CN114785528B - Data transmission encryption method, system, equipment and storage medium - Google Patents

Data transmission encryption method, system, equipment and storage medium Download PDF

Info

Publication number
CN114785528B
CN114785528B CN202210694164.3A CN202210694164A CN114785528B CN 114785528 B CN114785528 B CN 114785528B CN 202210694164 A CN202210694164 A CN 202210694164A CN 114785528 B CN114785528 B CN 114785528B
Authority
CN
China
Prior art keywords
encryption
coordinate
matrix
encrypted
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210694164.3A
Other languages
Chinese (zh)
Other versions
CN114785528A (en
Inventor
宋昆鸿
李能
唐盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Livefan Information Technology Co ltd
Original Assignee
Livefan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Livefan Information Technology Co ltd filed Critical Livefan Information Technology Co ltd
Priority to CN202210694164.3A priority Critical patent/CN114785528B/en
Publication of CN114785528A publication Critical patent/CN114785528A/en
Application granted granted Critical
Publication of CN114785528B publication Critical patent/CN114785528B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention relates to the field of data encryption, and discloses an encryption method, a system, equipment and a storage medium for data transmission. The method comprises the following steps: the client system restores the encryption matrix according to the preset restoration matrix to obtain a parameter matrix, and writes the parameter matrix into a preset curve frame to generate an encryption curve; capturing coordinate data on the encryption curve randomly to generate a second encryption coordinate; according to the encryption curve, carrying out slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate; packaging transmission data corresponding to the transmission instruction; the server system receives the encrypted transmission data, reads a third encrypted coordinate in the encrypted transmission data, and carries out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate; judging whether the decryption coordinates are on the decryption curve; and taking the decrypted coordinates as a secret key, and extracting the encrypted transmission data to obtain the transmission data.

Description

Data transmission encryption method, system, equipment and storage medium
Technical Field
The present invention relates to the field of data encryption, and in particular, to an encryption method, system, device and storage medium for data transmission.
Background
In the field of network security, enterprises consider that network security is the core technology of the enterprises, confidential information is protected, and personal users want personal privacy to be protected when the personal privacy is transmitted on the network; the network provider not only needs to care about the network data security, but also needs to deal with the threat brought by other unexpected events to the network, thereby really ensuring the network data security. Related technologies and theories relating to confidentiality, integrity, availability, authenticity, repudiation resistance and controllability of information on a network are all fields to be researched by network security.
There are also many similar technologies on the market today to protect network data security, such as: 1. backing up data; 2. an RSA encryption method; 3. and verifying interface data. However, these techniques are relatively simple, and although data can be effectively protected, the operation is troublesome and the confidentiality is not good, so a technique is needed to solve the technical problem of insufficient confidentiality of the current network encryption scheme.
Disclosure of Invention
The invention mainly aims to solve the technical problem of insufficient confidentiality of the current network encryption scheme.
The first aspect of the present invention provides an encryption method for data transmission, which is applied to an encryption system for data transmission, and the encryption system for data transmission includes: the encryption method for data transmission comprises the following steps:
the client system sends login information to the server system;
the server system receives the login information, and inquires a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate;
sending the encryption matrix and the first encrypted coordinates to the client system;
the client system receives the encryption matrix and the first encryption coordinate, restores the encryption matrix according to a preset restoration matrix to obtain a parameter matrix, and writes the parameter matrix into a preset curve frame to generate an encryption curve;
receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate;
according to the encryption curve, performing slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate;
setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to the server system;
the server system receives the encrypted transmission data, reads a third encrypted coordinate in the encrypted transmission data, and carries out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate;
judging whether the decryption coordinates are on the decryption curve;
and if the encrypted transmission data is on the decryption curve, extracting the encrypted transmission data by taking the decryption coordinates as a secret key to obtain the transmission data.
Optionally, in a first implementation manner of the first aspect of the present invention, the performing slope superposition processing on the first encryption coordinate and the second encryption coordinate according to the encryption curve to obtain a third encryption coordinate includes:
judging whether the first encryption coordinate is consistent with the second encryption coordinate;
if the first encryption coordinate is consistent with the second encryption coordinate, substituting the first encryption coordinate into a preset slope equation to obtain slope data;
if not, calculating based on the first encryption coordinate and the second encryption coordinate to obtain slope data;
and substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate.
Optionally, in a second implementation manner of the first aspect of the present invention, the encryption curve includes: y is 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is a modulus function, X is an abscissa, and Y is an ordinate, and substituting the first encrypted coordinate into a preset slope equation to obtain slope data includes:
will Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Performing partial derivation to obtain 2Y x k =3a 1 X 2 +a 2 mod a 4 Wherein k is a slope;
substituting the first encrypted coordinates into 2y × k =3a 1 X 2 +a 2 mod a 4 And obtaining slope data.
Optionally, in a third implementation manner of the first aspect of the present invention, the first encrypted coordinate is (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) Substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate comprises:
will (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Substitution of x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 2 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) Wherein x is 3 Is the abscissa, y, of the third encrypted coordinate 3 Is the third encryption ordinate, k is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Slope of the line, (x) 3 ,y 3 ) Is the third encrypted coordinate.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the performing a reduction process on the encryption matrix according to a preset reduction matrix to obtain a parameter matrix includes:
calculating an inverse matrix corresponding to the reduction matrix to obtain a reduction inverse matrix;
and performing product processing on the reduction inverse matrix and the encryption matrix to obtain a parameter matrix.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the writing the parameter matrix into a preset curve framework, and generating an encryption curve includes:
and writing the elements of the parameter matrix into a preset curve frame in sequence to generate an encryption curve.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the querying a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate includes:
reading a client equipment code in the login information;
and inquiring a preset encryption information table according to the client equipment code to obtain an encryption matrix and a first encryption coordinate.
A second aspect of the present invention provides an encryption system for data transmission, comprising: a client system, a server system;
the client system is used for sending login information to the server system;
the server system is used for receiving the login information, inquiring a preset encryption information table according to the login information, and obtaining an encryption matrix and a first encryption coordinate; sending the encryption matrix and the first encrypted coordinates to the client system;
the client system is used for receiving the encryption matrix and the first encryption coordinate, restoring the encryption matrix according to a preset restoring matrix to obtain a parameter matrix, and writing the parameter matrix into a preset curve frame to generate an encryption curve; receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate; according to the encryption curve, performing slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate; setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to the server system;
the server system is used for receiving the encrypted transmission data, reading a third encrypted coordinate in the encrypted transmission data, and carrying out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate; judging whether the decryption coordinates are on the decryption curve; and if the encrypted transmission data is on the decryption curve, extracting the encrypted transmission data by taking the decryption coordinates as a secret key to obtain the transmission data.
A third aspect of the present invention provides an encryption device for data transmission, including: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line; the at least one processor invokes the instructions in the memory to cause the data transfer encryption device to perform the data transfer encryption method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute the above-described encryption method for data transmission.
In the embodiment of the invention, the geometric attribute of the two-dimensional curve is used, so that the encryption scheme is more difficult to crack than the common one-dimensional RSA, the data volume is smaller in the data processing process, the password verification result can be obtained more quickly, and the conventional brute force cracking cannot be successful because the matrix product is adopted to hide parameters in the operation encryption process, so that the confidentiality of the network encryption scheme is improved.
Drawings
Fig. 1 is a schematic diagram of an embodiment of an encryption method for data transmission according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an embodiment of an encryption system for data transmission according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an embodiment of an encryption device for data transmission in the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an encryption method, a system, equipment and a storage medium for data transmission.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a detailed flow of an embodiment of the present invention is described below, and referring to fig. 1, an embodiment of an encryption method for data transmission in an embodiment of the present invention is an encryption system for data transmission, where the encryption system for data transmission includes: the encryption method for data transmission comprises the following steps:
101. the client system sends login information to the server system;
102. the server system receives the login information, and inquires a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate;
in the steps 101-102, the client system has a plurality of clients, the login information sent by different clients has different device codes, and based on the uniqueness of the device codes, the data in the encryption information table registered in advance is searched and matched to find the encryption matrix and the first encryption coordinates corresponding to the device codes.
Further, "according to the login information, querying a preset encryption information table to obtain an encryption matrix and a first encryption coordinate" may perform the following steps:
1021. reading a client equipment code in the login information;
1022. and inquiring a preset encryption information table according to the client equipment code to obtain an encryption matrix and a first encryption coordinate.
At steps 1021-1022, the client device code of each client is different, and the client device code has been previously registered in the encryption information table, and the encryption matrix and the first encryption coordinate are different for each device, so that the processing can be performed such that the algorithms of different devices are substantially different and the algorithm of each device is unique.
103. Sending the encryption matrix and the first encryption coordinates to the client system;
104. the client system receives the encryption matrix and the first encryption coordinate, restores the encryption matrix according to a preset restoration matrix to obtain a parameter matrix, and writes the parameter matrix into a preset curve frame to generate an encryption curve;
in steps 103-104, the encryption matrix and the first encryption coordinate are the basis of client encryption, and the encryption matrix a has specific parameter information, but the parameter information cannot be extracted in a conventional manner. According to matrix operation logic of A = B × C, reducing the matrix to C, and then reducing the inverse matrix C of the matrix to obtain the parameter matrix B -1 Find, then B = C -1 * A can know the parameter matrix, where B has a shape and size of 4*1, i.e. [ a ] 1 ,a 2 ,a 3 ,a 4 ]Therefore, in this form, the encryption matrix is 1*4, and the inverse matrix C of the matrix is restored -1 The shape is 4*4, and the matrix process is obtained by reversely disassembling the parameter matrix B. [ a ] A 1 ,a 2 ,a 3 ,a 4 ]Filling in to Y 2 =()X 3 The curve frame of + () X + () mod () obtains an encryption curve Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is the modulus function, X is the abscissa and Y is the ordinate.
Further, "restore the encryption matrix according to the preset restoration matrix to obtain the parameter matrix" may perform the following steps:
1041. calculating an inverse matrix corresponding to the reduction matrix to obtain a reduction inverse matrix;
1042. and performing product processing on the reduction inverse matrix and the encryption matrix to obtain a parameter matrix.
In 1041-1042 step, according to A = B CMatrix operation logic, reducing the matrix to C, and in order to obtain parameter matrix B, reducing the inverse matrix C of the matrix -1 Then, B = C -1 * A can know the parameter matrix, where B has a shape and size of 4*1, i.e. [ a ] 1 ,a 2 ,a 3 ,a 4 ]Therefore, in this form, the encryption matrix is 1*4, and the inverse matrix C of the matrix is restored -1 The shape is 4*4, where these matrix processes are derived from inverse decomposition of the parameter matrix B.
Further, "writing the parameter matrix into a preset curve framework to generate an encryption curve" may perform the following steps:
1043. and writing the elements of the parameter matrix into a preset curve frame in sequence to generate an encryption curve.
In step 1043, the parameter matrix is [1,4,3,4 ]]Sequentially filled in to Y 2 =()X 3 Positive (+) X + () mod () with mod being a modulo function, X being the abscissa and Y being the ordinate, to obtain an encryption curve Y 2 =X 3 +4X +3 mod 4, and the first encrypted coordinate is on the encrypted curve, and the first encrypted coordinate is also left as a key in the server system for subsequent reverse unlocking.
105. Receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate;
106. according to the encryption curve, carrying out slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate;
in steps 105-106, the user gives a transmission instruction at the client, and triggers the encryption curve Y 2 =X 3 +4X +3 mod 4 randomly grabs a coordinate, and if the grabbing coordinate is (2,3) 1/2 ) And the second encryption coordinate is (2,3) 1/2 ) If the first encryption coordinate is (1,0), the third encryption coordinate may be calculated.
Because (1,0) and (2,3) 1/2 ) The coordinates of the two are different, so the first encryption coordinate is assumed to be (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) The third encrypted coordinate is (x) 3 ,y 3 )。
Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is the modulo function, X is the abscissa and Y is the ordinate, then the following equation exists:
y 1 2 =a 1 x 1 3 +a 2 x 1 +a 3 mod a 4
y 2 2 =a 1 x 2 3 +a 2 x 2 +a 3 mod a 4
y 3 2 =a 1 x 3 3 +a 2 x 3 +a 3 mod a 4
at k = (y) 1 -y 2 )/(x 1 -x 2 )mod a 4 Is converted into x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 2 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) K is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The slope of the line.
It can be known that x 3 =0,y 3 =3 1/2 To obtain the third encrypted coordinates (0,3) 1/2 )。
Further, in 106, the following steps may be performed:
1061. judging whether the first encryption coordinate is consistent with the second encryption coordinate;
1062. if the first encryption coordinate is consistent with the preset slope equation, substituting the first encryption coordinate into the preset slope equation to obtain slope data;
1063. if not, calculating based on the first encryption coordinate and the second encryption coordinate to obtain slope data;
1064. and substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate.
In steps 1061-1064, it is analyzed whether the first encryption coordinate is consistent with the second encryption coordinate, because if they are consistent, the slope calculation process is affected, after the calculation of different slopes, the slope is substituted into x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 2 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 )。
Further, the encryption curve includes: y is 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is the modulo function, X is the abscissa and Y is the ordinate, 1062 may perform the following steps:
10621. will Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Performing partial derivation to obtain 2Y x k =3a 1 X 2 +a 2 mod a 4 Wherein k is a slope;
10622. substituting the first encrypted coordinate into 2y × k =3a 1 X 2 +a 2 mod a 4 And obtaining slope data.
In steps 10621-10622, the first encryption coordinate is (2,3) 1/2 ) And the second encryption coordinate is (2,3) 1/2 ) Then the slope at the first encryption coordinate may be processed by derivation to yield 2y × k =3a 1 X 2 +a 2 mod a 4 Where k is the slope, then (2,3) 1/2 ) Substituted into 2y × k =3a 1 X 2 +a 2 mod a 4 And (5) obtaining the slope state.
Further, the first encryption coordinate is (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) In 1064, the following steps may be performed:
10641. will (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Substitution into x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 3 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) Wherein x is 3 Is the abscissa, y, of the third encrypted coordinate 3 Is the third encryption ordinate, k is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The slope of the straight line is the third encrypted coordinate.
In the 10641 step, there is the following equation:
y 1 2 =a 1 x 1 3 +a 2 x 1 +a 3 mod a 4 (1)
y 2 2 =a 1 x 2 3 +a 2 x 2 +a 3 mod a 4 (2)
y 3 2 =a 1 x 3 3 +a 2 x 3 +a 3 mod a 4 (3)
x can be directly deduced from ((1) - (3)) - ((2) - (3)) 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And then the third encryption coordinate can be calculated directly from the first encryption coordinate and the second encryption coordinate, where (x) is defaulted 1 ,y 1 )、(x 2 ,y 2 ) Straight line and (x 3, y) 3 )、(x 2 ,y 2 ) The straight line is symmetrical based on the X axis.
107. Setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to a server system;
108. the server system receives the encrypted transmission data, reads a third encrypted coordinate in the encrypted transmission data, and carries out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate;
in steps 107-108, the second encryption coordinates are randomly generated and can be used to verify that the information is accurately encapsulated as a key in the encrypted transmission. And the third encrypted coordinate is calculated as a plain code or a verification signature, which is verified in the server system. The specific checking process is a process of calculating the third encryption coordinate and the originally sent first encryption coordinate again to obtain the decryption coordinate, wherein the substituted algorithm is consistent with the client encryption process, the packaging form is similar to the encryption compression of the common compressed file, and the description is omitted here.
