CN114567452A - Data transmission method, device and system and computer storage medium - Google Patents

Data transmission method, device and system and computer storage medium Download PDF

Info

Publication number
CN114567452A
CN114567452A CN202011358984.2A CN202011358984A CN114567452A CN 114567452 A CN114567452 A CN 114567452A CN 202011358984 A CN202011358984 A CN 202011358984A CN 114567452 A CN114567452 A CN 114567452A
Authority
CN
China
Prior art keywords
key
validity
sending
receiving
encrypted data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011358984.2A
Other languages
Chinese (zh)
Inventor
刘明超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huawei Digital Technologies Co Ltd
Original Assignee
Beijing Huawei Digital Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huawei Digital Technologies Co Ltd filed Critical Beijing Huawei Digital Technologies Co Ltd
Priority to CN202011358984.2A priority Critical patent/CN114567452A/en
Publication of CN114567452A publication Critical patent/CN114567452A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application discloses a data transmission method, a data transmission device, a data transmission system and a computer storage medium, and belongs to the technical field of communication. After the sending equipment encrypts the original data by adopting a first key in the validity keys to obtain encrypted data, a first message authentication code of the encrypted data is generated by adopting a second key in the validity keys, and the encrypted data and the first message authentication code are sent to the receiving equipment. After receiving the encrypted data and the first message authentication code, the receiving device generates a second message authentication code of the encrypted data by using a second key in the validity keys, verifies the encrypted data based on the first message authentication code and the second message authentication code, and decrypts the encrypted data by using the first key in the validity keys to obtain original data in response to the verification of the encrypted data passing. The sending equipment and the receiving equipment in the application do not need to adopt an asymmetric encryption algorithm for encryption and decryption, and the data transmission efficiency is improved.

Description

Data transmission method, device and system and computer storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data transmission method, apparatus, and system, and a computer storage medium.
Background
In the data transmission process, in order to ensure that the data sent by the sending device can be transmitted to the receiving device safely and completely, the sending device generally needs to encrypt the data.
At present, the implementation process of the sending device for encrypted transmission of data may include: the sending equipment encrypts data by adopting a symmetric key to obtain a ciphertext, encrypts the symmetric key by adopting a public key of the receiving equipment, signs the encrypted data (the encrypted data comprises the ciphertext and the encrypted symmetric key) by adopting a private key of the sending equipment, and sends the ciphertext, the encrypted symmetric key and the signature to the receiving equipment. After receiving the ciphertext, the encrypted symmetric key and the signature from the sending device, the receiving device firstly verifies the signature by using the public key of the sending device, then decrypts the encrypted symmetric key by using the private key of the receiving device to obtain the symmetric key, and finally decrypts the ciphertext by using the symmetric key to obtain data.
However, in each data transmission process, the sending device and the receiving device need to use an asymmetric encryption algorithm for encryption and decryption, while the asymmetric encryption algorithm has higher computational complexity, and the sending device and the receiving device spend longer time in performing encryption and decryption by using the asymmetric encryption algorithm, so that the data transmission efficiency is lower at present.
Disclosure of Invention
The application provides a data transmission method, a data transmission device, a data transmission system and a computer storage medium, which can solve the problems that sending equipment and receiving equipment consume longer time and have lower data transmission efficiency when encryption and decryption are carried out by using an asymmetric encryption algorithm.
In a first aspect, a data transmission method is provided, where the method includes: the sending equipment encrypts the original data by adopting a first key in the validity keys to obtain encrypted data. The transmitting device generates a message authentication code for the encrypted data using a second key of the validity keys. The transmitting device transmits the encrypted data and the message authentication code to the receiving device.
In the application, the message authentication code can be used for the receiving equipment to verify the integrity and reliability of the encrypted data, the sending equipment can safely and completely transmit the original data to the receiving equipment only by adopting the validity key, and the sending equipment does not need to sign the transmitted data, so that the use frequency of the asymmetric encryption algorithm is low, the time for the sending equipment to process the data is reduced, and the data transmission efficiency is improved.
Optionally, the validity key has a validity flag indicating the life cycle of the first key and the second key.
In the application, the first key and the second key in the validity key have a life cycle, in the life cycle, the sending device does not need to send the validity key to the receiving device, namely, the sending device does not need to use the asymmetric encryption algorithm encryption key in each data transmission, and the use frequency of the asymmetric encryption algorithm is low, so that the time for the sending device to process data is reduced, the communication time delay is reduced, and the data transmission efficiency is improved.
Optionally, the sending device may also generate a validity key and send the validity key to the receiving device.
Optionally, the implementation process of generating the validity key by the sending device includes: the sending device generates an original key according to the device information of the sending device and the device information of the receiving device, and then generates a first key and a second key based on the original key.
In the present application, the sending device generates the original key according to the device information of the sending device and the device information of the receiving device, that is, if the sending device and/or the receiving device are different, the generated original keys are different, so that different devices do not generate the same original key, and the reliability of the original key can be ensured.
Optionally, before the sending device sends the validity key to the receiving device, the sending device may further encrypt the validity key by using the public key of the receiving device to obtain a validity key ciphertext, and sign the validity key ciphertext by using the private key of the sending device. The implementation process of the sending device sending the validity key to the receiving device includes: the transmitting device transmits the validity key ciphertext and a digital signature of the validity key ciphertext by the transmitting device to the receiving device.
In the application, the sending equipment encrypts the validity key by adopting the public key of the receiving equipment to obtain the validity key ciphertext, so that the transmission security of the validity key can be ensured; the sending equipment signs the validity key ciphertext by adopting the private key of the sending equipment, so that the source reliability of the validity key ciphertext and the integrity of the validity key ciphertext can be ensured.
In a second aspect, a data transmission method is provided, which includes: the receiving device receives the encrypted data and the first message authentication code from the transmitting device. The receiving device generates a second message authentication code for the encrypted data using a second one of the validity keys. The receiving device verifies the encrypted data based on the first message authentication code and the second message authentication code. And in response to the verification of the encrypted data, the receiving equipment decrypts the encrypted data by adopting a first key in the validity keys to obtain the original data.
In the application, the message authentication code can be used for verifying the integrity and reliability of the encrypted data by the receiving equipment, and the receiving equipment can receive the original data from the sending equipment only by adopting the validity key, so that the use frequency of the asymmetric encryption algorithm is low, the time for processing the data by the receiving equipment is reduced, and the data transmission efficiency is improved.
Optionally, the validity key has a validity flag indicating the life cycle of the first key and the second key.
In the application, the first key and the second key in the validity keys have a life cycle, and in the life cycle, the receiving device does not need to receive the validity keys from the sending device, namely the receiving device does not need to use the asymmetric encryption algorithm decryption key in each data transmission, and the use frequency of the asymmetric encryption algorithm is low, so that the time for the receiving device to process data is reduced, the communication time delay is reduced, and the data transmission efficiency is improved.
Optionally, the receiving device receives the validity key ciphertext from the sending device and the digital signature of the validity key ciphertext by the sending device, and verifies the digital signature by using the public key of the sending device. And in response to the verification of the digital signature, the receiving equipment decrypts the validity key ciphertext by adopting the private key of the receiving equipment to obtain the validity key.
In the application, the receiving equipment adopts the public key of the sending equipment to verify the digital signature of the validity key ciphertext, so that the source reliability of the validity key ciphertext and the integrity of the validity key ciphertext can be ensured; and decrypting the validity key ciphertext by adopting the own private key of the receiving equipment to obtain the validity key.
In a third aspect, a transmitting device is provided. The sending device comprises a plurality of functional modules, which interact to implement the method in the first aspect and its embodiments described above. The functional modules can be implemented based on software, hardware or a combination of software and hardware, and the functional modules can be combined or divided arbitrarily based on specific implementation.
In a fourth aspect, a receiving device is provided. The receiving device comprises a plurality of functional modules, which interact to implement the method in the second aspect and its embodiments described above. The functional modules can be implemented based on software, hardware or a combination of software and hardware, and the functional modules can be combined or divided arbitrarily based on specific implementation.
In a fifth aspect, a transmitting device is provided, including: a processor, a memory, and a transceiver;
a memory for storing a computer program, the computer program comprising program instructions;
and a processor, configured to invoke a computer program, and implement the data transmission method in the first aspect and the embodiments thereof in cooperation with the transceiver.
In a sixth aspect, there is provided a receiving apparatus comprising: a processor, a memory, and a transceiver;
a memory for storing a computer program, the computer program comprising program instructions;
and a processor, configured to invoke a computer program, and implement the data transmission method in the second aspect and the embodiments thereof in cooperation with the transceiver.
A seventh aspect provides a data transmission system, including: a transmitting device and a receiving device, wherein the transmitting device is the transmitting device of the third aspect or the fifth aspect, and the receiving device is the receiving device of the fourth aspect or the sixth aspect.
An eighth aspect is a computer storage medium having instructions stored thereon, which when executed by a processor, implement the data transmission method of the first aspect and its embodiments, or implement the data transmission method of the second aspect and its embodiments.
A ninth aspect provides a chip, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs, the data transmission method in the first aspect and the embodiments thereof is implemented, or the data transmission method in the second aspect and the embodiments thereof is implemented.
The beneficial effect that technical scheme that this application provided brought includes at least:
in the application, a sending device firstly encrypts original data by using a first key in an effective key to obtain encrypted data, then generates a first message authentication code of the encrypted data by using a second key in the effective key, and finally sends the encrypted data and the first message authentication code to a receiving device; after receiving the encrypted data and the first message authentication code, the receiving device generates a second message authentication code of the encrypted data by adopting a second key in the validity keys of the receiving device, verifies the encrypted data based on the first message authentication code and the second message authentication code, and in response to the verification of the encrypted data passing, the receiving device decrypts the encrypted data by adopting the first key in the validity keys of the receiving device to obtain original data. Because the first key and the second key in the validity keys have life cycles, in the life cycle, the sending device does not need to send the validity keys to the receiving device any more, namely the sending device does not need to use the asymmetric encryption algorithm encryption keys in each data transmission, in addition, the message authentication code can be used for the receiving device to verify the integrity and reliability of the encrypted data, the sending device can realize the safe and complete transmission of the original data to the receiving device only by adopting the validity keys without signing the transmitted data, and therefore, the use frequency of the asymmetric encryption algorithm is low, the time for the sending device and the receiving device to process the data is reduced, and the data transmission efficiency is improved.
Drawings
Fig. 1 is a schematic structural diagram of a data transmission system according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an implementation process of a data transmission method provided in the related art;
fig. 3 is a schematic structural diagram of a validity key provided in an embodiment of the present application;
fig. 4 is a schematic diagram of an implementation process of sending a validity key from a sending device to a receiving device according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a data transmission method according to an embodiment of the present application;
fig. 6 is a schematic diagram of an implementation process of a data transmission method provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a sending device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a receiving device according to an embodiment of the present application;
fig. 9 is a block diagram of a transmitting device according to an embodiment of the present application;
fig. 10 is a block diagram of a receiving device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
To facilitate the reader's understanding of the present application, some terms are first explained below.
And (3) secret key: refers to the parameters required in the cryptographic algorithm. Keys are generally divided into session keys, key encryption keys, and root keys. The session key (session key) refers to a one-time key used when the sender and the receiver perform data transmission, and the session key is destroyed after the data transmission is completed. The key-encrypting key (key-encrypting key) is a key for encrypting a key used when data transmission is performed between a transmitting side and a receiving side, and may also be referred to as a secondary root key, a secondary key (secondary key), a key transmission key, or the like. The root key refers to the key that encrypts the key encryption key, typically stored in the processor of the device.
Symmetric encryption algorithm: the algorithm that the sender and the receiver use the same secret key for encryption and decryption is also called a single-key cryptographic algorithm. Commonly used symmetric encryption algorithms include a Data Encryption Standard (DES) algorithm, an Advanced Encryption Standard (AES) algorithm, an International Data Encryption Algorithm (IDEA), or the like.
Asymmetric encryption algorithm: the algorithm that the sender and the receiver use different keys for encryption and decryption is also called as a public key cryptographic algorithm. Commonly used asymmetric encryption algorithms include Digital Signature Algorithm (DSA), RSA (rivest-shooter-adleman) algorithm, or Elliptic Curve Cryptography (ECC) algorithm, etc.
Key Derivation Function (KDF): a function for generating a key, which may also be referred to as a key derivation algorithm. Commonly used KDFs include hash-based key derivation functions (HKDFs) or password-based key derivation functions (PBKDFs).
Integrity algorithm: refers to an algorithm for verifying data integrity. Commonly used integrity algorithms include single hash functions or Message Digest (MD) algorithms, among others.
Digital signature: the digest of the data to be transmitted is encrypted by using a private key, and the obtained ciphertext is called a digital signature of the transmission process.
Signature verification: after receiving the data, the receiver decrypts the digital signature by adopting the public key to obtain the abstract; then, calculating the abstract value by using the same hash algorithm as the sender; and comparing the calculated digest value with the digest obtained by decryption, if the calculated digest value is consistent with the digest obtained by decryption, the data is not tampered, and if the calculated digest value is inconsistent with the digest obtained by decryption, the data is tampered. I.e. signature verification, is used to verify the integrity (not tampered) and authenticity (not fake or forged data) of the data.
Digital envelope: the information is obtained by encrypting the symmetric key used by the two parties by the public key of the receiver. After receiving the encrypted symmetric key (i.e., the digital envelope) from the sender, the receiver may decrypt the encrypted symmetric key with its own private key to obtain the symmetric key, which may be referred to as disassembling the digital envelope.
Fig. 1 is a schematic structural diagram of a data transmission system according to an embodiment of the present application. As shown in fig. 1, the data transmission system includes: a transmitting device 101 and a receiving device 102. The transmitting device 101 and the receiving device 102 are connected by a wired network or a wireless network.
The sending device 101 may be an entity that needs to perform secure communication, for example, the sending device 101 may be a terminal device, a circuit board of a base station, a server or a virtual machine, etc. The receiving device 102 may be an entity that needs to perform secure communication, and the receiving device 102 may be a terminal device, a circuit board of a base station, a server or a virtual machine, etc. For example, in an application scenario, the sending device 101 and the receiving device 102 are both office platforms of an enterprise, and a peer-to-peer communication manner is adopted between the sending device 101 and the receiving device 102. In another application scenario, the sending device 101 and the receiving device 102 are both mobile terminals, and an Application (APP) on the sending device 101 and an APP on the receiving device 102 may send a group message, perform a voice call, and/or send an email to each other.
In order to ensure the security of data transmission, the data between the sending device 101 and the receiving device 102 is encrypted.
At present, digital envelopes and digital signature encryption technologies are generally adopted to realize the safe and complete data transmission between a sending device and a receiving device. Exemplarily, fig. 2 is a schematic diagram of an implementation process of a data transmission method provided in the related art. As shown in fig. 2, when a device a needs to send data to a device B, the device a first generates a symmetric key (which may also be referred to as a session key), and encrypts plaintext data to be sent by using the symmetric key to obtain ciphertext data; then, the symmetric key is encrypted by the public key of the device B to obtain a symmetric key ciphertext; then, the private key of the device A is adopted to sign the encrypted data (including ciphertext data and symmetric key ciphertext); and finally, sending the ciphertext data, the symmetric key ciphertext and the signature of the encrypted data to the device B. After receiving the ciphertext data, the symmetric key ciphertext and the signature of the encrypted data, the device B firstly verifies the signature of the encrypted data by using the public key of the device A, decrypts the symmetric key ciphertext by using the private key of the device B after the verification is passed to obtain the symmetric key, and finally decrypts the ciphertext data by using the symmetric key obtained by decryption to obtain plaintext data.
However, with the current encryption technology, the sending device needs to dynamically generate a symmetric key each time data is transmitted, and encrypt the symmetric key and sign the encrypted data by using an asymmetric encryption algorithm; the receiving device needs to verify the signature of the encrypted data and decrypt the symmetric key ciphertext using an asymmetric encryption algorithm. Due to the fact that the calculation complexity of the asymmetric encryption algorithm is high, the time required for data processing of the sending device and the receiving device is long in the process, and the overall efficiency of data transmission is low.
Based on this, the concept of validity keys is proposed in the embodiments of the present application. Optionally, fig. 3 is a schematic structural diagram of a validity key provided in an embodiment of the present application. As shown in fig. 3, the validity key includes a first key and a second key. The first key is used for encrypting and decrypting the original data. The original data refers to data, usually plaintext data, that the sending device wants to transmit to the receiving device. The first key is a symmetric key, which may also be referred to as a data key. The second key is used to generate a message authentication code. The second key may also be referred to as a message authentication code key. Optionally, continuing to refer to fig. 3, the validity key has a validity flag indicating the life cycles of the first key and the second key.
In one implementation, the validity flag includes a validity period for indicating the first key and the second key. For example, the validity flag includes a start timestamp and an end timestamp, which indicates that the first key and the second key are valid in the time period from the start timestamp to the end timestamp, i.e., the validity key is valid. Alternatively, the validity flag includes a validity duration. Assuming that the validity key is sent to the receiving device by the sending device, the sending device starts timing from the sending time of the validity key, and processes and transmits data by using the validity key within the validity duration; the receiving device starts timing from the reception timing of the validity key, and processes data from the transmitting device using the validity key for the validity period. Still alternatively, the validity identification may further include a start timestamp and a validity duration. The valid duration may be determined based on a transmission data amount between the sending device and the receiving device, and the larger the transmission data amount is, the longer the valid duration may be set.
Illustratively, the validity flag includes a validity duration, which is 10 seconds. The transmitting device processes and transmits data using the validity key within 10 seconds from the transmission time of the validity key, the validity key expires after 10 seconds, the transmitting device generates a new validity key, then transmits the new validity key to the receiving device, and processes and transmits data using the new validity key within 10 seconds from the transmission time of the new validity key. The receiving apparatus processes data from the transmitting apparatus using the validity key for 10 seconds from the reception time every time the validity key is received.
In another implementation, the validity flag includes the number of valid times, i.e., the number of valid uses of the validity key by the transmitting device and the receiving device.
Alternatively, the validity key may be generated by the transmitting device and then transmitted to the receiving device, or the validity key may be generated by a third-party device and then distributed to the transmitting device and the receiving device, respectively. The embodiment of the present application describes an example in which a validity key is generated by a transmitting device and transmitted to a receiving device. Fig. 4 is a schematic diagram of an implementation process of sending, by a sending device, a validity key to a receiving device according to an embodiment of the present application. As shown in fig. 4, the implementation process includes:
step 401, the sending device generates a validity key.
Optionally, the implementation process of step 401 includes the following steps 4011 to 4012:
in step 4011, the transmitting device generates an original key from the device information of the transmitting device and the device information of the receiving device.
Optionally, the device information comprises a device identification. The device identification may be a Media Access Control (MAC) address, a hardware address, or other information capable of uniquely identifying the device. The device information of the sending device may include a device identification of the sending device and/or a root key of the sending device. The device information of the receiving device may include a device identification of the receiving device.
In the embodiment of the present application, the sending device generates the original key according to the device information of the sending device and the device information of the receiving device, that is, if the sending device and/or the receiving device are different, the generated original keys are different, so that different devices do not generate the same original key, and the reliability of the original key can be ensured.
Optionally, a specific implementation process of step 4011 includes: and the sending equipment generates an original key by adopting a key derivation function according to the equipment information of the sending equipment, the equipment information of the receiving equipment and the random number. That is, the sending device may generate the original key using a key derivation function based on the device identifier of the sending device and/or the root key of the sending device, the device identifier of the receiving device, and the random number. The key derivation function used in the embodiments of the present application is not limited.
In the embodiment of the application, the sending device adopts the random number when generating the original key, so that the sending device can randomly generate the original key according to the device information of the sending device and the device information of the receiving device, thereby ensuring that the validity keys used at different time intervals between the sending device and the receiving device are different, namely ensuring the reliability of the validity keys.
In step 4012, the sending device generates a first key and a second key based on the original key.
Alternatively, the sending device may select one of the original keys as a first key and another of the original keys as a second key. Wherein the first key is different from the second key. In the embodiment of the present application, the lengths of the first key and the second key are not limited.
Illustratively, the original key has a length of 100, and the sending device may use the first 50 bits of the key as the first key and the second 50 bits of the key as the second key. Alternatively, the transmitting device may use the first 60-bit key as the first key and the second 70-bit key as the second key. That is, the first key and the second key may have repeated key segments or may not have repeated key segments, and the lengths of the first key and the second key may be the same or different.
After the sending device generates the validity key, the validity key may be sent to the receiving device, and the specific implementation process may be as follows in steps 402 to 404.
Step 402, the sending device encrypts the validity key by using the public key of the receiving device to obtain a validity key ciphertext.
Optionally, after the sending device is powered on, the public key of the receiving device is obtained from the key management server. The key management server stores public keys of a plurality of devices in the network, and after the devices are powered on, the key management server can distribute the public keys of other devices in the network to the devices for the devices to use.
And 403, the sending equipment signs the validity key ciphertext by using the private key of the sending equipment.
Optionally, the sending device may encrypt the digest of the validity key ciphertext by using a private key of the sending device, to obtain a digital signature of the validity key ciphertext.
Step 404, the sending device sends the validity key ciphertext and the digital signature of the validity key ciphertext by the sending device to the receiving device.
In the embodiment of the application, the sending equipment encrypts the validity key by adopting the public key of the receiving equipment to obtain the validity key ciphertext, so that the transmission security of the validity key can be ensured; the transmitting device signs the validity key ciphertext by using the private key of the transmitting device, so that the source reliability of the validity key ciphertext and the integrity of the validity key ciphertext can be ensured.
The receiving device, upon receiving the validity key ciphertext from the transmitting device and the digital signature of the validity key ciphertext by the transmitting device, may perform the following steps 405 through 406.
Step 405, the receiving device verifies the digital signature using the public key of the sending device.
Alternatively, the receiving device may decrypt the digest of the encrypted validity key ciphertext with the public key of the transmitting device to obtain the digest of the validity key ciphertext, and calculate the digest of the validity key ciphertext using the same algorithm as the transmitting device. When the digest of the validity key ciphertext obtained by calculation is the same as the digest of the validity key ciphertext obtained by decryption, the verification of the digital signature is passed, and the source of the validity key ciphertext is reliable and the data is complete; when the digest of the calculated validity key ciphertext is different from the digest of the decrypted validity key ciphertext, it indicates that the digital signature verification fails, and indicates that the validity key ciphertext may be tampered or that the validity key ciphertext is not sent by the sending device, and at this time, the receiving device may not decrypt the validity key ciphertext.
And step 406, in response to the verification of the digital signature passing, the receiving device decrypts the validity key ciphertext by using the private key of the receiving device to obtain the validity key.
In summary, the first key and the second key in the validity key provided in the embodiment of the present application have a life cycle, and in this life cycle, the sending device does not need to send the validity key to the receiving device, that is, the sending device does not need to encrypt the key by using the asymmetric encryption algorithm in each data transmission, and the use frequency of the asymmetric encryption algorithm is low, thereby reducing the time for the sending device and the receiving device to process data, and improving the data transmission efficiency.
Optionally, in a scenario that the validity key is generated by the third-party device and then respectively distributed to the sending device and the receiving device, when the sending device needs to send data to the receiving device, the sending device may send a key obtaining request to the third-party device, where the key obtaining request may carry the device identifier of the sending device and the device identifier of the receiving device. The third party device generates a validity key based on the device identifier of the sending device, the device identifier of the receiving device, and the random number, and sends the validity key to the sending device, and the sending device performs the above steps 402 to 404 after receiving the validity key, or the third party device may directly distribute the validity key to the sending device and the receiving device. The manner of generating the validity key and the manner of sending the validity key by the third-party device may refer to the above description of the sending device for generating the validity key and sending the validity key, and the embodiments of the present application are not described herein again.
In the embodiment of the application, when sending equipment sends data to receiving equipment, the sending equipment firstly encrypts original data by using a first key in validity keys to obtain encrypted data, then generates a first message authentication code of the encrypted data by using a second key in the validity keys, and finally sends the encrypted data and the first message authentication code to the receiving equipment. After receiving the encrypted data and the first message authentication code, the receiving device may generate a second message authentication code of the encrypted data by using a second key of the validity keys, verify the encrypted data based on the first message authentication code and the second message authentication code, and decrypt the encrypted data by using the first key of the validity keys to obtain the original data in response to the verification of the encrypted data passing.
Because the first key and the second key in the validity keys have life cycles, in the life cycle, the sending device does not need to send the validity keys to the receiving device, namely the sending device does not need to use the asymmetric encryption algorithm encryption keys in each data transmission, in addition, the sending device adopts the message authentication codes to verify the reliability and the integrity of the data, and does not need to sign the encrypted data, so the use frequency of the asymmetric encryption algorithm is lower, the time for the sending device and the receiving device to process the data is reduced, and the data transmission efficiency is improved.
In one implementation, when the sending device performs the first data transmission with the receiving device, the sending device may send the validity key to the receiving device together with the original data, that is: the sending device may first generate an validity key based on the device information of the sending device and the device information of the receiving device, then encrypt the original data with the validity key to obtain ciphertext data, then encrypt the validity key with the public key of the receiving device to obtain a validity key ciphertext, sign the validity key ciphertext with the private key of the sending device to obtain a digital signature for the validity key ciphertext, and finally send the ciphertext data, the validity key ciphertext, and the digital signature for the validity key ciphertext to the receiving device. After receiving the ciphertext data, the validity key ciphertext and the digital signature of the validity key ciphertext from the sending equipment, the receiving equipment firstly verifies the digital signature by using the public key of the sending equipment, decrypts the validity key ciphertext by using the private key of the receiving equipment after the verification is passed to obtain the validity key, and finally verifies and decrypts the encrypted data by using the validity key obtained by decryption to obtain the original data.
In another implementation, the sending device may send the validity key separately from the original data to the receiving device. The sending equipment sends the validity key to the receiving equipment before transmitting data, and then uses the validity key to process the original data and send the processed data to the receiving equipment.
Optionally, fig. 5 is a schematic flowchart of a data transmission method provided in an embodiment of the present application. The method may be applied in a data transmission system as shown in fig. 1. As shown in fig. 5, the method includes:
step 501, the sending device encrypts the original data by using a first key in the validity keys to obtain encrypted data.
Optionally, the sending device encrypts the original data based on the first key using a symmetric encryption algorithm to obtain encrypted data corresponding to the original data. Wherein the original data may be plaintext data.
Step 502, the sending device generates a first message authentication code of the encrypted data using a second key of the validity keys.
Optionally, the sending device calculates the encrypted data based on the second key using an integrity algorithm to obtain a first message authentication code, where the first message authentication code can reflect characteristics of the encrypted data, such as the length and content of the encrypted data. Since the first message authentication code is derived based on the second key and the encrypted data, the first message authentication code calculated when the second key and/or the encrypted data is different is also different.
Step 503, the sending device sends the encrypted data and the first message authentication code to the receiving device.
Alternatively, the sending device may send the first message authentication code and the encrypted data to the receiving device separately, or the sending device may send the first message authentication code to the sending device together after concatenating the encrypted data.
In step 504, the receiving device generates a second message authentication code for the encrypted data using a second key of the validity keys.
Optionally, the receiving device calculates the received encrypted data based on the second key using the same integrity algorithm as the sending device to obtain the second message authentication code.
Step 505, the receiving device verifies the encrypted data based on the first message authentication code and the second message authentication code.
In the embodiment of the present application, since the first message authentication code is calculated based on the second key in the validity key of the sending device and the encrypted data, and the second message authentication code is calculated based on the second key in the validity key of the receiving device and the received encrypted data, it is possible to determine whether the encrypted data sent by the sending device is the same as the encrypted data received by the receiving device by comparing whether the second message authentication code is the same as the first message authentication code. If the second message authentication code is the same as the first message authentication code, the encrypted data sent by the sending device is not tampered in the transmission process, namely the encrypted data is verified to be passed. If the second message authentication code is different from the first message authentication code, the encrypted data received by the receiving device is different from the encrypted data sent by the sending device, namely, the encrypted data sent by the sending device may be tampered in the transmission process or the encrypted data is not sent by the sending device, namely, the encrypted data is verified to fail.
Step 506, in response to the verification of the encrypted data, the receiving device decrypts the encrypted data by using the first key in the validity keys to obtain the original data.
Optionally, after determining that the second message authentication code is the same as the first message authentication code, the receiving device decrypts the encrypted data based on the first key in the validity keys using the same symmetric encryption algorithm as the transmitting device to obtain the original data.
Fig. 6 is a schematic diagram of an implementation process of a data transmission method provided by an embodiment of the present application. As shown in fig. 6, the sending device 101 encrypts original data with a first key to obtain encrypted data, generates a first message authentication code of the encrypted data with a second key, and sends the encrypted data and the first message authentication code to the receiving device 102. After receiving the encrypted data and the first message authentication code from the sending device 101, the receiving device 102 first generates a second message authentication code of the encrypted data by using the second key, then verifies the encrypted data based on the first message authentication code and the second message authentication code, and when the first message authentication code is the same as the second message authentication code (i.e., the verification passes), decrypts the encrypted data by using the first key to obtain the original data.
The sequence of steps of the data transmission method provided by the embodiment of the application can be properly adjusted, and the steps can be correspondingly increased or decreased according to the situation. Any method that can be easily modified by those skilled in the art within the technical scope of the present disclosure is also intended to be covered by the present disclosure.
In summary, in the data transmission method provided in the embodiment of the present application, the sending device first encrypts the original data by using the first key in the validity keys to obtain encrypted data, then generates the first message authentication code of the encrypted data by using the second key in the validity keys, and finally sends the encrypted data and the first message authentication code to the receiving device; after receiving the encrypted data and the first message authentication code, the receiving device generates a second message authentication code of the encrypted data by adopting a second key in the validity keys of the receiving device, verifies the encrypted data based on the first message authentication code and the second message authentication code, and in response to the verification of the encrypted data passing, the receiving device decrypts the encrypted data by adopting the first key in the validity keys of the receiving device to obtain original data. Because the first key and the second key in the validity keys have life cycles, in the life cycle, the sending equipment does not need to send the validity keys to the receiving equipment any more, namely the sending equipment does not need to use the asymmetric encryption algorithm encryption keys in each data transmission, in addition, the message authentication code can be used for the receiving equipment to verify the integrity and reliability of the encrypted data, the sending equipment can realize the safe and complete transmission of the original data to the receiving equipment only by adopting the validity keys without signing the transmitted data, and therefore, the use frequency of the asymmetric encryption algorithm is low, the time for the sending equipment and the receiving equipment to process the data is reduced, the communication time delay is reduced, and the data transmission efficiency is improved.
Fig. 7 is a schematic structural diagram of a sending device according to an embodiment of the present application. As shown in fig. 7, the transmission device 70 includes:
the processing module 701 is configured to encrypt the original data by using a first key in the validity keys to obtain encrypted data.
The processing module 701 is further configured to generate a first message authentication code of the encrypted data by using a second key in the validity key.
A sending module 702, configured to send the encrypted data and the first message authentication code to the receiving device.
Optionally, the validity key has a validity flag indicating the life cycle of the first key and the second key.
Optionally, the processing module 701 is further configured to generate a validity key. The sending module 702 is further configured to send the validity key to the receiving device.
Optionally, the processing module 701 is further configured to generate an original key according to the device information of the sending device and the device information of the receiving device, and generate the first key and the second key based on the original key.
Optionally, the processing module 701 is further configured to encrypt the validity key by using a public key of the receiving device to obtain a validity key ciphertext, and sign the validity key ciphertext by using a private key of the sending device. The sending module 702 is further configured to send the validity key ciphertext and a digital signature of the validity key ciphertext by the sending device to the receiving device.
In summary, in the sending device provided in the embodiment of the present application, the processing module encrypts the original data by using the first key in the validity key to obtain the encrypted data, and generates the first message authentication code of the encrypted data by using the second key in the validity key, and the sending module sends the encrypted data and the first message authentication code to the receiving device. Because the first key and the second key in the validity keys have life cycles, in the life cycle, the sending device does not need to send the validity keys to the receiving device any more, so that the asymmetric encryption algorithm encryption keys do not need to be used in each data transmission, in addition, the message authentication code can be used for the receiving device to verify the integrity and reliability of the encrypted data, and the sending device can realize the safe and complete transmission of the original data to the receiving device and does not need to sign the transmitted data only by adopting the validity keys, so the use frequency of the asymmetric encryption algorithm is lower, the time for the sending device to process the data is reduced, and the data transmission efficiency is improved.
Fig. 8 is a schematic structural diagram of a receiving device according to an embodiment of the present application. As shown in fig. 8, the receiving apparatus 80 includes:
a receiving module 801, configured to receive the encrypted data and the first message authentication code from the sending device.
A processing module 802 for generating a second message authentication code of the encrypted data using a second key of the validity keys.
The processing module 802 is further configured to verify the encrypted data based on the first message authentication code and the second message authentication code, and decrypt the encrypted data by using the first key in the validity keys in response to the verification of the encrypted data, so as to obtain the original data.
Optionally, the validity key has a validity flag indicating the life cycle of the first key and the second key.
Optionally, the receiving module 801 is further configured to receive a validity key ciphertext from the sending device and a digital signature of the validity key ciphertext by the sending device. The processing module 802 is further configured to verify the digital signature by using the public key of the sending device, and decrypt the validity key ciphertext by using the private key of the receiving device in response to the verification of the digital signature passing, so as to obtain the validity key.
In summary, in the receiving device provided in this embodiment of the present application, after the receiving module receives the encrypted data and the first message authentication code, the processing module generates the second message authentication code of the encrypted data by using the second key in the validity key, verifies the encrypted data based on the first message authentication code and the second message authentication code, and decrypts the encrypted data by using the first key in the validity key through the processing module in response to the verification of the encrypted data, so as to obtain the original data. Because the first key and the second key in the validity keys have life cycles, in the life cycle, the receiving device does not need to receive the validity keys from the sending device any more, so that the keys do not need to be decrypted by using an asymmetric encryption algorithm in each data transmission, in addition, the message authentication code can be used for the receiving device to verify the integrity and reliability of the encrypted data, and the receiving device can acquire the original data sent by the sending device only by using the validity keys, so the use frequency of the asymmetric encryption algorithm is lower, the time for the receiving device to process the data is reduced, and the data transmission efficiency is improved.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 9 is a block diagram of a transmitting device according to an embodiment of the present application. As shown in fig. 9, the transmission device 90 includes: a processor 901, a memory 902, and a transceiver 903.
A memory 902 for storing a computer program, the computer program comprising program instructions;
a processor 901 for invoking a computer program for implementing the actions performed by the sending device in the above-described method embodiments.
Optionally, the sending device 90 further comprises a communication bus 904 and a communication interface 905.
The processor 901 includes one or more processing cores, and the processor 901 executes various functional applications and data processing by running a computer program.
The memory 902 may be used to store computer programs. Alternatively, the memory may store an operating system and application program elements required for at least one function. The operating system may be a Real Time eXceptive (RTX) operating system, such as LINUX, UNIX, WINDOWS, or OS X.
The communication interface 905 may be plural, and the communication interface 905 is used for communication with other devices. For example, in an embodiment of the present application, the communication interface 905 may be used to transmit data to a receiving device.
The memory 902 and the communication interface 905 are connected to the processor 901 via a communication bus 904, respectively.
Fig. 10 is a block diagram of a receiving device according to an embodiment of the present application. As shown in fig. 10, the reception apparatus 100 includes: a processor 1001, a memory 1002, and a transceiver 1003.
A memory 1002 for storing a computer program, the computer program comprising program instructions;
the processor 1001 is configured to invoke a computer program to implement the actions performed by the receiving device in the above method embodiments.
Optionally, the receiving device 100 further comprises a communication bus 1004 and a communication interface 1005.
The processor 1001 includes one or more processing cores, and the processor 1001 executes various functional applications and data processing by running a computer program.
The memory 1002 may be used to store computer programs. Alternatively, the memory may store an operating system and application program elements required for at least one function. The operating system may be a Real Time eXceptive (RTX) operating system, such as LINUX, UNIX, WINDOWS, or OS X.
The communication interface 1005 may be plural, and the communication interface 1005 is used for communication with other devices. For example, in an embodiment of the present application, the communication interface 1005 may be used to receive data from a transmitting device.
The memory 1002 and the communication interface 1005 are connected to the processor 1001 via a communication bus 1004.
The embodiment of the application also provides a data transmission system, which comprises the sending equipment and the receiving equipment. The transmitting device may be the transmitting device shown in fig. 7 or the transmitting device shown in fig. 9, and the receiving device may be the receiving device shown in fig. 8 or the receiving device shown in fig. 10.
Embodiments of the present application further provide a computer storage medium, where instructions are stored on the computer storage medium, and when the instructions are executed by a processor of a computer device, the actions performed by a sending device in the foregoing method embodiments are implemented, or the actions performed by a receiving device in the foregoing method embodiments are implemented.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, where the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk.
In the embodiments of the present application, the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The term "and/or" in this application is only one kind of association relationship describing the association object, and means that there may be three kinds of relationships, for example, a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The present application is intended to cover various modifications, equivalents, improvements, and equivalents of the embodiments described above, which may fall within the spirit and scope of the present application.

Claims (20)

1. A method of data transmission, the method comprising:
the sending equipment encrypts the original data by adopting a first key in the validity keys to obtain encrypted data;
the sending equipment generates a message authentication code of the encrypted data by adopting a second key in the validity keys;
the transmitting device transmits the encrypted data and the message authentication code to a receiving device.
2. The method of claim 1, wherein the validity key has a validity flag indicating a life cycle of the first key and the second key.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
the sending device generates the validity key;
the transmitting device transmits the validity key to the receiving device.
4. The method of claim 3, wherein the sending device generating the validity key comprises:
the sending equipment generates an original key according to the equipment information of the sending equipment and the equipment information of the receiving equipment;
the sending device generates the first key and the second key based on the original key.
5. The method of claim 3 or 4, wherein before the sending device sends the validity key to the receiving device, the method further comprises:
the sending equipment encrypts the validity key by adopting the public key of the receiving equipment to obtain a validity key ciphertext;
the sending equipment signs the validity key ciphertext by adopting a private key of the sending equipment;
the sending device sending the validity key to the receiving device, including:
and the sending equipment sends the validity key ciphertext and the digital signature of the validity key ciphertext by the sending equipment to the receiving equipment.
6. A method of data transmission, the method comprising:
the receiving equipment receives the encrypted data and the first message authentication code from the sending equipment;
the receiving equipment generates a second message authentication code of the encrypted data by adopting a second key in the validity keys;
the receiving device verifying the encrypted data based on the first message authentication code and the second message authentication code;
and in response to the verification of the encrypted data, the receiving equipment decrypts the encrypted data by adopting a first key in the validity keys to obtain original data.
7. The method of claim 6, wherein the validity key has a validity flag indicating a life cycle of the first key and the second key.
8. The method according to claim 6 or 7, characterized in that the method further comprises:
the receiving device receives the validity key ciphertext from the sending device and the digital signature of the validity key ciphertext by the sending device;
the receiving device verifies the digital signature by adopting the public key of the sending device;
and in response to the verification of the digital signature passing, the receiving equipment decrypts the validity key ciphertext by adopting a private key of the receiving equipment to obtain the validity key.
9. A transmitting device, comprising:
the processing module is used for encrypting the original data by adopting a first key in the validity keys to obtain encrypted data;
the processing module is used for generating a message authentication code of the encrypted data by adopting a second key in the validity keys;
and the sending module is used for sending the encrypted data and the message authentication code to receiving equipment.
10. The transmitting device of claim 9, wherein the validity key has a validity flag indicating a lifetime of the first key and the second key.
11. The transmitting device according to claim 9 or 10,
the processing module is further configured to generate the validity key;
the sending module is further configured to send the validity key to the receiving device.
12. The transmitting device of claim 11, wherein the processing module is further configured to:
generating an original key according to the equipment information of the sending equipment and the equipment information of the receiving equipment;
generating the first key and the second key based on the original key.
13. The transmitting device according to claim 11 or 12,
the processing module is further configured to encrypt the validity key by using the public key of the receiving device to obtain a validity key ciphertext, and sign the validity key ciphertext by using the private key of the sending device;
the sending module is further configured to send the validity key ciphertext and a digital signature of the validity key ciphertext by the sending device to the receiving device.
14. A receiving device, comprising:
a receiving module for receiving the encrypted data and the first message authentication code from the transmitting device;
the processing module is used for generating a second message authentication code of the encrypted data by adopting a second key in the validity keys;
the processing module is further configured to verify the encrypted data based on the first message authentication code and the second message authentication code, and decrypt the encrypted data by using a first key of the validity keys in response to the encrypted data passing verification to obtain original data.
15. The receiving device of claim 14, wherein the validity key has a validity flag indicating a life cycle of the first key and the second key.
16. The receiving device according to claim 14 or 15,
the receiving module is further configured to receive a validity key ciphertext from the sending device and a digital signature of the validity key ciphertext by the sending device;
the processing module is further configured to verify the digital signature with the public key of the sending device, and decrypt the validity key ciphertext with the private key of the receiving device in response to the verification of the digital signature passing, so as to obtain the validity key.
17. A transmitting device, comprising: a processor, a memory, and a transceiver;
the memory for storing a computer program, the computer program comprising program instructions;
the processor is configured to invoke the computer program to implement the data transmission method according to any one of claims 1 to 5 in cooperation with the transceiver.
18. A receiving device, comprising: a processor, a memory, and a transceiver;
the memory for storing a computer program, the computer program comprising program instructions;
the processor is configured to invoke the computer program to implement the data transmission method according to any one of claims 6 to 8 in cooperation with the transceiver.
19. A data transmission system, comprising: a transmitting device comprising a transmitting device according to any one of claims 9 to 13 or a transmitting device according to claim 17, and a receiving device comprising a receiving device according to any one of claims 14 to 16 or a receiving device according to claim 18.
20. A computer storage medium having stored thereon instructions which, when executed by a processor, carry out a data transmission method according to any one of claims 1 to 5, or carry out a data transmission method according to any one of claims 6 to 8.
CN202011358984.2A 2020-11-27 2020-11-27 Data transmission method, device and system and computer storage medium Pending CN114567452A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011358984.2A CN114567452A (en) 2020-11-27 2020-11-27 Data transmission method, device and system and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011358984.2A CN114567452A (en) 2020-11-27 2020-11-27 Data transmission method, device and system and computer storage medium

Publications (1)

Publication Number Publication Date
CN114567452A true CN114567452A (en) 2022-05-31

Family

ID=81712337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011358984.2A Pending CN114567452A (en) 2020-11-27 2020-11-27 Data transmission method, device and system and computer storage medium

Country Status (1)

Country Link
CN (1) CN114567452A (en)

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
US10785019B2 (en) Data transmission method and apparatus
US10057071B2 (en) Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
EP3318043A1 (en) Mutual authentication of confidential communication
EP0661845B1 (en) System and method for message authentication in a non-malleable public-key cryptosystem
GB2401293A (en) Secure data transmission links
JP2005515701A6 (en) Data transmission link
JP2005515701A (en) Data transmission link
CN111614621B (en) Internet of things communication method and system
CN112702318A (en) Communication encryption method, decryption method, client and server
CN111914291A (en) Message processing method, device, equipment and storage medium
CN104836784A (en) Information processing method, client, and server
US20200351100A1 (en) Cryptographic method for verifying data
CN115580396B (en) Tight trace query system and method
CN112383395A (en) Key agreement method and device
KR102008670B1 (en) Apparatus of monitoring multicast group
CN112367165A (en) Serial port communication method and device, electronic equipment and computer readable medium
CN114142995B (en) Key security distribution method and device for block chain relay communication network
US11088835B1 (en) Cryptographic module to generate cryptographic keys from cryptographic key parts
WO2021109817A1 (en) Key update method, data decryption method, and digital signature authentication method
CN114928503B (en) Method for realizing secure channel and data transmission method
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN114567452A (en) Data transmission method, device and system and computer storage medium
CN110572257B (en) Identity-based data source identification method and system
CN113784342A (en) Encryption communication method and system based on Internet of things terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination