CN115378614A - Data transmission method and device and electronic equipment - Google Patents
Data transmission method and device and electronic equipment Download PDFInfo
- Publication number
- CN115378614A CN115378614A CN202211031545.XA CN202211031545A CN115378614A CN 115378614 A CN115378614 A CN 115378614A CN 202211031545 A CN202211031545 A CN 202211031545A CN 115378614 A CN115378614 A CN 115378614A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- owner
- transmitted
- sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a data transmission method, a data transmission device and electronic equipment, wherein a hash value of data to be transmitted is calculated by using a hash algorithm and is used as an integrity check code, the data to be transmitted and the integrity check code are combined to obtain first data, a public key of a data owner, an authorization key of data providing equipment and a timing jump key are obtained, the authorization key and the timing jump key are connected, a connection result is converted into a binary sequence, a first data sequence which corresponds to the binary sequence and has the same length as that of the first data is generated, the first data sequence and the first data are subjected to bitwise XOR operation to obtain second data, the public key of the data owner is used for carrying out encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to data receiving equipment. According to the invention, the data to be transmitted which needs to be sent to the data receiving equipment is output after being subjected to complex encryption operation for multiple times by the data providing equipment, so that the data leakage probability is reduced, and the safety and the reliability are improved.
Description
Technical Field
The present invention relates to the field of data transmission, and in particular, to a data transmission method, an apparatus, and an electronic device.
Background
The data provider receives and stores the data of the data owner through the network, and can provide relevant data to the outside under the permission of the data owner, such as providing the data of the data owner to the data receiver.
However, in the process of providing data to the data receiving side by the data providing side, the data providing side is vulnerable to attack, which results in leakage of the transmitted data, and therefore, how to ensure the security and reliability of data transmission when data transmission is performed is a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a data transmission method, a data transmission device and an electronic device, so as to solve the problem that security and reliability of data transmission need to be ensured when data transmission is performed.
In order to solve the technical problem, the invention adopts the following technical scheme:
a data transmission method is applied to data providing equipment, the data providing equipment stores data to be transmitted of at least one data owner, and the data transmission method comprises the following steps:
acquiring data to be transmitted of the data owner;
calculating a hash value of the data to be transmitted by using a hash algorithm, and taking the hash value as an integrity check code;
combining the data to be transmitted with the integrity check code to obtain first data;
acquiring a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on the updating period of the data to be transmitted;
connecting the authorization key of the data providing equipment with the timing jump key, and converting a connection result into a binary sequence;
generating a first data sequence which corresponds to the binary sequence and has the same length as the first data;
carrying out bitwise XOR operation on the first data sequence and the first data to obtain second data;
the method comprises the steps of carrying out encryption operation on second data by using a public key of a data owner to obtain encrypted data, sending the encrypted data to data receiving equipment to enable the data receiving equipment to receive the encrypted data sent by data providing equipment, obtaining a private key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained in advance through calculation based on an update cycle of the data to be transmitted, carrying out decryption operation on the encrypted data by using the private key of the data owner to obtain third data, connecting the authorization key of the data providing equipment with the timing jump key, converting a connection result into a binary sequence, generating a second data sequence which corresponds to the binary sequence and is the same as the third data in length, carrying out bitwise XOR operation on the second data sequence and the third data to obtain fourth data, and extracting the data to be transmitted and an integrity check code of the data owner from the fourth data.
Optionally, generating a first data sequence corresponding to the binary sequence and having a length equal to that of the first data includes:
and inputting the binary sequence into a shift register to obtain a first data sequence with the length being the same as that of the first data.
Optionally, the method further comprises:
and sending the authorization key of the data providing equipment to the data owner so that the data owner sends the authorization key of the data providing equipment and the private key of the data owner to the data receiving equipment.
Optionally, the data providing device obtains a communication channel of a public key of the data owner and a communication channel that sends the encrypted data to the data receiving device are physically separated.
A data transmission method is applied to a data receiving device, and comprises the following steps:
receiving encrypted data sent by data providing equipment; the generation process of the encrypted data comprises the following steps: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence which corresponds to the binary sequence and has the same length as the first data, performs bitwise XOR operation on the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data;
acquiring a private key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on the updating period of the data to be transmitted;
decrypting the encrypted data by using a private key of the data owner to obtain third data;
connecting the authorization key of the data providing equipment with the timing jump key, and converting a connection result into a binary sequence;
generating a second data sequence corresponding to the binary sequence and having the same length as the third data;
performing bitwise XOR operation on the second data sequence and the third data to obtain fourth data;
and extracting the data to be transmitted and the integrity check code of the data owner from the fourth data.
Optionally, extracting the data to be transmitted and the integrity check code of the data owner from the fourth data includes:
extracting the data of the designated digit in the fourth data and using the data as an integrity check code;
calculating the data of the non-specified digit in the fourth data by using a hash algorithm to obtain a hash calculation result;
and if the hash calculation result is the same as the integrity check code, taking the data with the non-specified digits in the fourth data as the data to be transmitted for extracting all parties of the data from the fourth data.
Optionally, the method further comprises:
receiving an authorization key of the data providing equipment and a private key of the data owner, which are sent by the data owner after receiving the authorization key of the data providing equipment;
wherein, the channel for receiving the authorization key of the data providing device and the private key of the data owner and the communication channel for receiving the encrypted data sent by the data providing device are physically separated.
A data transmission device is applied to data providing equipment, the data providing equipment stores data to be transmitted of at least one data owner, and the data transmission device comprises:
the data acquisition module is used for acquiring data to be transmitted of the data owner;
the check code calculation module is used for calculating a hash value of the data to be transmitted by using a hash algorithm and taking the hash value as an integrity check code;
the data combination module is used for combining the data to be transmitted and the integrity check code to obtain first data;
the key acquisition module is used for acquiring a public key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained by calculation in advance based on the update cycle of the data to be transmitted;
a result conversion module, configured to connect the authorization key of the data providing device with the timing jump key, and convert a connection result into a binary sequence;
a sequence generating module, configured to generate a first data sequence corresponding to the binary sequence and having a length equal to that of the first data;
an exclusive-or operation module, configured to perform bitwise exclusive-or operation on the first data sequence and the first data to obtain second data;
the data sending module is configured to perform an encryption operation on the second data by using the public key of the data owner to obtain encrypted data, send the encrypted data to the data receiving device, so that the data receiving device receives the encrypted data sent by the data providing device, obtain a private key of the data owner, an authorization key of the data providing device, and a timing jump key calculated in advance based on an update period of the data to be transmitted, perform a decryption operation on the encrypted data by using the private key of the data owner to obtain third data, connect the authorization key of the data providing device with the timing jump key, convert a connection result into a binary sequence, generate a second data sequence corresponding to the binary sequence and having a length equal to that of the third data, perform a bitwise exclusive-or operation on the second data sequence and the third data to obtain fourth data, and extract the data to be transmitted and an integrity check code of the data owner from the fourth data.
A data transmission device is applied to a data receiving device, and comprises:
the data receiving module is used for receiving the encrypted data sent by the data providing equipment; the generation process of the encrypted data comprises the following steps: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence corresponding to the binary sequence and having the same length as the first data, performs bitwise XOR operation on the first data sequence and the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data;
the information acquisition module is used for acquiring a private key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained by calculation in advance based on the updating period of the data to be transmitted;
the decryption module is used for decrypting the encrypted data by using a private key of the data owner to obtain third data;
a result processing module, configured to connect the authorization key of the data providing device with the timing hopping key, and convert a connection result into a binary sequence;
the sequence processing module is used for generating a second data sequence which corresponds to the binary sequence and has the same length as the third data;
the data processing module is used for carrying out bitwise XOR operation on the second data sequence and the third data to obtain fourth data;
and the data extraction module is used for extracting the data to be transmitted and the integrity check code of the data owner from the fourth data.
An electronic device, comprising: a memory and a processor;
wherein the memory is used for storing programs;
the processor calls a program and is used to execute the above-described data transmission method applied to the data providing apparatus or to execute the above-described data transmission method applied to the data receiving apparatus.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a data transmission method, a data transmission device and electronic equipment, wherein the data to be transmitted of a data owner is obtained, a hash value of the data to be transmitted is calculated by using a hash algorithm and is used as an integrity check code, the data to be transmitted and the integrity check code are combined to obtain first data, a public key of the data owner, an authorization key of data providing equipment and a timing jump key which is calculated in advance based on an update cycle of the data to be transmitted are obtained, the authorization key of the data providing equipment and the timing jump key are connected, a connection result is converted into a binary sequence, a first data sequence which corresponds to the binary sequence and has the same length as that of the first data is generated, the first data sequence and the first data are subjected to bitwise XOR operation to obtain second data, the public key of the data owner is used for carrying out encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to data receiving equipment. According to the invention, the data to be transmitted which needs to be sent to the data receiving equipment is sent to the data receiving equipment after being subjected to multiple complex encryption operations by the data providing equipment, so that the probability of data leakage caused by data attack is reduced, and the safety and reliability of data transmission are improved. In addition, the invention uses the public key of the data owner and the authorization key of the data providing device to encrypt the data, thereby realizing the authorization permission of the data owner and ensuring that the data transmission is carried out under the authorization permission of the data owner.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for data transmission according to an embodiment of the present invention;
fig. 2 is a flowchart of another data transmission method according to an embodiment of the present invention;
fig. 3 is a flowchart of a method of another data transmission method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data transmission apparatus applied to a data providing device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data transmission apparatus applied to a data receiving device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The data provider receives and stores the data of the data owner through the network, and can provide relevant data to the outside under the permission of the data owner, such as providing the data of the data owner to the data receiver. In the process of providing data to a data receiver by a data provider, the data provider is vulnerable to attack, which results in leakage of transmitted data, and therefore, how to ensure the security and reliability of data transmission when data transmission is performed is a technical problem that needs to be solved by those skilled in the art.
In addition, when the data provider sends data to the data receiver, the data provider needs to be permitted by the data owner, and how to implement the permission is a technical problem that needs to be solved by those skilled in the art.
In order to solve the problem, the invention provides a data transmission method, a data transmission device and electronic equipment, wherein to-be-transmitted data of a data owner is obtained, a hash value of the to-be-transmitted data is calculated by using a hash algorithm and is used as an integrity check code, the to-be-transmitted data and the integrity check code are combined to obtain first data, a public key of the data owner, an authorization key of the data providing equipment and a timing jump key which is calculated in advance based on an update cycle of the to-be-transmitted data are obtained, the authorization key of the data providing equipment and the timing jump key are connected, a connection result is converted into a binary sequence, a first data sequence which corresponds to the binary sequence and has the same length as that of the first data is generated, the first data sequence and the first data are subjected to bitwise exclusive or operation to obtain second data, the public key of the data owner is used for carrying out encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to data receiving equipment. In the invention, the data to be transmitted which needs to be sent to the data receiving equipment is sent to the data receiving equipment after being subjected to complex encryption operation for multiple times by the data providing equipment, so that the probability of data leakage caused by data attack is reduced, and the safety and reliability of data transmission are improved. In addition, the invention uses the public key of the data owner and the authorization key of the data providing device to encrypt the data, thereby realizing the authorization permission of the data owner and ensuring that the data transmission is carried out under the authorization permission of the data owner.
On the basis of the above, an embodiment of the present invention provides a data transmission method, which is applied to a data providing device, where the data providing device is a data provider. The data providing device stores data to be transmitted of at least one data owner, and in this embodiment, the number of the data owners may be set according to an actual scene, such as one or more data owners.
Referring to fig. 1, the data transmission method may include:
s11, obtaining the data to be transmitted of the data owner.
In this embodiment, the data to be transmitted of the data owner may be pre-stored in the data providing device, and the data providing device locally obtains the data to be transmitted of the data owner. The data to be transmitted can be represented by Dn, and for S1, 8230, sn, the data to be transmitted is represented by D1, 8230, dn, wherein n is a positive integer.
And S12, calculating a hash value of the data to be transmitted by using a hash algorithm, and using the hash value as an integrity check code.
In this embodiment, the hash algorithm may be any hash algorithm such as a secret SM3 hash algorithm, for example, the data Dn to be transmitted uses the secret SM3 hash algorithm to generate a 256-bit hash value Hn, which is used as the integrity check code.
S13, combining the data to be transmitted and the integrity check code to obtain first data.
In this embodiment, the data Dn to be transmitted is combined with the integrity check code Hn, and when the data Dn to be transmitted is in front of the integrity check code Hn, the first data An can be obtained.
S14, obtaining a public key of the data owner, an authorization key of the data providing equipment and a timing jump key obtained by calculation in advance based on the updating period of the data to be transmitted.
The data provider P in this embodiment encrypts the first data An using three keys:
(1) an authorization key Kn of the data providing device sent to the data owner Sn;
(2) a data provider P and a data receiver R agree on a regular timing jump key Knt which jumps at regular time according to a period t;
(3) the public key Knp of the data owner.
In practical application, the data owner can generate an asymmetric key by using a secret SM2 (elliptic curve asymmetric encryption) algorithm, wherein the asymmetric key comprises a public key Knp and a private key Knr. The data provider P may generate a plurality of authorization keys K1, \8230;, kn, respectively, corresponding to the data owners S1, \8230;, sn, one-to-one, the data provider sends the respective authorization keys K1, \8230;, 8230;, kn, respectively, to the data owners S1, \8230;, sn, through a communication channel physically isolated from T (used to transmit encrypted data). After the data providing device sends the authorization key of the data providing device to the data owner, the data owner can send the authorization key K1, \8230;, kn of the data providing device and the private key Knr of the data owner to the data receiving device through a communication channel physically isolated from T. The data owner Sn also informs the data provider P of the public key Knp through a communication channel that is physically isolated from T.
The method comprises the steps of providing a data owner S1, 8230, providing a data owner Sn, transmitting data D1, 8230, providing a data provider P, and providing a data provider P with a set time limit, wherein Dn is stored on a server of the data provider P, and the data of the data owner Sn is stored in a set mode and is updated according to the fixed time limit t. The timing jump key in this embodiment is calculated based on the update period of the data to be transmitted, and specifically, the generation time of the data Dn generated according to the period t is encrypted by using a cryptographic SM3 hash algorithm to obtain a 256-bit timing jump key Knt.
In this embodiment, the public key of the data owner, the authorization key of the data providing device, and the timing hopping key calculated in advance based on the update period of the to-be-transmitted data may be stored locally in advance, and the data providing device may obtain the timing hopping key locally.
And S15, connecting the authorization key of the data providing equipment with the timing jump key, and converting the connection result into a binary sequence.
Specifically, the authorization key Kn and the timing hopping key Knt of the data providing device are connected and then converted into a binary sequence.
And S16, generating a first data sequence which corresponds to the binary sequence and has the same length as the first data.
Specifically, the binary sequence is input into a shift register, and a first data sequence having the same length as the first data is obtained.
Specifically, the binary sequence is fed as a register initial value d into a linear feedback shift register sequence (also referred to as An m-sequence) to generate a first data sequence Mn having the same length as the first data An.
S17, carrying out bitwise XOR operation on the first data sequence and the first data to obtain second data.
Specifically, the first data An and the first data sequence Mn are subjected to bitwise xor to obtain second data Bn.
S18, the public key of the data owner is used for carrying out encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to data receiving equipment.
When the encrypted data is sent to the data receiving equipment, a T channel can be adopted, so that the communication channel for the data providing equipment to acquire the public key of the data owner and the communication channel for sending the encrypted data to the data receiving equipment can be physically isolated, data leakage is further avoided, and the safety and reliability of data transmission are improved.
Specifically, the second data Bn is encrypted again by using the public key Knp of the data owner to obtain the encrypted data Cn, wherein the encryption algorithm may adopt a national secret SM2 (elliptic curve asymmetric encryption) algorithm.
After obtaining the encrypted data Cn, sending the encrypted data to a data receiving device, so that the data receiving device receives the encrypted data sent by a data providing device, obtains a private key of a data owner, an authorization key of the data providing device, and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, decrypts the encrypted data by using the private key of the data owner, obtains third data, connects the authorization key of the data providing device with the timing jump key, converts the connection result into a binary sequence, generates a second data sequence corresponding to the binary sequence and having the same length as the third data, performs bitwise xor operation on the second data sequence and the third data, obtains fourth data, and extracts the data to be transmitted of the data owner from the fourth data.
It should be noted that, for the data owner S1, 8230, sn, the corresponding data to be transmitted D1, 8230, dn may be performed in the sequence of the data owner for D1, 8230, dn, which may be performed in sequence for D1, 8230, or in parallel for D1, 8230, dn, which may be performed in sequence for S11-S18.
In this embodiment, the data to be transmitted of the data owner is acquired, a hash value of the data to be transmitted is calculated by using a hash algorithm and is used as an integrity check code, the data to be transmitted and the integrity check code are combined to obtain first data, a public key of the data owner, an authorization key of the data providing device and a timing jump key calculated in advance based on an update cycle of the data to be transmitted are acquired, the authorization key of the data providing device and the timing jump key are connected and a connection result is converted into a binary sequence, a first data sequence corresponding to the binary sequence and having the same length as the first data is generated, the first data sequence and the first data are subjected to bitwise exclusive or operation to obtain second data, the public key of the data owner is used to perform an encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to a data receiving device. In the invention, the data to be transmitted which needs to be sent to the data receiving equipment is sent to the data receiving equipment after being subjected to complex encryption operation for multiple times by the data providing equipment, so that the probability of data leakage caused by data attack is reduced, and the safety and reliability of data transmission are improved.
In addition, the invention uses the public key of the data owner and the authorization key of the data providing device to encrypt the data, thereby realizing the authorization permission of the data owner and ensuring that the data transmission is carried out under the authorization permission of the data owner.
On the basis of the above, another embodiment of the present invention provides a data transmission method, which is applied to a data receiving device, where the data receiving device is a data receiving side, and referring to fig. 2, the data transmission method may include:
s21, receiving the encrypted data sent by the data providing equipment.
Specifically, the encrypted data Cn transmitted by the data providing apparatus can be received through the channel T.
Wherein the generation process of the encrypted data comprises: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence which corresponds to the binary sequence and has the same length as the first data, performs bitwise XOR operation on the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data.
It should be noted that, the specific process of generating the encrypted data may refer to the above corresponding description.
S22, obtaining a private key of the data owner, an authorization key of the data providing equipment and a timing jump key obtained by calculation in advance based on the updating period of the data to be transmitted.
Specifically, the private key of the data owner and the authorization key of the data providing device may be the authorization key of the data providing device and the private key of the data owner, which are sent by the data receiving device after the data owner receives the authorization key of the data providing device. After the data owner Sn sends the authorization key Kn and the private key Knr to the data receiver R through a channel physically isolated from T, the data owner Sn is the authorized data receiver R to access the data.
Wherein, the channel for receiving the authorization key of the data providing device and the private key of the data owner and the communication channel for receiving the encrypted data sent by the data providing device are physically separated. The detailed explanation refers to the corresponding parts described above.
The generation process of the timing hopping key refers to the corresponding description above.
And S23, carrying out decryption operation on the encrypted data by using the private key of the data owner to obtain third data.
Specifically, the data receiving party R decrypts the encryption Cn by using a private key Knr provided by the data owner Sn through a secret SM2 algorithm, and restores Bn. In this embodiment, since data may be changed due to data attack in the data transmission process, in this embodiment, the encrypted Cn is decrypted by using the private key Knr provided by the data owner Sn, and the obtained data is referred to as third data.
And S24, connecting the authorization key of the data providing equipment with the timing jump key, and converting the connection result into a binary sequence.
And S25, generating a second data sequence which corresponds to the binary sequence and has the same length as the third data.
For the specific implementation of steps S24 and S25, please refer to the above corresponding description.
And S26, carrying out bitwise XOR operation on the second data sequence and the third data to obtain fourth data.
Specifically, the detailed description of step S26 refers to step S17 described above.
S27, extracting the data to be transmitted and the integrity check code of the data owner from the fourth data.
In this embodiment, referring to fig. 3, step S27 may include:
and S31, extracting the data of the specified digit in the fourth data and using the data as an integrity check code.
Specifically, the data receiver R extracts the last 256 bits of the fourth data to obtain the integrity check code, and the rest are the data to be transmitted.
And S32, calculating the data of the non-specified digit in the fourth data by using a hash algorithm to obtain a hash calculation result.
And S33, if the hash calculation result is the same as the integrity check code, taking the data with the non-specified bit number in the fourth data as the data to be transmitted for extracting the data owner from the fourth data.
Specifically, the receiver R calculates a 256-bit hash value of the data to be transmitted by using a secret SM3 hash algorithm, and if the hash value is equal to the integrity check code, the data to be transmitted is successfully restored, otherwise, the data to be transmitted is invalid.
In this embodiment, after receiving the encrypted data, the data receiving device executes a corresponding decryption process, so that the data to be transmitted can be extracted from the encrypted data. The embodiment combines the means of physical isolation of communication channels, multiple keys, multiple encryption and the like, thereby improving the security of data transmission.
Optionally, on the basis of the above embodiment of the data transmission method applied to the data providing device, another embodiment of the present invention provides a data transmission apparatus applied to the data providing device, where the data providing device stores data to be transmitted of at least one data owner, and with reference to fig. 4, the data transmission apparatus includes:
a data obtaining module 11, configured to obtain data to be transmitted of the data owner;
a check code calculation module 12, configured to calculate a hash value of the data to be transmitted by using a hash algorithm, and use the hash value as an integrity check code;
the data combination module 13 is configured to combine the data to be transmitted and the integrity check code to obtain first data;
a key obtaining module 14, configured to obtain a public key of the data owner, an authorization key of the data providing device, and a timing jump key calculated in advance based on an update period of the to-be-transmitted data;
a result conversion module 15, configured to connect the authorization key of the data providing device with the timing hopping key, and convert a connection result into a binary sequence;
a sequence generating module 16, configured to generate a first data sequence corresponding to the binary sequence and having a length equal to that of the first data;
an exclusive or operation module 17, configured to perform bitwise exclusive or operation on the first data sequence and the first data to obtain second data;
the data sending module 18 is configured to perform an encryption operation on the second data by using the public key of the data owner to obtain encrypted data, send the encrypted data to the data receiving device, so that the data receiving device receives the encrypted data sent by the data providing device, obtain a private key of the data owner, an authorization key of the data providing device, and a timing hopping key calculated in advance based on an update period of the data to be transmitted, perform a decryption operation on the encrypted data by using the private key of the data owner to obtain third data, connect the authorization key of the data providing device with the timing hopping key, convert a connection result into a binary sequence, generate a second data sequence corresponding to the binary sequence and having a length equal to that of the third data, perform a bitwise exclusive or operation on the second data sequence and the third data to obtain fourth data, and extract the data to be transmitted and an integrity check code of the data owner from the fourth data.
Further, the sequence generating module 16 is specifically configured to:
and inputting the binary sequence into a shift register to obtain a first data sequence with the length same as that of the first data.
Further, still include:
and the key sending module is used for sending the authorization key of the data providing equipment to the data owner so that the data owner sends the authorization key of the data providing equipment and the private key of the data owner to the data receiving equipment.
Further, the data providing device obtains a communication channel of the public key of the data owner and physically isolates the communication channel for sending the encrypted data to the data receiving device.
In this embodiment, to-be-transmitted data of the data owner is obtained, a hash value of the to-be-transmitted data is calculated by using a hash algorithm and is used as an integrity check code, the to-be-transmitted data and the integrity check code are combined to obtain first data, a public key of the data owner, an authorization key of the data providing device and a timing jump key calculated in advance based on an update cycle of the to-be-transmitted data are obtained, the authorization key of the data providing device and the timing jump key are connected, a connection result is converted into a binary sequence, a first data sequence corresponding to the binary sequence and having the same length as that of the first data is generated, the first data sequence and the first data are subjected to bitwise exclusive or operation to obtain second data, the public key of the data owner is used for performing an encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to a data receiving device. In the invention, the data to be transmitted which needs to be sent to the data receiving equipment is sent to the data receiving equipment after being subjected to complex encryption operation for multiple times by the data providing equipment, so that the probability of data leakage caused by data attack is reduced, and the safety and reliability of data transmission are improved.
In addition, the invention uses the public key of the data owner and the authorization key of the data providing device to encrypt the data, thereby realizing the authorization permission of the data owner and ensuring that the data transmission is carried out under the authorization permission of the data owner.
It should be noted that, for the specific working process of each module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of the data transmission method applied to the data receiving device, another embodiment of the present invention provides a data transmission apparatus applied to the data receiving device, and with reference to fig. 5, the data transmission apparatus includes:
a data receiving module 21, configured to receive encrypted data sent by a data providing device; the generation process of the encrypted data comprises the following steps: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence corresponding to the binary sequence and having the same length as the first data, performs bitwise XOR operation on the first data sequence and the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data;
the information acquisition module 22 is configured to acquire a private key of the data owner, an authorization key of the data providing device, and a timing hopping key calculated in advance based on an update period of the to-be-transmitted data;
the decryption module 23 is configured to perform a decryption operation on the encrypted data by using a private key of the data owner to obtain third data;
a result processing module 24, configured to connect the authorization key of the data providing device with the timing hopping key, and convert a connection result into a binary sequence;
a sequence processing module 25, configured to generate a second data sequence corresponding to the binary sequence and having a length equal to that of the third data;
a data processing module 26, configured to perform bitwise xor operation on the second data sequence and the third data to obtain fourth data;
and a data extraction module 27, configured to extract the data to be transmitted and the integrity check code of the data owner from the fourth data.
Further, the data extraction module 27 includes:
the check code extraction submodule is used for extracting the data with the specified digit in the fourth data and taking the data as an integrity check code;
the hash calculation submodule is used for calculating the data of the non-specified digit in the fourth data by using a hash algorithm to obtain a hash calculation result;
and the transmission data extraction submodule is used for taking the data with the non-specified bit number in the fourth data as the data to be transmitted for extracting the data owner from the fourth data if the hash calculation result is the same as the integrity check code.
Further, still include:
a key receiving module, configured to receive an authorization key of the data providing device and a private key of the data owner, where the authorization key of the data providing device is sent by the data owner after receiving the authorization key of the data providing device;
wherein, the channel for receiving the authorization key of the data providing device and the private key of the data owner and the communication channel for receiving the encrypted data sent by the data providing device are physically separated.
In this embodiment, after receiving the encrypted data, the data receiving device executes a corresponding decryption process, so that the data to be transmitted can be extracted from the encrypted data. The embodiment combines the means of physical isolation of communication channels, multiple keys, multiple encryption and the like, thereby improving the security of data transmission.
It should be noted that, for the specific working processes of each module and sub-module in this embodiment, please refer to the corresponding descriptions in the above embodiments, which are not described herein again.
Optionally, on the basis of the embodiments of the data transmission method and apparatus, another embodiment of the present invention provides an electronic device, including: a memory and a processor;
wherein the memory is used for storing programs;
the processor calls a program and is used to execute the above-described data transmission method applied to the data providing apparatus or to execute the above-described data transmission method applied to the data receiving apparatus.
In this embodiment, the data to be transmitted of the data owner is acquired, a hash value of the data to be transmitted is calculated by using a hash algorithm and is used as an integrity check code, the data to be transmitted and the integrity check code are combined to obtain first data, a public key of the data owner, an authorization key of the data providing device and a timing jump key calculated in advance based on an update cycle of the data to be transmitted are acquired, the authorization key of the data providing device and the timing jump key are connected and a connection result is converted into a binary sequence, a first data sequence corresponding to the binary sequence and having the same length as the first data is generated, the first data sequence and the first data are subjected to bitwise exclusive or operation to obtain second data, the public key of the data owner is used to perform an encryption operation on the second data to obtain encrypted data, and the encrypted data are sent to a data receiving device. In the invention, the data to be transmitted which needs to be sent to the data receiving equipment is sent to the data receiving equipment after being subjected to complex encryption operation for multiple times by the data providing equipment, so that the probability of data leakage caused by data attack is reduced, and the safety and reliability of data transmission are improved.
In addition, the invention uses the public key of the data owner and the authorization key of the data providing device to encrypt the data, thereby realizing the authorization permission of the data owner and ensuring that the data transmission is carried out under the authorization permission of the data owner.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data transmission method is applied to data providing equipment, the data providing equipment stores data to be transmitted of at least one data owner, and the data transmission method comprises the following steps:
acquiring data to be transmitted of the data owner;
calculating a hash value of the data to be transmitted by using a hash algorithm, and using the hash value as an integrity check code;
combining the data to be transmitted with the integrity check code to obtain first data;
acquiring a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on the updating period of the data to be transmitted;
connecting the authorization key of the data providing equipment with the timing jump key, and converting a connection result into a binary sequence;
generating a first data sequence which corresponds to the binary sequence and has the same length as the first data;
carrying out bitwise XOR operation on the first data sequence and the first data to obtain second data;
the method comprises the steps of carrying out encryption operation on second data by using a public key of a data owner to obtain encrypted data, sending the encrypted data to data receiving equipment to enable the data receiving equipment to receive the encrypted data sent by data providing equipment, obtaining a private key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained in advance through calculation based on an update cycle of the data to be transmitted, carrying out decryption operation on the encrypted data by using the private key of the data owner to obtain third data, connecting the authorization key of the data providing equipment with the timing jump key, converting a connection result into a binary sequence, generating a second data sequence which corresponds to the binary sequence and is the same as the third data in length, carrying out bitwise XOR operation on the second data sequence and the third data to obtain fourth data, and extracting the data to be transmitted and an integrity check code of the data owner from the fourth data.
2. The data transmission method according to claim 1, wherein generating a first data sequence corresponding to the binary sequence and having a length equal to a length of the first data comprises:
and inputting the binary sequence into a shift register to obtain a first data sequence with the length being the same as that of the first data.
3. The data transmission method according to claim 1, further comprising:
and sending the authorization key of the data providing equipment to the data owner, so that the data owner sends the authorization key of the data providing equipment and the private key of the data owner to the data receiving equipment.
4. The data transmission method according to claim 1, wherein the communication channel through which the data providing apparatus obtains the public key of the data owner and the communication channel through which the encrypted data is transmitted to the data receiving apparatus are physically separated.
5. A data transmission method applied to a data receiving device, the data transmission method comprising:
receiving encrypted data sent by data providing equipment; the generation process of the encrypted data comprises the following steps: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence which corresponds to the binary sequence and has the same length as the first data, performs bitwise XOR operation on the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data;
acquiring a private key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on the updating period of the data to be transmitted;
decrypting the encrypted data by using a private key of the data owner to obtain third data;
connecting the authorization key of the data providing equipment with the timing jump key, and converting a connection result into a binary sequence;
generating a second data sequence corresponding to the binary sequence and having the same length as the third data;
performing bitwise XOR operation on the second data sequence and the third data to obtain fourth data;
and extracting the data to be transmitted and the integrity check code of the data owner from the fourth data.
6. The data transmission method according to claim 5, wherein extracting the data to be transmitted and the integrity check code of the data owner from the fourth data includes:
extracting the data of the specified digit in the fourth data and using the data as an integrity check code;
calculating the data of the non-specified digit in the fourth data by using a hash algorithm to obtain a hash calculation result;
and if the hash calculation result is the same as the integrity check code, taking the data with the non-specified digits in the fourth data as the data to be transmitted for extracting all parties of the data from the fourth data.
7. The data transmission method according to claim 5, further comprising:
receiving an authorization key of the data providing equipment and a private key of the data owner, which are sent by the data owner after receiving the authorization key of the data providing equipment;
wherein, the channel for receiving the authorization key of the data providing device and the private key of the data owner and the communication channel for receiving the encrypted data sent by the data providing device are physically separated.
8. A data transmission apparatus, applied to a data providing device, where data to be transmitted of at least one data owner is stored in the data providing device, the data transmission apparatus includes:
the data acquisition module is used for acquiring data to be transmitted of the data owner;
the check code calculation module is used for calculating a hash value of the data to be transmitted by using a hash algorithm and taking the hash value as an integrity check code;
the data combination module is used for combining the data to be transmitted and the integrity check code to obtain first data;
the key acquisition module is used for acquiring a public key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained by calculation in advance based on the update cycle of the data to be transmitted;
a result conversion module, configured to connect the authorization key of the data providing device with the timing jump key, and convert a connection result into a binary sequence;
a sequence generating module, configured to generate a first data sequence corresponding to the binary sequence and having a length equal to that of the first data;
an exclusive-or operation module, configured to perform bitwise exclusive-or operation on the first data sequence and the first data to obtain second data;
the data sending module is configured to perform an encryption operation on the second data by using the public key of the data owner to obtain encrypted data, send the encrypted data to the data receiving device, so that the data receiving device receives the encrypted data sent by the data providing device, obtain a private key of the data owner, an authorization key of the data providing device, and a timing jump key calculated in advance based on an update period of the data to be transmitted, perform a decryption operation on the encrypted data by using the private key of the data owner to obtain third data, connect the authorization key of the data providing device with the timing jump key, convert a connection result into a binary sequence, generate a second data sequence corresponding to the binary sequence and having a length equal to that of the third data, perform a bitwise exclusive-or operation on the second data sequence and the third data to obtain fourth data, and extract the data to be transmitted and an integrity check code of the data owner from the fourth data.
9. A data transmission apparatus, applied to a data receiving device, the data transmission apparatus comprising:
the data receiving module is used for receiving encrypted data sent by the data providing equipment; the generation process of the encrypted data comprises the following steps: the data providing equipment acquires data to be transmitted of the data owner, calculates a hash value of the data to be transmitted by using a hash algorithm, and uses the hash value as an integrity check code, combines the data to be transmitted and the integrity check code to obtain first data, acquires a public key of the data owner, an authorization key of the data providing equipment and a timing jump key calculated in advance based on an update cycle of the data to be transmitted, connects the authorization key of the data providing equipment and the timing jump key, converts a connection result into a binary sequence, generates a first data sequence corresponding to the binary sequence and having the same length as the first data, performs bitwise XOR operation on the first data sequence and the first data to obtain second data, and encrypts the second data by using the public key of the data owner to obtain encrypted data;
the information acquisition module is used for acquiring a private key of the data owner, an authorization key of the data providing equipment and a timing jump key which is obtained by calculation in advance based on the updating period of the data to be transmitted;
the decryption module is used for decrypting the encrypted data by using a private key of the data owner to obtain third data;
a result processing module, configured to connect the authorization key of the data providing device with the timing hopping key, and convert a connection result into a binary sequence;
the sequence processing module is used for generating a second data sequence which corresponds to the binary sequence and has the same length as the third data;
the data processing module is used for carrying out bitwise XOR operation on the second data sequence and the third data to obtain fourth data;
and the data extraction module is used for extracting the data to be transmitted and the integrity check code of the data owner from the fourth data.
10. An electronic device, comprising: a memory and a processor;
wherein the memory is used for storing programs;
the processor calls a program and is arranged to perform the data transfer method according to any of claims 1-4, or to perform the data transfer method according to any of claims 5-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211031545.XA CN115378614A (en) | 2022-08-26 | 2022-08-26 | Data transmission method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211031545.XA CN115378614A (en) | 2022-08-26 | 2022-08-26 | Data transmission method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115378614A true CN115378614A (en) | 2022-11-22 |
Family
ID=84067578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211031545.XA Pending CN115378614A (en) | 2022-08-26 | 2022-08-26 | Data transmission method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378614A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113424A (en) * | 2023-10-25 | 2023-11-24 | 蓝色火焰科技成都有限公司 | Automobile insurance information processing method and device, server and readable storage medium |
| CN118368144A (en) * | 2024-06-18 | 2024-07-19 | 广东石油化工学院 | Data transmission method, device, equipment and medium based on asymmetric encryption |
-
2022
- 2022-08-26 CN CN202211031545.XA patent/CN115378614A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113424A (en) * | 2023-10-25 | 2023-11-24 | 蓝色火焰科技成都有限公司 | Automobile insurance information processing method and device, server and readable storage medium |
| CN117113424B (en) * | 2023-10-25 | 2023-12-26 | 蓝色火焰科技成都有限公司 | Automobile insurance information processing method and device, server and readable storage medium |
| CN118368144A (en) * | 2024-06-18 | 2024-07-19 | 广东石油化工学院 | Data transmission method, device, equipment and medium based on asymmetric encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4885960B2 (en) | Secret communication method and secret communication device | |
| US9172529B2 (en) | Hybrid encryption schemes | |
| US8687800B2 (en) | Encryption method for message authentication | |
| US8989385B2 (en) | Data encryption method, data verification method and electronic apparatus | |
| JP7353375B2 (en) | End-to-end double ratchet encryption with epoch key exchange | |
| CN115378614A (en) | Data transmission method and device and electronic equipment | |
| US7254232B2 (en) | Method and system for selecting encryption keys from a plurality of encryption keys | |
| CN108075879B (en) | Data encryption and decryption method, device and system | |
| JP2014017556A5 (en) | ||
| CN108933650B (en) | Data encryption and decryption method and device | |
| CN108306732A (en) | A kind of random digit generation method, relevant device and system | |
| US7783045B2 (en) | Secure approach to send data from one system to another | |
| CN113726725A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
| CN113890731A (en) | Key management method, key management device, electronic equipment and storage medium | |
| RU2459367C2 (en) | Method to generate alternating key for unit coding and transfer of coded data | |
| CN116208326A (en) | Data transmission method, device, system, storage medium and electronic equipment | |
| RU2376712C2 (en) | System and method for three-phase information encryption | |
| EP2571192A1 (en) | Hybrid encryption schemes | |
| CN109889327B (en) | Shared key generation method and device | |
| CN111556004A (en) | Hybrid dual network encryption system | |
| CN113518244B (en) | Digital television signal data transmission method and device based on substitute text combination | |
| JPH08204701A (en) | Electronic mail cipher communication system and cipher communication method | |
| CN113326326A (en) | Method for sending data encryption protection based on block chain | |
| JP2001016197A (en) | Self-synchronized stream enciphering system and mac generating method using the same | |
| JP3610106B2 (en) | Authentication method in a communication system having a plurality of devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |