CN110545176A

CN110545176A - Encryption and decryption method and device and Internet of things system

Info

Publication number: CN110545176A
Application number: CN201910784443.7A
Authority: CN
Inventors: 刘滔
Original assignee: Shenzhen Heertai Home Furnishing Online Network Technology Co Ltd
Current assignee: Shenzhen Shuliantianxia Intelligent Technology Co Ltd
Priority date: 2019-08-23
Filing date: 2019-08-23
Publication date: 2019-12-06
Anticipated expiration: 2039-08-23
Also published as: CN110545176B

Abstract

The application relates to an encryption and decryption method, an encryption and decryption device and an Internet of things system. An encryption and decryption method is applied to a server, and the method judges whether the terminal runs in an overload mode or not by acquiring configuration information of a target network node terminal and according to the acquired configuration information; when judging that the terminal is in overload operation, generating and sending a first-class encryption pattern to a target network node terminal, and indicating the terminal to encrypt or decrypt data according to a first preset rule; and when the target network node terminal is judged not to run in an overload state, generating and sending a second type of encryption pattern to the target network node terminal, wherein the second type of encryption pattern indicates the target network node terminal to encrypt or decrypt data according to a second preset rule, and the mode adopted by the terminal to encrypt or decrypt the data is adaptively adjusted, so that the terminal resources are reasonably distributed, and the running speed and the stability of the terminal are improved.

Description

encryption and decryption method and device and Internet of things system

Technical Field

the invention relates to the technical field of information security, in particular to an encryption and decryption method, an encryption and decryption device and an Internet of things system.

background

the statements herein merely provide background information related to the present application and may not necessarily constitute prior art.

the intelligent Internet of things (AIoT, intellectual Internet of things (Thing)) is developing vigorously, the number of intelligent terminals (Smart Terminal) is increased sharply, potential safety hazards are large, and the safety link in the industrial chain of the Internet of things is low. The internet of things business goes deep into a plurality of industries, the life of people is influenced in all directions, corresponding safety problems also bring serious threats, even including life and property safety, and terminal safety is more and more concerned. The terminal security comprises physical security, access security, communication security, data security and system security.

in the intelligent internet of things in the traditional technology, different intelligent terminals have larger processing capacity difference, generally have stronger safety protection capacity terminals, and have more attack ways, while terminals with general safety protection capacity have lower processing capacity although less ways of being attacked by the outside, the requirements of encryption or decryption processing on the processing capacity of the intelligent terminals and the diversity difference of the self capacity of the terminals form contradictions, and how to solve the problem that the safety protection capacity and the terminal processing capacity are contradictory becomes the key for solving the problem of terminal data communication safety.

Disclosure of Invention

Therefore, it is necessary to provide an encryption and decryption method and apparatus, and an internet of things system, for solving the problem that the security protection capability and the terminal processing capability are contradictory in the conventional technology.

in one aspect, an embodiment of the present invention provides an encryption and decryption method, where the method is applied to a server, and the method includes:

Acquiring configuration information of a target network node terminal;

judging whether the target network node terminal is overloaded to operate or not according to the configuration information of the target network node terminal;

if the overload operation of the target network node terminal is judged, generating and sending a first-class encryption pattern to the target network node terminal, wherein the first-class encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule;

if the target network node terminal is judged not to run in an overload mode, generating and sending a second type of encryption pattern to the target network node terminal, wherein the second type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a second preset rule;

the terminal processing capacity required for data encryption or decryption according to the first preset rule is lower than the terminal processing capacity required for data encryption or decryption according to the second preset rule.

according to the encryption and decryption method provided by the embodiment of the application, whether the terminal is in an overload working state or not is judged according to the configuration information of the target network node terminal, and for the overload running terminal, in order to weaken the burden on the terminal caused by the encryption or decryption process on the premise of ensuring the data transmission safety, a first type of encryption pattern is output, and the terminal is instructed to encrypt or decrypt data according to a first preset rule. If the target network node terminal does not run in an overload mode and the residual processing capacity is strong, a second type of encryption pattern can be output to indicate the terminal to encrypt or decrypt data according to a second preset rule. On the basis of ensuring the data transmission safety, the selection (for example, the selection of a key) of a specific data encryption or decryption mode of each terminal can be adaptively adjusted, and the reasonable distribution of the terminal resources of each target network node is realized.

in one embodiment, the first preset rule is that the first key and the second key are alternately used for data encryption or decryption;

the second preset rule is that the first secret key is adopted to encrypt or decrypt data;

the terminal processing capacity required by the first secret key for data encryption or decryption is higher than that required by the second secret key for data encryption or decryption.

In one embodiment, the first type of encryption pattern and the second type of encryption pattern both include N-bit block identifiers, and each bit block identifier corresponds to an information block to be encrypted or an information block to be decrypted;

The N-i bit block identifier in the first type of encryption pattern is a first value, the i bit block identifier in the first type of encryption pattern is a second value, both N and i are natural numbers which are more than or equal to 1, and i is less than or equal to N;

the N-bit block identifiers of the second type of encrypted patterns are all first values;

the first value is used for indicating the target network node terminal to encrypt or decrypt a target information block corresponding to the block identifier by adopting a first key; the second value is used for indicating the target network node terminal to encrypt or decrypt the target information block corresponding to the block identifier by adopting a second key; the target information block is an information block to be encrypted or an information block to be decrypted.

in one embodiment, the encryption and decryption method further comprises:

And sending the dynamic code to the target network node terminal, wherein the dynamic code is used by the target network node terminal to generate a first key and a second key.

In one embodiment, the encryption and decryption method further comprises:

updating the dynamic code before each network connection is disconnected; or

Updating the dynamic code at regular time; or

and updating the dynamic code when receiving a first updating request command sent by the target network node terminal.

in one embodiment, the encryption and decryption method further comprises:

updating the first type of encryption pattern and the second type of encryption pattern before each network connection is disconnected; or

Updating the first type of encryption pattern and the second type of encryption pattern at regular time; or

Updating the first type of encryption pattern and the second type of encryption pattern when receiving a second updating request command sent by a target network node terminal; or

And updating the first type encryption pattern and the second type encryption pattern when the keep-alive timer is overtime.

the first type of encryption pattern and the second type of encryption pattern both comprise N bit block identifiers, and each bit block identifier corresponds to an information block to be encrypted or an information block to be decrypted;

In one embodiment, the encryption and decryption method further comprises the steps of:

in one embodiment, the key management control encryption and decryption method further comprises:

Updating the dynamic code before each network connection is disconnected; or

Updating the dynamic code at regular time; or

In one embodiment, the encryption and decryption method further comprises:

the first type of encryption pattern and the second type of encryption pattern are updated when the keep alive timer expires.

An encryption and decryption method, the method being applied to a target network node terminal, the method comprising:

under the condition of receiving a first type of encryption pattern sent by a server, encrypting or decrypting data according to the first type of encryption pattern and a first preset rule;

Under the condition of receiving a second type of encryption pattern sent by the server, encrypting or decrypting data according to the second type of encryption pattern and a second preset rule;

In one embodiment, the step of encrypting or decrypting data according to the first type of encryption pattern and according to the first preset rule comprises:

Alternately adopting a first key and a second key to encrypt or decrypt data according to the first type of encryption pattern;

the step of encrypting or decrypting data according to a second preset rule according to a second type of encryption pattern comprises the following steps:

performing data encryption or decryption by adopting the first key according to the second type of encryption pattern;

In one embodiment, the encryption and decryption method further comprises:

acquiring a dynamic code sent by a server;

generating a key seed according to the dynamic code, the configuration information of the target network node terminal and a key seed generation algorithm;

The key seed is input to the symmetric key generator, and a first key generated by the symmetric key generator is obtained.

In one embodiment, the configuration information of the target network node terminal includes: a device management key, an application software management key and a media access control address;

Generating a key seed according to the dynamic code, the configuration information of the target network node terminal and a key seed generation algorithm, wherein the step of generating the key seed comprises the following steps:

arranging the equipment management key, the application software management key and the media access control address according to a preset rule to generate a static seed factor;

and generating the key seed according to the dynamic code, the static seed factor and the key seed generation algorithm.

in one embodiment, the dynamic code is a pseudorandom noise code;

Generating a key seed according to the dynamic code, the static seed factor and a key seed generation algorithm, wherein the step of generating the key seed comprises the following steps:

Bit-wise scrambling the static seed factor according to the pseudo-random noise code to generate a scrambled seed source;

and generating a key seed according to the scrambling seed source and a key seed generation algorithm.

in one embodiment, the encryption and decryption method further comprises:

a second key is generated based on the dynamic code and the scrambling algorithm.

An encryption and decryption apparatus applied to a server, the apparatus comprising:

The selection parameter acquisition module is used for acquiring the configuration information of the target network node terminal;

The overload judging module is used for judging whether the target network node terminal is overloaded to operate or not according to the configuration information of the target network node terminal;

The first working mode selection module is used for generating and sending a first type of encryption pattern to the target network node terminal when judging that the target network node terminal is in overload operation, wherein the first type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule;

the second working mode selection module is used for generating and sending a second type of encryption pattern to the target network node terminal when judging that the target network node terminal does not run in an overload state, wherein the second type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a second preset rule;

an encryption and decryption apparatus, the apparatus being applied to a target network node terminal, the apparatus comprising:

the first preset rule execution module is used for encrypting or decrypting data according to a first preset rule according to a first type of encryption pattern under the condition of receiving the first type of encryption pattern sent by the server;

the second preset rule execution module is used for encrypting or decrypting data according to a second preset rule according to a second type of encryption pattern under the condition of receiving the second type of encryption pattern sent by the server;

A computer device comprising a memory storing a computer program and a processor implementing the steps of the above encryption and decryption method when the processor executes the computer program.

An internet of things system, comprising:

The server comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the encryption and decryption method of the server side when executing the computer program;

And a plurality of terminals, each terminal comprising a memory and a processor, the memory storing a computer program, the processor of the target network terminal in the terminal implementing the steps of the encryption and decryption method on the terminal side when executing the computer program.

A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned encryption and decryption method.

drawings

FIG. 1 is a diagram of an application environment and a system architecture of the Internet of things of an encryption and decryption method in one embodiment;

FIG. 2 is a flow diagram of an encryption and decryption method in one embodiment;

FIG. 3 is a flow diagram of an encryption and decryption method in another embodiment;

FIG. 4 is a flow diagram of an encryption and decryption method in one embodiment;

FIG. 5 is a flowchart illustrating steps of generating a key seed according to a dynamic code, configuration information of a target network node terminal, and a key seed generation algorithm in one embodiment;

FIG. 6 is a flowchart illustrating the steps of generating a key seed based on a dynamic code, a static seed factor, and a key seed generation algorithm, in one embodiment;

FIG. 7 is a flowchart illustrating steps for generating a key seed according to a scrambling seed source and a key seed generation algorithm in one embodiment;

FIG. 8 is a schematic diagram of an encryption and decryption apparatus in one embodiment;

FIG. 9 is a schematic diagram of an encryption and decryption apparatus in one embodiment;

FIG. 10 is a block diagram illustrating a first predetermined rule execution module according to one embodiment;

FIG. 11 is a block diagram of a key seed generation module in accordance with one embodiment;

FIG. 12 is a block diagram of a dynamic key seed determination unit in accordance with an embodiment;

FIG. 13 is a diagram illustrating a scrambling key seed determining unit according to an embodiment;

fig. 14 is an internal configuration diagram of a terminal or a server in one embodiment.

Detailed Description

to facilitate an understanding of the invention, the invention will now be described more fully with reference to the accompanying drawings. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.

It will be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element and be integral therewith, or intervening elements may also be present. The terms "mounted," "one end," "the other end," and the like are used herein for illustrative purposes only.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.

the encryption and decryption methods provided by the application can be applied to the application environment shown in fig. 1. Each terminal 102 communicates with the server 104 through the network to form an intelligent Internet of things (AIoT), and in the communication transmission process, each terminal 102 decrypts and encrypts the received and transmitted data according to an encryption algorithm, so as to ensure the security of data transmission. The Terminal 102 may be, but not limited to, a Smart Terminal (ST) such as various personal computers, notebook computers, Smart phones, tablet computers, and portable wearable devices, the server 104 may be implemented by an independent server or a server cluster composed of a plurality of servers, and the server 104 may also be one of the Smart terminals 102.

aiming at the problem that the security protection capability of a terminal is contradictory to the processing capability of the terminal in the prior art, as shown in fig. 2, an encryption and decryption method is provided, the method is suitable for a server, and the method comprises the following steps:

s10: acquiring configuration information of a target network node terminal;

s20: judging whether the target network node terminal is overloaded to operate or not according to the configuration information of the target network node terminal;

s30: if the overload operation of the target network node terminal is judged, generating and sending a first-class encryption pattern to the target network node terminal, wherein the first-class encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule;

S40: if the target network node terminal is judged not to run in an overload mode, generating and sending a second type of encryption pattern to the target network node terminal, wherein the second type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a second preset rule;

the target network node terminal can be one or more terminals in the intelligent Internet of things, and the terminals can encrypt or decrypt data to safely receive and transmit the data. When the target network node terminal needs to transmit data outwards, data to be transmitted is encrypted to generate a ciphertext and the ciphertext is transmitted in a ciphertext form, and when the target network node terminal needs to receive ciphertexts to be decrypted transmitted by other equipment, the step of decrypting the ciphertext to be decrypted is executed to obtain the data to be transmitted, which is required to be transmitted by the other equipment. The configuration information may include hardware parameters capable of reflecting the target network node terminal and application software parameters installed thereon, and the like, and may be acquired from a server, or may be hardware parameters that have been set when the terminal leaves a factory. The terminal processing capacity required for encryption or decryption refers to CPU resources required for encryption or decryption processing of the same data.

in order to reasonably allocate resources of a target network node terminal to enable the target network node terminal to be in a better working state on the premise of ensuring data transmission safety, according to the encryption and decryption method provided by the embodiment of the application, whether the terminal is in an overload operation state at present is judged by obtaining configuration information of the target network node terminal, if the overload operation is judged, the phenomenon that the data volume to be processed by the terminal exceeds the data processing capacity of the terminal, the terminal is slow to operate or the data processing speed is too slow, and the like is caused, at the moment, a first-type encryption pattern can be sent to the terminal, and the first-type encryption pattern is used for indicating the terminal to encrypt or decrypt transceiving data by adopting a first preset rule so as to reduce the burden of the terminal and ensure that the terminal can normally operate. And if the target network node terminal is judged not to run in an overload mode, the server generates and sends a second type of encryption pattern to the target network node terminal, so that the target network node terminal encrypts or decrypts the received and sent data by adopting a second preset rule, and the terminal resources are fully utilized to encrypt or decrypt the data. The data transmission security of encrypting or decrypting the data by adopting the first preset rule can be lower than the data transmission security of encrypting or decrypting the data by adopting the second preset rule, and the higher the data transmission security is, the more complex the frequently-adopted key is, and the more terminal resources are consumed. Under the condition that the processing capacity of the target network node terminal is enough, a key with high anti-deciphering capacity can be adopted to carry out data encryption or decryption processing, so that the data transmission safety is improved; under the condition that the processing capacity of the terminal is insufficient, a secret key with inferior deciphering prevention capacity can be adopted to carry out data encryption or decryption processing, and the normal operation of the terminal is ensured on the premise of data transmission safety.

in some possible embodiments, whether the terminal is overloaded according to the configuration information of the target network node terminal and a preset overload threshold may be determined. For example, since the data processing capability of the terminal has an important relationship with the main frequency parameter of the CPU adopted by the terminal, the configuration information of the target network node terminal may include the main frequency parameter of the CPU, and the overload threshold may be a main frequency parameter of 1GHz (the specific value of the overload threshold may be adjusted accordingly according to different application scenarios).

In other possible embodiments, it may also be directly determined whether the target network node terminal is overloaded according to the configuration information of the target network node terminal. For example, the target network node may be divided into two network node terminals according to the processing performance of the target network node terminal, where the two network node terminals are a network node terminal with high processing performance (for example, a terminal without an operating system) and a network node terminal with low processing performance (for example, a terminal with an operating system); determining the type of the target network node terminal according to the configuration information of the target network node terminal, and judging that the network node terminal does not run in an overload mode when the target network node terminal is determined to be a network node terminal with high processing performance according to the configuration information of the target network node terminal; and when the target network node terminal is determined to be the network node terminal with low processing performance according to the configuration information of the target network node terminal, judging that the network node terminal runs in an overload mode. The present invention is not limited to the foregoing two manners, and there may be more embodiments to determine whether the target network node terminal is overloaded according to the configuration information of the target network node, and the embodiments of the present application are not limited thereto.

the encryption and decryption method provided in an embodiment of the present application may send the first type of encryption pattern to the terminal when it is determined that the terminal is running in an overload state, so as to instruct the terminal to alternately encrypt or decrypt the transceiving data by using the first key and the second key, so as to reduce the burden on the terminal and ensure that the terminal can run normally. For data with different contents, the requirements for the high and low safety factors when data transmission is performed on the data with different contents are often different, for example, data related to sensitive contents such as an internal list generally has a higher requirement on data safety, and data such as time in a log file generally has a lower requirement on data safety. Based on this, the specific process of encrypting or decrypting the transceiving data by alternately adopting the first key and the second key may be: for data with higher data security requirement, a first key with low operation speed but high security performance can be used for encryption or decryption, and for data with lower data security requirement, a second key with higher operation speed can be used for encryption or decryption. On the premise of guaranteeing the data transmission safety, the terminal key selection can be adaptively adjusted according to the condition of the target network node terminal, the processing speed is increased, and resources are reasonably distributed. Under the condition that the processing capacity of the target network node terminal is enough, the first key can be adopted to encrypt or decrypt all data, and the data transmission safety is improved under the condition that the normal operation and the data processing speed of the terminal are not influenced.

In one embodiment, the first type of encryption pattern and the second type of encryption pattern both include N-bit block identifiers, and each bit block identifier corresponds to an information block to be encrypted or an information block to be decrypted; the N-i bit block identifier in the first type of encryption pattern is a first value, the i bit block identifier in the first type of encryption pattern is a second value, both N and i are natural numbers which are more than or equal to 1, and i is less than or equal to N; the N-bit block identifiers of the second type of encrypted patterns are all first values; the first value is used for indicating the target network node terminal to encrypt or decrypt a target information block corresponding to the block identifier by adopting a first key; the second value is used for indicating the target network node terminal to encrypt or decrypt the target information block corresponding to the block identifier by adopting a second key; the target information block is an information block to be encrypted or an information block to be decrypted.

The data to be transmitted can be divided into a plurality of information blocks to be encrypted according to bytes, and the ciphertext to be decrypted can be divided into a plurality of information blocks to be decrypted according to bytes. When the first value and the second value are binary machine codes, the first value may be 1 or 0, the second value may be 0 or 1, and the first value is not equal to the second value.

generally, a terminal with stronger security protection capability has more attack paths, while a terminal with general security protection capability has less paths of external attack but lower processing capability, and the requirement of data encryption or decryption processing on the processing capability of a network node terminal and the diversity difference of the terminal self capability form a contradiction. Considering that the processing speed of different encryption algorithms is greatly different under the condition of the original information blocks with the same size, for example, a scrambling algorithm based on pseudo-random noise codes is 80-100 times faster than a symmetric encryption algorithm. To better describe the working process of the encryption and decryption method provided in the embodiment of the present application, the first key is taken as a key generated by using a symmetric encryption algorithm and the second key is taken as a key generated by using a scrambling algorithm based on a pseudo-random noise code as an example.

specifically, the data processing capability and the current transceiving data amount of the target network node terminal need to be considered comprehensively, for example, the configuration information of the target network node terminal may include the data processing capability of the terminal, the data processing capability parameter and the transceiving data amount of the target network node terminal may be obtained first, then, according to the data processing capability parameter, the transceiving data amount of the target network node terminal and a preset overload threshold, whether the target network node terminal is in overload operation is determined, the determining process may be that the current transceiving data amount is divided by the data processing capability parameter of the terminal to obtain a current operating capacity occupancy rate, if the occupancy rate exceeds the preset overload threshold, the terminal is in an overload operation state currently, at this time, a first type encryption pattern may be sent to the terminal, the first type encryption pattern may be a 32-byte (128-bit) variable, may be generated by the server through a random algorithm that may control the number balance ratio of bits 1 and 0. When the corresponding bit is 1, the block identifier on the bit is 1, which is used to instruct the terminal to encrypt or decrypt the original information block with the corresponding byte size by using the first key, when the corresponding bit is 0, the block identifier on the bit is 0, which is used to instruct the terminal to encrypt or decrypt the original information block of the corresponding byte by using the second key, thereby, the terminal encrypts or decrypts a part of the original information block by adopting the first secret key generated by the symmetric encryption algorithm, ensures high confidentiality during important data transmission, data required for lightweight security may be encrypted or decrypted using a second key generated by a scrambling algorithm, because the scrambling algorithm is much faster than the symmetric encryption algorithm, the computing resources are saved, meanwhile, the exposure of a plaintext is avoided, and the self-adaptive adjustment of the terminal encryption can be realized while the data security is ensured. Wherein, the terminal can store the first key and the second key in the nand flash when receiving the first key and the second key. The first key and the second key may be implemented by other algorithms with processing speed difference, except for the algorithm in the example, which is not described herein. The 1 and 0 arrangement order of the block identifiers may be a preset order periodic arrangement such as 10101, or may be arranged according to data importance, and the information block identifier corresponding to the important data is assigned as 1, and the information block identifier corresponding to the data with low security requirement is assigned as 0.

In one embodiment, as shown in fig. 3, the encryption and decryption method further comprises the steps of:

s50: and sending the dynamic code to the target network node terminal, wherein the dynamic code is used by the target network node terminal to generate a first key and a second key.

In order to improve data transmission security, the encryption and decryption method provided in the embodiments of the present application may further generate and send a dynamic code to each target network node terminal, where the dynamic code is used by each target network node terminal to generate the first key and the second key. Specifically, the target network node terminal may analyze and process the configuration information and the dynamic code of the target network node terminal by using a key seed generation algorithm to generate a dynamically changing key seed, where the key seed may be used as an input of a symmetric key generator, and a dynamically changing first key is generated by the symmetric key generator. The dynamic code may be a pseudo-random code, and the target network node terminal may further analyze and process the pseudo-random code by using a scrambling algorithm to generate a second key for the target network node terminal to encrypt or decrypt data with low security requirements.

in one embodiment, the encryption and decryption method further comprises:

updating the dynamic code before each network connection is disconnected; or

Updating the dynamic code at regular time; or

In the embodiment of the application, an updating method of the dynamic code is further provided, the dynamic code can be updated by the server when the server is disconnected from the TCP/IP connection of the target network node terminal every time, and the first secret key generated according to the dynamic code is synchronously broadcasted to each network node terminal of the intelligent Internet of things, so that data interaction can be better realized among the terminals. Furthermore, the dynamic code update may be a server-forced update, for example, a timing update, and generation of a new dynamic code. The server may also update the dynamic code according to a request of the target network node terminal, for example, when receiving a first update request command sent by the network node terminal, the first update request command may be generated by the terminal when the terminal is idle, or may be generated by the terminal at regular time.

in one embodiment, the encryption and decryption method further comprises:

updating the first type of encrypted pattern and the second type of encrypted pattern when receiving a second updating request command sent by the network node terminal; or

The keep alive timer expires to update the first type of encryption pattern and the second type of encryption pattern.

According to the encryption and decryption method provided by the embodiment of the application, a layer of dynamic security protection is added by providing encryption pattern updating protection. Specifically, the server updates the first type of encryption pattern and the second type of encryption pattern each time the server disconnects the TCP/IP connection with the target network node terminal, and encrypts and decrypts the data according to the processing capacity and the data transmission/reception amount of the target network node terminal; the updating can be carried out by the server at regular time; or updating when receiving a second update request command sent by the terminal, for example, actively sending the second update request command to the server when the terminal is idle, and instructing the server to update the first type encryption pattern and the second type encryption pattern. In addition, the server may update the first type encryption pattern and the second type encryption pattern if the keep-alive timer is overtime, that is, if the TCP/IP connection cannot be established after a certain time period elapses after the terminal is disconnected from the server. The invention ensures the space consistency of the information block identifiers between the terminal and the target network node by setting the updating mechanism of the first-class encryption pattern and the second-class encryption pattern, can process the phenomena of packet loss and disorder caused by external and internal factors such as network problems, equipment problems and the like, and ensures the reliable operation of the self-adaptive terminal encryption system applying the encryption and decryption method. The first update request command and the second update request command may be the same command, and when the first update request command and the second update request command are the same command, synchronous update of the dynamic code and the first type encryption pattern/the second type encryption pattern may be achieved.

In one embodiment, the encryption and decryption method further comprises:

and acquiring a first key and a second key generated by the target network node terminal, and synchronously broadcasting the first key and the second key to other network node terminals.

In order to facilitate data interaction between the network node terminals, after the first key and/or the second key are generated, the server may synchronously broadcast the generated result to other network node terminals, so as to facilitate data transmission between the network node terminals.

an embodiment of the present application further provides an encryption and decryption method, as shown in fig. 4, where the method is applied to a target network node terminal, and the method includes:

S100: under the condition of receiving a first type of encryption pattern sent by a server, encrypting or decrypting data according to the first type of encryption pattern and a first preset rule;

s200: under the condition of receiving the second type of encryption pattern, encrypting or decrypting data according to the second type of encryption pattern and a second preset rule;

The terms of the first type of encryption pattern and the like are the same as those in the above embodiments of the encryption and decryption methods, and are not described herein again. Specifically, in the encryption and decryption method provided in the embodiment of the present application, when the target network node terminal encrypts or decrypts data in the case of receiving the first type of encryption pattern, the data is encrypted or decrypted according to a first preset rule, so that fewer terminal resources are occupied, the terminal is guaranteed to maintain a certain data processing speed, and the terminal can normally operate. And under the condition that the second type of encryption pattern is received, when the target network node terminal encrypts or decrypts the data, the data is encrypted or decrypted according to a second preset rule, for example, a more complex key can be adopted for encrypting or decrypting the data, and the data transmission safety is improved under the condition that the normal operation of the terminal is not influenced.

In one embodiment, as shown in fig. 5, the step S100 of encrypting or decrypting data according to the first type of encryption pattern and according to the first preset rule includes:

S110: alternately adopting a first key and a second key to encrypt or decrypt data according to the first type of encryption pattern;

the step S200 of encrypting or decrypting data according to the second type of encryption pattern and the second preset rule includes:

S210: performing data encryption or decryption by adopting the first key according to the second type of encryption pattern;

the definitions of the first key, the second key, and the like are the same as those in the above embodiments of the encryption and decryption method, and are not described herein again. Specifically, the target network node terminal may alternatively use the first key and the second key to encrypt or decrypt data when receiving the first type of encryption pattern, for example, for important data, a first key with a slow operation speed and a high security performance may be used to encrypt or decrypt, and for general data, a second key with a fast operation speed and a relatively low security may be used to encrypt or decrypt. On the premise of guaranteeing the data transmission safety, the target network node terminal can generate and select the key in a self-adaptive manner, so that the processing speed is increased, and resources are reasonably utilized. Under the condition that the processing capacity of the target network node terminal is stronger, all data can be encrypted or decrypted by adopting the first secret key according to the indication of the second type of decryption pattern, and the safety of the terminal in data transmission is improved under the condition that the normal operation and the data processing speed of the terminal are not influenced.

in one embodiment, as shown in fig. 4, the encryption and decryption method further includes:

S300: acquiring a dynamic code sent by a server;

S400: generating a key seed according to the dynamic code, the configuration information of the target network node terminal and a key seed generation algorithm;

S500: the key seed is input to the symmetric key generator, and a first key generated by the symmetric key generator is obtained.

the dynamic code may be a pseudo random Noise (PN) code or a code that dynamically changes according to other rules. The key seed generation algorithm is an algorithm capable of obtaining a key seed according to a certain input parameter. The symmetric key generator is applied to a scene that the same key is adopted for data encryption and decryption, the server generates a dynamic code and sends the dynamic code to the target network node terminal, the target network node terminal processes the dynamic code and the configuration information of the target network node terminal by using a key seed generation algorithm to generate a dynamic key seed, and further processes the key seed by using a symmetric key algorithm depending on the symmetric key generator to obtain a dynamically-changing first key for data encryption or decryption. After the target network node terminal generates the first key, the first key can be sent to the server, and the server transmits the first key to other network node terminals, so that the target network node terminal and other network node terminals can encrypt or decrypt data by using the same key, and data communication between the network node terminals is realized.

Specifically, in order to better explain the encryption and decryption methods provided in the embodiments of the present application, an interaction scenario between a server and each network node terminal is taken as an example for explanation. The target network node terminal can obtain a dynamically changing key seed according to the dynamic code, the configuration information of the target network node terminal and the key seed generation algorithm, then inputs the key seed into the symmetric key generator to dynamically generate the first key, and extracts the first key, thereby avoiding the defects that the key is not changed for a long time and is easy to crack because only a fixed key seed is used in the traditional technology. After the target network node terminal generates the first key, if data needs to be sent to the outside, the terminal may encrypt the data to be sent to the outside according to the first key, generate a ciphertext and send the ciphertext, if the terminal currently needs to receive ciphertexts to be decrypted sent by other network node devices, the terminal may decrypt the received ciphertext to be decrypted according to the first key (the target network node terminal and other network node devices sending the ciphertext to be decrypted use the same key, i.e., a symmetric algorithm, and key synchronization among the network node devices may be completed by a server).

In one embodiment, the Encryption algorithm used by the symmetric key generator provided in the embodiment of the present application may be an AES (advanced Encryption Standard) symmetric Encryption algorithm, for example, AES128, AES192, AES256 may be selected. AES is an iterative, symmetric key block cipher that can use 128, 192, and 256-bit keys and encrypt and decrypt data in 128-bit (16-byte chunks) blocks, symmetric key ciphers use the same key to encrypt and decrypt data, and the number of bits of encrypted data returned by a block cipher is the same as the input data (data to be sent out or ciphertext to be decrypted received). Iterative encryption uses a loop structure in which the replacement (proportions) and substitution (substititions) of the input data are repeated.

according to the encryption and decryption method provided by the invention, the dynamic code is combined with the configuration information of the target network node equipment and then matched with the key seed generation algorithm to generate the dynamically changed key seed, and the dynamically changed key seed is further input into the symmetric key generator to obtain the dynamically changed first key, so that the anti-cracking capability of the key is improved, and the data transmission safety is improved.

in one embodiment, as shown in fig. 5, the configuration information of the target network node terminal includes: a device management key, an application software management key and a media access control address;

the step S400 of generating the key seed according to the dynamic code, the configuration information of the target network node terminal, and the key seed generation algorithm includes:

S410: arranging the equipment management key, the application software management key and the media access control address according to a preset rule to generate a static seed factor;

S420: and generating the key seed according to the dynamic code, the static seed factor and the key seed generation algorithm.

The Device management Key (Device Key) may be a management Key of a Device that is uniformly distributed by a server of the smart internet of things, such as a Device authentication Key, and may have a length of 32 bytes. The application software management Key (User Key) refers to a management Key of application software on an application terminal (each network node terminal) of the intelligent internet of things, is uniformly distributed by the application software, is unique at the application terminal, and can be 32 bytes in length. The Media Access Control (MAC) address may be a network address under different communication technologies such as WiFi, BT, NB-IoT, and LoRa, and the length may be 6 bytes, and the MAC address is a unique network identifier of each terminal, and is written inside hardware when produced by a network device manufacturer. The preset rule may be that the device management key, the application software management key and the mac address are concatenated end to end in bytes. A static seed factor may refer to a fixed, unchanging signal that can affect key seed generation.

the Encryption and decryption method provided by the invention applies the dynamic code to a symmetric Encryption algorithm, for example, the dynamic code is applied to the input end of a seed generation algorithm of an Advanced Encryption Standard (AES) algorithm, thereby playing a role of scrambling a static seed. To better illustrate the key seed generation implementation process, the dynamic code is a pseudo-random noise code (PN code) as an example: the bit length of the pseudo random noise code can be designed to be 32 bits, the cycle length is 231 ═ 2147483648, the dynamic code is in a constantly changing state, and the repetition probability is small. Firstly, a device management key of 32 bytes, a management key of 32 bytes application software and a media access control address of 6 bytes form a static seed factor of 70 bytes, the static seed factor of 70 bytes is subjected to bit scrambling of a 32-bit pseudo random noise code (zero padding alignment can be carried out on the static seed factor of 70 bytes, and other bit padding alignment modes such as 1 padding alignment can also be carried out on the static seed factor of less than 32 bits), the scrambled seed factor of 70 bytes is generated and is further used as input to be provided to a key seed generation algorithm to obtain a key seed, the key seed is dynamically changed, and the further scrambling processing is carried out in the key seed generation process to improve the pseudo-randomness and the anti-decoding capability of the key generated corresponding to the key seed and improve the data transmission safety.

in one embodiment, as shown in FIG. 6, the dynamic code is a pseudorandom noise code;

The step S420 of generating the key seed according to the dynamic code, the static seed factor and the key seed generation algorithm includes:

S421: bit-wise scrambling the static seed factor according to the pseudo-random noise code to generate a scrambled seed source;

S422: and generating a key seed according to the scrambling seed source and a key seed generation algorithm.

For better illustration, the implementation process of generating the key seed according to the dynamic code, the static seed factor and the key seed generation algorithm is to take a static seed factor of 70 bytes as an example, if the pseudo random noise code is a code of 32 bits, the static seed factor can be divided into one group according to every four bytes, the 32-bit pseudo random noise code is respectively and correspondingly scrambled with the 32-bit static seed factor of each group, for example, an exclusive or operation is performed to obtain a scrambled seed source, the static seed factor is scrambled to obtain a dynamically changed scrambled seed source, and the key seed generated by matching with the key seed generation algorithm has dynamic variability and high security. It should be noted that, according to different requirements and configurations of the target network node terminal, the static seed factor is not limited to the specific example in the above embodiment, and this example is only for better helping those skilled in the art understand the scheme, and does not affect the actual protection scope of the present application.

In one embodiment, as shown in fig. 7, the step of generating the key seed according to the scrambling seed source and the key seed generation algorithm includes:

S4221: sequencing the scrambled seed sources;

s4222: inputting the sorted scrambling seed source into an RC4 algorithm model, and acquiring a key seed generated by the RC4 algorithm model.

the length of the S-box of the core part of the RC4 algorithm model can be any, but is generally 256 bytes, the speed of the algorithm can reach about 10 times of that of DES encryption, and the operation speed is high. Specifically, the seed sources are firstly sequenced, the sequencing process can shift and sequence to generate 128-bit or 256-bit signals according to the requirements of the RC4 algorithm model on input signals, then the sequenced scrambled seed sources are used as the input of the RC4 algorithm model, and the seeds generated by the RC4 algorithm model are extracted as key seeds. And the target network node terminal performs the same treatment when generating the seeds. The key seed generation algorithm provided by the embodiment of the application is based on a standard symmetric encryption algorithm, one layer of scrambling processing is performed, one more layer of encryption protection is performed, the cracking difficulty is high, and the reliability is higher.

in one embodiment, as shown in fig. 4 and 5, the encryption and decryption method further includes:

S600: a second key is generated based on the dynamic code and the scrambling algorithm.

the intelligent terminals of the internet of things have diversity, and the capacities of all used terminals in the aspects of computing capacity, storage resources, communication rate, power consumption and the like are different in different industries, different users and different application scenes. For example, the terminal of the internet of things such as the intelligent water, electricity and gas meter of the intelligent community, the environment PM2.5 detector and the street lamp controller is generally provided with a central processing function module and a network communication function module, and has a certain safety protection function. And terminals such as intelligent camera, intelligent payment terminal, intelligent gateway, intelligent car networking central control in the wisdom city, its own have operating system, possess powerful arithmetic unit, memory capacity, communication capability, external perception ability. In the traditional technology, a single encryption or decryption algorithm is adopted, so that the intelligent terminals with different processing capacities cannot be met, and the resource allocation is unreasonable. In view of the above problem, the encryption and decryption method provided in the embodiments of the present application provides at least two keys for the target network node terminal to select. Considering that the processing speed of data encryption or decryption by using the second key generated by the scrambling algorithm is much faster than the processing speed of data encryption or decryption by using the first key, the encryption and decryption method of the embodiment of the present application generates the second key by using a dynamic code (e.g., pseudo random noise code) and the scrambling algorithm for use in data encryption or decryption. If the dynamic code is a 32-bit pseudo-random noise code, the second key may be used to instruct to perform scrambling operations such as xor on data to be transmitted, which needs to be transmitted outward, grouped according to 32 bits (4 bytes) and the pseudo-random noise code, so as to generate a ciphertext, where a decryption process of the terminal on the ciphertext to be decrypted is similar to an encryption process of the data to be transmitted, and details are not repeated here.

It should be understood that although the various steps in the flow charts of fig. 2-7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-7 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.

An embodiment of the present application provides an encryption and decryption apparatus, as shown in fig. 8, where the apparatus is applied to a server, and the apparatus includes:

the selection parameter acquisition module 1 is used for acquiring configuration information of a target network node terminal;

The overload judging module 2 is used for judging whether the target network node terminal is overloaded to operate or not according to the configuration information of the target network node terminal;

the first working mode selection module 3 is used for generating and sending a first type of encryption pattern to the target network node terminal when judging that the target network node terminal is in overload operation, wherein the first type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule;

the second working mode selection module 4 is used for generating and sending a second type of encryption pattern to the target network node terminal when judging that the target network node terminal does not run in an overload state, wherein the second type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a second preset rule;

the terms of the target network node terminal and the like are the same as those in the above embodiments, and are not described herein. According to the encryption and decryption device provided by the embodiment of the application, the configuration information of the target network node terminal is acquired through the selection parameter acquisition module 1, then whether the target network node terminal is overloaded to operate or not is judged through the overload judgment module 2 according to the configuration information of the target network node terminal, and the judgment result is sent to the first working mode selection module 3 and the second working mode selection module 4, when the first working mode selection module 3 judges that the target network node terminal is overloaded to operate, a first type of encryption pattern is generated and sent to the target network node terminal, and the first type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule; and the second working mode selection module 4 generates and sends a second type of encryption pattern to the target network node terminal when judging that the target network node terminal does not run in an overload state, wherein the second type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a second preset rule. According to the comprehensive consideration of the processing capacity and the data receiving and transmitting conditions of the terminal, the key adopted by the terminal for data encryption or decryption is adaptively adjusted, so that the load of the terminal running in an overload mode is reduced, and the running speed of each terminal is increased on the premise of ensuring the data transmission safety.

in one embodiment, the encryption and decryption apparatus comprises:

the first preset rule is that the first secret key and the second secret key are alternately adopted for data encryption or decryption;

the definitions and functions of the first key and the second key are the same as those in the above embodiments of the encryption and decryption methods, and are not described herein again.

In one embodiment, the encryption and decryption apparatus:

The N-i bit block identifier in the first type of encryption pattern is a first value, the i bit block identifier in the first type of encryption pattern is a second value, both N and i are natural numbers which are more than or equal to 1, and i is less than or equal to N, and each block identifier corresponds to an original information block or an information block to be decrypted;

the terms of the information block to be encrypted, the information block to be decrypted, and the like, and the first type of encryption pattern and the second type of encryption pattern indicate that the target network node terminal uses the first key and the second key to encrypt or decrypt data, refer to the description in the above encryption and decryption method embodiment, and the modules and units in the encryption and decryption apparatus provided in the embodiment of the present application may implement the functions of the corresponding steps in the above encryption and decryption method.

In one embodiment, as shown in fig. 8, the encryption and decryption apparatus further includes:

and the dynamic code sending module is used for sending the dynamic code to the target network node terminal, and the dynamic code is used by the target network node terminal for generating a first secret key and a second secret key.

Specifically, the dynamic code sending module sends the dynamic code to the target network node terminal, so that the target network node terminal generates a first key and a second key, and the first working mode selection module 3 and the second working mode selection module 4 perform data encryption or decryption by using the first key and the second key, thereby realizing data transmission.

in one embodiment, the encryption and decryption apparatus further includes:

the dynamic code updating module is used for updating the dynamic code before the network connection is disconnected every time; or updating the dynamic code at regular time; or when a first update request command sent by the target network node terminal is received, the dynamic code is updated. And the dynamic code is updated through the dynamic code updating module, so that the data transmission safety is further improved.

in one embodiment, the encryption and decryption apparatus further includes:

the encryption pattern updating module is used for updating the first type of encryption patterns and the second type of encryption patterns before network connection is disconnected every time; or updating the first type encryption pattern and the second type encryption pattern at regular time; or updating the first type of encryption pattern and the second type of encryption pattern when receiving a second updating request command sent by the target network node terminal; or when the keep-alive timer is overtime, the first type encryption pattern and the second type encryption pattern are updated. And updating the first type of encryption pattern and the second type of encryption pattern through an encryption pattern updating module so as to intermittently modulate an encryption and decryption scheme according to the processing capacity of the target network node terminal, so that the target network node terminal is in a better working state.

an embodiment of the present application further provides an encryption and decryption apparatus, as shown in fig. 9, where the apparatus is applied to a target network node terminal, and the encryption and decryption apparatus includes:

a first preset rule executing module 100, configured to encrypt or decrypt data according to a first preset rule according to a first type of encryption pattern sent by a server when receiving the first type of encryption pattern;

The second preset rule executing module 200 is configured to encrypt or decrypt data according to a second preset rule according to a second type of encryption pattern sent by the server when the second type of encryption pattern is received;

The implementation of the steps executed by each module and unit in the encryption and decryption apparatus can refer to the description in the embodiments of the encryption and decryption method. According to the encryption and decryption device provided by the embodiment of the application, the first preset rule execution module 100 receives a first type of encrypted pattern sent by a server, the first preset rule execution module 100 encrypts or decrypts data according to the first type of encrypted pattern and a preset first rule, the second preset rule execution module 200 receives a second type of encrypted pattern, and the second preset rule execution module 200 encrypts or decrypts the data according to a second type of encrypted pattern indication and a second preset rule. The first preset rule and the second preset rule are mainly used for encrypting or decrypting data by adopting different types of keys, the encryption and decryption device provided by the embodiment of the application can control the terminal to encrypt or decrypt data according to different preset rules (by adopting different keys) according to the processing capacity of each target network node terminal, and on the premise of ensuring the safety of data transmission, the operation burden of the terminal is reduced, and the operation speed is increased.

in one embodiment, as shown in fig. 10, the first preset rule executing module 100 includes:

an alternate key selection unit 110, configured to, in the case of receiving the first type encryption pattern sent by the server, perform data encryption or decryption alternately using the first key and the second key according to the first type encryption pattern;

The second preset rule executing module 200 includes:

A single key selection unit 210, configured to, in a case where the second type encryption pattern is received, perform data encryption or decryption using the first key according to the second type encryption pattern;

the steps executed by the alternating key selection unit 110 and the single key selection unit 210 may refer to the description in the above embodiment of the encryption and decryption method, and are not described herein again.

In one embodiment, as shown in fig. 9, the encryption and decryption apparatus further includes:

A dynamic code obtaining module 300, configured to obtain a dynamic code sent by a server;

a key seed generation module 400, configured to generate a key seed according to the dynamic code, the configuration information of the target network node terminal, and a key seed generation algorithm;

the first key determining module 500 is configured to input the key seed to the symmetric key generator and obtain the first key generated by the symmetric key generator.

In one embodiment, as shown in fig. 11, the key seed generation module 400 includes:

A static seed factor generating unit 410, configured to arrange the device management key, the application management key, and the mac address according to a preset rule, and generate a static seed factor;

The dynamic key seed determining unit 420 is configured to generate a key seed according to the dynamic code, the static seed factor, and a key seed generation algorithm.

In one embodiment, as shown in fig. 12, the dynamic key seed determining unit 420 includes:

a scrambling seed source generating unit 421, configured to scramble the static seed factor bit by bit according to the pseudo-random noise code to generate a scrambling seed source;

A scrambling key seed determining unit 422, configured to generate a key seed according to the scrambling seed source and a key seed generation algorithm.

in one embodiment, as shown in fig. 13, the scrambling key seed determination unit 422 includes:

a scrambled seed source sorting unit 4221 configured to sort the scrambled seed sources;

an RC4 key seed determination unit 4222, configured to input the sorted scrambled seed sources to the RC4 algorithm model, and obtain the key seeds generated by the RC4 algorithm model.

a second key determining module 600, configured to generate a second key according to the dynamic code and the scrambling algorithm.

according to the encryption and decryption device provided by the embodiment of the application, the key seed parameter obtaining module 300 is used for obtaining the configuration information and the pseudo-random noise code of the target network node terminal, the key seed generating module 400 is used for generating the key seed according to the pseudo-random noise code, the configuration information of the terminal and the key seed generating algorithm, the first key determining module 500 is further used for taking the key seed as the input of the symmetric key generator to obtain the first key, the problem that a single fixed static key is easy to crack reversely is solved, and when the target network node terminal encrypts the data to be sent or decrypts the ciphertext to be decrypted according to the first key, the data transmission safety is high.

it should be noted that all or part of the modules in the encryption and decryption apparatus may be implemented by software, hardware and their combination. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a terminal or a server, and its internal structure diagram may be as shown in fig. 14. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an encryption and decryption method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

those skilled in the art will appreciate that the architecture shown in fig. 14 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

the computer device provided by the embodiment of the application comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the following steps:

s10: acquiring configuration information of a target network node terminal;

In one embodiment, the following steps can be further realized when the processor in the computer device executes the computer program:

s60: updating the dynamic code before each network connection is disconnected; or

updating the dynamic code at regular time; or

S70: updating the first type of encryption pattern and the second type of encryption pattern before each network connection is disconnected; or

and updating the first type encryption pattern and the second type encryption pattern when the keep-alive timer is timed out.

when the computer device provided in the embodiment of the present application runs the computer program stored thereon, the functions implemented by the method steps in the encryption and decryption method may be implemented, and specific implementation processes and beneficial effects thereof may refer to the description in the above method embodiments, which is not described herein again.

S300: acquiring a dynamic code sent by a server;

S4221: sequencing the scrambled seed sources;

The definitions of the terms, such as the data to be transmitted, the first key, the first type of encrypted pattern, and the like, are the same as those in the key generation selection method, and are not described herein again. The computer device can be a server or a terminal, and the computer device can be communicated with each network node terminal in the intelligent internet of things. The computer device provided in the embodiment of the present application obtains a key seed that can be updated and changed by using a pseudo-random noise code and other dynamic codes and configuration information of a target network node terminal, and obtains a first key by using the key seed as an input of a symmetric key generator, where the first key may be updated according to user settings, for example, the first key may be updated before each TCP/IP connection is disconnected, or may be forcibly updated by the computer device (server), or may actively apply for updating to the computer device (server) when the terminal is in an idle state. Compared with the key obtained by the traditional symmetric key generator, the data security of the applied internet of things terminal is higher during operation. It should be noted that, when the processor on the computer device provided in the embodiment of the present application executes the computer program, other steps in the encryption and decryption method may also be implemented, and the beneficial effects achieved are also the same, and are not described herein again.

An embodiment of the present application further provides an internet of things system, as shown in fig. 1, including:

a server 104, wherein the server 104 includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the encryption and decryption method on the server side when executing the computer program;

And a plurality of terminals 102, each terminal 102 including a memory and a processor, the memory storing a computer program, the processor of the target network terminal 102 of the terminals 102 implementing the steps of the above-described terminal-side encryption and decryption method when executing the computer program.

the internet of things system provided by the embodiment of the application can reasonably distribute resources according to the processing capacity of the target network node terminal 102, and control the target network node terminal 102 to encrypt or decrypt data by adopting different keys, so that the processing speed of the terminal 102 is increased. On the other hand, the internet of things system provided by the embodiment of the application generates the dynamically-changed first secret key by adopting a mode of combining the dynamic code and the static seed factor, and the first secret key can be used for encrypting or decrypting important data, so that the reverse anti-cracking capability of the secret key is improved, and the safety of data transmission is improved.

the present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:

s10: acquiring configuration information of a target network node terminal;

S200: under the condition of receiving a second type of encryption pattern sent by the server, encrypting or decrypting data according to the second type of encryption pattern and a second preset rule;

It will be understood by those skilled in the art that all or part of the processes in the above embodiments of the encryption and decryption methods may be implemented by a computer program, which may be stored in a non-volatile computer-readable storage medium, and the processes in the above embodiments of the methods may be implemented by instructing related hardware through the computer program. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM). In the computer storage medium provided in the embodiment of the present application, when executed by a processor, the computer program stored on the computer storage medium further implements the steps of the encryption and decryption methods, which are not described herein again.

the technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. An encryption and decryption method, wherein the method is applied to a server, and the method comprises:

Acquiring configuration information of a target network node terminal;

if the target network node terminal is judged to be in overload operation, generating and sending a first type of encryption pattern to the target network node terminal, wherein the first type of encryption pattern is used for indicating the target network node terminal to encrypt or decrypt data according to a first preset rule;

2. The encryption and decryption method according to claim 1, wherein the first predetermined rule is to alternately use a first key and a second key for data encryption or decryption;

and the terminal processing capacity required by the data encryption or decryption by adopting the first key is higher than that required by the data encryption or decryption by adopting the second key.

3. the encryption and decryption method of claim 2, wherein the first type of encryption pattern and the second type of encryption pattern each comprise an N-bit block identifier, each bit block identifier corresponding to one block of information to be encrypted or decrypted;

the N-bit block identifiers of the second type of encryption pattern are all the first values;

the first value is used for indicating the target network node terminal to encrypt or decrypt a target information block corresponding to a block identifier by using the first key; the second value is used for indicating the target network node terminal to encrypt or decrypt a target information block corresponding to the block identifier by using the second key; the target information block is the information block to be encrypted or the information block to be decrypted.

4. the encryption and decryption method of claim 2 or 3, wherein the method further comprises:

Sending a dynamic code to the target network node terminal, the dynamic code being used by the target network node terminal to generate the first key and the second key.

5. the encryption and decryption method of claim 4, wherein the method further comprises:

Updating the dynamic code before each network connection is disconnected; or

updating the dynamic code at regular time; or

And updating the dynamic code when a first updating request command sent by the target network node terminal is received.

6. the encryption and decryption method of claim 1, wherein the method further comprises:

updating the first type of encryption pattern and the second type of encryption pattern in a timed manner; or

updating the first type of encryption pattern and the second type of encryption pattern when a second updating request command sent by the target network node terminal is received; or

updating the first type of encryption pattern and the second type of encryption pattern when a keep-alive timer expires.

7. an encryption and decryption method, wherein the method is applied to a target network node terminal, and the method comprises:

8. the encryption and decryption method according to claim 7, wherein the step of encrypting or decrypting data according to the first type of encryption pattern according to a first preset rule comprises:

The step of encrypting or decrypting data according to the second type of encryption pattern and a second preset rule comprises the following steps:

performing data encryption or decryption by adopting a first key according to the second type of encryption pattern;

9. the encryption and decryption method of claim 8, wherein the method further comprises:

Acquiring a dynamic code sent by a server;

and inputting the key seed to a symmetric key generator, and acquiring a first key generated by the symmetric key generator.

10. The encryption and decryption method of claim 9, wherein the configuration information of the target network node terminal comprises: a device management key, an application software management key and a media access control address;

the step of generating the key seed according to the dynamic code, the configuration information of the target network node terminal and the key seed generation algorithm comprises:

And generating the key seed according to the dynamic code, the static seed factor and the key seed generating algorithm.

11. The encryption and decryption method of claim 10, wherein the dynamic code is a pseudo random noise code;

the step of generating a key seed according to the dynamic code, the static seed factor and the key seed generation algorithm comprises:

Scrambling the static seed factor according to the pseudo-random noise code according to bits to generate a scrambling seed source;

And generating the key seed according to the scrambling seed source and the key seed generating algorithm.

12. the encryption and decryption method according to any one of claims 9-11, wherein the method further comprises:

And generating the second key according to the dynamic code and a scrambling algorithm.

13. an encryption and decryption apparatus, wherein the apparatus is applied to a server, the apparatus comprising:

14. An encryption and decryption apparatus, wherein the apparatus is applied to a target network node terminal, and the apparatus comprises:

the first preset rule execution module is used for encrypting or decrypting data according to a first preset rule according to a first type of encryption pattern sent by a server under the condition of receiving the first type of encryption pattern;

the second preset rule execution module is used for encrypting or decrypting data according to a second preset rule according to a second type of encryption pattern sent by the server under the condition of receiving the second type of encryption pattern;

15. a computer device, characterized by comprising a memory storing a computer program and a processor implementing the steps of the encryption and decryption method of any one of claims 1-6 or any one of claims 7-12 when executing the computer program.

16. An internet of things system, comprising:

a server comprising a memory storing a computer program and a processor implementing the steps of the encryption and decryption method of any one of claims 1-6 when the processor executes the computer program;

A plurality of terminals, each of said terminals comprising a memory and a processor, the memory storing a computer program, the steps of the encryption and decryption method of any one of claims 7-12 being implemented when the processor of a target one of said terminals executes the computer program.

17. a computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the steps of the encryption and decryption method of any one of claims 1 to 6 or 7 to 12.