Data encryption transmission method, terminal device and server

By dynamically generating and exchanging public and private key pairs between the client and the server, the problems of password leakage and high computational complexity in traditional RSA encrypted transmission are solved, thereby improving the security and efficiency of data transmission and ensuring the reliability of user authentication.

CN122247640APending Publication Date: 2026-06-19SICHUAN LVYUANJI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SICHUAN LVYUANJI TECH CO LTD
Filing Date
2024-12-17
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Traditional RSA encrypted transmission method directly transmits username and password when the client initiates a login request for the first time, which poses a risk of password information leakage. In addition, the high computational complexity of the RSA algorithm affects data transmission efficiency and response speed, and it cannot effectively verify user identity and prevent unauthorized user operations.

Method used

Public and private key pairs are dynamically generated and exchanged between the client and the server. During the first login, an empty data request is sent. The server generates and exchanges the first public key and private key. The client generates the second public key and private key to encrypt data transmission and decrypts the login data using the server's first private key to generate a login identifier, ensuring data security and authentication.

Benefits of technology

It improves the security and anti-interception capability of password data during transmission, effectively prevents password data leakage, reduces computing resource consumption, and improves data transmission efficiency and user authentication reliability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247640A_ABST
    Figure CN122247640A_ABST
Patent Text Reader

Abstract

This invention discloses a data encryption transmission method, a terminal device, and a server. The data encryption transmission method includes: initiating a login request to the server, wherein the login data transmitted in the login request is empty data; in response to successful login request transmission, obtaining a first public key from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, sending a second public key and encrypted login data to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; and obtaining a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier. This invention solves the technical problem of how to effectively prevent the leakage of password data during transmission.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information security technology, and more specifically, to a data encryption transmission method, terminal device, and server. Background Technology

[0002] With the rapid development and widespread application of internet technology, data transmission security has become a critical factor affecting the normal operation of network communications, e-commerce, online services, and other businesses. Especially in sensitive operations such as user login and data interaction, the security of password transmission is paramount. Traditional data transmission methods, without encryption, are vulnerable to security threats such as man-in-the-middle attacks and data theft. This can not only lead to the leakage of user privacy but also trigger more serious security problems, such as malicious login and manipulation of accounts.

[0003] Currently, data encryption transmission technology has reached a relatively mature stage. Asymmetric encryption algorithms such as RSA are widely used in data transmission encryption due to their advantages in key management and data security. However, in traditional RSA encrypted transmission, when the client initiates a login request to the server for the first time, it directly transmits the username and password, and then encrypts the password information subsequently. This encryption method has certain vulnerabilities and may lead to the leakage of password information. Furthermore, the encryption and decryption process of the RSA algorithm has high computational complexity. For encryption and decryption operations on large amounts of data, it consumes significant computing resources and time, potentially affecting data transmission efficiency and response speed. Simultaneously, in traditional encrypted transmission, how to effectively verify user identity after data transmission to prevent unauthorized users from using the encrypted data for unauthorized operations is also a problem that needs to be solved.

[0004] There is currently no effective solution to the above problems. Summary of the Invention

[0005] This invention provides a data encryption transmission method, terminal device, and server to at least solve the technical problem of how to effectively prevent the leakage of password data during transmission.

[0006] According to one aspect of the present invention, a data encryption transmission method is provided, comprising: initiating a login request to a server, wherein the login data transmitted in the login request is empty data; in response to successful transmission of the login request, obtaining a first public key from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, sending a second public key and encrypted login data to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; and obtaining a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0007] Optionally, the second public key and the second private key are generated based on an asymmetric encryption algorithm.

[0008] Optionally, obtaining the login identifier from the server includes: obtaining encrypted ciphertext from the server; and decrypting the encrypted ciphertext using a second private key to obtain the login identifier.

[0009] Optionally, the data encryption transmission method further includes: sending an exit request to the server and deleting the first public key and the second private key.

[0010] According to another aspect of the present invention, a data encryption transmission method is also provided, comprising: in response to receiving a login request sent by a client, sending a first public key to the client, wherein the login data transmitted in the login request is empty data, and the first public key corresponds to a first private key; in response to receiving a second public key and login data encrypted based on the first public key from the client, decrypting the encrypted login data using the first private key; determining an authentication result based on the decrypted login data; and in response to the authentication result indicating successful authentication, sending a login identifier to the client.

[0011] Optionally, the first public key and the first private key are generated based on an asymmetric encryption algorithm.

[0012] Optionally, in response to the authentication result indicating successful authentication, a login identifier is sent to the client, including: in response to the authentication result indicating successful authentication, generating an identifier string using a preset algorithm; encrypting the identifier string using a second public key to generate a login identifier and sending the login identifier to the client.

[0013] Optionally, the data encryption transmission method further includes: in response to receiving a logout request sent by the client, marking the login identifier as invalid and deleting the first private key and the second public key.

[0014] According to another aspect of the present invention, a terminal device is also provided, comprising: a memory for storing program instructions; and a processor connected to the memory for executing the program instructions for performing the following functions: initiating a login request to a server, wherein the login data transmitted in the login request is empty data; in response to successful transmission of the login request, obtaining a first public key from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, sending a second public key and encrypted login data to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; and obtaining a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0015] According to another aspect of the present invention, a server is also provided, comprising: a memory for storing program instructions; and a processor connected to the memory, the program instructions being configured to perform the following functions: in response to receiving a login request sent by a client, sending a first public key to the client, wherein the login data transmitted in the login request is empty data, and the first public key corresponds to a first private key; in response to receiving a second public key and login data encrypted based on the first public key from the client, decrypting the encrypted login data using the first private key; determining an authentication result based on the decrypted login data; and in response to the authentication result indicating successful authentication, sending a login identifier to the client.

[0016] According to another aspect of the present invention, a non-volatile storage medium is also provided, the non-volatile storage medium including a stored computer program, wherein the device containing the non-volatile storage medium executes the data encryption transmission method described above by running the computer program.

[0017] According to another aspect of the present invention, a computer program product is also provided, including a computer program that, when executed by a processor, implements the data encryption transmission method described in any of the above embodiments.

[0018] In this embodiment of the invention, a login request is initiated to the server, wherein the login data transmitted in the login request is empty data; in response to the successful transmission of the login request, a first public key is obtained from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, a second public key and encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; a login identifier is obtained from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier. This invention, by dynamically generating and exchanging public-private key pairs between the client and the server, and generating a new encryption key each time a login request is initiated, achieves the purpose of improving the security and anti-interception capability of password data during transmission, thereby effectively preventing the leakage of password data during transmission, and thus solving the technical problem of how to effectively prevent the leakage of password data during transmission. Attached Figure Description

[0019] The accompanying drawings, which are included to provide a further understanding of the invention and form part of this invention, illustrate exemplary embodiments of the invention and are used to explain the invention, but do not constitute an undue limitation of the invention. In the drawings:

[0020] Figure 1 This is a flowchart of a first data encryption transmission method according to one embodiment of the present invention;

[0021] Figure 2This is a flowchart of a second data encryption transmission method according to one embodiment of the present invention;

[0022] Figure 3 This is a flowchart of a third data encryption transmission method according to one embodiment of the present invention. Detailed Implementation

[0023] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0024] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0025] According to an embodiment of the present invention, an embodiment of a data encryption transmission method is provided. The steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Although a logical order is shown in the flowchart, in some cases the steps shown or described may be performed in a different order than that shown here.

[0026] This method embodiment can also be performed in an electronic device, similar control device, or electronic device that includes a memory and a processor. Taking an electronic device as an example, the electronic device may include one or more processors and a memory for storing data. Optionally, the aforementioned electronic device may also include a communication device for communication functions and a display device. Those skilled in the art will understand that the above structural description is merely illustrative and does not limit the structure of the aforementioned electronic device. For example, the electronic device may also include more or fewer components than those described above, or have a different configuration than those described above.

[0027] A processor may include one or more processing units. For example, a processor may include a central processing unit (CPU), a graphics processing unit (GPU), a digital signal processing (DSP) chip, a microcontroller unit (MCU), a field-programmable gate array (FPGA), a neural network processing unit (NPU), a tensor processing unit (TPU), or an artificial intelligence (AI) type processor. Different processing units may be independent components or integrated into one or more processors. In some instances, an electronic device may also include one or more processors.

[0028] The memory can be used to store computer programs, such as the computer program corresponding to the data encryption transmission method in the embodiments of the present invention. The processor implements the aforementioned data encryption transmission method by running the computer program stored in the memory. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, and these remote memories can be connected to the electronic device via a grid. Examples of such grids include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0029] Figure 1 This is a flowchart of a first data encryption transmission method according to one embodiment of the present invention. Figure 1 As shown, the method may include the following steps:

[0030] Step S101: Send a login request to the server, wherein the login data transmitted in the login request is empty data.

[0031] Specifically, when a user attempts to log in, the client does not immediately send the username and password. Instead, it sends a login request with empty data to the server. This "empty data" can be understood as a data packet that does not contain any actual login information. It only contains some basic handshake information, such as non-sensitive information like client type and version information, to inform the server that a login request is about to occur.

[0032] It's important to note that sending a login request with empty data can prevent information leakage during the initial attempt. In traditional login processes, attackers might try to intercept the username and password during the first data transmission. By leaving the login data empty, this sensitive information can be prevented from being intercepted during the initial attempt.

[0033] Upon receiving a login request with empty data, the server will trigger a secure login process and immediately begin preparing the public and private key pairs required for encryption. This establishes a secure channel for subsequent encrypted data transmission, ensuring the security of sensitive information such as usernames and passwords transmitted later.

[0034] Step S102: In response to the successful sending of the login request, obtain the first public key from the server. The first public key is generated by the server and corresponds to the first private key.

[0035] Specifically, when a client sends a login request with empty data to the server, the server parses the request and interprets it as a login initiation signal. At this point, the server does not immediately process any sensitive data. Instead, it activates its internal encryption algorithm mechanism, using an encryption algorithm (such as RSA) to generate a public-private key pair: a first public key and a first private key. This public-private key pair is used for this login and operation, and is unrelated to previous logins or other operations, ensuring the security of the keys.

[0036] Specifically, after generating the first public-private key pair, the server retains the first private key, which must be kept secret and used to decrypt encrypted data sent by the client. Simultaneously, the server sends the first public key to the client through a secure channel. Because the first public key is public, even if it is intercepted by a third party during network transmission, it will not pose a security threat to subsequent login operations, as the interceptor cannot decrypt the data without the corresponding first private key.

[0037] Specifically, after receiving the first public key sent by the server, the client stores it locally for data encryption in subsequent steps.

[0038] In step S103, in response to obtaining the first public key, the second public key and encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to the second private key.

[0039] Specifically, after receiving the first public key sent by the server, the client immediately starts its own encryption algorithm to generate a new public-private key pair, namely the second public key and the second private key. The second public key is used for encryption, while the second private key is stored by the client and used to decrypt the data sent by the server.

[0040] Specifically, the client uses the first public key provided by the server to encrypt the user's login data (such as username and password). After encryption, the login data is converted into ciphertext, and even if it is intercepted by a third party during network transmission, the interceptor will not be able to obtain the original login information due to the lack of the private key required for decryption.

[0041] Specifically, the client sends the encrypted login data along with its self-generated second public key to the server. This second public key will be used in subsequent communications to ensure that the encrypted communication mechanism between the client and the server is established. The data packet sent by the client contains two parts: one is the ciphertext of the login data encrypted with the first public key, and the other is the second public key generated by the client, which is used by the server for encryption operations in subsequent steps.

[0042] It's important to note that the second public-private key pair generated by the client is independent of the server, which increases the security of the entire encrypted communication process. This independent generation and use of keys avoids key sharing and reduces the risk of key cracking.

[0043] Step S104: Obtain a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0044] Specifically, when the server receives the encrypted login data (i.e., the ciphertext of the username and password) and the second public key generated by the client, it uses the previously stored first private key to decrypt the encrypted login data. Only by using the first private key corresponding to the public key used for encryption (i.e., the first public key) can the original plaintext information (i.e., the real username and password) be correctly decrypted.

[0045] Specifically, after successful decryption, the server verifies the decrypted username and password to confirm the user's identity. Once verification is successful, the server generates a unique login token based on the user information, using the MD5 algorithm combined with the current system's timestamp and a random code. This token serves as the user's unique identifier in the system and is used for subsequent request authentication, ensuring that all user operations after login are valid.

[0046] Specifically, after generating the token, the server encrypts it using the second public key sent by the client and sends it to the client in ciphertext. By using the second public key for encryption, only the client holding the corresponding second private key can decrypt the token, ensuring that even if the ciphertext of the token is intercepted during network transmission, it cannot be decrypted and used by any third party.

[0047] Specifically, the client receives the encrypted token, decrypts it using the second private key corresponding to the second public key, and obtains the plaintext token.

[0048] In this embodiment of the invention, a login request is initiated to the server, wherein the login data transmitted in the login request is empty data; in response to the successful transmission of the login request, a first public key is obtained from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, a second public key and encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; a login identifier is obtained from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier. This invention, by dynamically generating and exchanging public-private key pairs between the client and the server, and generating a new encryption key each time a login request is initiated, achieves the purpose of improving the security and anti-interception capability of password data during transmission, thereby effectively preventing the leakage of password data during transmission, and thus solving the technical problem of how to effectively prevent the leakage of password data during transmission.

[0049] Optionally, in step S103, the second public key and the second private key are generated based on an asymmetric encryption algorithm.

[0050] Specifically, asymmetric encryption algorithms are mechanisms that use a pair of keys—a public key and a private key—for encryption and decryption. Unlike symmetric encryption algorithms (which use the same key for both encryption and decryption), the public and private keys in asymmetric encryption algorithms are mathematically related but independent of each other. The public key can be made public, while the private key must be kept strictly confidential.

[0051] For example, the second public key and second private key are generated using the asymmetric encryption algorithm RSA. RSA is a widely used asymmetric encryption algorithm that provides a secure encryption method based on the mathematical problem of large number factorization. The specific implementation of the RSA algorithm includes selecting two large prime numbers p and q, calculating their product n, and then using n and Euler's totient function... Choose a public key e and a private key d such that encryption and decryption operations can be performed inversely.

[0052] After receiving the server's first public key, the client initiates an asymmetric encryption algorithm to generate a second public key and a second private key. The generated second public key is sent to the server for data encryption in subsequent communications; while the second private key is stored by the client and used to decrypt data encrypted by the server using the second public key.

[0053] It should be noted that, due to the nature of asymmetric encryption algorithms, the second private key must be securely stored and protected by the client. Access by any third party will compromise the security of encrypted communication. The client should take appropriate measures, such as password protection and a hardware security module (HSM), to ensure the confidentiality of the second private key.

[0054] Optionally, in step S104, obtaining the login identifier from the server includes: obtaining encrypted ciphertext from the server; and decrypting the encrypted ciphertext using the second private key to obtain the login identifier.

[0055] Specifically, after receiving the encrypted token ciphertext from the server, the client uses the second private key previously stored locally to decrypt the ciphertext. Because the client possesses the second private key corresponding to the second public key used for encryption by the server, it can successfully decrypt the token ciphertext and recover the original token information.

[0056] The decrypted token will be stored locally on the client, in a secure location such as memory, a cookie, or local storage. This token serves as identification after successful user login and will be used in all subsequent requests to verify user status and permissions. In subsequent requests, the client only needs to include the token, eliminating the need to repeatedly send the username and password. This improves both user experience and system security, as reducing the number of times sensitive information is transmitted lowers the risk of data leakage.

[0057] Optionally, the data encryption transmission method further includes: sending an exit request to the server and deleting the first public key and the second private key.

[0058] Specifically, when a user decides to log out, the client sends a logout request to the server. This request can be a simple HTTP GET or POST request, containing the user's identification information in the current session, such as a token, so that the server can identify which user's session needs to be terminated.

[0059] Specifically, while the server is processing the logout request, the client deletes the keys associated with this session. That is, the client deletes the first public key and the second private key stored locally.

[0060] By deleting the first public key and the second private key after a user logs out, it ensures that even if these keys are leaked in some way, attackers cannot use them for communication or data decryption. This effectively prevents security risks associated with long-term key storage, such as keys being stolen and used for future attacks, thereby improving the overall security of the system.

[0061] Figure 2This is a flowchart of a second data encryption transmission method according to one embodiment of the present invention. Figure 2 As shown, the method may include the following steps:

[0062] Step S201: In response to receiving the login request sent by the client, the first public key is sent to the client. The login data transmitted in the login request is empty data, and the first public key corresponds to the first private key.

[0063] Specifically, after receiving a login request from a client, the server generates a public-private key pair using an asymmetric encryption algorithm, namely a first public key and a first private key. For example, the RSA algorithm is used to generate this key pair. The generated first public key is sent to the client for subsequent data encryption, while the first private key is stored by the server and used to decrypt data encrypted by the client using the first public key.

[0064] It's important to note that the login request sent by the client to the server does not contain actual login data. This empty login request is designed to prevent sensitive information from being intercepted before communication is established. When sending the request, the client only indicates its intention to log in, without directly exposing sensitive information.

[0065] In step S202, in response to obtaining the second public key and login data encrypted based on the first public key from the client, the encrypted login data is decrypted using the first private key.

[0066] Specifically, upon receiving the encrypted login data ciphertext and the client's second public key, the server immediately uses its previously held first private key to decrypt the encrypted login data. The first public key is used by the client to encrypt the data, while the first private key is held by the server for decryption. After successful decryption, the server recovers the original login data, namely the user's plaintext username and password.

[0067] Step S203: Determine the authentication result based on the decrypted login data.

[0068] Specifically, after receiving the decrypted username and password, the server will perform user authentication. This authentication includes username verification and password verification. Username verification refers to the server querying the database or user information storage area to check if a user record matching the submitted username exists. Password verification refers to, if a matching username is found, the server comparing the stored password with the submitted password to verify its correctness. It should be noted that, for enhanced security, the actual stored password is an encrypted hash value, not the plaintext password.

[0069] Specifically, the server determines the user's authentication result based on the verification of the login data. If both the username and password match the information stored in the database, the server considers authentication successful and the user granted access. If the username or password does not match, or if the user does not exist in the database, the server considers authentication failed, denies the user access, and returns the corresponding error message or prompts the user to try logging in again.

[0070] Step S204: In response to the authentication result indicating successful authentication, a login identifier is sent to the client.

[0071] Specifically, once a user's authentication is successful, the server generates a unique login identifier, or Token. The Token is a string used to identify the user's login status. It is generated by the server using the MD5 algorithm based on the current time and a random number to ensure its uniqueness. The Token will be used as authentication credentials in subsequent user requests, eliminating the need to re-enter the username and password.

[0072] Optionally, to ensure the security of the token during transmission, the server encrypts the token using a second public key received from the client during the login process, generating an encrypted token ciphertext. The encrypted token ciphertext is then sent to the client over the network as proof of successful user login. The token sending process also requires secure communication, typically using secure protocols such as HTTPS.

[0073] Optionally, in step S201, the first public key and the first private key are generated based on an asymmetric encryption algorithm.

[0074] Specifically, after receiving the client's first login request, the server generates a pair of public and private keys based on an asymmetric encryption algorithm (such as RSA algorithm), namely the first public key and the first private key.

[0075] The first public key generated by the server will be sent to the client. The client can use this public key to encrypt login data without worrying about the security of the data during network transmission. The distribution of the first public key is accomplished through secure network communication, for example using protocols such as HTTPS, to prevent the public key from being leaked or tampered with during transmission.

[0076] The first private key generated by the server is kept secret and is never transmitted over the network to any entity, including the client. It is securely stored by the server and used to decrypt data encrypted by the client using the first public key. The secure storage of the private key is crucial to ensuring secure data decryption; any unauthorized access or disclosure will compromise the system's security.

[0077] Optionally, in step S204, in response to the authentication result indicating successful authentication, a login identifier is sent to the client, including: in response to the authentication result indicating successful authentication, generating an identifier string using a preset algorithm; encrypting the identifier string using a second public key to generate a login identifier and sending the login identifier to the client.

[0078] Specifically, once the server completes user authentication and the authentication result shows that the user information is correct (i.e., the username and password match), the server will determine that the user has successfully logged in and proceed to the next step of generating a login identifier for the user.

[0079] Specifically, the server uses a pre-defined algorithm to generate an identifier string, which is unique to each successfully logged-in user and is typically referred to as a token. The token generation algorithm can be MD5, SHA-256, or a similar secure hash algorithm, combined with specific user information (such as the user's ID, current timestamp, and a randomly generated string) to ensure the generated token is unpredictable and unique. The generated token serves as an identifier of the user's login status and is carried by the client in subsequent requests to prove the user's identity and login status.

[0080] Specifically, to ensure the security of the token during transmission to the client, the server encrypts the identifier string (i.e., the token) using a second public key received from the client. The nature of asymmetric encryption algorithms guarantees that data encrypted with a public key can only be decrypted by the entity holding the paired private key. Even if the token is intercepted during transmission, without the second private key stored on the client, an attacker cannot decrypt the token, thus protecting the confidentiality of the login state.

[0081] After the server completes the encryption process, the generated encrypted token (i.e., login identifier) ​​will be sent to the client. The transmission process typically uses secure network communication protocols (such as HTTPS) to prevent data from being tampered with or leaked during transmission, ensuring that the login identifier can securely reach its destination.

[0082] Optionally, the data encryption transmission method further includes: in response to receiving a logout request sent by the client, marking the login identifier as invalid and deleting the first private key and the second public key.

[0083] Specifically, after receiving a logout request from a client, the server verifies the validity of the token included in the login request. Token validity verification includes checking if the token is within its validity period and if it has been tampered with or reused. If the token is valid, the server confirms it is a legitimate logout request. Once the request is verified as legitimate, the server takes steps to invalidate the token. This process involves deleting the token from the database or cache where valid tokens are stored, or changing its status flag so that it can no longer be used for subsequent requests. If the system uses Redis or a similar data storage technology, the token is removed from Redis or its corresponding data status is updated to ensure that the token is no longer considered a valid login credential.

[0084] To further protect user privacy and system security, the server deletes the first private key and second public key associated with a user after the user successfully logs out. The first private key is used to decrypt encrypted data provided during login, while the second public key is used to encrypt the generated token. Deleting these keys prevents data misuse and potential security vulnerabilities. It should be noted that the first private key and second public key are only associated with the specific user's current login session; therefore, their deletion will not affect other users or the user's subsequent login operations.

[0085] Figure 3 This is a flowchart of a third data encryption transmission method according to one embodiment of the present invention. Figure 3 As shown, the specific steps of a data encryption transmission method are as follows:

[0086] 1. The client sends a login request to the server for the first time (without transmitting the username and password).

[0087] 2. The server uses the RSA algorithm to generate a public key 1 and a private key 1 pair. It keeps the private key 1 secret and sends the public key 1 to the client.

[0088] 3. After receiving public key 1, the client saves public key 1, encrypts the user password, and sends the username and the encrypted user password to the server. Simultaneously, it generates another public key pair, public key 2 and private key 2, keeping private key 2 for itself and sending public key 2 to the server. The second login request transmits the username, the encrypted password, and the public key 2 generated by the client.

[0089] 4. The server uses the reserved private key 1 to decrypt the ciphertext and obtain the real password.

[0090] 5. After confirming that a user can log in, the server generates a token string using the MD5 algorithm based on the current timestamp. Token = MD5(current system timestamp + random code). The token string serves as the user's unique identifier. The server establishes a mapping between the token string and user information, such as the user's user ID, in the Redis database. The web front-end interface adds a token validity check.

[0091] 6. The server receives and saves the public key 2 sent by the client, encrypts the token using the public key 2, and finally returns the encrypted token to the client.

[0092] 7. The client uses its self-generated private key 2 to decrypt the ciphertext of the token, obtaining the real token. The client receives and saves the token, and subsequent operation requests use the token to maintain login status.

[0093] 8. When the client logs out, the server deletes the corresponding token data cached in Redis, and also deletes the user's private key 1 and public key 2. After successful logout, the client deletes the locally stored private key 2 and public key 1.

[0094] Embodiments of the present invention also provide a terminal device, comprising: a memory for storing program instructions; and a processor connected to the memory for executing the program instructions for performing the following functions: initiating a login request to a server, wherein the login data transmitted in the login request is empty data; in response to successful transmission of the login request, obtaining a first public key from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, sending a second public key and encrypted login data to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; and obtaining a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0095] Optionally, the processor in the aforementioned terminal device can be configured to perform program instructions that generate the second public key and the second private key based on an asymmetric encryption algorithm.

[0096] Optionally, the processor in the aforementioned terminal device can be configured to perform the following functions: obtain encrypted ciphertext from the server; decrypt the encrypted ciphertext using a second private key to obtain a login identifier.

[0097] Optionally, the processor in the aforementioned terminal device can be configured to perform program instructions that execute the following functions: send an exit request to the server, and delete the first public key and the second private key.

[0098] Embodiments of the present invention also provide a server, comprising: a memory for storing program instructions; and a processor connected to the memory, the program instructions being configured to perform the following functions: in response to receiving a login request sent by a client, sending a first public key to the client, wherein the login data transmitted in the login request is empty data, and the first public key corresponds to a first private key; in response to receiving a second public key and login data encrypted based on the first public key from the client, decrypting the encrypted login data using the first private key; determining an authentication result based on the decrypted login data; and in response to the authentication result indicating successful authentication, sending a login identifier to the client.

[0099] Optionally, the processor in the aforementioned server can be configured to perform program instructions that generate a first public key and a first private key based on an asymmetric encryption algorithm.

[0100] Optionally, the processor in the aforementioned server can be configured to perform the following program instructions: in response to an authentication result indicating successful authentication, generate an identifier string using a preset algorithm; encrypt the identifier string using a second public key, generate a login identifier, and send the login identifier to the client.

[0101] Optionally, the processor in the aforementioned server can be configured to perform the following program instructions: in response to receiving a logout request from the client, mark the login identifier as invalid and delete the first private key and the second public key.

[0102] Embodiments of the present invention also provide a non-volatile storage medium, which includes a stored computer program, wherein the device containing the non-volatile storage medium executes the data encryption transmission method described in any of the above embodiments by running the computer program.

[0103] Optionally, in this embodiment, the computer program described above may be configured to store a computer program for performing the following steps:

[0104] Step S101: Send a login request to the server, wherein the login data transmitted in the login request is empty data.

[0105] Step S102: In response to the successful sending of the login request, obtain the first public key from the server. The first public key is generated by the server and corresponds to the first private key.

[0106] In step S103, in response to obtaining the first public key, the second public key and encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to the second private key.

[0107] Step S104: Obtain a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0108] Optionally, the computer program described above can be configured to store a computer program for performing the following steps: the second public key and the second private key are generated based on an asymmetric encryption algorithm.

[0109] Optionally, the computer program described above can be configured to store a computer program for performing the following steps: obtaining encrypted ciphertext from the server; decrypting the encrypted ciphertext using a second private key to obtain a login identifier.

[0110] Optionally, the computer program described above may be configured to store a computer program for performing the following steps: sending an exit request to the server and deleting the first public key and the second private key.

[0111] Optionally, in this embodiment, the computer program described above may be configured to store a computer program for performing the following steps:

[0112] Step S201: In response to receiving the login request sent by the client, the first public key is sent to the client. The login data transmitted in the login request is empty data, and the first public key corresponds to the first private key.

[0113] In step S202, in response to obtaining the second public key and login data encrypted based on the first public key from the client, the encrypted login data is decrypted using the first private key.

[0114] Step S203: Determine the authentication result based on the decrypted login data.

[0115] Step S204: In response to the authentication result indicating successful authentication, a login identifier is sent to the client.

[0116] Optionally, the computer program described above can be configured to store a computer program for performing the following steps: a first public key and a first private key are generated based on an asymmetric encryption algorithm.

[0117] Optionally, the computer program described above may be configured to store a computer program for performing the following steps: in response to an authentication result indicating successful authentication, generating an identifier string using a preset algorithm; encrypting the identifier string using a second public key, generating a login identifier, and sending the login identifier to the client.

[0118] Optionally, the computer program described above may be configured to store a computer program for performing the following steps: in response to receiving a logout request sent by the client, marking the login identifier as invalid and deleting the first private key and the second public key.

[0119] Embodiments of the present invention also provide a computer program product, including a computer program that, when executed by a processor, implements the data encryption transmission method described in any of the above embodiments.

[0120] Optionally, in this embodiment, the computer program, when executed by the processor, performs the following steps:

[0121] Step S101: Send a login request to the server, wherein the login data transmitted in the login request is empty data.

[0122] Step S102: In response to the successful sending of the login request, obtain the first public key from the server. The first public key is generated by the server and corresponds to the first private key.

[0123] In step S103, in response to obtaining the first public key, the second public key and encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to the second private key.

[0124] Step S104: Obtain a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate a login identifier.

[0125] Optionally, when the above computer program is executed by the processor, it performs the following steps: the second public key and the second private key are generated based on an asymmetric encryption algorithm.

[0126] Optionally, when the above computer program is executed by the processor, it performs the following steps: obtaining encrypted ciphertext from the server; decrypting the encrypted ciphertext using the second private key to obtain the login identifier.

[0127] Optionally, when the above computer program is executed by the processor, it performs the following steps: sending an exit request to the server and deleting the first public key and the second private key.

[0128] Optionally, in this embodiment, the computer program, when executed by the processor, performs the following steps:

[0129] Step S201: In response to receiving the login request sent by the client, the first public key is sent to the client. The login data transmitted in the login request is empty data, and the first public key corresponds to the first private key.

[0130] In step S202, in response to obtaining the second public key and login data encrypted based on the first public key from the client, the encrypted login data is decrypted using the first private key.

[0131] Step S203: Determine the authentication result based on the decrypted login data.

[0132] Step S204: In response to the authentication result indicating successful authentication, a login identifier is sent to the client.

[0133] Optionally, when the above computer program is executed by the processor, it performs the following steps: the first public key and the first private key are generated based on an asymmetric encryption algorithm.

[0134] Optionally, when the above computer program is executed by the processor, it performs the following steps: in response to the authentication result indicating that the authentication is successful, it generates an identifier string using a preset algorithm; it encrypts the identifier string using a second public key, generates a login identifier, and sends the login identifier to the client.

[0135] Optionally, when the above computer program is executed by the processor, it performs the following steps: in response to receiving a logout request sent by the client, it marks the login identifier as invalid and deletes the first private key and the second public key.

[0136] Optionally, specific examples in this embodiment can refer to the examples described in the above embodiments and optional implementations, and will not be repeated here.

[0137] In the above embodiments of the present invention, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0138] In the several embodiments provided by this invention, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units can be a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed can be through some interfaces; the indirect coupling or communication connection of units or modules can be electrical or other forms.

[0139] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0140] Furthermore, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0141] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, read-only memory (ROM), random access memory (RAM), portable hard drives, magnetic disks, or optical disks.

[0142] The above are merely preferred embodiments of the present invention. It should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and these improvements and modifications should also be considered within the scope of protection of the present invention.

Claims

1. A method for encrypted data transmission, characterized in that, include: A login request is sent to the server, wherein the login data transmitted in the login request is empty data; In response to the successful sending of the login request, a first public key is obtained from the server, wherein the first public key is generated by the server and corresponds to a first private key; In response to obtaining the first public key, a second public key and the encrypted login data are sent to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; The login identifier is obtained from the server, wherein the server decrypts the encrypted login data based on the first private key to generate the login identifier.

2. The method according to claim 1, characterized in that, The second public key and the second private key are generated based on an asymmetric encryption algorithm.

3. The method according to claim 1, characterized in that, Obtaining the login identifier from the server includes: Obtain the encrypted ciphertext from the server; The login identifier is obtained by decrypting the encrypted ciphertext using the second private key.

4. The method according to claim 1, characterized in that, Also includes: Send an exit request to the server to delete the first public key and the second private key.

5. A method for encrypted data transmission, characterized in that, include: In response to receiving a login request from a client, a first public key is sent to the client, wherein the login data transmitted in the login request is empty data, and the first public key corresponds to a first private key; In response to obtaining the second public key and login data encrypted based on the first public key from the client, the encrypted login data is decrypted using the first private key; The authentication result is determined based on the decrypted login data; In response to the authentication result indicating successful authentication, a login identifier is sent to the client.

6. The method according to claim 5, characterized in that, The first public key and the first private key are generated based on an asymmetric encryption algorithm.

7. The method according to claim 5, characterized in that, The response to the authentication result indicating successful authentication sends a login identifier to the client, including: In response to the authentication result indicating that the authentication is successful, an identifier string is generated using a preset algorithm; The identifier string is encrypted using the second public key to generate a login identifier, which is then sent to the client.

8. The method according to claim 5, characterized in that, The method further includes: In response to receiving a logout request from the client, the login identifier is marked as invalid and the first private key and the second public key are deleted.

9. A terminal device, characterized in that, include: Memory, used to store program instructions; A processor, connected to the memory, is configured to execute program instructions for the following functions: initiating a login request to a server, wherein the login data transmitted in the login request is empty data; in response to the successful transmission of the login request, obtaining a first public key from the server, wherein the first public key is generated by the server and corresponds to a first private key; in response to obtaining the first public key, sending a second public key and the encrypted login data to the server, wherein the login data is encrypted based on the first public key and the second public key corresponds to a second private key; and obtaining a login identifier from the server, wherein the server decrypts the encrypted login data based on the first private key to generate the login identifier.

10. A server, characterized in that, include: Memory, used to store program instructions; A processor, connected to the memory, is configured to execute program instructions for the following functions: in response to receiving a login request from a client, sending a first public key to the client, wherein the login data transmitted in the login request is empty data, and the first public key corresponds to a first private key; in response to receiving a second public key and login data encrypted based on the first public key from the client, decrypting the encrypted login data using the first private key; determining an authentication result based on the decrypted login data; and in response to the authentication result indicating successful verification, sending a login identifier to the client.

11. A non-volatile storage medium, characterized in that, The non-volatile storage medium includes a stored computer program, wherein the device containing the non-volatile storage medium executes the method according to any one of claims 1 to 8 by running the computer program.

12. A computer program product, characterized in that, Includes a computer program that, when executed by a processor, implements the method according to any one of claims 1 to 8.