109. Judging whether the decryption coordinates are on the decryption curve;
110. and if the encrypted transmission data is on the decryption curve, extracting the encrypted transmission data by taking the decryption coordinates as a secret key to obtain the transmission data.
In steps 109-110, if the decryption coordinate is on the decryption curve, it can be said that the decryption coordinate is accurate, but if the decryption coordinate is not on the decryption curve, it is said that the third encryption coordinate is already wrong, and the data source is not a legitimate client and is not extracted.
And when the decryption coordinates are on the decryption curve, the decryption coordinates are compared with second encryption coordinates in the encrypted transmission data as the secret key, and then the transmission data are extracted to realize encrypted transmission.
In the embodiment of the invention, the geometric attribute of the two-dimensional curve is used, so that the encryption scheme is more difficult to crack than the common one-dimensional RSA, the data volume is smaller in the data processing process, the password verification result can be obtained more quickly, and the conventional brute force cracking cannot be successful because the matrix product is adopted to hide parameters in the operation encryption process, so that the confidentiality of the network encryption scheme is improved.
With reference to fig. 2, the encryption method for data transmission in the embodiment of the present invention is described above, and an encryption system for data transmission in the embodiment of the present invention is described below, where the encryption system for data transmission in the embodiment of the present invention includes:
a client system 201, a server system 202;
the client system 201 is configured to send login information to the server system;
the server system 202 is configured to receive the login information, and query a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate; sending the encryption matrix and the first encrypted coordinates to the client system;
the client system 201 is configured to receive the encryption matrix and the first encryption coordinate, perform reduction processing on the encryption matrix according to a preset reduction matrix to obtain a parameter matrix, and write the parameter matrix into a preset curve frame to generate an encryption curve; receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate; according to the encryption curve, performing slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate; setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to the server system;
the server system 202 is configured to receive the encrypted transmission data, read a third encrypted coordinate in the encrypted transmission data, and perform coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate; judging whether the decryption coordinates are on the decryption curve; and if the encrypted transmission data is on the decryption curve, taking the decryption coordinates as a secret key, and extracting the encrypted transmission data to obtain the transmission data.
Wherein the client system 201 is specifically configured to:
judging whether the first encryption coordinate is consistent with the second encryption coordinate;
if the first encryption coordinate is consistent with the second encryption coordinate, substituting the first encryption coordinate into a preset slope equation to obtain slope data;
if not, calculating based on the first encryption coordinate and the second encryption coordinate to obtain slope data;
and substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate.
Wherein the encryption curve comprises: y is 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is a modulus function, X is an abscissa, and Y is an ordinate, the client system 201 is further specifically configured to:
will Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Performing partial derivation to obtain 2Y x k =3a 1 X 2 +a 2 mod a 4 Wherein k is a slope;
substituting the first encrypted coordinates into 2Y x k =3a 1 X 2 +a 2 mod a 4 And obtaining slope data.
Wherein the first encryption coordinate is (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) The client system 201 is further specifically configured to:
will (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Substitution of x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 3 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) Wherein x is 3 Is the abscissa, y, of the third encrypted coordinate 3 Is the third encryption ordinate, k is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The slope of the line is the third encrypted coordinate.
Wherein, the client system 201 is further specifically configured to:
calculating an inverse matrix corresponding to the reduction matrix to obtain a reduction inverse matrix;
and performing product processing on the reduction inverse matrix and the encryption matrix to obtain a parameter matrix.
Wherein, the client system 201 is further specifically configured to:
and writing the elements of the parameter matrix into a preset curve frame in sequence to generate an encryption curve.
Wherein the server system 202 is specifically configured for
Reading a client equipment code in the login information;
and inquiring a preset encryption information table according to the client equipment code to obtain an encryption matrix and a first encryption coordinate.
In the embodiment of the invention, the geometric attribute of the two-dimensional curve is used, so that the encryption scheme is more difficult to crack than the common one-dimensional RSA, the data volume is smaller in the data processing process, the password verification result can be obtained more quickly, and the conventional brute force cracking cannot be successful because the matrix product is adopted to hide parameters in the operation encryption process, so that the confidentiality of the network encryption scheme is improved.
Fig. 2 describes the encryption system for data transmission in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the encryption device for data transmission in the embodiment of the present invention in detail from the perspective of hardware processing.
Fig. 3 is a schematic structural diagram of an encryption device for data transmission according to an embodiment of the present invention, where the encryption device 300 for data transmission may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 310 (e.g., one or more processors) and a memory 320, and one or more storage media 330 (e.g., one or more mass storage devices) storing applications 333 or data 332. Memory 320 and storage media 330 may be, among other things, transient or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instruction operations in the encryption device 300 for data transmission. Further, the processor 310 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the encryption device 300 for data transmission.
The data transmission-based encryption device 300 may also include one or more power supplies 340, one or more wired or wireless network interfaces 350, one or more input-output interfaces 360, and/or one or more operating systems 331, such as Windows Server, mac OS X, unix, linux, freeBSD, and the like. Those skilled in the art will appreciate that the data transfer-based encryption device configuration shown in fig. 3 does not constitute a limitation of data transfer-based encryption devices, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the encryption method for data transmission.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described system or system and unit may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (5)

1. An encryption method for data transmission, which is applied to an encryption system for data transmission, and the encryption system for data transmission comprises: the data transmission encryption method comprises the following steps:
the client system sends login information to the server system;
the server system receives the login information, and inquires a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate;
sending the encryption matrix and the first encrypted coordinates to the client system;
the client system receives the encryption matrix and the first encryption coordinate, restores the encryption matrix according to a preset restoration matrix to obtain a parameter matrix, and writes the parameter matrix into a preset curve frame to generate an encryption curve;
receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate;
according to the encryption curve, performing slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate;
setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to the server system;
the server system receives the encrypted transmission data, reads a third encrypted coordinate in the encrypted transmission data, and carries out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate;
judging whether the decryption coordinates are on the decryption curve;
if the encrypted transmission data is on the decryption curve, extracting the encrypted transmission data by taking the decryption coordinates as a secret key to obtain transmission data;
wherein, the performing slope superposition processing on the first encryption coordinate and the second encryption coordinate according to the encryption curve to obtain a third encryption coordinate comprises:
judging whether the first encryption coordinate is consistent with the second encryption coordinate;
if the first encryption coordinate is consistent with the second encryption coordinate, substituting the first encryption coordinate into a preset slope equation to obtain slope data;
if not, calculating based on the first encryption coordinate and the second encryption coordinate to obtain slope data;
substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate;
wherein the encryption curve comprises: y is 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is a modulus function, X is an abscissa, and Y is an ordinate, and substituting the first encrypted coordinate into a preset slope equation to obtain slope data includes:
will Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Performing partial derivation treatment to obtain 2Y x k =3a 1 X 2 +a 2 mod a 4 Wherein k is the slope;
substituting the first encrypted coordinates into 2y × k =3a 1 X 2 +a 2 mod a 4 Obtaining slope data;
wherein the first encryption coordinate is (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) Substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate comprises:
will (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Substitution of x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 3 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) Wherein x is 3 Is the abscissa, y, of the third encrypted coordinate 3 Is the third encryption ordinate, k is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The slope of the straight line is the third encryption coordinate;
the restoring the encryption matrix according to a preset restoring matrix to obtain a parameter matrix comprises the following steps:
calculating an inverse matrix corresponding to the reduction matrix to obtain a reduction inverse matrix;
performing product processing on the reduction inverse matrix and the encryption matrix to obtain a parameter matrix;
writing the parameter matrix into a preset curve framework, and generating an encryption curve comprises:
and writing the elements of the parameter matrix into a preset curve frame in sequence to generate an encryption curve.
2. The method for encrypting data transmission according to claim 1, wherein the querying a preset encryption information table according to the login information to obtain an encryption matrix and a first encryption coordinate comprises:
reading a client equipment code in the login information;
and inquiring a preset encryption information table according to the client equipment code to obtain an encryption matrix and a first encryption coordinate.
3. An encryption system for data transmission, the encryption system for data transmission comprising: a client system, a server system;
the client system is used for sending login information to the server system;
the server system is used for receiving the login information, inquiring a preset encryption information table according to the login information, and obtaining an encryption matrix and a first encryption coordinate; sending the encryption matrix and the first encrypted coordinates to the client system;
the client system is used for receiving the encryption matrix and the first encryption coordinate, restoring the encryption matrix according to a preset restoring matrix to obtain a parameter matrix, and writing the parameter matrix into a preset curve frame to generate an encryption curve; receiving a transmission instruction of a user, and randomly capturing coordinate data on the encryption curve to generate a second encryption coordinate; according to the encryption curve, performing slope superposition processing on the first encryption coordinate and the second encryption coordinate to obtain a third encryption coordinate; setting the second encryption coordinate as a verification secret key, setting the third encryption coordinate as a verification signature, packaging transmission data corresponding to the transmission instruction to obtain encrypted transmission data, and sending the encrypted transmission data to the server system;
the server system is used for receiving the encrypted transmission data, reading a third encrypted coordinate in the encrypted transmission data, and carrying out coordinate decryption processing on the third encrypted coordinate according to the first encrypted coordinate and a preset decryption curve to obtain a decrypted coordinate; judging whether the decryption coordinates are on the decryption curve; if the encrypted transmission data is on the decryption curve, extracting the encrypted transmission data by taking the decryption coordinates as a secret key to obtain transmission data;
wherein the client system is specifically configured to:
judging whether the first encryption coordinate is consistent with the second encryption coordinate;
if the first encryption coordinate is consistent with the second encryption coordinate, substituting the first encryption coordinate into a preset slope equation to obtain slope data;
if not, calculating based on the first encryption coordinate and the second encryption coordinate to obtain slope data;
substituting the slope data, the first encryption coordinate and the second encryption coordinate into a preset decryption equation set to obtain a third encryption coordinate;
wherein the encryption curve comprises: y is 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Wherein a is 1 、a 2 、a 3 、a 4 For the elements of the parameter matrix, mod is a modulo function, X is the abscissa and Y is the ordinate, the client system is further specifically configured to:
will Y 2 =a 1 X 3 +a 2 X+a 3 mod a 4 Performing partial derivation to obtain 2Y x k =3a 1 X 2 +a 2 mod a 4 Wherein k is a slope;
substituting the first encrypted coordinates into 2Y x k =3a 1 X 2 +a 2 mod a 4 Obtaining slope data;
wherein the first encryption coordinate is (x) 1 ,y 1 ) The second encrypted coordinate is (x) 2 ,y 2 ) The client system is further specifically configured to:
will (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Substitution of x 3 =k 2 -a 1 x 1 -a 1 x 2 mod a 4 And y 3 =k(x 1 -x 3 )-y 1 mod a 4 Obtaining (x) 3 ,y 3 ) Wherein x is 3 Is the abscissa, y, of the third encrypted coordinate 3 Is the third encryption ordinate, k is over (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The slope of the line is thirdEncrypting the coordinates;
wherein the client system is further specifically configured to:
calculating an inverse matrix corresponding to the reduction matrix to obtain a reduction inverse matrix;
performing product processing on the reduction inverse matrix and the encryption matrix to obtain a parameter matrix;
wherein the client system is further specifically configured to:
and writing the elements of the parameter matrix into a preset curve frame in sequence to generate an encryption curve.
4. An encryption device for data transmission, characterized in that the encryption device for data transmission comprises: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line;
the at least one processor invoking the instructions in the memory to cause the data transfer encryption device to perform the data transfer encryption method of any of claims 1-2.
5. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of encrypting a data transmission according to any one of claims 1-2.
CN202210694164.3A 2022-06-20 2022-06-20 Data transmission encryption method, system, equipment and storage medium Active CN114785528B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210694164.3A CN114785528B (en) 2022-06-20 2022-06-20 Data transmission encryption method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210694164.3A CN114785528B (en) 2022-06-20 2022-06-20 Data transmission encryption method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114785528A CN114785528A (en) 2022-07-22
CN114785528B true CN114785528B (en) 2022-10-14

Family

ID=82421485

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210694164.3A Active CN114785528B (en) 2022-06-20 2022-06-20 Data transmission encryption method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114785528B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814838A (en) * 2019-03-28 2019-05-28 贵州华芯通半导体技术有限公司 Obtain method, hardware device and the system of the intermediate result group in encryption and decryption operation
CN111199036A (en) * 2020-01-06 2020-05-26 北京三快在线科技有限公司 Identity verification method, device and system
CN112738051A (en) * 2020-12-24 2021-04-30 深圳赛安特技术服务有限公司 Data information encryption method, system and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2334008A1 (en) * 2009-12-10 2011-06-15 Tata Consultancy Services Limited A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
DE102016002549A1 (en) * 2016-01-18 2017-07-20 Roland Harras Method for the multi-layered protection of (login) data, in particular passwords
EP3709561A1 (en) * 2019-03-14 2020-09-16 Thales Dis France SA Method for generating a digital signature of an input message

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109814838A (en) * 2019-03-28 2019-05-28 贵州华芯通半导体技术有限公司 Obtain method, hardware device and the system of the intermediate result group in encryption and decryption operation
CN111199036A (en) * 2020-01-06 2020-05-26 北京三快在线科技有限公司 Identity verification method, device and system
CN112738051A (en) * 2020-12-24 2021-04-30 深圳赛安特技术服务有限公司 Data information encryption method, system and computer readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于ARM的视频加密传输系统的研究与设计;王浩;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110415;正文第四章 *
面向物联网的消息队列传输协议安全性的研究;陈洪波;《中国优秀硕士学位论文全文数据库 信息科技辑》;20211215;正文第二章 *

Also Published As

Publication number Publication date
CN114785528A (en) 2022-07-22

Similar Documents

Publication Publication Date Title
Bhardwaj et al. Security algorithms for cloud computing
CN108155994B (en) Secure outsourcing calculation method applied to RSA decryption
CN109981285B (en) Password protection method, password verification method and system
CN110661748B (en) Log encryption method, log decryption method and log encryption device
JP2010514000A (en) Method for securely storing program state data in an electronic device
CN110868291B (en) Data encryption transmission method, device, system and storage medium
WO2020020127A1 (en) Private key storage and reading method and apparatus, and hardware device
CN105468940A (en) Software protection method and apparatus
CN115422570B (en) Data processing method and system for distributed storage
CN111131282A (en) Request encryption method and device, electronic equipment and storage medium
CN114244508A (en) Data encryption method, device, equipment and storage medium
CN114785528B (en) Data transmission encryption method, system, equipment and storage medium
CN115809459B (en) Data protection and decryption method, system, equipment and medium of software cryptographic module
JP7017800B2 (en) Arithmetic logic unit, arithmetic system, and arithmetic method
Grover et al. A framework for cloud data security
CN114785527B (en) Data transmission method, device, equipment and storage medium
CN108833449B (en) Web communication encryption transmission method, device and system based on RAS algorithm
CN112291189B (en) Method, device, equipment and storage medium for sending and checking ciphertext
CN114866317A (en) Multi-party data security calculation method and device, electronic equipment and storage medium
Nagendran et al. Hyper Elliptic Curve Cryptography (HECC) to ensure data security in the cloud
TWI741413B (en) Fingerprint encryption method, fingerprint encryption transmission method, decryption method and device, storage medium, terminal
KR20150002821A (en) Method for protecting confidentiality of a file distributed and stored at a plurality of storage service providers
JP2011193161A (en) System and method for encryption control
JPWO2019168477A5 (en)
JP2020155801A (en) Information management system and method therefor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant