CN105337728A - Data encryption method and system - Google Patents

Data encryption method and system Download PDF

Info

Publication number
CN105337728A
CN105337728A CN201510713197.8A CN201510713197A CN105337728A CN 105337728 A CN105337728 A CN 105337728A CN 201510713197 A CN201510713197 A CN 201510713197A CN 105337728 A CN105337728 A CN 105337728A
Authority
CN
China
Prior art keywords
data
pseudo random
random sequence
module
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510713197.8A
Other languages
Chinese (zh)
Inventor
吴萌萌
陈迎春
吴沙
王鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yake Hongyu Electronics Co.,Ltd.
Original Assignee
JINAN ZHIXIN INTEGRATED CIRCUIT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JINAN ZHIXIN INTEGRATED CIRCUIT TECHNOLOGY Co Ltd filed Critical JINAN ZHIXIN INTEGRATED CIRCUIT TECHNOLOGY Co Ltd
Priority to CN201510713197.8A priority Critical patent/CN105337728A/en
Publication of CN105337728A publication Critical patent/CN105337728A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data encryption method and system. The method includes the following steps that: data of a set size are extracted from the load part of a TS data packet according to a first pseudo random sequence, and the data of a set size is adopted as data to be encrypted; the extracted data to be encrypted are encrypted through a second pseudo random sequence, so that encrypted data can be obtained; and the encrypted data and unencrypted data in the TS data packet are outputted synchronously. With the data encryption method and system of the invention adopted, the problems of low processing speed, low efficiency and large occupation quantity of transmission link resources, as well as high load and large power consumption of equipment of existing encryption algorithms can be solved.

