TWI823223B - Method and device for a secure data transmission - Google Patents

Method and device for a secure data transmission Download PDF

Info

Publication number
TWI823223B
TWI823223B TW110149589A TW110149589A TWI823223B TW I823223 B TWI823223 B TW I823223B TW 110149589 A TW110149589 A TW 110149589A TW 110149589 A TW110149589 A TW 110149589A TW I823223 B TWI823223 B TW I823223B
Authority
TW
Taiwan
Prior art keywords
encryption
decryption method
mentioned
packet
decryption
Prior art date
Application number
TW110149589A
Other languages
Chinese (zh)
Other versions
TW202327312A (en
Inventor
曾柏銜
Original Assignee
新唐科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新唐科技股份有限公司 filed Critical 新唐科技股份有限公司
Priority to TW110149589A priority Critical patent/TWI823223B/en
Priority to CN202211142092.8A priority patent/CN116418549A/en
Publication of TW202327312A publication Critical patent/TW202327312A/en
Application granted granted Critical
Publication of TWI823223B publication Critical patent/TWI823223B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

A method for a secure data transmission is provided. The method includes: generating, by a random number generating circuit, a random number; dividing the random number by the size of an encryption and decryption method table to obtain a remainder, and writing the remainder into a packet; obtaining an encryption and decryption method corresponding to the remainder in the encryption and decryption method table according to the remainder; encrypting data located in a data field in the packet by using the encryption and decryption method; and transmitting the packet.

Description

安全資料傳輸的方法及裝置Methods and devices for secure data transmission

本揭露係有關於一種安全資料傳輸的方法及裝置,且特別係有關於一種使用多種加解密方法之安全資料傳輸的方法及裝置。The present disclosure relates to a method and device for secure data transmission, and in particular, to a method and device for secure data transmission using multiple encryption and decryption methods.

兩個通訊裝置之間是經由協定(protocol)來進行通訊和傳輸資料,其中所傳輸的資料會包含重要的機密資料。Two communication devices communicate and transmit data through a protocol, and the data transmitted may include important confidential information.

目前常用用來加密傳輸資料方法有很多種。然而,在兩通訊裝置使用協定來傳輸資料的過程中,傳輸的資料由始至終通常只採用同一種加解密方法,單一加解密方法很容易被竊取者鎖定並加以攻破。There are many methods commonly used to encrypt data for transmission. However, when two communication devices use a protocol to transmit data, the transmitted data usually only uses the same encryption and decryption method from beginning to end. A single encryption and decryption method can easily be locked and broken by thieves.

因此,需要一種安全資料傳輸的方法及裝置,以提供多種加解密資料的方式,使得資料傳輸更安全。Therefore, a secure data transmission method and device are needed to provide multiple ways of encrypting and decrypting data to make data transmission more secure.

以下揭露的內容僅為示例性的,且不意指以任何方式加以限制。除所述說明方面、實施方式和特徵之外,透過參照附圖和下述具體實施方式,其他方面、實施方式和特徵也將顯而易見。即,以下揭露的內容被提供以介紹概念、重點、益處及本文所描述新穎且非顯而易見的技術優勢。所選擇,非所有的,實施例將進一步詳細描述如下。因此,以下揭露的內容並不意旨在所要求保護主題的必要特徵,也不意旨在決定所要求保護主題的範圍中使用。The following disclosure is illustrative only and is not intended to be limiting in any way. In addition to the illustrated aspects, embodiments, and features, other aspects, embodiments, and features will become apparent by reference to the accompanying drawings and the following detailed description. That is, the following disclosure is provided to introduce the concepts, highlights, benefits, and advantages of the novel and non-obvious technologies described herein. Selected, but not all, embodiments are described in further detail below. Accordingly, the following disclosure is not intended to be essential features of the claimed subject matter, nor is it intended to be used in determining the scope of the claimed subject matter.

因此,本揭露之主要目的即在於提供一種安全資料傳輸的方法及裝置,以提供多種加解密資料的方式,使得資料傳輸更為安全。Therefore, the main purpose of the present disclosure is to provide a method and device for secure data transmission, so as to provide multiple ways of encrypting and decrypting data, making data transmission more secure.

本揭露提出一種安全資料傳輸的方法,用於一傳送裝置,包括:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一封包;根據上述餘數取得上述加解密方法表格中對應上述餘數之一加解密方法;使用上述加解密方法加密位於上述封包中一資料欄位之一資料;以及傳送上述封包。The disclosure proposes a secure data transmission method for a transmission device, which includes: generating a random number through a random number generation circuit; dividing the random number by the size of an encryption and decryption method table to obtain a remainder, and The above-mentioned remainder is written into a packet; the above-mentioned encryption and decryption method table is used to obtain one of the encryption and decryption methods corresponding to the above-mentioned remainder according to the above-mentioned remainder; the above-mentioned encryption and decryption method is used to encrypt one of the data located in a data field in the above-mentioned packet; and the above-mentioned packet is transmitted.

在一些實施例中,根據上述餘數取得上述加解密方法表格中對應上述餘數之上述加解密方法更包括:將上述餘數視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之上述加解密方法。In some embodiments, obtaining the encryption and decryption method corresponding to the remainder in the encryption and decryption method table based on the remainder further includes: treating the remainder as an encryption and decryption method index number to query the encryption and decryption method table corresponding to the encryption and decryption method. The decryption method index number is the above encryption and decryption method.

在一些實施例中,上述餘數係被寫入至上述封包中一加解密方法索引號欄位中。In some embodiments, the remainder is written into an encryption and decryption method index field in the packet.

在一些實施例中,上述加解密方法表格的大小係對應上述加解密方法索引號之一數量。In some embodiments, the size of the above-mentioned encryption and decryption method table corresponds to one of the above-mentioned encryption and decryption method index numbers.

本揭露提出一種安全資料傳輸的方法,用於一接收裝置,包括:接收一封包;取得上述封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢一加解密方法表格中對應上述加解密方法索引號之一加解密方法;以及使用上述加解密方法解密上述封包中之一資料欄位,以取得位於上述資料欄位中之一資料。The disclosure proposes a secure data transmission method for a receiving device, including: receiving a packet; obtaining a value in an encryption and decryption method index number field in the packet; and treating the above value as an encryption and decryption method index number. , to query an encryption and decryption method corresponding to the index number of the above-mentioned encryption and decryption method in an encryption and decryption method table; and use the above-mentioned encryption and decryption method to decrypt one of the data fields in the above-mentioned packet to obtain one of the data located in the above-mentioned data fields.

本揭露提出一種安全資料傳輸的方法,用於一裝置,包括:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一第一封包;根據上述餘數取得上述加解密方法表格中對應上述餘數之一第一加解密方法;使用上述第一加解密方法加密位於上述第一封包中一第一資料欄位之一第一資料;以及傳送上述第一封包。The disclosure proposes a secure data transmission method for a device, including: generating a random number through a random number generation circuit; dividing the random number by the size of an encryption and decryption method table to obtain a remainder, and dividing the above random number The remainder is written into a first packet; one of the first encryption and decryption methods corresponding to the above remainder in the above-mentioned encryption and decryption method table is obtained based on the above-mentioned remainder; and the above-mentioned first encryption and decryption method is used to encrypt a first data field located in the above-mentioned first packet. a first data; and transmit the above-mentioned first packet.

在一些實施例中,根據上述餘數取得上述加解密方法表格中對應上述餘數之上述第一加解密方法更包括:將上述餘數視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之上述第一加解密方法。In some embodiments, obtaining the first encryption and decryption method corresponding to the remainder in the encryption and decryption method table based on the remainder further includes: treating the remainder as an encryption and decryption method index number to query the corresponding encryption and decryption method table. The index number of the above-mentioned encryption and decryption method is the above-mentioned first encryption and decryption method.

在一些實施例中,上述方法更包括:接收一第二封包;取得上述第二封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之一第二加解密方法;以及使用上述第二加解密方法解密上述第二封包中之一第二資料欄位,以取得位於上述第二資料欄位中之一第二資料。In some embodiments, the above method further includes: receiving a second packet; obtaining a value in an encryption and decryption method index number field in the second packet; treating the above value as an encryption and decryption method index number for query One of the second encryption and decryption methods corresponding to the index number of the above-mentioned encryption and decryption methods in the above-mentioned encryption and decryption method table; and using the above-mentioned second encryption and decryption method to decrypt one of the second data fields in the above-mentioned second packet to obtain the above-mentioned second data One of the secondary data in the field.

本揭露提出一種安全資料傳輸的裝置,包括:一或多個處理器;以及一或多個電腦儲存媒體,儲存電腦可讀取指令,其中上述處理器使用上述電腦儲存媒體以執行:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一封包;根據上述餘數取得上述加解密方法表格中對應上述餘數之一加解密方法;使用上述加解密方法加密位於上述封包中一資料欄位之一資料;以及傳送上述封包。The present disclosure proposes a device for secure data transmission, including: one or more processors; and one or more computer storage media that stores computer-readable instructions, wherein the above-mentioned processor uses the above-mentioned computer storage media to execute: through a The random number generation circuit generates a random number; divides the above random number by the size of an encryption and decryption method table to obtain a remainder, and writes the above remainder into a packet; and obtains the corresponding above remainder in the above encryption and decryption method table based on the above remainder An encryption and decryption method; using the above encryption and decryption method to encrypt data located in a data field in the above packet; and transmitting the above packet.

本揭露提出一種安全資料傳輸的裝置,包括:一或多個處理器;以及一或多個電腦儲存媒體,儲存電腦可讀取指令,其中上述處理器使用上述電腦儲存媒體以執行:接收一封包;取得上述封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢一加解密方法表格中對應上述加解密方法索引號之一加解密方法;以及使用上述加解密方法解密上述封包中之一資料欄位,以取得位於上述資料欄位中之一資料。The disclosure proposes a device for secure data transmission, including: one or more processors; and one or more computer storage media that stores computer-readable instructions, wherein the processor uses the computer storage media to execute: receive a packet ; Obtain a value in the encryption and decryption method index number field in the above packet; treat the above value as an encryption and decryption method index number to query an encryption and decryption method corresponding to the above encryption and decryption method index number in an encryption and decryption method table ; and use the above-mentioned encryption and decryption method to decrypt one of the data fields in the above-mentioned packet to obtain one of the data located in the above-mentioned data fields.

本揭露提出一種安全資料傳輸的裝置,包括:一或多個處理器;以及一或多個電腦儲存媒體,儲存電腦可讀取指令,其中上述處理器使用上述電腦儲存媒體以執行:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一第一封包;根據上述餘數取得上述加解密方法表格中對應上述餘數之一第一加解密方法;使用上述第一加解密方法加密位於上述第一封包中一第一資料欄位之一第一資料;以及傳送上述第一封包。The present disclosure proposes a device for secure data transmission, including: one or more processors; and one or more computer storage media that stores computer-readable instructions, wherein the above-mentioned processor uses the above-mentioned computer storage media to execute: through a The random number generation circuit generates a random number; divides the above random number by the size of an encryption and decryption method table to obtain a remainder, and writes the above remainder into a first packet; and obtains the corresponding value in the above encryption and decryption method table based on the above remainder. One of the first encryption and decryption methods of the above-mentioned remainder; using the above-mentioned first encryption and decryption method to encrypt the first data located in a first data field in the above-mentioned first packet; and transmit the above-mentioned first packet.

在下文中將參考附圖對本揭露的各方面進行更充分的描述。然而,本揭露可以具體化成許多不同形式且不應解釋為侷限於貫穿本揭露所呈現的任何特定結構或功能。相反地,提供這些方面將使得本揭露周全且完整,並且本揭露將給本領域技術人員充分地傳達本揭露的範圍。基於本文所教導的內容,本領域的技術人員應意識到,無論是單獨還是結合本揭露的任何其它方面實現本文所揭露的任何方面,本揭露的範圍旨在涵蓋本文中所揭露的任何方面。例如,可以使用本文所提出任意數量的裝置或者執行方法來實現。另外,除了本文所提出本揭露的多個方面之外,本揭露的範圍更旨在涵蓋使用其它結構、功能或結構和功能來實現的裝置或方法。應可理解,其可透過申請專利範圍的一或多個元件具體化本文所揭露的任何方面。Aspects of the present disclosure will be described more fully below with reference to the accompanying drawings. This disclosure may, however, be embodied in many different forms and should not be construed as limited to any specific structure or functionality presented throughout this disclosure. Rather, these aspects are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Based on the teachings herein, those skilled in the art will appreciate that the scope of the disclosure is intended to encompass any aspect disclosed herein, whether implemented alone or in combination with any other aspect of the disclosure. For example, it can be implemented using any number of devices or execution methods proposed herein. In addition, in addition to the various aspects of the present disclosure set forth herein, the scope of the present disclosure is intended to include devices or methods implemented using other structures, functions, or structures and functions. It is understood that any aspect disclosed herein may be embodied by one or more elements of the claimed scope.

詞語「示例性」在本文中用於表示「用作示例、實例或說明」。本揭露的任何方面或本文描述為「示例性」的設計不一定被解釋為優選於或優於本揭露或設計的其他方面。此外,相同的數字在所有若干圖示中指示相同的元件,且除非在描述中另有指定,冠詞「一」和「上述」包含複數的參考。The word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any aspect of the disclosure or design described herein as "exemplary" is not necessarily to be construed as preferred or superior to other aspects of the disclosure or design. Furthermore, like numbers refer to like elements throughout the several figures, and the articles "a", "an" and "the above" include plural references unless otherwise specified in the description.

可以理解,當元件被稱為被「連接」或「耦接」至另一元件時,該元件可被直接地連接到或耦接至另一元件或者可存在中間元件。相反地,當該元件被稱為被「直接連接」或「直接耦接」至到另一元件時,則不存在中間元件。用於描述元件之間的關係的其他詞語應以類似方式被解釋(例如,「在…之間」與「直接在…之間」、「相鄰」與「直接相鄰」等方式)。It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. In contrast, when an element is referred to as being "directly connected" or "directly coupled" to another element, there are no intervening elements present. Other words used to describe the relationship between elements should be interpreted in a similar fashion (e.g., "between" versus "directly between," "adjacent" versus "directly adjacent," etc.).

本揭露實施例提供一種安全資料傳輸的方法及裝置,提供多種加解密資料的方式,以進一步提高資料傳輸的安全性。Embodiments of the present disclosure provide a method and device for secure data transmission, and provide multiple methods of encrypting and decrypting data to further improve the security of data transmission.

第1圖係顯示根據本揭露一實施例所述之安全資料傳輸的的系統100之示意圖。如第1圖所示,系統100包括至少具有一傳送裝置110及一接收裝置120。Figure 1 is a schematic diagram showing a system 100 for secure data transmission according to an embodiment of the present disclosure. As shown in FIG. 1 , the system 100 includes at least a transmitting device 110 and a receiving device 120 .

傳送裝置110及接收裝置120係為可支援各種無線存取技術之裝置,例如一行動電話、筆記型電腦、智慧型手機、或平板電腦等裝置。傳送裝置110、接收裝置120與網路130之間的無線通訊係可根據各式無線技術而進行,例如:全球行動通訊系統(Global System for Mobile communications,GSM)技術、通用封包無線服務(General Packet Radio Service,GPRS)技術、全球增強型數據傳輸(Enhanced Data rates for Global Evolution,EDGE)技術、寬頻分碼多工存取(Wideband Code Division Multiple Access,WCDMA)技術、分碼多工存取-2000(Code Division Multiple Access 2000)技術、分時同步分碼多工存取(Time Division-Synchronous Code Division Multiple Access,TD-SCDMA)技術、全球互通微波存取(Worldwide Interoperability for Microwave Access,WiMAX)技術、長期演進(Long Term Evolution,LTE)技術、改良之長期演進(Long Term Evolution Advanced,LTE-A)技術、衛星導航系統(Global Navigation Satellite System,GNSS)技術等等。The transmitting device 110 and the receiving device 120 are devices that can support various wireless access technologies, such as a mobile phone, notebook computer, smart phone, or tablet computer. The wireless communication between the transmitting device 110, the receiving device 120 and the network 130 can be carried out according to various wireless technologies, such as: Global System for Mobile communications (GSM) technology, General Packet Wireless Service (General Packet Wireless Service) Radio Service (GPRS) technology, Enhanced Data rates for Global Evolution (EDGE) technology, Wideband Code Division Multiple Access (WCDMA) technology, Code Division Multiple Access-2000 (Code Division Multiple Access 2000) technology, Time Division-Synchronous Code Division Multiple Access (TD-SCDMA) technology, Worldwide Interoperability for Microwave Access (WiMAX) technology, Long Term Evolution (LTE) technology, improved Long Term Evolution Advanced (LTE-A) technology, Global Navigation Satellite System (GNSS) technology, etc.

傳送裝置110係可藉由一無線的方式連接至網路130,並傳輸包括資料的封包至接收裝置120。The transmitting device 110 can be connected to the network 130 in a wireless manner and transmit packets including data to the receiving device 120 .

接下來,參閱第2圖,第2圖係以另一方式表示根據本揭露一實施例所述之傳送裝置110或接收裝置120對應之裝置200之簡化功能方塊圖。在第2圖中,裝置200可包括一處理器210、一隨機數產生電路220、複數個加解密周邊電路0~n 230、一安全儲存電路240、一儲存電路250及一通訊模組260。Next, refer to Figure 2 , which is another simplified functional block diagram of a device 200 corresponding to the transmitting device 110 or the receiving device 120 according to an embodiment of the present disclosure. In Figure 2, the device 200 may include a processor 210, a random number generation circuit 220, a plurality of encryption and decryption peripheral circuits 0˜n 230, a secure storage circuit 240, a storage circuit 250 and a communication module 260.

安全儲存電路240可為安全靜態隨機存取記憶體(Static Random Access Memory,SRAM)或安全快閃記憶體(FLASH Memory),用以放置加解密方法表格2401。此加解密方法表格2401可事先由使用者先建立,描述欲採用的多種加解密方法和其索引號,並預先儲存至傳送裝置110以及接收裝置120的安全儲存電路240中。The secure storage circuit 240 may be a secure static random access memory (Static Random Access Memory, SRAM) or a secure flash memory (FLASH Memory), and is used to place the encryption and decryption method table 2401. This encryption and decryption method table 2401 can be created in advance by the user, describing the various encryption and decryption methods to be used and their index numbers, and stored in the security storage circuit 240 of the transmitting device 110 and the receiving device 120 in advance.

加解密方法表格2401至少包括加解密方法索引號、加解密周邊以及加解密模式。在另一實施例中,除了加解密方法索引號、加解密周邊以及加解密模式之外,加解密方法表格2401更可包括加解密金鑰以及初始向量。注意的是,加解密方法表格所包括之資訊並不用以限定本揭露,所屬技術領域中具有通常知識者得以根據本實施例作適當更換或調整。The encryption and decryption method table 2401 includes at least the encryption and decryption method index number, encryption and decryption periphery, and encryption and decryption mode. In another embodiment, in addition to the encryption/decryption method index number, encryption/decryption periphery, and encryption/decryption mode, the encryption/decryption method table 2401 may further include an encryption/decryption key and an initial vector. It should be noted that the information included in the encryption and decryption method table does not limit this disclosure, and those with ordinary skill in the art can make appropriate replacements or adjustments based on this embodiment.

儲存電路250用以放置欲傳輸或已接收之封包2501,其中此封包2501至少包括一命令標識欄位(CMD ID)、一加解密方法索引號、一資料(Data)欄位及一循環冗餘校驗欄位(Cyclic redundancy check,CRC)。The storage circuit 250 is used to place the packet 2501 to be transmitted or received, wherein the packet 2501 at least includes a command identification field (CMD ID), an encryption and decryption method index number, a data (Data) field and a cyclic redundancy Check field (Cyclic redundancy check, CRC).

當傳送裝置110及接收裝置120開始進行通訊時,傳送裝置110先使用隨機數產生電路220產生出一隨機數,接著將此隨機數除以加解密方法表格的大小並取其餘數,其中加解密方法表格的大小係對應加解密方法索引號之一數量。傳送裝置110將此隨機餘數寫入到要傳送封包的加解密方法索引號的欄位中。換言之,此餘數係被視為一加解密方法索引號。接著,傳送裝置110查詢加解密方法表格2401,找出此加解密方法索引號所代表的加解密方法,藉由加解密周邊電路將要發送的資料做加密後,就可發送至接收裝置120。When the transmitting device 110 and the receiving device 120 start to communicate, the transmitting device 110 first uses the random number generating circuit 220 to generate a random number, and then divides the random number by the size of the encryption and decryption method table and takes the remainder, where encryption and decryption The size of the method table is the number corresponding to one of the encryption and decryption method index numbers. The transmitting device 110 writes the random remainder into the field of the encryption/decryption method index number of the packet to be transmitted. In other words, this remainder is regarded as an encryption and decryption method index number. Then, the transmitting device 110 queries the encryption and decryption method table 2401 to find out the encryption and decryption method represented by the encryption and decryption method index number. After encrypting the data to be sent by the encryption and decryption peripheral circuit, it can be sent to the receiving device 120 .

當接收裝置120收到傳送裝置110所傳送之封包後,取得加解密方法索引號之欄位中的數值,將上述數值視為一加解密方法索引號,並查詢加解密方法表格,找到對應此加解密方法索引號的加解密方法,並對封包中已加密的資料解密還原,以取得原始資料。After receiving the packet sent by the transmitting device 110, the receiving device 120 obtains the value in the field of the encryption and decryption method index number, regards the above value as an encryption and decryption method index number, and queries the encryption and decryption method table to find the corresponding The encryption and decryption method of the index number is used to decrypt and restore the encrypted data in the packet to obtain the original data.

第3圖及第4圖係顯示根據本揭露一實施例所述之安全資料傳輸的方法流程圖300。第3圖之方法流程可執行於如第1圖所示之傳送裝置110及第2圖之裝置200中,而第4圖之方法流程可執行於如第1圖所示之接收裝置120及第2圖之裝置200中。Figures 3 and 4 are flowcharts 300 showing a secure data transmission method according to an embodiment of the present disclosure. The method flow in Figure 3 can be executed in the transmitting device 110 shown in Figure 1 and the device 200 in Figure 2, and the method flow in Figure 4 can be executed in the receiving device 120 shown in Figure 1 and the device 200 in Figure 2. 2 in the device 200.

在流程開始之前,使用者必須事先規畫並建立加解密方法表格存放在傳送裝置及接收裝置的安全儲存電路中,如第2圖中之安全儲存電路240等,以及將使用各種加解密方法時所需要用到相對應的私鑰和公鑰寫入至安全儲存電路中。若是使用對稱式加解密方法,其密鑰也可以在通訊傳輸過程中隨機產生。傳送裝置及接收裝置後續即可進行傳送和接收封包資料的步驟。Before starting the process, the user must plan and create an encryption and decryption method table in advance and store it in the secure storage circuit of the transmitting device and the receiving device, such as the secure storage circuit 240 in Figure 2, etc., and when various encryption and decryption methods will be used The corresponding private key and public key required are written into the secure storage circuit. If a symmetric encryption and decryption method is used, the key can also be randomly generated during the communication transmission process. The transmitting device and the receiving device can then perform the steps of transmitting and receiving packet data.

傳送封包的步驟流程如第3圖所示。在步驟S305中,傳送裝置藉由一隨機數產生電路產生一隨機數。接著,在步驟S310中,傳送裝置藉由一處理器將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一封包,其中上述餘數係被寫入至上述封包中一加解密方法索引號欄位中。The step-by-step process of transmitting packets is shown in Figure 3. In step S305, the transmitting device generates a random number through a random number generating circuit. Next, in step S310, the transmitting device uses a processor to divide the random number by the size of an encryption and decryption method table to obtain a remainder, and writes the remainder into a packet, where the remainder is written into The encryption and decryption method index number field in the above packet.

再來,在步驟S315中,傳送裝置藉由處理器根據上述餘數取得上述加解密方法表格中對應上述餘數之一加解密方法。更詳細地說明,傳送裝置將上述餘數視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之上述加解密方法。Next, in step S315, the transmitting device uses the processor to obtain one of the encryption and decryption methods corresponding to the remainder in the encryption and decryption method table according to the remainder. To explain in more detail, the transmitting device regards the remainder as an encryption and decryption method index number to query the encryption and decryption method corresponding to the encryption and decryption method index number in the encryption and decryption method table.

在步驟S320中,傳送裝置藉由對應上述加解密方法之加解密周邊電路使用上述加解密方法加密位於上述封包中一資料欄位之一資料。在步驟S325中,傳送裝置藉由通訊模組傳送上述封包至接收裝置。In step S320, the transmitting device uses the encryption and decryption method to encrypt data located in a data field in the packet by using the encryption and decryption peripheral circuit corresponding to the encryption and decryption method. In step S325, the transmitting device transmits the packet to the receiving device through the communication module.

在此一實施例中,上述加解密方法表格的大小係對應加解密方法索引號之一數量。In this embodiment, the size of the encryption and decryption method table corresponds to a number of encryption and decryption method index numbers.

接收封包的步驟流程如第4圖所示。在步驟S405中,接收裝置藉由一通訊模組接收到來自傳送裝置的一封包。The step flow of receiving packets is shown in Figure 4. In step S405, the receiving device receives a packet from the transmitting device through a communication module.

接著,在步驟S410中,接收裝置藉由一處理器取得上述封包內一加解密方法索引號欄位中之一數值。Next, in step S410, the receiving device uses a processor to obtain a value in an encryption and decryption method index field in the packet.

再來,在步驟S415中,接收裝置藉由處理器將上述數值視為一加解密方法索引號,以查詢一加解密方法表格中對應上述加解密方法索引號之一加解密方法。Next, in step S415, the receiving device uses the processor to regard the above value as an encryption and decryption method index number to query an encryption and decryption method table for an encryption and decryption method corresponding to the above encryption and decryption method index number.

更詳細地說明,接收裝置係先將封包寫入至儲存電路中,並取得封包內加解密方法索引號欄位的數值,以此數值為索引號,至加解密方法表格中查詢其對應的加解密方法。To explain in more detail, the receiving device first writes the packet into the storage circuit, and obtains the value of the encryption and decryption method index number field in the packet. This value is used as the index number to query the corresponding encryption method in the encryption and decryption method table. Decryption method.

最後,在步驟S420中,接收裝置藉由對應上述加解密方法之加解密周邊電路使用上述加解密方法解密上述封包中之一資料欄位,以取得位於上述資料欄位中之一資料。Finally, in step S420, the receiving device uses the encryption and decryption method to decrypt one of the data fields in the packet by using the encryption and decryption peripheral circuit corresponding to the encryption and decryption method to obtain one of the data in the data field.

第5A圖係顯示根據本揭露一實施例所述之加解密方法表格510,此加解密方法表格510係為使用者預先定義由傳送裝置所使用之加解密方法表格。第5B圖係顯示根據本揭露一實施例所述之加解密方法表格520,此加解密方法表格520係為使用者預先定義由接收裝置所使用之加解密方法表格。可以理解的是,傳送裝置亦可作為接收裝置,而接收裝置亦可作為傳送裝置使用。Figure 5A shows an encryption and decryption method table 510 according to an embodiment of the present disclosure. This encryption and decryption method table 510 is a user-predefined encryption and decryption method table used by the transmission device. Figure 5B shows an encryption and decryption method table 520 according to an embodiment of the present disclosure. This encryption and decryption method table 520 is a user-predefined encryption and decryption method table used by the receiving device. It can be understood that the transmitting device can also be used as a receiving device, and the receiving device can also be used as a transmitting device.

如第5A圖及5B圖所示,傳送裝置和接收裝置所定義的加解密方法索引號所對應的加解密方法和加解密方法表格的大小必須是相同的。加解密方法索引號0對應的加解密方法為AES ECB模式,且傳送裝置和接收裝置是使用相同的私鑰「Key AES0」進行加解密。加解密方法索引號1對應的加解密方法為RSA。而在非對稱式的加解密方法中,由於傳送裝置和接收裝置使用的加解密鑰匙是不同的,是採用一對私鑰和公鑰來做加解密,加密是用私鑰而解密是用公鑰,所以傳送裝置使用加解密方法索引號1的RSA來進行加密時是使用私鑰「Key Pri0A」,而當接收裝置接收到封包時則要使用公鑰「Key Pub0A」來進行解密。反之,接收裝置作為傳送裝置,而傳送裝置作為接收裝置時,接收裝置可使用加解密方法索引號1的RSA中的私鑰 「Key Pri1B」進行加密。當傳送裝置收到封包時則要使用公鑰「Key Pub1B」來進行解密。加解密方法索引號2對應的加解密方法為AES CFB模式,傳送裝置及接收裝置是使用相同的私鑰「Key AES1」和一初始向量(Initial Vector,IV)0進行資料的加解密。 As shown in Figures 5A and 5B, the sizes of the encryption and decryption methods and the encryption and decryption method tables corresponding to the encryption and decryption method index numbers defined by the transmitting device and the receiving device must be the same. The encryption and decryption method corresponding to the encryption and decryption method index number 0 is AES ECB mode, and the transmitting device and the receiving device use the same private key "Key AES 0" for encryption and decryption. The encryption and decryption method corresponding to the encryption and decryption method index number 1 is RSA. In the asymmetric encryption and decryption method, since the encryption and decryption keys used by the transmitting device and the receiving device are different, a pair of private key and public key are used for encryption and decryption. The private key is used for encryption and the public key is used for decryption. key, so when the transmitting device uses RSA with encryption and decryption method index number 1 to encrypt, it uses the private key "Key Pri 0A", and when the receiving device receives the packet, it uses the public key "Key Pub 0A" to decrypt. On the contrary, when the receiving device serves as the transmitting device and the transmitting device serves as the receiving device, the receiving device can use the private key "Key Pri 1B" in RSA with encryption and decryption method index number 1 for encryption. When the transmitting device receives the packet, it uses the public key "Key Pub 1B" to decrypt it. The encryption and decryption method corresponding to the encryption and decryption method index number 2 is AES CFB mode. The transmitting device and the receiving device use the same private key "Key AES 1" and an initial vector (Initial Vector, IV) 0 to encrypt and decrypt data.

在另一實施例中,加解密方法表格中的加解密方法所使用到的私鑰和公鑰也可以和加解密方法表格分開放置。例如,私鑰和公鑰被放置到其他安全儲存電路中,像是專用的金鑰儲存中心(Key store)。In another embodiment, the private keys and public keys used by the encryption and decryption methods in the encryption and decryption method table can also be placed separately from the encryption and decryption method table. For example, private and public keys are placed in other secure storage circuits, such as dedicated key stores.

在又一實施例中,若裝置只有一個加解密周邊電路時,則加解密方法表格可以包括相同加解密方法但是採用不同的加解密模式,或是採用相同的加解密方法但是使用不同的私鑰和公鑰。In another embodiment, if the device has only one encryption and decryption peripheral circuit, the encryption and decryption method table may include the same encryption and decryption methods but using different encryption and decryption modes, or the same encryption and decryption methods but using different private keys. and public key.

第6圖係顯示根據本揭露一實施例所述之安全資料傳輸的方法的實施範例示意圖。圖中裝置A和裝置B係可為第1圖所示之傳送裝置110或接收裝置120,或是第2圖之裝置200。此外,裝置A和裝置B所傳送之封包格式係如第2圖之封包2501所定義,且裝置A係使用第5A圖中之加解密方法表格510,而裝置B係使用第5B圖中之加解密方法表格520。FIG. 6 is a schematic diagram showing an implementation example of a secure data transmission method according to an embodiment of the present disclosure. Device A and device B in the figure may be the transmitting device 110 or the receiving device 120 shown in Figure 1, or the device 200 shown in Figure 2. In addition, the packet format transmitted by device A and device B is as defined by packet 2501 in Figure 2, and device A uses the encryption and decryption method table 510 in Figure 5A, while device B uses the encryption method table 510 in Figure 5B. Decryption method form 520.

在第6圖(a)中的封包1為裝置A發送CMD ID=1的請求封包給裝置B。首先,裝置A的隨機數產生電路生成一隨機數7,除以加解密方法表格510的大小3(即,加解密方法索引號之數量),取得餘數1(即,加解密方法索引號為1),並將餘數寫入至封包1中的加解密方法索引號欄位中。裝置A根據加解密方法索引號1找出在加解密方法表格510中對應加解密方法索引號1之加解密方法為RSA加解密方法。裝置A接著使用私鑰「Key Pri0A」加密封包1內位於資料欄位的「Data 0」成為加密資料「Cipher 0」,並發送封包1至裝置B。裝置B接收到封包1後,先取得封包1內加解密方法索引號欄位中之數值1,並將數值1視為加解密方法索引號1。裝置B接著找出在加解密方法表格520中對應加解密方法索引號1之加解密方法為RSA加解密方法,並使用公鑰「Key Pub0A」來對加密資料「Cipher 0」進行解密,得到原始資料「Data 0」。 Packet 1 in Figure 6(a) is device A sending a request packet with CMD ID=1 to device B. First, the random number generation circuit of device A generates a random number 7, divides it by the size 3 of the encryption and decryption method table 510 (ie, the number of encryption and decryption method index numbers), and obtains the remainder 1 (ie, the encryption and decryption method index number is 1 ), and write the remainder into the encryption and decryption method index number field in packet 1. Device A finds out based on the encryption and decryption method index number 1 that the encryption and decryption method corresponding to the encryption and decryption method index number 1 in the encryption and decryption method table 510 is the RSA encryption and decryption method. Device A then uses the private key "Key Pri 0A" to encrypt "Data 0" located in the data field in packet 1 to become the encrypted data "Cipher 0", and sends packet 1 to device B. After receiving packet 1, device B first obtains the value 1 in the encryption and decryption method index number field in packet 1, and regards the value 1 as the encryption and decryption method index number 1. Device B then finds out that the encryption and decryption method corresponding to the encryption and decryption method index number 1 in the encryption and decryption method table 520 is the RSA encryption and decryption method, and uses the public key "Key Pub 0A" to decrypt the encrypted data "Cipher 0" to obtain Original data "Data 0".

在第6圖(b)的封包2為裝置B發送CMD ID=1的響應封包給裝置A。首先,裝置B的隨機數產生電路生成一隨機數12,除以加解密方法表格520的大小3(即,加解密方法索引號之數量),取得餘數0(即,加解密方法索引號為0),並將餘數寫入至封包2中的加解密方法索引號欄位中。裝置B根據加解密方法索引號0找出在加解密方法表格500中對應加解密方法索引號0之加解密方法為AES ECB加解密方法。裝置B接著使用私鑰「Key AES0」加密封包2內位於資料欄位的「Data 1」成為加密資料「Cipher 1」,並發送封包2至裝置A。裝置A接收到封包2後,先取得封包2內加解密方法索引號欄位中之數值0,並將數值0視為加解密方法索引號0。裝置A接著找出在加解密方法表格510中對應加解密方法索引號0之加解密方法為AES ECB加解密方法,並使用相同的私鑰「Key AES0」來對加密資料「Cipher 1」進行解密,得到原始資料「Data 1」。 In packet 2 in Figure 6(b), device B sends a response packet with CMD ID=1 to device A. First, the random number generation circuit of device B generates a random number 12, divides it by the size 3 of the encryption and decryption method table 520 (that is, the number of encryption and decryption method index numbers), and obtains the remainder 0 (that is, the encryption and decryption method index number is 0 ), and write the remainder into the encryption and decryption method index number field in packet 2. Device B finds out based on the encryption and decryption method index number 0 that the encryption and decryption method corresponding to the encryption and decryption method index number 0 in the encryption and decryption method table 500 is the AES ECB encryption and decryption method. Device B then uses the private key "Key AES 0" to encrypt "Data 1" located in the data field in packet 2 to become the encrypted data "Cipher 1", and sends packet 2 to device A. After receiving packet 2, device A first obtains the value 0 in the encryption and decryption method index number field in packet 2, and regards the value 0 as the encryption and decryption method index number 0. Device A then finds out that the encryption and decryption method corresponding to encryption and decryption method index number 0 in the encryption and decryption method table 510 is the AES ECB encryption and decryption method, and uses the same private key "Key AES 0" to encrypt the data "Cipher 1". Decrypt and obtain the original data "Data 1".

在第6圖(c)中的封包3為裝置A發送CMD ID=2的請求封包給裝置B。首先,裝置A的隨機數產生電路生成一隨機數32,除以加解密方法表格510的大小3(即,加解密方法索引號之數量),取得餘數2(即,加解密方法索引號為2),並將餘數寫入至封包3中的加解密方法索引號欄位中。裝置A根據加解密方法索引號2找出在加解密方法表格510中對應加解密方法索引號2之加解密方法為AES CFB加解密方法。裝置A接著使用私鑰「Key AES1」和「IV0」加密封包3內位於資料欄位的「Data 2」成為加密資料「Cipher 2」,並發送封包3至裝置B。裝置B接收到封包3後,先取得封包3內加解密方法索引號欄位中之數值2,並將數值2視為加解密方法索引號2。裝置B接著找出在加解密方法表格520中對應加解密方法索引號2之加解密方法為AES CFB加解密方法,並使用相同的私鑰「Key AES1」和「IV0」來對加密資料「Cipher 2」進行解密,得到原始資料「Data 2」。 Packet 3 in Figure 6(c) is device A sending a request packet with CMD ID=2 to device B. First, the random number generation circuit of device A generates a random number 32, divides it by the size 3 of the encryption and decryption method table 510 (that is, the number of encryption and decryption method index numbers), and obtains the remainder 2 (that is, the encryption and decryption method index number is 2 ), and write the remainder into the encryption and decryption method index number field in packet 3. Device A finds out based on the encryption and decryption method index number 2 that the encryption and decryption method corresponding to the encryption and decryption method index number 2 in the encryption and decryption method table 510 is the AES CFB encryption and decryption method. Device A then uses the private key "Key AES 1" and "IV0" to encrypt "Data 2" located in the data field in sealed packet 3 to become the encrypted data "Cipher 2", and sends packet 3 to device B. After receiving packet 3, device B first obtains the value 2 in the encryption and decryption method index number field in packet 3, and regards the value 2 as the encryption and decryption method index number 2. Device B then finds out that the encryption and decryption method corresponding to encryption and decryption method index number 2 in the encryption and decryption method table 520 is the AES CFB encryption and decryption method, and uses the same private keys "Key AES 1" and "IV0" to encrypt the data. Cipher 2" is decrypted to obtain the original data "Data 2".

在第6圖(d)中的封包4為裝置B發送CMD ID=2的響應封包給裝置A。首先,裝置B的隨機數產生電路生成一隨機數67,除以加解密方法表格520的大小3(即,加解密方法索引號之數量),取得餘數1(即,加解密方法索引號為1),並將餘數寫入至封包4中的加解密方法索引號欄位中。裝置B根據加解密方法索引號1找出在加解密方法表格520中對應加解密方法索引號1之加解密方法為RSA加解密方法。裝置B接著使用私鑰「Key Pri1B」加密封包4內位於資料欄位的「Data 3」成為加密資料「Cipher 3」,並發送封包4至裝置A。裝置A接收到封包4後,先取得封包4內加解密方法索引號欄位中之數值1,並將數值1視為加解密方法索引號1。裝置A接著找出在加解密方法表格510中對應加解密方法索引號1之加解密方法為RSA加解密方法,並使用公鑰「Key Pub1B」來對加密資料「Cipher 3」進行解密,得到原始資料「Data 3」。 Packet 4 in Figure 6(d) is device B sending a response packet with CMD ID=2 to device A. First, the random number generation circuit of device B generates a random number 67, divides it by the size 3 of the encryption and decryption method table 520 (that is, the number of encryption and decryption method index numbers), and obtains the remainder 1 (that is, the encryption and decryption method index number is 1 ), and write the remainder into the encryption and decryption method index number field in packet 4. Device B finds out based on the encryption and decryption method index number 1 that the encryption and decryption method corresponding to the encryption and decryption method index number 1 in the encryption and decryption method table 520 is the RSA encryption and decryption method. Device B then uses the private key "Key Pri 1B" to encrypt "Data 3" located in the data field in packet 4 to become encrypted data "Cipher 3", and sends packet 4 to device A. After receiving packet 4, device A first obtains the value 1 in the encryption and decryption method index number field in packet 4, and regards the value 1 as the encryption and decryption method index number 1. Device A then finds out that the encryption and decryption method corresponding to the encryption and decryption method index number 1 in the encryption and decryption method table 510 is the RSA encryption and decryption method, and uses the public key "Key Pub 1B" to decrypt the encrypted data "Cipher 3" to obtain Original data "Data 3".

應能理解的是,在本揭露之封包中「資料(Data)」 欄位的長度定義要考慮到所採用的加解密方法所能支援資料長度限制,必須能適用於加解密方法表格內所有的加解密方法。It should be understood that the length definition of the "Data" field in the packet of this disclosure must take into account the data length limit that the encryption and decryption method used can support, and must be applicable to all the encryption and decryption method tables. Encryption and decryption methods.

此外,裝置200中之處理器210也可執行儲存電路250中之程式碼(圖未顯示)以呈現上述實施例所述之動作和步驟,或其它在說明書中內容之描述。In addition, the processor 210 in the device 200 can also execute the program code (not shown) in the storage circuit 250 to perform the actions and steps described in the above embodiments, or other descriptions in the specification.

因此,透過本揭露一種安全資料傳輸的方法及裝置,在兩個裝置完整的通訊過程中,可隨機採用兩個裝置設定好的多種加解密方法來保護資料的傳輸,增加竊取者攻擊的困難度,獲得更好的機密隱私保全。Therefore, through the disclosed method and device for secure data transmission, during the complete communication process between two devices, a variety of encryption and decryption methods set by the two devices can be randomly used to protect the transmission of data, thereby increasing the difficulty of attacks by thieves. , get better confidentiality and privacy protection.

以上實施例係使用多種角度來描述。顯然這裡的教示可以多種方式呈現,而在範例中揭露之任何特定架構或功能僅為一代表性之狀況。根據本文之教示,任何熟知此技藝之人士應理解在本文呈現之內容可獨立利用其他某種型式或綜合多種型式作不同呈現。舉例說明,可遵照前文中提到任何方式利用某種裝置或某種方法實現。一裝置之實施或一種方式之執行可用任何其他架構、或功能性、又或架構及功能性來實現在前文所討論的一種或多種型式上。The above embodiments are described using various perspectives. Obviously the teachings here may be presented in a variety of ways, and any specific architecture or functionality disclosed in the examples is only a representative situation. Based on the teachings of this article, anyone familiar with this art should understand that the content presented in this article can be presented independently in some other form or in a combination of multiple forms. For example, it can be implemented by using a certain device or a certain method in any of the ways mentioned above. An implementation of a device or a manner of performance may be implemented in any other architecture, functionality, or architecture and functionality in one or more of the manner discussed above.

熟知此技藝之人士將了解訊息及訊號可用多種不同科技及技巧展現。舉例,在以上描述所有可能引用到之數據、指令、命令、訊息、訊號、位元、符號、以及碼片(chip)可以伏特、電流、電磁波、磁場或磁粒、光場或光粒、或以上任何組合所呈現。Those familiar with this art will understand that messages and signals can be presented using a variety of different technologies and techniques. For example, all data, instructions, commands, messages, signals, bits, symbols, and chips that may be referenced in the above description may be volts, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields or light particles, or Any combination of the above is presented.

熟知此技術之人士更會了解在此描述各種說明性之邏輯區塊、模組、處理器、裝置、電路、以及演算步驟與以上所揭露之各種情況可用的電子硬體(例如用來源編碼或其他技術設計之數位實施、類比實施、或兩者之組合)、各種形式之程式或與指示作為連結之設計碼(在內文中為方便而稱作「軟體」或「軟體模組」)、或兩者之組合。為清楚說明此硬體及軟體間之可互換性,多種具描述性之元件、方塊、模組、電路及步驟在以上之描述大致上以其功能性為主。不論此功能以硬體或軟體型式呈現,將視加注在整體系統上之特定應用及設計限制而定。熟知此技藝之人士可為每一特定應用將描述之功能以各種不同方法作實現,但此實現之決策不應被解讀為偏離本文所揭露之範圍。Those familiar with the art will further understand that the various illustrative logic blocks, modules, processors, devices, circuits, and computational steps described herein are related to the electronic hardware (e.g., using source encoding or Digital implementations, analog implementations, or combinations of other technical designs), various forms of programs or design codes linked to instructions (referred to as "software" or "software modules" for convenience in this text), or A combination of the two. To clearly illustrate the interchangeability between hardware and software, various descriptive components, blocks, modules, circuits, and steps are described above generally in terms of their functionality. Whether this functionality is presented in hardware or software form will depend on the specific application and design constraints imposed on the overall system. Persons skilled in the art may implement the described functionality in various ways for each particular application, but such implementation decisions should not be interpreted as departing from the scope of this disclosure.

此外,多種各種說明性之邏輯區塊、模組、及電路以及在此所揭露之各種情況可實施在積體電路(Integrated Circuit,IC)、存取終端、存取點;或由積體電路、存取終端、存取點執行。積體電路可由一般用途處理器、數位訊號處理器(Digital Signal Processor,DSP)、特定應用積體電路(application specific integrated circuit, ASIC)、現場可編程閘列(field programmable gate array, FPGA)或其他可編程邏輯裝置、離散閘(discrete gate)或電晶體邏輯(transistor logic)、離散硬體元件、電子元件、光學元件、機械元件、或任何以上之組合之設計以完成在此文內所描述之功能;並可能執行存在於積體電路內、積體電路外、或兩者皆有之執行碼或指令。一般用途處理器可能是微處理器,但也可能是任何常規處理器、控制器、微控制器、或狀態機。處理器可由電腦設備之組合所構成,例如:數位訊號處理器(DSP)及一微電腦之組合、多組微電腦、一組至多組微電腦以及一數位訊號處理器核心、或任何其他類似之配置。In addition, various illustrative logic blocks, modules, and circuits and the various situations disclosed herein may be implemented on integrated circuits (ICs), access terminals, access points; or by integrated circuits , access terminal, access point execution. Integrated circuits can be composed of general-purpose processors, digital signal processors (DSPs), application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic, discrete hardware components, electronic components, optical components, mechanical components, or any combination thereof designed to accomplish what is described herein Function; and may execute execution code or instructions that exist within the integrated circuit, outside the integrated circuit, or both. A general purpose processor may be a microprocessor, but may also be any conventional processor, controller, microcontroller, or state machine. The processor may be composed of a combination of computer devices, such as a combination of a digital signal processor (DSP) and a microcomputer, multiple sets of microcomputers, one or more sets of microcomputers and a digital signal processor core, or any other similar configuration.

在此所揭露程序之任何具體順序或分層之步驟純為一舉例之方式。基於設計上之偏好,必須了解到程序上之任何具體順序或分層之步驟可在此文件所揭露的範圍內被重新安排。伴隨之方法申請專利範圍以一示範例順序呈現出各種步驟之元件,也因此不應被本發明說明書所展示之特定順序或階層所限制。Any specific sequence or layering of steps in the process disclosed herein is provided by way of example only. Based on design preferences, it is understood that any specific order or hierarchy of steps in the process may be rearranged within the scope disclosed in this document. The accompanying method claims present elements of the various steps in an exemplary order and therefore should not be limited to the specific order or hierarchy presented in the description of the invention.

本發明之說明書所揭露之方法和演算法之步驟,可以直接透過執行一處理器直接應用在硬體以及軟體模組或兩者之結合上。一軟體模組(包括執行指令和相關數據)和其它數據可儲存在數據記憶體中,像是隨機存取記憶體(Random Access Memory,RAM)、快閃記憶體(Flash Memory)、唯讀記憶體(Read-Only Memory,ROM)、可抹除可規化唯讀記憶體(EPROM)、電子抹除式可複寫唯讀記憶體(Electrically-Erasable Programmable Read-Only Memory,EEPROM)、暫存器、硬碟、可攜式硬碟、光碟唯讀記憶體(Compact Disc Read-Only Memory,CD-ROM)、數位視頻光碟(Digital Video Disc,DVD)或在此領域習之技術中任何其它電腦可讀取之儲存媒體格式。一儲存媒體可耦接至一機器裝置,舉例來說,像是電腦∕處理器(爲了說明之方便,在本說明書以處理器來表示),上述處理器可透過來讀取資訊(像是程式碼),以及寫入資訊至儲存媒體。一儲存媒體可整合一處理器。一特殊應用積體電路(ASIC)包括處理器和儲存媒體。一使用者設備則包括一特殊應用積體電路。換句話說,處理器和儲存媒體以不直接連接使用者設備的方式,包含於使用者設備中。此外,在一些實施例中,任何適合電腦程序之產品包括可讀取之儲存媒體,其中可讀取之儲存媒體包括一或多個所揭露實施例相關之程式碼。而在一些實施例中,電腦程序之產品可以包括封裝材料。The methods and algorithm steps disclosed in the specification of the present invention can be directly applied to hardware and software modules or a combination of both by executing a processor. A software module (including execution instructions and related data) and other data can be stored in data memory, such as random access memory (Random Access Memory, RAM), flash memory (Flash Memory), read-only memory (Read-Only Memory, ROM), Erasable Programmable Read-Only Memory (EPROM), Electronically Erasable Programmable Read-Only Memory (EEPROM), Temporary Register , hard drive, portable hard drive, Compact Disc Read-Only Memory (CD-ROM), Digital Video Disc (DVD) or any other computer in the technology practiced in this field. The storage media format to be read. A storage medium can be coupled to a machine device, such as a computer/processor (for convenience of explanation, referred to as a processor in this specification), through which the processor can read information (such as a program code), and write information to the storage medium. A storage medium can integrate a processor. An application specific integrated circuit (ASIC) includes a processor and storage media. A user equipment includes an application special integrated circuit. In other words, the processor and the storage medium are included in the user equipment in a manner that is not directly connected to the user equipment. Additionally, in some embodiments, any product suitable for a computer program includes a readable storage medium, where the readable storage medium includes one or more program codes related to the disclosed embodiments. In some embodiments, the computer program product may include packaging materials.

在此所揭露程序之任何具體順序或分層之步驟純為一舉例之方式。基於設計上之偏好,必須了解到程序上之任何具體順序或分層之步驟可在此文件所揭露的範圍內被重新安排。伴隨之方法權利要求以一示例順序呈現出各種步驟之元件,也因此不應被此所展示之特定順序或階層所限制。Any specific sequence or layering of steps in the process disclosed herein is provided by way of example only. Based on design preferences, it is understood that any specific order or hierarchy of steps in the process may be rearranged within the scope disclosed in this document. The accompanying method claims present elements of the various steps in a sample order and therefore should not be limited to the specific order or hierarchy presented.

雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何熟習此技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention has been disclosed above in terms of preferred embodiments, they are not intended to limit the present invention. Anyone skilled in the art may make some modifications and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of protection shall be subject to the scope of the patent application attached.

100:系統 110:傳送裝置 120:接收裝置 130:電子裝置 200:裝置 210:處理器 220:隨機數產生電路 230:加解密周邊電路0~n 240:安全儲存電路 2401:加解密方法表格 250:儲存電路 2501:封包 300:方法流程圖 S305,S310,S315,S320,S325:步驟 400:方法流程圖 S405,S410,S415,S420:步驟 510:加解密方法表格 520:加解密方法表格 100:System 110:Transmission device 120: Receiving device 130: Electronic devices 200:Device 210: Processor 220: Random number generation circuit 230: Encryption and decryption peripheral circuit 0~n 240:Safe storage circuit 2401: Encryption and decryption method table 250:Storage circuit 2501: Packet 300:Method flow chart S305, S310, S315, S320, S325: steps 400:Method flow chart S405, S410, S415, S420: steps 510: Encryption and decryption method table 520: Encryption and decryption method table

第1圖係顯示根據本揭露一實施例所述之安全資料傳輸的系統之示意圖。 第2圖係以另一方式表示根據本揭露一實施例所述之傳送裝置或接收裝置對應之裝置之簡化功能方塊圖。 第3圖係顯示根據本揭露一實施例所述之安全資料傳輸的方法流程圖。 第4圖係顯示根據本揭露一實施例所述之安全資料傳輸的方法流程圖。 第5A圖係顯示根據本揭露一實施例所述之加解密方法表格。 第5B圖係顯示根據本揭露一實施例所述之加解密方法表格。 第6圖係顯示根據本揭露一實施例所述之安全資料傳輸的方法的實施範例示意圖。 Figure 1 is a schematic diagram showing a system for secure data transmission according to an embodiment of the present disclosure. Figure 2 is another way of showing a simplified functional block diagram of a device corresponding to a transmitting device or a receiving device according to an embodiment of the present disclosure. Figure 3 is a flow chart showing a secure data transmission method according to an embodiment of the present disclosure. FIG. 4 is a flow chart showing a secure data transmission method according to an embodiment of the present disclosure. Figure 5A shows a table of encryption and decryption methods according to an embodiment of the present disclosure. Figure 5B shows a table of encryption and decryption methods according to an embodiment of the present disclosure. FIG. 6 is a schematic diagram showing an implementation example of a secure data transmission method according to an embodiment of the present disclosure.

300:方法流程圖 300:Method flow chart

S305,S310,S315,S320,S325:步驟 S305, S310, S315, S320, S325: steps

Claims (8)

一種安全資料傳輸的方法,用於一傳送裝置,包括:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一封包,其中上述加解密方法表格的大小係對應一加解密方法數量;根據上述餘數取得上述加解密方法表格中對應上述餘數之一加解密方法;使用上述加解密方法加密位於上述封包中一資料欄位之一資料;以及傳送上述封包。 A secure data transmission method for a transmission device, including: generating a random number through a random number generation circuit; dividing the random number by the size of an encryption and decryption method table to obtain a remainder, and writing the remainder Enter a packet, in which the size of the above-mentioned encryption and decryption method table corresponds to the number of encryption and decryption methods; obtain one of the encryption and decryption methods corresponding to the above-mentioned remainder in the above-mentioned encryption and decryption method table based on the above-mentioned remainder; use the above-mentioned encryption and decryption method to encrypt the information in the above-mentioned packet one data field; and transmit the above packet. 一種安全資料傳輸的方法,用於一接收裝置,包括:接收一封包;取得上述封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢一加解密方法表格中對應上述加解密方法索引號之一加解密方法;以及使用上述加解密方法解密上述封包中之一資料欄位,以取得位於上述資料欄位中之一資料。 A secure data transmission method for a receiving device, including: receiving a packet; obtaining a value in an encryption and decryption method index number field in the packet; treating the above value as an encryption and decryption method index number for query An encryption and decryption method corresponding to the index number of the above-mentioned encryption and decryption method in the encryption and decryption method table; and using the above-mentioned encryption and decryption method to decrypt one of the data fields in the above-mentioned packet to obtain one of the data located in the above-mentioned data fields. 一種安全資料傳輸的方法,包括:藉由一隨機數產生電路產生一隨機數; 將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一第一封包,其中上述加解密方法表格的大小係對應一加解密方法數量;根據上述餘數取得上述加解密方法表格中對應上述餘數之一第一加解密方法;使用上述第一加解密方法加密位於上述第一封包中一第一資料欄位之一第一資料;以及傳送上述第一封包。 A method for secure data transmission, including: generating a random number through a random number generating circuit; Divide the above random number by the size of an encryption and decryption method table to obtain a remainder, and write the above remainder into a first packet, where the size of the above encryption and decryption method table corresponds to the number of encryption and decryption methods; obtained according to the above remainder One of the first encryption and decryption methods corresponding to the above remainder in the above-mentioned encryption and decryption method table; using the above-mentioned first encryption and decryption method to encrypt the first data located in a first data field in the above-mentioned first packet; and transmitting the above-mentioned first packet. 如請求項3之安全資料傳輸的方法,其中根據上述餘數取得上述加解密方法表格中對應上述餘數之上述第一加解密方法更包括:將上述餘數視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之上述第一加解密方法。 For example, the secure data transmission method of claim 3, wherein obtaining the first encryption and decryption method corresponding to the above remainder in the above encryption and decryption method table based on the above remainder further includes: treating the above remainder as an encryption and decryption method index number to query the above The above-mentioned first encryption and decryption method corresponding to the above-mentioned encryption and decryption method index number in the encryption and decryption method table. 一種安全資料傳輸的裝置,包括:一或多個處理器;以及一或多個電腦儲存媒體,儲存電腦可讀取指令,其中上述處理器使用上述電腦儲存媒體以執行:接收一封包;取得上述封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢一加解密方法表格中對應上述加解密方法索引號之一加解密方法;以及使用上述加解密方法解密上述封包中之一資料欄位,以取得位於上述資料欄位中之一資料。 A device for secure data transmission, including: one or more processors; and one or more computer storage media, which store computer-readable instructions, wherein the above-mentioned processor uses the above-mentioned computer storage media to execute: receive a packet; obtain the above-mentioned A value in an encryption and decryption method index number field in the packet; treat the above value as an encryption and decryption method index number to query an encryption and decryption method corresponding to the above encryption and decryption method index number in an encryption and decryption method table; and use The above encryption and decryption method decrypts one of the data fields in the above packet to obtain one of the data located in the above data field. 一種安全資料傳輸的裝置,包括: 一或多個處理器;以及一或多個電腦儲存媒體,儲存電腦可讀取指令,其中上述處理器使用上述電腦儲存媒體以執行:藉由一隨機數產生電路產生一隨機數;將上述隨機數除以一加解密方法表格的大小,得到一餘數,並將上述餘數寫入至一第一封包,其中上述加解密方法表格的大小係對應一加解密方法數量;根據上述餘數取得上述加解密方法表格中對應上述餘數之一第一加解密方法;使用上述第一加解密方法加密位於上述第一封包中一第一資料欄位之一第一資料;以及傳送上述第一封包。 A device for secure data transmission, including: One or more processors; and one or more computer storage media storing computer-readable instructions, wherein the above-mentioned processor uses the above-mentioned computer storage media to execute: generate a random number through a random number generation circuit; convert the above random number Divide the number by the size of an encryption and decryption method table to obtain a remainder, and write the above remainder to a first packet, where the size of the above encryption and decryption method table corresponds to the number of encryption and decryption methods; obtain the above encryption and decryption based on the above remainder One of the first encryption and decryption methods corresponding to the above-mentioned remainder in the method table; using the above-mentioned first encryption and decryption method to encrypt one of the first data located in a first data field in the above-mentioned first packet; and transmitting the above-mentioned first packet. 如請求項6之安全資料傳輸的裝置,其中上述餘數係被寫入至上述第一封包中一加解密方法索引號欄位中。 For example, in the secure data transmission device of claim 6, the remainder is written into an encryption and decryption method index number field in the first packet. 如請求項6之安全資料傳輸的裝置,其中上述處理器使用上述電腦儲存媒體更執行:接收一第二封包;取得上述第二封包內一加解密方法索引號欄位中之一數值;將上述數值視為一加解密方法索引號,以查詢上述加解密方法表格中對應上述加解密方法索引號之一第二加解密方法;以及使用上述第二加解密方法解密上述第二封包中之一第二資料欄位,以取得位於上述第二資料欄位中之一第二資料。 For example, the secure data transmission device of claim 6, wherein the processor uses the computer storage medium to further execute: receive a second packet; obtain a value in an encryption and decryption method index number field in the second packet; convert the above The numerical value is regarded as an encryption and decryption method index number to query one of the second encryption and decryption methods corresponding to the above-mentioned encryption and decryption method index numbers in the above-mentioned encryption and decryption method table; and use the above-mentioned second encryption and decryption method to decrypt one of the above-mentioned second packets. two data fields to obtain the second data located in one of the above-mentioned second data fields.
TW110149589A 2021-12-30 2021-12-30 Method and device for a secure data transmission TWI823223B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW110149589A TWI823223B (en) 2021-12-30 2021-12-30 Method and device for a secure data transmission
CN202211142092.8A CN116418549A (en) 2021-12-30 2022-09-20 Method and device for secure data transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110149589A TWI823223B (en) 2021-12-30 2021-12-30 Method and device for a secure data transmission

Publications (2)

Publication Number Publication Date
TW202327312A TW202327312A (en) 2023-07-01
TWI823223B true TWI823223B (en) 2023-11-21

Family

ID=87052069

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110149589A TWI823223B (en) 2021-12-30 2021-12-30 Method and device for a secure data transmission

Country Status (2)

Country Link
CN (1) CN116418549A (en)
TW (1) TWI823223B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI676898B (en) * 2013-12-09 2019-11-11 安然國際科技有限公司 Decentralized memory disk cluster storage system operation method
TW202026932A (en) * 2018-12-28 2020-07-16 新唐科技股份有限公司 Cryptographic apparatus and cryptographic processing method thereof using message blinding

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI676898B (en) * 2013-12-09 2019-11-11 安然國際科技有限公司 Decentralized memory disk cluster storage system operation method
TW202026932A (en) * 2018-12-28 2020-07-16 新唐科技股份有限公司 Cryptographic apparatus and cryptographic processing method thereof using message blinding

Also Published As

Publication number Publication date
CN116418549A (en) 2023-07-11
TW202327312A (en) 2023-07-01

Similar Documents

Publication Publication Date Title
US8107621B2 (en) Encrypted file system mechanisms
CN111133720B (en) Method and apparatus for securely communicating between devices
US11308241B2 (en) Security data generation based upon software unreadable registers
US20080320263A1 (en) Method, system, and apparatus for encrypting, integrity, and anti-replay protecting data in non-volatile memory in a fault tolerant manner
EP3667535B1 (en) Storage data encryption and decryption device and method
JP2020535693A (en) Storage data encryption / decryption device and method
JP6293673B2 (en) System and method for secure communication
EP2538366B1 (en) Generating secure device secret key
CN102904712A (en) Information encrypting method
US20190260587A1 (en) Security authentication method and system, and integrated circuit
WO2019127265A1 (en) Blockchain smart contract-based data writing method, device and storage medium
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
US11405202B2 (en) Key processing method and apparatus
TW202242693A (en) System, method and apparatus for total storage encryption
WO2021129557A1 (en) File encryption method and related apparatus
CN104902138A (en) ENCRYPTION/DECRYPTION SYSTEM and its control method
US20050138403A1 (en) Data encryption in a symmetric multiprocessor electronic apparatus
EP2065830B1 (en) System and method of controlling access to a device
TWI823223B (en) Method and device for a secure data transmission
GB2541975B (en) Data protection device and data protection method thereof
US11550927B2 (en) Storage data encryption/decryption apparatus and method
CN106921488B (en) Label data encryption method and label data decryption method
KR101668995B1 (en) Cryptographic device, system and method for security authentication using the same
US20230208821A1 (en) Method and device for protecting and managing keys
WO2019082526A1 (en) Portable electronic device and ic module