CN108270563A - A kind of method for interchanging data and system based on SM2 Encryption Algorithm - Google Patents

A kind of method for interchanging data and system based on SM2 Encryption Algorithm Download PDF

Info

Publication number
CN108270563A
CN108270563A CN201611250954.3A CN201611250954A CN108270563A CN 108270563 A CN108270563 A CN 108270563A CN 201611250954 A CN201611250954 A CN 201611250954A CN 108270563 A CN108270563 A CN 108270563A
Authority
CN
China
Prior art keywords
data
encryption
key
parameter
sending device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611250954.3A
Other languages
Chinese (zh)
Inventor
梁宵
耿方
杜悦琨
张梦
孟媛媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201611250954.3A priority Critical patent/CN108270563A/en
Publication of CN108270563A publication Critical patent/CN108270563A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of method for interchanging data and system based on SM2 Encryption Algorithm, the method includes:Data sending device calls encryption device, and the required parameter is sent to data sink after calculating the parameter for obtaining data sending request;After data sink obtains required parameter, encryption device is called, after calculating the response parameter of the required parameter and calculating key, preserves to local, the response parameter for calculating acquisition is then sent to data sending device;After data sending device obtains response parameter, encryption device is called, is calculated and is obtained key and need the clear data transmitted with the key obtained encryption is calculated;Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved;After conversation end, data sending device and data sink delete respective key, and when initiating session next time, regeneration key pair carries out the encryption and decryption of data.

Description

A kind of method for interchanging data and system based on SM2 Encryption Algorithm
Technical field
The present invention relates to field of data encryption, and more particularly, to a kind of data exchange based on SM2 Encryption Algorithm System and method.
Background technology
During information system is built, since the business of each department has many differences, operation system is past Toward being according to different business demands, using different technologies standard, based on different soft and hard part platform, even opened by different software Send out what quotient provided, these multi-source heterogeneous information systems can not be directly realized by interconnection, if however, replacing completely existing Operation system simultaneously is planned as a whole to create by same software developer, development cost and development cycle and people is allowed to be difficult to what is received; If in addition, using according to specific connection requirement, meet particular problem, carrying out the mode of specific development can equally bring interface to hold It raises difficult questions with the burden born, and the interface exploitation between operation system is yet considerably complicated, it is with high costs.It is, therefore, apparent that There is an urgent need to a middleware platforms for we, can realize the number of different structure and form between each system based on unified mode According to picture mutually convert, interconnection, and the data between each department service system are coordinated according to the unified definition of overall flow Transmission and message communicating.This connection mode realizes the seamless exchange and share and access of data between operation system, ensure that Effective collaboration of each operation system, while can guarantee the mutual independence and lower coupling of each application system again, it carries on the whole The efficiency of high system operation and safety.
Web service technology based on XML, can be constructed on the basis of existing various heterogeneous platforms one it is general, Technology layer unrelated with platform, language is unrelated.Application on various different platforms is realized mutual by this technology layer Connection and integrated, changes current development mode and the expense and scale of application deployment, therefore XML language has become and solves now The certainly transmission medium in heterogeneous database exchange platform.The safety problem of thing followed XML data processing becomes current data Exchange one of bottleneck in application.
Data interchange platform is in the process of running there is many security risks, such as altered data and malicious modification data, The XML data information that two switching computers of modification are transmitted by open network;Sensitivity, confidential data in exchange are not awarded Entity intercepting and capturing of power etc..Therefore, how to ensure that Information Security of the data interchange platform in carrying out data transmission just becomes one A urgent problem.
Invention content
In order to solve the above problem existing for background technology, the present invention provides a kind of data based on SM2 Encryption Algorithm and hands over Method is changed, the method includes:
Data sending device calls encryption device, calculates the parameter for obtaining data sending request and sends out the required parameter Give data sink;
After data sink obtains the required parameter, encryption device is called, calculates the response ginseng of the required parameter After counting and calculating key according to the required parameter and the response parameter, preserve to local and send the response parameter To data sending device;
After data sending device obtains the response parameter, encryption device is called, and according to the response parameter and described Required parameter, which calculates, obtains key, and need the clear data transmitted with key encryption;
Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved; And
After conversation end, data sending device and data sink delete respective key, and session is initiated when next time When, regeneration key pair carries out the encryption and decryption of data.
Further, the encryption device used in the method uses domestic SM2 Encryption Algorithm.
Further, the data sending device and data sink carry out the biography of data by Internet network It is defeated.
According to another aspect of the present invention, the present invention provides a kind of data exchange system based on SM2 Encryption Algorithm, described System includes:
Data sending device is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink is used to receive by the encrypted ciphertext number of opposite equip. from opposite equip. by internet According to;And
Encryption device is used to be encrypted to generate ciphertext using SM2 Encryption Algorithm and encryption secret key pair clear data Data and the ciphertext data received are decrypted to generate clear data using decruption key.The process of key agreement The participation of CA is not needed to, reduces calculation amount, that is especially applied under low consumption environment is more, while safety is also unlike certificate Type is weak.
Further, the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.The algorithm has following relative to RSA Algorithm Advantage:1) security performance improves;2) speed is run faster;3) memory space is small;4) domestic algorithm is without external available back door.
Further, the key pair including encryption secret key and decruption key of each key agreement generation is all interim, And the auto-destruct after a conversation end, it is ensured that data exchange is more safe and reliable.
In conclusion method for interchanging data and system provided by the invention based on SM2 Encryption Algorithm, for data exchange The initiator and recipient of request, before transmitting data, the both sides of communication generate a pair of of symmetric key by key agreement, should Key is based on supporting the encryption device of the domestic Encryption Algorithm of SM2 to generate, and safety higher, before transmission data, data are through key Encryption, recipient receives decrypts ciphertext before ciphertext data loading again, and after a conversation end, communicating pair is destroyed respectively close Key has fully ensured that the safety of data in data exchange process.
Description of the drawings
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the flow chart of the method for interchanging data based on SM2 Encryption Algorithm of the specific embodiment of the invention;And
Fig. 2 is the structure chart of the data exchange system based on SM2 Encryption Algorithm of the specific embodiment of the invention.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to attached drawing, however, the present invention can use many different shapes Formula is implemented, and be not limited to the embodiment described herein, and to provide these embodiments be to disclose at large and fully The present invention, and fully convey the scope of the present invention to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached Icon is remembered.
Unless otherwise indicated, term used herein has person of ordinary skill in the field (including scientific and technical terminology) It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its The linguistic context of related field has consistent meaning, and is not construed as Utopian or too formal meaning.
The flow chart of the method for interchanging data based on SM2 Encryption Algorithm of Fig. 1 specific embodiment of the invention.Such as Fig. 1 institutes Show, the method for interchanging data based on SM2 Encryption Algorithm is since step S101.
In step S101, data sending device calls encryption device, calculates the parameter that obtains data sending request and by institute It states required parameter and is sent to data sink.
In step S102, after data sink obtains the required parameter, encryption device is called, calculates the request ginseng Several response parameter and after calculating key according to the required parameter and the response parameter is preserved to local and by the sound Parameter is answered to be sent to data sending device;
In step S103, after data sending device obtains the response parameter, encryption device is called, and according to the response Parameter and the required parameter, which calculate, obtains key, and need the clear data transmitted with key encryption;
It is written in step S104, the data sink secret key decryption cipher-text information locally preserved and by the data of decryption Local data base.
After step S105, conversation end, data sending device and data sink delete respective key, instantly During secondary initiation session, regeneration key pair carries out the encryption and decryption of data.
Preferably, the encryption device used in the method uses domestic SM2 Encryption Algorithm.
Preferably, the data sending device and data sink carry out the transmission of data by Internet network. Fig. 2 is the structure chart of the data exchange system based on SM2 Encryption Algorithm of the specific embodiment of the invention.As shown in Fig. 2, it is based on The data exchange system 200 of SM2 Encryption Algorithm includes data sending device 201, data sink 202 and encryption device 203.
Data sending device 201 is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink 202 is used to receive by the encrypted ciphertext of opposite equip. from opposite equip. by internet Data;And
Encryption device 203 is used to be encrypted using SM2 Encryption Algorithm and encryption secret key pair clear data close to generate Literary data and the ciphertext data received are decrypted to generate clear data using decruption key.The mistake of key agreement Journey does not need to the participation of CA, reduces calculation amount, and that is especially applied under low consumption environment is more, while safety is also unlike card Book type is weak.
Preferably, the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.The algorithm has following excellent relative to RSA Algorithm Point:1) security performance improves;2) speed is run faster;3) memory space is small;4) domestic algorithm is without external available back door.
Preferably, it is all interim that each key agreement generated, which includes encryption secret key and the key pair of decruption key, and And the auto-destruct after a conversation end, it is ensured that data exchange is more safe and reliable.
By the way that above embodiments describe the present invention.However, it is known in those skilled in the art, as subsidiary Patent right requirement limited, in addition to the present invention other embodiments disclosed above are equally fallen in the scope of the present invention It is interior.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do【Device, component etc.】" all it is opened ground At least one of described device, component etc. example is construed to, unless otherwise expressly specified.Any method disclosed herein Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.

Claims (6)

1. a kind of method for interchanging data based on SM2 Encryption Algorithm, which is characterized in that the method includes:
Data sending device calls encryption device, calculates the parameter for obtaining data sending request and is sent to the required parameter Data sink;
After data sink obtains the required parameter, encryption device is called, calculates the response parameter of the required parameter simultaneously After calculating key according to the required parameter and the response parameter, preserve to local and the response parameter is sent to number According to sending device;
After data sending device obtains the response parameter, encryption device is called, and according to the response parameter and the request Parameter, which calculates, obtains key, and need the clear data transmitted with key encryption;
Simultaneously local data base is written in the data of decryption by the data sink secret key decryption cipher-text information locally preserved;And
After conversation end, data sending device and data sink delete respective key, when initiating session next time, then Generate encryption and decryption that key pair carries out data.
2. according to the method described in claim 1, it is characterized in that, the encryption device uses domestic SM2 Encryption Algorithm.
3. according to the method described in claim 1, it is characterized in that, the data sending device and data sink pass through Internet network carries out the transmission of data.
4. a kind of data exchange system based on SM2 Encryption Algorithm, which is characterized in that the system comprises:
Data sending device is used to that opposite equip. will to be sent to by encrypted ciphertext data by internet;
Data sink is used to receive by the encrypted ciphertext data of opposite equip. from opposite equip. by internet;With And
Encryption device is used to be encrypted to generate ciphertext data using SM2 Encryption Algorithm and encryption secret key pair clear data, And the ciphertext data received are decrypted to generate clear data using decruption key.
5. system according to claim 4, which is characterized in that the SM2 Encryption Algorithm is domestic SM2 Encryption Algorithm.
6. system according to claim 4, which is characterized in that each key agreement generated includes encryption secret key and decryption The key pair of key is all interim, and the auto-destruct after a conversation end.
CN201611250954.3A 2016-12-30 2016-12-30 A kind of method for interchanging data and system based on SM2 Encryption Algorithm Pending CN108270563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611250954.3A CN108270563A (en) 2016-12-30 2016-12-30 A kind of method for interchanging data and system based on SM2 Encryption Algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611250954.3A CN108270563A (en) 2016-12-30 2016-12-30 A kind of method for interchanging data and system based on SM2 Encryption Algorithm

Publications (1)

Publication Number Publication Date
CN108270563A true CN108270563A (en) 2018-07-10

Family

ID=62754162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611250954.3A Pending CN108270563A (en) 2016-12-30 2016-12-30 A kind of method for interchanging data and system based on SM2 Encryption Algorithm

Country Status (1)

Country Link
CN (1) CN108270563A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109448208A (en) * 2019-01-08 2019-03-08 青岛海信智慧家居系统股份有限公司 A kind of method for unlocking and control device of intelligent door lock
CN110445757A (en) * 2019-07-05 2019-11-12 中国平安人寿保险股份有限公司 Personnel information encryption method, device, computer equipment and storage medium
CN111723390A (en) * 2020-06-28 2020-09-29 天津理工大学 Commercial data protection method and system based on supply chain management

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102761411A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 P element field SM2 elliptic curve key agreement system
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN105306492A (en) * 2015-11-25 2016-02-03 成都三零瑞通移动通信有限公司 Asynchronous key negotiation method and device aiming at secure instant messaging

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102761411A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 P element field SM2 elliptic curve key agreement system
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN105306492A (en) * 2015-11-25 2016-02-03 成都三零瑞通移动通信有限公司 Asynchronous key negotiation method and device aiming at secure instant messaging

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109448208A (en) * 2019-01-08 2019-03-08 青岛海信智慧家居系统股份有限公司 A kind of method for unlocking and control device of intelligent door lock
CN109448208B (en) * 2019-01-08 2021-03-02 青岛海信智慧家居系统股份有限公司 Unlocking method and control device of intelligent door lock
CN110445757A (en) * 2019-07-05 2019-11-12 中国平安人寿保险股份有限公司 Personnel information encryption method, device, computer equipment and storage medium
CN111723390A (en) * 2020-06-28 2020-09-29 天津理工大学 Commercial data protection method and system based on supply chain management
CN111723390B (en) * 2020-06-28 2023-04-07 天津理工大学 Commercial data protection method and system based on supply chain management

Similar Documents

Publication Publication Date Title
Zhang et al. Deco: Liberating web data using decentralized oracles for tls
CN106779636B (en) Block chain digital currency wallet based on mobile phone earphone interface
WO2018000317A1 (en) Secure data processing
Misra et al. A unique key sharing protocol among three users using non-commutative group for electronic health record system
Al-Bakri et al. Securing peer-to-peer mobile communications using public key cryptography: New security strategy
CN104917807B (en) Resource transfers methods, devices and systems
CN110197433B (en) Numerical value transferring method, device and system
WO2021082647A1 (en) Federated learning system, training result aggregation method, and device
CN111555880B (en) Data collision method and device, storage medium and electronic equipment
CN110460674A (en) A kind of information-pushing method, apparatus and system
CN108270563A (en) A kind of method for interchanging data and system based on SM2 Encryption Algorithm
CN112734423A (en) Transaction method based on block chain and terminal equipment
Dixon et al. Using temporal logics of knowledge in the formal verification of security protocols
CN108011856A (en) A kind of method and apparatus for transmitting data
CN112261015B (en) Information sharing method, platform, system and electronic equipment based on block chain
CN113595722A (en) Quantum security key synchronization method and device, electronic equipment and storage medium
CN116049851B (en) Ciphertext processing system and method based on full homomorphic encryption
KR101760376B1 (en) Terminal and method for providing secure messenger service
Magri et al. Everlasting UC commitments from fully malicious PUFs
EP4125236A1 (en) Secret code verification protocol
CN110419195A (en) Data managing method and system in IOT lightweight terminal environments based on proxy re-encryption
Wen et al. Unified security model of authenticated key exchange with specific adversarial capabilities
Li et al. Security against subversion in a multi-surveillant setting
Lv et al. Key management for Smart Grid based on asymmetric key-wrapping
CN112348674A (en) Block chain transaction data storage and acquisition method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710

RJ01 Rejection of invention patent application after publication