CN113556333A - Computer network data secure transmission method and device - Google Patents

Computer network data secure transmission method and device Download PDF

Info

Publication number
CN113556333A
CN113556333A CN202110795027.4A CN202110795027A CN113556333A CN 113556333 A CN113556333 A CN 113556333A CN 202110795027 A CN202110795027 A CN 202110795027A CN 113556333 A CN113556333 A CN 113556333A
Authority
CN
China
Prior art keywords
transmission data
information
terminal device
target information
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110795027.4A
Other languages
Chinese (zh)
Inventor
凌泽民
李强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110795027.4A priority Critical patent/CN113556333A/en
Publication of CN113556333A publication Critical patent/CN113556333A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a computer network data secure transmission method and device. The method comprises the following steps: judging whether transmission data is sent to the second terminal equipment for the first time; and when the first terminal equipment does not send the transmission data to the second terminal equipment for the first time, based on the agreed encryption and decryption rule, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal for the previous time to obtain second encrypted transmission data. By the method, the encryption keys of the first terminal equipment during each transmission are different, and even if the encryption key transmitted at this time is cracked, the encryption mode still does not need to be changed. In addition, compared with the traditional single encryption mode, the encryption mode of the dynamic key has higher security.

Description

Computer network data secure transmission method and device
Technical Field
The application relates to the field of computer networks, in particular to a method and a device for safely transmitting computer network data.
Background
Computer networks are also known as computer communication networks. The simplest definition of a computer network is: a collection of interconnected, autonomous terminal devices aimed at sharing resources.
In order to ensure the security of data transmission between terminal devices, data transmission between terminal devices often adopts an encryption mode for transmission, but the existing encryption mode is single, and once the data is cracked, the encryption mode needs to be changed again. That is, the security of the existing encryption method cannot meet the security requirement of the computer network.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for secure data transmission in a computer network, so as to improve the problem that "the security of the existing encryption method cannot meet the security requirement of the computer network".
The invention is realized by the following steps:
in a first aspect, an embodiment of the present application provides a method for securely transmitting computer network data, where the method is applied to a first terminal device, and the method includes: judging whether transmission data is sent to the second terminal equipment for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other; when the first terminal equipment sends the transmission data to the second terminal equipment for the first time, based on the agreed encryption and decryption rules, the hardware information of the second terminal equipment is adopted to encrypt the transmission data and target information to obtain first encrypted transmission data, wherein the target information is data related to the transmission data; sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by adopting hardware information of the second terminal device based on the agreed encryption and decryption rule to obtain the transmission data and the target information; when the first terminal device does not send the transmission data to the second terminal device for the first time, based on the agreed encryption and decryption rule, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal device for the previous time to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
In this embodiment of the present application, when performing data transmission with a second terminal device, a first terminal device may first determine whether to send transmission data to the second terminal device for the first time. And if the first transmission is carried out, encrypting the transmission data and the target information by adopting the hardware information of the second terminal equipment to obtain first encrypted transmission data. And if the transmission is not the first transmission, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal for the previous time to obtain second encrypted transmission data. By the method, the encryption keys of the first terminal equipment during each transmission are different, and even if the encryption key transmitted at this time is cracked, the encryption mode still does not need to be changed. In addition, compared with the traditional single encryption mode, the encryption mode of the dynamic key has higher security.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, when the first terminal device is in handshake connection with the second terminal device, the method further includes: calculating the Mac address of the first terminal equipment and the length of the serial number of the first terminal equipment; if the length is smaller than the preset length, filling fixed characters to enable the total length to reach the preset length, and generating hardware information of the first terminal device; wherein the fixed characters and the preset length are appointed when the handshake connection is performed; encrypting the hardware information of the first terminal through the fixed character; and sending the encrypted hardware information of the first terminal to the second terminal equipment.
In the embodiment of the application, when the first terminal device is in handshake connection with the second terminal device, the Mac address of the first terminal device plus the length of the device serial number of the first terminal device is calculated at first; if the length is smaller than the preset length, filling fixed characters to enable the total length to reach the preset length, and generating hardware information of the first terminal device; wherein, the fixed characters and the preset length are appointed when the handshake connection is carried out; encrypting hardware information of a first terminal through fixed characters; and finally, sending the encrypted hardware information of the first terminal to the second terminal equipment. By the method, the safety of hardware information transmission when the first terminal equipment is in handshake with the second terminal equipment is guaranteed.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, when the first terminal device is in handshake connection with the second terminal device, the method further includes: receiving the encrypted hardware information of the second terminal sent by the second terminal; and decrypting the encrypted hardware information of the second terminal based on the fixed character string to obtain the MAC address of the second terminal and the equipment serial number of the second terminal equipment.
In this embodiment of the present application, when the first terminal device is in handshake connection with the second terminal device, the first terminal device is further configured to receive encrypted hardware information of the second terminal sent by the second terminal; and decrypting the encrypted hardware information of the second terminal based on the fixed character string to obtain the MAC address of the second terminal and the equipment serial number of the second terminal equipment. By the method, the first terminal device and the second terminal device can transmit data for the first time, and the hardware information of the second terminal device is adopted to encrypt the transmission data and the target information to obtain the first encrypted transmission data. And by receiving the encrypted hardware information of the second terminal sent by the second terminal, the security of hardware information transmission when the first terminal device and the second terminal device handshake is ensured.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, the encrypting the transmission data and the target information by using the hardware information of the second terminal device based on the agreed encryption and decryption rule to obtain first encrypted transmission data includes: encrypting the target information based on the MAC address of the second terminal; and encrypting the encrypted target information and the transmission data based on the MAC address of the second terminal and the equipment serial number of the second terminal to obtain the first encrypted transmission data.
In the embodiment of the application, the target information is encrypted for the first time based on the MAC address of the second terminal, and then the encrypted target information and the transmission data are encrypted based on the MAC address of the second terminal and the device serial number of the second terminal. The key is encrypted since the destination information is the next transmission. Therefore, by the method, the secondary encryption of the target information is realized, and the safety of the subsequent encryption process and the data transmission process is further ensured.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, the target information related to the transmission data is determined through the following steps: acquiring timestamp information in the transmission data; and extracting the length of the time stamp information, taking the length of the time stamp information as a first byte, and combining the length of the time stamp information and the time stamp to generate the target information.
In the embodiment of the application, the target information is related to the timestamp in the transmission data, that is, the timestamp information in the transmission data is firstly acquired; the length of the time stamp information is extracted, the length of the time stamp information is taken as a first byte, and the length of the time stamp information and the time stamp are combined to generate target information. By the method, the time stamp information can be confused, and the target information generated by the method is not easy to be identified by an intruder, so that the subsequent security of encrypting through the target information is improved.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, the extracting the length of the timestamp information, taking the length of the timestamp information as a first byte, and combining the length of the timestamp information and the timestamp into the target information includes: extracting the length of the timestamp information; updating the numerical value of each byte in the timestamp information based on the length of the timestamp information to obtain updated timestamp information; wherein, the updating mode comprises: summing the length of the timestamp information and the value of each byte in the timestamp information in sequence; multiplying the sum of the length of the timestamp information and the numerical value of each byte in the timestamp information by a preset numerical value; the preset value is 2; and combining the length of the timestamp information with the updated timestamp information by taking the length of the timestamp information as a first byte to generate the target information.
In the embodiment of the present application, a specific process of generating target information by using a timestamp includes: firstly, acquiring timestamp information in transmission data; extracting the length of the timestamp information and extracting the length of the timestamp information; updating the numerical value of each byte in the timestamp information based on the length of the timestamp information to obtain updated timestamp information; wherein, the updating mode comprises: summing the length of the timestamp information and the value of each byte in the timestamp information in sequence; multiplying the sum of the length of the timestamp information and the numerical value of each byte in the timestamp information by a preset numerical value; presetting a numerical value of 2; and combining the length of the time stamp information and the updated time stamp information by taking the length of the time stamp information as a first byte to generate target information. By the method, more complicated confusion can be carried out on the timestamp information, and then the target information generated by the method is not easy to be identified by an intruder, so that the subsequent security of encrypting through the target information is further improved.
With reference to the technical solution provided by the first aspect, in some possible implementation manners, the target information related to the transmission data is determined through the following steps: mapping each data unit in the transmission data to a vector space to generate an initial vector set; sorting the vectors in the initial vector set from small to large, and screening out the first N vectors; and taking the data corresponding to the first N vectors as the target information.
In the embodiment of the present application, the generation manner of the target information is as follows: mapping each data unit in the transmission data to a vector space to generate an initial vector set; sorting the vectors in the initial vector set from small to large, and screening out the first N vectors; and taking data corresponding to the first N vectors as the target information. Due to the fact that the difference of the transmission data is large, the difference of the target information generated each time is large through the method, the difference of the target information adopted by each subsequent encryption is large and different, and the security of the subsequent encryption through the target information is further improved.
In a second aspect, an embodiment of the present application provides a method for securely transmitting computer network data, where the method is applied to a second terminal device, and the method includes: judging whether transmission data sent by first terminal equipment is received for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other; when the second terminal equipment receives the transmission data sent by the first terminal equipment for the first time, decrypting the first transmission data by adopting the hardware information of the second terminal equipment based on the agreed encryption and decryption rule to obtain the transmission data and the target information; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment; when the second terminal device does not receive the transmission data sent by the first terminal device for the first time, decrypting the second transmission data by adopting the previous target information sent by the first terminal device for the previous time based on the agreed encryption and decryption rule to obtain the transmission data and the current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
In a third aspect, an embodiment of the present application provides a device for securely transmitting computer network data, where the device is applied to a first terminal device, and the device includes: the judging module is used for judging whether the transmission data is sent to the second terminal equipment for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other; a first processing module, configured to encrypt the transmission data and target information by using hardware information of the second terminal device based on the agreed encryption and decryption rule when the first terminal device sends the transmission data to the second terminal device for the first time, so as to obtain first encrypted transmission data, where the target information is data related to the transmission data; sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by adopting hardware information of the second terminal device based on the agreed encryption and decryption rule to obtain the transmission data and the target information; a second processing module, configured to encrypt the transmission data and the current target information by using previous target information sent to the second terminal in the previous time based on the agreed encryption and decryption rule when the first terminal device does not send the transmission data to the second terminal device for the first time, so as to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
In a third aspect, an embodiment of the present application provides a device for securely transmitting computer network data, where the device is applied to a second terminal device, and the device includes: the judging module is used for judging whether transmission data sent by the first terminal equipment is received for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other; the first processing module is used for decrypting the first transmission data by adopting hardware information of the second terminal equipment based on the agreed encryption and decryption rules to obtain the transmission data and the target information when the second terminal equipment receives the transmission data sent by the first terminal equipment for the first time; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment; the second processing module is used for decrypting second transmission data by adopting previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules when the second terminal equipment does not receive the transmission data sent by the first terminal equipment for the first time, so as to obtain the transmission data and the current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
In a fourth aspect, an embodiment of the present application provides a first terminal device, including: a processor and a memory, the processor and the memory connected; the memory is used for storing programs; the processor is configured to invoke a program stored in the memory to perform a method as provided in the above-described first aspect embodiment and/or in combination with some possible implementations of the above-described first aspect embodiment.
In a fifth aspect, an embodiment of the present application provides a second terminal device, including: a processor and a memory, the processor and the memory connected; the memory is used for storing programs; the processor is configured to invoke a program stored in the memory to perform a method as provided in the above-described first aspect embodiment and/or in combination with some possible implementations of the above-described first aspect embodiment.
In a sixth aspect, embodiments of the present application provide a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the method as provided in the foregoing first aspect embodiment and/or second aspect embodiment.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block diagram of a computer network data secure transmission system according to an embodiment of the present disclosure.
Fig. 2 is a schematic structural diagram of a first terminal device according to an embodiment of the present application.
Fig. 3 is a flowchart illustrating steps of a method for securely transmitting data in a computer network according to an embodiment of the present disclosure.
Fig. 4 is a flowchart illustrating steps of another method for secure data transmission in a computer network according to an embodiment of the present disclosure.
Fig. 5 is a block diagram of a device for securely transmitting data in a computer network according to an embodiment of the present disclosure.
Fig. 6 is a block diagram of a device for securely transmitting data in a computer network according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
In view of the problem that the security of the existing encryption method cannot meet the security requirement of the computer network, the inventors of the present application have studied and searched to provide the following embodiments to solve the above problem.
Referring to fig. 1, an embodiment of the present application provides a system for secure data transmission in a computer network. The system comprises a first terminal device and a second terminal device. The first terminal device is in communication connection with the second terminal device in the computer network.
The first terminal Device and the second terminal Device may be, but are not limited to, a server, a computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), a Mobile Internet Device (MID), and the like. Referring to fig. 2, structurally, the first terminal device 100 may include a processor 110 and a memory 120.
The processor 110 and the memory 120 are electrically connected directly or indirectly to enable data transmission or interaction, for example, the components may be electrically connected to each other via one or more communication buses or signal lines. The computer network data security transmission device includes at least one software module which can be stored in the memory 120 in the form of software or Firmware (Firmware) or solidified in an Operating System (OS) of the first terminal device 100. The processor 110 is configured to execute executable modules stored in the memory 120, such as software functional modules and computer programs included in the device for secure data transmission of a computer network, so as to implement a method for secure data transmission of a computer network. The processor 110 may execute the computer program upon receiving the execution instruction.
The processor 110 may be an integrated circuit chip having signal processing capabilities. The Processor 110 may also be a general-purpose Processor, for example, a Central Processing Unit (CPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a discrete gate or transistor logic device, or a discrete hardware component, which may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present Application. Further, a general purpose processor may be a microprocessor or any conventional processor or the like.
The Memory 120 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), and an electrically Erasable Programmable Read-Only Memory (EEPROM). The memory 120 is used for storing a program, and the processor 110 executes the program after receiving the execution instruction.
It should be noted that, the structure of the second terminal device may refer to the structure description of the first terminal device, which is not described in detail herein.
It should be understood that the structure shown in fig. 2 is only an illustration, and the first terminal device 100 provided in the embodiment of the present application may also have fewer or more components than those in fig. 2, or have a different configuration from that shown in fig. 2. Further, the components shown in fig. 2 may be implemented by software, hardware, or a combination thereof.
Referring to fig. 3, fig. 3 is a flowchart illustrating a method for securely transmitting computer network data according to an embodiment of the present application, where the method is applied to the first terminal device 100 shown in fig. 2. It should be noted that, the method for securely transmitting computer network data provided in the embodiment of the present application is not limited by the sequence shown in fig. 3 and the following sequence, and the specific flow and steps of the method for securely transmitting computer network data are described below with reference to fig. 3. The method comprises the following steps: step S101-step S103.
Step S101: judging whether transmission data is sent to the second terminal equipment for the first time; and when the first terminal equipment and the second terminal equipment are connected in a handshaking way, hardware information of the equipment and an agreed encryption and decryption rule are exchanged with each other.
Step S102: when the first terminal equipment sends the transmission data to the second terminal equipment for the first time, based on the agreed encryption and decryption rules, the hardware information of the second terminal equipment is adopted to encrypt the transmission data and target information to obtain first encrypted transmission data, wherein the target information is data related to the transmission data; and sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by using its own hardware information based on the agreed encryption and decryption rules, and obtains the transmission data and the target information.
The hardware information of the second terminal device may be a Mac (Media Access Control Address) Address, a device serial number, and the like of the second terminal device, which is not limited in this application.
Step S103: when the first terminal device does not send the transmission data to the second terminal device for the first time, based on the agreed encryption and decryption rule, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal device for the previous time to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
In this embodiment of the present application, when performing data transmission with a second terminal device, a first terminal device may first determine whether to send transmission data to the second terminal device for the first time. And if the first transmission is carried out, encrypting the transmission data and the target information by adopting the hardware information of the second terminal equipment to obtain first encrypted transmission data. And if the transmission is not the first transmission, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal for the previous time to obtain second encrypted transmission data. By the method, the encryption keys of the first terminal equipment during each transmission are different, and even if the encryption key transmitted at this time is cracked, the encryption mode still does not need to be changed. In addition, compared with the traditional single encryption mode, the encryption mode of the dynamic key has higher security.
It should be noted that, before the first terminal device transmits data with the second terminal device for the first time, the first terminal device needs to perform handshake connection first.
As an embodiment, when the first terminal device is in handshake connection with the second terminal device, the method further includes: calculating the Mac address of the first terminal equipment and the length of the equipment serial number of the first terminal equipment; if the length is smaller than the preset length, filling fixed characters to enable the total length to reach the preset length, and generating hardware information of the first terminal device; wherein, the fixed characters and the preset length are appointed when the handshake connection is carried out; encrypting hardware information of the first terminal through the fixed character; and sending the encrypted hardware information of the first terminal to the second terminal equipment.
The fixed character may be 1 or 0, and the preset length may be 128 bytes. The present application is not limited.
That is, in the embodiment of the present application, when the first terminal device is in handshake connection with the second terminal device, first, the Mac address of the first terminal device plus the length of the device serial number of the first terminal device is calculated; if the length is smaller than the preset length, filling fixed characters to enable the total length to reach the preset length, and generating hardware information of the first terminal device; wherein, the fixed characters and the preset length are appointed when the handshake connection is carried out; encrypting hardware information of a first terminal through fixed characters; and finally, sending the encrypted hardware information of the first terminal to the second terminal equipment. By the method, the safety of hardware information transmission when the first terminal equipment is in handshake with the second terminal equipment is guaranteed.
Optionally, when the first terminal device is in handshake connection with the second terminal device, the method further includes: receiving encrypted hardware information of the second terminal sent by the second terminal; and decrypting the encrypted hardware information of the second terminal based on the fixed character string to obtain the MAC address of the second terminal and the equipment serial number of the second terminal equipment.
That is, when the first terminal device is in handshake connection with the second terminal device, the first terminal device is further configured to receive encrypted hardware information of the second terminal sent by the second terminal; and decrypting the encrypted hardware information of the second terminal based on the fixed character string to obtain the MAC address of the second terminal and the equipment serial number of the second terminal equipment. By the method, the first terminal device and the second terminal device can transmit data for the first time, and the hardware information of the second terminal device is adopted to encrypt the transmission data and the target information to obtain the first encrypted transmission data. And by receiving the encrypted hardware information of the second terminal sent by the second terminal, the security of hardware information transmission when the first terminal device and the second terminal device handshake is ensured.
Optionally, in the above step, based on an agreed encryption and decryption rule, encrypting the transmission data and the target information by using hardware information of the second terminal device to obtain first encrypted transmission data, including: encrypting the target information based on the MAC address of the second terminal; and encrypting the encrypted target information and the transmission data based on the MAC address of the second terminal and the equipment serial number of the second terminal to obtain first encrypted transmission data.
That is, in the embodiment of the present application, the target information is encrypted for the first time based on the MAC address of the second terminal, and then the encrypted target information and the transmission data are encrypted based on the MAC address of the second terminal and the device serial number of the second terminal. The key is encrypted since the destination information is the next transmission. Therefore, by the method, the secondary encryption of the target information is realized, and the safety of the subsequent encryption process and the data transmission process is further ensured.
Of course, in other embodiments, the destination information may be encrypted based on the MAC address of the second terminal, and then the transmission data may be encrypted based on the device serial number of the second terminal, and then the two may be combined to form the first encrypted transmission data. The present application is not limited thereto.
As a first embodiment, the target information related to the transmission data may be determined by: acquiring timestamp information in the transmission data; and extracting the length of the time stamp information, taking the length of the time stamp information as a first byte, and combining the length of the time stamp information and the time stamp to generate the target information.
Illustratively, the timestamp information is 12345, and the length is 5, then the target information formed by combining in the above manner is 512345.
That is, in the embodiment of the present application, the target information is related to the timestamp in the transmission data, that is, the timestamp information in the transmission data is obtained first; the length of the time stamp information is extracted, the length of the time stamp information is taken as a first byte, and the length of the time stamp information and the time stamp are combined to generate target information. By the method, the time stamp information can be confused, and the target information generated by the method is not easy to be identified by an intruder, so that the subsequent security of encrypting through the target information is improved.
Optionally, the extracting the length of the timestamp information in the above step, taking the length of the timestamp information as a first byte, and combining the length of the timestamp information and the timestamp into the target information includes: extracting the length of the timestamp information; updating the numerical value of each byte in the timestamp information based on the length of the timestamp information to obtain updated timestamp information; wherein, the update mode includes: summing the length of the timestamp information and the value of each byte in the timestamp information in sequence; multiplying the sum of the length of the timestamp information and the numerical value of each byte in the timestamp information by a preset numerical value; presetting a numerical value of 2; and combining the length of the time stamp information and the updated time stamp information by taking the length of the time stamp information as a first byte to generate target information.
That is, in the embodiment of the present application, a specific process of generating the target information by using the timestamp includes: firstly, acquiring timestamp information in transmission data; extracting the length of the timestamp information and extracting the length of the timestamp information; updating the numerical value of each byte in the timestamp information based on the length of the timestamp information to obtain updated timestamp information; wherein, the updating mode comprises: summing the length of the timestamp information and the value of each byte in the timestamp information in sequence; multiplying the sum of the length of the timestamp information and the numerical value of each byte in the timestamp information by a preset numerical value; presetting a numerical value of 2; and combining the length of the time stamp information and the updated time stamp information by taking the length of the time stamp information as a first byte to generate target information. By the method, more complicated confusion can be carried out on the timestamp information, and then the target information generated by the method is not easy to be identified by an intruder, so that the subsequent security of encrypting through the target information is further improved.
As a second embodiment, the target information related to the transmission data may be determined by: mapping each data unit in the transmission data to a vector space to generate an initial vector set; sorting the vectors in the initial vector set from small to large, and screening out the first N vectors; and taking data corresponding to the first N vectors as target information.
That is, in the embodiment of the present application, the generation manner of the target information is: mapping each data unit in the transmission data to a vector space to generate an initial vector set; sorting the vectors in the initial vector set from small to large, and screening out the first N vectors; and taking data corresponding to the first N vectors as the target information. Due to the fact that the difference of the transmission data is large, the difference of the target information generated each time is large through the method, the difference of the target information adopted by each subsequent encryption is large and different, and the security of the subsequent encryption through the target information is further improved.
Referring to fig. 4, fig. 4 is a schematic flowchart of a secure data transmission method for a computer network according to an embodiment of the present application, where the method is applied to a second terminal device. It should be noted that, the method for securely transmitting computer network data provided in the embodiment of the present application is not limited to the sequence shown in fig. 4 and the following sequence, and the specific flow and steps of the method for securely transmitting computer network data are described below with reference to fig. 4. The method comprises the following steps: step S201-step S203.
Step S201: judging whether transmission data sent by first terminal equipment is received for the first time; and when the first terminal equipment and the second terminal equipment are connected in a handshaking way, hardware information of the equipment and an agreed encryption and decryption rule are exchanged with each other.
Step S202: when the second terminal equipment receives the transmission data sent by the first terminal equipment for the first time, decrypting the first transmission data by adopting the hardware information of the second terminal equipment based on the agreed encryption and decryption rule to obtain the transmission data and the target information; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment.
Step S203: when the second terminal device does not receive the transmission data sent by the first terminal device for the first time, decrypting the second transmission data by adopting the previous target information sent by the first terminal device for the previous time based on the agreed encryption and decryption rule to obtain the transmission data and the current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
It should be noted that fig. 4 is a description of the decryption process from the perspective of the second terminal device, and the specific process is consistent with the description of the decryption process in the first terminal device, and repeated description is omitted here to avoid redundancy.
Referring to fig. 5, based on the same inventive concept, an embodiment of the present invention further provides a device 200 for secure data transmission in a computer network, the device including:
a judging module 201, configured to judge whether to send transmission data to the second terminal device for the first time; and when the first terminal equipment and the second terminal equipment are connected in a handshaking way, hardware information of the equipment and an agreed encryption and decryption rule are exchanged with each other.
A first processing module 202, configured to, when the first terminal device sends the transmission data to the second terminal device for the first time, encrypt the transmission data and target information by using hardware information of the second terminal device based on the agreed encryption and decryption rule, to obtain first encrypted transmission data, where the target information is data related to the transmission data; and sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by using its own hardware information based on the agreed encryption and decryption rules, and obtains the transmission data and the target information.
A second processing module 203, configured to, when the first terminal device does not send the transmission data to the second terminal device for the first time, encrypt the transmission data and the current target information by using previous target information sent to the second terminal device for the previous time based on the agreed encryption and decryption rule, so as to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
Referring to fig. 6, based on the same inventive concept, an embodiment of the present application further provides another apparatus 300 for secure data transmission of a computer network, which is applied to a second terminal device, and the apparatus includes:
a judging module 301, configured to judge whether to receive transmission data sent by a first terminal device for the first time; and when the first terminal equipment and the second terminal equipment are connected in a handshaking way, hardware information of the equipment and an agreed encryption and decryption rule are exchanged with each other.
A first processing module 302, configured to decrypt, based on the agreed encryption and decryption rule, the first transmission data by using hardware information of the second terminal device when the second terminal device receives the transmission data sent by the first terminal device for the first time, so as to obtain the transmission data and the target information; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment.
A second processing module 303, configured to, when the second terminal device does not receive the transmission data sent by the first terminal device for the first time, decrypt, based on the agreed encryption and decryption rule, second transmission data by using previous target information sent by the first terminal device for the previous time, so as to obtain the transmission data and current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
It should be noted that, as those skilled in the art can clearly understand, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Based on the same inventive concept, the present application further provides a storage medium, on which a computer program is stored, and when the computer program is executed, the computer program performs the method provided in the foregoing embodiments.
The storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A computer network data security transmission method is applied to a first terminal device, and the method comprises the following steps:
judging whether transmission data is sent to the second terminal equipment for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other;
when the first terminal equipment sends the transmission data to the second terminal equipment for the first time, based on the agreed encryption and decryption rules, the hardware information of the second terminal equipment is adopted to encrypt the transmission data and target information to obtain first encrypted transmission data, wherein the target information is data related to the transmission data; sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by adopting hardware information of the second terminal device based on the agreed encryption and decryption rule to obtain the transmission data and the target information;
when the first terminal device does not send the transmission data to the second terminal device for the first time, based on the agreed encryption and decryption rule, encrypting the transmission data and the current target information by adopting the previous target information sent to the second terminal device for the previous time to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
2. The method for securely transmitting data over a computer network according to claim 1, wherein when the first terminal device is in handshake connection with the second terminal device, the method further comprises:
calculating the Mac address of the first terminal equipment and the length of the serial number of the first terminal equipment;
if the length is smaller than the preset length, filling fixed characters to enable the total length to reach the preset length, and generating hardware information of the first terminal device; wherein the fixed characters and the preset length are appointed when the handshake connection is performed;
encrypting the hardware information of the first terminal through the fixed character; and sending the encrypted hardware information of the first terminal to the second terminal equipment.
3. The method for securely transmitting data of computer network according to claim 2, wherein when the first terminal device is in handshake connection with the second terminal device, the method further comprises:
receiving the encrypted hardware information of the second terminal sent by the second terminal;
and decrypting the encrypted hardware information of the second terminal based on the fixed character string to obtain the MAC address of the second terminal and the equipment serial number of the second terminal equipment.
4. The method for securely transmitting computer network data according to claim 3, wherein the encrypting the transmission data and the target information by using the hardware information of the second terminal device based on the agreed encryption and decryption rules to obtain first encrypted transmission data comprises:
encrypting the target information based on the MAC address of the second terminal;
and encrypting the encrypted target information and the transmission data based on the MAC address of the second terminal and the equipment serial number of the second terminal to obtain the first encrypted transmission data.
5. The method for secure transmission of data over a computer network of claim 1, wherein the target information associated with the transmitted data is determined by:
acquiring timestamp information in the transmission data;
and extracting the length of the time stamp information, taking the length of the time stamp information as a first byte, and combining the length of the time stamp information and the time stamp to generate the target information.
6. The method for securely transmitting data over a computer network according to claim 5, wherein the extracting the length of the time stamp information, and combining the length of the time stamp information and the time stamp into the target information with the length of the time stamp information as a first byte comprises:
extracting the length of the timestamp information;
updating the numerical value of each byte in the timestamp information based on the length of the timestamp information to obtain updated timestamp information; wherein, the updating mode comprises: summing the length of the timestamp information and the value of each byte in the timestamp information in sequence; multiplying the sum of the length of the timestamp information and the numerical value of each byte in the timestamp information by a preset numerical value; the preset value is 2;
and combining the length of the timestamp information with the updated timestamp information by taking the length of the timestamp information as a first byte to generate the target information.
7. The method for secure transmission of data over a computer network of claim 1, wherein the target information associated with the transmitted data is determined by:
mapping each data unit in the transmission data to a vector space to generate an initial vector set;
sorting the vectors in the initial vector set from small to large, and screening out the first N vectors;
and taking the data corresponding to the first N vectors as the target information.
8. A computer network data security transmission method is applied to a second terminal device, and the method comprises the following steps:
judging whether transmission data sent by first terminal equipment is received for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other;
when the second terminal equipment receives the transmission data sent by the first terminal equipment for the first time, decrypting the first transmission data by adopting the hardware information of the second terminal equipment based on the agreed encryption and decryption rule to obtain the transmission data and the target information; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment;
when the second terminal device does not receive the transmission data sent by the first terminal device for the first time, decrypting the second transmission data by adopting the previous target information sent by the first terminal device for the previous time based on the agreed encryption and decryption rule to obtain the transmission data and the current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
9. A computer network data security transmission device is characterized in that the device is applied to a first terminal device, and the device comprises:
the judging module is used for judging whether the transmission data is sent to the second terminal equipment for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other;
a first processing module, configured to encrypt the transmission data and target information by using hardware information of the second terminal device based on the agreed encryption and decryption rule when the first terminal device sends the transmission data to the second terminal device for the first time, so as to obtain first encrypted transmission data, where the target information is data related to the transmission data; sending the first encrypted transmission data to the second terminal device, so that the second terminal device decrypts the first encrypted transmission data by adopting hardware information of the second terminal device based on the agreed encryption and decryption rule to obtain the transmission data and the target information;
a second processing module, configured to encrypt the transmission data and the current target information by using previous target information sent to the second terminal in the previous time based on the agreed encryption and decryption rule when the first terminal device does not send the transmission data to the second terminal device for the first time, so as to obtain second encrypted transmission data; the target information is data related to the transmission data; and sending the second encrypted transmission data to the second terminal equipment, so that the second terminal equipment decrypts the first encrypted transmission data through the previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules, and obtains the transmission data and the current target information.
10. A computer network data security transmission device is characterized in that the device is applied to a second terminal device, and the device comprises:
the judging module is used for judging whether transmission data sent by the first terminal equipment is received for the first time; when the first terminal device and the second terminal device are connected in a handshaking manner, hardware information of the devices and an agreed encryption and decryption rule are exchanged with each other;
the first processing module is used for decrypting the first transmission data by adopting hardware information of the second terminal equipment based on the agreed encryption and decryption rules to obtain the transmission data and the target information when the second terminal equipment receives the transmission data sent by the first terminal equipment for the first time; the first transmission data is obtained by encrypting the transmission data and target information by the first terminal equipment;
the second processing module is used for decrypting second transmission data by adopting previous target information sent by the first terminal equipment for the previous time based on the agreed encryption and decryption rules when the second terminal equipment does not receive the transmission data sent by the first terminal equipment for the first time, so as to obtain the transmission data and the current target information; the second transmission data is obtained by encrypting the transmission data and the current target information by the first terminal equipment.
CN202110795027.4A 2021-07-14 2021-07-14 Computer network data secure transmission method and device Withdrawn CN113556333A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110795027.4A CN113556333A (en) 2021-07-14 2021-07-14 Computer network data secure transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110795027.4A CN113556333A (en) 2021-07-14 2021-07-14 Computer network data secure transmission method and device

Publications (1)

Publication Number Publication Date
CN113556333A true CN113556333A (en) 2021-10-26

Family

ID=78131746

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110795027.4A Withdrawn CN113556333A (en) 2021-07-14 2021-07-14 Computer network data secure transmission method and device

Country Status (1)

Country Link
CN (1) CN113556333A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment
CN114221784B (en) * 2021-11-12 2024-04-09 招银云创信息技术有限公司 Data transmission method and computer equipment

Similar Documents

Publication Publication Date Title
US11784801B2 (en) Key management method and related device
EP3682364B1 (en) Cryptographic services utilizing commodity hardware
EP3264671A1 (en) Key replacement direction control system, and key replacement direction control method
CN112400299B (en) Data interaction method and related equipment
KR20190076197A (en) Apparatus and method for storing data based on blockchain
CN112822177B (en) Data transmission method, device, equipment and storage medium
CN112733180A (en) Data query method and device and electronic equipment
CN107872315B (en) Data processing method and intelligent terminal
CN113824553A (en) Key management method, device and system
CN111368322B (en) File decryption method and device, electronic equipment and storage medium
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
CN113556333A (en) Computer network data secure transmission method and device
CN112202555B (en) Information processing method, device and equipment for generating random number based on information attribute
CN111585998B (en) Audit data secure transmission method and system
CN110287733B (en) File tamper-proofing method and device
CN108848094B (en) Data security verification method, device, system, computer equipment and storage medium
JP6939313B2 (en) Distributed authentication system
CN116166749A (en) Data sharing method and device, electronic equipment and storage medium
US9135449B2 (en) Apparatus and method for managing USIM data using mobile trusted module
CN113132320A (en) Encryption transmission method and device and electronic equipment
CN111130788B (en) Data processing method and system, data reading method and iSCSI server
CN111859351A (en) Method, system, server and storage medium for writing information into chip
CN113381854B (en) Data transmission method, device, equipment and storage medium
CN115208569B (en) Encryption and decryption method and device for dynamic key distribution
CN113411347B (en) Transaction message processing method and processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20211026