CN115361237B - Data encryption transmission method and system for cloud terminal interaction - Google Patents

Data encryption transmission method and system for cloud terminal interaction Download PDF

Info

Publication number
CN115361237B
CN115361237B CN202211284297.XA CN202211284297A CN115361237B CN 115361237 B CN115361237 B CN 115361237B CN 202211284297 A CN202211284297 A CN 202211284297A CN 115361237 B CN115361237 B CN 115361237B
Authority
CN
China
Prior art keywords
data
segment
image
ith
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211284297.XA
Other languages
Chinese (zh)
Other versions
CN115361237A (en
Inventor
任光海
牛节省
李丰生
刘光磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guowang Shengyuan Intelligent Terminal Technology Co ltd
Original Assignee
Beijing Guowang Shengyuan Intelligent Terminal Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guowang Shengyuan Intelligent Terminal Technology Co ltd filed Critical Beijing Guowang Shengyuan Intelligent Terminal Technology Co ltd
Priority to CN202211284297.XA priority Critical patent/CN115361237B/en
Publication of CN115361237A publication Critical patent/CN115361237A/en
Application granted granted Critical
Publication of CN115361237B publication Critical patent/CN115361237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Facsimile Transmission Control (AREA)

Abstract

The application provides a cloud terminal interactive data encryption transmission method and system, original data are processed into one-dimensional data, then the one-dimensional data are segmented (each 128 element or 512 elements are a data segment), elements in each pair of data segments are sequenced, and then the data segments are sequenced based on the sequence number of each data segment, so that the original data are encrypted, and ciphertext data are obtained. Meanwhile, when the elements of each data segment are sequenced, the corresponding unit images are generated by using the sequence change of the elements in the data segment, all the unit images are used for generating the ciphertext images which are transmitted to the terminal together, so that the terminal can conveniently decrypt the ciphertext data based on the ciphertext images to obtain the recovery data. The terminal calculates a first hash value by using the original data, and the cloud calculates a second hash value for the decrypted reduced data, so that whether the reduced data is consistent with the original data can be verified.

Description

Data encryption transmission method and system for cloud terminal interaction
Technical Field
The application relates to the technical field of data encryption transmission, in particular to a data encryption transmission method and system for cloud terminal interaction.
Background
With the rapid development of information technology, various industries have greatly promoted informatization construction. Data interaction between the cloud and the terminal is related to our aspects, and the data security significance is great.
For data interaction between cloud terminals, encryption transmission is a normal state, but the current encryption algorithm is either too complex and needs to consume a large amount of computing resources, or the encryption mode is single and the security is insufficient. How to provide a relatively simple and high-security encryption mode to realize data encryption transmission is a problem to be solved in a cloud terminal interaction scene.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data encryption transmission method and system for cloud terminal interaction, which implement encryption transmission of data in a relatively simple and high-security encryption manner.
In order to achieve the above object, embodiments of the present application are implemented as follows:
in a first aspect, an embodiment of the present application provides a data encryption transmission method for cloud terminal interaction, where a terminal establishes a communication connection with a cloud, and the method is applied to the terminal and includes: acquiring original data to be transmitted, wherein the original data is provided with n data units, and each data unit is provided with m attributes; processing the original data into an mxn matrix, and mapping the mxn matrix into one-dimensional data; performing segmentation processing on the one-dimensional data to obtain s data segments, wherein each data segment has a corresponding serial number, the number of elements in each data segment is no more than x, and the value of x is 128 or 512; sequencing the elements in the data segments according to each data segment, determining a unit image based on the sequence change of each element, obtaining s unit images in total, and determining a ciphertext image based on the s unit images; sequencing all the data segments based on the serial numbers of the data segments to obtain ciphertext data; calculating a first hash value corresponding to the original data; and respectively sending the ciphertext data, the first hash value and the ciphertext image to the cloud end so that the cloud end decrypts the ciphertext data based on the ciphertext image to obtain restored data, then calculating a second hash value corresponding to the restored data, and verifying whether the first hash value is consistent with the second hash value.
In the embodiment of the application, the original data is processed into the one-dimensional data, then the one-dimensional data is segmented (each 128 element or 512 elements is a data segment), the elements in each pair of data segments are sorted, and then the data segments are sorted based on the sequence number of each data segment, so that the original data is encrypted, and the ciphertext data is obtained. Meanwhile, when the elements of each data segment are sequenced, the sequence change of the elements in the data segment is utilized to generate corresponding unit images (the unit images can reflect the original sequence of the data so as to facilitate decryption), all the unit images are utilized to generate ciphertext images which are transmitted to the terminal together, and the terminal is facilitated to decrypt the ciphertext data based on the ciphertext images so as to obtain recovery data (if the decryption is correct and the data is not tampered, the recovery data is consistent with the original data). In order to verify whether the data is tampered in the transmission process, the original data is used for calculating a first hash value and is transmitted to the cloud, and the cloud calculates a second hash value for the decrypted restored data, so that whether the restored data is consistent with the original data or not can be verified. Therefore, the data and image cooperation mode (essentially, a key required for decryption is converted into an image, and the decryption difficulty is greatly increased compared with a text key under the condition that an encryption algorithm is not disclosed) can be utilized, and the higher security is realized through a relatively simple mode, so that the interactive data encryption transmission of the cloud terminal is realized.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the segmenting the one-dimensional data to obtain s data segments includes: dividing one-dimensional data into one data segment according to 128 data segments, if remaining elements less than 128 elements exist, independently using the remaining elements as one data segment, giving serial numbers corresponding to the data segments according to the dividing sequence of the data segments, and obtaining s data segments in total; or, dividing the one-dimensional data into one data segment according to 512 data segments, if the number of the remaining elements is less than 512, taking the remaining elements as one data segment separately, and giving the sequence numbers corresponding to the data segments according to the dividing sequence of the data segments to obtain s data segments in total.
In this implementation, the one-dimensional data may be divided into one data segment every 128 (or 512) data segments, and the data segments are numbered to obtain s data segments.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the x value is 128, the elements in the data segment are sorted, and a unit image is determined based on a change in order of each element, including: randomly ordering elements in the data segment; traversing each element in the data segment, determining the sequential change of each element, and recording the corresponding gray pixel value by adopting the following mode:
Figure 610302DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 58601DEST_PATH_IMAGE002
indicating the gray value of the ith pixel corresponding to the ith element,y i a numerical value representing the ith element sequence change, wherein the left shift and the right shift represent that the ith element sequence change is moved to the left or the right; and sequentially splicing all pixels corresponding to the elements in the data segment into a unit image, wherein the unit image is a gray image.
In this implementation, by randomly sorting the elements in the data segment and recording the order change condition of each element by using the gray scale value, the order change condition of each element can be reflected to the pixels, so that the pixels are spliced into a unit image, and the order change condition of each data segment is recorded by the unit image.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the taking a value of x is 512, sorting elements in the data segment, and determining a unit image based on a change in order of each element includes: the data segment is divided into four small segments: a first, second, third, and fourth minor segment;
randomly ordering the elements in the first small section, determining the sequence change of each element in the first small section, and recording the corresponding R channel color value by adopting the following method:
Figure 838338DEST_PATH_IMAGE003
wherein the content of the first and second substances,
Figure 233547DEST_PATH_IMAGE004
representing the R channel color value of the ith pixel corresponding to the ith element in the first small segment,y i a value representing the ith element order change in the first small section, wherein a left shift and a right shift represent whether the ith element order change in the first small section is shifted to the left or to the right;
randomly ordering the elements in the second small section, determining the sequence change of each element in the second small section, and recording the corresponding G channel color value by adopting the following method:
Figure 579078DEST_PATH_IMAGE005
wherein the content of the first and second substances,
Figure 932699DEST_PATH_IMAGE006
a G-channel color value representing the ith pixel corresponding to the ith element in the second small segment,y i a numerical value representing the ith element sequence change in the second small section, wherein the left shift and the right shift represent whether the ith element sequence change in the second small section is moved to the left or the right;
randomly ordering the elements in the third small section, determining the sequence change of each element in the third small section, and recording the corresponding B channel color value by adopting the following method:
Figure 730891DEST_PATH_IMAGE007
wherein, the first and the second end of the pipe are connected with each other,
Figure 472668DEST_PATH_IMAGE008
representing the B channel color value of the ith pixel corresponding to the ith element in the third small segment,y i a numerical value representing the ith element sequence change in the third small section, wherein the left shift and the right shift represent whether the ith element sequence change in the third small section is moved to the left or the right;
randomly ordering the elements in the fourth small section, determining the sequence change of each element in the fourth small section, and recording the corresponding color value of the channel A in the following mode:
Figure 141547DEST_PATH_IMAGE009
wherein,
Figure 666069DEST_PATH_IMAGE010
Represents the a-channel color value of the ith pixel corresponding to the ith element in the fourth small segment,y i a numerical value representing the ith element sequence change in the fourth small section, wherein the left shift and the right shift represent that the ith element sequence change in the fourth small section is moved to the left or the right;
and determining a unit image based on the R channel color value of the pixel corresponding to each element in the first small section, the G channel color value of the pixel corresponding to each element in the second small section, the B channel color value of the pixel corresponding to each element in the third small section and the A channel color value of the pixel corresponding to each element in the fourth small section, wherein the unit image is an RGBA four-channel color image.
In the implementation mode, the data segment is divided into four segments (a first segment, a second segment, a third segment and a fourth segment), elements in each segment are randomly sequenced, and sequential change conditions of each element in the four segments are recorded by using RGBA four channel color values (R, G, B and A channel color values), so that the sequential change conditions of each element in each segment can be reflected to pixels to obtain color pixel points, the pixels are spliced into a unit image, and the sequential change conditions of each data segment are recorded by the unit image.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, determining a unit image based on the R-channel color value of the pixel corresponding to each element in the first small segment, the G-channel color value of the pixel corresponding to each element in the second small segment, the B-channel color value of the pixel corresponding to each element in the third small segment, and the a-channel color value of the pixel corresponding to each element in the fourth small segment includes: and taking the R channel color value of the ith pixel corresponding to the ith element in the first small section, the G channel color value of the ith pixel corresponding to the ith element in the second small section, the B channel color value of the ith pixel corresponding to the ith element in the third small section and the A channel color value of the ith pixel corresponding to the ith element in the fourth small section as RGBA four-channel color values of the ith pixel in the unit image to obtain the ith pixel in the unit image, and accordingly splicing the 8 x 16 unit image.
In this implementation manner, an RGBA four-channel color image may be constructed as a unit image by taking the R channel color value, the G channel color value, the B channel color value, and the a channel color value of the ith pixel corresponding to the four segments as the color value of the ith pixel.
With reference to the second or third possible implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, the determining a ciphertext image based on the s unit images includes: the unit number side length of the image template is calculated by adopting the following formula:
Figure 420399DEST_PATH_IMAGE011
wherein z represents the number of image units corresponding to the side length of the image template; determining a zxz image template; and filling the s unit images into the zxz image template, and complementing the part which cannot be filled in the image template with the white unit images to obtain the ciphertext image.
In this implementation, the size of the image template (z × z image template) may be determined by using the number s of the unit images, so that the s unit images are filled into the z × z image template, and the part that cannot be filled in the image template is complemented with the white unit image, so as to obtain the ciphertext image.
With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the filling s unit images into a zxz image template includes: determining a central unit of the image template of the z multiplied by z; if the number s of the unit images is an odd number, the central unit is taken as a starting point, and s unit images are filled into the image template of z multiplied by z along the clockwise direction; if the number s of the unit images is an even number, the central unit is used as a starting point, and s unit images are filled into the image template of z × z along the counterclockwise direction in the upward direction.
In this implementation, the way of filling s unit images is determined by parity of the number s of unit images, security can be further enhanced, and the number s of unit images can be detected at the time of decryption, thereby implementing decryption.
In a second aspect, an embodiment of the present application provides a data encryption transmission method for cloud terminal interaction, where a terminal establishes a communication connection with a cloud, and the method is applied to the cloud, and includes: receiving ciphertext data, a first hash value and a ciphertext image sent by a terminal, wherein the ciphertext data, the first hash value and the ciphertext image are obtained by the terminal based on the first aspect or any one of possible implementation manners of the first aspect by using the data encryption transmission method for cloud terminal interaction; decrypting the ciphertext data based on the ciphertext image to obtain recovery data; and calculating a second hash value corresponding to the restored data, verifying whether the second hash value is consistent with the first hash value, and judging whether the ciphertext data is tampered.
In a third aspect, an embodiment of the present application provides a cloud terminal interaction system, including a cloud end and a terminal, where the cloud end establishes a communication connection, and the terminal is configured to execute the data encryption transmission method for cloud terminal interaction described in any one of the first aspect or possible implementation manners of the first aspect; the cloud terminal is used for executing the data encryption transmission method for cloud terminal interaction in the second aspect, so that data encryption transmission between the terminal and the cloud terminal is realized.
In a fourth aspect, an embodiment of the present application provides a storage medium, where the storage medium includes a stored program, where, when the program runs, a device where the storage medium is located is controlled to execute the data encryption transmission method for cloud terminal interaction according to the first aspect or any one of possible implementation manners of the first aspect, or execute the data encryption transmission method for cloud terminal interaction according to the second aspect.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram of a cloud terminal interaction system provided in an embodiment of the present application.
Fig. 2 is a flowchart of a data encryption transmission method applied to cloud terminal interaction of a terminal according to an embodiment of the present application.
Fig. 3 is a flowchart of a data encryption transmission method applied to cloud terminal interaction at a cloud end according to an embodiment of the present application.
Icon: 10-a cloud terminal interaction system; 11-a terminal; 12-cloud.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a schematic view of a cloud terminal interaction system 10 according to an embodiment of the present disclosure. In this embodiment, the cloud terminal interaction system 10 may include a cloud terminal 12 and a terminal 11, which establish a communication connection.
In this embodiment, the scheme is completely introduced by using the cases of encryption by the terminal 11 and decryption by the cloud 12, but this is not to be construed as a limitation of the present application, and in other embodiments, the scheme of encryption by the cloud 12 and decryption by the terminal 11 may also be used.
First, an encryption process is introduced, please refer to fig. 2, and fig. 2 is a flowchart of a data encryption transmission method applied to cloud terminal interaction of a terminal 11 according to an embodiment of the present application. In this embodiment, the data encryption transmission method applied to the cloud terminal interaction of the terminal 11 may include step S11, step S12, step S13, step S14, step S15, step S16, and step S17.
First, the terminal 11 may perform step S11.
Step S11: the method comprises the steps of obtaining original data to be transmitted, wherein the original data are provided with n data units, and each data unit is provided with m attributes.
In this embodiment, the terminal 11 may obtain original data to be transmitted, and for convenience of understanding, the original data is defined to have n data units, and each data unit has m attributes. Such as collected power data, each having attributes in multiple dimensions, such as frequency, peak value, etc. For another example, the user information collected by the client built in the terminal 11, for example, the user preference data collected in each unit time period, for example, multi-dimensional attribute information such as function preference, function usage duration, location information, and period information in the client.
After acquiring the original data to be transmitted, the terminal 11 may execute step S12.
Step S12: and processing the original data into an m multiplied by n matrix, and mapping the m multiplied by n matrix into one-dimensional data.
In this embodiment, the terminal 11 may process the raw data into an m × n matrix:
Figure 157410DEST_PATH_IMAGE012
, (1)
the m n matrix may then be mapped into one-dimensional data. For example, one-dimensional data may be obtained by convention by expanding the data on a column basis:
Figure 211954DEST_PATH_IMAGE013
, (2)
after obtaining the one-dimensional data, the terminal 11 may perform step S13.
Step S13: and (3) carrying out segmentation processing on the one-dimensional data to obtain s data segments, wherein each data segment has a corresponding serial number, the number of elements in each data segment is not more than x, and the value of x is 128 or 512.
In this embodiment, the terminal 11 may divide the one-dimensional data into one data segment according to 128 pieces, and if there are less than 128 remaining elements, the remaining elements are individually used as one data segment, and serial numbers corresponding to the data segments are assigned according to the dividing order of the data segments, so as to obtain s data segments in total. It should be noted that, if there are less than 128 elements in the last data segment, the 128 elements can be made up by adding 0 after the identifier is added.
In addition, the terminal 11 may divide the one-dimensional data into one data segment every 512 data segments, and if there are less than 512 remaining elements, the remaining elements are individually used as one data segment, and serial numbers corresponding to the data segments are assigned according to the division order of the data segments, so as to obtain s data segments in total. It should be noted that, if there are less than 512 elements in the last data segment, the 512 elements can be made up by adding 0 after the identifier is added.
In this way, the one-dimensional data can be divided into one data segment every 128 (or 512) data segments, and the data segments are numbered, so that s data segments are obtained. In the scheme, 128 and 512 are adopted, which can respectively correspond to two image forms (a gray scale image and an RGBA four-channel color image), and an appropriate mode is selected according to different conditions, relatively speaking, a mode corresponding to each data segment of 512 elements of the RGBA four-channel color image is adopted, so that the encryption safety is higher, and the data calculation amount is relatively larger.
After the segmentation processing is performed on the one-dimensional data to obtain S data segments, the terminal 11 may execute step S14.
Step S14: and sequencing the elements in the data segments according to each data segment, determining a unit image based on the sequence change of each element, obtaining s unit images in total, and determining a ciphertext image based on the s unit images.
In this embodiment, the terminal 11 may perform the following processing for each data segment:
first, the terminal 11 may sort the elements in the data segment, and determine a unit image based on the sequence change of each element, so as to obtain s unit images in total.
For example, for the case where x is 128, that is, each data segment contains 128 elements, the terminal 11 may randomly order the elements in the data segment.
While randomly ordered, it is desirable to determine the change in the order of each element within the data segment (e.g., element a) 11 Right-shifted by 98 bits, element a 67 Left-shifted by 23 bits, etc.), and then the corresponding gray pixel values are recorded in the following manner:
Figure 641798DEST_PATH_IMAGE014
, (3)
wherein the content of the first and second substances,
Figure 414582DEST_PATH_IMAGE015
indicating the gray value of the ith pixel corresponding to the ith element,y i the numerical value of the ith element sequence change is shown, and the left shift and the right shift show that the ith element sequence change is moved to the left or the right.
The terminal 11 may then sequentially stitch all pixels corresponding to elements in the data segment into a unit image, which is a grayscale image. The stitching method may be to stitch 8 × 16 unit images (the unit images are grayscale images) in the order of horizontal S-shape.
The elements in the data segments are randomly sequenced, and the sequence change condition of each element is recorded by utilizing the gray value, so that the sequence change condition of each element can be reflected to the pixels, the pixels are spliced into a unit image, and the sequence change condition of each data segment is recorded by the unit image. And the random sequential change of 128 elements can record the condition that the elements move left through 0,127 and the condition that the elements move right through 128,255, thereby skillfully utilizing the gray value (the range of the gray value is 0, 255) to realize the recording of the sequential change of each element.
For example, for the case where x is 512, that is, each data segment contains 512 elements, the terminal 11 may divide each data segment into four small segments: a first minor segment, a second minor segment, a third minor segment, and a fourth minor segment.
For the first small segment: the terminal 11 may randomly sort the elements in the first small segment, determine the sequence change of each element in the first small segment, and record the corresponding R channel color value in the following manner:
Figure 689706DEST_PATH_IMAGE016
, (4)
wherein the content of the first and second substances,
Figure 333177DEST_PATH_IMAGE017
representing the R channel color value of the ith pixel corresponding to the ith element in the first small segment,y i a value representing the ith element order change in the first small section, and a left shift and a right shift represent whether the ith element order change in the first small section is shifted left or right.
For the second subsection: the terminal 11 may randomly sort the elements in the second small section, determine the sequence change of each element in the second small section, and record the corresponding G channel color value in the following manner:
Figure 199502DEST_PATH_IMAGE018
, (5)
wherein, the first and the second end of the pipe are connected with each other,
Figure 928423DEST_PATH_IMAGE019
representing the G channel color value of the ith pixel corresponding to the ith element in the second small segment,y i a value representing the ith element order change in the second subsection, and a shift left and a shift right representing whether the ith element order change in the second subsection is to be shifted left or right.
For the third paragraph: the terminal 11 may randomly sort the elements in the third small section, determine the sequence change of each element in the third small section, and record the corresponding B-channel color value in the following manner:
Figure 538396DEST_PATH_IMAGE020
, (6)
wherein the content of the first and second substances,
Figure 567532DEST_PATH_IMAGE021
representing the B channel color value of the ith pixel corresponding to the ith element in the third small segment,y i a value representing the ith element order change in the third small section, and a left shift and a right shift represent whether the ith element order change in the third small section is shifted to the left or to the right.
For the fourth paragraph: the terminal 11 may randomly sort the elements in the fourth small section, determine the sequence change of each element in the fourth small section, and record the corresponding color value of the a channel in the following manner:
Figure 339179DEST_PATH_IMAGE022
, (7)
wherein, the first and the second end of the pipe are connected with each other,
Figure 289817DEST_PATH_IMAGE023
representing the a-channel color value of the ith pixel corresponding to the ith element in the fourth small segment,y i a value representing the ith element order change in the fourth small section, and a left shift and a right shift represent whether the ith element order change in the fourth small section is shifted to the left or to the right.
It should be noted that, because the processing principle for different segments is the same, the numerical signs of the element sequence changes in different segments are not additionally distinguished in this embodiment.
After determining the R-channel color value of the pixel corresponding to each element in the first segment, the G-channel color value of the pixel corresponding to each element in the second segment, the B-channel color value of the pixel corresponding to each element in the third segment, and the a-channel color value of the pixel corresponding to each element in the fourth segment in a data segment (containing 512 elements), the terminal 11 may determine a unit image based on the R-channel color value, where the unit image is an RGBA four-channel color image.
Through dividing the data section into four small segments (first small segment, the second small segment, the third small segment and the fourth small segment), carry out random sequencing to the element in every small segment, utilize four passageway color values of RGBA (R, G, B, A passageway color value) to record the order change condition of every element in four small segments respectively, thereby can reflect the change condition of every element order in every small segment in the pixel, obtain colored pixel, utilize these pixel concatenation to be a unit image, realize that the order change condition of every data section passes through unit image record.
Specifically, the terminal 11 may use an R channel color value of an ith pixel corresponding to an ith element in the first segment, a G channel color value of an ith pixel corresponding to an ith element in the second segment, a B channel color value of an ith pixel corresponding to an ith element in the third segment, and an a channel color value of an ith pixel corresponding to an ith element in the fourth segment as RGBA four channel color values of an ith pixel in the unit image to obtain an ith pixel in the unit image, and accordingly, the unit image of 8 × 16 is spliced.
Thus, the R channel color value, the G channel color value, the B channel color value and the A channel color value of the ith pixel corresponding to the ith pixel in the four small segments can be used as the color value of the ith pixel, and an RGBA four-channel color image is constructed to be used as a unit image.
After each data segment is processed by adopting the method, s unit images are obtained in total.
After that, the terminal 11 may determine a ciphertext image based on the s unit images.
In this embodiment, the terminal 11 may calculate the side length of the unit number of the image template by using the following formula:
Figure 703481DEST_PATH_IMAGE024
, (8)
wherein z represents the number of image units corresponding to the side length of the image template,
Figure 55965DEST_PATH_IMAGE025
presentation pair
Figure 529672DEST_PATH_IMAGE026
And (6) taking the whole.
Then, the terminal 11 may determine a zxz image template, and then fill the z × z image template with s unit images, and complement the portion that cannot be filled in the image template with a white unit image, thereby obtaining a ciphertext image.
The size of the image template (the image template of z × z) can be determined by using the number s of the unit images, so that the s unit images are filled into the image template of z × z, and the part which cannot be filled in the image template is complemented by the white unit images to obtain the ciphertext image.
Illustratively, the terminal 11 may determine the center cell of the image template of z × z, i.e., the cell located at the center most (8 × 16 cell) of the image template. Then, the terminal 11 may make a judgment on the number s of unit images:
if the number s of unit images is odd, the terminal 11 may fill s unit images into the zxz image template clockwise in the upward direction from the center unit as a starting point.
If the number s of unit images is even, the terminal 11 may fill s unit images into the z × z image template counterclockwise in the upward direction (or the downward direction) starting from the central unit.
The way of filling s unit images is determined by the parity of the number s of unit images, so that the security can be further enhanced, and the number s of unit images can be detected during decryption, thereby realizing decryption.
Thus, the ciphertext image may be determined based on the s unit images. After the ciphertext image is determined, the terminal 11 may perform step S15.
Step S15: and sequencing all the data segments based on the sequence numbers of the data segments to obtain ciphertext data.
In this embodiment, the terminal 11 may sort all the data segments based on the sequence numbers of the data segments (where the data segments used for calculating the ciphertext data are the data segments that have undergone the random order transformation process), so as to obtain the ciphertext data.
After obtaining the ciphertext data, the terminal 11 may further execute step S16.
Step S16: and calculating a first hash value corresponding to the original data.
In this embodiment, the terminal 11 may calculate a first hash value corresponding to the original data, where the MD5 Message-Digest Algorithm (MD 5 Message-Digest Algorithm) may be used to calculate the first hash value. Further, the raw data may be normalized to a certain degree and then the corresponding first hash value may be calculated (however, when verification is performed after decryption is required, the same normalization process may be used and then the second hash value may be calculated).
After calculating the first hash value corresponding to the original data, the terminal 11 may execute step S17.
Step S17: and respectively sending the ciphertext data, the first hash value and the ciphertext image to the cloud end so that the cloud end decrypts the ciphertext data based on the ciphertext image to obtain restored data, then calculating a second hash value corresponding to the restored data, and verifying whether the first hash value is consistent with the second hash value.
In this embodiment, the terminal 11 may send the ciphertext data, the first hash value, and the ciphertext image to the cloud 12, so that the cloud 12 decrypts the ciphertext data based on the ciphertext image, calculates a second hash value corresponding to the restored data after obtaining the restored data, and verifies whether the first hash value is consistent with the second hash value.
The original data is processed into one-dimensional data, then the one-dimensional data is segmented (each 128 element or 512 elements is a data segment), the elements in each pair of data segments are sequenced, and then the data segments are sequenced based on the sequence number of each data segment, so that the original data is encrypted, and ciphertext data is obtained. Meanwhile, when the elements of each data segment are sequenced, the sequence change of the elements in the data segment is utilized to generate corresponding unit images (the unit images can reflect the original sequence of the data so as to facilitate decryption), all the unit images are utilized to generate ciphertext images which are transmitted to the terminal 11 together, and the terminal 11 is facilitated to decrypt the ciphertext data based on the ciphertext images so as to obtain recovery data (if the decryption is correct and the data is not tampered, the recovery data is consistent with the original data). In order to verify whether the data is tampered in the transmission process, the original data is used for calculating a first hash value and is transmitted to the cloud end 12, the cloud end 12 calculates a second hash value for the decrypted restored data, and then whether the restored data is consistent with the original data or not can be verified. Therefore, by means of a data and image cooperation mode (essentially, a key required for decryption is converted into an image, and compared with a text key, the decryption difficulty is greatly increased under the condition that an encryption algorithm is not disclosed), higher safety is achieved through a relatively simple mode, and data encryption transmission of cloud terminal interaction is achieved.
In order to facilitate understanding of the decryption process in the present embodiment, the cloud 12 decryption is taken as an example in this embodiment.
Referring to fig. 3, fig. 3 is a flowchart of a data encryption transmission method applied to cloud terminal interaction of the cloud end 12 according to an embodiment of the present disclosure. The data encryption transmission method applied to the cloud terminal interaction of the cloud terminal 12 may include step S21, step S22, and step S23.
To implement data decryption, first, the cloud 12 may perform step S21.
Step S21: and receiving ciphertext data, a first hash value and a ciphertext image sent by a terminal, wherein the ciphertext data, the first hash value and the ciphertext image are obtained by the terminal 11 based on a data encryption transmission method of cloud terminal interaction.
The cloud 12 may receive the ciphertext data, the first hash value, and the ciphertext image sent by the terminal 11.
After receiving the ciphertext data, the first hash value, and the ciphertext image sent by the terminal 11, the cloud 12 may execute step S22.
Step S22: and decrypting the ciphertext data based on the ciphertext image to obtain reduction data.
In this embodiment, the process of decrypting the ciphertext data based on the ciphertext image is substantially the inverse process of the encryption by the cloud 12.
Firstly, the cloud 12 can identify the ciphertext image, determine the number of unit images of the ciphertext image, eliminate the filled blank unit images during identification, thereby obtaining the number s of the unit images, and then restore the serial number of each unit image according to the parity of the number s of the unit images.
Then, corresponding to a unit image and a data segment (a data segment after random sequence transformation) with the same sequence number, reading a gray value (or RGBA four-channel color value) of each pixel in the unit image in an agreed mode to obtain a sequence change condition of each element in the data segment, sequentially adjusting each element in the data segment after random sequence transformation according to the sequence change condition to restore the data segment into a data segment of which the elements are not transformed in a random sequence, splicing all the data segments into one-dimensional data according to the sequence number of the data segment (the elements are not transformed in a random sequence), restoring the one-dimensional data into an m x n matrix form, and restoring the data in the m x n matrix form to obtain restored data.
After obtaining the restored data, the cloud 12 may further perform step S23 to verify whether the data is tampered.
Step S23: and calculating a second hash value corresponding to the restored data, verifying whether the second hash value is consistent with the first hash value, and judging whether the ciphertext data is tampered.
In this embodiment, the cloud 12 may calculate the hash value by using the same algorithm agreed with the terminal 11, for example, calculating a second hash value of the restored data by using an MD5 message digest algorithm, and then the cloud 12 may compare whether the second hash value is consistent with the first hash value. And if the data are consistent, the restored data are correct and are not tampered.
Therefore, data encryption transmission of cloud terminal interaction can be achieved.
The embodiment of the application provides a storage medium, which comprises a stored program, wherein when the program runs, a data encryption transmission method which is executed by a terminal 11 where the storage medium is located and applied to cloud terminal interaction of the terminal 11 is controlled, or a data encryption transmission method which is executed by a cloud terminal 12 where the storage medium is located and applied to cloud terminal interaction of the cloud terminal 12 is controlled.
To sum up, the embodiment of the present application provides a data encryption transmission method and system for cloud terminal interaction, where original data is processed into one-dimensional data, the one-dimensional data is segmented (each 128 or 512 elements is a data segment), elements in each pair of data segments are sorted, and then the data segments are sorted based on a sequence number of each data segment, so that encryption of the original data is achieved, and ciphertext data is obtained. Meanwhile, when the elements of each data segment are sequenced, the sequence change of the elements in the data segment is utilized to generate corresponding unit images (the unit images can reflect the original sequence of the data so as to facilitate decryption), all the unit images are utilized to generate ciphertext images which are transmitted to the terminal 11 together, and the terminal 11 is facilitated to decrypt the ciphertext data based on the ciphertext images so as to obtain recovery data (if the decryption is correct and the data is not tampered, the recovery data is consistent with the original data). In order to verify whether the data is tampered in the transmission process, the first hash value is calculated by using the original data and transmitted to the cloud 12, and the cloud 12 calculates the second hash value of the decrypted restored data, so that whether the restored data is consistent with the original data can be verified. Therefore, by means of a data and image cooperation mode (essentially, a key required for decryption is converted into an image, and compared with a text key, the decryption difficulty is greatly increased under the condition that an encryption algorithm is not disclosed), higher safety is achieved through a relatively simple mode, and data encryption transmission of cloud terminal interaction is achieved.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A data encryption transmission method for cloud terminal interaction is characterized in that a terminal establishes communication connection with a cloud end, and the method is applied to the terminal and comprises the following steps:
acquiring original data to be transmitted, wherein the original data is provided with n data units, and each data unit is provided with m attributes;
processing the original data into an mxn matrix, and mapping the mxn matrix into one-dimensional data;
the one-dimensional data is segmented to obtain s data segments, wherein each data segment has a corresponding serial number, the number of elements in each data segment is not more than x, and the value of x is 128 or 512;
sequencing elements in the data segments aiming at each data segment, determining a unit image based on the sequence change of each element, obtaining s unit images in total, and determining a ciphertext image based on the s unit images;
sequencing all the data segments based on the serial numbers of the data segments to obtain ciphertext data;
calculating a first hash value corresponding to the original data;
and respectively sending the ciphertext data, the first hash value and the ciphertext image to the cloud end so that the cloud end decrypts the ciphertext data based on the ciphertext image to obtain restored data, then calculating a second hash value corresponding to the restored data, and verifying whether the first hash value is consistent with the second hash value.
2. The cloud terminal interactive data encryption transmission method according to claim 1, wherein the step of performing segmentation processing on the one-dimensional data to obtain s data segments comprises:
dividing one-dimensional data into one data segment according to 128 data segments, if remaining elements less than 128 elements exist, independently using the remaining elements as one data segment, giving serial numbers corresponding to the data segments according to the dividing sequence of the data segments, and obtaining s data segments in total;
or, dividing the one-dimensional data into one data segment according to 512 data segments, if the number of the remaining elements is less than 512, taking the remaining elements as one data segment separately, and giving the sequence numbers corresponding to the data segments according to the dividing sequence of the data segments to obtain s data segments in total.
3. The cloud terminal interactive data encryption transmission method according to claim 1, wherein the value of x is 128, the elements in the data segment are sorted, and a unit image is determined based on the sequence change of each element, including:
randomly ordering elements in the data segment;
traversing each element in the data segment, determining the sequential change of each element, and recording the corresponding gray pixel value by adopting the following mode:
Figure 123917DEST_PATH_IMAGE001
wherein, the first and the second end of the pipe are connected with each other,
Figure 75693DEST_PATH_IMAGE002
indicating the gray value of the ith pixel corresponding to the ith element,y i a numerical value representing the ith element sequence change, wherein the left shift and the right shift represent that the ith element sequence change is moved to the left or the right;
and sequentially splicing all pixels corresponding to the elements in the data segment into a unit image, wherein the unit image is a gray image.
4. The method for encrypting and transmitting data interacted with the cloud terminal according to claim 1, wherein a value of x is 512, elements in the data segment are sorted, and a unit image is determined based on a sequence change of each element, which includes:
the data segment is divided into four small segments: a first minor segment, a second minor segment, a third minor segment, and a fourth minor segment;
randomly ordering the elements in the first small section, determining the sequence change of each element in the first small section, and recording the corresponding R channel color value by adopting the following method:
Figure 79421DEST_PATH_IMAGE003
wherein the content of the first and second substances,
Figure 192870DEST_PATH_IMAGE004
an R-channel color value representing the ith pixel corresponding to the ith element in the first small segment,y i a numerical value representing the ith element order change in the first subsection, and a left shift and a right shift represent whether the ith element order change in the first subsection moves to the left or to the right;
randomly ordering the elements in the second small section, determining the sequence change of each element in the second small section, and recording the corresponding G channel color value by adopting the following method:
Figure 649260DEST_PATH_IMAGE005
wherein, the first and the second end of the pipe are connected with each other,
Figure 404726DEST_PATH_IMAGE006
representing the G channel color value of the ith pixel corresponding to the ith element in the second small segment,y i a numerical value representing the ith element order change in the second small section, wherein a left shift and a right shift represent whether the ith element order change in the second small section is moved to the left or to the right;
randomly ordering the elements in the third small section, determining the sequence change of each element in the third small section, and recording the corresponding B channel color value by adopting the following method:
Figure 466223DEST_PATH_IMAGE007
wherein the content of the first and second substances,
Figure 750574DEST_PATH_IMAGE008
representing the B channel color value of the ith pixel corresponding to the ith element in the third small segment,y i a numerical value representing the ith element sequence change in the third small section, wherein the left shift and the right shift represent whether the ith element sequence change in the third small section is moved to the left or the right;
randomly ordering the elements in the fourth small section, determining the sequence change of each element in the fourth small section, and recording the corresponding color value of the channel A in the following mode:
Figure 694259DEST_PATH_IMAGE009
wherein the content of the first and second substances,
Figure 722258DEST_PATH_IMAGE010
represents the a-channel color value of the ith pixel corresponding to the ith element in the fourth small segment,y i a numerical value representing the ith element order change in the fourth subsection, and a left shift and a right shift represent whether the ith element order change in the fourth subsection moves to the left or to the right;
and determining a unit image based on the R channel color value of the pixel corresponding to each element in the first small section, the G channel color value of the pixel corresponding to each element in the second small section, the B channel color value of the pixel corresponding to each element in the third small section and the A channel color value of the pixel corresponding to each element in the fourth small section, wherein the unit image is an RGBA four-channel color image.
5. The data encryption transmission method for cloud terminal interaction according to claim 4, wherein determining a unit image based on an R channel color value of a pixel corresponding to each element in the first small segment, a G channel color value of a pixel corresponding to each element in the second small segment, a B channel color value of a pixel corresponding to each element in the third small segment, and an A channel color value of a pixel corresponding to each element in the fourth small segment includes:
and taking the R channel color value of the ith pixel corresponding to the ith element in the first small section, the G channel color value of the ith pixel corresponding to the ith element in the second small section, the B channel color value of the ith pixel corresponding to the ith element in the third small section and the A channel color value of the ith pixel corresponding to the ith element in the fourth small section as RGBA four-channel color values of the ith pixel in the unit image to obtain the ith pixel in the unit image, and accordingly splicing the 8 x 16 unit image.
6. The cloud terminal interactive data encryption transmission method according to claim 3 or 4, wherein determining the ciphertext image based on the s unit images comprises:
the unit number side length of the image template is calculated by adopting the following formula:
Figure 903840DEST_PATH_IMAGE011
wherein z represents the number of image units corresponding to the side length of the image template;
determining a zxz image template;
and filling the s unit images into the zxz image template, and complementing the part which cannot be filled in the image template with the white unit images to obtain the ciphertext image.
7. The data encryption transmission method for cloud terminal interaction according to claim 6, wherein padding s unit images into a zxz image template comprises:
determining a central unit of the image template of z multiplied by z;
if the number s of the unit images is an odd number, the central unit is taken as a starting point, and s unit images are filled into the image template of z multiplied by z along the clockwise direction;
if the number s of the unit images is even, the central unit is used as a starting point, and s unit images are filled into the image template of z × z along the counterclockwise direction in the upward direction.
8. A data encryption transmission method for cloud terminal interaction is characterized in that a terminal establishes communication connection with a cloud end, and the method is applied to the cloud end and comprises the following steps:
receiving ciphertext data, a first hash value and a ciphertext image sent by a terminal, wherein the ciphertext data, the first hash value and the ciphertext image are obtained by the terminal based on the data encryption transmission method for cloud terminal interaction of any one of claims 1 to 7;
decrypting the ciphertext data based on the ciphertext image to obtain reduction data;
and calculating a second hash value corresponding to the restored data, verifying whether the second hash value is consistent with the first hash value, and judging whether the ciphertext data is tampered.
9. A cloud terminal interaction system is characterized by comprising a cloud end and a terminal which establish communication connection,
the terminal is used for executing the data encryption transmission method of the cloud terminal interaction in any one of claims 1 to 7;
the cloud terminal is used for executing the data encryption transmission method for cloud terminal interaction according to claim 8, and data encryption transmission between the terminal and the cloud terminal is achieved.
10. A storage medium, characterized in that the storage medium includes a stored program, and when the program runs, the device where the storage medium is located is controlled to execute the data encryption transmission method for cloud terminal interaction according to any one of claims 1 to 7, or execute the data encryption transmission method for cloud terminal interaction according to claim 8.
CN202211284297.XA 2022-10-20 2022-10-20 Data encryption transmission method and system for cloud terminal interaction Active CN115361237B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211284297.XA CN115361237B (en) 2022-10-20 2022-10-20 Data encryption transmission method and system for cloud terminal interaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211284297.XA CN115361237B (en) 2022-10-20 2022-10-20 Data encryption transmission method and system for cloud terminal interaction

Publications (2)

Publication Number Publication Date
CN115361237A CN115361237A (en) 2022-11-18
CN115361237B true CN115361237B (en) 2022-12-16

Family

ID=84008958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211284297.XA Active CN115361237B (en) 2022-10-20 2022-10-20 Data encryption transmission method and system for cloud terminal interaction

Country Status (1)

Country Link
CN (1) CN115361237B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763762A (en) * 2014-12-17 2016-07-13 青岛海信电器股份有限公司 Image encryption and decryption method and apparatus
CN108769036A (en) * 2018-06-04 2018-11-06 浙江十进制网络有限公司 Data processing system based on cloud system and processing method
CN114036542A (en) * 2021-11-15 2022-02-11 阿里巴巴(中国)有限公司 Data encryption and decryption method and computer storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008146391A1 (en) * 2007-05-31 2008-12-04 Pfu Limited Electronic data encryption system, decryption system, program and method for the same
WO2009144796A1 (en) * 2008-05-29 2009-12-03 株式会社Pfu Electronic document processing system, method, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763762A (en) * 2014-12-17 2016-07-13 青岛海信电器股份有限公司 Image encryption and decryption method and apparatus
CN108769036A (en) * 2018-06-04 2018-11-06 浙江十进制网络有限公司 Data processing system based on cloud system and processing method
CN114036542A (en) * 2021-11-15 2022-02-11 阿里巴巴(中国)有限公司 Data encryption and decryption method and computer storage medium

Also Published As

Publication number Publication date
CN115361237A (en) 2022-11-18

Similar Documents

Publication Publication Date Title
WO2021238527A1 (en) Digital signature generation method and apparatus, computer device, and storage medium
JP4625841B2 (en) System and method for digital content security
CN113824728B (en) Network communication method and system based on data encryption
JPH11355558A (en) Watermark inserting device
CN111800257A (en) 3D model encryption transmission method and decryption method
US7751556B2 (en) Apparatus and method of generating falsification detecting data of encrypted data in the course of process
CN114285562B (en) Data encryption method and device
CN114186264A (en) Data random encryption and decryption method, device and system
CN114417364A (en) Data encryption method, federal modeling method, apparatus and computer device
CN112287366A (en) Data encryption method and device, computer equipment and storage medium
CN114785524A (en) Electronic seal generation method, device, equipment and medium
CN116800547B (en) Big data-based information processing method, device, equipment and storage medium
EP2286610B1 (en) Techniques for peforming symmetric cryptography
CN115361237B (en) Data encryption transmission method and system for cloud terminal interaction
CN114390318B (en) User data encryption and decryption method and device and electronic equipment
EP4084484A1 (en) Method and device for encryption of video stream, communication equipment, and storage medium
KR20030022484A (en) Method for an Encryption of Multimedia Data
CN115085983A (en) Data processing method and device, computer readable storage medium and electronic equipment
CN111130788B (en) Data processing method and system, data reading method and iSCSI server
RU2477891C1 (en) Method of detecting modification of electronic image (versions)
CN116743461B (en) Commodity data encryption method and device based on time stamp
KR102234542B1 (en) Blockchain-based video asset management method
CN111429119B (en) Blockchain technology for encryption, payment, inquiry and submission of digital currency
CN117077172A (en) Bid file encryption and decryption method and system based on block chain technology
EP4024755A1 (en) Secured performance of an elliptic curve cryptographic process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant