CN117082493A - Star networking data transmission method, star networking data transmission device, computer equipment and storage medium - Google Patents

Star networking data transmission method, star networking data transmission device, computer equipment and storage medium Download PDF

Info

Publication number
CN117082493A
CN117082493A CN202310954842.XA CN202310954842A CN117082493A CN 117082493 A CN117082493 A CN 117082493A CN 202310954842 A CN202310954842 A CN 202310954842A CN 117082493 A CN117082493 A CN 117082493A
Authority
CN
China
Prior art keywords
key
verification
random
public key
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310954842.XA
Other languages
Chinese (zh)
Inventor
黄青丹
陈俊
吉旺威
孔令明
王勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangzhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority to CN202310954842.XA priority Critical patent/CN117082493A/en
Publication of CN117082493A publication Critical patent/CN117082493A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a star networking data transmission method, a star networking data transmission device, computer equipment and a storage medium. The method comprises the following steps: uploading a networking request and receiving verification encryption information transmitted by an authentication center; performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information; uploading verification decryption information to an authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key; determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a second random public key; encrypting the physiological signal by using the shared key to obtain an encrypted signal; and uploading the encrypted signal to an authentication center. By adopting the method, identity verification and data transmission can be performed in different encryption and decryption modes, so that the privacy and security of physiological signals caused by single key loss are avoided, and the invocation of computing resources for encrypting and decrypting data can be reduced.

Description

Star networking data transmission method, star networking data transmission device, computer equipment and storage medium
Technical Field
The present application relates to the field of wireless body area networks, and in particular, to a star networking data transmission method, apparatus, computer device, and storage medium.
Background
In a partial edge computing scenario, such as a wireless body area network, sensitive personal data related to human physiological signals is monitored, so ensuring high level privacy and security is important to prevent potential harm caused by data leakage. Attacks that eavesdrop on key private information and disclose it for illegal purposes can lead to serious consequences such as denial of access and communication disruption, and even possible threat to the patient's life safety. In order to ensure secure data transmission, a powerful security architecture is necessary. The IEEE 802.15.6 standard proposes a security paradigm defining three security levels. The highest security level (level 2) includes identity authentication and data encryption, which ensures confidentiality, privacy protection, message authenticity, integrity verification and replay attack defense.
However, conventional encryption algorithms rely on extensive computation to achieve data security, which is difficult to achieve in edge computing scenarios, and privacy and confidentiality of physiological signals cannot be guaranteed.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a star networking data transmission method, apparatus, computer device, computer readable storage medium, and computer program product that can reduce data arithmetic processing and ensure privacy and security of physiological signals.
In a first aspect, the present application provides a star networking data transmission method. Performed by a node, the method comprising:
uploading a networking request and receiving verification encryption information transmitted by an authentication center;
performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information;
uploading verification decryption information to an authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a second random public key;
encrypting the physiological signal by using the shared key to obtain an encrypted signal;
and uploading the encrypted signal to an authentication center.
In one embodiment, determining the shared key from the preset key algorithm, the preset algorithm parameter, and the second random public key includes:
generating a first random private key;
calculating according to a preset algorithm parameter, a preset key algorithm and a first random private key, obtaining a first random public key and uploading the first random public key to an authentication center;
and calculating according to the preset algorithm parameters, the preset key algorithm, the first random private key and the second random public key to determine the shared key.
In one embodiment, encrypting the physiological signal using the shared key to obtain an encrypted signal includes:
verifying the data length of the acquired physiological signals to obtain a verification result;
preprocessing the physiological signal based on the verification result to obtain preprocessed data;
and encrypting the preprocessed data by using the shared key to obtain an encrypted signal.
In one embodiment, encrypting the preprocessed data using the shared key to obtain an encrypted signal includes:
carrying out key round adding on the preprocessed data by using the shared key to obtain a first ciphertext;
performing conventional round transformation on the first ciphertext to obtain a second ciphertext;
and carrying out final round transformation on the second ciphertext to obtain an encrypted signal.
In a second aspect, the present application provides a star networking data transmission method. Performed by an authentication center, the method comprising:
generating verification encryption information according to a networking request of a node to be authenticated;
issuing verification encryption information to a node to be authenticated, and receiving verification decryption information;
carrying out identity verification according to the verification decryption information to obtain an identity verification result;
issuing an identity verification result to a node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
Determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a first random public key;
decrypting the encrypted signal by using the shared key to obtain a decrypted signal;
and transmitting the decrypted signal to the intelligent terminal.
In one embodiment, generating verification encryption information according to a networking request of a node to be authenticated includes:
after receiving the networking request, generating random plaintext information and determining a pre-stored public key;
and encrypting the random plaintext information by using the pre-stored public key to obtain verification encrypted information.
In one embodiment, determining the shared key from the preset key algorithm, the preset algorithm parameter, and the first random public key includes:
generating a second random private key;
calculating according to the preset algorithm parameters, the preset key algorithm and the second random private key to obtain a second random public key and issuing the second random public key to the authenticated node;
and calculating according to the preset algorithm parameters, the preset key algorithm, the second random private key and the first random public key to determine the shared key.
In one embodiment, decrypting the encrypted signal using the shared key to obtain a decrypted signal includes:
Carrying out key round-robin addition on the encrypted signal by using the shared key to obtain a first plaintext;
performing first-round reverse transformation on the first plaintext to obtain a second plaintext;
and performing conventional inverse transformation on the second plaintext to obtain a decrypted signal.
In a third aspect, the application further provides a star networking data transmission device. Configured in a node, the apparatus includes:
the first communication module is used for uploading a networking request and receiving verification encryption information transmitted by the authentication center;
the first encryption and decryption module is used for carrying out verification and decryption according to the private key and the verification and encryption information to obtain verification and decryption information;
the first communication module is also used for uploading the verification decryption information to the authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
the first key calculation module is used for determining a shared key according to a preset key algorithm, preset algorithm parameters and a second random public key;
the first encryption and decryption module is also used for encrypting the physiological signal by using the shared secret key to obtain an encrypted signal;
the first communication module is also used for uploading the encrypted signal to the authentication center.
In a fourth aspect, the application also provides a star networking data transmission device. The device is arranged in an authentication center, and comprises:
The second encryption and decryption module is used for generating verification encryption information according to the networking request of the node to be authenticated;
the second communication module is used for transmitting verification encryption information to the node to be authenticated and receiving verification decryption information;
the second encryption and decryption module is used for carrying out identity verification according to the verification and decryption information to obtain an identity verification result;
the second communication module is also used for issuing an identity verification result to the node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
the second key calculation module is used for determining a shared key according to a preset key algorithm, preset algorithm parameters and the first random public key;
the second encryption and decryption module is also used for decrypting the encrypted signal by using the shared secret key to obtain a decrypted signal;
and the second communication module is also used for transmitting the decrypted signals to the intelligent terminal.
In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the following steps when executing the computer program:
uploading a networking request and receiving verification encryption information transmitted by an authentication center;
Performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information;
uploading verification decryption information to an authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a second random public key;
encrypting the physiological signal by using the shared key to obtain an encrypted signal;
and uploading the encrypted signal to an authentication center.
In a sixth aspect, the present application also provides a computer device. The computer device comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the following steps when executing the computer program:
generating verification encryption information according to a networking request of a node to be authenticated;
issuing verification encryption information to a node to be authenticated, and receiving verification decryption information;
carrying out identity verification according to the verification decryption information to obtain an identity verification result;
issuing an identity verification result to a node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a first random public key;
Decrypting the encrypted signal by using the shared key to obtain a decrypted signal;
and transmitting the decrypted signal to the intelligent terminal.
In a seventh aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
uploading a networking request and receiving verification encryption information transmitted by an authentication center;
performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information;
uploading verification decryption information to an authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a second random public key;
encrypting the physiological signal by using the shared key to obtain an encrypted signal;
and uploading the encrypted signal to an authentication center.
In an eighth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
Generating verification encryption information according to a networking request of a node to be authenticated;
issuing verification encryption information to a node to be authenticated, and receiving verification decryption information;
carrying out identity verification according to the verification decryption information to obtain an identity verification result;
issuing an identity verification result to a node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a first random public key;
decrypting the encrypted signal by using the shared key to obtain a decrypted signal;
and transmitting the decrypted signal to the intelligent terminal.
In a ninth aspect, the present application also provides a computer program product. The computer program product comprising a computer program which, when executed by a processor, performs the steps of:
uploading a networking request and receiving verification encryption information transmitted by an authentication center;
performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information;
uploading verification decryption information to an authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
Determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a second random public key;
encrypting the physiological signal by using the shared key to obtain an encrypted signal;
and uploading the encrypted signal to an authentication center.
In a tenth aspect, the present application also provides a computer program product. The computer program product comprising a computer program which, when executed by a processor, performs the steps of:
generating verification encryption information according to a networking request of a node to be authenticated;
issuing verification encryption information to a node to be authenticated, and receiving verification decryption information;
carrying out identity verification according to the verification decryption information to obtain an identity verification result;
issuing an identity verification result to a node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and a first random public key;
decrypting the encrypted signal by using the shared key to obtain a decrypted signal;
and transmitting the decrypted signal to the intelligent terminal.
The star networking data transmission method, the star networking data transmission device, the computer equipment, the storage medium and the computer program product are characterized in that a node to be authenticated sends a networking request to an authentication center, the authentication center encrypts random plaintext information to obtain verification encryption information and transmits the verification encryption information, the node to be authenticated decrypts the verification encryption information by using a private key to obtain verification decryption information and sends the verification decryption information, and the authentication center compares the received verification decryption information with the random plaintext information to determine the identity of the node to be authenticated; after successful verification, the node performs key negotiation with the authentication center to obtain a shared key, then the node encrypts a physiological signal by using the shared key after acquiring physiological information and sends the encrypted signal, the authentication center decrypts the encrypted signal by using the shared key to obtain a decrypted signal, and sends the decrypted signal to the intelligent terminal, and identity verification and data transmission are performed by different encryption and decryption modes, so that the secret line and security of the physiological signal due to the loss of a single key are avoided, and the call of computational resources for encrypting and decrypting data can be reduced.
Drawings
FIG. 1 is an application environment diagram of a star networking data transmission method in one embodiment;
FIG. 2 is a flow chart of a method for star networking data transmission in one embodiment;
FIG. 3 is a flow chart illustrating the encryption steps of physiological signals in one embodiment;
FIG. 4 is a flowchart of a method for transmitting star networking data according to another embodiment;
FIG. 5 is a flowchart illustrating a physiological signal decryption step according to another embodiment;
FIG. 6 is a block diagram of a star networking data transmission device in one embodiment;
FIG. 7 is a block diagram of a star networking data transmission device according to another embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The star networking data transmission method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Wherein the node 102 and the intelligent terminal 104 communicate with the authentication center 106 through a network. The data storage system may store data that the authentication center 106 needs to process. The data storage system may be integrated on the authentication center 106 or may be located on the cloud or other network server. The node to be authenticated sends a networking request to an authentication center, the authentication center encrypts the random plaintext information to obtain verification encryption information and sends the verification encryption information, the node to be authenticated decrypts the verification encryption information by using a private key to obtain verification decryption information and sends the verification decryption information, and the authentication center compares the received verification decryption information with the random plaintext information to determine the identity of the node to be authenticated; after successful verification, the node performs key negotiation with the authentication center to obtain a shared key, then the node encrypts a physiological signal by using the shared key after acquiring physiological information and sends the encrypted signal, the authentication center decrypts the encrypted signal by using the shared key to obtain a decrypted signal, and the decrypted signal is sent to the intelligent terminal. The node 102 may be, but not limited to, various sensors distributed on the surface of a human body or implanted in the human body, and a portable wearable device of a personal data acquisition and processing terminal. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The intelligent terminal 104 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. Authentication center 106 may be implemented as a stand-alone server or as a cluster of servers.
In one embodiment, as shown in fig. 2, there is provided a star networking data transmission method, which is performed by a node, comprising the steps of:
step 202, uploading a networking request and receiving verification encryption information transmitted by an authentication center.
Specifically, the node to be authenticated sends a networking request to the authentication center. After receiving the networking request, the authentication center encrypts the authentication information by using a public key prestored by the node to be authenticated to obtain authentication encryption information, and then transmits the authentication encryption information to the node to be authenticated
And 204, performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information.
Wherein the private key and the public key in step 202 are obtained by RSA (Ron Rivest-Adi Shamir-Leonard Adlem) an Lenard-lewester-alder-semer-renada-adman) coprocessor generation, as follows:
assuming n is the product of two large primes p and q, thenThe euler function value for n is given by:
φ(n)=(p-1)×(q-1)
where p and q can be very large, up to 1024 bits or more.
Then selecting any public key e, wherein the public key e needs to satisfy 1 < e < phi (n) and gcd (e, phi (n))=1, and calculating to obtain a private key d as e in the modulus The following multiplicative inverse, the formula is:
(d×e)≡1(modφ(n))
then a public key pair n, e and a private key pair n, d can be obtained.
Specifically, after the authentication center receives the verification encryption information, the verification encryption information is decrypted by using the private key, so that verification decryption information is obtained. For example, assume that the original plaintext is m, and the encrypted ciphertext is c Through formula c d The authentication decryption information, i.e., the original m, can be calculated and obtained by the method of the [ identical to ] m (mod n).
Step 206, uploading the verification decryption information to the authentication center, and receiving the identity verification result; and when the authentication result is that the authentication is successful, receiving the second random public key.
Specifically, after decryption is completed, verification decryption information obtained by decryption is transmitted to the authentication center. And verifying the verification decryption information through the authentication center to obtain an identity verification result. And when the authentication result is that the authentication is successful, accessing the node which completes the authentication into the star network where the authentication center is located. And then, the node performs DH (Diffie-Hellman ) key negotiation with the authentication center to acquire a second random public key transmitted by the authentication center.
Step 208, determining the shared key according to the preset key algorithm, the preset algorithm parameters and the second random public key.
Specifically, when DH key negotiation is performed, the node generates a first random private key, and then a shared key is obtained by calculating a preset key algorithm, preset algorithm parameters, a second random public key and the first random private key.
And simultaneously, calculating a first random public key by using a preset key algorithm, preset algorithm parameters and a first random private key, and transmitting the first random public key to an authentication center.
Step 210, encrypt the physiological signal with the shared key to obtain an encrypted signal.
Specifically, after networking is completed, a data request issued by an authentication center is received, a node acquires a physiological signal, and the physiological signal is encrypted by an AES (Advanced Encryption Standard ) coprocessor by using a shared key to obtain an encrypted signal.
Step 212, the encrypted signal is sent up to the authentication center.
In the star networking data transmission method, a node to be authenticated sends a networking request to an authentication center, the authentication center encrypts random plaintext information to obtain verification encryption information and transmits the verification encryption information, the node to be authenticated decrypts the verification encryption information by using a private key to obtain verification decryption information and sends the verification decryption information up, and the authentication center compares the received verification decryption information with the random plaintext information to determine the identity of the node to be authenticated; after successful verification, the node performs key negotiation with the authentication center to obtain a shared key, then the node encrypts a physiological signal by using the shared key after acquiring physiological information and sends the encrypted signal, the authentication center decrypts the encrypted signal by using the shared key to obtain a decrypted signal, and sends the decrypted signal to the intelligent terminal, and identity verification and data transmission are performed by different encryption and decryption modes, so that the secret line and security of the physiological signal due to the loss of a single key are avoided, and the call of computational resources for encrypting and decrypting data can be reduced.
In one embodiment, determining the shared key from the pre-set key algorithm, the pre-set algorithm parameters, and the second random public key comprises:
generating a first random private key; calculating according to a preset algorithm parameter, a preset key algorithm and a first random private key, obtaining a first random public key and uploading the first random public key to an authentication center; and calculating according to the preset algorithm parameters, the preset key algorithm, the first random private key and the second random public key to determine the shared key.
Specifically, a first random private key A is generated, and a first random public key is obtained through calculation by using preset algorithm parameters and a preset key algorithm, wherein a specific formula is as follows;
DH_A=G A mod P
wherein G and P are both large prime numbers and represent the base and modulus, respectively.
After obtaining the first random public key, the first random public key is transmitted to an authentication center.
And then calculating a shared secret key by using the second random public key, wherein the specific formula is as follows:
Shared_Key=DH_B A mod P
where DH_B is the second random public key.
In this embodiment, the node randomly generates the first random private key, and the node and the authentication center calculate the first random public key and the second random public key by using DH key negotiation, transmit the first random public key and the second random public key, and calculate the shared key by using the second random public key, thereby improving the security of the shared key, and reducing the probability of cracking the subsequently encrypted physiological signal.
In one embodiment, encrypting the physiological signal with the shared key to obtain an encrypted signal comprises:
verifying the data length of the acquired physiological signals to obtain a verification result; preprocessing the physiological signal based on the verification result to obtain preprocessed data; and encrypting the preprocessed data by using the shared key to obtain an encrypted signal.
Specifically, after the physiological signal is collected, the data length of the physiological signal is identified, and whether the data length of the physiological signal is an integer multiple of the block size is judged, for example, after the signal is collected, the physiological signal is required to be packed into 128-bit data blocks. If the data length of the physiological signal is insufficient, expanding and filling the physiological signal to enable the data length of the physiological signal to meet the requirement, and then encrypting the physiological signal by using an AES coprocessor to obtain an encrypted signal.
In this embodiment, through the preprocessing operation on the physiological signal, the physiological signal is conveniently encrypted by the AES coprocessor, so as to improve the security of the physiological signal in the transmission process.
In one embodiment, as shown in fig. 3, encrypting the preprocessed data using the shared key to obtain an encrypted signal, comprising:
Step 302, performing key round-robin addition on the preprocessed data by using the shared key to obtain a first ciphertext.
Wherein the key round is to exclusive-or the key with the plaintext according to the bits.
Specifically, the preprocessed data and the shared key are subjected to key round adding operation, and then a first ciphertext is obtained.
Step 304, performing conventional round transformation on the first ciphertext to obtain a second ciphertext.
Different key lengths in the AES algorithm correspond to different numbers of encryption rounds, for example, 10 rounds for encryption of a 128-bit key, 12 rounds for encryption of a 192-bit key, 14 rounds for encryption of a 256-bit key, and the like. The round transforms include S-box (SB), row Shift (SR), column Mix (MC), and key Addition (ARK) operations.
Specifically, the normal round transformation operation of Nr-1 round is sequentially performed on the first ciphertext, that is, each round sequentially performs operations including S-box, row shift, column mix, and key round add. And obtaining a second ciphertext after finishing the normal round of transformation operation of Nr-1 round.
And 306, performing final round transformation on the second ciphertext to obtain an encrypted signal.
Specifically, after the normal round conversion of Nr-1 round is completed, the last round conversion is performed, that is, the S-box, row shift, and key addition operations are sequentially performed, and then an encrypted signal is obtained.
In this embodiment, encryption of physiological signals is achieved by performing one-time key round-robin addition and Nr round-robin transformation operation by the AES coprocessor, so that security of transmission data is improved, and meanwhile, shared keys are adopted in the encryption process, so that probability of cracking encrypted signals is reduced.
In one embodiment, as shown in fig. 4, there is provided a star networking data transmission method, which is performed by an authentication center, comprising the steps of:
step 402, generating verification encryption information according to the networking request of the node to be authenticated.
Specifically, after receiving the networking request, the authentication center generates random plaintext information, and encrypts the random plaintext information by using a public key stored in advance, that is, the public key in step 204, to obtain an encrypted signal. For example, assuming that the original plaintext is m, the encrypted ciphertext can be calculated and obtained by the formula c≡me (mod n) to obtain c.
Step 404, issuing verification encryption information to the node to be authenticated, and receiving verification decryption information.
And step 406, carrying out identity verification according to the verification decryption information to obtain an identity verification result.
Specifically, after the verification decryption information is obtained, the verification decryption information is compared with the random plaintext information, and whether the verification decryption information is consistent with the random plaintext information is judged, so that an identity verification result is obtained.
Step 408, issuing the authentication result to the node to be authenticated; and when the authentication result is that the authentication is successful, receiving the first random public key.
Specifically, after the authentication center receives the verification decryption information, the verification decryption information is compared with the random plaintext information to obtain an identity verification result. And when the authentication result is that the authentication is successful, accessing the node which completes the authentication into the star network where the authentication center is located. And then, the node performs DH key negotiation with the authentication center to acquire a first random public key transmitted by the node.
Step 410, determining the shared key according to the preset key algorithm, the preset algorithm parameters and the first random public key.
Specifically, when DH key negotiation is performed, the authentication center generates a second random private key, and then a shared key is obtained by calculating a preset key algorithm, preset algorithm parameters, the first random public key and the second random private key.
And simultaneously, calculating a second random public key by using a preset key algorithm, preset algorithm parameters and a second random private key, and transmitting the second random public key to the node.
Step 412, decrypting the encrypted signal using the shared key to obtain a decrypted signal.
Specifically, after obtaining the encrypted signal, the authentication center decrypts the physiological signal by using the shared key through the AES coprocessor to obtain the decrypted signal.
And step 414, the decrypted signal is issued to the intelligent terminal.
In the embodiment, a node to be authenticated sends a networking request to an authentication center, the authentication center encrypts random plaintext information to obtain verification encryption information and transmits the verification encryption information, the node to be authenticated decrypts the verification encryption information by using a private key to obtain verification decryption information and uploads the verification decryption information, and the authentication center compares the received verification decryption information with the random plaintext information to determine the identity of the node to be authenticated; after successful verification, the node performs key negotiation with the authentication center to obtain a shared key, then the node encrypts a physiological signal by using the shared key after acquiring physiological information and sends the encrypted signal, the authentication center decrypts the encrypted signal by using the shared key to obtain a decrypted signal, and sends the decrypted signal to the intelligent terminal, and identity verification and data transmission are performed by different encryption and decryption modes, so that the secret line and security of the physiological signal due to the loss of a single key are avoided, and the call of computational resources for encrypting and decrypting data can be reduced.
In one embodiment, generating verification encryption information according to a networking request of a node to be authenticated includes:
After receiving the networking request, generating random plaintext information and determining a pre-stored public key; and encrypting the random plaintext information by using the pre-stored public key to obtain verification encrypted information.
Specifically, in the networking process, the authentication center randomly generates random plaintext information, and the random plaintext information is encrypted by using a public key stored in advance by a node to be authenticated, so that verification encrypted information is obtained. For example, after receiving a networking request of a node to be authenticated, the authentication center randomly generates a plaintext message, encrypts the plaintext message into a challenge by using a stored public key of the node to be authenticated, and sends the challenge to the node to be authenticated.
In this embodiment, the public key stored in advance in the node to be authenticated is used to encrypt the random plaintext information, and the encrypted verification encryption information is sent to the node to be authenticated, and the node to be authenticated decrypts by the private key.
In one embodiment, determining the shared key from the pre-set key algorithm, the pre-set algorithm parameters, and the first random public key comprises:
generating a second random private key; calculating according to the preset algorithm parameters, the preset key algorithm and the second random private key to obtain a second random public key and issuing the second random public key to the authenticated node; and calculating according to the preset algorithm parameters, the preset key algorithm, the second random private key and the first random public key to determine the shared key.
Specifically, a second random private key B is generated, and a second random public key is obtained through calculation by using preset algorithm parameters and a preset key algorithm, wherein the specific formula is as follows:
DH_B=G B mod P
wherein G and P are both large prime numbers and represent the base and modulus, respectively.
After obtaining the second random public key, the second random public key is transmitted to the authentication center.
Then the first random public key is used for calculating the shared secret key, and the specific formula is as follows:
Shared_Key=DH_A B mod P
where DH_A is the first random public key.
In this embodiment, the node randomly generates the second random private key, and the node and the authentication center calculate the first random public key and the second random public key by using DH key negotiation, transmit the first random public key and the second random public key, and calculate the shared key by using the obtained first random public key, thereby improving the security of the shared key, and reducing the probability of cracking the subsequently encrypted physiological signal.
In one embodiment, as shown in fig. 5, decrypting the encrypted signal using the shared key to obtain a decrypted signal includes:
step 502, performing key round addition on the encrypted signal by using the shared key to obtain a first plaintext.
Wherein the key round is to exclusive-or the key with the plaintext according to the bits.
Specifically, a key round add operation is performed on the obtained encrypted signal and the shared key to obtain a first plaintext.
Step 504, performing first-round reverse transformation on the first plaintext to obtain a second plaintext.
Wherein the reverse round transform includes reverse column mixing, reverse shift, reverse S-box and key addition operations.
Specifically, when the first round reverse round transform is performed, reverse shift, reverse S-box, and key addition operations are sequentially performed, and then a second plaintext is obtained.
Step 506, performing conventional inverse transformation on the second plaintext to obtain a decrypted signal.
Specifically, after the first round of reverse round transformation is completed, the second plaintext is sequentially subjected to the normal reverse round transformation operation of Nr-1 round, that is, each round sequentially performs the operations including reverse column mixing, reverse shift, reverse S box and key addition. The decrypted signal is obtained after the conventional inverse transform operation of the Nr-1 round is completed.
In this embodiment, encryption of physiological signals is achieved by performing one-time keywheel addition and Nr-time inverse transformation operations by the AES coprocessor, so that security of transmission data is improved, and meanwhile, shared keys are adopted in the encryption process, so that probability of cracking encrypted signals is reduced.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a star networking data transmission device for realizing the above related star networking data transmission method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more star networking data transmission devices provided below may be referred to the limitation of the star networking data transmission method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 6, there is provided a star networking data transmission apparatus, which is configured at a node, including: a first communication module 602, a first encryption/decryption module 604, and a first key calculation module 606, wherein:
the first communication module 602 is configured to send a networking request, and receive verification encryption information transmitted by the authentication center.
The first encryption and decryption module 604 is configured to perform verification and decryption according to the private key and the verification and encryption information, and obtain verification and decryption information.
The first communication module 602 is further configured to upload verification decryption information to the authentication center, and receive an authentication result; and when the authentication result is that the authentication is successful, receiving the second random public key.
The first key calculation module 606 is configured to determine the shared key according to a preset key algorithm, preset algorithm parameters and the second random public key.
The first encryption/decryption module 604 is further configured to encrypt the physiological signal with the shared key to obtain an encrypted signal.
The first communication module 602 is further configured to send the encrypted signal to an authentication center.
In one embodiment, the first key calculation module 606 is further configured to generate a first random private key; calculating according to a preset algorithm parameter, a preset key algorithm and a first random private key, obtaining a first random public key and uploading the first random public key to an authentication center; and calculating according to the preset algorithm parameters, the preset key algorithm, the first random private key and the second random public key to determine the shared key.
In one embodiment, the first encryption/decryption module 604 is further configured to perform data length verification on the collected physiological signal, to obtain a verification result; preprocessing the physiological signal based on the verification result to obtain preprocessed data; and encrypting the preprocessed data by using the shared key to obtain an encrypted signal.
In one embodiment, the first encryption/decryption module 604 is further configured to perform key round encryption on the preprocessed data by using the shared key to obtain a first ciphertext; performing conventional round transformation on the first ciphertext to obtain a second ciphertext; and carrying out final round transformation on the second ciphertext to obtain an encrypted signal.
In one embodiment, as shown in fig. 7, there is provided a star networking data transmission device configured in an authentication center, including: a second communication module 702, a second encryption and decryption module 704, and a second key calculation module 706, wherein:
and the second encryption and decryption module 704 is configured to generate verification encryption information according to a networking request of the node to be authenticated.
The second communication module 702 is configured to send verification encryption information to a node to be authenticated, and receive verification decryption information.
And the second encryption and decryption module 704 is configured to perform identity verification according to the verification and decryption information, so as to obtain an identity verification result.
The second communication module 702 is further configured to issue an authentication result to the node to be authenticated; and when the authentication result is that the authentication is successful, receiving the first random public key.
The second key calculation module 706 is configured to determine the shared key according to a preset key algorithm, preset algorithm parameters, and the first random public key.
The second encryption and decryption module 704 is further configured to decrypt the encrypted signal by using the shared key, to obtain a decrypted signal.
The second communication module 702 is further configured to send the decrypted signal to the intelligent terminal.
In one embodiment, the second encryption and decryption module 704 is further configured to generate random plaintext information and determine a pre-stored public key after receiving a networking request; and encrypting the random plaintext information by using the pre-stored public key to obtain verification encrypted information.
In one embodiment, the second key calculation module 706 is further configured to generate a second random private key; calculating according to the preset algorithm parameters, the preset key algorithm and the second random private key to obtain a second random public key and issuing the second random public key to the authenticated node; and calculating according to the preset algorithm parameters, the preset key algorithm, the second random private key and the first random public key to determine the shared key.
In one embodiment, the second encryption and decryption module 704 is further configured to perform key round encryption on the encrypted signal by using the shared key to obtain a first plaintext; performing first-round reverse transformation on the first plaintext to obtain a second plaintext; and performing conventional inverse transformation on the second plaintext to obtain a decrypted signal.
The modules in the star networking data transmission device can be all or partially realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store physiological signals, encrypted signals and decrypted signal data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a star networking data transmission method.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (10)

1. A method of star networking data transmission, performed by a node, the method comprising:
uploading a networking request and receiving verification encryption information transmitted by an authentication center;
performing verification decryption according to the private key and the verification encryption information to obtain verification decryption information;
uploading the verification decryption information to the authentication center, and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
Determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and the second random public key;
encrypting the physiological signal by using the shared key to obtain an encrypted signal;
and uploading the encrypted signal to the authentication center.
2. The method of claim 1, wherein the determining the shared key from the pre-set key algorithm, the pre-set algorithm parameters, and the second random public key comprises:
generating a first random private key;
calculating according to a preset algorithm parameter, a preset key algorithm and the first random private key to obtain a first random public key and uploading the first random public key to an authentication center;
and calculating according to preset algorithm parameters, a preset key algorithm, the first random private key and the second random public key to determine a shared key.
3. The method of claim 1, wherein encrypting the physiological signal using the shared key to obtain an encrypted signal comprises:
verifying the data length of the acquired physiological signals to obtain a verification result;
preprocessing the physiological signal based on the verification result to obtain preprocessed data;
And encrypting the preprocessed data by using the shared key to obtain an encrypted signal.
4. A method according to claim 3, wherein encrypting the preprocessed data using the shared key to obtain an encrypted signal comprises:
carrying out key round adding on the preprocessed data by utilizing the shared key to obtain a first ciphertext;
performing conventional round transformation on the first ciphertext to obtain a second ciphertext;
and carrying out final round transformation on the second ciphertext to obtain an encrypted signal.
5. A method of star networking data transmission, performed by an authentication center, the method comprising:
generating verification encryption information according to a networking request of a node to be authenticated;
issuing the verification encryption information to the node to be authenticated, and receiving verification decryption information;
performing identity verification according to the verification decryption information to obtain an identity verification result;
issuing the identity verification result to the node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
determining a shared secret key according to a preset secret key algorithm, preset algorithm parameters and the first random public key;
Decrypting the encrypted signal by using the shared key to obtain a decrypted signal;
and transmitting the decrypted signal to an intelligent terminal.
6. The method of claim 5, wherein generating verification encryption information based on the networking request of the node to be authenticated comprises:
after receiving the networking request, generating random plaintext information and determining a pre-stored public key;
and encrypting the random plaintext information by using the pre-stored public key to obtain verification encryption information.
7. The method of claim 5, wherein the determining the shared key based on the pre-set key algorithm, the pre-set algorithm parameters, and the first random public key comprises:
generating a second random private key;
calculating according to a preset algorithm parameter, a preset key algorithm and the second random private key to obtain a second random public key and issuing the second random public key to an authenticated node;
and calculating according to preset algorithm parameters, a preset key algorithm, the second random private key and the first random public key to determine a shared key.
8. The method of claim 5, wherein decrypting the encrypted signal using the shared key to obtain a decrypted signal comprises:
Carrying out key round addition on the encrypted signal by utilizing the shared key to obtain a first plaintext;
performing first-round reverse transformation on the first plaintext to obtain a second plaintext;
and performing conventional inverse transformation on the second plaintext to obtain a decrypted signal.
9. A star networking data transmission device, configured in a node, the device comprising:
the first communication module is used for uploading a networking request and receiving verification encryption information transmitted by the authentication center;
the first encryption and decryption module is used for carrying out verification and decryption according to the private key and the verification and decryption information to obtain verification and decryption information;
the first communication module is also used for uploading the verification decryption information to the authentication center and receiving an identity verification result; when the authentication result is that the authentication is successful, receiving a second random public key;
the first key calculation module is used for determining a shared key according to a preset key algorithm, preset algorithm parameters and the second random public key;
the first encryption and decryption module is also used for encrypting the physiological signal by using the shared secret key to obtain an encrypted signal;
the first communication module is further used for sending the encrypted signal to the authentication center.
10. A star networking data transmission device, configured in an authentication center, the device comprising:
the second encryption and decryption module is used for generating verification encryption information according to the networking request of the node to be authenticated;
the second communication module is used for transmitting the verification encryption information to the node to be authenticated and receiving verification decryption information;
the second encryption and decryption module is used for carrying out identity verification according to the verification and decryption information to obtain an identity verification result;
the second communication module is further used for issuing the identity verification result to the node to be authenticated; when the authentication result is that the authentication is successful, receiving a first random public key;
the second key calculation module is used for determining a shared key according to a preset key algorithm, preset algorithm parameters and the first random public key;
the second encryption and decryption module is also used for decrypting the encrypted signal by using the shared secret key to obtain a decrypted signal;
and the second communication module is also used for transmitting the decrypted signal to the intelligent terminal.
CN202310954842.XA 2023-07-31 2023-07-31 Star networking data transmission method, star networking data transmission device, computer equipment and storage medium Pending CN117082493A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310954842.XA CN117082493A (en) 2023-07-31 2023-07-31 Star networking data transmission method, star networking data transmission device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310954842.XA CN117082493A (en) 2023-07-31 2023-07-31 Star networking data transmission method, star networking data transmission device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117082493A true CN117082493A (en) 2023-11-17

Family

ID=88701474

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310954842.XA Pending CN117082493A (en) 2023-07-31 2023-07-31 Star networking data transmission method, star networking data transmission device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117082493A (en)

Similar Documents

Publication Publication Date Title
EP2228942B1 (en) Securing communications sent by a first user to a second user
US11431487B2 (en) Adaptive attack resistant distributed symmetric encryption
Tseng et al. A chaotic maps-based key agreement protocol that preserves user anonymity
US9077520B2 (en) Method for secure communication in a network, a communication device, a network and a computer program therefor
US11728988B2 (en) Elliptic curve isogeny based key agreement protocol
US20160156470A1 (en) System for sharing a cryptographic key
US9338000B2 (en) Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm
US11804960B2 (en) Distributed symmetric encryption
Koko et al. Comparison of Various Encryption Algorithms and Techniques for improving secured data Communication
CA2639649A1 (en) Cryptography method and system
CN117318941B (en) Method, system, terminal and storage medium for distributing preset secret key based on in-car network
Daddala et al. Design and implementation of a customized encryption algorithm for authentication and secure communication between devices
EP3010173A1 (en) Key storage device, key storage method, and program therefor
CN114257402B (en) Encryption algorithm determining method, device, computer equipment and storage medium
Kumar et al. A novel framework for secure file transmission using modified AES and MD5 algorithms
US7415110B1 (en) Method and apparatus for the generation of cryptographic keys
CN110572788B (en) Wireless sensor communication method and system based on asymmetric key pool and implicit certificate
WO2023055371A1 (en) Replicated secret share generation for distributed symmetric cryptography
CN117082493A (en) Star networking data transmission method, star networking data transmission device, computer equipment and storage medium
CN115336224A (en) Adaptive attack-resistant distributed symmetric encryption
WO2018011825A1 (en) Encryption and decryption of messages
Mohamed Wireless Communication Systems: Confidentiality: Encryption and Decryption
Mohamed et al. Cryptography concepts: Confidentiality
Chaudhary et al. Comparative Study Between Cryptographic and Hybrid Techniques for Implementation of Security in Cloud.
CN117318986A (en) Data transmission method and system based on multiple encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination