CN114978711A - Data transmission method and system for symmetric encryption of dynamic secret key - Google Patents

Data transmission method and system for symmetric encryption of dynamic secret key Download PDF

Info

Publication number
CN114978711A
CN114978711A CN202210575469.2A CN202210575469A CN114978711A CN 114978711 A CN114978711 A CN 114978711A CN 202210575469 A CN202210575469 A CN 202210575469A CN 114978711 A CN114978711 A CN 114978711A
Authority
CN
China
Prior art keywords
data
string
encrypted
data transmission
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210575469.2A
Other languages
Chinese (zh)
Other versions
CN114978711B (en
Inventor
赵振江
张昊
王松阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Guozi Software Co ltd
Original Assignee
Shandong Guozi Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Guozi Software Co ltd filed Critical Shandong Guozi Software Co ltd
Priority to CN202210575469.2A priority Critical patent/CN114978711B/en
Publication of CN114978711A publication Critical patent/CN114978711A/en
Application granted granted Critical
Publication of CN114978711B publication Critical patent/CN114978711B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

本公开属于数据传输安全技术领域,具体涉及一种动态秘钥对称加密的数据传输方法及系统,包括:获取待传输的原始数据;基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;解析所述加密数据的字符串,得到解密密钥;通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。

Figure 202210575469

The present disclosure belongs to the technical field of data transmission security, and in particular relates to a data transmission method and system for symmetric encryption with dynamic secret keys, including: acquiring original data to be transmitted; Obtaining encrypted data; parsing the character string of the encrypted data to obtain a decryption key; decrypting the received encrypted data through the obtained decryption key to complete data transmission.

Figure 202210575469

Description

一种动态秘钥对称加密的数据传输方法及系统A kind of data transmission method and system of dynamic secret key symmetric encryption

技术领域technical field

本公开属于数据传输安全技术领域,具体涉及一种动态秘钥对称加密的数据传输方法及系统。The present disclosure belongs to the technical field of data transmission security, and in particular relates to a data transmission method and system for dynamic secret key symmetric encryption.

背景技术Background technique

本部分的陈述仅仅是提供了与本公开相关的背景技术信息,不必然构成在先技术。The statements in this section merely provide background information related to the present disclosure and do not necessarily constitute prior art.

数据安全传输越来越重要,为了保证数据安全传输,一般以下三种形式:Data security transmission is becoming more and more important. In order to ensure data security transmission, there are generally the following three forms:

第一,Base64编码数据传输,将原数据进行Base64编码后进行传输,可理解为一种简单的编码加密方式;数据传输被截获后可轻松进行数据解码,从而拿到原数据;而且base64在编码过程中所出现的关键字组合会被安全防护设备拦截,直接影响数据的正常传输;First, Base64 encoded data transmission, the original data is transmitted after Base64 encoding, which can be understood as a simple encoding and encryption method; after the data transmission is intercepted, the data can be easily decoded to obtain the original data; and base64 is encoded in the encoding. The keyword combination that appears in the process will be intercepted by the security protection device, which directly affects the normal transmission of data;

第二,固定秘钥加密数据安全传输,通过固定秘钥进行数据加密,数据被截获后基于固定解密秘钥来获取原数据;但是,因秘钥固定则可通过对比截获的多段数据进行反向计算得到秘钥,进而获取原数据,影响数据传输的安全。Second, the fixed secret key encrypts the data for secure transmission. The fixed secret key is used to encrypt the data. After the data is intercepted, the original data is obtained based on the fixed decryption secret key; The secret key is obtained by calculation, and then the original data is obtained, which affects the security of data transmission.

第三,基于TLS的数据安全传输,在网络传输层对原数据进行安全传输的一种技术,以https协议进行数据的安全传输;但是,使用TLS技术所传输的数据进行通过其他方式直接解密得到原数据,影响数据传输的安全性。Third, TLS-based data security transmission is a technology for secure transmission of original data at the network transmission layer, using the https protocol for secure data transmission; however, the data transmitted using TLS technology is directly decrypted by other means. The original data affects the security of data transmission.

目前常见的数据安全传输技术都可以比较容易的获取到原数据,从而也会比较容易的被攻击者利用,发起攻击窃取关键数据。At present, the common data security transmission technologies can easily obtain the original data, and thus can be easily used by attackers to launch attacks to steal key data.

发明内容SUMMARY OF THE INVENTION

为了解决上述问题,本公开提出了一种动态秘钥对称加密的数据传输方法及系统,有效避免了数据传输过程中的数据拦截和数据篡改造成数据无法正常传输的情况,提高了数据传输的安全性。In order to solve the above problems, the present disclosure proposes a data transmission method and system for symmetric encryption with dynamic secret keys, which effectively avoids the situation that data cannot be transmitted normally due to data interception and data tampering during data transmission, and improves the security of data transmission. sex.

根据一些实施例,本公开的第一方案提供了一种动态秘钥对称加密的数据传输方法,采用如下技术方案:According to some embodiments, the first solution of the present disclosure provides a data transmission method of dynamic secret key symmetric encryption, using the following technical solutions:

一种动态秘钥对称加密的数据传输方法,包括:A data transmission method of dynamic secret key symmetric encryption, comprising:

获取待传输的原始数据;Obtain the raw data to be transmitted;

基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;The algorithm-based dynamic key encrypts the acquired original data to obtain encrypted data;

解析所述加密数据的字符串,得到解密密钥;Parse the character string of the encrypted data to obtain a decryption key;

通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。The received encrypted data is decrypted through the obtained decryption key to complete the data transmission.

作为进一步的技术限定,在获取待传输的原始数据之后,将所获取的原始数据按照特定格式进行格式化处理,将格式化后的原始数据追加32位的GUID,得到第一加密字符串。As a further technical limitation, after obtaining the raw data to be transmitted, the obtained raw data is formatted according to a specific format, and a 32-bit GUID is added to the formatted raw data to obtain a first encrypted character string.

进一步的,对所得到的第一加密字符串进行base64编码,得到编码后的第二加密字符串;对所得到的第二加密字符串进行敏感哈希运算,得到具有唯一性的十六进制签名的第三加密字符串;对所得到的第一加密字符串进行敏感哈希运算,得到具有唯一性的十六进制签名的原始数据,即第四加密字符串。Further, base64 encoding is performed on the obtained first encrypted string to obtain an encoded second encrypted string; a sensitive hash operation is performed on the obtained second encrypted string to obtain a unique hexadecimal The signed third encrypted string; perform a sensitive hash operation on the obtained first encrypted string to obtain the original data of the unique hexadecimal signature, that is, the fourth encrypted string.

进一步的,在所述敏感哈希运算的过程中,基于算法的秘钥,利用算法进行敏感哈希运算,每次数据传输得到的敏感哈希值不同,以敏感哈希值作为对称加密的秘钥,对原数据进行对称加密。Further, in the process of the sensitive hash operation, based on the secret key of the algorithm, the sensitive hash operation is performed by using the algorithm, and the sensitive hash value obtained by each data transmission is different, and the sensitive hash value is used as the secret of the symmetric encryption. key to encrypt the original data symmetrically.

进一步的,基于所得到的第三加密字符串采集固定位置的字符,得到对称加密秘钥,即第五加密字符串;对所得到的第二加密字符串,以所述第五加密字符串作为秘钥进行对称加密,得到第一加密二进制数组;对所得到的第一加密二进制数组进行base16处理,得到第七加密字符串;将所得到的第七加密字符串、第四加密字符串和第三加密字符串按照预设格式进行数据传输,即完成加密数据的传输。Further, based on the obtained third encrypted character string, the characters in the fixed position are collected to obtain the symmetric encryption key, that is, the fifth encrypted character string; for the obtained second encrypted character string, the fifth encrypted character string is used as the Perform symmetric encryption with the secret key to obtain the first encrypted binary array; perform base16 processing on the obtained first encrypted binary array to obtain the seventh encrypted string; The three encrypted strings perform data transmission according to the preset format, that is, the transmission of encrypted data is completed.

进一步的,解析所接收到的加密数据,得到第七解密字符串、第四解密字符串和第三解密字符串;在所得到的第三解密字符串中采集固定位置的字符,得到解密秘钥,即第五解密字符串;对所得到的第七解密字符串进行base16解码,得到第一解密二进制数组;基于第五解密字符串对所得到的第一解密二进制数组进行解密,得到第二解密字符串;对所得到的第二解密字符串进行base64解码,得到第一解密字符串。Further, parse the received encrypted data to obtain the seventh decrypted string, the fourth decrypted string and the third decrypted string; collect characters at fixed positions in the obtained third decrypted string to obtain the decryption key , that is, the fifth decrypted string; perform base16 decoding on the obtained seventh decrypted string to obtain the first decrypted binary array; based on the fifth decrypted string, decrypt the obtained first decrypted binary array to obtain the second decrypted String; perform base64 decoding on the obtained second decrypted string to obtain the first decrypted string.

进一步的,对所得到的第二解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与第三解密字符串相比较,若两个解密字符串的值相等,则数据未被篡改;将所得到的第一解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与第四解密字符串相比较,若两个解密字符串的值相等,则数据未被篡改。Further, a sensitive hash operation is performed on the obtained second decrypted string, and the decrypted string obtained after the sensitive hash operation is compared with the third decrypted string. If the values of the two decrypted strings are equal, the data Not tampered; perform a sensitive hash operation on the obtained first decrypted string, and compare the decrypted string obtained after the sensitive hash operation with the fourth decrypted string. If the values of the two decrypted strings are equal, then The data has not been tampered with.

根据一些实施例,本公开的第二方案提供了一种动态秘钥对称加密的数据传输系统,采用如下技术方案:According to some embodiments, the second solution of the present disclosure provides a data transmission system with dynamic secret key symmetric encryption, and adopts the following technical solutions:

一种动态秘钥对称加密的数据传输系统,包括:A data transmission system with dynamic key symmetric encryption, comprising:

获取模块,其被配置为获取待传输的原始数据;an acquisition module configured to acquire the raw data to be transmitted;

加密模块,其被配置为基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;an encryption module, which is configured to perform encryption processing on the acquired original data based on the dynamic key of the algorithm to obtain encrypted data;

解密模块,其被配置为解析所述加密数据的字符串,得到解密密钥;通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。A decryption module, which is configured to parse the character string of the encrypted data to obtain a decryption key; decrypt the received encrypted data through the obtained decryption key to complete data transmission.

根据一些实施例,本公开的第三方案提供了一种计算机可读存储介质,采用如下技术方案:According to some embodiments, a third solution of the present disclosure provides a computer-readable storage medium, using the following technical solutions:

一种计算机可读存储介质,其上存储有程序,该程序被处理器执行时实现如本公开第一方面所述的动态秘钥对称加密的数据传输方法中的步骤。A computer-readable storage medium having a program stored thereon, when the program is executed by a processor, implements the steps in the data transmission method of the dynamic key symmetric encryption according to the first aspect of the present disclosure.

根据一些实施例,本公开的第四方案提供了一种电子设备,采用如下技术方案:According to some embodiments, a fourth solution of the present disclosure provides an electronic device, using the following technical solutions:

一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的程序,所述处理器执行所述程序时实现如本公开第一方面所述的动态秘钥对称加密的数据传输方法中的步骤。An electronic device includes a memory, a processor, and a program stored in the memory and running on the processor, when the processor executes the program, the dynamic key symmetric encryption according to the first aspect of the present disclosure is implemented. Steps in a data transfer method.

与现有技术相比,本公开的有益效果为:Compared with the prior art, the beneficial effects of the present disclosure are:

本公开采用base16编码方式进行数据传输,可轻松穿透安全防护设备,有效避免了base64编码方式进行数据传输时被安全防护设备拦截,造成数据无法正常传输的情况;基于算法的动态秘钥加密,相对于传统的固定秘钥加密方式,没有解密规律,增强了数据安全性,增大了破解难度;不需要采购专门的设备和安全证书,极大的节省了成本开支,从而也避免了证书过期等问题导致的无法访问问题;加解密的秘钥隐藏在参数中,秘钥的固定位置是客户端和服务器端相互约定,可随时进行变更。The present disclosure adopts the base16 encoding method for data transmission, which can easily penetrate the security protection equipment, and effectively avoids the situation that the data cannot be transmitted normally due to interception by the security protection equipment when the base64 encoding method is used for data transmission; the algorithm-based dynamic key encryption, Compared with the traditional fixed key encryption method, there is no decryption rule, which enhances data security and increases the difficulty of cracking; it does not need to purchase special equipment and security certificates, which greatly saves costs and expenses, thereby avoiding certificate expiration. Inaccessible problems caused by other problems; the encryption and decryption keys are hidden in the parameters, and the fixed position of the key is mutually agreed between the client and the server, which can be changed at any time.

附图说明Description of drawings

构成本公开的一部分的说明书附图用来提供对本公开的进一步理解,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。The accompanying drawings that constitute a part of the present disclosure are used to provide further understanding of the present disclosure, and the exemplary embodiments of the present disclosure and their descriptions are used to explain the present disclosure and do not constitute an improper limitation of the present disclosure.

图1是本公开实施例一中的动态秘钥对称加密的数据传输方法的流程图;1 is a flowchart of a data transmission method for symmetric encryption with dynamic keys in Embodiment 1 of the present disclosure;

图2是本公开实施例二中的动态秘钥对称加密的数据传输系统的结构框图。FIG. 2 is a structural block diagram of a data transmission system for symmetric encryption with dynamic keys in Embodiment 2 of the present disclosure.

具体实施方式Detailed ways

下面结合附图与实施例对本公开作进一步说明。The present disclosure will be further described below with reference to the accompanying drawings and embodiments.

应该指出,以下详细说明都是例示性的,旨在对本公开提供进一步的说明。除非另有指明,本文使用的所有技术和科学术语具有与本公开所属技术领域的普通技术人员通常理解的相同含义。It should be noted that the following detailed description is exemplary and intended to provide further explanation of the present disclosure. Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.

需要注意的是,这里所使用的术语仅是为了描述具体实施方式,而非意图限制根据本公开的示例性实施方式。如在这里所使用的,除非上下文另外明确指出,否则单数形式也意图包括复数形式,此外,还应当理解的是,当在本说明书中使用术语“包含”和/或“包括”时,其指明存在特征、步骤、操作、器件、组件和/或它们的组合。It should be noted that the terminology used herein is for the purpose of describing specific embodiments only, and is not intended to limit the exemplary embodiments according to the present disclosure. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural as well, furthermore, it is to be understood that when the terms "comprising" and/or "including" are used in this specification, it indicates that There are features, steps, operations, devices, components and/or combinations thereof.

在不冲突的情况下,本公开中的实施例及实施例中的特征可以相互组合。The embodiments of this disclosure and features of the embodiments may be combined with each other without conflict.

术语解释:Terminology Explanation:

原数据:原数据也叫明文数据,是指没有经过任何编码,可以被人轻松读取的数据。Original data: Original data, also called plaintext data, refers to data that can be easily read without any encoding.

秘钥:秘钥是指对数据进行加解密时使用的数字钥匙。Secret key: The secret key refers to the digital key used to encrypt and decrypt data.

对称加密:对称加密是对原数据加密后通过秘钥可以解密出原数据。Symmetric encryption: Symmetric encryption is to encrypt the original data and decrypt the original data through the secret key.

敏感哈希:敏感哈希是指对原数据进行计算时即使是原数据有一个字节不同,计算的哈希值也会有非常大的变化,MD5就属于敏感哈希,敏感哈希属于非对称加密。Sensitive hash: Sensitive hash means that even if the original data is different by one byte, the calculated hash value will have a very large change. MD5 is a sensitive hash, and a sensitive hash is a non-sensitive hash. Symmetric encryption.

GUID:全局唯一标识符,是一种由算法生成的二进制长度的数字标识符,全球唯一。GUID: Globally Unique Identifier, which is a binary-length digital identifier generated by an algorithm and is globally unique.

实施例一Example 1

本公开实施例一介绍了一种动态秘钥对称加密的数据传输方法。Embodiment 1 of the present disclosure introduces a data transmission method for symmetric encryption with dynamic secret keys.

如图1所示的一种动态秘钥对称加密的数据传输方法,包括:As shown in Figure 1, a data transmission method of dynamic secret key symmetric encryption includes:

获取待传输的原始数据;Obtain the raw data to be transmitted;

基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;The algorithm-based dynamic key encrypts the acquired original data to obtain encrypted data;

解析所述加密数据的字符串,得到解密密钥;Parse the character string of the encrypted data to obtain a decryption key;

通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。The received encrypted data is decrypted through the obtained decryption key to complete the data transmission.

作为一种或多种实施方式,动态秘钥对称加密的数据传输方法的第一步骤是数据的加密传输,具体为:As one or more embodiments, the first step of the data transmission method of dynamic key symmetric encryption is encrypted transmission of data, specifically:

(1)将原数据按照特定格式进行数据格式化,并将格式化后的数据追加上一段32位的GUID,形成具有全球唯一性的格式化字符串,即第一加密字符串;(1) Format the original data according to a specific format, and append a 32-bit GUID to the formatted data to form a globally unique formatted string, that is, the first encrypted string;

(2)将所形成的第一加密字符串进行base64编码,得到编码后的第二加密字符串,该操作的目的主要是将原数据中的一些特殊的数据或者字符进行规范化编码,避免部分特殊字符在计算过程整出现混乱造成数据运算不准确问题;(2) Encode the first encrypted string formed by base64 to obtain the encoded second encrypted string. The purpose of this operation is to standardize and encode some special data or characters in the original data to avoid some special characters. Characters are confused in the calculation process, resulting in inaccurate data operations;

(3)对所得到的第二加密字符串进行敏感哈希运算,得到具有唯一性的十六进制签名数据,即第三加密字符串;(3) sensitive hash operation is carried out to the obtained second encrypted string to obtain unique hexadecimal signature data, that is, the third encrypted string;

(4)对所得到的第一加密字符串进行敏感哈希运算,得到原始数据的具有唯一性的十六进制签名数据,即第四加密字符串;(4) sensitive hash operation is carried out to the obtained first encrypted character string to obtain the unique hexadecimal signature data of the original data, that is, the fourth encrypted character string;

(5)对所得到的第三加密字符串采集8个固定位置的字符作为对称加密秘钥,得到第五加密字符串;例如:对第三加密字符串采集以下8个索引位置字符:0、3、18、24、19、30、12、15,这样就得到了一个8位十六进制的加密秘钥;(5) collect 8 characters of fixed position to the obtained third encrypted character string as symmetric encryption secret key, obtain the fifth encrypted character string; For example: collect the following 8 index position characters to the third encrypted character string: 0, 3, 18, 24, 19, 30, 12, 15, so an 8-digit hexadecimal encryption key is obtained;

(6)对所得到的第二加密字符串,使用第五加密字符串作为秘钥进行对称加密,得到第一加密二进制数组;(6) to the obtained second encrypted character string, use the fifth encrypted character string to carry out symmetric encryption as the secret key to obtain the first encrypted binary array;

(7)对所得到的第一加密二进制数组进行base16加密处理,得到第七加密字符串;(7) base16 encryption processing is carried out to the obtained first encrypted binary array, and the seventh encrypted character string is obtained;

(8)将所得到的第七加密字符串、第四加密字符串和第三加密字符串按照特定的格式进行数据传输,即得到加密数据。(8) Data transmission is performed on the obtained seventh encrypted character string, fourth encrypted character string and third encrypted character string according to a specific format, namely, encrypted data is obtained.

可以理解的,传输的数据包含了数据唯一性的签名,在进行数据解密时可以通过数据唯一性签名来验证数据的合法性,另外由于加密秘钥是隐藏在第三加密字符串中,根据签名固定采集得到的;因此,秘钥具有了很强的随机性,增强了破解难度。It can be understood that the transmitted data contains the signature of the uniqueness of the data. When decrypting the data, the validity of the data can be verified by the uniqueness of the data signature. In addition, since the encryption key is hidden in the third encrypted string, according to the signature It is obtained by fixed collection; therefore, the secret key has strong randomness, which increases the difficulty of cracking.

作为一种或多种实施方式,动态秘钥对称加密的数据传输方法的第二步骤是数据的接收解密,具体为:As one or more implementations, the second step of the data transmission method of the dynamic key symmetric encryption is receiving and decrypting the data, specifically:

(1)根据传输的数据格式解析所接收到的加密数据,分别得到第七解密字符串、第四解密字符串和第三解密字符串;(1) analyze the received encrypted data according to the transmitted data format, obtain the seventh decryption string, the fourth decryption string and the third decryption string respectively;

(2)基于所得到的第三解密字符串采集8个固定位置的字符作为解密秘钥,得到第五解密字符串;(2) based on the obtained third decrypted character string, the characters of 8 fixed positions are collected as decryption secret key, and the fifth decrypted character string is obtained;

(3)对所得到的第七解密字符串进行base16解码,得到第一解密二进制数组;(3) base16 decoding is carried out to the obtained seventh decrypted string to obtain the first decrypted binary array;

(4)基于所得到的第一解密二进制数组,使用第五解密字符串进行解密,得到第二解密字符串;(4) based on the obtained first decrypted binary array, use the fifth decrypted string to decrypt to obtain the second decrypted string;

(5)对所得到的第二解密字符串进行base64解码,得到第一解密字符串;(5) base64 decoding is carried out to the obtained second decrypted string to obtain the first decrypted string;

(6)对所得到的第二解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与所得到的第三解密字符串进行比较,如果两个字符串的值完全相等,则代表数据没有被篡改;(6) Perform a sensitive hash operation on the obtained second decrypted string, and compare the decrypted string obtained after the sensitive hash operation with the obtained third decrypted string, if the values of the two strings are completely equal , it means that the data has not been tampered with;

(7)对所得到的第一解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与所得到的第四解密字符串进行比较,如果两个字符串的值完全相等,则代表数据没有被篡改;(7) Perform a sensitive hash operation on the obtained first decrypted string, and compare the decrypted string obtained after the sensitive hash operation with the obtained fourth decrypted string, if the values of the two strings are completely equal , it means that the data has not been tampered with;

(8)步重复步骤(6)和步骤(7),知道所有的数据均通过验证,则代表解密后的原始数据第一加密字符串是可用的,即实现了数据的安全传输。Step (8) Repeat steps (6) and (7) until all the data pass the verification, which means that the first encrypted string of the decrypted original data is available, that is, the secure transmission of the data is realized.

本实施例中的数据加密传输,在网络数据安全传输过程中对原数据进行加密;基于算法的秘钥,利用算法对原数据进行敏感哈希运算,因为是敏感哈希,所以每次的原数据传输得到的敏感哈希值都不相同,然后用敏感哈希值作为对称加密的秘钥,对原数据进行对称加密后传输;原数据的动态变化,因为对原数据进行了敏感哈希运算,不同的原数据的敏感哈希值肯定是不同的,但是如果原数据不发生变化,那么传输的对称加密的密文仍然是相同的,这样就会产生一定的规律,从而增加了被破解的危险。所以需要让原数据产生动态变化;采用base16编码方式,可以有效穿透安全防护设备,不会影响数据的正常传输;隐藏加密秘钥,加密秘钥传输过程中要隐藏在传递的参数中,增加获取难度。In the data encryption transmission in this embodiment, the original data is encrypted during the secure transmission of network data; based on the secret key of the algorithm, the algorithm is used to perform a sensitive hash operation on the original data. The sensitive hash values obtained from data transmission are different, and then the sensitive hash value is used as the secret key of symmetric encryption, and the original data is symmetrically encrypted and then transmitted; the dynamic change of the original data is due to the sensitive hash operation on the original data. , the sensitive hash values of different original data are definitely different, but if the original data does not change, the ciphertext of the transmitted symmetric encryption is still the same, which will produce certain rules, thereby increasing the number of cracked Danger. Therefore, the original data needs to be dynamically changed; the base16 encoding method can effectively penetrate the security protection equipment without affecting the normal transmission of data; the encryption key should be hidden, and the encryption key should be hidden in the transmitted parameters during the transmission process. Difficulty of acquisition.

实施例二Embodiment 2

本公开实施例二介绍了一种动态秘钥对称加密的数据传输系统。The second embodiment of the present disclosure introduces a data transmission system for symmetric encryption with dynamic keys.

如图2所示的一种动态秘钥对称加密的数据传输系统,包括:A data transmission system of dynamic key symmetric encryption as shown in Figure 2, including:

获取模块,其被配置为获取待传输的原始数据;an acquisition module configured to acquire the raw data to be transmitted;

加密模块,其被配置为基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;an encryption module, which is configured to perform encryption processing on the acquired original data based on the dynamic key of the algorithm to obtain encrypted data;

解密模块,其被配置为解析所述加密数据的字符串,得到解密密钥;通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。A decryption module, which is configured to parse the character string of the encrypted data to obtain a decryption key; decrypt the received encrypted data through the obtained decryption key to complete data transmission.

详细步骤与实施例一提供的动态秘钥对称加密的数据传输方法相同,在此不再赘述。The detailed steps are the same as the data transmission method of the dynamic key symmetric encryption provided in the first embodiment, and are not repeated here.

实施例三Embodiment 3

本公开实施例三提供了一种计算机可读存储介质。The third embodiment of the present disclosure provides a computer-readable storage medium.

一种计算机可读存储介质,其上存储有程序,该程序被处理器执行时实现如本公开实施例一所述的动态秘钥对称加密的数据传输方法中的步骤。A computer-readable storage medium stores a program thereon, and when the program is executed by a processor, implements the steps in the data transmission method of the dynamic key symmetric encryption according to the first embodiment of the present disclosure.

详细步骤与实施例一提供的动态秘钥对称加密的数据传输方法相同,在此不再赘述。The detailed steps are the same as the data transmission method of the dynamic key symmetric encryption provided in the first embodiment, and are not repeated here.

实施例四Embodiment 4

本公开实施例四提供了一种电子设备。The fourth embodiment of the present disclosure provides an electronic device.

一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的程序,所述处理器执行所述程序时实现如本公开实施例一所述的动态秘钥对称加密的数据传输方法中的步骤。An electronic device includes a memory, a processor, and a program stored in the memory and running on the processor, when the processor executes the program, the dynamic key symmetric encryption according to the first embodiment of the present disclosure is implemented. Steps in a data transfer method.

详细步骤与实施例一提供的动态秘钥对称加密的数据传输方法相同,在此不再赘述。The detailed steps are the same as the data transmission method of the dynamic key symmetric encryption provided in the first embodiment, and are not repeated here.

以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。The above descriptions are only preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. For those skilled in the art, the present disclosure may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included within the protection scope of the present disclosure.

Claims (10)

1.一种动态秘钥对称加密的数据传输方法,其特征在于,包括:1. a data transmission method of dynamic secret key symmetric encryption, is characterized in that, comprises: 获取待传输的原始数据;Get the raw data to be transmitted; 基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;The algorithm-based dynamic key encrypts the acquired original data to obtain encrypted data; 解析所述加密数据的字符串,得到解密密钥;Parse the character string of the encrypted data to obtain a decryption key; 通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。The received encrypted data is decrypted through the obtained decryption key to complete the data transmission. 2.如权利要求1中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,在获取待传输的原始数据之后,将所获取的原始数据按照特定格式进行格式化处理,将格式化后的原始数据追加32位的GUID,得到第一加密字符串。2. the data transmission method of a kind of dynamic secret key symmetric encryption as claimed in claim 1 is characterized in that, after obtaining the original data to be transmitted, the obtained original data is formatted according to a specific format, A 32-bit GUID is appended to the formatted raw data to obtain the first encrypted string. 3.如权利要求2中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,对所得到的第一加密字符串进行base64编码,得到编码后的第二加密字符串;对所得到的第二加密字符串进行敏感哈希运算,得到具有唯一性的十六进制签名的第三加密字符串;对所得到的第一加密字符串进行敏感哈希运算,得到具有唯一性的十六进制签名的原始数据,即第四加密字符串。3. the data transmission method of a kind of dynamic secret key symmetric encryption as claimed in claim 2, is characterized in that, base64 encoding is carried out to the first encrypted character string obtained, obtains the second encrypted character string after encoding; Sensitive hash operation is performed on the obtained second encrypted string to obtain a third encrypted string with a unique hexadecimal signature; sensitive hash operation is performed on the obtained first encrypted string to obtain a unique hexadecimal signature. The original data of the hexadecimal signature, i.e. the fourth encrypted string. 4.如权利要求3中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,在所述敏感哈希运算的过程中,基于算法的秘钥,利用算法进行敏感哈希运算,每次数据传输得到的敏感哈希值不同,以敏感哈希值作为对称加密的秘钥,对原数据进行对称加密。4. the data transmission method of a kind of dynamic secret key symmetric encryption as described in claim 3, is characterized in that, in the process of described sensitive hash operation, based on the secret key of algorithm, utilize algorithm to carry out sensitive hash operation , the sensitive hash value obtained for each data transmission is different, and the sensitive hash value is used as the key of symmetric encryption to encrypt the original data symmetrically. 5.如权利要求3中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,基于所得到的第三加密字符串采集固定位置的字符,得到对称加密秘钥,即第五加密字符串;对所得到的第二加密字符串,以所述第五加密字符串作为秘钥进行对称加密,得到第一加密二进制数组;对所得到的第一加密二进制数组进行base16处理,得到第七加密字符串;将所得到的第七加密字符串、第四加密字符串和第三加密字符串按照预设格式进行数据传输,即完成加密数据的传输。5. the data transmission method of a kind of dynamic secret key symmetric encryption as claimed in claim 3, is characterized in that, based on the obtained 3rd encrypted character string gathering the character of fixed position, obtains symmetric encryption secret key, namely the fifth Encrypting the character string; performing symmetric encryption on the obtained second encrypted character string using the fifth encrypted character string as a secret key to obtain a first encrypted binary array; performing base16 processing on the obtained first encrypted binary array to obtain Seventh encrypted character string; data transmission is performed on the obtained seventh encrypted character string, fourth encrypted character string and third encrypted character string according to the preset format, that is, the encrypted data transmission is completed. 6.如权利要求5中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,解析所接收到的加密数据,得到第七解密字符串、第四解密字符串和第三解密字符串;在所得到的第三解密字符串中采集固定位置的字符,得到解密秘钥,即第五解密字符串;对所得到的第七解密字符串进行base16解码,得到第一解密二进制数组;基于第五解密字符串对所得到的第一解密二进制数组进行解密,得到第二解密字符串;对所得到的第二解密字符串进行base64解码,得到第一解密字符串。6. the data transmission method of a kind of dynamic secret key symmetric encryption as claimed in claim 5, is characterized in that, parses the received encrypted data, obtains the seventh decryption string, the fourth decryption string and the third decryption character string; collect characters at fixed positions in the obtained third decrypted string to obtain the decryption key, that is, the fifth decrypted string; perform base16 decoding on the obtained seventh decrypted string to obtain the first decrypted binary array ; Decrypt the obtained first decrypted binary array based on the fifth decrypted string to obtain a second decrypted string; perform base64 decoding on the obtained second decrypted string to obtain the first decrypted string. 7.如权利要求6中所述的一种动态秘钥对称加密的数据传输方法,其特征在于,对所得到的第二解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与第三解密字符串相比较,若两个解密字符串的值相等,则数据未被篡改;将所得到的第一解密字符串进行敏感哈希运算,将敏感哈希运算后得到的解密字符串与第四解密字符串相比较,若两个解密字符串的值相等,则数据未被篡改。7. the data transmission method of a kind of dynamic secret key symmetric encryption as claimed in claim 6, is characterized in that, sensitive hash operation is carried out to the obtained second decryption string, the decryption obtained after the sensitive hash operation is performed Compare the string with the third decrypted string. If the values of the two decrypted strings are equal, the data has not been tampered with; The decrypted string is compared with the fourth decrypted string, and if the values of the two decrypted strings are equal, the data has not been tampered with. 8.一种动态秘钥对称加密的数据传输系统,其特征在于,包括:8. a data transmission system of dynamic secret key symmetric encryption, is characterized in that, comprises: 获取模块,其被配置为获取待传输的原始数据;an acquisition module configured to acquire the raw data to be transmitted; 加密模块,其被配置为基于算法的动态密钥对所获取的原始数据进行加密处理,得到加密数据;an encryption module, which is configured to perform encryption processing on the acquired original data based on the dynamic key of the algorithm to obtain encrypted data; 解密模块,其被配置为解析所述加密数据的字符串,得到解密密钥;通过所得到的解密密钥对接收到的加密数据进行解密处理,完成数据传输。A decryption module, which is configured to parse the character string of the encrypted data to obtain a decryption key; decrypt the received encrypted data through the obtained decryption key to complete data transmission. 9.一种计算机可读存储介质,其上存储有程序,其特征在于,该程序被处理器执行时实现如权利要求1-7中任一项所述的动态秘钥对称加密的数据传输方法中的步骤。9. A computer-readable storage medium on which a program is stored, characterized in that, when the program is executed by a processor, the data transmission method of the dynamic key symmetric encryption according to any one of claims 1-7 is realized steps in . 10.一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的程序,其特征在于,所述处理器执行所述程序时实现如权利要求1-7中任一项所述的动态秘钥对称加密的数据传输方法中的步骤。10. An electronic device comprising a memory, a processor and a program stored in the memory and running on the processor, wherein the processor implements any one of claims 1-7 when executing the program The steps in the data transmission method of dynamic key symmetric encryption described in item.
CN202210575469.2A 2022-05-25 2022-05-25 A method and system for data transmission using dynamic key symmetric encryption Active CN114978711B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210575469.2A CN114978711B (en) 2022-05-25 2022-05-25 A method and system for data transmission using dynamic key symmetric encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210575469.2A CN114978711B (en) 2022-05-25 2022-05-25 A method and system for data transmission using dynamic key symmetric encryption

Publications (2)

Publication Number Publication Date
CN114978711A true CN114978711A (en) 2022-08-30
CN114978711B CN114978711B (en) 2024-06-25

Family

ID=82955115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210575469.2A Active CN114978711B (en) 2022-05-25 2022-05-25 A method and system for data transmission using dynamic key symmetric encryption

Country Status (1)

Country Link
CN (1) CN114978711B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102236767A (en) * 2011-06-10 2011-11-09 上海市金山区青少年活动中心 File encryption method in combination with hash value
CN109150499A (en) * 2018-08-29 2019-01-04 深圳市迷你玩科技有限公司 Method, apparatus, computer equipment and the storage medium of dynamic encryption data
KR101942033B1 (en) * 2018-11-19 2019-01-24 동국대학교 산학협력단 Electronic device capable of decrypting code-based encrypted data in which t+a error codes are inserted and operating method thereof
CN112822228A (en) * 2019-11-15 2021-05-18 北京中电普华信息技术有限公司 A browser file encryption upload method and system based on national secret algorithm
CN112887311A (en) * 2021-01-26 2021-06-01 北京高因科技有限公司 Safety encryption method and device based on data transmission process
CN113259132A (en) * 2021-06-30 2021-08-13 平安普惠企业管理有限公司 Data transmission encryption and decryption method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102236767A (en) * 2011-06-10 2011-11-09 上海市金山区青少年活动中心 File encryption method in combination with hash value
CN109150499A (en) * 2018-08-29 2019-01-04 深圳市迷你玩科技有限公司 Method, apparatus, computer equipment and the storage medium of dynamic encryption data
KR101942033B1 (en) * 2018-11-19 2019-01-24 동국대학교 산학협력단 Electronic device capable of decrypting code-based encrypted data in which t+a error codes are inserted and operating method thereof
CN112822228A (en) * 2019-11-15 2021-05-18 北京中电普华信息技术有限公司 A browser file encryption upload method and system based on national secret algorithm
CN112887311A (en) * 2021-01-26 2021-06-01 北京高因科技有限公司 Safety encryption method and device based on data transmission process
CN113259132A (en) * 2021-06-30 2021-08-13 平安普惠企业管理有限公司 Data transmission encryption and decryption method and device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
余应刚: ""巧用Base64编码和GUID实现数据加密"", 《电脑编程技巧与维护》, 18 June 2009 (2009-06-18), pages 1 - 5 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Also Published As

Publication number Publication date
CN114978711B (en) 2024-06-25

Similar Documents

Publication Publication Date Title
CN104219228B (en) A kind of user's registration, user identification method and system
CN103684794B (en) A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
CN113225352B (en) Data transmission method and device, electronic equipment and storage medium
WO2021114891A1 (en) Key encryption method and decryption method, and, data encryption method and decryption method
CN109040067A (en) A kind of user authentication device and authentication method based on the unclonable technology PUF of physics
CN101917270B (en) Weak authentication and key agreement method based on symmetrical password
CN101378320B (en) Authentication method and system
CN111797431B (en) A Method and System for Encrypted Data Anomaly Detection Based on Symmetric Key System
WO2013117087A1 (en) Method and system for downloading file
CN110299995A (en) A kind of two-way authentication cryptographic key negotiation method and system for supporting domestic cryptographic algorithm based on RLWE
CN117857060B (en) Two-dimensional code offline verification method, system and storage medium
US20180013832A1 (en) Health device, gateway device and method for securing protocol using the same
US11088838B2 (en) Automated authentication of a new network element
CN114938304B (en) Method and system for safely transmitting industrial Internet of things data
CN110912877B (en) Data transmitting and receiving method and device based on IEC61850 model in transformer substation
CN117675285A (en) An identity verification method, chip and device
CN117201000A (en) Mass data secure communication method, equipment and medium based on temporary key agreement
CN119363318A (en) Distributed device identity authentication and access control method and system based on blockchain
CN112713995A (en) Dynamic communication key distribution method and device for terminal of Internet of things
CN115208557A (en) Data encryption method and device, electronic equipment and computer storage medium
CN114978711B (en) A method and system for data transmission using dynamic key symmetric encryption
CN115632797A (en) A secure authentication method based on zero-knowledge proof
CN112532384B (en) Method for quickly encrypting and decrypting transmission key based on packet key mode
CN119109963A (en) TLCP secure channel communication method and system for national secret intelligent password key
CN118018180A (en) Data transmission safety protection method based on encryption algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Building 1, Jinan High tech Zone Strategic Emerging Industry Base, 2966 Chunhui Road, Jinan High tech Zone, Shandong Province 250101

Patentee after: Shandong Guozi Software Co.,Ltd.

Country or region after: China

Address before: 250101 unit 4, building 5, Qilu cultural and creative base, high tech Industrial Development Zone, Jinan, Shandong Province

Patentee before: Shandong Guozi Software Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address