CN110572261A - data encryption transmission method - Google Patents

data encryption transmission method Download PDF

Info

Publication number
CN110572261A
CN110572261A CN201910785868.XA CN201910785868A CN110572261A CN 110572261 A CN110572261 A CN 110572261A CN 201910785868 A CN201910785868 A CN 201910785868A CN 110572261 A CN110572261 A CN 110572261A
Authority
CN
China
Prior art keywords
data
key
encryption
receiving end
partial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910785868.XA
Other languages
Chinese (zh)
Inventor
朱小军
肖列
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Lai Bu Technology Co Ltd
Original Assignee
Hangzhou Lai Bu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Lai Bu Technology Co Ltd filed Critical Hangzhou Lai Bu Technology Co Ltd
Priority to CN201910785868.XA priority Critical patent/CN110572261A/en
Publication of CN110572261A publication Critical patent/CN110572261A/en
Priority to PCT/CN2020/110620 priority patent/WO2021036952A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

the invention relates to a data encryption transmission method. The method comprises the following steps: s1, the data sending end generates a first part of data key and sends the first part of data key to the data receiving end; s2, the data receiving end generates a second part of data key and sends the second part of data key to the data sending end; s3, generating an encryption key and a decryption key by the first partial data key and the second partial data key; s4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data to the data receiving end; and S5, the data receiving end decrypts the received encrypted data by using the decryption key to obtain the data to be transmitted. The encryption key is generated by the data sending end and the data receiving end together, and only a part of the key is transmitted each time, so that data interception and data decryption are effectively prevented, and the data transmission safety is improved.

Description

Data encryption transmission method
Technical Field
The invention relates to the field of data transmission safety, in particular to a data encryption transmission method.
Background
the secure transmission of data is a permanent topic in the information age, and the secure transmission of data is related to the privacy of users. The existing data transmission method encrypts transmission data, but the used encryption key is only generated by a sending end, the decryption of the encryption key can be realized by decrypting one end of the sending end, and imitation deception can also be performed by data interception, so that the security is low.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a data encryption transmission method, aiming at the above-mentioned defects of the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: a data encryption transmission method is constructed, and comprises the following steps:
s1, the data sending end generates a first part of data key and sends the first part of data key to the data receiving end;
S2, the data receiving terminal generates a second part of data key and sends the second part of data key to the data sending terminal;
s3, generating an encryption key and a decryption key by the first partial data key and the second partial data key;
S4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data to the data receiving end;
And S5, the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
Further, in the data encryption transmission method according to the present invention, the step S1 of sending the first partial data key to the data receiving end includes:
S11, encrypting the first part of data key by using a preset encryption algorithm, and sending the generated first encryption key to the data receiving end;
And S12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the first partial data key.
Further, in the data encryption transmission method according to the present invention, the sending the second partial data key to the data sender in step S2 includes:
S21, encrypting the second part of data key by using the first part of data key, and sending the generated second encryption key to the data sending end;
s22, the data sending end uses the first part data key to decrypt the second encryption key to obtain the second part data key;
or
the step S2 of sending the second partial data key to the data sender includes:
s23, encrypting the second part of data key by using a preset encryption algorithm, and sending the generated second encryption key to the data sending end;
and S24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the second partial data key.
Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
further, in the data encryption transmission method of the present invention, the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is an unreadable area of the external device.
Further, in the data encryption transmission method according to the present invention, in step S3, the encryption key is a symmetric algorithm encryption key, and the decryption key is a symmetric algorithm decryption key.
Further, in the data encryption transmission method according to the present invention, the step S1 of generating the first partial data key by the data sender includes: a random number generator of the data sending end generates the first part of data keys, and the first part of data keys generated each time are different;
The step S2 of generating the second partial data key by the data receiver includes: and the random number generator at the data receiving end generates a second part of data key, and the generated second part of data key is different each time.
further, in the data encryption transmission method of the present invention, in the step S4, the data to be transmitted is stored in the FLASH memory of the data sending end by using the ring queue, and the data between the latest data pointer and the current data pointer is the data to be transmitted.
further, in the data encryption transmission method according to the present invention, after the step S5, the method further includes:
S6, judging whether the session connection duration of the data sending end and the data receiving end reaches a preset duration;
And S7, if yes, reestablishing the session connection between the data sending end and the data receiving end.
further, in the data encryption transmission method of the present invention, the data sending end is a data acquisition terminal, and the data receiving end is a server.
In addition, the invention also provides a data encryption transmission method, which is applied to a data sending end and comprises the following steps:
F1, the data sending end generates a first partial data key and sends the first partial data key;
F2, the data sending end receives the second part of data key sent by the data receiving end;
f3, generating an encryption key by the first partial data key and the second partial data key;
And F4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data.
further, in the data encryption transmission method according to the present invention, the sending the first partial data key in step F1 includes: f11, encrypting the first partial data key by using a preset encryption algorithm, and sending the generated first encryption key.
further, in the data encryption transmission method according to the present invention, the step F2 includes:
F21, the data sending end receives a second encryption key sent by a data receiving end, and the second encryption key is generated by encrypting the second part of data key by the first part of data key;
f22, the data sending end decrypts the second encryption key by using the first partial data key to obtain the second partial data key;
Or
the step F2 includes:
F23, the data sending end receives a second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of data key through a preset encryption algorithm;
and F24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the second partial data key.
Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data sending end, and the key storage area is an unreadable area of an external device.
further, in the data encryption transmission method according to the present invention, the step F1 of generating the first partial data key by the data sending end includes: and the random number generator of the data sending end generates the first part of data keys, and the first part of data keys generated each time are different.
further, in the data encryption transmission method of the present invention, in the step F4, the data to be transmitted is stored in a FLASH memory of the data transmitting end by using a ring queue, and data between the latest data pointer and the current data pointer is the data to be transmitted.
Further, in the data encryption transmission method of the present invention, the encryption key in step F3 is a symmetric algorithm encryption key;
the data sending end is a data acquisition terminal, and the data receiving end is a server.
in addition, the invention also provides a data encryption transmission method, which is applied to a data receiving end and comprises the following steps:
J1, the data receiving end receives a first part of data key sent by the data sending end;
j2, the data receiving end generates a second partial data key and sends the second partial data key;
j3, generating a decryption key from the first partial data key and the second partial data key;
J4, the data receiving end receives encrypted data sent by the data sending end, and the encrypted data comprises data to be transmitted;
j5, the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
Further, in the data encryption transmission method according to the present invention, the step J1 includes:
J11, the data receiving end receives a first encryption key sent by the data sending end, and the first encryption key is obtained by encrypting the first part of data key through a preset encryption algorithm;
j12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the first partial data key.
further, in the data encryption transmission method according to the present invention, the sending the second partial data key in step J2 includes: j21, encrypting the second partial data key using the first partial data key, and sending the generated second encryption key; or
J22, encrypting the second partial data key by using a preset encryption algorithm, and sending the generated second encryption key.
Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
further, in the data encryption transmission method according to the present invention, the generating, by the data receiving end, the second partial data key in step J2 includes: and the random number generator at the data receiving end generates a second part of data key, and the generated second part of data key is different each time.
further, in the data encryption transmission method of the present invention, the decryption key is a symmetric algorithm decryption key;
The data sending end is a data acquisition terminal, and the data receiving end is a server.
the data encryption transmission method has the following beneficial effects: the encryption key is generated by the data sending end and the data receiving end together, and only a part of the key is transmitted each time, so that data interception and data decryption are effectively prevented, and the data transmission safety is improved.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
Fig. 1 is a flowchart of a data encryption transmission method according to an embodiment;
fig. 2 is a flowchart of a data encryption transmission method according to an embodiment;
Fig. 3 is a flowchart of a data encryption transmission method according to an embodiment;
fig. 4 is a flowchart of a data encryption transmission method according to an embodiment;
fig. 5 is a timing diagram of a data encryption transmission method according to an embodiment.
Detailed Description
for a more clear understanding of the technical features, objects and effects of the present invention, embodiments of the present invention will now be described in detail with reference to the accompanying drawings.
examples
referring to fig. 1, the data encryption transmission method of this embodiment is applied to data transmission between a data sending end and a data receiving end, and this embodiment is described in a process of data transmission by the data sending end and the data receiving end at one time. It can be understood that the data receiving end can also be used as a data transmitting end, and the data transmitting end can also be used as a data receiving end, so that the bidirectional transmission of data is realized. The method comprises the following steps:
S1, the data sending end generates the first part data key and sends the first part data key to the data receiving end.
Specifically, a random number generator at the data sending end generates a first part of data keys, and the random numbers generated each time are different, so that the first part of data keys generated each time are different. And because the first part of data keys generated each time are different, the first part of data keys transmitted to the data receiving end each time are different.
In order to further improve the security of the first part of data key, in this embodiment, the first part of data key is encrypted, and the encrypted first part of data key is sent, where the specific encryption process is as follows:
And S11, encrypting the first part of data key by using a preset encryption algorithm, and sending the generated first encryption key to the data receiving end.
And S12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain a first partial data key. The preset encryption algorithm and the preset decryption algorithm correspond to each other and are stored in the data sending end and the data receiving end in advance.
Optionally, the preset encryption algorithm in the encryption process is a private key of an asymmetric encryption algorithm, and the corresponding preset decryption algorithm in the decryption process is a public key of the asymmetric encryption algorithm. The private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data sending end, and the key storage area is an unreadable area of external equipment. Because the private key of the asymmetric encryption algorithm cannot be read and can only be used in the encryption chip, absolute safety is realized from the source.
And S2, the data receiving end generates a second part of data key and sends the second part of data key to the data sending end.
Specifically, the random number generator at the data receiving end generates the second partial data key, and the generated second partial data key is different each time. And the second part of data key generated each time is different, so that the second part of data key transmitted to the data transmitting end each time is different.
In order to further improve the security of the second partial data key, the embodiment encrypts the second partial data key, and sends the encrypted second partial data key. The embodiment provides two ways of encrypting the second part of data key:
The first encryption mode of the second part data key is as follows:
s21, the second partial data key is encrypted using the first partial data key, and the generated second encrypted key is sent to the data sending end. If the first part of data is encrypted by using the preset encryption algorithm, the data receiving end firstly needs to decrypt by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain a first part of data key.
And S22, the data sending end decrypts the second encryption key by using the first partial data key to obtain a second partial data key. The data transmitting end already stores the first partial data key because the first partial data key is generated by the data transmitting end.
a second encryption mode of the second partial data key:
and S23, encrypting the second part of data key by using a preset encryption algorithm, and sending the generated second encryption key to the data sending end.
and S24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain a second partial data key. The preset encryption algorithm and the preset decryption algorithm correspond to each other and are stored in the data sending end and the data receiving end in advance.
Alternatively, the preset encryption algorithm is a private key of the asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm. The private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data receiving end, and the key storage area is an unreadable area of external equipment. Because the private key of the asymmetric encryption algorithm cannot be read and can only be used in the encryption chip, absolute safety is realized from the source.
And S3, generating an encryption key and a decryption key by the first partial data key and the second partial data key.
specifically, through the above steps, both the data sending end and the data receiving end store the first partial data key and the second partial data key, the data sending end generates the encryption key and the decryption key from the first partial data key and the second partial data key, and the data receiving end generates the encryption key and the decryption key from the first partial data key and the second partial data key. In this embodiment, only one-way data transmission is described, the data sending end only needs to generate an encryption key from the first part of data key and the second part of data key, and the data receiving end only needs to generate a decryption key from the first part of data key and the second part of data key.
Alternatively, the encryption key is a symmetric algorithm encryption key and the decryption key is a symmetric algorithm decryption key. For example, the symmetric algorithm encryption key is an RC4 encryption key, and the symmetric algorithm decryption key is an RC4 decryption key.
s4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data to the data receiving end. Firstly, data to be transmitted at a data transmitting end is read, for example, the data to be transmitted at the data transmitting end is stored in a FLASH memory at the data transmitting end by adopting a ring queue, and the data between a latest data pointer and a current data pointer is the data to be transmitted. And after the data to be transmitted is read, generating an encryption key by using the first part of data key and the second part of data key to encrypt the data to be transmitted, generating encrypted data after encryption, and sending the generated encrypted data to a data receiving end.
And S5, the data receiving end decrypts the received encrypted data by using the decryption key to obtain the data to be transmitted. The data receiving end generates an encryption key and a decryption key from the first part of data key and the second part of data key, the encrypted data is obtained by generating the encryption key from the first part of data key and the second part of data key to encrypt the data to be transmitted, and the corresponding data receiving end decrypts the encrypted data by using the decryption key generated from the first part of data key and the second part of data key to obtain the data to be transmitted, so that the safe transmission of the data is realized.
Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and all networks capable of data transmission may transmit data using the data encryption transmission method of this embodiment, and all of them belong to the protection scope of this embodiment.
alternatively, the data sending end is a data acquisition terminal, and the data receiving end is a server. The encryption key of the embodiment is generated by the data sending end and the data receiving end together, and only a part of the key is transmitted each time, so that data interception and data decryption are effectively prevented, and data transmission safety is improved.
Examples
Referring to fig. 2, on the basis of the above embodiment, the data encryption transmission method of the present embodiment further includes, after step S5:
S6, judging whether the session connection duration of the data sending end and the data receiving end reaches the preset duration. And starting timing when the data sending end and the data receiving end establish session connection, wherein the preset time length can be set according to needs.
and S7, if the preset duration is reached, reestablishing the session connection between the data sending end and the data receiving end. And during reconnection, the random number generator at the data sending end regenerates the first part of data keys, and the regenerated first part of data keys are different from all the first part of data keys generated before. Meanwhile, the random number generator at the data receiving end regenerates the second part of data key, and the regenerated second part of data key is different from all the second part of data keys generated before. And then, the encryption key and the decryption key are generated by the first part of data key and the second part of data key again, so that the dynamism of the encryption key and the decryption key is realized.
In this embodiment, after the session duration is preset at intervals, the connection between the data sending end and the data receiving end is reestablished, and the first part of encryption key and the second part of encryption key are regenerated at the same time, so that the dynamism of the encryption key and the decryption key is realized, and the security is improved.
Examples
referring to fig. 3, a data encryption transmission method of this embodiment is applied to a data transmitting end, and the method includes the following steps:
F1, the data sending end generates the first partial data key and sends the first partial data key.
Specifically, a random number generator at the data sending end generates a first part of data keys, and the first part of data keys generated each time are different. And because the first part of data keys generated each time are different, the first part of data keys transmitted to the data receiving end each time are different.
In order to further improve the security of the first part of data key, the embodiment performs encryption processing on the first part of data key, where the specific encryption process is as follows: f11, encrypting the first part of data key by using a preset encryption algorithm, and sending the generated first encryption key; wherein the preset encryption algorithm is stored in the data transmitting end in advance.
and F2, the data sending end receives the second part of data key sent by the data receiving end.
Specifically, in order to further improve the security of the second partial data key, the embodiment performs encryption processing on the second partial data key, and the embodiment provides two ways of encrypting the second partial data key:
The first encryption mode of the second part data key is as follows:
and F21, the data sending end receives a second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting a second part of data key by a first part of data key, wherein the first part of data key is sent to the data receiving end by the data sending end.
f22, the data sending end decrypts the second encryption key by using the first partial data key to obtain a second partial data key, and the data sending end already stores the first partial data key because the first partial data key is generated by the data sending end.
A second encryption mode of the second partial data key:
and F23, the data sending end receives a second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting a second part of data keys by a preset encryption algorithm.
And F24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain a second partial data key.
Alternatively, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data receiving end, and the key storage area is an unreadable area of the external device. Because the private key of the asymmetric encryption algorithm cannot be read and can only be used in the encryption chip, absolute safety is realized from the source.
F3, generating an encryption key from the first partial data key and the second partial data key.
specifically, through the above steps, the data sending end stores the first partial data key and the second partial data key, and then the data sending end generates the encryption key and the decryption key from the first partial data key and the second partial data key. Alternatively, the encryption key is a symmetric algorithm encryption key. For example, the symmetric algorithm encryption key is an RC4 encryption key.
F4, the data transmitting end encrypts the data to be transmitted using the encryption key, and transmits the generated encrypted data. Firstly, data to be transmitted at a data transmitting end is read, for example, the data to be transmitted at the data transmitting end is stored in a FLASH memory at the data transmitting end by adopting a ring queue, and the data between a latest data pointer and a current data pointer is the data to be transmitted. And after the data to be transmitted is read, generating an encryption key by using the first part of data key and the second part of data key to encrypt the data to be transmitted, generating encrypted data after encryption, and sending the generated encrypted data to realize the safe transmission of the data.
Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and all networks capable of data transmission may transmit data using the data encryption transmission method of this embodiment, and all of them belong to the protection scope of this embodiment.
alternatively, the data sending end is a data acquisition terminal, and the data receiving end is a server.
The encryption key of the embodiment is generated by the data sending end and the data receiving end together, and only a part of the key is transmitted each time, so that data interception and data decryption are effectively prevented, and data transmission safety is improved.
Examples
Referring to fig. 4, a data encryption transmission method of the present embodiment is applied to a data receiving end, and the method includes the following steps:
j1, the data receiving end receives the first part of data key sent by the data sending end. The first part of data keys are generated by a random number generator of the data sending end, and the first part of data keys generated each time are different, namely the first part of data keys received by the data receiving end each time are different.
In order to further improve the security of the first part of data key, the data sending end performs encryption transmission on the first part of data key, that is, the data sending end encrypts the first part of data key by using a preset encryption algorithm, and sends the generated first encryption key to the data receiving end.
J11, the data receiving end receives a first encryption key sent by the data sending end, and the first encryption key is obtained by encrypting a first part of data key through a preset encryption algorithm.
J12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain a first partial data key. The preset encryption algorithm is a private key of the asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm. The preset encryption algorithm and the preset decryption algorithm correspond to each other, the preset encryption algorithm is stored in the data sending end in advance, and the preset decryption algorithm is stored in the data receiving end in advance. Optionally, in the encryption process, the encryption algorithm is preset to be a private key of the asymmetric encryption algorithm, and the decryption algorithm is preset to be a public key of the asymmetric encryption algorithm.
And J2, the data receiving end generates a second partial data key and sends the second partial data key.
Specifically, the random number generator at the data receiving end generates the second partial data key, and the generated second partial data key is different each time. And the second part of data key generated each time is different, so that the second part of data key transmitted to the data transmitting end each time is different.
in order to further improve the security of the second partial data key, the present embodiment performs encryption processing on the second partial data key, and the present embodiment provides two ways of encrypting the second partial data key:
the first encryption mode of the second part data key is as follows: j21, encrypting the second partial data key by using the first partial data key, and sending the generated second encryption key; wherein the first part of the data key is sent to the data receiving end by the data sending end.
A second encryption mode of the second partial data key: j22, encrypting the second partial data key by using the preset encryption algorithm, and sending the generated second encryption key. Alternatively, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data receiving end, and the key storage area is an unreadable area of the external device. Because the private key of the asymmetric encryption algorithm cannot be read and can only be used in the encryption chip, absolute safety is realized from the source.
J3, generating a decryption key from the first partial data key and the second partial data key. Through the steps, the data receiving end stores the first part of data key and the second part of data key, and the data receiving end generates an encryption key and a decryption key by the first part of data key and the second part of data key. Since the present embodiment describes only one-way transmission, only the data receiving end needs to generate the decryption key from the first partial data key and the second partial data key. Alternatively, the decryption key is a symmetric algorithm decryption key, which is an RC4 decryption key.
J4, the data receiving end receives the encrypted data sent by the data sending end, and the encrypted data comprises data to be transmitted. The data sending end uses the first part of data key and the second part of data key to generate an encryption key to encrypt data to be transmitted, generates encrypted data after encryption, and sends the generated encrypted data to the data receiving end.
j5, the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted. The data receiving end generates a decryption key by the first part of data key and the second part of data key, the encrypted data is obtained by generating an encryption key by the first part of data key and the second part of data key to encrypt the data to be transmitted, and the corresponding data receiving end decrypts the encrypted data by using the decryption key generated by the first part of data key and the second part of data key to obtain the data to be transmitted, so that the safe transmission of the data is realized.
Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and all networks capable of data transmission may transmit data using the data encryption transmission method of this embodiment, and all of them belong to the protection scope of this embodiment.
Alternatively, the data sending end is a data acquisition terminal, and the data receiving end is a server.
The encryption key of the embodiment is generated by the data sending end and the data receiving end together, and only a part of the key is transmitted each time, so that data interception and data decryption are effectively prevented, and data transmission safety is improved.
examples
Referring to fig. 5, in this embodiment, the data sending end is a data terminal, the data terminal includes a sensor and an encryption chip, the data receiving end is a server, and the data terminal and the server are connected by using a 5G network. The first partial data key is denoted as M1, the second partial data key is denoted as M2, the first partial data key and the second partial data key are combined into an encryption key and a decryption key M3, and the first partial data key and the second partial data key are RC4 keys. The data encryption transmission method comprises the following steps:
Step 1, data acquisition: the sensor collects signals and obtains data through an analog-to-digital conversion circuit.
Step 2, data storage: and storing the data into a FLASH memory.
Step 3, setting: the current data pointer is set to the latest value.
step 4, generating an RC4 key: the key length may be specified by the true random number generator of the cryptographic chip generating the RC4 key.
Step 5, encrypting the terminal ID: the terminal ID is encrypted with an RC4 key.
step 6, encryption of RC4 key: the RC4 key is encrypted with the private key of RSA through the cryptographic chip.
Step 7, establishing connection: and establishing a TCP connection with the server through the 5G module.
step 8, transfer ID and RC4 key: the encrypted terminal ID and RC4 key are passed to the server.
Step 9, decryption ID and RC4 key: the server decrypts the ID and RC4 key.
Step 10, identity authentication: the server decrypts the RC4 key and decrypts the ID with the RC4 key, comparing the ID with the authentication identity.
Step 11, randomly generating M2: the server generates the second half RC4 key M2.
step 12, encryption M2: m2 is encrypted with M1 as the key.
Step 13, returning a result: the encrypted M2 and data sequence number are returned.
Step 14, decryption M2: the sensor decrypts M2 with M1.
step 15, obtaining M3: m3 ═ M1+ M2.
Step 16, setting: the current data sequence number is reset to the current data pointer register.
step 17, reading a data pointer: and reading the current data sequence number.
Step 18, reading data: and reading the data.
Step 19, RC4 encrypts data: data is encrypted with RC4 using M3 as the key.
Step 20, transmitting the encrypted data: the encrypted data is transmitted.
Step 21, setting: and setting the current data serial number to obtain a current data pointer register.
Step 22, decrypting the data: the server decrypts the current data with RC4 using M3 as the key.
the embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
the steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
the above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes and modifications made within the scope of the claims of the present invention should be covered by the claims of the present invention.

Claims (23)

1. A method for encrypted transmission of data, comprising:
S1, the data sending end generates a first part of data key and sends the first part of data key to the data receiving end;
S2, the data receiving terminal generates a second part of data key and sends the second part of data key to the data sending terminal;
S3, generating an encryption key and a decryption key by the first partial data key and the second partial data key;
S4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data to the data receiving end;
and S5, the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
2. The method for encrypted data transmission according to claim 1, wherein the step S1 of sending the first partial data key to a data receiving end includes:
S11, encrypting the first part of data key by using a preset encryption algorithm, and sending the generated first encryption key to the data receiving end;
And S12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the first partial data key.
3. the data encryption transmission method according to claim 1 or 2, wherein the step S2 of sending the second partial data key to the data sender includes:
S21, encrypting the second part of data key by using the first part of data key, and sending the generated second encryption key to the data sending end;
S22, the data sending end uses the first part data key to decrypt the second encryption key to obtain the second part data key;
Or
The step S2 of sending the second partial data key to the data sender includes:
S23, encrypting the second part of data key by using a preset encryption algorithm, and sending the generated second encryption key to the data sending end;
And S24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the second partial data key.
4. the data encryption transmission method according to claim 3, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
5. the data encryption transmission method according to claim 4, wherein a private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data sending end, and the key storage area is an unreadable area of an external device.
6. The data encryption transmission method according to claim 1, wherein the encryption key in step S3 is a symmetric algorithm encryption key, and the decryption key is a symmetric algorithm decryption key.
7. the data encryption transmission method according to claim 1, wherein the step S1 of generating the first partial data key by the data sender includes: a random number generator of the data sending end generates the first part of data keys, and the first part of data keys generated each time are different;
The step S2 of generating the second partial data key by the data receiver includes: and the random number generator at the data receiving end generates a second part of data key, and the generated second part of data key is different each time.
8. The data encryption transmission method according to claim 1, wherein in step S4, the data to be transmitted is stored in a FLASH memory of the data sending end by using a ring queue, and data between a latest data pointer and a current data pointer is the data to be transmitted.
9. The data encryption transmission method according to claim 1, further comprising, after the step S5:
S6, judging whether the session connection duration of the data sending end and the data receiving end reaches a preset duration;
And S7, if yes, reestablishing the session connection between the data sending end and the data receiving end.
10. The data encryption transmission method according to claim 1, wherein the data sending end is a data acquisition terminal, and the data receiving end is a server.
11. A data encryption transmission method is applied to a data sending end and is characterized by comprising the following steps:
F1, the data sending end generates a first partial data key and sends the first partial data key;
F2, the data sending end receives the second part of data key sent by the data receiving end;
f3, generating an encryption key by the first partial data key and the second partial data key;
And F4, the data sending end uses the encryption key to encrypt the data to be transmitted and sends the generated encrypted data.
12. The data encryption transmission method according to claim 11, wherein the sending the first partial data key in step F1 includes: f11, encrypting the first partial data key by using a preset encryption algorithm, and sending the generated first encryption key.
13. The data encryption transmission method according to claim 12, wherein the step F2 includes:
F21, the data sending end receives a second encryption key sent by a data receiving end, and the second encryption key is generated by encrypting the second part of data key by the first part of data key;
F22, the data sending end decrypts the second encryption key by using the first partial data key to obtain the second partial data key;
Or
The step F2 includes:
F23, the data sending end receives a second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of data key through a preset encryption algorithm;
And F24, the data sending end decrypts the second encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the second partial data key.
14. The data encryption transmission method according to claim 13, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in a key storage area of an encryption chip in the data sending end, and the key storage area is an unreadable area of an external device.
15. The data encryption transmission method according to claim 11, wherein the step F1 in which the data sender generates the first partial data key includes: and the random number generator of the data sending end generates the first part of data keys, and the first part of data keys generated each time are different.
16. The data encryption transmission method according to claim 11, wherein in step F4, the data to be transmitted is stored in a FLASH memory of the data sending end by using a ring queue, and data between the latest data pointer and the current data pointer is the data to be transmitted.
17. the data encryption transmission method according to claim 11, wherein the encryption key in step F3 is a symmetric algorithm encryption key;
the data sending end is a data acquisition terminal, and the data receiving end is a server.
18. a data encryption transmission method is applied to a data receiving end and is characterized by comprising the following steps:
j1, the data receiving end receives a first part of data key sent by the data sending end;
J2, the data receiving end generates a second partial data key and sends the second partial data key;
J3, generating a decryption key from the first partial data key and the second partial data key;
J4, the data receiving end receives encrypted data sent by the data sending end, and the encrypted data comprises data to be transmitted;
j5, the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
19. The data encryption transmission method according to claim 18, wherein the step J1 includes:
j11, the data receiving end receives a first encryption key sent by the data sending end, and the first encryption key is obtained by encrypting the first part of data key through a preset encryption algorithm;
j12, the data receiving end decrypts the first encryption key by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the first partial data key.
20. the data encryption transmission method according to claim 19, wherein the step J2 of sending the second partial data key includes: j21, encrypting the second partial data key using the first partial data key, and sending the generated second encryption key; or
j22, encrypting the second partial data key by using a preset encryption algorithm, and sending the generated second encryption key.
21. The data encryption transmission method according to claim 20, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
22. The data encryption transmission method according to claim 18, wherein the step J2 in which the data receiving end generates the second partial data key includes: and the random number generator at the data receiving end generates a second part of data key, and the generated second part of data key is different each time.
23. the data encryption transmission method according to claim 18, wherein the decryption key is a symmetric algorithm decryption key;
The data sending end is a data acquisition terminal, and the data receiving end is a server.
CN201910785868.XA 2019-08-23 2019-08-23 data encryption transmission method Pending CN110572261A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910785868.XA CN110572261A (en) 2019-08-23 2019-08-23 data encryption transmission method
PCT/CN2020/110620 WO2021036952A1 (en) 2019-08-23 2020-08-21 Method for encrypted transmission of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910785868.XA CN110572261A (en) 2019-08-23 2019-08-23 data encryption transmission method

Publications (1)

Publication Number Publication Date
CN110572261A true CN110572261A (en) 2019-12-13

Family

ID=68776062

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910785868.XA Pending CN110572261A (en) 2019-08-23 2019-08-23 data encryption transmission method

Country Status (2)

Country Link
CN (1) CN110572261A (en)
WO (1) WO2021036952A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021036952A1 (en) * 2019-08-23 2021-03-04 杭州来布科技有限公司 Method for encrypted transmission of data
CN113761542A (en) * 2020-05-18 2021-12-07 致伸科技股份有限公司 Wireless input device and information transmission method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
WO2014117275A1 (en) * 2013-01-31 2014-08-07 Ellison Information Manufacturing Inc. Method and system for protecting data using data passports
CN107040536A (en) * 2017-04-10 2017-08-11 北京德威特继保自动化科技股份有限公司 Data ciphering method, device and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572261A (en) * 2019-08-23 2019-12-13 杭州来布科技有限公司 data encryption transmission method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
WO2014117275A1 (en) * 2013-01-31 2014-08-07 Ellison Information Manufacturing Inc. Method and system for protecting data using data passports
CN107040536A (en) * 2017-04-10 2017-08-11 北京德威特继保自动化科技股份有限公司 Data ciphering method, device and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021036952A1 (en) * 2019-08-23 2021-03-04 杭州来布科技有限公司 Method for encrypted transmission of data
CN113761542A (en) * 2020-05-18 2021-12-07 致伸科技股份有限公司 Wireless input device and information transmission method thereof

Also Published As

Publication number Publication date
WO2021036952A1 (en) 2021-03-04

Similar Documents

Publication Publication Date Title
EP2850862B1 (en) Secure paging
KR101725847B1 (en) Master key encryption functions for transmitter-receiver pairing as a countermeasure to thwart key recovery attacks
CN103166958B (en) A kind of guard method of file and system
US9485096B2 (en) Encryption / decryption of data with non-persistent, non-shared passkey
CA2690755C (en) System and method of per-packet keying
CN105553951A (en) Data transmission method and data transmission device
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US20150244520A1 (en) One-time-pad data encryption with media server
KR101675332B1 (en) Data commincaiton method for vehicle, Electronic Control Unit and system thereof
CN106549939B (en) Data processing method and device for intelligent access control system
US20150229621A1 (en) One-time-pad data encryption in communication channels
CN112702318A (en) Communication encryption method, decryption method, client and server
KR101424972B1 (en) Method for using contents with a mobile card, host device, and mobile card
CN110572261A (en) data encryption transmission method
Keleman et al. Secure firmware update in embedded systems
KR102008670B1 (en) Apparatus of monitoring multicast group
KR20170032210A (en) Data commincaiton method for vehicle, Electronic Control Unit and system thereof
CN110784870A (en) Wireless local area network secure communication method and system and authentication server
CN115567200A (en) http interface anti-brush method, system and related device
CN114258013B (en) Data encryption method, device and storage medium
CN111885013B (en) Mimicry encryption communication module, system and method
CN110784480A (en) Data transmission method, system, equipment and storage medium
KR100458955B1 (en) Security method for the Wireless LAN
CN117714055B (en) In-vehicle network communication method based on identity information
JP6404958B2 (en) Authentication system, method, program, and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191213