Description

A kind of data ciphering method and system
Technical field
The present invention relates to technical field of data processing, particularly relate to a kind of data ciphering method and system.
Background technology
In present network environment, there is many unsafe factors, particularly in data transmission procedure, often occur that data are illegally stolen, cause the leakage of information, the safety of serious threat user.
Usually, in order to ensure the fail safe of transfer of data, in data transmission procedure, rear transmission can be encrypted to data, as: data sending terminal is encrypted rear transmission to data, and data receiver is decrypted process again to obtain initial data after receiving enciphered data.
But also there is many problems in existing data encryption mode: when the order of magnitude of data is larger, and the speed of whole ciphering process will slowly, and processing speed is slow, efficiency is low; And large to the resource occupation amount of transmission link, the load of equipment is high, power consumption is large.
Summary of the invention
The invention provides a kind of data ciphering method and system, to solve, the processing speed that current cryptographic algorithm exists is slow, efficiency is low and the resource occupation amount of transmission link is large, the problem that the load of equipment is high, power consumption is large.
In order to solve the problem, the invention discloses a kind of data ciphering method, comprising:
According to the first pseudo random sequence, from the loading section of TS packet, extract the data of setting size as be-encrypted data;
Be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data;
Clear data in described enciphered data and described TS packet is synchronously exported afterwards.
Alternatively, according to the first pseudo random sequence, the data extracting setting size from the loading section of TS packet, as be-encrypted data, comprising:
Described first pseudo random sequence is generated by the first M sequence generation module;
According to described first pseudo random sequence determination address information;
The data of setting size are extracted as be-encrypted data from the position indicated by address information described in the loading section of described TS packet.
Alternatively, extract the data of setting size from the position indicated by address information described in the loading section of described TS packet as be-encrypted data, comprising:
The data of 128 are extracted as described be-encrypted data from the position indicated by address information described in the loading section of described TS packet; Wherein, described first pseudo random sequence is less than the maximum address of the loading section of described TS packet.
Alternatively, by the second pseudo random sequence, described extraction be-encrypted data is encrypted, obtains enciphered data, comprising:
Described second pseudo random sequence is generated by the second M sequence generation module, and using described second pseudo random sequence of generation as encryption key;
Described encryption key and described be-encrypted data are sent to AES encryption module, according to described encryption key, described be-encrypted data are encrypted to make described AES encryption module;
Obtain the enciphered data that described AES encryption module exports.
Alternatively, generate described second pseudo random sequence by the second M sequence generation module, and using described second pseudo random sequence of generation as encryption key, comprising:
128 pseudo random sequences are generated, using described 128 pseudo random sequences of generation as described encryption key by the second M sequence generation module.
Correspondingly, present invention also offers a kind of data encryption system, comprising:
Extraction module, for according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet;
Encrypting module, for being encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtains enciphered data;
Synchronization module, for synchronously exporting the clear data in described enciphered data and described TS packet afterwards.
Alternatively, extraction module, comprising:
First M sequence generation module, for generating described first pseudo random sequence;
Address information determination module, for according to described first pseudo random sequence determination address information;
Be-encrypted data extraction module, extracts the data of setting size as be-encrypted data for the position indicated by address information described in the loading section from described TS packet.
Alternatively, be-encrypted data extraction module, extracts the data of 128 as described be-encrypted data for the position indicated by address information described in the loading section from described TS packet; Wherein, described first pseudo random sequence is less than the maximum address of the loading section of described TS packet.
Alternatively, encrypting module comprises:
Second M sequence generation module, for described second pseudo random sequence, and using described second pseudo random sequence of generation as encryption key;
Sending module, for being sent to AES encryption module by described encryption key and described be-encrypted data;
AES encryption module, for being encrypted described be-encrypted data according to described encryption key;
Acquisition module, for obtaining the enciphered data that described AES encryption module exports.
Alternatively, the second M sequence generation module, for generating 128 pseudo random sequences, using described 128 pseudo random sequences of generation as described encryption key.
Compared with prior art, the present invention includes following advantage:
In a kind of data ciphering method disclosed by the invention, the data of setting size can be extracted as be-encrypted data from the loading section of TS packet according to the first pseudo random sequence; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present invention, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
In addition, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
Accompanying drawing explanation
Fig. 1 is the flow chart of steps of a kind of data ciphering method in the embodiment of the present invention one;
Fig. 2 is the flow chart of steps of a kind of data ciphering method in the embodiment of the present invention two;
Fig. 3 is a kind of fundamental block diagram realizing the system architecture of the encryption method of audio, video data in the embodiment of the present invention three;
Fig. 4 is the structural representation that in the embodiment of the present invention three, a kind of TS flows package module;
Fig. 5 is the structural representation of a kind of first M sequence generation module in the embodiment of the present invention three;
Fig. 6 is the structural representation of a kind of second M sequence generation module in the embodiment of the present invention three;
Fig. 7 is the structured flowchart of a kind of data encryption system in the embodiment of the present invention four;
Fig. 8 is the structured flowchart of a kind of data encryption system in the embodiment of the present invention five.
Embodiment
For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
Embodiment one
With reference to Fig. 1, show the flow chart of steps of a kind of data ciphering method in the embodiment of the present invention one.In the present embodiment, described data ciphering method can comprise the steps:
Step 102, according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet.
Data ciphering method described in the present embodiment mainly can be applied in the encryption to audio, video data.Wherein, audio, video data specifically can transmit according to TS stream: TransportStream, TS flow, transport stream, other self-defined information data such as video, audio frequency can be packaged into transmission package and carry out subpackage (TS packet) transmission.Bao Changwei 188 bytes (comprising the packet header of 4 byte lengths and the loading section of 184 byte lengths) of each TS packet.
In the present embodiment, the data of certain length size can be selected as be-encrypted data from the loading section of described 184 byte lengths.In order to improve the fail safe of data, can according to the first pseudo random sequence, from the loading section of TS packet, dynamically extract the data of setting size as be-encrypted data, also namely, the position of the data of the setting size of each selective extraction is (unfixed) dynamically determined according to the first pseudo random sequence of stochastic generation.The be-encrypted data of the extraction in TS packet, from random dynamic position place, significantly increases the illegal difficulty decoded.
It should be noted that, pseudo random sequence had both had the stochastic behaviour of random sequence, had again the regularity not available for random sequence, was convenient to repetition and generation, was widely used in every field.
Step 104, is encrypted described be-encrypted data by the second pseudo random sequence, obtains enciphered data.
In the present embodiment, can be encrypted described be-encrypted data based on the cipher mode of pseudo random sequence, to obtain enciphered data.Such as, described second pseudo random sequence can be encrypted as encryption key described be-encrypted data.
Step 106, synchronously exports afterwards by the clear data in described enciphered data and described TS packet.
In the present embodiment, in order to ensure that the data after encrypting can proper solution secret emissary use after data receiver receives, need to carry out exporting again synchronously to the enciphered data of encrypt and clear data.
In sum, the data ciphering method described in the present embodiment can extract the data of setting size as be-encrypted data according to the first pseudo random sequence from the loading section of TS packet; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present embodiment, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
In addition, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
Embodiment two
With reference to Fig. 2, show the flow chart of steps of a kind of data ciphering method in the embodiment of the present invention two.In the present embodiment, described data ciphering method can comprise the steps:
Step 202, according to TS agreement, is encapsulated as TS stream by audio, video data.
In the present embodiment, according to TS agreement, audio, video data can be encapsulated as TS stream, wherein, described TS stream comprises at least one TS packet, and each TS packet transmits with subcontract forms.
Step 204, according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet.
As previously mentioned, comprise at least one TS packet according to the TS stream that audio or video data are determined, audio or video data carry out divided stator frame based at least one TS packet described.
In the present embodiment, the first different pseudo random sequence of stochastic generation can be used to carry out the extraction of be-encrypted data for different TS packets.Also namely, according to each first pseudo random sequence of stochastic generation, the data of setting size can be extracted respectively as be-encrypted data from the loading section of each TS packet.The extracting position of be-encrypted data is dynamic, and the extracting position of the be-encrypted data in each TS packet is incomplete same, greatly improves the fail safe of transfer of data.
Preferably, in the present embodiment, specifically described pseudo random sequence can be generated by the first M sequence generation module.Wherein, M sequence (the most basic PN sequence adopted in cdma system, the abbreviation of longest linear feedback shift register sequence) be a kind of basic sequence the longest with the cycle of linear feedback shift register in pseudo random sequence, the logical circuit using linear feedback shift register to form can produce a large amount of pseudo-random datas.When identical M sequence generator is applied to encryption end and decrypting end simultaneously, identical pseudo random sequence can be produced, thus do not need in the data transmission to transmit described pseudo random sequence, reduce the bandwidth that transport process takies.
Further, in the present embodiment, can according to described first pseudo random sequence determination address information, then extract the data of setting size as be-encrypted data from the position indicated by address information described in the loading section of described TS packet.Such as, using described first pseudo random sequence as initial address or end address, can extract from the loading section of described TS packet and obtain described be-encrypted data.Wherein, the size of described be-encrypted data includes but are not limited to 128.
It should be noted that, in the present embodiment, the size of the loading section of TS packet is generally 184 bytes, then the possible address of the be-encrypted data of described 128 (16 bytes) has 168 kinds, in order to avoid the first pseudo random sequence produced is greater than maximum possible address, can, by the size selecting 7 bit shift register to control pseudo random sequence, also be, the maximum making the first pseudo random sequence of generation is 127, is less than the maximum address of the loading section of described TS packet.Namely all 2 are cycled through in order to reach the longest cycle in described first M sequence generation module 7-1 internal state, needs to have certain tap sequence, and this tap sequence adds that the multinomial that constant 1 is formed is primitive polynomial mould 2.The primitive polynomial mould 2 of 7 bit linear feedback shift registers is (7,3,0) i.e. x 7+ x 3+ 1.All numerals wherein except 0 specify tap sequence, and these taps count from the left side of shift register, feed back to the rightmost of shift register after XOR.
Step 206, is encrypted described be-encrypted data by the second pseudo random sequence, obtains enciphered data.
In the present embodiment, specifically can use M sequence and AES (AdvancedEncryptionStandard, Advanced Encryption Standard, be that a kind of key is symmetrical, data block length and the variable grouping iterative cryptographic algorithm of key length, the length of data block and the length of key can be 128,192 or 256) cryptographic algorithm carries out the encryption of data.
Wherein, the second pseudo random sequence (being also M sequence), the logical circuit that linear feedback shift register can be used to form produces.When identical M sequence generator is applied to encryption end and decrypting end, identical key (the second pseudo random sequence) can be produced simultaneously, thus not need to transmit encryption key in symmetric key encryption algorithm, reduce the bandwidth that transport process takies.
Preferably, in the present embodiment, described step 206 specifically can comprise:
Sub-step 2062, generates described second pseudo random sequence by the second M sequence generation module, and using above-mentioned second pseudo random sequence of generation as encryption key.
Described in front, AES encryption algorithm for the length of data block be generally 128,192 or 256, therefore, in the present embodiment, can generate length by the second M sequence generation module be second pseudo random sequence of 128,192 or 256, being that second pseudo random sequence of 128,192 or 256 is as encryption key by described length.
Preferably, be described for the second random sequence of 128 bit lengths.In the present embodiment, the pseudo random sequence of 128 can be generated by the second M sequence generation module, and using the pseudo random sequence of described 128 as described encryption key.Then, correspondingly, when extracting the be-encrypted data of setting size in the loading section from TS packet, the extraction length of its be-encrypted data also correspondence is 128 (16 bytes).
Wherein, it should be noted that, described second M sequence generation module is constructed by linear feedback shift register equally and forms.To produce the random sequence of 128 as encryption key, then needing 128 registers, namely cycling through all 2 to reach the longest cycle 128-1 internal state, needs to have certain tap sequence, and this tap sequence adds that the multinomial that constant 1 is formed is primitive polynomial mould 2.The primitive polynomial mould 2 of 128 bit linear feedback shift registers is (128,7,2,1,0) i.e. x 128+ x 7+ x 2+ x+1.All numerals wherein except 0 specify tap sequence, and these taps count from the left side of shift register, feed back to the rightmost of shift register after XOR.
Sub-step 2064, is sent to AES encryption module by described encryption key and described be-encrypted data, is encrypted according to described encryption key to make described AES encryption module to described be-encrypted data.
It should be noted that, in the present embodiment, extract by step 204 be-encrypted data obtained and can be kept in the first buffer memory, in TS packet, clear data then can be kept in the second buffer memory.Therefore, be-encrypted data can be extracted from described first buffer memory, then generate based on the second M sequence generation module the encryption key that the second pseudo random sequence determines, adopt AES encryption algorithm to be encrypted the described be-encrypted data obtained from the first buffer memory.
Sub-step 2066, obtains the enciphered data that described AES encryption module exports.
Step 208, synchronously exports afterwards by the clear data in described enciphered data and described TS packet.
As previously mentioned, unencrypted data can be kept in the second buffer memory, therefore clear data can be obtained from described second buffer memory, and the enciphered data that the clear data obtained from described second buffer memory and described AES encryption module export is carried out synchronous, then the data after synchronous are sent to data receiver.
