CN-122001635-A - Message sender privacy protection and authentication sending method and related equipment

Abstract

The application relates to the technical field of data security, in particular to a message sender privacy protection and authentication sending method and related equipment, wherein the method comprises the steps that a message sender obtains a plaintext message; obtaining a plaintext encryption key corresponding to a plaintext message, encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext, generating encrypted data based on the encrypted ciphertext, sending the encrypted data to a message receiver, decrypting and restoring the encrypted data by the message receiver and judging whether decryption is successful or not, generating alarm information if decryption is failed, and ending the current flow if decryption is successful. The application is helpful for solving the technical pain points of easy exposure of identity information, low authentication efficiency and weak anti-attack capability in the traditional message sending mode.

Inventors

• LIN LUBING
• ZHONG YANTAO
• LIN TING
• XIAO YANG

Assignees

• 深圳市博通智能技术有限公司

Dates

Publication Date

20260508

Application Date

20260123

Claims (10)

1. 1. An internet message sender privacy protection and authentication transmission method, comprising: The message sender acquires a plaintext message; Acquiring a plaintext encryption key corresponding to the plaintext message; encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext; Generating encrypted data based on the encrypted ciphertext; Transmitting the encrypted data to a message receiver; the message receiver decrypts and restores the encrypted data and judges whether decryption is successful or not; If decryption fails, generating alarm information; if the decryption is successful, the current flow is ended.
2. 2. The internet message sender privacy protection and authentication transmission method according to claim 1, wherein encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext comprises: Acquiring a first target value, and taking the first target value as an initial vector of a block encryption algorithm; Acquiring a receiving identity corresponding to a message receiver; generating a first data structure based on the received identity and a preset rule; Encrypting the plaintext message based on the encryption key, a first data structure, and an initial vector, generating an encrypted ciphertext, the encrypted ciphertext satisfying the following algorithm: C 1 =Hash(mkey,IDLB,Message),C 2 =Enc mkey (nonce,Message) The method comprises the steps of performing Hash, wherein Hash refers to a cryptographic Hash function, enc mkey (Message) refers to block encryption on Message by using mkey as an encryption key and using nonce as an IV, an encrypted ciphertext comprises a first encrypted ciphertext C 1 and a second encrypted ciphertext C 2 , mkey as encryption keys, IDLB is a first data structure, message is a plaintext Message, nonce is a first target value, and IV is an initial vector.
3. 3. The internet message sender privacy protection and authentication transmission method according to claim 1, wherein the generating the encrypted data based on the encrypted ciphertext comprises: acquiring a second target value; generating a temporary key based on the second target value and a preset modular exponentiation operation; Generating a target encryption result for the message receiver; And generating encrypted data based on the encrypted ciphertext, the temporary key, a first random value, and the encryption result.
4. 4. The internet message sender privacy protection and authentication transmission method as claimed in claim 3, wherein the generating the target encryption result for the message receiver comprises: Based on the receiving identity of the message receiver, acquiring a corresponding receiving identity public key from a trusted third party; acquiring a first operation result based on the received identity public key and the second target value; acquiring a sending identity private key of a message sender and acquiring a second operation result based on the receiving identity public key and the sending identity private key SK; Generating a first target key based on the first operation result, the second operation result and a key derivative function; Generating a second target key based on the first operation result and a key derivative function; acquiring a first target vector based on the first target key; acquiring a second target vector based on the second target key; And generating a target encryption result based on the first target vector and the second target vector.
5. 5. The internet message sender privacy preserving and authentication method as claimed in claim 4, wherein the generating a target encryption result based on the first target vector and the second target vector comprises: generating a key encryption result based on the first target vector and the encryption key; Acquiring a sending identity of a message sender; acquiring a second data structure based on the sending identity; Generating a target encryption result based on the second target vector, the second data structure, and the key encryption result, the key encryption result and the target encryption result satisfying the following algorithm: enk i =Enc Kkey1 (IV 1 ,mkey),enmkey i =Enc Kkey2 (IV 2 ,"RenZhengJiaMi"|ID|enk i ) wherein enk i is the key encryption result, IV 1 is the first target vector, enmkey i is the target encryption result, IV 2 is the second target vector, and "RenZhengJiaMi" |ID| is the second data structure.
6. 6. The internet message sender privacy protection and authentication transmission method according to claim 1, wherein the message receiver decrypts and restores the encrypted data and judges whether decryption is successful comprises: Acquiring a receiving identity private key of a message receiver; acquiring a first operation result based on the received identity private key and the temporary key; Generating a second target key based on the first operation result and a key derivative function; acquiring a second target vector based on the second target key; decrypting and restoring the target encryption result based on the second target key and the second target vector, and obtaining decrypted data; Decomposing the decrypted data, and obtaining a decrypted character string, a sending identity mark and a key encryption result; and if the decryption character string does not meet the corresponding requirement, judging that the decryption fails.
7. 7. The method for protecting privacy and authenticating a sender of an internet message as set forth in claim 6, further comprising, after said decomposing the decrypted data and obtaining the decrypted string, the sending identity, and the key encryption result: If the decryption character string meets the corresponding requirement, inquiring a sending public key corresponding to the sending identity from a trusted third party based on the sending identity; acquiring a second operation result based on the sending public key and the receiving identity private key; acquiring a first target key based on the first operation result and the second operation result; acquiring a first target vector based on the first target key; decrypting the key encryption result based on the first target key and the first target vector, and obtaining the plaintext encryption key; decrypting the encrypted ciphertext based on the plaintext encryption key and a second random value, and obtaining a plaintext message; Acquiring a target hash value based on the plaintext message, and judging whether the target hash value is equal to a first encrypted ciphertext or not; if not, judging that decryption fails; If the decryption is equal, the decryption is judged to be successful.
8. 8. An internet message sender privacy protection and authentication delivery system, comprising: The first acquisition module is used for acquiring the plaintext message by the message sender; The second acquisition module is used for acquiring a plaintext encryption key corresponding to the plaintext message; the ciphertext generating module is used for encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext; the data generation module is used for generating encrypted data based on the encrypted ciphertext; The message sending module is used for sending the encrypted data to a message receiver; The decryption restoration module is used for carrying out decryption restoration on the encrypted data by the message receiver and judging whether decryption is successful or not; The first execution module is used for generating alarm information if decryption fails; and the second execution module is used for ending the current flow if the decryption is successful.
9. 9. A smart terminal comprising a memory, a processor, wherein the memory is adapted to store a computer program capable of running on the processor, and wherein the processor, when loaded with the computer program, performs the method of any of claims 1 to 7.
10. 10. A computer readable storage medium having a computer program stored therein, characterized in that the computer program, when loaded by a processor, performs the method of any of claims 1 to 7.

Description

Message sender privacy protection and authentication sending method and related equipment Technical Field The present application relates to the field of data security technologies, and in particular, to a method and related device for protecting privacy and authenticating a message sender. Background At the current rapid development of digital economies, the value of data as a core production element is increasingly prominent, and a "trusted data space" has arisen. The method is based on the common knowledge rule to connect the multiparty main body, realizes the data circulation infrastructure shared by the data resources, and becomes a key application ecology for the value co-creation of the data elements. In the multiparty participated data sharing network, trust and security of data circulation are supported by two cores, namely reliable information source identification, which is the premise of ensuring that data circulate within a legal authorization range, and can avoid illegal use or tampering of the data, and powerful user identity privacy protection, which is the core of improving identity verification security and user experience, and can reduce risks brought by identity information leakage. However, the traditional message sending mode has obvious technical pain points that identity information is easy to be exposed in the transmission process, so that the privacy of a user is threatened, the efficiency of a message authentication mechanism is low, the validity of a message source cannot be rapidly and accurately verified, the anti-attack capability is weak, and malicious attack behaviors such as identity counterfeiting, message counterfeiting and the like are difficult to resist. These problems severely restrict the security and efficiency of data circulation in the "trusted data space" and prevent the full release of the value of the data elements. Disclosure of Invention In order to help solve the technical pain points of easy exposure of identity information, low authentication efficiency and weak attack resistance in the traditional message sending mode, the application provides a message sender privacy protection and authentication sending method and related equipment. In a first aspect, the present application provides a method for protecting privacy and sending authentication of an internet message sender, which adopts the following technical scheme: an internet message sender privacy protection and authentication transmission method, comprising: The message sender acquires a plaintext message; Acquiring a plaintext encryption key corresponding to the plaintext message; encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext; Generating encrypted data based on the encrypted ciphertext; Transmitting the encrypted data to a message receiver; the message receiver decrypts and restores the encrypted data and judges whether decryption is successful or not; If decryption fails, generating alarm information; if the decryption is successful, the current flow is ended. Optionally, encrypting the plaintext message based on the encryption key and generating an encrypted ciphertext includes: Acquiring a first target value, and taking the first target value as an initial vector of a block encryption algorithm; Acquiring a receiving identity corresponding to a message receiver; generating a first data structure based on the received identity and a preset rule; Encrypting the plaintext message based on the encryption key, a first data structure, and an initial vector, generating an encrypted ciphertext, the encrypted ciphertext satisfying the following algorithm: C1=Hash(mkey,IDLB,Message),C2=Encmkey(nonce,Message) The method comprises the steps of performing Hash, wherein Hash refers to a cryptographic Hash function, enc mkey (Message) refers to block encryption on Message by using mkey as an encryption key and using nonce as an IV, an encrypted ciphertext comprises a first encrypted ciphertext C 1 and a second encrypted ciphertext C 2, mkey as encryption keys, IDLB is a first data structure, message is a plaintext Message, nonce is a first target value, and IV is an initial vector. Optionally, the generating the encrypted data based on the encrypted ciphertext includes: acquiring a second target value; generating a temporary key based on the second target value and a preset modular exponentiation operation; Generating a target encryption result for the message receiver; And generating encrypted data based on the encrypted ciphertext, the temporary key, a first random value, and the encryption result. Optionally, the generating the target encryption result for the message receiver includes: Based on the receiving identity of the message receiver, acquiring a corresponding receiving identity public key from a trusted third party; acquiring a first operation result based on the received identity public key and the second target value; Acquiring a sending ident