the second character string to the server, the server first decrypts the encrypted file transmission key and the second character string based on its own server private key to obtain a file transmission key and a first character string, decrypts the plurality of encrypted file blocks according to the client public key, the file transmission key, and the first character string to obtain a plurality of decrypted file blocks, then obtains a plurality of unencrypted file blocks from the transmission file, merges the plurality of unencrypted file blocks and the plurality of decrypted file blocks based on the file division number to obtain an original file, and finally sends file transmission completion information to the client.

In the embodiment of the file encryption transmission method provided by the invention, transmission configuration information sent by a server is obtained, the transmission configuration information comprises an encryption algorithm, a file division number and an occupation number of encrypted file blocks, an original text is divided based on the file division number, partial divided file blocks are encrypted based on the occupation number of the encrypted file blocks, a transmission file with a plurality of encrypted file blocks and residual unencrypted file blocks is sent to the server, so that the server decrypts the encrypted file blocks according to the transmission file and the obtained client public key, the consumption of system resources is reduced by encrypting partial file blocks, the encryption and decryption time length is reduced, the transmission efficiency is improved, in addition, an asymmetric encryption algorithm is adopted in the connection process, the file transmission process adopts a symmetric encryption algorithm, the advantages of the two types of encryption algorithms are fully exerted, and the security of file data and file key transmission is ensured.

Fig. 5 is a flowchart illustrating a file encryption transmission method according to an embodiment of the present invention, where the method may be executed by a server. As shown in fig. 5, the method of this embodiment may include:

s301, receiving a connection request sent by the client, wherein the connection request comprises address information of the client.

S302, completing connection with the client based on the address information.

In the embodiment of the invention, the purpose of establishing the communication connection is to facilitate the transmission and the reception of the transmission file between the client and the server in the subsequent step.

S303, receiving a client file transmission task initiated by the client.

in the embodiment of the present invention, the execution process of step S303 to step S307 is the execution process of the server in the client file transfer task.

S304, receiving a client public key sent by the client, wherein the client public key is generated by the client according to the asymmetric encryption algorithm and the server public key.

In the embodiment of the invention, the public key of the client is received so as to decrypt the transmission file sent by the client subsequently.

S305, sending transmission configuration information to a client, wherein the transmission configuration information comprises an encryption algorithm, a file division number and an occupation ratio of encrypted file blocks, so that the client divides an original file according to the file division number to generate a plurality of file blocks, the original file is an unencrypted file, a plurality of file blocks to be encrypted are determined from the file blocks according to the occupation ratio of the encrypted file blocks, and the file blocks to be encrypted are encrypted through the encryption algorithm to generate a plurality of encrypted file blocks.

In the embodiment of the present invention, the execution process of the client may refer to the above step S206 to step S207.

S306, acquiring the transmission file sent by the client.

In the embodiment of the present invention, a difference from the prior art is that a transmission file obtained by acquiring includes a file in which a plurality of encrypted file blocks and remaining unencrypted file blocks are combined, and the prior transmission file is a file in which an original file is entirely encrypted.

S307, decrypting the encrypted file blocks according to the transmission file and the client public key, and sending file transmission completion information to the client.

In the embodiment of the present invention, step S307 may specifically include:

s3071, obtaining the encrypted file transmission key and the second character string sent by the client.

In this step, the encrypted file transmission key is an encrypted file transmission key generated by the client encrypting the file transmission key using the server public key, and the second character string is a first character string formed by the client combining the serial numbers of a plurality of encrypted file blocks, and is generated by encrypting the first character string using the server public key through an asymmetric encryption algorithm.

S3072, decrypting the encrypted file blocks according to the transmission file, the encrypted file transmission key, the second character string and the client public key through a symmetric encryption algorithm to determine an original file corresponding to the transmission file.

In the embodiment of the invention, the server decrypts the encrypted file transmission key and the second character string based on a server private key of the server to obtain a file transmission key and a first character string, decrypts the encrypted file blocks according to the client public key, the file transmission key and the first character string to obtain a plurality of decrypted file blocks, obtains a plurality of unencrypted file blocks from the transmission file, and combines the unencrypted file blocks and the decrypted file blocks based on the file division number to obtain the original file.

S3073, sending file transmission completion information to the client.

In addition, fig. 6 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention, where the method according to the embodiment may be executed by a client. As shown in fig. 6, the method of the embodiment of the present invention may include:

s401, sending a connection request to a server, wherein the connection request comprises address information of the client, so that the server establishes communication connection with the client through the address information.

In the embodiment of the present invention, the step may be executed in step S201.

S402, initiating a server file transmission task to the server so that the server generates a file transmission key according to file name information and system time corresponding to an original file through the symmetric encryption algorithm; segmenting an original file according to the file segmentation number to generate a plurality of file blocks, wherein the original file is a file which is not encrypted; determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks, and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks; and sending the transmission file to the client.

In which the server file transfer task is a task in which the server sends a file to the client,

it is understood that the difference from the above embodiment is that the execution process of step S204 and step S208 is the execution process of the client in the client file transmission task. In this embodiment, the execution process of steps S402 to S403 is the execution process of the client in the server file transfer task.

And S403, after decrypting the plurality of encrypted file blocks according to the transmission file and the acquired server public key, sending file transmission completion information to the server.

In the embodiment of the present invention, specifically, the client first decrypts the encrypted file transmission key and the second character string based on its own client private key to obtain a file transmission key and a first character string, decrypts the plurality of encrypted file blocks according to the obtained server public key, the file transmission key, and the first character string to obtain a plurality of decrypted file blocks, obtains a plurality of unencrypted file blocks from the transmission file, and merges the plurality of unencrypted file blocks and the plurality of decrypted file blocks based on the file division number to obtain the original file.

The embodiment of the present invention is different from the above-mentioned embodiments in that the client sends the transmission file to the server, and the server performs operations such as file splitting, encryption and decryption, and file merging. In the embodiment, the server sends the transmission file to the client, and the client performs operations such as file splitting, encryption and decryption, file merging and the like.

In addition, fig. 7 is a schematic flowchart of another file encryption transmission method according to an embodiment of the present invention, where the method of this embodiment may be executed by a server. As shown in fig. 7, the method of the embodiment of the present invention may include:

s501, receiving a connection request sent by the client, wherein the connection request comprises address information of the client.

In the embodiment of the present invention, the step may be referred to as step 301.

S502, completing connection with the client based on the address information.

In the embodiment of the present invention, the step can be referred to as the step 302.

S503, obtaining transmission configuration information, wherein the transmission configuration information comprises an encryption algorithm, a file division number and a ratio number of encrypted file blocks.

In the embodiment of the invention, the server acquires the transmission configuration information from the self equipment.

S504, according to the asymmetric encryption algorithm and the obtained client public key, a server public key and a server private key are generated, and the server public key is sent to the client.

In the embodiment of the present invention, the purpose of sending the server public key to the client is that, when the subsequent server encrypts the transmission file key and a part of the file blocks using the server private key and sends the transmission file to the server, the server can decrypt the transmission file based on the server public key sent by the client.

And S505, receiving a server file transmission task initiated by the client.

the execution process of step S303-step 307 is the execution process of the client in the client file transfer task. In this embodiment, the execution process of step S505 to step S509 is the execution process of the server in the server file transmission task.

S506, generating a file transmission key according to the file name information and the system time corresponding to the original file through the symmetric encryption algorithm.

In the embodiment of the present invention, the step is executed in step S205.

And S507, segmenting the original file according to the file segmentation number to generate a plurality of file blocks, wherein the original file is a file which is not encrypted.

In the embodiment of the present invention, the step is executed in step S206.

S508, according to the percentage of the encrypted file blocks, determining a plurality of file blocks to be encrypted from the plurality of file blocks, and encrypting the plurality of file blocks to be encrypted through the encryption algorithm to generate a plurality of encrypted file blocks.

In the embodiment of the present invention, the step may be executed in step S207.

And S509, transmitting the transmission file to the client so that the client decrypts the encrypted file blocks according to the transmission file and the acquired server public key and transmits file transmission completion information to the server.

In the embodiment of the present invention, the step may be executed in step S208.

The difference between the embodiment of the present invention and the above embodiment in step S204 and step S208 is that the above embodiment is that the client sends the transmission file to the server, and the server performs operations such as file splitting, encryption and decryption, and file merging. In the embodiment, the server sends the transmission file to the client, and the client performs operations such as file splitting, encryption and decryption, file merging and the like.

Fig. 8 is a schematic structural diagram of a file encryption transmission apparatus according to an embodiment of the present invention, and as shown in fig. 7, the file encryption transmission apparatus 1 includes:

the acquisition module 11 is configured to acquire transmission configuration information sent by a server, where the transmission configuration information includes an encryption algorithm, a file division number, and a percentage of encrypted file blocks;

a dividing module 12, configured to divide an original file according to the file division number to generate a plurality of file blocks, where the original file is an unencrypted file;

a generating module 13, configured to determine a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks, and encrypt the plurality of file blocks to be encrypted by using the encryption algorithm to generate a plurality of encrypted file blocks;

the first sending module 14 is configured to send a transmission file to the server, so that the server decrypts the plurality of encrypted file blocks according to the transmission file and the acquired client public key, and sends file transmission completion information to the client, where the transmission file is a file in which the plurality of encrypted file blocks and the remaining unencrypted file blocks are combined.

In the embodiment of the invention, the encryption algorithm comprises an asymmetric encryption algorithm and a symmetric encryption algorithm; the first sending module 14 of the apparatus is further configured to initiate a client file transfer task to the server based on the transfer configuration information, where the client file transfer task is a task for the client to send a file to the server;

the generating module 13 is further configured to generate a file transmission key according to the file name information and the system time corresponding to the original file through the symmetric encryption algorithm.

In the embodiment of the present invention, the transmission configuration information includes a server public key; the generating module 13 of the apparatus is further configured to generate a client public key and a client private key according to the asymmetric cryptographic algorithm and the server public key, and send the client public key to the server.

In the embodiment of the present invention, the generating module 13 of the apparatus is specifically configured to determine n file blocks to be encrypted from m file blocks according to the fraction of the encrypted file blocks, and randomly generate n numbers of non-repeated numbers within m as the serial numbers of the file blocks to be encrypted, where m represents the number of file partitions, n represents the number of the file blocks to be encrypted, p represents the fraction of the encrypted file blocks, and n represents a value obtained by rounding up m × p;

In this embodiment of the present invention, the first sending module 14 of the apparatus is specifically configured to encrypt the file transmission key by using the server public key, so as to generate an encrypted file transmission key; the serial numbers of the n encrypted file blocks form a first character string, and the first character string is encrypted by the server public key through an asymmetric encryption algorithm to generate a second character string; and sending the transmission file, the encrypted file transmission key and the second character string to the server so that the server can decrypt the encrypted file blocks according to the transmission file, the client public key, the encrypted file transmission key and the second character string and then send file transmission completion information to the client, wherein the transmission file is a file formed by combining the encrypted file blocks and the rest of unencrypted file blocks.

In this embodiment of the present invention, the first sending module 14 of the apparatus is further configured to send a connection request to a server, where the connection request includes address information of the client, so that the server establishes a communication connection with the client through the address information.

Fig. 9 is a schematic structural diagram of another file encryption transmission apparatus according to an embodiment of the present invention, and as shown in fig. 8, the file encryption transmission apparatus 2 includes:

a second sending module 21, configured to send transmission configuration information to a client, where the transmission configuration information includes an encryption algorithm, a file division number, and an occupation ratio of encrypted file blocks, so that the client divides an original file according to the file division number to generate a plurality of file blocks, where the original file is an unencrypted file, determines a plurality of file blocks to be encrypted from the file blocks according to the occupation ratio of the encrypted file blocks, and encrypts the file blocks to be encrypted by using the encryption algorithm to generate a plurality of encrypted file blocks;

a receiving module 22, configured to obtain a transmission file sent by the client, where the transmission file is a file in which a plurality of encrypted file blocks and remaining unencrypted file blocks are combined;

the second sending module 21 is further configured to decrypt the plurality of encrypted file blocks according to the transmission file and the obtained client public key, and send file transmission completion information to the client.

In this embodiment of the present invention, the receiving module 22 of the apparatus is further configured to receive a client file transfer task initiated by the client, where the client file transfer task is a task for the client to send a file to the server.

In the embodiment of the invention, the configuration information comprises a server public key, and the encryption algorithm comprises an asymmetric encryption algorithm and a symmetric encryption algorithm; the receiving module 22 of the apparatus is further configured to receive a client public key sent by the client, where the client public key is a client public key generated by the client according to the asymmetric encryption algorithm and the server public key.

In this embodiment of the present invention, the second sending module 21 of the apparatus is specifically configured to obtain an encrypted file transmission key and a second character string that are sent by the client, where the encrypted file transmission key is an encrypted file transmission key that is generated by the client encrypting a pre-generated file transmission key using the server public key, and the second character string is a second character string that is generated by the client combining serial numbers of a plurality of encrypted file blocks into a first character string and encrypting the first character string using the server public key through an asymmetric encryption algorithm; decrypting the plurality of encrypted file blocks according to the transmission file, the encrypted file transmission key, the second character string and the client public key through a symmetric encryption algorithm to determine an original file corresponding to the transmission file; and sending file transmission completion information to the client.

In this embodiment of the present invention, the receiving module 22 of the apparatus is further configured to receive a connection request sent by the client, where the connection request includes address information of the client; completing a connection with the client based on the address information.

Fig. 10 is a block diagram of a client according to an embodiment of the present invention, and the apparatus 800 of the apparatus may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed status of the device 800, the relative positioning of components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in the position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, the orientation or acceleration/deceleration of the device 800, and a change in the temperature of the device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

The embodiment of the invention also provides a computer-readable storage medium, wherein a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, the file encryption transmission method of the embodiment of the method is realized. Such as the memory 804 including instructions executable by the processor 820 of the device 800 to perform the methods described above. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

A non-transitory computer readable storage medium, in which instructions, when executed by a processor of a client, enable the client to perform a file encryption transmission method of the client.

An embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the robot positioning method as described above is implemented.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims

1. A file encryption transmission method is applied to a client and comprises the following steps:

2. The method of claim 1, wherein the encryption algorithm comprises an asymmetric encryption algorithm and a symmetric encryption algorithm;

3. The method of claim 2, wherein the transmission configuration information comprises a server public key;

4. The method according to claim 3, wherein the determining a plurality of file blocks to be encrypted from the plurality of file blocks according to the percentage of the encrypted file blocks and encrypting the plurality of file blocks to be encrypted by the encryption algorithm to generate a plurality of encrypted file blocks comprises:

5. The method according to claim 4, wherein the sending the transmission file to the server, so that the server sends file transmission completion information to the client after decrypting the plurality of encrypted file blocks according to the transmission file and the obtained client public key, comprises:

6. The method of claim 1, further comprising, before obtaining the transmission configuration information sent by the server:

7. A file encryption transmission method is applied to a server and comprises the following steps:

8. The method of claim 7, further comprising, after sending the transport configuration information to the client:

and receiving a client file transmission task initiated by the client, wherein the client file transmission task is a task of sending a file to the server by the client.

9. The method of claim 8, wherein the configuration information comprises a server public key, and wherein the encryption algorithm comprises an asymmetric encryption algorithm and a symmetric encryption algorithm;

10. The method of claim 9, wherein decrypting the plurality of encrypted file blocks according to the transmission file and the obtained client public key and sending file transmission completion information to the client comprises:

and sending file transmission completion information to the client.

11. The method of claim 7, prior to sending the transport configuration information to the client, further comprising:

completing a connection with the client based on the address information.

12. A file encryption transmission apparatus, comprising:

13. A file encryption transmission apparatus, comprising:

14. A file encryption transmission apparatus, characterized by comprising: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the file encryption transmission method of any one of claims 1 to 11.

15. A computer-readable storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement the file encryption transmission method according to any one of claims 1 to 11.

16. A program product comprising a computer program which, when executed by a processor, implements the file encryption transmission method according to any one of claims 1 to 11.