Wherein, in the present embodiment, AES encryption algorithm adopts the encryption key of 128 block lengths and 128 bit lengths to be encrypted, and for the length of 128, total iteration wheel number of aes algorithm is 10, encrypts the time delay that one group of data needs 11 cycles.Therefore in order to ensure the synchronous of data, described synchronization module can by 172 delaying byte data 11 cycles of not encrypted, synchronous with what reach with 16 byte datas through encrypt, the synchronism of guarantee data flow and accuracy.
It should be noted that, the classification of be-encrypted data and clear data stores, and ensure that the accuracy of data encryption process, and the fail safe of transmission link.And, in last data synchronization process, because the clear data of each TS packet can be stored in different buffer memorys, and then the executed in parallel of multiple simultaneous operation can be realized, improve treatment effeciency.
In sum, the data ciphering method described in the present embodiment can extract the data of setting size as be-encrypted data according to the first pseudo random sequence from the loading section of TS packet; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present embodiment, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
Secondly, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
In addition, due to identical M sequence generator be applied to simultaneously encryption end and decrypting end time, identical pseudo random sequence can be produced, therefore, in decrypting end, the decrypting process that identical M sequence generator (the first M sequence generation module and the second M sequence generation module) can complete the enciphered data of transmission is set, do not need to transmit described first pseudo random sequence and the second pseudo random sequence in transmitting procedure, reduce the bandwidth that transport process takies, avoid loss and the leakage of described first pseudo random sequence and the second pseudo random sequence simultaneously, ensure that the fail safe of data.
Embodiment three
In conjunction with above-described embodiment, the present embodiment is described the data ciphering method described in above-described embodiment for the encryption flow for audio, video data.In reconcilable situation, the described encryption flow for audio, video data can combine with the technical characteristic of the data ciphering method described in above-described embodiment.It should be noted that, data ciphering method of the present invention includes but are not limited to the encryption being applied to audio, video data.
With reference to Fig. 3, show a kind of fundamental block diagram realizing the system architecture of the encryption method of audio, video data in the embodiment of the present invention three.In the present embodiment, the encryption of described audio, video data can realize based on the system architecture shown in Fig. 3, wherein, described system architecture can comprise: TS flows package module, first buffer memory, the second buffer memory, the first M sequence generation module, M sequence buffer memory, be-encrypted data extraction module, the second M sequence generation module, AES encryption module, synchronization module, control module.The output that TS flows package module can be connected with the input of described be-encrypted data extraction module, the output of described be-encrypted data extraction module can be connected with the input of the first buffer memory and the second buffer memory respectively, the input of described be-encrypted data extraction module can also be connected with the output of M sequence buffer memory, the input of described M sequence buffer memory is connected with the output of described first M sequence generation module, the input of described AES encryption module then can be connected with the output of the first buffer memory and the second M sequence generation module respectively, the input of described synchronization module can be connected with the output of the second buffer memory and AES encryption module respectively, described control module then can flow package module with TS respectively, be-encrypted data extraction module, first buffer memory, second buffer memory, AES encryption module is connected with synchronization module.
It should be noted that, under the system architecture shown in Fig. 3, the mutual of the data between modules mainly can realize based on both modes: the transmission of data flow and the transmission of control flow check.
In the present embodiment, the described encryption flow for audio, video data specifically can be as follows:
Step S302, flows package module by TS and the video flowing of input and/or audio stream data is converted to TS stream.
With reference to Fig. 4, show a kind of TS in the embodiment of the present invention three and flow the structural representation of package module.In the present embodiment, described TS stream package module specifically can comprise: main control unit, state machine, TS syntactic element generation unit and TS encapsulation unit.
In the present embodiment, TS stream package module may be used for carrying out PES (PacketizedElementaryStream, packetized elementary stream) encapsulation, the encapsulation of TS normal stream to audio/video flow.Wherein, state machine is for control TS bag Element generation order.Control unit can generate the signals such as the self adaptation in state machine redirect control signal and the encapsulation of TS element according to the state of state machine.TS syntactic element generation unit may be used for generating the elements such as TS packet header, and the element generated arranges according to TS agreement.The syntactic element that TS syntactic element generation unit can generate by TS encapsulation unit and PES are packaged into the TS packet of 188 bytes according to agreement sequence.For the ease of the process of module after encryption, the header part of each TS packet is not encrypted, but is encrypted from the data that the loading section of TS packet chooses 16 bytes.
In the present embodiment, TS stream comprises multiple TS packet, transmits with subcontract forms.Step is below described for the handling process of one of them TS packet (TS packet 1), and the similar process of handling process of other TS packets, does not illustrate one by one at this.
Step S304, obtains the first pseudo random sequence from M sequence buffer memory.
In the present embodiment, first pseudo random sequence of preserving in described M sequence buffer memory is generated by described first M sequence generation module, first M sequence generation module can produce the first pseudo random sequence of 7 pseudo-random transformation, and the span of described first pseudo random sequence can be: 0 ~ 127.
With reference to Fig. 5, show the structural representation of a kind of first M sequence generation module in the embodiment of the present invention three.Wherein, the character implication in Fig. 5 is as follows: " CLK " represents the clock signal of the first M sequence generation module, is the work clock of this module, triggers when being generally high level." R1, R2, R7 " represents 7 registers." M0, M1, M2, M6 " represents 7 random sequences.
In the present embodiment, described first M sequence generation module is constructed by linear feedback shift register and forms.Producing the random sequence of 7, need 7 registers, namely cycling through all 2 to reach the longest cycle 7-1 internal state, needs to have certain tap sequence, and this tap sequence adds that the multinomial that constant 1 is formed is primitive polynomial mould 2.The primitive polynomial mould 2 of 7 bit linear feedback shift registers is (7,3,0) i.e. x 7+ x 3+ 1.All numerals wherein except 0 specify tap sequence, and these taps count from the left side of shift register, as can see from Figure 5 the output of the 3rd and the 7th register after XOR as the input of rightmost register.
Step S306, with described pseudo random sequence for initial address, extracts the data of 128 as be-encrypted data from the loading section of TS packet 1.
Step S308, is kept in the first buffer memory by the be-encrypted data of 128 (16 bytes) extracting, is kept in the second buffer memory by the clear data of 172 bytes not needing encryption.
Step S310, obtains the be-encrypted data of 16 bytes from the first buffer memory, and receives the encryption key 1 of the second M sequence generation module generation.
Step S312, according to the encryption key 1 that the second M sequence generation module generates, is encrypted the be-encrypted data obtained from the first buffer memory by AES encryption module, obtains enciphered data.
With reference to Fig. 6, show the structural representation of a kind of second M sequence generation module in the embodiment of the present invention three.Wherein, the character implication in Fig. 6 is as follows: " CLK " represents the clock signal of the second M sequence generation module, is the work clock of this module, triggers when being generally high level." R1, R2, R128 " represents 128 registers." M0, M1, M2, M127 " represents 128 random sequences.
In the present embodiment, described second M sequence generation module is constructed by linear feedback shift register and forms.Producing the random sequence of 128, need 128 registers, namely cycling through all 2 to reach the longest cycle 128-1 internal state, needs to have certain tap sequence, and this tap sequence adds that the multinomial that constant 1 is formed is primitive polynomial mould 2.The primitive polynomial mould 2 of 128 bit linear feedback shift registers is (128,7,2,1,0) i.e. x 128+ x 7+ x 2+ x+1.All numerals wherein except 0 specify tap sequence, and these taps count from the left side of shift register, as can see from Figure 6 the output of the 1st, the 2nd, the 7th and the 128th register after XOR as the input of rightmost register R128.
Step S314, synchronization module receives the enciphered data that AES encryption module exports, and from the second buffer memory, obtain the clear data of 172 bytes, then, carries out data syn-chronization to described enciphered data and described clear data.
In the present embodiment, because AES encryption module adopts 128 block lengths and 128 bit cipher key lengths to be encrypted, for the length of 128, total iteration wheel number of aes algorithm is 10, so encryption one group of data need the time delay in 11 cycles.Therefore, synchronization module can by 172 delaying byte data 11 cycles of not encrypted when realizing data syn-chronization, synchronous with what reach with 16 bytes (128) data through encrypt, the synchronism of guarantee data flow and accuracy.
Step S316, the data after synchronous are still transmitted with the form of TS stream by synchronization module.
In the present embodiment, the new TS packet after synchronous can transfer to receiving terminal by certain suitable mode, and receiving terminal can unpack the new TS packet received and decipher.It should be noted that, when identical M sequence generation module is applied in encryption end and receiving terminal (decrypting end) simultaneously, identical pseudo random sequence can be produced, therefore the first identical M sequence generation module and the second M sequence generation module can be set at receiving terminal, the decryption restoration of the data received to achieve a butt joint.
It should be noted that, the modules in described system architecture can be undertaken managing and controlling by described control module.
In sum, the data ciphering method described in the present embodiment can extract the data of setting size as be-encrypted data according to the first pseudo random sequence from the loading section of TS packet; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present embodiment, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
Secondly, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
In addition, due to identical M sequence generator be applied to simultaneously encryption end and decrypting end time, identical pseudo random sequence can be produced, therefore, in decrypting end, the decrypting process that identical M sequence generator (the first M sequence generation module and the second M sequence generation module) can complete the enciphered data of transmission is set, do not need to transmit described first pseudo random sequence and the second pseudo random sequence in transmitting procedure, reduce the bandwidth that transport process takies, avoid loss and the leakage of described first pseudo random sequence and the second pseudo random sequence simultaneously, ensure that the fail safe of data.
It should be noted that, for aforesaid embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action might not be essential to the invention.
Embodiment four
With reference to Fig. 7, show the structured flowchart of a kind of data encryption system in the embodiment of the present invention four.In the present embodiment, described data encryption system can comprise:
Extraction module 702, for according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet.
Encrypting module 704, for being encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtains enciphered data.
Synchronization module 706, for synchronously exporting the clear data in described enciphered data and described TS packet afterwards.
In sum, the data encryption system described in the present embodiment can extract the data of setting size as be-encrypted data according to the first pseudo random sequence from the loading section of TS packet; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present embodiment, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
In addition, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
Embodiment five
With reference to Fig. 8, show the structured flowchart of a kind of data encryption system in the embodiment of the present invention five.In the present embodiment, described data encryption system can comprise:
Extraction module 802, for according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet.
In the present embodiment, described extraction module 802 can comprise: the first M sequence generation module, for generating described first pseudo random sequence; Address information determination module, for according to described first pseudo random sequence determination address information; Be-encrypted data extraction module, extracts the data of setting size as be-encrypted data for the position indicated by address information described in the loading section from described TS packet.
Preferably, described be-encrypted data extraction module, specifically may be used for extracting the data of 128 as described be-encrypted data from the position indicated by address information described in the loading section of described TS packet; Wherein, described first pseudo random sequence is less than the maximum address of the loading section of described TS packet.
Encrypting module 804, for being encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtains enciphered data.
In the present embodiment, described encrypting module 804 can comprise: the second M sequence generation module, for described second pseudo random sequence, and using described second pseudo random sequence of generation as encryption key; Sending module, for being sent to AES encryption module by described encryption key and described be-encrypted data; AES encryption module, for being encrypted described be-encrypted data according to described encryption key; Acquisition module, for obtaining the enciphered data that described AES encryption module exports.
Preferably, described second M sequence generation module, specifically may be used for generation 128 pseudo random sequences, using described 128 pseudo random sequences of generation as described encryption key.
Synchronization module 806, for synchronously exporting the clear data in described enciphered data and described TS packet afterwards.
In a preferred version of the present embodiment, described system can also comprise:
First cache module 808, for preserving described be-encrypted data.
Second cache module 810, for preserving the clear data in described TS packet.
In the another preferred version of the present embodiment, described system can also comprise:
TS flows package module 812, for according to TS agreement, audio, video data is encapsulated as at least one TS packet.
In sum, the data encryption system described in the present embodiment can extract the data of setting size as be-encrypted data according to the first pseudo random sequence from the loading section of TS packet; Then be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data; Finally the clear data in described enciphered data and described TS packet is synchronously exported afterwards.Visible, in the present embodiment, the partial data in TS packet can be encrypted, while assuring data security, substantially reduce the time that ciphering process consumes, reduce power consumption.
Secondly, adopt the first pseudo random sequence dynamically from described TS packet random position extract the be-encrypted data of described setting size, improve the fail safe of data, significantly increase the illegal difficulty decoded.Meanwhile, adopt the second pseudo random sequence as encryption key, the key of dynamic mapping compares the difficulty that fixed key considerably increases cipher key attacks, further increases the fail safe of data.
In addition, due to identical M sequence generator be applied to simultaneously encryption end and decrypting end time, identical pseudo random sequence can be produced, therefore, in decrypting end, the decrypting process that identical M sequence generator (the first M sequence generation module and the second M sequence generation module) can complete the enciphered data of transmission is set, do not need to transmit described first pseudo random sequence and the second pseudo random sequence in transmitting procedure, reduce the bandwidth that transport process takies, avoid loss and the leakage of described first pseudo random sequence and the second pseudo random sequence simultaneously, ensure that the fail safe of data.
For system embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Above a kind of data ciphering method provided by the present invention and system are described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (10)

1. a data ciphering method, is characterized in that, comprising:
According to the first pseudo random sequence, from the loading section of TS packet, extract the data of setting size as be-encrypted data;
Be encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtain enciphered data;
Clear data in described enciphered data and described TS packet is synchronously exported afterwards.
2. method according to claim 1, is characterized in that, according to the first pseudo random sequence, the data extracting setting size from the loading section of TS packet, as be-encrypted data, comprising:
Described first pseudo random sequence is generated by the first M sequence generation module;
According to described first pseudo random sequence determination address information;
The data of setting size are extracted as be-encrypted data from the position indicated by address information described in the loading section of described TS packet.
3. method according to claim 2, is characterized in that, extracts the data of setting size as be-encrypted data, comprising from the position indicated by address information described in the loading section of described TS packet:
The data of 128 are extracted as described be-encrypted data from the position indicated by address information described in the loading section of described TS packet; Wherein, described first pseudo random sequence is less than the maximum address of the loading section of described TS packet.
4. method according to claim 1, is characterized in that, is encrypted, obtains enciphered data, comprising by the second pseudo random sequence to described extraction be-encrypted data:
Described second pseudo random sequence is generated by the second M sequence generation module, and using described second pseudo random sequence of generation as encryption key;
Described encryption key and described be-encrypted data are sent to AES encryption module, according to described encryption key, described be-encrypted data are encrypted to make described AES encryption module;
Obtain the enciphered data that described AES encryption module exports.
5. method according to claim 4, is characterized in that, generates described second pseudo random sequence by the second M sequence generation module, and using described second pseudo random sequence of generation as encryption key, comprising:
128 pseudo random sequences are generated, using described 128 pseudo random sequences of generation as described encryption key by the second M sequence generation module.
6. a data encryption system, is characterized in that, comprising:
Extraction module, for according to the first pseudo random sequence, extracts the data of setting size as be-encrypted data from the loading section of TS packet;
Encrypting module, for being encrypted by the be-encrypted data of the second pseudo random sequence to described extraction, obtains enciphered data;
Synchronization module, for synchronously exporting the clear data in described enciphered data and described TS packet afterwards.
7. system according to claim 6, is characterized in that, extraction module comprises:
First M sequence generation module, for generating described first pseudo random sequence;
Address information determination module, for according to described first pseudo random sequence determination address information;
Be-encrypted data extraction module, extracts the data of setting size as be-encrypted data for the position indicated by address information described in the loading section from described TS packet.
8. system according to claim 7, is characterized in that, be-encrypted data extraction module, extracts the data of 128 as described be-encrypted data for the position indicated by address information described in the loading section from described TS packet; Wherein, described first pseudo random sequence is less than the maximum address of the loading section of described TS packet.
9. system according to claim 6, is characterized in that, encrypting module comprises:
Second M sequence generation module, for described second pseudo random sequence, and using described second pseudo random sequence of generation as encryption key;
Sending module, for being sent to AES encryption module by described encryption key and described be-encrypted data;
AES encryption module, for being encrypted described be-encrypted data according to described encryption key;
Acquisition module, for obtaining the enciphered data that described AES encryption module exports.
10. system according to claim 9, is characterized in that, the second M sequence generation module, for generating 128 pseudo random sequences, using described 128 pseudo random sequences of generation as described encryption key.
CN201510713197.8A 2015-10-28 2015-10-28 Data encryption method and system Pending CN105337728A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510713197.8A CN105337728A (en) 2015-10-28 2015-10-28 Data encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510713197.8A CN105337728A (en) 2015-10-28 2015-10-28 Data encryption method and system

Publications (1)

Publication Number Publication Date
CN105337728A true CN105337728A (en) 2016-02-17

Family

ID=55288049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510713197.8A Pending CN105337728A (en) 2015-10-28 2015-10-28 Data encryption method and system

Country Status (1)

Country Link
CN (1) CN105337728A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591666A (en) * 2016-03-01 2016-05-18 中国电子科技集团公司第五十四研究所 Method for generating cyclical iteration m sequence frequency hopping patterns
CN108768523A (en) * 2018-05-30 2018-11-06 大连理工大学 A kind of underwater general optical communication system
CN109347862A (en) * 2018-11-21 2019-02-15 安徽云融信息技术有限公司 A kind of personal information data encryption processing system and method
CN110311784A (en) * 2019-06-10 2019-10-08 北京信安世纪科技股份有限公司 A kind of JSON message endorsement method, sign test method and device
CN114390317A (en) * 2022-01-18 2022-04-22 山东点盾云网络科技有限公司 Encryption method and system for streaming video
CN114978562A (en) * 2021-02-26 2022-08-30 华晨宝马汽车有限公司 Encryption transmission method, motor monitoring system and remote monitoring system
CN115208701A (en) * 2022-09-15 2022-10-18 广州万协通信息技术有限公司 Data packet selective encryption method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047501A (en) * 2006-04-14 2007-10-03 华为技术有限公司 Method and equipment for raising safety of data flow transmission in mobile TV. system
CN102006300A (en) * 2010-11-29 2011-04-06 北京卓微天成科技咨询有限公司 Method, device and system for encrypting cloud storage data
CN103457727A (en) * 2012-05-29 2013-12-18 华为技术有限公司 Method, device and system for processing media data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047501A (en) * 2006-04-14 2007-10-03 华为技术有限公司 Method and equipment for raising safety of data flow transmission in mobile TV. system
CN102006300A (en) * 2010-11-29 2011-04-06 北京卓微天成科技咨询有限公司 Method, device and system for encrypting cloud storage data
CN103457727A (en) * 2012-05-29 2013-12-18 华为技术有限公司 Method, device and system for processing media data

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591666A (en) * 2016-03-01 2016-05-18 中国电子科技集团公司第五十四研究所 Method for generating cyclical iteration m sequence frequency hopping patterns
CN105591666B (en) * 2016-03-01 2018-01-30 中国电子科技集团公司第五十四研究所 A kind of loop iteration m-sequence frequency hopping pattern generation method
CN108768523A (en) * 2018-05-30 2018-11-06 大连理工大学 A kind of underwater general optical communication system
CN109347862A (en) * 2018-11-21 2019-02-15 安徽云融信息技术有限公司 A kind of personal information data encryption processing system and method
CN110311784A (en) * 2019-06-10 2019-10-08 北京信安世纪科技股份有限公司 A kind of JSON message endorsement method, sign test method and device
CN110311784B (en) * 2019-06-10 2022-10-21 北京信安世纪科技股份有限公司 JSON message signature method, signature verification method and device
CN114978562A (en) * 2021-02-26 2022-08-30 华晨宝马汽车有限公司 Encryption transmission method, motor monitoring system and remote monitoring system
CN114390317A (en) * 2022-01-18 2022-04-22 山东点盾云网络科技有限公司 Encryption method and system for streaming video
CN114390317B (en) * 2022-01-18 2024-03-19 山东点盾云网络科技有限公司 Encryption method and system for streaming video
CN115208701A (en) * 2022-09-15 2022-10-18 广州万协通信息技术有限公司 Data packet selective encryption method and device
CN115208701B (en) * 2022-09-15 2022-12-20 广州万协通信息技术有限公司 Data packet selective encryption method and device

Similar Documents

Publication Publication Date Title
CN105391701A (en) Data encryption method and system
CN105337728A (en) Data encryption method and system
US7110545B2 (en) Method and apparatus for symmetric-key encryption
US7688974B2 (en) Rijndael block cipher apparatus and encryption/decryption method thereof
US20090103726A1 (en) Dual-mode variable key length cryptography system
CN105429748A (en) Data encryption method and system
Lam et al. An improved method for locating and extracting the eye in human face images
Mohurle et al. Review on realization of AES encryption and decryption with power and area optimization
CN104219045A (en) RC4 (Rivest cipher 4) stream cipher generator
US10797859B2 (en) Low area optimization for NB-IoT applications
CN106452743A (en) Communication secret key acquisition method and apparatus and a communication message decryption method and apparatus
CN116488795A (en) GCM-AES processing method and device
Basu et al. implementation of AES algorithm in UART module for secured data transfer
Mobilon et al. 100 Gbit/s AES-GCM cryptography engine for optical transport network systems: architecture, design and 40 nm silicon prototyping
CN109951434B (en) High-robustness real-time encryption and decryption method for industrial communication protocol
Tonde et al. Implementation of Advanced Encryption Standard (AES) Algorithm Based on FPGA
RU2738321C1 (en) Cryptographic transformation method and device for its implementation
CN108763982B (en) DES encryption and decryption device suitable for RFID reader
Guzmán et al. FPGA implementation of the AES-128 algorithm in non-feedback modes of operation
CN112311527A (en) Encryption method for converting master key into polynomial table lattice key lookup
Zagi et al. A New Key Generation to Greate Enhanced Security Version of AES Encryption Method
CN115549987B (en) Mixed encryption method based on data security privacy protection
CN110912679A (en) Password device
Sharma et al. VHDL Implementation of AES-128
Zhang et al. An RC4-based lightweight security protocol for resource-constrained communications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20170112

Address after: Room 309, building A, new material building, No. 7, Feng Hui Middle Road, Beijing, Haidian District, China

Applicant after: Beijing Yake Hongyu Electronics Co.,Ltd.

Address before: Xinluo Avenue high tech Zone of Ji'nan City, Shandong province 250101 No. 1768 Qilu Software building block A room 1102

Applicant before: Jinan Zhixin Integrated Circuit Technology Co., Ltd.

RJ01 Rejection of invention patent application after publication

Application publication date: 20160217

RJ01 Rejection of invention patent application after publication