CN114142998B - Data encryption processing method and device, electronic equipment and storage medium - Google Patents

Data encryption processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114142998B
CN114142998B CN202111420512.XA CN202111420512A CN114142998B CN 114142998 B CN114142998 B CN 114142998B CN 202111420512 A CN202111420512 A CN 202111420512A CN 114142998 B CN114142998 B CN 114142998B
Authority
CN
China
Prior art keywords
data
encryption
encrypted
decryption
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111420512.XA
Other languages
Chinese (zh)
Other versions
CN114142998A (en
Inventor
和光雄
于阳
许亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Neuron Network Technology Co ltd
Original Assignee
Beijing Neuron Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Neuron Network Technology Co ltd filed Critical Beijing Neuron Network Technology Co ltd
Priority to CN202111420512.XA priority Critical patent/CN114142998B/en
Publication of CN114142998A publication Critical patent/CN114142998A/en
Application granted granted Critical
Publication of CN114142998B publication Critical patent/CN114142998B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40221Profibus

Abstract

The embodiment of the invention discloses a data encryption processing method, a data encryption processing device, electronic equipment and a storage medium. The data encryption processing method comprises the following steps: acquiring data to be encrypted and a receiver data encryption identifier of a data receiver; generating encrypted data to be transmitted according to the data to be encrypted and the data encryption identification of the receiver of the data; the encrypted data to be sent is sent to a data receiver through an AutBus bus. The technical scheme of the embodiment of the invention can perfect the encryption mechanism of the AutBus bus and ensure the safety and timeliness of data transmission of the AutBus bus.

Description

Data encryption processing method and device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a data encryption processing method, a device, electronic equipment and a storage medium.
Background
With the development of communication technology, a large amount of communication data is transmitted in a communication network every day, and in order to ensure confidentiality of the communication data, encryption processing of the communication data becomes an important means for ensuring confidentiality of the communication data.
To meet the data transfer rate requirements of industrial communications, an AutBus bus (high speed industrial field bus) has evolved. The AutBus bus has the advantages of multiple nodes, high bandwidth, high real-time performance, long-distance transmission and the like, so that the AutBus bus occupies a significant position in industrial communication.
However, the AutBus bus is a relatively new bus, and the encryption mechanism is not perfect.
Disclosure of Invention
The embodiment of the invention provides a data encryption processing method, a device, electronic equipment and a storage medium, which can perfect an encryption mechanism of an AutBus bus and ensure the safety and timeliness of data transmission of the AutBus bus.
In a first aspect, an embodiment of the present invention provides a data encryption processing method, including:
acquiring data to be encrypted and a receiver data encryption identifier of a data receiver;
generating encrypted data to be transmitted according to the data to be encrypted and the data encryption identification of the receiver of the data;
the encrypted data to be sent is sent to a data receiver through an AutBus bus.
In a second aspect, an embodiment of the present invention further provides a data encryption processing apparatus, including:
the receiving party data encryption identification acquisition module is used for acquiring the data to be encrypted and the receiving party data encryption identification of the data receiving party;
The encryption data to be transmitted generation module is used for generating encryption data to be transmitted according to the encryption data to be encrypted and the receiver data encryption identification of the data receiver;
and the to-be-transmitted encrypted data transmitting module is used for transmitting the to-be-transmitted encrypted data to a data receiving party through the AutBus bus.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the data encryption processing method provided by any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the data encryption processing method provided by any embodiment of the present invention.
According to the embodiment of the invention, the data to be encrypted and the receiver data encryption identification of the data receiver are obtained, so that the encrypted data to be sent is generated according to the data to be encrypted and the receiver data encryption identification of the data receiver, and the encrypted data to be sent is further sent to the data receiver through the AutBus bus. Because the encrypted data to be sent to the data receiver is generated by the encrypted data to be sent and the encrypted identification of the data receiver, the encrypted data to be sent is more complex than the encrypted data to be sent, and the situation that the encrypted data to be sent is utilized after being leaked and stolen can be effectively avoided, so that the confidentiality of the encrypted data to be sent is ensured. The AutBus bus has the advantages of high real-time and high bandwidth, the timeliness of the encrypted data to be sent can be ensured by sending the encrypted data to be sent to a data receiver through the AutBus bus, the defect that the AutBus bus is used as a relatively new bus and the encryption mechanism is imperfect in the prior art is overcome, the encryption mechanism of the AutBus bus can be perfected, and the safety and timeliness of the data transmission of the AutBus bus are ensured.
Drawings
Fig. 1 is a flowchart of a data encryption processing method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a data encryption processing method according to a second embodiment of the present invention;
FIG. 3 is a diagram of a communication group according to a second embodiment of the present invention;
fig. 4 is a schematic diagram of a data encryption process according to a second embodiment of the present invention;
fig. 5 is a simple network structure diagram of an AutBus bus with two nodes according to a second embodiment of the present invention;
fig. 6 is a schematic diagram of a data encryption processing apparatus according to a third embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof.
It should be further noted that, for convenience of description, only some, but not all of the matters related to the present invention are shown in the accompanying drawings. Before discussing exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently, or at the same time. Furthermore, the order of the operations may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example 1
A minimum of 27 bytes of data can be carried by a single symbol in the AutBus protocol, and the transmission rate can reach 100Mbps. When the data processing speed is greater than 100Mbps, the data transmission under the condition of the maximum bandwidth of the AutBus bus can be satisfied. The AutBus bus network, which consists of an AutBus bus and nodes, has one control node and several end nodes. The control node may be a terminal for taking charge of configuration, management of the entire network and bandwidth allocation to the terminal nodes. The end nodes may be terminals that use allocated bandwidth resources for information exchange to accomplish specific control tasks. The smallest time slice unit in an AutBus bus network is a time slot, 64 time slots constitute a frame, and 256 frames constitute a superframe.
Fig. 1 is a flowchart of a data encryption processing method provided in an embodiment of the present invention, where the embodiment is applicable to a case where an AutBus securely transmits encrypted data, and the method may be performed by a data encryption processing apparatus, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device, where the electronic device is a control node device or a terminal node device in the AutBus, and a device type of the electronic device may be a terminal device, or may be a server device, and the embodiment of the present invention does not limit a type of the electronic device that performs the data encryption processing method. In the embodiment of the invention, the electronic equipment can be used as a data sending party to send the encrypted data to a data receiving party. Accordingly, as shown in fig. 1, the method includes the following operations:
S110, acquiring data to be encrypted and a receiver data encryption identifier of a data receiver.
The data to be encrypted may be data requiring encryption processing. The data receiver may be a control node device or a terminal node for receiving and parsing the data to be encrypted. The recipient data encryption identification may be an identification of the encryption key of the data recipient for identifying the data recipient encryption key.
In the embodiment of the invention, when the electronic device executing the data encryption processing method is a data sender, the data sender can firstly acquire the data to be encrypted, and then determine a data receiver which needs to receive the encryption processing result of the data to be encrypted, so as to further acquire the data encryption identification of the receiver of the data receiver.
S120, generating the encrypted data to be transmitted according to the data to be encrypted and the data encryption identification of the data receiver.
The encrypted data to be sent may be an encryption processing result of the data to be encrypted, and is used for being transmitted to a data receiving party.
In the embodiment of the invention, the data sender can encrypt the data to be encrypted according to the data encryption identifier and the encryption algorithm of the data receiver to generate the encrypted data to be sent.
And S130, sending the encrypted data to be sent to a data receiver through an AutBus bus.
Accordingly, after obtaining the encrypted data to be sent, the data sender can transmit the encrypted data to be sent to the data receiver through the AutBus bus, so that the encrypted data to be sent is ensured to be transmitted to the data receiver through the AutBus bus safely and efficiently, and the data is prevented from being eavesdropped or leaked.
According to the embodiment of the invention, the data to be encrypted and the receiver data encryption identification of the data receiver are obtained, so that the encrypted data to be sent is generated according to the data to be encrypted and the receiver data encryption identification of the data receiver, and the encrypted data to be sent is further sent to the data receiver through the AutBus bus. Because the encrypted data to be sent to the data receiver is generated by the encrypted data to be sent and the encrypted identification of the data receiver, the encrypted data to be sent is more complex than the encrypted data to be sent, and the situation that the encrypted data to be sent is utilized after being leaked and stolen can be effectively avoided, so that the confidentiality of the encrypted data to be sent is ensured. The AutBus bus has the advantages of high real-time and high bandwidth, the timeliness of the encrypted data to be sent can be ensured by sending the encrypted data to be sent to a data receiver through the AutBus bus, the defect that the AutBus bus is used as a relatively new bus and the encryption mechanism is imperfect in the prior art is overcome, the encryption mechanism of the AutBus bus can be perfected, and the safety and timeliness of the data transmission of the AutBus bus are ensured.
Example two
Fig. 2 is a flowchart of a data encryption processing method according to a second embodiment of the present invention, which is based on the above embodiment, and in this embodiment, specific alternative implementations of generating encrypted data to be sent according to data to be encrypted and a receiver data encryption identifier of a data receiver, further sending the encrypted data to be sent to the data receiver through an AutBus, and decrypting the data to be decrypted are provided. Accordingly, as shown in fig. 2, the method includes the following operations:
s210, acquiring data to be encrypted and a receiver data encryption identifier of a data receiver.
In an optional embodiment of the present invention, before acquiring the data to be encrypted and the recipient data encryption identifier of the data recipient, the method may further include: acquiring encryption keys and decryption keys of other nodes communicating with the node; determining an encryption identifier of the encryption key and a decryption identifier of the decryption key; and storing the data encryption identification and the decryption identification by taking the node identification as an index.
The node may be an electronic device for executing the data encryption processing method, and a data sender storing data to be encrypted. The other node may be a data receiver having a communication requirement with an electronic device for performing the data encryption processing method. The encryption identification may be an identification of an encryption key for identifying a different encryption key. The decryption identifier may be an identifier of a decryption key for identifying a different decryption key.
In the embodiment of the present invention, optionally, the encryption identifier may include a node data encryption identifier and a group data encryption identifier, and the decryption identifier may include a node data decryption identifier and a group data decryption identifier of the decryption key. The node data encryption identifier may be an identifier of an encryption key of a node, which is used to characterize an encryption identifier of a node, and is suitable for encrypting the point-to-point communication data. The group data encryption identifier may be an encryption identifier, which is an identifier of an encryption key used to characterize at least two nodes, and is suitable for encrypting multicast or broadcast communication data. The node data decryption identifier may be an identifier of a decryption key of the node, which is used to characterize a decryption identifier of a node, and is suitable for decrypting the point-to-point communication data. The group data decryption identifier may be a decryption identifier for characterizing a decryption key of at least two nodes, adapted to decrypt multicast or broadcast communication data. The node identification may be a token identifying the node for distinguishing between different nodes. The group data decryption identifier is used for transmitting the same encrypted data to be transmitted to a plurality of nodes of a communication group, that is, during multicast, the receiving party searches a private key for decrypting the encrypted data according to the group data decryption identifier.
In the embodiment of the invention, when the electronic device executing the data encryption processing method is a data sender, the data sender needs to determine other nodes capable of communicating with the node before acquiring the data to be encrypted and the data encryption identification of the receiver of the data, so as to acquire the encryption key and the decryption key of the other nodes communicating with the node, thereby realizing the encryption and the decryption of the point-to-point or point-to-multipoint communication data. Alternatively, the other nodes may be all nodes except the present node. When the node has a single node with a communication requirement, the node data encryption identifier of the single node encryption key and the node data decryption identifier of the decryption key can be further generated, which is equivalent to determining the encryption identifier of the node encryption key and the decryption identifier of the decryption key. When the node has a communication requirement of at least two nodes, the encryption key and the decryption key of the at least two nodes can be determined first, so that the group data encryption identifier corresponding to the encryption key of the at least two nodes and the group data decryption identifier corresponding to the decryption key of the at least two nodes are generated, which is equivalent to determining the encryption identifier of the encryption key of the at least two nodes and the decryption identifier of the decryption key. After obtaining the encrypted identifier and the decrypted identifier, the decrypted identifier and the decrypted identifier may be further stored with the node identifier as an index.
Illustratively, assuming that the data sender is node 7, the other nodes in communication with node 7 are node 2, node 3, node 4, and node 5, after obtaining the nodes in communication with node 7, the encryption keys and decryption keys of node 2, node 3, node 4, and node 5 may be further determined. When the node 7 and the node 2 have separate communication requirements, a node data encryption identification Ckey1 corresponding to the encryption key of the node 2 and a node data decryption identification Dkey1 corresponding to the decryption key of the node 2 may be generated. When the node 7 and the node 3 have separate communication requirements, a node data encryption identification Ckey2 corresponding to the encryption key of the node 3 and a node data decryption identification Dkey2 corresponding to the decryption key of the node 3 may be generated. When the node 7 needs to communicate with the node 4 and the node 5 at the same time, a group data encryption identification Ckey3 corresponding to the encryption keys of the node 4 and the node 5 and a group data decryption identification Dkey3 corresponding to the decryption keys of the node 4 and the node 5 may be generated. When the node 7 needs to broadcast data to the nodes 2, 3, 4 and 5, the group data encryption identification Ckey4 corresponding to the encryption keys of the nodes 2, 3, 4 and 5 and the group data decryption identification Dkey4 corresponding to the decryption keys of the nodes 2, 3, 4 and 5 may be generated. The encryption key and the encryption identifier have a corresponding relation, a unique encryption key can be determined according to the node data encryption identifier, and a unique group encryption key can be determined according to the group data encryption identifier. Similarly, a unique decryption key may be determined based on the node data decryption identifier, and a unique group decryption key may be determined based on the group data decryption identifier.
Taking the Node7 as the Node, and taking other nodes in communication with the Node as the Node2, the Node 3, the Node 4 and the Node 5 as examples for continuing the explanation, when the Node identifier of the Node7 is set as the Node7, an index data table shown in the following table can be obtained:
table 1 index data table
Specifically, when the data sender needs to determine the encryption identifier of the Node2, the encryption identifier Ckey1 of the Node2 may be obtained from table 1 with the Node identifier Node2 of the Node2 as an index. Since the encryption identifier has a correspondence relationship with the encryption key, the encryption identifier Ckey4 can be the encryption keys of the node2, the node 3, the node 4, and the node 5 according to the group data. Optionally, when at least two nodes communicate with the Node n, the range of the value of the identifier of the communication group may be Node2 to Node254, node0 is set as the Node identifier of the control Node, node1 is set as the Node identifier of the backup Node of the control Node, and Node255 is set as the identifier of the communication group during broadcasting.
Fig. 3 is a relationship diagram of a communication group provided in the second embodiment of the present invention, in a specific example, as shown in fig. 3, where Node 4 and Node 5 need to communicate with Node7 simultaneously, node 4 and Node 5 may form a communication group, and an identifier (e.g. Node 251) is determined for the communication group. Node2, node 3, node 4 and Node 5 need to receive the broadcast data of Node7, so that Node2, node 3, node 4 and Node 5 can form a communication group and determine an identity (e.g., node 252) for the communication group.
S220, acquiring an encryption key of the data receiver according to the receiver data encryption identification of the data receiver.
Accordingly, the data sender may first determine an encryption key corresponding to the recipient data encryption identifier of the data recipient, and then use the encryption key corresponding to the recipient data encryption identifier of the data recipient as the encryption key of the data recipient.
In an alternative embodiment of the present invention, the obtaining the encryption key of the data receiver according to the receiver data encryption identifier of the data receiver may include: determining a data receiver identifier of the data receiver according to the project configuration data; and acquiring the encryption key of the data receiver according to the data receiver identifier.
The project configuration data may be configuration data of an electronic device for performing the data encryption processing method, and may be used to determine relevant data of a data receiver when transmitting an encryption processing result of data to be encrypted, and relevant data of a data sender when receiving the data. Alternatively, the electronic device for performing the data encryption processing method may be integrated on a chip. The data receiver identification may be an identity identifying the data receiver for distinguishing between different data receivers.
In the embodiment of the invention, the data sender can acquire the project configuration data conforming to the inter-node encryption communication mechanism through online receiving or offline receiving and other modes, for example, a technician burns the project configuration data to the data sender. After obtaining the project configuration data, the data sender can analyze the project configuration data to obtain relevant data of a data receiver of an encryption processing result of the data to be encrypted, so that a data receiver identification of the data receiver is determined according to the relevant data of the data receiver, and then an encryption key of the data receiver is extracted from the relevant data of the data receiver according to the data receiver identification.
S230, encrypting the data to be encrypted according to the encryption key and the encryption algorithm of the data receiver, and generating target encrypted data.
The encryption algorithm can be any encryption algorithm, such as a hash algorithm, a symmetric encryption algorithm, a partial symmetric encryption algorithm and the like. The target encrypted data may be the result of encryption processing of the data to be encrypted. Illustratively, when the inter-node encrypted communication employs a symmetric encryption algorithm, the encryption key used for encryption and the decryption key used for decryption are the same.
In the embodiment of the invention, the data sender can firstly select an encryption algorithm, further determine the related parameters of the encryption algorithm, and further encrypt the data to be encrypted according to the encryption key of the data receiver and the related parameters of the encryption algorithm, thereby generating the target encrypted data.
Fig. 4 is a schematic diagram of a data encryption process provided in the second embodiment of the present invention, as shown in fig. 4, where node 7, node 2 and node 3 are connected through an AutBus, and before node 7 sends encrypted data to be sent to node 2 and node 3, node 7 may encrypt the data to be encrypted according to the encryption key of node 2 and the related parameters of the encryption algorithm, so as to generate the encrypted data to be sent to node 2, so as to send the encrypted data to be sent generated according to the encryption key of node 2 to node 2 through the AutBus. It will be appreciated that the node 7 may encrypt the data to be encrypted according to the encryption key of the node 3 and the related parameters of the encryption algorithm, and generate encrypted data to be transmitted to the node 3, so as to transmit the encrypted data to be transmitted generated according to the encryption key of the node 3 to the node 3 through the AutBus. The node 7 generates encrypted data to be transmitted for the sender, and communication is realized between the sender node 7 and the receiver node 2 or the node 3 through an AutBus bus network.
In an alternative embodiment of the present invention, the encrypting the data to be encrypted according to the encryption key and the encryption algorithm of the data receiving party, to generate the target encrypted data may include: performing filling processing on the data to be encrypted according to the preset byte length to generate target data to be encrypted; and encrypting the target data to be encrypted according to the encryption key and the encryption algorithm of the data receiver to generate target encrypted data.
The preset byte length may be a preset number of bytes. Alternatively, the preset Byte length may be 16 bytes. The embodiment of the invention does not limit the specific byte number of the preset byte length. The target data to be encrypted may be a result of the patch processing of the data to be encrypted.
In the embodiment of the invention, the data sender can preset the preset byte length before encrypting the data to be encrypted, and then carry out complement processing on the data to be encrypted according to the preset byte length, so as to generate target data to be encrypted, and then carry out encryption processing on the target data to be encrypted according to the encryption key of the data receiver and the related parameters of the encryption algorithm, so as to generate target encrypted data. According to the scheme, the data to be encrypted are complemented according to the preset byte length, so that the target data to be encrypted can be ensured to have uniform byte length, and the complexity of encryption processing of different target data to be encrypted is reduced.
S240, adding target header data to the target encrypted data to generate encrypted data to be transmitted.
The target header data may be data that needs to be added before the target encrypted data, and is used for characterizing the data characteristics of the decryption result of the encrypted data to be sent. The target header data may include a data type, a source node identification, a target node identification, a trailing invalid byte number, a valid data offset byte number, and a data byte number to be encrypted. The data type may be used to describe the data attributes. For example, the data type may be used to characterize the encryption properties of the encrypted data to be transmitted. The source node identification may be a node identification of a data sender that is to send the encrypted data. The target node identification may be a node identification of the data receiver. Alternatively, the destination node identification may be a data receiver identification. The tail invalid number of bytes may be the number of tail invalid data bytes after decryption of the encrypted data to be sent. The valid data offset number of bytes may be the offset number of bytes of valid data after decryption of encrypted data to be transmitted. The number of bytes of data to be encrypted may be the number of bytes of data to be encrypted.
For example, the data structure of the target header data may be found in the following table:
Table 2 data structure table of target header data
Accordingly, after obtaining the target encrypted data, the data sender may determine the constituent fields of the target header data and the meaning of the fields, and further add the target header data having the meaning of the fields to the target header data, thereby generating the encrypted data to be sent. In the scheme, the target head data is added for the target encrypted data, so that the encrypted data to be sent has a specified data type and a unified data structure, a data receiver can judge whether the received data is the data needing to be decrypted according to the data type and/or the data structure, and the identification time of the data needing to be decrypted is reduced.
S250, the encrypted data to be sent is sent to a data receiver through an AutBus bus.
In an alternative embodiment of the present invention, after sending the encrypted data to be sent to the data receiver through the AutBus, the method may further include: receiving data to be decrypted through an AutBus bus; removing target head data of the data to be decrypted to obtain the data to be processed; determining a decryption identifier of the decrypted data to be processed; and generating target decryption data according to the decryption identification of the decryption data to be processed.
The data to be decrypted may be data which is received by the data receiving party and needs to be decrypted. The decryption data to be processed may be the decryption data from which the target header data is removed. The target decryption data may be valid data after decryption processing of the data to be decrypted.
In the embodiment of the invention, the electronic device executing the data encryption processing method can also be used as a data receiving party to receive the encrypted data and perform decryption processing on the encrypted data. Specifically, the data receiver can receive the data to be decrypted through the AutBus bus with high efficiency, after the data to be decrypted is obtained, the target header data positioned at the header of the data to be decrypted can be removed first, so as to obtain the data to be decrypted, the removed target header data can be analyzed to obtain the decryption identifier of the decryption key of the sender of the data to be decrypted, and further the data to be decrypted is decrypted according to the decryption identifier of the decryption key of the sender of the data to be decrypted, so that the target decrypted data is generated. In the scheme, when the two nodes are in data interaction, the encryption and decryption processes are carried out on the data through the encryption identification and the decryption identification, so that the encrypted communication of the two nodes can be ensured. When data interaction is carried out among at least three nodes, encryption communication among nodes in a group can be ensured when the data is encrypted and decrypted through the group data encryption identifier and the group data decryption identifier.
In an alternative embodiment of the present invention, generating the target decryption data according to the decryption identifier of the decryption data to be processed may include: under the condition that the target node identification of the data to be decrypted is the same as the node identification of the node, decrypting the data to be processed according to a decryption algorithm and the node data decryption identification to obtain target decrypted data; and under the condition that the target node identification of the data to be decrypted is different from the node identification of the node, decrypting the data to be processed according to a decryption algorithm and the group data decryption identification to obtain the target decrypted data.
In the embodiment of the invention, the data receiver can firstly judge whether the target node identifier of the target header data in the data to be decrypted is the same as the node identifier of the data to be decrypted. If the target node identification of the target header data in the data to be decrypted is the same as the node identification of the data to be decrypted, the node data decryption identification of the data node to be decrypted and the relevant parameters of the decryption algorithm are further determined, and then the data to be processed and decrypted are decrypted according to the relevant parameters of the decryption algorithm and the node data decryption identification, so that the target decrypted data is obtained. If the target node identification of the target header data in the data to be decrypted is different from the node identification of the data to be decrypted, further determining the group data decryption identification of the data node to be decrypted and the related parameters of the decryption algorithm, and further performing decryption processing on the data to be decrypted according to the related parameters of the decryption algorithm and the group data decryption identification to obtain the target decrypted data.
In an alternative embodiment of the present invention, performing decryption processing on the decrypted data to be processed to obtain target decrypted data may include: decrypting the decrypted data to be processed through a decryption algorithm to obtain target decrypted data to be processed; and deleting the complement data in the target to-be-processed decryption data according to the tail invalid byte number and the valid data offset byte number to obtain target decryption data.
The target decryption data to be processed may be a decryption result of the decryption data to be processed.
In the embodiment of the invention, the data receiver can perform decryption processing on the decryption data to be processed according to the decryption identifier of the decryption data to be processed and the related parameters of the decryption algorithm to obtain target decryption data to be processed, and then reject the invalid data in the target decryption data to be processed according to the removed tail invalid byte number and valid data offset byte number of the target header data, namely reject the data to be subjected to complement processing according to the preset byte length in the data to be decrypted sent by the data sender to obtain target decryption data.
Fig. 5 is a schematic diagram of an AutBus bus with two nodes according to a second embodiment of the present invention, where peripheral interfaces, a CPU (Central Processing Unit, a central processing unit), a security subsystem, and an HCB (an interface) of each node shown in fig. 5 may be integrated on a chip, and HCBs of different nodes are connected through the AutBus. The system operating frequency of the security subsystem needs to be initialized before the nodes communicate. The security subsystem reads the encryption key and decryption key of other nodes that need to communicate with the node from the OTP (One Time Programmable, one-time programmable) register through the driver function, further stores the encryption key and decryption key into RAM (Random Access Memory ), and generates the encryption identification of the encryption key and the decryption identification of the decryption key at the same time. Wherein, the encrypted identifier may be represented by encrypted ASSETID, and the decrypted identifier may be represented by decrypted ASSETID. After the security subsystem obtains the encrypted ASSETID and the decrypted ASSETID, the encrypted ASSETID and the decrypted ASSETID may be further sent to the CPU, which may store the encrypted ASSETID and the decrypted ASSETID with the node identification as an index. When the node is node 1 and the node needs to send data to node 2, the CPU of node 1 may obtain the data to be encrypted from the peripheral interface, further patch the data to be encrypted according to the length of 16Byte, further obtain the encrypted ASSETID of node 2 from the RAM by using the node identifier of node 2 as an index from the project configuration data including the data related to node 2, and send the patch data to be encrypted, the encrypted ASSETID, and related parameters of the encryption algorithm to the security subsystem through mailbox (a functional data transmission form). And the security subsystem encrypts the complemented data to be encrypted to obtain target encrypted data, and then sends the target encrypted data to the CPU through the mailbox. The CPU adds target header data of 6 bytes according to a unified data structure to obtain encrypted data to be sent, the encrypted data to be sent is further transmitted to an AutBus bus through an HCB, the encrypted data to be sent is transmitted to an HCB of a node 2 in a two-wire form, the HCB of the node 2 transmits received data to the CPU, the CPU can determine that the received data is data to be decrypted according to the data type (0 x 21) of the received data, and therefore the following processing is carried out according to the target node identification of the target header data and the node identification of the node 2:
If the target node identification of the target header data is the same as the node identification of the node 2, the received data to be decrypted is characterized as point-to-point encrypted communication data, the target header data of the data to be decrypted is further removed, the data to be decrypted of the target header data, the decryption ASSETID of the node 1 and related parameters of a decryption algorithm are further sent to a security subsystem of the node 2, after the security subsystem decrypts the data to be decrypted of the target header data, the security subsystem sends the target data to be decrypted obtained through decryption to a CPU, and the CPU eliminates the invalid data generated by the repair processing according to the tail invalid byte number and the valid data offset byte number in the target header data, so that the target decrypted data is obtained. After obtaining the target decryption data, the node 2 may further send the target decryption data to the peripheral through the peripheral interface according to the project configuration data, so that the peripheral may analyze the target decryption data.
If the target node identification of the target header data is different from the node identification of the node 2, the received data to be decrypted is characterized as multicast communication data, the target header data of the data to be decrypted is further removed, the data to be decrypted of the target header data, the decryption ASSETID of the target node identification and related parameters of a decryption algorithm are further sent to a security subsystem of the node 2, after the security subsystem decrypts the data to be decrypted of the target header data, the security subsystem sends the decrypted data to be processed to a CPU, and the CPU eliminates the invalid data generated by the repair processing according to the tail invalid byte number and the valid data offset byte number in the target header data, so that the target decrypted data is obtained. After obtaining the target decryption data, the node 2 may further send the target decryption data to the peripheral through the peripheral interface according to the project configuration data, so that the peripheral may analyze the target decryption data. Among other things, peripherals may include, but are not limited to, CAN (Controller Area Network ), I2C (serial transmission bus), SPI (Serial Peripheral Interface, serial peripheral), and ETH (ethernet peripheral), among others.
According to the embodiment of the invention, the data to be encrypted and the receiver data encryption identification of the data receiver are obtained, so that the encryption key of the data receiver is obtained according to the receiver data encryption identification of the data receiver, the data to be encrypted is encrypted according to the encryption key and the encryption algorithm of the data receiver, the target encryption data is generated, the target head data is further added to the target encryption data, the encrypted data to be transmitted is generated, and the encrypted data to be transmitted is further transmitted to the data receiver through the AutBus bus. Because the encrypted data to be sent to the data receiver is generated by the encrypted data to be sent and the encrypted identification of the data receiver, the encrypted data to be sent is more complex than the encrypted data to be sent, and the situation that the encrypted data to be sent is utilized after being leaked and stolen can be effectively avoided, so that the confidentiality of the encrypted data to be sent is ensured. The AutBus bus has the advantages of high real-time and high bandwidth, the timeliness of the encrypted data to be sent can be ensured by sending the encrypted data to be sent to a data receiver through the AutBus bus, the defect that the AutBus bus is used as a relatively new bus and the encryption mechanism is imperfect in the prior art is overcome, the encryption mechanism of the AutBus bus can be perfected, and the safety and timeliness of the data transmission of the AutBus bus are ensured.
It should be noted that any permutation and combination of the technical features in the above embodiments also belong to the protection scope of the present invention.
Example III
Fig. 6 is a schematic diagram of a data encryption processing apparatus according to a third embodiment of the present invention, as shown in fig. 6, where the apparatus includes: a receiving party data encryption identification acquisition module 310, an encrypted data to be sent generation module 320, and an encrypted data to be sent sending module 330, wherein:
a receiver data encryption identifier obtaining module 310, configured to obtain data to be encrypted and a receiver data encryption identifier of a data receiver;
the to-be-transmitted encrypted data generating module 320 is configured to generate to-be-transmitted encrypted data according to the to-be-encrypted data and the receiver data encryption identifier of the data receiver;
and the to-be-transmitted encrypted data transmitting module 330 is configured to transmit the to-be-transmitted encrypted data to the data receiving party through an AutBus.
According to the embodiment of the invention, the data to be encrypted and the receiver data encryption identification of the data receiver are obtained, so that the encryption key of the data receiver is obtained according to the receiver data encryption identification of the data receiver, the data to be encrypted is encrypted according to the encryption key and the encryption algorithm of the data receiver, the target encryption data is generated, the target head data is further added to the target encryption data, the encrypted data to be transmitted is generated, and the encrypted data to be transmitted is further transmitted to the data receiver through the AutBus bus. Because the encrypted data to be sent to the data receiver is generated by the encrypted data to be sent and the encrypted identification of the data receiver, the encrypted data to be sent is more complex than the encrypted data to be sent, and the situation that the encrypted data to be sent is utilized after being leaked and stolen can be effectively avoided, so that the confidentiality of the encrypted data to be sent is ensured. The AutBus bus has the advantages of high real-time and high bandwidth, the timeliness of the encrypted data to be sent can be ensured by sending the encrypted data to be sent to a data receiver through the AutBus bus, the defect that the AutBus bus is used as a relatively new bus and the encryption mechanism is imperfect in the prior art is overcome, the encryption mechanism of the AutBus bus can be perfected, and the safety and timeliness of the data transmission of the AutBus bus are ensured.
Optionally, the data encryption processing device further includes a data storage module, configured to obtain an encryption key and a decryption key of other nodes that communicate with the node; determining an encryption identifier of the encryption key and a decryption identifier of the decryption key; the encryption identifier comprises a node data encryption identifier and a group data encryption identifier, and the decryption identifier comprises a node data decryption identifier and a group data decryption identifier of the decryption key; and storing the data encryption identifier, the data decryption identifier, the decryption identifier and the group data identifier by taking the node identifier as an index.
Optionally, the encrypted data generating module 320 to be sent is specifically configured to: acquiring an encryption key of the data receiver according to the receiver data encryption identifier of the data receiver; encrypting the data to be encrypted according to the encryption key and the encryption algorithm of the data receiver to generate target encrypted data; adding target head data to the target encrypted data to generate the encrypted data to be sent; the target header data comprises a data type, a source node identification, a target node identification, a tail invalid byte number, a valid data offset byte number and a data byte number to be encrypted.
Optionally, the encrypted data generating module 320 to be sent is specifically configured to: determining a data receiver identifier of the data receiver according to the project configuration data; acquiring an encryption key receiver data encryption identifier of the data receiver according to the data receiver identifier; performing filling processing on the data to be encrypted according to a preset byte length to obtain generation target data to be encrypted; and encrypting the target data to be encrypted according to the encryption key and the encryption algorithm of the data receiver to generate the target encrypted data.
Optionally, the data encryption processing device further comprises a target decryption data generation module, configured to receive data to be decrypted through the AutBus; removing the target head data of the data to be decrypted to obtain the data to be decrypted; determining a decryption identifier of the decryption data to be processed, wherein the decryption identifier comprises a node data decryption identifier or the group data decryption identifier; and generating target decryption data according to the decryption identification of the decryption data to be processed.
Optionally, the target decryption data generation module is specifically configured to: under the condition that the target node identification of the data to be decrypted is the same as the node identification of the node, decrypting the data to be processed according to a decryption algorithm and the node data decryption identification to obtain the target decrypted data; and under the condition that the target node identification of the data to be decrypted is different from the node identification of the node, decrypting the data to be decrypted according to a decryption algorithm and the group data decryption identification to obtain the target decrypted data.
Optionally, the target decryption data generation module is specifically configured to: decrypting the to-be-processed decrypted data through the decryption algorithm to obtain target to-be-processed decrypted data; and eliminating the filling data in the target to-be-processed decryption data according to the tail invalid byte number and the valid data offset byte number to obtain the target decryption data.
The data encryption processing device can execute the data encryption processing method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be referred to the data encryption processing method provided in any embodiment of the present invention.
Since the data encryption processing apparatus described above is an apparatus capable of executing the data encryption processing method in the embodiment of the present invention, based on the data encryption processing method described in the embodiment of the present invention, a person skilled in the art can understand the specific implementation of the data encryption processing apparatus of the embodiment and various modifications thereof, so how the data encryption processing apparatus implements the data encryption processing method in the embodiment of the present invention will not be described in detail herein. The device used by those skilled in the art to implement the data encryption processing method in the embodiment of the present invention is within the scope of protection intended in the present application.
Example IV
Fig. 7 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. Fig. 7 shows a block diagram of an electronic device 412 suitable for use in implementing embodiments of the invention. The electronic device 412 shown in fig. 7 is only an example and should not be construed as limiting the functionality and scope of use of embodiments of the invention.
As shown in FIG. 7, the electronic device 412 is in the form of a general purpose computing device. Components of electronic device 412 may include, but are not limited to: one or more processors 416, a storage 428, and a bus 418 that connects the various system components (including the storage 428 and the processors 416).
Bus 418 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include industry standard architecture (Industry Standard Architecture, ISA) bus, micro channel architecture (Micro Channel Architecture, MCA) bus, enhanced ISA bus, video electronics standards association (Video Electronics Standards Association, VESA) local bus, and peripheral component interconnect (Peripheral Component Interconnect, PCI) bus.
Electronic device 412 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 412 and includes both volatile and nonvolatile media, removable and non-removable media.
The storage 428 may include computer system readable media in the form of volatile memory, such as random access memory (Random Access Memory, RAM) 430 and/or cache memory 432. The electronic device 412 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 434 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, commonly referred to as a "hard disk drive"). Although not shown in fig. 7, a disk drive for reading from and writing to a removable nonvolatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from and writing to a removable nonvolatile optical disk (e.g., a Compact Disc-Read Only Memory (CD-ROM), digital versatile Disc (Digital Video Disc-Read Only Memory, DVD-ROM), or other optical media) may be provided. In such cases, each drive may be coupled to bus 418 via one or more data medium interfaces. Storage 428 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
Programs 436 having a set (at least one) of program modules 426 may be stored, for example, in storage 428, such program modules 426 include, but are not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 426 typically carry out the functions and/or methods of the embodiments described herein.
The electronic device 412 may also communicate with one or more external devices 414 (e.g., keyboard, pointing device, camera, display 424, etc.), one or more devices that enable a user to interact with the electronic device 412, and/or any device (e.g., network card, modem, etc.) that enables the electronic device 412 to communicate with one or more other computing devices. Such communication may occur through an Input/Output (I/O) interface 422. Also, the electronic device 412 may communicate with one or more networks (e.g., a local area network (Local Area Network, LAN), a wide area network Wide Area Network, a WAN) and/or a public network, such as the internet) via the network adapter 420. As shown, network adapter 420 communicates with other modules of electronic device 412 over bus 418. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 412, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, disk array (Redundant Arrays of Independent Disks, RAID) systems, tape drives, data backup storage systems, and the like.
The processor 416 executes various functional applications and data processing by running a program stored in the storage device 428, for example, implementing the data encryption processing method provided by the above-described embodiment of the present invention: acquiring data to be encrypted and a receiver data encryption identifier of a data receiver; generating encrypted data to be transmitted according to the data to be encrypted and the data encryption identification of the receiver of the data; the encrypted data to be sent is sent to a data receiver through an AutBus bus.
According to the embodiment of the invention, the data to be encrypted and the receiver data encryption identification of the data receiver are obtained, so that the encryption key of the data receiver is obtained according to the receiver data encryption identification of the data receiver, the data to be encrypted is encrypted according to the encryption key and the encryption algorithm of the data receiver, the target encryption data is generated, the target head data is further added to the target encryption data, the encrypted data to be transmitted is generated, and the encrypted data to be transmitted is further transmitted to the data receiver through the AutBus bus. Because the encrypted data to be sent to the data receiver is generated by the encrypted data to be sent and the encrypted identification of the data receiver, the encrypted data to be sent is more complex than the encrypted data to be sent, and the situation that the encrypted data to be sent is utilized after being leaked and stolen can be effectively avoided, so that the confidentiality of the encrypted data to be sent is ensured. The AutBus bus has the advantages of high real-time and high bandwidth, the timeliness of the encrypted data to be sent can be ensured by sending the encrypted data to be sent to a data receiver through the AutBus bus, the defect that the AutBus bus is used as a relatively new bus and the encryption mechanism is imperfect in the prior art is overcome, the encryption mechanism of the AutBus bus can be perfected, and the safety and timeliness of the data transmission of the AutBus bus are ensured.
Example five
A fifth embodiment of the present invention also provides a computer storage medium storing a computer program for executing the data encryption processing method according to any one of the above embodiments of the present invention when executed by a computer processor: acquiring data to be encrypted and a receiver data encryption identifier of a data receiver; generating encrypted data to be transmitted according to the data to be encrypted and the data encryption identification of the receiver of the data; the encrypted data to be sent is sent to a data receiver through an AutBus bus.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory ((Erasable Programmable Read Only Memory, EPROM) or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (9)

1. A data encryption processing method, comprising:
acquiring data to be encrypted and a receiver data encryption identifier of a data receiver;
generating encrypted data to be transmitted according to the data to be encrypted and the receiver data encryption identification of the data receiver;
transmitting the encrypted data to be transmitted to the data receiver through a high-speed industrial field bus AutBus bus;
before the data to be encrypted and the data encryption identification of the data receiver are acquired, the method further comprises the following steps:
Acquiring encryption keys and decryption keys of other nodes communicating with the node;
determining an encryption identifier of the encryption key and a decryption identifier of the decryption key; the encryption identifier comprises a node data encryption identifier and a group data encryption identifier, and the decryption identifier comprises a node data decryption identifier and a group data decryption identifier of the decryption key;
and storing the encryption identification and the decryption identification by taking the node identification as an index.
2. The method of claim 1, wherein the generating the encrypted data to be transmitted according to the data to be encrypted and the recipient data encryption identification of the data recipient comprises:
acquiring an encryption key of the data receiver according to the receiver data encryption identifier of the data receiver;
encrypting the data to be encrypted according to the encryption key and the encryption algorithm of the data receiver to generate target encrypted data;
adding target head data to the target encrypted data to generate the encrypted data to be sent;
the target header data comprises a data type, a source node identification, a target node identification, a tail invalid byte number, a valid data offset byte number and a data byte number to be encrypted.
3. The method according to claim 2, wherein the obtaining the encryption key of the data receiver according to the receiver data encryption identifier of the data receiver includes:
determining a data receiver identifier of the data receiver according to the project configuration data;
acquiring an encryption key of the data receiver according to the data receiver identifier;
the encrypting the data to be encrypted according to the encryption key and the encryption algorithm of the data receiving party to generate target encrypted data comprises the following steps:
performing filling processing on the data to be encrypted according to a preset byte length to generate target data to be encrypted;
and encrypting the target data to be encrypted according to the encryption key and the encryption algorithm of the data receiver to generate the target encrypted data.
4. The method according to claim 2, further comprising, after said sending the encrypted data to be sent to the data receiver via an AutBus:
receiving data to be decrypted through an AutBus bus;
removing target head data of the data to be decrypted to obtain the data to be decrypted;
determining a decryption identifier of the decryption data to be processed;
And generating target decryption data according to the decryption identification of the decryption data to be processed.
5. The method of claim 4, wherein generating target decrypted data from the decrypted identification of the decrypted data to be processed comprises:
under the condition that the target node identification of the data to be decrypted is the same as the node identification of the node, decrypting the data to be processed according to a decryption algorithm and the node data decryption identification to obtain the target decrypted data;
and under the condition that the target node identification of the data to be decrypted is different from the node identification of the node, decrypting the data to be decrypted according to a decryption algorithm and the group data decryption identification to obtain the target decrypted data.
6. The method according to claim 5, wherein decrypting the decrypted data to be processed to obtain the target decrypted data comprises:
decrypting the to-be-processed decrypted data through the decryption algorithm to obtain target to-be-processed decrypted data;
and deleting the complement data in the target to-be-processed decryption data according to the tail invalid byte number and the valid data offset byte number to obtain the target decryption data.
7. A data encryption processing apparatus, comprising:
the receiving party data encryption identification acquisition module is used for acquiring the data to be encrypted and the receiving party data encryption identification of the data receiving party;
the encryption data to be transmitted generation module is used for generating encryption data to be transmitted according to the encryption data to be transmitted and the receiver data encryption identification of the data receiver;
the to-be-transmitted encrypted data transmitting module is used for transmitting the to-be-transmitted encrypted data to the data receiving party through an AutBus bus;
the data encryption processing device also comprises a data storage module, a data processing module and a data processing module, wherein the data storage module is used for acquiring encryption keys and decryption keys of other nodes communicated with the node; determining an encryption identifier of the encryption key and a decryption identifier of the decryption key; the encryption identifier comprises a node data encryption identifier and a group data encryption identifier, and the decryption identifier comprises a node data decryption identifier and a group data decryption identifier of the decryption key; and storing the node data encryption identifier and the node data decryption identifier, and the group data encryption identifier and the group data decryption identifier by taking the node identifier as an index.
8. An electronic device, the electronic device comprising:
one or more processors;
a storage means for storing one or more programs;
when executed by the one or more processors, causes the one or more processors to implement the data encryption processing method of any one of claims 1-6.
9. A computer storage medium having stored thereon a computer program, which when executed by a processor implements a data encryption processing method according to any one of claims 1 to 6.
CN202111420512.XA 2021-11-26 2021-11-26 Data encryption processing method and device, electronic equipment and storage medium Active CN114142998B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111420512.XA CN114142998B (en) 2021-11-26 2021-11-26 Data encryption processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111420512.XA CN114142998B (en) 2021-11-26 2021-11-26 Data encryption processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114142998A CN114142998A (en) 2022-03-04
CN114142998B true CN114142998B (en) 2024-03-15

Family

ID=80389061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111420512.XA Active CN114142998B (en) 2021-11-26 2021-11-26 Data encryption processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114142998B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof
CN107483426A (en) * 2017-08-08 2017-12-15 深圳市鼎晟开元科技有限公司 Security device safe communication method, server and storage medium
CN107786404A (en) * 2017-09-20 2018-03-09 北京东土科技股份有限公司 The security implementation method and device of industry internet field layer wideband bus framework
CN108123800A (en) * 2017-12-19 2018-06-05 腾讯科技(深圳)有限公司 Key management method, device, computer equipment and storage medium
CN108494725A (en) * 2018-01-30 2018-09-04 惠州市德赛西威汽车电子股份有限公司 A kind of encryption communication method of vehicle-mounted CAN bus message
CN108965302A (en) * 2018-07-24 2018-12-07 苏州科达科技股份有限公司 Media data transmission system, method, apparatus and storage medium
CN109586908A (en) * 2019-01-18 2019-04-05 中国科学院软件研究所 A kind of safe packet transmission method and its system
CN110084054A (en) * 2019-05-08 2019-08-02 深圳豪杰创新电子有限公司 A kind of data privacy device, method, electronic equipment and storage medium
CN110808969A (en) * 2019-10-28 2020-02-18 网御安全技术(深圳)有限公司 Data transmission method and system, electronic device and storage medium
CN111093097A (en) * 2019-12-20 2020-05-01 北京云享智胜科技有限公司 Stream media data encryption and decryption method and device, electronic equipment and storage medium
CN111355580A (en) * 2020-05-25 2020-06-30 腾讯科技(深圳)有限公司 Data interaction method and device based on Internet of things
CN111726274A (en) * 2020-05-25 2020-09-29 武汉理工大学 Automobile CAN bus data communication method, equipment and storage medium
CN112600838A (en) * 2020-12-08 2021-04-02 国汽(北京)智能网联汽车研究院有限公司 CAN bus data encryption method and device, storage medium and electronic equipment
CN112688845A (en) * 2020-12-23 2021-04-20 北京天融信网络安全技术有限公司 Communication method and device of vehicle-mounted CAN network
CN112769744A (en) * 2019-11-01 2021-05-07 苏州千米电子科技有限公司 Data sending method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117642A1 (en) * 2002-12-17 2004-06-17 Mowery Keith R. Secure media card operation over an unsecured PCI bus
US7822994B2 (en) * 2005-01-07 2010-10-26 Konica Minolta Systems Laboratory, Inc. Data bus line and bus having an encryption/decryption device
KR101310232B1 (en) * 2007-04-24 2013-09-24 삼성전자주식회사 Method for sharing bus key and apparatus therefor
CN108965218B (en) * 2017-05-25 2020-09-29 华为技术有限公司 Controller area network bus secure communication method, device and system

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof
CN107483426A (en) * 2017-08-08 2017-12-15 深圳市鼎晟开元科技有限公司 Security device safe communication method, server and storage medium
CN107786404A (en) * 2017-09-20 2018-03-09 北京东土科技股份有限公司 The security implementation method and device of industry internet field layer wideband bus framework
CN108123800A (en) * 2017-12-19 2018-06-05 腾讯科技(深圳)有限公司 Key management method, device, computer equipment and storage medium
CN108494725A (en) * 2018-01-30 2018-09-04 惠州市德赛西威汽车电子股份有限公司 A kind of encryption communication method of vehicle-mounted CAN bus message
CN108965302A (en) * 2018-07-24 2018-12-07 苏州科达科技股份有限公司 Media data transmission system, method, apparatus and storage medium
CN109586908A (en) * 2019-01-18 2019-04-05 中国科学院软件研究所 A kind of safe packet transmission method and its system
CN110084054A (en) * 2019-05-08 2019-08-02 深圳豪杰创新电子有限公司 A kind of data privacy device, method, electronic equipment and storage medium
CN110808969A (en) * 2019-10-28 2020-02-18 网御安全技术(深圳)有限公司 Data transmission method and system, electronic device and storage medium
CN112769744A (en) * 2019-11-01 2021-05-07 苏州千米电子科技有限公司 Data sending method and device
CN111093097A (en) * 2019-12-20 2020-05-01 北京云享智胜科技有限公司 Stream media data encryption and decryption method and device, electronic equipment and storage medium
CN111355580A (en) * 2020-05-25 2020-06-30 腾讯科技(深圳)有限公司 Data interaction method and device based on Internet of things
CN111726274A (en) * 2020-05-25 2020-09-29 武汉理工大学 Automobile CAN bus data communication method, equipment and storage medium
CN112600838A (en) * 2020-12-08 2021-04-02 国汽(北京)智能网联汽车研究院有限公司 CAN bus data encryption method and device, storage medium and electronic equipment
CN112688845A (en) * 2020-12-23 2021-04-20 北京天融信网络安全技术有限公司 Communication method and device of vehicle-mounted CAN network

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AUTBUS高速工业现场总线;邵枝晖等;仪器仪表标准化与计量;20200426;全文 *
一种支持AES的数据加密卡的设计;王根义;;制造业自动化;20101210(14);全文 *
基于半群结构的网络通信加密方法仿真;李凤;张勇飞;;计算机仿真(12);全文 *
工业现场总线modbus协议的安全技术研究与实现;罗旋;中国优秀硕士学位论文全文数据库;20200315;全文 *

Also Published As

Publication number Publication date
CN114142998A (en) 2022-03-04

Similar Documents

Publication Publication Date Title
CN111371549B (en) Message data transmission method, device and system
EP4191430A1 (en) Data processing method and apparatus applied to blockchain system
US7978858B2 (en) Terminal device, group management server, network communication system, and method for generating encryption key
US11943695B2 (en) Network channel switching method and apparatus, device, and storage medium
CN114024710B (en) Data transmission method, device, system and equipment
CN113221146B (en) Method and device for data transmission among block chain nodes
WO2023160420A1 (en) Group message encryption method and apparatus, device and storage medium
CN114938312B (en) Data transmission method and device
CN113014580A (en) File transmission method and device, electronic equipment and storage medium
CN114422256B (en) High-performance security access method and device based on SSAL/SSL protocol
CN115622772A (en) Financial data transmission method and application gateway for financial business service
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN112714070B (en) Communication method, device, system and storage medium
CN114142998B (en) Data encryption processing method and device, electronic equipment and storage medium
CN112738037A (en) Data encryption communication method
CN109714337B (en) Data encryption transmission method and equipment
CN114650181B (en) E-mail encryption and decryption method, system, equipment and computer readable storage medium
US8670565B2 (en) Encrypted packet communication system
CN110545320A (en) Intranet data interaction method and equipment
US20080256356A1 (en) Secure media broadcasting using temporal access control
CN115567263A (en) Data transmission management method, data processing method and device
WO2018054144A1 (en) Method, apparatus, device and system for dynamically generating symmetric key
CN111431846B (en) Data transmission method, device and system
CN111859351A (en) Method, system, server and storage medium for writing information into chip
WO2021027035A1 (en) Network security ipsec acceleration processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant