CN105634736A - Method for data encryption - Google Patents
Method for data encryption Download PDFInfo
- Publication number
- CN105634736A CN105634736A CN201410589979.0A CN201410589979A CN105634736A CN 105634736 A CN105634736 A CN 105634736A CN 201410589979 A CN201410589979 A CN 201410589979A CN 105634736 A CN105634736 A CN 105634736A
- Authority
- CN
- China
- Prior art keywords
- key
- information
- actively
- encryption
- active
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
For improving a known encryption method for communication in an unprotected wireless network, the invention provides a method for data encryption, wherein the method is characterized in that an active key for encryption is used and a new key is simultaneously transmitted in corresponding information; after a new key is wholly received, the active key is replaced by the new key; and furthermore the new key is exchanged again. The encryption method enables dynamic encryption such as encryption from a relatively safe initial key for allowing connection in which wiretap prevention is realized.
Description
Technical field
The present invention relates to the method carrying out data encryption in the scope of a kind of data between two nodes of communication network transmission, in described method, the information sent between the two nodes in sending node by means of active key/dynamic key (aktiveSchl �� ssel) encrypting and transmitting to receiving node, and here by means of active secret key decryption.
Background technology
This method is exactly known for a long time and uses in all communications fields, in order to make the content that data transmits for third party's secrecy. So the intelligible information of recipient is revised with plaintext version by means of active key, the content making information is no longer able to identify, but so carry out when the information of amendment here so that this process can reversely to re-execute at recipient place, in order to obtains urtext. Certain this method is not be fixed on process text, however, it would be possible to any orderly character is performed encryption method. Particularly computer data is suitable to this encryption, because computer data finally can be attributed to different coding schedules, is at least binary code.
Getting out described key in ciphering process, described key is known for setting up the both sides connected, thus both sides can both be encoded and reverse decoding. There is also degree of freedom during this external selection coded method, a kind of simple coding can set that here, adds numerical value to text character or character value, and decodes to realize back through subtraction. This calculating not having big calculation consumption and can perform with being thus not read out time delay that this coding causes. Here the safety of this encryption is decisively determined by, and connects the active key used for wanting the third party of eavesdropping connection to be to maintain the unknown. Would generally occur that, unique once successfully eavesdropping of information just can be known key and so that third party can decipher all ensuing information, and when also once success records before, also can decipher information above afterwards.
Summary of the invention
Under above-mentioned background, it is an object of the invention to provide a kind of method, according to the present invention, described method has made the deciphering of digram coding become difficulty.
This is realized by the method in the scope being used for carrying out data transmission between two nodes of communication network of feature according to claim 1, data being encrypted. Other rational improvement projects of the method can be drawn by dependent claims.
Set according to the present invention, be first encrypted by means of active key between two nodes of communication network. The two node is this to be encoded its information when using actively key and pass through the channel described information of transmission being not protected, and wherein, is decoded by means of described active key recipient and so that is capable of the deciphering of information. Except needed for comprising user data in the information and information there is the head (Header) about general informations such as message structure, information type, recipients except, information according to the present invention also includes encrypted data portion, in described encrypted data portion, the data of new key is sent to recipient. That is, when using actively key, exchange new key, after intactly have received new key, just described new key is used as new active key. After key is changed, start simultaneously in the encrypted data portion of next information, exchange another new key with communication counterpart, and repeat this process always.
Thus achieve the lasting exchange of the active key used, consequently, it is possible to property is very big, use the data volume sent when an active key to be not enough to realize the decoding of actively key. By changing key constantly, lasting key changes and is difficult to follow the tracks of, even if thus little in probability, there occurs key decodes, upper once imperfect receive information time, eavesdropping personnel can lose connection again.
Weakness in this method is in that, the active key used first has been uncoded and unencrypted provides use. Hence it appear that be necessary also to exchange described first key with shielded mode and form, thus preferably between two nodes intercomed mutually, complete first time key exchange by near-field communication here.
In the scope of this near-field communication, for instance active key coding can become bar code on primary nodal point and show described bar code by suitable output device, secondary nodal point scans described bar code followed by input equipment. Here primary nodal point can be such as mobile phone, the described mobile phone figure by its screen shows bar code, then can scan described figure by means of photographing unit by participating in the secondary input device of the second smart mobile phone form of communication.
But, near-field communication can also pass through other approach, for instance realizes without any problems by having the Ad-hoc wireless connections of shorter coverage. In both cases, it is mainly short coverage and guarantees that the probability of anti-eavesdrop safety is with regard to owing to only carrying out examination on the scene (Anwesenheitskontrolle) and safety for connecting is conclusive. When particularly showing bar code on the screen of smart mobile phone, it is possible to guarantee without any problems, this bar code will not be read by other equipment beyond the equipment determined.
The process of communication sets, is achieved in needing the encryption of the information of encryption with actively double secret key, i.e. the character value of the character value of information with actively key is carried out computing (verrechnen). Such as each character value of active key can be added with the character value of information for this. Described information is again decrypted by the recipient adding confidential information by oppositely the character value of the character value of active key Yu the information of encryption being carried out computing according to the inverse function of above prespecified function. In the example illustrated, it is possible to be added by deducting the character value of actively key from the character value of the information of encryption.
The length of usual key and the length of information to encrypt are different. When key is than Chief Information Officer, the character value of the character value of key Yu information is carried out computing, until it reaches ending place of key. On the contrary, if information is than actively key is long, then again start at first place of key when arriving the ending of key, repeat (iteration) this process, until it reaches the ending of information always.
In order to expand the flexible program of coding further, information comprises a unencrypted character value, and described character value provides the displacement (Offset) of actively key. It not start at first place of key when coding, but first jump to described displacement place and just start the coding by means of key in this position. As already indicated above, it is desirable to unencryptedly transmit this displacement, thus recipient can obtain the information that should start decoding about recipient in that position of active key.
When losing connection, it is desirable to re-starting the exchange of actively key, this must carry out in the ideal case again in shielded situation. Therefore to avoid unnecessary consuming, advantageously exchange a spare key (Ausweichschlussel) when first time exchange simultaneously, generally when confirmation occurs connecting and loses, then use described spare key regularly. Give regularly information the subsidiary verification of user data part and, described verification and allow whether inspection information correctly transmits. If confirmed in the process of proper communication, described verification and abnormal, then whether system can be veritified, once utilized spare key to work here. In this case, system also encodes by spare key when its response and proceeds the exchange of the new key having begun to recently.
In setting up key, actively key and new key and spare key are made up of the character string randomly choosed respectively. The key adopted can be dynamically selected, thus short and long key can use, in order to again make decoding become difficulty.
Accompanying drawing explanation
Above-described invention is described in detail below according to embodiment.
In figure:
Fig. 1 schematic diagram illustrates the sending node and receiving node that are respectively provided with memorizer, preserves actively key, new key and spare key in which memory, and
Fig. 2 illustrates the structure of the information according to the present invention equally with schematic diagram.
Description of reference numerals
1 sending node 2 receiving node
3 active key 4 new keys
5 spare key 6 information
7 displacement 8 heads
9 encrypted data portion 10 user data parts
11 verification and 12 unencrypted data
The data of 13 encryptions.
Detailed description of the invention
Fig. 1 illustrates the sending node 1 and receiving node 2 that are in mutual data cube computation. Sending node 1 should be transferred to the information 6 of receiving node 2 when this connection to receiving node transmission by sending node 1. For this, information 6 is encrypted by sending node 1, uses actively key 3 for this. For this, to information 6 bit by bit plus actively key 3, wherein, after arriving the ending of actively key 3, again start at its first place. Additionally, information 6 also includes encrypted data portion 9, in described encrypted data portion, transmitted a new key 4 by sending node 1 to receiving node 2. Encrypted data portion 9 can comprise complete new key 4, but or can also comprise the part of new key 4. In complete transmission after new key 4, two nodes 1 and 2 transit to such state, i.e. by the new key of complete transmission with acting on the active key 3 of further communication and again exchanging a new key 4.
Equally, the memorizer of sending node 1 and receiving node 2 there is also spare key 5, when connecting the normal continuous being interfered and can not continuing to realize connecting, use described spare key.
Between sending node 1 and receiving node 2, actively the exchange first of key 3 and spare key 5 is undertaken by near-field communication, and described near-field communication prevents third-party eavesdropping.
Fig. 2 illustrates the structure of the information 6 transmitted by sending node 1 to receiving node 2. Described information 6 starts to shift (value) 7, is followed by so-called head 8, and described head comprises the metadata of structure and the content closing information 6 later. It is immediately followed by encrypted data portion 9 at head again, in described encrypted data portion, transmits new key 4 to receiving node 2. Here encrypted data portion 9 is not necessary to comprise complete new key 4, but can also comprise a part for new key 4 without any problems, hereafter this part is supplemented complete in information 6 below further. In encrypted data portion 9 additional user data part, the data being actually needed transmission of transmission information 6 in this user data part below. Ending place in information 6 arranges verification and 11, described verification and allow to the integrity of information 6 is checked. In the verification gone out by system-computed with when not being inconsistent with the verification and 6 sent simultaneously, then information 6 certainty is as incorrect and be rejected (verwerfen) and communication must be switched to if desired and utilize spare key 5 to be encrypted.
In the inside of information 6, only Part I, i.e. displacement 7 are counted as unencrypted data 12. The remainder of information is made up of the data 13 encrypted by means of active key 3 or spare key 5 completely.
Therefore, method when foregoing describing for carrying out data transmission between two nodes being set as the communication network used in the communications field, data being encrypted, wherein exchanging new key constantly between sending node and receiving node, described new key always substitutes effective key before this after complete transmission.
Claims (10)
1. the method in the scope of the data transmission between two nodes of communication network, data being encrypted, in described method, the information (6) sent between the two nodes in sending node by means of active key (3) encrypting and transmitting to receiving node, and here decipher by means of active key (3), it is characterized in that, described information also has encrypted data portion except head (8) and user data part (10), described encrypted data portion sends the data of new key (4), after intactly sending or receiving new key (4), two node described new keys (4) replace described active key (3), for further communication.
2. method according to claim 1, it is characterised in that the first key exchange between two nodes is undertaken by near-field communication.
3. method according to claim 2, it is characterised in that exchanging for the first key, the first key coding is become bar code and shows described bar code by output device by primary nodal point, secondary nodal point reads in described bar code by input equipment scanning.
4. method according to claim 2, it is characterised in that described near-field communication realizes by having the Ad-hoc wireless connections of short coverage.
5. the method according to any one of the claims, it is characterized in that, utilize actively key (3) that the encryption of information (6) is realized by the actively character value of key (3) being carried out computing with the character value of unencrypted information (6) according to prespecified function, and the character value of actively key (3) is carried out computing with the character value of the information (6) of encryption by the inverse function according to prespecified described function and realizes by the deciphering of information (6).
6. method according to claim 5, it is characterised in that in information (6) than, actively key (3) is long, repeating the numerical value of actively key (3).
7. the method according to claim 5 or 6, it is characterised in that described information (6) comprises a unencryption and provides the character value of the actively displacement (7) of key (3), starts encryption in described displacement place.
8. the method according to any one of the claims, it is characterised in that exchange spare key (5) between the node of two communications, when losing connection, selects this spare key (5) regularly.
9. the method according to any one of the claims, it is characterised in that the active key (3) and the new key (4) that use are made up of random character string.
10. the method according to any one of the claims, it is characterised in that the active key (3) and the new key (4) that use are formed in different lengths.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410589979.0A CN105634736A (en) | 2014-10-28 | 2014-10-28 | Method for data encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410589979.0A CN105634736A (en) | 2014-10-28 | 2014-10-28 | Method for data encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105634736A true CN105634736A (en) | 2016-06-01 |
Family
ID=56049292
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410589979.0A Pending CN105634736A (en) | 2014-10-28 | 2014-10-28 | Method for data encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105634736A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107181587A (en) * | 2017-07-17 | 2017-09-19 | 合肥左成传媒科技有限公司 | A kind of information encryption system |
CN109644185A (en) * | 2016-08-18 | 2019-04-16 | 西门子移动有限公司 | Method and apparatus for carrying out secure electronic data communication |
WO2024060630A1 (en) * | 2022-09-20 | 2024-03-28 | 京东科技信息技术有限公司 | Data transmission management method, and data processing method and apparatus |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN2641949Y (en) * | 2003-01-07 | 2004-09-15 | 谢德约 | Encrypted data transmitting and receiving device |
CN1761186A (en) * | 2005-11-11 | 2006-04-19 | 南京邮电大学 | Method for distributing net key |
US20080219453A1 (en) * | 2007-03-08 | 2008-09-11 | International Business Machines Corporation | Maintaining keys removed from a keystore in an inactive key repository |
CN102231186A (en) * | 2011-07-11 | 2011-11-02 | 北京鼎软科技有限公司 | Report anticounterfeiting system based on bar code identification, encryption and decryption |
CN102547620A (en) * | 2010-12-30 | 2012-07-04 | 同方股份有限公司 | Mobile payment system and method for updating key |
CN102904713A (en) * | 2011-07-25 | 2013-01-30 | 深圳市金溢科技有限公司 | Key exchange method for secret key encryption communication system |
-
2014
- 2014-10-28 CN CN201410589979.0A patent/CN105634736A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN2641949Y (en) * | 2003-01-07 | 2004-09-15 | 谢德约 | Encrypted data transmitting and receiving device |
CN1761186A (en) * | 2005-11-11 | 2006-04-19 | 南京邮电大学 | Method for distributing net key |
US20080219453A1 (en) * | 2007-03-08 | 2008-09-11 | International Business Machines Corporation | Maintaining keys removed from a keystore in an inactive key repository |
CN102547620A (en) * | 2010-12-30 | 2012-07-04 | 同方股份有限公司 | Mobile payment system and method for updating key |
CN102231186A (en) * | 2011-07-11 | 2011-11-02 | 北京鼎软科技有限公司 | Report anticounterfeiting system based on bar code identification, encryption and decryption |
CN102904713A (en) * | 2011-07-25 | 2013-01-30 | 深圳市金溢科技有限公司 | Key exchange method for secret key encryption communication system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109644185A (en) * | 2016-08-18 | 2019-04-16 | 西门子移动有限公司 | Method and apparatus for carrying out secure electronic data communication |
CN107181587A (en) * | 2017-07-17 | 2017-09-19 | 合肥左成传媒科技有限公司 | A kind of information encryption system |
WO2024060630A1 (en) * | 2022-09-20 | 2024-03-28 | 京东科技信息技术有限公司 | Data transmission management method, and data processing method and apparatus |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8687800B2 (en) | Encryption method for message authentication | |
CN111566990A (en) | Secure key agreement with untrusted devices | |
JP7353375B2 (en) | End-to-end double ratchet encryption with epoch key exchange | |
KR102288899B1 (en) | Symmetric quantum cryptography key based encryption device for voice communication | |
CN101677269A (en) | Method and system for transmitting keys | |
CN104243149A (en) | Encrypting and decrypting method, device and server | |
US10601586B2 (en) | Method and apparatus for key management of end encrypted transmission | |
KR101424972B1 (en) | Method for using contents with a mobile card, host device, and mobile card | |
CN103167494A (en) | Information sending method and information sending system | |
CN105634736A (en) | Method for data encryption | |
CN115277094A (en) | Block chain-based communication method, terminal, system and storage medium | |
CN102064935B (en) | Decryption display method and system and related equipment | |
JP2006191509A (en) | Communication system, and communication method | |
CN114499857B (en) | Method for realizing data correctness and consistency in encryption and decryption of large data quanta | |
CN111131311A (en) | Data transmission method based on block chain and block chain link point | |
US9525674B2 (en) | Method for the encryption of data | |
KR100797106B1 (en) | Method for encrypting and decrypting transmmited and received packet in wireless lan | |
KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
KR100737385B1 (en) | Method for transmitting key data in the wireless sensor network | |
WO2006073200A1 (en) | Communication system and communication method | |
CN105516968A (en) | Smart password key-based mobile phone data transmission method | |
Jin et al. | Low transmission overhead for polar coding physical-layer encryption | |
JP5837625B2 (en) | Communication system and communication method | |
KR102380107B1 (en) | Encryption system | |
CN102571281A (en) | Secure network coding transmission method and secure network coding transmission device using cache nodes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160601 |
|
WD01 | Invention patent application deemed withdrawn after publication |