CN109194467A - A kind of safe transmission method and system of encryption data - Google Patents
A kind of safe transmission method and system of encryption data Download PDFInfo
- Publication number
- CN109194467A CN109194467A CN201810706456.8A CN201810706456A CN109194467A CN 109194467 A CN109194467 A CN 109194467A CN 201810706456 A CN201810706456 A CN 201810706456A CN 109194467 A CN109194467 A CN 109194467A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- encryption
- interpolation
- keyn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
A kind of safe transmission method and system of encryption data, two equipment rooms negotiate an encryption key serial number n in this method, sending device utilizes the KEYn key and serial number n check code progress Hash operation in encryption chip according to Key Sequence Number n, a temporary key KEYn_SHA is generated, sending device carries out exclusive or processing to data to be transmitted using temporary key KEYn_SHA and generates encrypted data.The invention also includes a kind of secure transmission systems of encryption data.The present invention can realize the verifying of the mirror fixed sum data integrality of signature in process of data communication, ensure that the safety of device talk and the integrality of data.
Description
Technical field
The present invention relates to radio network technique field more particularly to the safe transmission methods and system of a kind of encryption data.
Background technique
In wireless self-organization network, wireless sensor network field, due to the opening of wireless communication signal, by wireless
Signal transmits plaintext communication data, is very easy to that communication data is intercepted and captured and analyzed by third party, so as to cause in wireless network
Critical data leakage, serious person will appear illegal invasion person camouflage invasion wireless network, leading to wireless network communication not just
Often, to reach the illegal purpose of malice invader.
Although there is least a portion of product to carry out encryption to upgrade procedure and communication data at present, equipment ensure that
Safety, but in wireless self-organization network, wireless sensor network and embedded system, according to international such as DES
With the symmetric encipherment algorithms such as AES data encryption is carried out, but is constrained to the code space and processor of embedded type CPU processor
Arithmetic speed, encrypting and decrypting efficiency are very low;According to simple single encryption technology, and it is easy to be broken by the third party of malice
Solution, so that the purpose of encryption be not achieved.How to realize the encryption being simple and efficient and safe transmission is carried out to encryption data and has become
Urgent problem at present.
Summary of the invention
The present invention devises the safe transmission method and system of a kind of encryption data, and this method can be in process of data communication
The verifying of the middle mirror fixed sum data integrality for realizing signature, ensure that the safety of device talk and the integrality of data.
The technical solution adopted in the present invention is as follows:
A kind of safe transmission method of encryption data, it is characterised in that include the following steps:
Step 1, two equipment rooms negotiate an encryption key serial number n;
Step 2, sending device according to Key Sequence Number n using in encryption chip KEYn key and serial number n check code carry out
Hash operation generates a temporary key KEYn_SHA;
Step 3, sending device carries out exclusive or processing to data to be transmitted using temporary key KEYn_SHA and generates encryption
Data afterwards;
Step 4, sending device sends encrypted data;
Further, after step 4 further include: step 5, after receiving device receives rear encryption data, also according to negotiation
Key Sequence Number n and key KEYn generates temporary key KEYn_SHA.
Further, after step 5 further include: step 6, receiving device is according to temporary key KEYn_SHA to received encryption
Data carry out exclusive or decryption.
Further, every when carrying out one and taking turns the decryption processing, need to extract from cryptographic digest corresponding exclusive or abstract,
Interpolation abstract is made a summary with value;Include the steps that interpolation is rejected in the decryption processing, when carrying out interpolation rejecting, due to interpolation
Sequence be according to upgrade procedure interpolation from front to back, then need according to upgrade procedure from back to front according to byte-aligned number into
Row traverses all binary data reversely to reject interpolation.
Further, the interpolation rejecting includes: to select some 32 byte packet in encrypted cipher text according to byte-aligned
INS moves to right grouping INS according to exclusive or shift amount to obtain an interpolated data DATA_TMP, and DATA_TMP is utilized KEY
Matching way matches the KEY key in encryption chip, and interpolated data INS is correctly then rejected in matching, and records DATA_ in memory
TMP is the KEY key of some serial number;The KEY key inside all encryption chips can be gradually matched during subsequent rejecting,
After all cipher key match come out after, can directly according to match come record in memory DATA_TMP key progress interpolation
Rejecting.
A kind of secure transmission system of encryption data, which is characterized in that the secure transmission system includes:
Consulting device, two equipment rooms negotiate an encryption key serial number n,
Sending device utilizes the KEYn key and serial number n check code progress Hash fortune in encryption chip according to Key Sequence Number n
It calculates, generates a temporary key KEYn_SHA, sending device carries out data to be transmitted using temporary key KEYn_SHA different
Or processing generates encrypted data, sends encrypted data.
Further, secure transmission system further include: receiving device receives encryption data, and encrypts number upon receipt
According to rear, temporary key KEYn_SHA is generated also according to the Key Sequence Number n and key KEYn of negotiation.
Further, receiving device carries out exclusive or decryption to received encryption data according to temporary key KEYn_SHA.
Further, every when carrying out one and taking turns the decryption processing, need to extract from cryptographic digest corresponding exclusive or abstract,
Interpolation abstract is made a summary with value;
Include the steps that in the decryption processing interpolation reject, when carrying out interpolation rejecting, due to the sequence of interpolation be by
According to upgrade procedure interpolation from front to back, then need reversely to be traversed according to byte-aligned number from back to front according to upgrade procedure
All binary data rejects interpolation.
Further, the interpolation rejecting includes: to select some 32 byte packet in encrypted cipher text according to byte-aligned
INS moves to right grouping INS according to exclusive or shift amount to obtain an interpolated data DATA_TMP, and DATA_TMP is utilized KEY
Matching way matches the KEY key in encryption chip, and interpolated data INS is correctly then rejected in matching, and records DATA_ in memory
TMP is the KEY key of some serial number;The KEY key inside all encryption chips can be gradually matched during subsequent rejecting,
After all cipher key match come out after, can directly according to match come record in memory DATA_TMP key progress interpolation
Rejecting.
Beneficial effects of the present invention are as follows compared with prior art:
The present invention is also encrypted the data in Wireless Communication Equipment communication process, guarantees legal wireless network
Equipment can reliable communicating, avoid the equipment of third party's malice and device steal wireless network communication data and illegal invasion attack
Wireless communication networks, guarantee the confidentiality of wireless network communication data, Anti-theft, wireless network attack protection, improve nothing
The robustness of gauze network and safety, reliability.
Detailed description of the invention
Fig. 1 is the flow diagram of the safe transmission of encryption data;
Fig. 2 is Wireless Communication Equipment structural schematic diagram.
Specific embodiment
In order to better illustrate the present invention, technical solution is made now in conjunction with specific embodiment and Figure of description further
Explanation.Although describing these specific embodiments in embodiment, however, it is not to limit the invention, any affiliated skill
Have usually intellectual in art field, without departing from the spirit and scope of the present invention, when can make some changes and embellishment, therefore
The scope of protection of the present invention is defined by those of the claims.
The present invention solves encryption data in the bright of remote server and upgrading terminals equipment room by following a few points
The safety issue of text transmission:
1) it is sent by two Data Concurrents of generating random number USER_ID_TMP, DIGEST_DATA_NEW of remote server
Give updating apparatus terminal;
2) updating apparatus terminal is by traversing whole key KEY1~16 and USER_ in the encryption chip inside equipment
ID_TMP carries out the temporary decryption data of Hash operation production, therefrom extracts two ciphertext datas and completes cryptographic digest data
Decryption reduction;
3) as long as upgrading terminals device request cryptographic digest data and when being encrypted data deciphering every time, participate in fortune every time
The random number TMP of calculation is different, and USER_ID_TMP, DIGEST_DATA_NEW of generation are different from every time;
4) these three data of USER_ID_TMP, DIGEST_DATA_NEW, DIGEST_DATA_SHA are all to pass through SHA256
Hash operation obtains, reversely can not directly solve its initial data, is merely able to whole keys KEY1~16 in traversal encryption chip
Complete cryptographic digest data convert;
5) after the cryptographic digest data of remote server encryption, the encryption key inside upgrading terminals equipment is stored in encryption
In chip, and the KEY key of encryption chip cannot be read in any manner, can only SHA256 operation intermediate result and
These three data informations of USER_ID_TMP, DIGEST_DATA_NEW, DIGEST_DATA_SHA can just be known after being compared matching
Whether the key that road selects when encrypting is correct;
6) when calculating DIGEST_DATA_SHA and DIGEST_DATA_SHA_X, the ID of updating apparatus terminal is participated in breathing out
Uncommon operation, due to the device id be respectively stored in remote server data library and the hardware device of updating apparatus terminal in, and
It transmits in the wireless network and does not need to carry the ID value in the instruction of cryptographic digest request of data, avoid upgrading terminals device id
The leakage of value, enhances encryption intensity, if the upgrading terminals device id, which is changed to an agreement dynamic data, participates in cryptographic calculation,
The data are dynamically converted in real time every time, the difficulty for decrypting cryptographic digest data will greatly improve;
7) the temporary key KEY_SHA that the cryptographic digest that the present invention describes carries out exclusive or encryption is 2 32 bytes, if by different
Or the temporary key KEY_SHA of encryption increases for 4,8 or more, then the difficulty of reversed exclusive or decryption will be again at multiplication
Add;
It ensure that the safe transmission of encryption key data using above-mentioned 7 measures, even if disclosing adding for encryption key
In the case where close algorithm, invader has intercepted and captured the ciphertext block data of encryption key, can not acquire KEY in encryption chip hardware
In the case where, it is also difficult to it decrypts encryption key in plain text, ensure that the safety of data transmission.
The method that the present invention describes is transmitted for realizing the encrypted secure of Wireless Communication Equipment communication data, high safety
The Data Encryption Transmission step of rank is identical with the encrypted transmission step of cryptographic digest data, if not needing this high security level
Encryption data processing, can by encrypting step simplify carry out data security transmission:
1) two equipment rooms negotiate an encryption key serial number n;
2) sending device utilizes the KEYn key and serial number n check code progress Hash in encryption chip according to Key Sequence Number n
Operation generates a temporary key KEYn_SHA;
3) sending device generates data to be transmitted progress exclusive or processing using temporary key KEYn_SHA encrypted
Data;
4) sending device sends encrypted data;
5) it after receiving device receives rear encryption data, is generated temporarily also according to the Key Sequence Number n and key KEYn of negotiation
Key KEYn_SHA;
6) receiving device carries out exclusive or decryption to received encryption data according to temporary key KEYn_SHA.
The decryption oprerations of upgrade procedure encrypted cipher text of the invention are the inverse process of cryptographic operation, in decrypting process just like
Under several decryption main points:
1) when every one wheel decryption processing of progress, need to extract corresponding exclusive or abstract from cryptographic digest, interpolation makes a summary, is same
Value abstract;
2) when carrying out interpolation rejecting, since the sequence of interpolation therefore is carried out slotting according to upgrade procedure interpolation from front to back
When value is rejected, need reversely to be traversed all binary data according to byte-aligned number from back to front according to upgrade procedure
Reject interpolation;
3) method that interpolation is rejected are as follows: some 32 byte packet INS is selected in encrypted cipher text according to byte-aligned, by this
Grouping INS moves to right to obtain an interpolated data DATA_TMP according to exclusive or shift amount, and DATA_TMP is utilized KEY matching way
The KEY key in encryption chip is matched, interpolated data INS is correctly then rejected in matching, and is some in memory record DATA_TMP
The KEY key of serial number;The KEY key inside all encryption chips can be gradually matched during subsequent rejecting, to all close
Key match come after, can directly according to match come record in memory DATA_TMP key progress interpolation rejecting,
To accelerate the speed of interpolation rejecting, and the number of the hardware communication of CPU processor and encryption chip is reduced, improves key safety
Property;
3) it is grouped pretreated decryption, the benefit being inserted into grouping preprocessing process is equally rejected by the way of from back to front
Neat data.
The present invention carries out encryption production two parts of encrypted cipher text and cryptographic digest, and two for upgrade procedure and data
Part is transmitted with approach in different ways, ensure that the safety of encryption data, solves encryption key distribution management appearance
The problem of easily revealing is decrypted operation and also needs to use hardware encryption chip even if cryptographic digest data are leaked and crack
In KEY encryption key, and encryption key is unreadable, can only extract identification by traversing matched mode, not add
In the case where close chip hardware, although having cracked cryptographic digest data, interpolation number can not be still rejected from encrypted cipher text
It is decrypted according to exclusive or;The upgrade procedure and data that this encryption method is encrypted encrypted cipher text, cryptographic digest, encryption in decryption
Three elements of key are indispensable.
The Encryption Algorithm that the present invention uses, the quantity for the encryption key KEY that can be stored in encryption chip by increase and decrease
Encryption intensity is adjusted, the number of encryption circulation can also be repeated by increase and decrease to adjust the intensity of encryption, it in this way can be with
Dynamic equilibrium selection is made in terms of encryption intensity and encryption and decryption arithmetic speed.
Each KEY key authentication of CPU processor and encryption chip of the present invention all joined a random number and carry out
SHA256 Hash operation ensure that even if the same KEY key authentication, the hardware I/O pin between CPU processor and encryption chip
On waveform it is also different, avoid third party and crack personnel by the waveform of capture device hardware I/O pin to analyze key
It is decrypted.
As shown in Figure 2, the comprising modules of Wireless Communication Equipment of the invention include:
1) embedded type CPU processor, the present embodiment use STM32F103RD chip, which is
72MHz, internal processes code FLASH space 384Kbyte;There is the STM32F103RD CPU processor internal FLASH to read to protect
Protection mechanism can guarantee that the program code being stored in CPU processor is not read by third party;
2) SHA256 encryption chip, the present embodiment, as SHA256 encryption chip, should be added using ATSHA204 encryption chip
Close chip is connected with CPU processor IO by I2C bus and is communicated, and can store the encryption key of 16 32 bytes, and
The encryption chip equally has read protection mechanism, and 16 encryption keys can be protected not read;
3) wireless communication interface, the present embodiment realize the wireless telecommunications of equipment using SI4463 wireless communication module;
4) wired communication interface, the present embodiment has 2 RS232 communication interfaces, using SP3232EEA chip, 1
RS485 communication interface, using SP3485EN chip, 1 CAN bus communication interface, 1 USB communication interface and other equipment into
Row communication and data transmission;
5) spread F LASH memory, it is close that the present embodiment stores upgrade procedure encryption using M25P32FLASH memory
Text, the memory space with 4Mbyte carry out data interaction using SPI interface and CPU processor, pass through channel radio for storing
The upgrade procedure encrypted cipher text that communication interface or wire communication interface transmit;
6) power supply chip, the present embodiment uses SPX1117M5 power management chip, for being converted to 5V power supply
3.3V power supply, to CPU processor, encryption chip, wireless communication module, spread F LASH memory and other devices power supply.
384Kbyte FLASH program code space in the present invention inside CPU processor is divided into five subregions.First
Code in the subregion is named as boot generation for storing starting and decrypted code, the present invention by a partition size 32Kbyte
Code;Second partition size is 144Kbyte, and for store the upgrade procedure code after decrypting, the present invention is by the generation in the subregion
Code is named as app code;, third subregion and the second subregion it is equally big, for storing the app code run before decryption upgrading
The subregion is named as app-back backup subregion, after certain upgrade procedure run-time error, can use app- by backup, the present invention
Code in back backup subregion is restored to the program operation of an old version;4th partition size is 48Kbyte, for storing
Code in the subregion is named as lib code by key code library, the present invention;5th partition size is 16Kbyte, for depositing
The configuration data of equipment operation is stored up, the numerical nomenclature in the subregion is cfg data by the present invention.
For the division of the space partition zone different size FLASH inside different CPU processors, the present invention guarantees first point first
Area's boot size is 32Kbyte, and storage location is set in the lowest address space of internal FLASH;Secondly guarantee the 5th subregion cfg
Size is 16Kbyte, and storage location is set in the highest address space of internal FLASH;The size of 4th subregion lib is according to pass
The size of keyness code library is set, and default setting lib size is 48Kbyte, if not needing to call key code library in equipment
When, lib partition size should not be less than 48Kbyte, the purpose is to set isolated area, guarantee the app-back backup of third subregion
Code, which will not cross the border, covers cfg configuration data, guarantees the reliability and stability in device upgrade operational process;It finally will be remaining
CPU processor inside FLASH space be divided into equal two subregions of two app and app-back and be used to store equipment operation
Code.
The present invention if desired higher encryption of security intensity can extend multiple ATSHA204 encryption chips to store 32
A, 64,128,256 even more encryption keys, can be by 2,4,8,16 even more encryption chips
The multiple I/O ports for being connected to CPU are communicated, and realize the storage and management of more encryption keys, increase the length of encryption key,
The security intensity of encryption is provided.
The present embodiment stores encryption key using ATSHA204 encryption chip, is extending multiple ATSHA204 encryption chips
In the case where, if can be using the communication modes connection ATSHA204 encryption of 1 BITBUS network when the I/O port negligible amounts of CPU processor
Chip;If desired in the case where being enlarged beyond 256 encryption keys, another CPU processor can be used
STM8S007C8 chip carries out SHA256 Hash operation and does encryption chip, has 64Kbyte memory space inside the processor, can
Be storage get over 2000 32 bytes encryption key, also can store 1000 64 bytes encryption key or it is longer such as
The encryption key of 128 bytes.
Transmitting step of the present embodiment upgrade procedure inside the CPU processor in FLASH and spread F LASH memory is such as
Under:
1) upgrade procedure encrypted cipher text, the encryption that will be received are received by wireless communication interface or wireline interface first
Ciphertext data are written in the outer FLASH memory of piece;
2) cryptographic digest request instruction is then sent to remote server by remote wireless network, remote server receives
To after cryptographic digest request instruction, cryptographic digest request of data and decryption step according to the invention obtain cryptographic digest and decrypt
The cryptographic digest data decrypted are stored in the 5th subregion cfg data of CPU processor by cryptographic digest data out;
3) wireless remote device is restarted, boot code is executed, the 5th subregion is read in boot code implementation
In cfg data, check whether that there are cryptographic digest data, and read spread F LASH memory, checked whether upgrade procedure
Encryption key file verifies cryptographic digest and upgrade procedure Encryption key file;
4) verifying cryptographic digest and upgrade procedure Encryption key file, which all exist, then executes decryption oprerations, if authentication failed
Execute step 7,8 the second partition programs of starting;
5) CPU processor passes through the plaintext abstract number in cryptographic digest data for after the upgrade procedure plaintext decrypted
After verifying upgrade procedure plaintext correctly, the data in the second subregion of CPU are copied to store in third subregion and are backed up;
6) it by the upgrade procedure after decrypting and verifying correctly in plain text the second subregion of write-in, is unsuccessfully thened follow the steps if verifying
7,8 the second partition programs of starting;
7) the upgrade procedure encrypted cipher text data in spread F LASH memory are first wiped, the 5th subregion cfg number is then wiped
Cryptographic digest data in;
8) and start the new upgrade procedure executed in the second subregion app, so far upgrade procedure is completed.If boot code is held
It detects that cryptographic digest and upgrade procedure encrypted cipher text check errors or decryption oprerations are decrypted in the process during row to fail,
Step 7,8 the second partition programs of starting are then directly executed, and remote server upgrade procedure is notified to fail.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of the claim
Subject to enclosing.
Claims (10)
1. a kind of safe transmission method of encryption data, it is characterised in that include the following steps:
Step 1, two equipment rooms negotiate an encryption key serial number n;
Step 2, sending device utilizes the KEYn key and serial number n check code progress Hash in encryption chip according to Key Sequence Number n
Operation generates a temporary key KEYn_SHA;
Step 3, sending device generates data to be transmitted progress exclusive or processing using temporary key KEYn_SHA encrypted
Data;
Step 4, sending device sends encrypted data.
2. safe transmission method according to claim 1, which is characterized in that after step 4 further include:
Step 5, it after receiving device receives rear encryption data, is generated temporarily also according to the Key Sequence Number n and key KEYn of negotiation
Key KEYn_SHA.
3. safe transmission method according to claim 2, which is characterized in that after step 5 further include:
Step 6, receiving device carries out exclusive or decryption to received encryption data according to temporary key KEYn_SHA.
4. safe transmission method according to claim 3, it is characterised in that:
When the decryption processing is taken turns in every progress one, need to extract corresponding exclusive or abstract, interpolation abstract from cryptographic digest, with value
Abstract;
Include the steps that interpolation is rejected in the decryption processing, when carrying out interpolation rejecting, since the sequence of interpolation is according to liter
Grade program interpolation from front to back, then need to carry out reversed traversal according to byte-aligned number from back to front according to upgrade procedure all
Binary data reject interpolation.
5. safe transmission method according to claim 4, which is characterized in that the interpolation, which is rejected, includes:
Some 32 byte packet INS is selected in encrypted cipher text according to byte-aligned, by grouping INS according to exclusive or shift amount
It moves to right to obtain an interpolated data DATA_TMP, DATA_TMP is close using the KEY in KEY matching way matching encryption chip
Interpolated data INS is correctly then rejected in key, matching, and in the KEY key that memory record DATA_TMP is some serial number;Subsequent rejecting
The KEY key inside all encryption chips can be gradually matched in the process, it, can direct root after all cipher key match come out
According to the rejecting for matching the DATA_TMP key progress interpolation of the record come in memory.
6. a kind of secure transmission system of encryption data, which is characterized in that the secure transmission system includes:
Consulting device, two equipment rooms negotiate an encryption key serial number n,
Sending device, according to Key Sequence Number n using in encryption chip KEYn key and serial number n check code carry out Hash operation,
A temporary key KEYn_SHA is generated, sending device carries out at exclusive or data to be transmitted using temporary key KEYn_SHA
Reason generates encrypted data, sends encrypted data.
7. secure transmission system according to claim 6, which is characterized in that the secure transmission system further include:
Receiving device receives encryption data, and upon receipt after encryption data, also according to the Key Sequence Number n and key of negotiation
KEYn generates temporary key KEYn_SHA.
8. secure transmission system according to claim 7, it is characterised in that:
Receiving device carries out exclusive or decryption to received encryption data according to temporary key KEYn_SHA.
9. secure transmission system according to claim 8, it is characterised in that:
When the decryption processing is taken turns in every progress one, need to extract corresponding exclusive or abstract, interpolation abstract from cryptographic digest, with value
Abstract;
Include the steps that interpolation is rejected in the decryption processing, when carrying out interpolation rejecting, since the sequence of interpolation is according to liter
Grade program interpolation from front to back, then need to carry out reversed traversal according to byte-aligned number from back to front according to upgrade procedure all
Binary data reject interpolation.
10. secure transmission system according to claim 9, which is characterized in that the interpolation, which is rejected, includes:
Some 32 byte packet INS is selected in encrypted cipher text according to byte-aligned, by grouping INS according to exclusive or shift amount
It moves to right to obtain an interpolated data DATA_TMP, DATA_TMP is close using the KEY in KEY matching way matching encryption chip
Interpolated data INS is correctly then rejected in key, matching, and in the KEY key that memory record DATA_TMP is some serial number;Subsequent rejecting
The KEY key inside all encryption chips can be gradually matched in the process, it, can direct root after all cipher key match come out
According to the rejecting for matching the DATA_TMP key progress interpolation of the record come in memory.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810706456.8A CN109194467A (en) | 2018-06-29 | 2018-06-29 | A kind of safe transmission method and system of encryption data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810706456.8A CN109194467A (en) | 2018-06-29 | 2018-06-29 | A kind of safe transmission method and system of encryption data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109194467A true CN109194467A (en) | 2019-01-11 |
Family
ID=64948806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810706456.8A Pending CN109194467A (en) | 2018-06-29 | 2018-06-29 | A kind of safe transmission method and system of encryption data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109194467A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981671A (en) * | 2019-04-03 | 2019-07-05 | 北京深思数盾科技股份有限公司 | Data processing method and encryption equipment based on encryption equipment |
CN110855423A (en) * | 2019-09-23 | 2020-02-28 | 深圳市智讯互动体育科技有限公司 | Method, device and storage medium for encrypting and decrypting ordered numerical value string |
CN113312648A (en) * | 2021-06-23 | 2021-08-27 | 山西科潮科技有限公司 | Communication module and communication method based on data encryption |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080147612A1 (en) * | 2006-12-19 | 2008-06-19 | Mcafee, Inc. | Known files database for malware elimination |
CN102542070A (en) * | 2012-01-17 | 2012-07-04 | 王勇 | Method for structuring one-way Hash function based on random function |
CN109429222A (en) * | 2017-08-22 | 2019-03-05 | 马鞍山明阳通信科技有限公司 | A kind of pair of Wireless Communication Equipment upgrade procedure and the method for communication data encryption |
-
2018
- 2018-06-29 CN CN201810706456.8A patent/CN109194467A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080147612A1 (en) * | 2006-12-19 | 2008-06-19 | Mcafee, Inc. | Known files database for malware elimination |
CN102542070A (en) * | 2012-01-17 | 2012-07-04 | 王勇 | Method for structuring one-way Hash function based on random function |
CN109429222A (en) * | 2017-08-22 | 2019-03-05 | 马鞍山明阳通信科技有限公司 | A kind of pair of Wireless Communication Equipment upgrade procedure and the method for communication data encryption |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981671A (en) * | 2019-04-03 | 2019-07-05 | 北京深思数盾科技股份有限公司 | Data processing method and encryption equipment based on encryption equipment |
CN110855423A (en) * | 2019-09-23 | 2020-02-28 | 深圳市智讯互动体育科技有限公司 | Method, device and storage medium for encrypting and decrypting ordered numerical value string |
CN113312648A (en) * | 2021-06-23 | 2021-08-27 | 山西科潮科技有限公司 | Communication module and communication method based on data encryption |
CN113312648B (en) * | 2021-06-23 | 2023-10-31 | 国网黑龙江省电力有限公司绥化供电公司 | Communication module and communication method based on data encryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109429222B (en) | Method for encrypting wireless network equipment upgrading program and communication data | |
KR101684076B1 (en) | A secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment | |
KR101714108B1 (en) | Verifiable, leak-resistant encryption and decryption | |
CN106529308B (en) | data encryption method and device and mobile terminal | |
US10680816B2 (en) | Method and system for improving the data security during a communication process | |
CN105450620A (en) | Information processing method and device | |
CN107846396B (en) | Memory system and binding method between memory system and host | |
CN113014444B (en) | Internet of things equipment production test system and safety protection method | |
CN109768862B (en) | A kind of key management method, key call method and cipher machine | |
CN109104724A (en) | A kind of data ciphering method and device for device upgrade | |
CN111614621B (en) | Internet of things communication method and system | |
US10256980B2 (en) | System and method for authentication for field replaceable units | |
CN103378971A (en) | Data encryption system and method | |
KR101344074B1 (en) | Smart grid data transaction scheme for privacy | |
CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
CN109727128B (en) | Asset management method and system based on multiple hardware wallets | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
CN113722741A (en) | Data encryption method and device and data decryption method and device | |
CN110445774B (en) | Security protection method, device and equipment for IoT (Internet of things) equipment | |
CN111092860A (en) | Medical data safety interaction transmission module | |
US10057054B2 (en) | Method and system for remotely keyed encrypting/decrypting data with prior checking a token | |
CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
CN113542303B (en) | Software importing system and method for secret key in non-trusted environment | |
CN108184230B (en) | System and method for realizing encryption of soft SIM | |
CN112468493A (en) | Data transmission method, identity recognition method and system based on field bus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190111 |