CN106453426B - Symmetric encryption and decryption method and system based on key space-time fragmented storage - Google Patents

Symmetric encryption and decryption method and system based on key space-time fragmented storage Download PDF

Info

Publication number
CN106453426B
CN106453426B CN201611144255.0A CN201611144255A CN106453426B CN 106453426 B CN106453426 B CN 106453426B CN 201611144255 A CN201611144255 A CN 201611144255A CN 106453426 B CN106453426 B CN 106453426B
Authority
CN
China
Prior art keywords
time
key
space
generation module
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611144255.0A
Other languages
Chinese (zh)
Other versions
CN106453426A (en
Inventor
刘剑飞
常清雪
肖建
付强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201611144255.0A priority Critical patent/CN106453426B/en
Publication of CN106453426A publication Critical patent/CN106453426A/en
Application granted granted Critical
Publication of CN106453426B publication Critical patent/CN106453426B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an encryption and decryption technology, and discloses a symmetric encryption and decryption method and a symmetric encryption and decryption system based on space-time fragmented storage of a secret key, which ensure the safety of the secret key and further improve the safety of data transmission. The symmetric encryption and decryption system comprises a terminal and a server end; the terminal includes: the system comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module; the server side comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module which are the same as the terminal, wherein the time key section generation module, the space key section generation module and the fixed key section generation module are distributed in different servers. The invention is suitable for high-security data transmission.

Description

Symmetric encryption and decryption method and system based on key space-time fragmented storage
Technical Field
The invention relates to an encryption and decryption technology, in particular to a symmetric encryption and decryption method and system based on key space-time fragmented storage.
Background
With the development of internet technology, communication between a terminal and a server has been very frequent. The messages of the terminal and the server are captured for analysis and statistics, and it is found that a large amount of data are directly transmitted in a plaintext without taking encryption protection measures. Therefore, it is important to encrypt the transmission message. Encryption transmission is adopted, and in order to ensure encryption and decryption efficiency, a symmetric encryption mode is generally used. And the key security of the symmetric encryption is the most important of the security of the symmetric encryption. How to store and acquire the symmetric encryption key, especially the security of the terminal key storage, and preventing the symmetric encryption key from being decompiled and acquired is the key for ensuring the security of the key and the symmetric encryption.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a symmetric encryption and decryption method and system based on key space-time fragmented storage are provided, so that the security of the key is guaranteed, and the security of data transmission is improved.
The technical scheme adopted by the invention for solving the technical problems is as follows:
the symmetric encryption and decryption system based on key space-time fragmented storage comprises a terminal and a server end;
the terminal includes: the system comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module;
the server side comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module which are the same as the terminal, wherein the time key section generation module, the space key section generation module and the fixed key section generation module are distributed in different servers;
the time key section generation module is used for intercepting the current time as a parameter, converting the current time into a 20-bit time key section consisting of letters, numbers and special characters through an algorithm, and using the key section as the time attribute of a symmetric encryption key;
the space key segment generation module is used for converting the longitude and the latitude of the current position of the terminal as parameters into a 32-bit space key segment consisting of letters, numbers and special characters through an algorithm, and taking the key segment as the spatialization attribute of the symmetric encryption key;
the fixed key segment generation module is used for generating a fixed key segment consisting of 8-bit strings with service attributes, forming a key by the time key segment, the space key segment and the fixed key segment, and calling a symmetric encryption algorithm to encrypt a plaintext or decrypt a ciphertext;
and the checking module is used for generating a time checking code and a space checking code and checking the current system time and the latitude and longitude data of the terminal.
As a further optimization, the precision of the current time intercepted by the time key segment generation module is 1000ms, that is, the time key segments generated in the time period from the current time to the time delay of 1000ms are the same.
As a further optimization, the space key segment generation module of the server generates the space key segment in advance according to the longitude and latitude of the current position of each terminal, stores the space key segment in the database corresponding to the server where the space key segment generation module is located, and stores the space key segment in one-to-one correspondence with the space check code.
As a further optimization, the time check code is: the terminal encrypts the current system time through sha256, and acquires the check value acquired from the first 45 bits of the encrypted ciphertext;
the spatial check code is: the terminal takes 2 bits after decimal point from the longitude and latitude of the position where the terminal is located, connects the decimal point by using the "&" symbol, then encrypts by sha256, and takes the check value obtained from the first 45 bits of the encrypted ciphertext.
As a further optimization, the checking the current system time refers to:
after receiving the time check code transmitted by the terminal, the server performs sha256 encryption on the current system time of the server, the first 45 bits of the encrypted ciphertext are taken to obtain a check value, the check value is compared with the time check code transmitted by the terminal, if the check value is consistent with the time check code, the subsequent process of decryption is started, and if the check value is inconsistent with the time check code, the decryption cannot be performed, and the terminal is prompted.
As a further optimization, the verifying the longitude and latitude data of the terminal refers to:
after receiving the space check code transmitted by the terminal, the server selects the 2 bits behind the decimal point according to the stored longitude and latitude data corresponding to the terminal, connects the decimal point by using the "&" symbol, then encrypts the decimal point by using the sha256, acquires the first 45 bits of the encrypted ciphertext to acquire a check value and compares the check value with the space check code transmitted by the terminal, and acquires a corresponding space key section according to the space check code if the check value is consistent with the space check code.
In addition, the invention also provides a symmetric encryption and decryption method based on key space-time fragmented storage, which comprises the following implementation steps:
A. the terminal combines the information to be sent according to a specified format, and encrypts the combined plaintext, wherein the encryption mode is as follows: firstly, calling a space key segment generation module to generate a space key segment, then calling a time key segment generation module to generate a time key segment, and simultaneously calling a verification module to generate a space verification code and a time verification code; finally, calling a fixed key segment generation module to generate a fixed key segment, synthesizing the space key segment and the time key segment to generate a symmetric key, calling an algorithm to encrypt a plaintext into a ciphertext, and transmitting a time check code and a space check code to a server;
B. after receiving the request transmitted by the terminal, the server firstly checks the time check code, if the time check code is incorrect, decryption is not performed, the terminal is prompted to adjust time and synchronize with the server, if the time check code is correct, longitude and latitude data of the terminal are checked, after the check is passed, a subsequent decryption process is performed, and the decryption process is as follows: firstly, a time key section generation module of a server is called to generate a time key section, then a corresponding space key section is extracted according to a space check code, finally a fixed key section is generated by a fixed key section generation module, the time key section and the space key section are integrated to generate a symmetric key, and an algorithm is called to decrypt a ciphertext to obtain a plaintext;
C. after the server finishes processing according to the plaintext obtained by decryption, the server combines the response information into a response message according to a specified format, and encrypts the response message, wherein the encryption mode is as follows: a calling time key section generation module generates a time key section according to the current time, then uses a space key section used in decryption before, generates a fixed key section by a fixed key section generation module, integrates the time key section, the space key section and the fixed key section to generate a symmetric key, and calls an algorithm to encrypt a response message and feed back the response message to the terminal;
D. after receiving the encrypted response message, the terminal decrypts the message in the following way: firstly, calling a time key section generation module to generate a time key section according to the current system time; obtaining longitude and latitude according to the geographic position, and calling a space key section generation module to generate a space key; and finally, after the fixed key section is generated by the fixed key section generation module, integrating the time key section, the space key section and the fixed key section to generate corresponding keys, and calling an algorithm to decrypt the encrypted response message.
The invention has the beneficial effects that:
and storing the symmetric encryption key at the terminal and the server end by adopting a space-time fragmentation mode: the symmetric encryption key terminal is divided into a plurality of sections in a fragmentation mode, one section is generated through a specific algorithm based on the current time, the other section is generated through the specific algorithm based on the geographic position, namely the latitude and longitude range, and other fixed fields are added to form the encryption key according to the algorithm.
And the server side generates a corresponding key fragment based on time in a mode of time synchronization with the terminal, generates a corresponding key fragment based on the geographic position of the terminal, adds a fixed field corresponding to the terminal, and synthesizes a key which is consistent with the terminal according to an algorithm. Therefore, the dynamic generation of the symmetric encryption key is ensured, meanwhile, the terminal does not carry out key persistence, and decompilation cannot be directly obtained; the server side places the time key segment, the space key segment and other secret segments in different servers in a distributed mode, and the whole key is prevented from being leaked due to the fact that a single server is attacked. And the security of the key is ensured from the terminal to the server.
Drawings
FIG. 1 is a flow of a terminal encrypting a request message to a server and decrypting the request message by the server;
fig. 2 is a flow of the server side encrypting and sending a response message to the terminal, and decrypting the response message by the terminal.
Detailed Description
The invention aims to provide a symmetric encryption and decryption method and system based on key space-time fragmented storage, which ensure the security of keys and further improve the security of data transmission.
The symmetric encryption and decryption system based on key space-time fragmented storage comprises a terminal and a server end;
the terminal includes: the system comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module;
the server side comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module which are the same as the terminal, wherein the time key section generation module, the space key section generation module and the fixed key section generation module are distributed in different servers;
the function of each module is explained as follows:
the time key section generation module of the terminal and the key section generation module of the server have the same function. After the terminal or the server triggers the time key section generation module, the current time of the generation system is intercepted to the precision of 1000 milliseconds. The obtained time is used as a parameter and is converted into a 20-bit key segment consisting of letters, numbers and special characters through an algorithm. The key segment serves as a temporal attribute of the symmetric encryption key. The accuracy of 1000 milliseconds, i.e., the time key segments generated within 1000 milliseconds after the delay, are identical.
And secondly, the function of the space key section generation module of the terminal is the same as that of the space key section generation module of the server. After the terminal triggers the space key segment generation module, the terminal acquires the longitude and the latitude of the current position. Longitude and latitude are used as parameters, and the parameters are converted into a 32-bit key segment consisting of letters, numbers and special characters through an algorithm. The generated key segments are generated according to longitude and latitude areas, namely the longitude of the terminal is in a section of size interval, and the latitude is the same as the space key segments generated in the section of size interval. The spatial key segments generated by different terminals also in the interval are the same. The smaller the interval division, the more spatial key segments are generated.
The space key segment of the server side is generated in the same way as the terminal, namely longitude and latitude are taken as parameters, and the parameters are converted into a 32-bit key segment consisting of letters, numbers and special characters through an algorithm. The generated key segments are generated according to longitude and latitude areas, namely the longitude of the terminal is in a section of size interval, and the latitude is the same as the space key segments generated in the section of size interval. The key segment is generated in advance and stored in a database of the space key server, and is stored in association with the space check code. The space key database stores all regional key segments needing to provide services, the key segments are divided into regions according to business and safety requirements, and each key segment is generated according to the longitude and latitude of the divided region.
These key segments serve as spatialization attributes for the symmetric encryption key.
And thirdly, the fixed key section generating module of the terminal and the fixed key section generating module of the server have the same function. The terminal and the server end store the same key field, and the key field is composed of 8-bit strings with service attributes. The module has the function of assembling a key, a time key section, a space key section and a fixed key section form the key, a symmetric encryption algorithm is called to encrypt a plaintext, and a ciphertext is decrypted.
And fourthly, the checking module of the terminal has the same function as the checking module of the server. The checking module checks the current system time and longitude latitude. The concrete functions are as follows:
1. sha256 encryption is carried out on the current system time, and the first 45 bits of the ciphertext are taken as a check value to be transmitted into the server. And performing sha256 encryption with the current system time of the server and comparing the first 45 bits of the ciphertext, wherein the same time is used for ensuring that the time of the terminal and the server section is constant, otherwise, the prompt time is inconsistent and encryption and decryption cannot be performed.
2. And the terminal takes 2 bits after the decimal point of the longitude and latitude, connects the decimal points by using the "&" symbol and then encrypts by sha 256. And taking the first 45 bits of the ciphertext as a spatial check code to be transmitted into the server, and storing the sha256 first 45 bit ciphertext bases connected by the "&" symbol corresponding to the longitude and latitude by the server. And successfully comparing the space key segment with the space key segment stored in the server to obtain the space key segment corresponding to the key library.
3. The length of the sha256 encrypted ciphertext is 128, and in order to improve comparison, the first 45 bits of the query efficiency are taken as check codes to be persisted. Through testing, the first 45 bits of the sha256 ciphertext of the system time and the longitude and latitude are not completely the same.
Based on the system, the symmetric encryption and decryption method based on the key space-time fragmented storage comprises the following steps:
A. the terminal combines the information to be transmitted according to a specified format (such as xml, json and the like), and encrypts the combined plaintext, wherein the encryption mode is as follows: firstly, calling a space key segment generation module to generate a space key segment, then calling a time key segment generation module to generate a time key segment, and simultaneously calling a verification module to generate a space verification code and a time verification code; finally, calling a fixed key segment generation module to generate a fixed key segment, synthesizing the space key segment and the time key segment to generate a symmetric key, calling an algorithm to encrypt a plaintext into a ciphertext, and transmitting a time check code and a space check code to a server;
B. after receiving the request transmitted by the terminal, the server firstly checks the time check code, if the time check code is incorrect, decryption is not performed, the terminal is prompted to adjust time and synchronize with the server, if the time check code is correct, longitude and latitude data of the terminal are checked, after the check is passed, a subsequent decryption process is performed, and the decryption process is as follows: firstly, a time key section generation module of a server is called to generate a time key section, then a corresponding space key section is extracted according to a space check code, finally a fixed key section is generated by a fixed key section generation module, the time key section and the space key section are integrated to generate a symmetric key, and an algorithm is called to decrypt a ciphertext to obtain a plaintext;
C. after the server finishes processing according to the plaintext obtained by decryption, response information is combined into a response message according to a specified format (such as xml, json and the like), and the response message is encrypted, wherein the encryption mode is as follows: a calling time key section generation module generates a time key section according to the current time, then uses a space key section used in decryption before, generates a fixed key section by a fixed key section generation module, integrates the time key section, the space key section and the fixed key section to generate a symmetric key, and calls an algorithm to encrypt a response message and feed back the response message to the terminal;
D. after receiving the encrypted response message, the terminal decrypts the message in the following way: firstly, calling a time key section generation module to generate a time key section according to the current system time; obtaining longitude and latitude according to the geographic position, and calling a space key section generation module to generate a space key; and finally, after the fixed key section is generated by the fixed key section generation module, integrating the time key section, the space key section and the fixed key section to generate corresponding keys, and calling an algorithm to decrypt the encrypted response message.
In the above scheme, the implementation steps of step a and step B are a process in which the terminal encrypts and sends a request message to the server and the server decrypts the request message, see fig. 1, and the implementation steps of step C and step D are a process in which the server encrypts and sends a response message to the terminal and the terminal decrypts the response message, see fig. 2.

Claims (4)

1. The symmetric encryption and decryption system based on the key space-time fragmented storage is characterized by comprising a terminal and a server side;
the terminal includes: the system comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module;
the server side comprises a time key section generation module, a space key section generation module, a fixed key section generation module and a verification module which are the same as the terminal, wherein the time key section generation module, the space key section generation module and the fixed key section generation module are distributed in different servers;
the time key section generation module is used for intercepting the current time as a parameter, converting the current time into a 20-bit time key section consisting of letters, numbers and special characters through an algorithm, and using the key section as the time attribute of a symmetric encryption key;
the space key segment generation module is used for converting the longitude and the latitude of the current position of the terminal as parameters into a 32-bit space key segment consisting of letters, numbers and special characters through an algorithm, and taking the key segment as the spatialization attribute of the symmetric encryption key;
the fixed key segment generation module is used for generating a fixed key segment consisting of 8-bit strings with service attributes, forming a key by the time key segment, the space key segment and the fixed key segment, and calling a symmetric encryption algorithm to encrypt a plaintext or decrypt a ciphertext;
the checking module is used for generating a time checking code and a space checking code and checking the current system time and the longitude and latitude data of the terminal;
the time check code is as follows: the terminal encrypts the current system time through sha256, and acquires the check value acquired from the first 45 bits of the encrypted ciphertext;
the spatial check code is: the terminal takes 2 bits after decimal point from the longitude and latitude of the position where the terminal is located, connects the decimal point by using the "&" symbol, then encrypts by sha256, and takes the check value obtained from the first 45 bits of the encrypted ciphertext;
the checking of the current system time means that:
after receiving a time check code transmitted by a terminal, the server performs sha256 encryption on the current system time of the server, takes the first 45 bits of an encrypted ciphertext to obtain a check value, compares the check value with the time check code transmitted by the terminal, enters a subsequent decryption process if the check value is consistent with the time check code transmitted by the terminal, cannot decrypt if the check value is inconsistent with the time check code transmitted by the terminal, and prompts the terminal;
the verifying the longitude and latitude data of the terminal comprises the following steps:
after receiving the space check code transmitted by the terminal, the server selects the 2 bits behind the decimal point according to the stored longitude and latitude data corresponding to the terminal, connects the decimal point by using the "&" symbol, then encrypts the decimal point by using the sha256, acquires the first 45 bits of the encrypted ciphertext to acquire a check value and compares the check value with the space check code transmitted by the terminal, and acquires a corresponding space key section according to the space check code if the check value is consistent with the space check code.
2. The symmetric encryption and decryption system based on key space-time fragmented storage as claimed in claim 1, characterized in that the precision of the current time intercepted by the time key segment generation module is 1000ms, i.e. the time key segments generated in the time period from the current time to the time delay of 1000ms are the same.
3. The symmetric encryption and decryption system based on key space-time fragmented storage as claimed in claim 1, characterized in that the spatial key segment generation module of the server generates spatial key segments in advance according to the longitude and latitude of the current position of each terminal, stores the spatial key segments in the database corresponding to the server where the spatial key segment generation module is located, and stores the spatial key segments in a one-to-one correspondence relationship with the spatial check codes.
4. The symmetric encryption and decryption method based on the key space-time fragmented storage is characterized by comprising the following steps of:
A. the terminal combines the information to be sent according to a specified format, and encrypts the combined plaintext, wherein the encryption mode is as follows: firstly, calling a space key segment generation module to generate a space key segment, then calling a time key segment generation module to generate a time key segment, and simultaneously calling a verification module to generate a space verification code and a time verification code; finally, calling a fixed key segment generation module to generate a fixed key segment, synthesizing the space key segment and the time key segment to generate a symmetric key, calling an algorithm to encrypt a plaintext into a ciphertext, and transmitting a time check code and a space check code to a server;
B. after receiving the request transmitted by the terminal, the server firstly checks the time check code, if the time check code is incorrect, decryption is not performed, the terminal is prompted to adjust time and synchronize with the server, if the time check code is correct, longitude and latitude data of the terminal are checked, after the check is passed, a subsequent decryption process is performed, and the decryption process is as follows: firstly, a time key section generation module of a server is called to generate a time key section, then a corresponding space key section is extracted according to a space check code, finally a fixed key section is generated by a fixed key section generation module, the time key section and the space key section are integrated to generate a symmetric key, and an algorithm is called to decrypt a ciphertext to obtain a plaintext;
C. after the server finishes processing according to the plaintext obtained by decryption, the server combines the response information into a response message according to a specified format, and encrypts the response message, wherein the encryption mode is as follows: a calling time key section generation module generates a time key section according to the current time, then uses a space key section used in decryption before, generates a fixed key section by a fixed key section generation module, integrates the time key section, the space key section and the fixed key section to generate a symmetric key, and calls an algorithm to encrypt a response message and feed back the response message to the terminal;
D. after receiving the encrypted response message, the terminal decrypts the message in the following way: firstly, calling a time key section generation module to generate a time key section according to the current system time; obtaining longitude and latitude according to the geographic position, and calling a space key section generation module to generate a space key; and finally, after the fixed key section is generated by the fixed key section generation module, integrating the time key section, the space key section and the fixed key section to generate corresponding keys, and calling an algorithm to decrypt the encrypted response message.
CN201611144255.0A 2016-12-13 2016-12-13 Symmetric encryption and decryption method and system based on key space-time fragmented storage Active CN106453426B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611144255.0A CN106453426B (en) 2016-12-13 2016-12-13 Symmetric encryption and decryption method and system based on key space-time fragmented storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611144255.0A CN106453426B (en) 2016-12-13 2016-12-13 Symmetric encryption and decryption method and system based on key space-time fragmented storage

Publications (2)

Publication Number Publication Date
CN106453426A CN106453426A (en) 2017-02-22
CN106453426B true CN106453426B (en) 2020-02-04

Family

ID=58217767

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611144255.0A Active CN106453426B (en) 2016-12-13 2016-12-13 Symmetric encryption and decryption method and system based on key space-time fragmented storage

Country Status (1)

Country Link
CN (1) CN106453426B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667605B (en) * 2018-04-25 2021-02-23 拉扎斯网络科技(上海)有限公司 Data encryption and decryption method and device
CN109462475B (en) * 2018-11-15 2021-08-13 泰康保险集团股份有限公司 Data encryption method, data decryption method and related devices
CN112770320A (en) * 2020-12-27 2021-05-07 常熟开关制造有限公司(原常熟开关厂) Circuit breaker communication method and device based on dynamic secret key
CN113794700A (en) * 2021-08-30 2021-12-14 合肥致存微电子有限责任公司 Remote USB (universal serial bus) flash disk data communication encryption method and device
CN113852462A (en) * 2021-09-27 2021-12-28 王健庭 Method and system for creating symmetric key without distribution and management

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101466144A (en) * 2009-01-15 2009-06-24 山东大学 Three-dimensional space-time combined encrypt communication apparatus based on GNSS and communication method thereof
CN105809070A (en) * 2016-03-14 2016-07-27 贵州大学 USB flash disk fingerprint authentication encryption method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101466144A (en) * 2009-01-15 2009-06-24 山东大学 Three-dimensional space-time combined encrypt communication apparatus based on GNSS and communication method thereof
CN105809070A (en) * 2016-03-14 2016-07-27 贵州大学 USB flash disk fingerprint authentication encryption method

Also Published As

Publication number Publication date
CN106453426A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN106453426B (en) Symmetric encryption and decryption method and system based on key space-time fragmented storage
CN101340279B (en) Method, system and apparatus for data ciphering and deciphering
EP2868029B1 (en) Key agreement for wireless communication
US8205080B2 (en) Over the air communication authentication using a device token
US9088408B2 (en) Key agreement using a key derivation key
CN111177801B (en) Signature method and device of electronic document, storage medium and electronic equipment
CN109168162B (en) Bluetooth communication encryption method and device and intelligent security equipment
US8296835B2 (en) Over the air communication authentication using a service token
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN112202556B (en) Security authentication method, device and system
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN105208028A (en) Data transmission method and related device and equipment
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
CN111224834B (en) Simulation test method, simulation test device, server and storage medium
CN104735484A (en) Method and device for playing video
CN105450413A (en) Password-setting method, device, and system
CN104836784A (en) Information processing method, client, and server
CN105262592A (en) Data interaction method and API interface
CN115632880B (en) Reliable data transmission and storage method and system based on state cryptographic algorithm
EP4344266A3 (en) Updating a subscriber identity module
CN102598575B (en) Method and system for the accelerated decryption of cryptographically protected user data units
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN111224958A (en) Data transmission method and system
CN113660725B (en) Positioning anti-cheating method, device and system, computer equipment and storage medium
CN107154920B (en) Encryption method and decryption method for security information and receiving device for receiving security information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant