CN114051240B - Data confidentiality method - Google Patents
Data confidentiality method Download PDFInfo
- Publication number
- CN114051240B CN114051240B CN202111326106.7A CN202111326106A CN114051240B CN 114051240 B CN114051240 B CN 114051240B CN 202111326106 A CN202111326106 A CN 202111326106A CN 114051240 B CN114051240 B CN 114051240B
- Authority
- CN
- China
- Prior art keywords
- encryption
- value
- beacon sensor
- decryption
- receiving end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/33—Services specially adapted for particular environments, situations or purposes for indoor environments, e.g. buildings
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
According to the data confidentiality method, original data are encrypted in a simple hardware and low-energy encryption mode, a decryption flow is obtained from a cloud end through out-of-band transmission, so that other terminals cannot read the original data even if intercepting broadcast data, effective encryption of the data of one-way communication of the beacon sensor is achieved, and communication safety of the beacon sensor is improved on the premise that additional hardware is not needed and power consumption is not needed to be improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a data confidentiality method.
Background
The beacon sensor is broadcasting equipment capable of applying a low-power-consumption Bluetooth protocol, has the advantages of low cost, low power consumption and the like, can perform one-way communication, wirelessly broadcast data received by the beacon sensor from a data source to surrounding receiving ends, and has wide application prospects in the scenes of indoor navigation and positioning, advertisement and preferential pushing in a market, comprehensive application in large public places, identity recognition, card punching and the like.
On the one hand, the beacon sensor can only carry out one-way communication, and cannot carry out asymmetric encryption or password negotiation based on two-way communication, on the other hand, the hardware of the beacon sensor is simpler, the battery electric quantity cannot be used on massive encryption operation, and advanced encryption cannot be carried out on data, so that the communication safety of the beacon sensor and the confidentiality of transmission data are always a great problem in practical application.
Disclosure of Invention
In view of the above, the present invention provides a data security method
The data confidentiality method of the invention comprises the following steps:
the method comprises the steps that a first difference value which is necessarily generated when a beacon sensor is set and calibrated before leaving a factory is set, the beacon sensor executes a first encryption process when reading original data to obtain a first encryption value, and the first encryption process is as follows: the beacon sensor appends a first difference value to the original data when reading;
setting a unique second encryption process and a unique second decryption process before each beacon sensor leaves the factory, respectively storing the unique second encryption process and the unique second decryption process of each beacon sensor in a cloud and/or product package according to serial numbers of the beacon sensors and acquiring the unique second encryption process by a user receiving end in an out-of-band transmission mode, and executing the second encryption process on the first encryption value by the beacon sensors to obtain a second encryption value, wherein the second encryption process is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value;
the beacon sensor broadcasts a second encryption value, and the user receiving end receives the second encryption value broadcast by the beacon sensor;
the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value through out-of-band transmission;
and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
Further, the present invention is applied to a beacon sensor, which includes:
the method comprises the steps that a first difference value which is necessarily generated when a beacon sensor is set and calibrated before leaving a factory is set, the beacon sensor executes a first encryption process when reading original data to obtain a first encryption value, and the first encryption process is as follows: the beacon sensor appends a first difference value to the original data when reading;
setting a unique second encryption process and a unique second decryption process before each beacon sensor leaves the factory, respectively storing the unique second encryption process and the unique second decryption process of each beacon sensor in a cloud and/or product package according to serial numbers of the beacon sensors and acquiring the unique second encryption process by a user receiving end in an out-of-band transmission mode, and executing the second encryption process on the first encryption value by the beacon sensors to obtain a second encryption value, wherein the second encryption process is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value;
the beacon sensor sends a second encryption value to the user receiving end so that the user receiving end executes a first decryption process and a second decryption process acquired through out-of-band transmission on the second encryption value, and therefore original data are obtained.
Further, the present invention is applied to a user receiving end, which includes:
the user receiving end receives a second encryption value obtained by executing a second encryption process on the basis of a first encryption value obtained by executing a first encryption process on the original data by the beacon sensor, wherein the first encryption process is as follows: the beacon sensor adds a first difference value to the original data when reading, the first difference value is necessarily generated when the beacon sensor is set and calibrated before leaving a factory, and the second encryption flow is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encryption value, and the second encryption process is set before each beacon sensor leaves the factory;
the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value through out-of-band transmission;
and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
Further, the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value from the cloud end through out-of-band transmission.
Further, the user receiving end can acquire the unique product serial number of the beacon sensor through out-of-band transmission, and acquire the first decryption process and the second decryption process by inputting the product serial number to the cloud.
Further, the present invention is applied to a cloud, comprising:
the cloud end sends a first decryption flow for decrypting the first encryption value and a second decryption flow for decrypting the second encryption value to a user receiving end, the user receiving end executes the first encryption value obtained by the first encryption flow on the original data received from the beacon sensor, and executes the second encryption value obtained by the second encryption flow on the basis of the first encryption value to obtain the original data, and the first encryption flow is as follows: the beacon sensor adds a first difference value to the original data when reading, the first difference value is necessarily generated when the beacon sensor is set and calibrated before leaving a factory, and the second encryption flow is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value, and the second encryption flow is set before each beacon sensor leaves the factory.
According to the data confidentiality method, the original data is encrypted in a simple hardware and low-energy encryption mode, and the decryption flow is acquired from the cloud through out-of-band transmission, so that other terminals cannot read the original data even if intercepting the broadcasted data, the effective encryption of the data of the one-way communication of the beacon sensor is realized, and the communication safety of the beacon sensor is improved on the premise that additional hardware is not needed and the power consumption is not needed to be improved.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention, as well as the preferred embodiments thereof, together with the following detailed description of the invention, given by way of illustration only, together with the accompanying drawings.
Drawings
Fig. 1 is a schematic diagram of a data security method according to the present invention.
Fig. 2 is a schematic diagram of the application of the data security method in the present invention to a beacon sensor.
Fig. 3 is a schematic diagram of the data security method applied to a user receiving end in the present invention.
Fig. 4 is a schematic diagram of the data security method applied to the cloud.
Detailed Description
In order to further describe the technical means and effects adopted by the present invention to achieve the preset purpose, the following detailed description of the present invention is given with reference to the accompanying drawings and preferred embodiments.
The data confidentiality method of the invention is used for guaranteeing the security of data when data transmission is carried out in a communication system, and the communication system based on the method at least comprises the following communication elements:
the Beacon sensor can be a Bluetooth Beacon (Beacon) device and is used for receiving the original data from the signal source and performing wireless broadcasting;
the user receiving end can be a mobile terminal which is held by a user and contains an application program and is used for receiving the wireless broadcast from the beacon sensor.
The cloud may be a cloud database, and is configured to store relevant information of the beacon sensor.
Referring to fig. 1, the data security method of the present invention includes the following steps:
step S1: the beacon sensor executes a first encryption process when reading the original data to obtain a first encryption value;
specifically, before the beacon sensor leaves the factory, the beacon sensor needs to be set, a first difference value which is necessarily generated during reading is set, no matter what data it receives, the first difference value can be automatically added during reading, and the beacon sensor deviates from the original data during reading. The first encryption process appends a first difference to the raw data at the time of reading for the beacon sensor. For the user receiving end, when the decryption method is not acquired, the first difference value is always a secret random number. In addition, the first difference value needs to be calibrated for a plurality of times before delivery, so that the accuracy of the first difference value is ensured. In this embodiment, the original data is 35, the first difference is 1, and the first encryption value is 36, that is, the beacon sensor reads any data, 1 is added to the data, and in other embodiments, the first difference may be other fixed values adapted to the data type of the original data.
Step S2: the beacon sensor executes a second encryption process on the first encryption value to obtain a second encryption value;
specifically, before each beacon sensor leaves the factory, a unique second encryption process and a second decryption process corresponding to the unique second encryption process are set, and then the unique second encryption process and the unique second decryption process of each beacon sensor are respectively stored in the cloud and/or the product package according to the serial number of the beacon sensor. The second encryption process may perform binary shifting and/or multiplication on the first encryption value for the beacon sensor. For the hardware of the beacon sensor, binary shifting is a relatively simple operation without additional power consumption. In the present embodiment, the second encryption flow is left-circularly shifted three times, and since the first encryption value obtained previously is 36, the binary is 00100100, and the left-circularly shifted three times is 00100001, the decimal is 33, that is, the second encryption value is 33. In other embodiments, the second encryption process may be multiplication, subtraction, and transposition, and various combinations of the above simple encryption method and binary shift, as long as the simple hardware of the beacon sensor can support.
Step S3: the beacon sensor broadcasts a second encryption value, and the user receiving end receives the second encryption value broadcast by the beacon sensor;
specifically, after the beacon sensor executes the first encryption process and the second encryption process on the original data, the transmitted second encryption value is a obviously erroneous and nonsensical value relative to the original data, and if the second encryption value is acquired and intercepted by a terminal without the first decryption process and the second decryption process, the original data cannot be read, that is, the second encryption value has confidentiality.
Step S4: the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value through out-of-band transmission;
specifically, the first encryption process, the first decryption process, the second encryption process and the second decryption process are all determined when the product leaves the factory, the second encryption value transmitted by the beacon sensor does not contain the above content, and if the user needs to acquire the first decryption process and the second decryption process, the user needs to transmit the second encryption value out of band. In this embodiment, the user may directly obtain, by means of a code scanning method or the like, a first decryption process for decrypting the first encrypted value and a second decryption process for decrypting the second encrypted value from the cloud end, and in other embodiments, the user may also obtain, by means of a paper piece or a code scanning method attached to the product package, a product serial number unique to the beacon sensor, and then input the product serial number to the cloud end, to obtain the first decryption process and the second decryption process.
Step S5: and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
Specifically, in this embodiment, since the first encryption flow is 1 and the first decryption flow is 1, and since the second encryption flow is three times of left cyclic shift, the second decryption flow is three times of right cyclic shift, and the second encryption value is first executed three times of right cyclic shift and then 1 is subtracted, so as to obtain the original data 36.
Referring to fig. 2, the data security method of the present invention, when applied to a beacon sensor, includes the following steps:
the beacon sensor executes a first encryption process when reading the original data to obtain a first encryption value;
the beacon sensor executes a second encryption process on the first encryption value to obtain a second encryption value;
the beacon sensor sends a second encryption value to the user receiving end, so that the user receiving end executes a first decryption process and a second decryption process acquired from the cloud to the second encryption value, and original data are obtained.
Referring to fig. 3, the data security method of the present invention includes the following steps when applied to a user receiving end:
the user receiving end receives a second encryption value obtained by the beacon sensor executing a second encryption process on the basis of a first encryption value obtained by executing a first encryption process on the original data;
the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value from the cloud end through out-of-band transmission;
and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
Referring to fig. 4, the data security method of the present invention includes the following steps when applied to a cloud:
the cloud end sends a first decryption flow for decrypting the first encryption value and a second decryption flow for decrypting the second encryption value to the user receiving end, and the user receiving end executes the first encryption value obtained by the first encryption flow on the original data received from the beacon sensor and executes the second encryption value obtained by the second encryption flow on the basis of the first encryption value to obtain the original data.
In summary, the data encryption method encrypts the original data in a simple hardware and low-energy-consumption encryption mode, and obtains the decryption flow from the cloud through out-of-band transmission, so that other terminals cannot read the original data even if intercepting the broadcasted data, thereby realizing effective encryption of the data of the one-way communication of the beacon sensor, and improving the communication safety of the beacon sensor on the premise that no additional hardware is needed and no power consumption is needed.
The present invention is not limited to the above-mentioned embodiments, but is intended to be limited to the following embodiments, and any modifications, equivalent changes and variations in the above-mentioned embodiments can be made by those skilled in the art without departing from the scope of the present invention.
Claims (6)
1. A method of data security, characterized by: it comprises the following steps:
the method comprises the steps that a first difference value which is necessarily generated when a beacon sensor is set and calibrated before leaving a factory is set, the beacon sensor executes a first encryption process when reading original data to obtain a first encryption value, and the first encryption process is as follows: the beacon sensor appends a first difference value to the original data when reading;
setting a unique second encryption process and a unique second decryption process before each beacon sensor leaves the factory, respectively storing the unique second encryption process and the unique second decryption process of each beacon sensor in a cloud and/or product package according to serial numbers of the beacon sensors and acquiring the unique second encryption process by a user receiving end in an out-of-band transmission mode, and executing the second encryption process on the first encryption value by the beacon sensors to obtain a second encryption value, wherein the second encryption process is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value;
the beacon sensor broadcasts a second encryption value, and the user receiving end receives the second encryption value broadcast by the beacon sensor;
the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value through out-of-band transmission;
and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
2. A method of data security, characterized by: applied to a beacon sensor, comprising:
the method comprises the steps that a first difference value which is necessarily generated when a beacon sensor is set and calibrated before leaving a factory is set, the beacon sensor executes a first encryption process when reading original data to obtain a first encryption value, and the first encryption process is as follows: the beacon sensor appends a first difference value to the original data when reading;
setting a unique second encryption process and a unique second decryption process before each beacon sensor leaves the factory, respectively storing the unique second encryption process and the unique second decryption process of each beacon sensor in a cloud and/or product package according to serial numbers of the beacon sensors and acquiring the unique second encryption process by a user receiving end in an out-of-band transmission mode, and executing the second encryption process on the first encryption value by the beacon sensors to obtain a second encryption value, wherein the second encryption process is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value;
the beacon sensor sends a second encryption value to the user receiving end so that the user receiving end executes a first decryption process and a second decryption process acquired through out-of-band transmission on the second encryption value, and therefore original data are obtained.
3. A method of data security, characterized by: the method is applied to a user receiving end, and comprises the following steps:
the user receiving end receives a second encryption value obtained by executing a second encryption process on the basis of a first encryption value obtained by executing a first encryption process on the original data by the beacon sensor, wherein the first encryption process is as follows: the beacon sensor adds a first difference value to the original data when reading, the first difference value is necessarily generated when the beacon sensor is set and calibrated before leaving a factory, and the second encryption flow is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encryption value, and the second encryption process is set before each beacon sensor leaves the factory;
the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value through out-of-band transmission;
and the user receiving end executes a first decryption flow and a second decryption flow on the second encrypted value to obtain the original data.
4. A data security method according to claim 3, wherein: the user receiving end obtains a first decryption flow for decrypting the first encrypted value and a second decryption flow for decrypting the second encrypted value from the cloud end through out-of-band transmission.
5. A data security method according to claim 3, wherein: the user receiving end can acquire the unique product serial number of the beacon sensor through out-of-band transmission, and acquire the first decryption process and the second decryption process by inputting the product serial number to the cloud.
6. A method of data security, characterized by: applied to the cloud, it includes:
the cloud end sends a first decryption flow for decrypting the first encryption value and a second decryption flow for decrypting the second encryption value to a user receiving end, the user receiving end executes the first encryption value obtained by the first encryption flow on the original data received from the beacon sensor, and executes the second encryption value obtained by the second encryption flow on the basis of the first encryption value to obtain the original data, and the first encryption flow is as follows: the beacon sensor adds a first difference value to the original data when reading, the first difference value is necessarily generated when the beacon sensor is set and calibrated before leaving a factory, and the second encryption flow is as follows: the beacon sensor performs one or more of binary shift, multiplication, subtraction and transposition on the first encrypted value, and the second encryption flow is set before each beacon sensor leaves the factory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111326106.7A CN114051240B (en) | 2021-11-10 | 2021-11-10 | Data confidentiality method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111326106.7A CN114051240B (en) | 2021-11-10 | 2021-11-10 | Data confidentiality method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114051240A CN114051240A (en) | 2022-02-15 |
| CN114051240B true CN114051240B (en) | 2023-09-26 |
Family
ID=80208306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111326106.7A Active CN114051240B (en) | 2021-11-10 | 2021-11-10 | Data confidentiality method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114051240B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111932852A (en) * | 2020-07-17 | 2020-11-13 | 深圳市燃气集团股份有限公司 | Gas meter reading system based on state cryptographic algorithm and gas data transmission method thereof |
| WO2021156772A1 (en) * | 2020-02-06 | 2021-08-12 | Wiliot, LTD. | System and method for providing secure and reliable communication over a low-energy wireless communication protocol |
| CN113301543A (en) * | 2020-02-21 | 2021-08-24 | 华为技术有限公司 | Method for discovering and distributing network, electronic device and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9603013B2 (en) * | 2014-08-15 | 2017-03-21 | Facebook, Inc. | Bluetooth beacon protocol |
| US20170164142A1 (en) * | 2015-09-10 | 2017-06-08 | "Billennium" Spolka Z Ograniczona Odpowiedzialnoscia | A trusted geolocation beacon and a method for operating a trusted geolocation beacon |
| TWI728333B (en) * | 2019-03-29 | 2021-05-21 | 華廣生技股份有限公司 | Data transmission method and system between sensor and electronic device |
| US20210194685A1 (en) * | 2019-12-19 | 2021-06-24 | Enlighted, Inc. | System and method for secure communications among multiple devices |
-
2021
- 2021-11-10 CN CN202111326106.7A patent/CN114051240B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021156772A1 (en) * | 2020-02-06 | 2021-08-12 | Wiliot, LTD. | System and method for providing secure and reliable communication over a low-energy wireless communication protocol |
| CN113301543A (en) * | 2020-02-21 | 2021-08-24 | 华为技术有限公司 | Method for discovering and distributing network, electronic device and system |
| CN111932852A (en) * | 2020-07-17 | 2020-11-13 | 深圳市燃气集团股份有限公司 | Gas meter reading system based on state cryptographic algorithm and gas data transmission method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114051240A (en) | 2022-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10587414B2 (en) | Multi-broadcast beacon signals | |
| CN107612909B (en) | Information interaction method, device and equipment about Internet of things equipment | |
| CN101662765B (en) | Encryption system and method of short message of mobile telephone | |
| US20160066212A1 (en) | System and method for broadcasting encoded beacon signals | |
| JP4735809B2 (en) | User-specific information distribution method, apparatus and system | |
| CN104980918A (en) | Beacon data transmission method, beacon data transmission device, method of providing service based on beacon and device of providing service based on beacon | |
| CN103731258A (en) | Method and device for generating secret key | |
| US10411786B2 (en) | Method for acquiring access rights to conditional access content | |
| CN110049489B (en) | Method and device for transmitting beacon data | |
| CN112910869A (en) | Method, device and storage medium for encrypting and decrypting data information | |
| CN104168109A (en) | Method and device for achieving remote controller protocol encrypted based on AES | |
| CN111796145A (en) | Method and system for communication and control of external circuit breaker of electric energy meter | |
| CN102648625B (en) | Method, device and system for implementing the grouping of broadcast services | |
| CN102231883A (en) | Teledata transmission content encrypting system and method based on RFID (radio frequency identification)-SIM (subscriber identity module) card | |
| CN114051240B (en) | Data confidentiality method | |
| KR20180113688A (en) | Encryption method and system using authorization key of device | |
| CN107171804A (en) | A kind of data transmission method | |
| CN104243153A (en) | Method for spotting equipment user, and user equipment | |
| US7873836B2 (en) | Information processing apparatus and method, recording medium, program, and wireless communication system | |
| CN101917700A (en) | Method for using service application and user identification module | |
| CN110278077B (en) | Method, device, equipment and storage medium for acquiring data information of electric energy meter | |
| CN116420338A (en) | Internet of things equipment access authentication method, device, equipment and storage medium | |
| CN104219300A (en) | Coordinate transformation parameter sharing method and system | |
| CN101827094B (en) | Method for sending down digital certificate, device and system | |
| CN102411746B (en) | Payment affirmation method, device and service platform equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |