CN108270563A - A kind of method for interchanging data and system based on SM2 Encryption Algorithm - Google Patents
A kind of method for interchanging data and system based on SM2 Encryption Algorithm Download PDFInfo
- Publication number
- CN108270563A CN108270563A CN201611250954.3A CN201611250954A CN108270563A CN 108270563 A CN108270563 A CN 108270563A CN 201611250954 A CN201611250954 A CN 201611250954A CN 108270563 A CN108270563 A CN 108270563A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- key
- parameter
- sending device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of method for interchanging data and system based on SM2 Encryption Algorithm, the method includes:Data sending device calls encryption device, and the required parameter is sent to data sink after calculating the parameter for obtaining data sending request;After data sink obtains required parameter, encryption device is called, after calculating the response parameter of the required parameter and calculating key, preserves to local, the response parameter for calculating acquisition is then sent to data sending device;After data sending device obtains response parameter, encryption device is called, is calculated and is obtained key and need the clear data transmitted with the key obtained encryption is calculated;Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved;After conversation end, data sending device and data sink delete respective key, and when initiating session next time, regeneration key pair carries out the encryption and decryption of data.
Description
Technical field
The present invention relates to field of data encryption, and more particularly, to a kind of data exchange based on SM2 Encryption Algorithm
System and method.
Background technology
During information system is built, since the business of each department has many differences, operation system is past
Toward being according to different business demands, using different technologies standard, based on different soft and hard part platform, even opened by different software
Send out what quotient provided, these multi-source heterogeneous information systems can not be directly realized by interconnection, if however, replacing completely existing
Operation system simultaneously is planned as a whole to create by same software developer, development cost and development cycle and people is allowed to be difficult to what is received;
If in addition, using according to specific connection requirement, meet particular problem, carrying out the mode of specific development can equally bring interface to hold
It raises difficult questions with the burden born, and the interface exploitation between operation system is yet considerably complicated, it is with high costs.It is, therefore, apparent that
There is an urgent need to a middleware platforms for we, can realize the number of different structure and form between each system based on unified mode
According to picture mutually convert, interconnection, and the data between each department service system are coordinated according to the unified definition of overall flow
Transmission and message communicating.This connection mode realizes the seamless exchange and share and access of data between operation system, ensure that
Effective collaboration of each operation system, while can guarantee the mutual independence and lower coupling of each application system again, it carries on the whole
The efficiency of high system operation and safety.
Web service technology based on XML, can be constructed on the basis of existing various heterogeneous platforms one it is general,
Technology layer unrelated with platform, language is unrelated.Application on various different platforms is realized mutual by this technology layer
Connection and integrated, changes current development mode and the expense and scale of application deployment, therefore XML language has become and solves now
The certainly transmission medium in heterogeneous database exchange platform.The safety problem of thing followed XML data processing becomes current data
Exchange one of bottleneck in application.
Data interchange platform is in the process of running there is many security risks, such as altered data and malicious modification data,
The XML data information that two switching computers of modification are transmitted by open network;Sensitivity, confidential data in exchange are not awarded
Entity intercepting and capturing of power etc..Therefore, how to ensure that Information Security of the data interchange platform in carrying out data transmission just becomes one
A urgent problem.
Invention content
In order to solve the above problem existing for background technology, the present invention provides a kind of data based on SM2 Encryption Algorithm and hands over
Method is changed, the method includes:
Data sending device calls encryption device, calculates the parameter for obtaining data sending request and sends out the required parameter
Give data sink;
After data sink obtains the required parameter, encryption device is called, calculates the response ginseng of the required parameter
After counting and calculating key according to the required parameter and the response parameter, preserve to local and send the response parameter
To data sending device;
After data sending device obtains the response parameter, encryption device is called, and according to the response parameter and described
Required parameter, which calculates, obtains key, and need the clear data transmitted with key encryption;
Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved;
And
After conversation end, data sending device and data sink delete respective key, and session is initiated when next time
When, regeneration key pair carries out the encryption and decryption of data.
Further, the encryption device used in the method uses domestic SM2 Encryption Algorithm.
Further, the data sending device and data sink carry out the biography of data by Internet network
It is defeated.
According to another aspect of the present invention, the present invention provides a kind of data exchange system based on SM2 Encryption Algorithm, described
System includes:
Data sending device is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink is used to receive by the encrypted ciphertext number of opposite equip. from opposite equip. by internet
According to;And
Encryption device is used to be encrypted to generate ciphertext using SM2 Encryption Algorithm and encryption secret key pair clear data
Data and the ciphertext data received are decrypted to generate clear data using decruption key.The process of key agreement
The participation of CA is not needed to, reduces calculation amount, that is especially applied under low consumption environment is more, while safety is also unlike certificate
Type is weak.
Further, the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.The algorithm has following relative to RSA Algorithm
Advantage:1) security performance improves;2) speed is run faster;3) memory space is small;4) domestic algorithm is without external available back door.
Further, the key pair including encryption secret key and decruption key of each key agreement generation is all interim,
And the auto-destruct after a conversation end, it is ensured that data exchange is more safe and reliable.
In conclusion method for interchanging data and system provided by the invention based on SM2 Encryption Algorithm, for data exchange
The initiator and recipient of request, before transmitting data, the both sides of communication generate a pair of of symmetric key by key agreement, should
Key is based on supporting the encryption device of the domestic Encryption Algorithm of SM2 to generate, and safety higher, before transmission data, data are through key
Encryption, recipient receives decrypts ciphertext before ciphertext data loading again, and after a conversation end, communicating pair is destroyed respectively close
Key has fully ensured that the safety of data in data exchange process.
Description of the drawings
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the flow chart of the method for interchanging data based on SM2 Encryption Algorithm of the specific embodiment of the invention;And
Fig. 2 is the structure chart of the data exchange system based on SM2 Encryption Algorithm of the specific embodiment of the invention.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes
Formula is implemented, and be not limited to the embodiment described herein, and to provide these embodiments be to disclose at large and fully
The present invention, and fully convey the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon is remembered.
Unless otherwise indicated, term used herein has person of ordinary skill in the field (including scientific and technical terminology)
It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its
The linguistic context of related field has consistent meaning, and is not construed as Utopian or too formal meaning.
The flow chart of the method for interchanging data based on SM2 Encryption Algorithm of Fig. 1 specific embodiment of the invention.Such as Fig. 1 institutes
Show, the method for interchanging data based on SM2 Encryption Algorithm is since step S101.
In step S101, data sending device calls encryption device, calculates the parameter that obtains data sending request and by institute
It states required parameter and is sent to data sink.
In step S102, after data sink obtains the required parameter, encryption device is called, calculates the request ginseng
Several response parameter and after calculating key according to the required parameter and the response parameter is preserved to local and by the sound
Parameter is answered to be sent to data sending device;
In step S103, after data sending device obtains the response parameter, encryption device is called, and according to the response
Parameter and the required parameter, which calculate, obtains key, and need the clear data transmitted with key encryption;
It is written in step S104, the data sink secret key decryption cipher-text information locally preserved and by the data of decryption
Local data base.
After step S105, conversation end, data sending device and data sink delete respective key, instantly
During secondary initiation session, regeneration key pair carries out the encryption and decryption of data.
Preferably, the encryption device used in the method uses domestic SM2 Encryption Algorithm.
Preferably, the data sending device and data sink carry out the transmission of data by Internet network.
Fig. 2 is the structure chart of the data exchange system based on SM2 Encryption Algorithm of the specific embodiment of the invention.As shown in Fig. 2, it is based on
The data exchange system 200 of SM2 Encryption Algorithm includes data sending device 201, data sink 202 and encryption device 203.
Data sending device 201 is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink 202 is used to receive by the encrypted ciphertext of opposite equip. from opposite equip. by internet
Data;And
Encryption device 203 is used to be encrypted using SM2 Encryption Algorithm and encryption secret key pair clear data close to generate
Literary data and the ciphertext data received are decrypted to generate clear data using decruption key.The mistake of key agreement
Journey does not need to the participation of CA, reduces calculation amount, and that is especially applied under low consumption environment is more, while safety is also unlike card
Book type is weak.
Preferably, the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.The algorithm has following excellent relative to RSA Algorithm
Point:1) security performance improves;2) speed is run faster;3) memory space is small;4) domestic algorithm is without external available back door.
Preferably, it is all interim that each key agreement generated, which includes encryption secret key and the key pair of decruption key, and
And the auto-destruct after a conversation end, it is ensured that data exchange is more safe and reliable.
By the way that above embodiments describe the present invention.However, it is known in those skilled in the art, as subsidiary
Patent right requirement limited, in addition to the present invention other embodiments disclosed above are equally fallen in the scope of the present invention
It is interior.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field
It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do【Device, component etc.】" all it is opened ground
At least one of described device, component etc. example is construed to, unless otherwise expressly specified.Any method disclosed herein
Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.
Claims (6)
1. a kind of method for interchanging data based on SM2 Encryption Algorithm, which is characterized in that the method includes:
Data sending device calls encryption device, calculates the parameter for obtaining data sending request and is sent to the required parameter
Data sink;
After data sink obtains the required parameter, encryption device is called, calculates the response parameter of the required parameter simultaneously
After calculating key according to the required parameter and the response parameter, preserve to local and the response parameter is sent to number
According to sending device;
After data sending device obtains the response parameter, encryption device is called, and according to the response parameter and the request
Parameter, which calculates, obtains key, and need the clear data transmitted with key encryption;
Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved;And
After conversation end, data sending device and data sink delete respective key, when initiating session next time, then
Generate encryption and decryption that key pair carries out data.
2. according to the method described in claim 1, it is characterized in that, the encryption device uses domestic SM2 Encryption Algorithm.
3. according to the method described in claim 1, it is characterized in that, the data sending device and data sink pass through
Internet network carries out the transmission of data.
4. a kind of data exchange system based on SM2 Encryption Algorithm, which is characterized in that the system comprises:
Data sending device is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink is used to receive by the encrypted ciphertext data of opposite equip. from opposite equip. by internet;With
And
Encryption device is used to be encrypted to generate ciphertext data using SM2 Encryption Algorithm and encryption secret key pair clear data,
And the ciphertext data received are decrypted to generate clear data using decruption key.
5. system according to claim 4, which is characterized in that the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.
6. system according to claim 4, which is characterized in that each key agreement generated includes encryption secret key and decryption
The key pair of key is all interim, and the auto-destruct after a conversation end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250954.3A CN108270563A (en) | 2016-12-30 | 2016-12-30 | A kind of method for interchanging data and system based on SM2 Encryption Algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250954.3A CN108270563A (en) | 2016-12-30 | 2016-12-30 | A kind of method for interchanging data and system based on SM2 Encryption Algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108270563A true CN108270563A (en) | 2018-07-10 |
Family
ID=62754162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611250954.3A Pending CN108270563A (en) | 2016-12-30 | 2016-12-30 | A kind of method for interchanging data and system based on SM2 Encryption Algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108270563A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109448208A (en) * | 2019-01-08 | 2019-03-08 | 青岛海信智慧家居系统股份有限公司 | A kind of method for unlocking and control device of intelligent door lock |
CN110445757A (en) * | 2019-07-05 | 2019-11-12 | 中国平安人寿保险股份有限公司 | Personnel information encryption method, device, computer equipment and storage medium |
CN111723390A (en) * | 2020-06-28 | 2020-09-29 | 天津理工大学 | Commercial data protection method and system based on supply chain management |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102761411A (en) * | 2011-04-27 | 2012-10-31 | 航天信息股份有限公司 | P element field SM2 elliptic curve key agreement system |
CN102938696A (en) * | 2011-08-15 | 2013-02-20 | 国民技术股份有限公司 | Generating method of session key and module |
CN105306492A (en) * | 2015-11-25 | 2016-02-03 | 成都三零瑞通移动通信有限公司 | Asynchronous key negotiation method and device aiming at secure instant messaging |
-
2016
- 2016-12-30 CN CN201611250954.3A patent/CN108270563A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102761411A (en) * | 2011-04-27 | 2012-10-31 | 航天信息股份有限公司 | P element field SM2 elliptic curve key agreement system |
CN102938696A (en) * | 2011-08-15 | 2013-02-20 | 国民技术股份有限公司 | Generating method of session key and module |
CN105306492A (en) * | 2015-11-25 | 2016-02-03 | 成都三零瑞通移动通信有限公司 | Asynchronous key negotiation method and device aiming at secure instant messaging |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109448208A (en) * | 2019-01-08 | 2019-03-08 | 青岛海信智慧家居系统股份有限公司 | A kind of method for unlocking and control device of intelligent door lock |
CN109448208B (en) * | 2019-01-08 | 2021-03-02 | 青岛海信智慧家居系统股份有限公司 | Unlocking method and control device of intelligent door lock |
CN110445757A (en) * | 2019-07-05 | 2019-11-12 | 中国平安人寿保险股份有限公司 | Personnel information encryption method, device, computer equipment and storage medium |
CN111723390A (en) * | 2020-06-28 | 2020-09-29 | 天津理工大学 | Commercial data protection method and system based on supply chain management |
CN111723390B (en) * | 2020-06-28 | 2023-04-07 | 天津理工大学 | Commercial data protection method and system based on supply chain management |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Deco: Liberating web data using decentralized oracles for tls | |
CN106779636B (en) | Block chain digital currency wallet based on mobile phone earphone interface | |
WO2018000317A1 (en) | Secure data processing | |
Misra et al. | A unique key sharing protocol among three users using non-commutative group for electronic health record system | |
Al-Bakri et al. | Securing peer-to-peer mobile communications using public key cryptography: New security strategy | |
CN104917807B (en) | Resource transfers methods, devices and systems | |
CN110197433B (en) | Numerical value transferring method, device and system | |
WO2021082647A1 (en) | Federated learning system, training result aggregation method, and device | |
CN111555880B (en) | Data collision method and device, storage medium and electronic equipment | |
CN110460674A (en) | A kind of information-pushing method, apparatus and system | |
CN108270563A (en) | A kind of method for interchanging data and system based on SM2 Encryption Algorithm | |
CN112734423A (en) | Transaction method based on block chain and terminal equipment | |
Dixon et al. | Using temporal logics of knowledge in the formal verification of security protocols | |
CN108011856A (en) | A kind of method and apparatus for transmitting data | |
CN112261015B (en) | Information sharing method, platform, system and electronic equipment based on block chain | |
CN113595722A (en) | Quantum security key synchronization method and device, electronic equipment and storage medium | |
CN116049851B (en) | Ciphertext processing system and method based on full homomorphic encryption | |
KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
Magri et al. | Everlasting UC commitments from fully malicious PUFs | |
EP4125236A1 (en) | Secret code verification protocol | |
CN110419195A (en) | Data managing method and system in IOT lightweight terminal environments based on proxy re-encryption | |
Wen et al. | Unified security model of authenticated key exchange with specific adversarial capabilities | |
Li et al. | Security against subversion in a multi-surveillant setting | |
Lv et al. | Key management for Smart Grid based on asymmetric key-wrapping | |
CN112348674A (en) | Block chain transaction data storage and acquisition method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180710 |
|
RJ01 | Rejection of invention patent application after publication |