CN115913755A

CN115913755A - Data encryption transmission method, device, equipment and medium

Info

Publication number: CN115913755A
Application number: CN202211567381.2A
Authority: CN
Inventors: 赵洪; 王标荣
Original assignee: Chongqing Unisinsight Technology Co Ltd
Current assignee: Chongqing Unisinsight Technology Co Ltd
Priority date: 2022-12-07
Filing date: 2022-12-07
Publication date: 2023-04-04

Abstract

The application provides a data encryption transmission method, a device, equipment and a medium, wherein the method comprises the following steps: receiving a trigger instruction, and sending an encryption request to a server in response to the trigger instruction; generating a first public key in response to receiving the encryption request, and generating a first message according to the first public key and the encryption request; if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second secret key, and generating a second message according to the second secret key and a message generation function; if the server receives the second message, decrypting the second message, generating a second reduction message and comparing the second reduction message to obtain a response message; if the internet of things terminal receives the response message, decrypting the response message to enable the second secret key in the response message to be synchronized; after synchronization, the second secret key is used for data encryption transmission, and the method and the device are used for encrypting through software and are light in magnitude, so that hardware is reduced, and the method and the device are suitable for application of the terminal of the Internet of things.

Description

Data encryption transmission method, device, equipment and medium

Technical Field

The present application relates to the field of data transmission, and in particular, to a method, an apparatus, a device, and a medium for data encryption transmission.

Background

The security of data transmission is always the subject of system consideration, the development of cryptography up to now, the ancient translocation method and replacement method, and up to the present, the modern symmetric encryption algorithm carries out data encryption and decryption by the secret key agreed by both parties, and essentially, the cracking threshold is continuously improved by the rule of agreement. For example, for the data transmission process of the terminal of the internet of things, no matter the signaling or the data is almost transmitted in an unencrypted manner in the transmission process at present or a few parts of the signaling or the data are encrypted by using a foreign commercial cryptographic algorithm, as shown in fig. 1 in detail, taking a typical transmission protocol MQTT of the internet of things as an example, messages and data are as follows in the transmission process: messages and data are transmitted in a network by adopting an MQTT protocol message format, and are not encrypted or encrypted in a non-national cryptographic algorithm, so that potential information safety hazards exist; meanwhile, under the light-weight scene, hardware encryption and decryption equipment is inconvenient to use, for example, a hardware encryption module is added to the terminal equipment of the internet of things, and hardware decryption equipment is added to the server side, so that the hardware cost is greatly increased.

However, in the communication of the internet of things, the data encryption transmission method cannot ensure the data transmission safety and does not meet the requirements of national laws and regulations, and if physical hardware is used for encryption and decryption, the hardware cost is increased; therefore, a data encryption transmission method is needed to ensure the data transmission safety and meet the requirements of national laws and regulations.

Disclosure of Invention

In view of the above drawbacks of the prior art, the present application provides a data encryption transmission method, apparatus, device and medium to solve one of the above technical problems.

In a first aspect, the present application provides a data encryption transmission method, including:

receiving a trigger instruction, and sending an encryption request to a server in response to the trigger instruction, wherein the encryption request comprises a first timestamp initiated by the request and address information of the terminal of the Internet of things;

generating a first public key in response to the received encryption request, and generating a first message according to the first public key, the address information of the terminal of the internet of things and a first timestamp;

if the internet of things terminal receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second secret key, and generating a second message according to the second secret key and a message generating function;

if the server receives the second message, decrypting the second message, generating a second reduction message, comparing the second reduction message, and generating a response message in response to the compared second reduction message;

if the Internet of things terminal receives the response message, decrypting the response message to enable a second secret key in the response message to be synchronized;

and after a second key between the terminal of the Internet of things and the server is synchronized, carrying out data encryption transmission between the terminal of the Internet of things and the server by using the second key.

In an embodiment of the application, generating a first public key in response to receiving the encryption request, and generating a first message according to the first public key, address information of the internet of things terminal, and a timestamp initiated by the request includes:

in response to receiving the encryption request, randomly generating a first public key using a first encryption algorithm;

integrating the first public key, address information of an internet of things terminal, address information of a server and a first timestamp initiated by the encryption request according to a preset rule to obtain a character string confused with the first public key;

and performing code conversion on the character string to generate a first message, and returning the first message to the server.

In an embodiment of the application, if the internet of things terminal receives the first message, the first message is decrypted, a first recovery message is generated and compared, and a second secret key is determined; generating a second message according to the second key and a message generation function, comprising:

if the terminal of the Internet of things receives the first message, decrypting the first message through a message reverse function to generate a first reduction message;

the address information and the first time stamp of the internet of things terminal in the first recovery message are compared with the address information and the first time stamp of the internet of things terminal in the encryption request in a same type, and after the comparison is passed, a second key is determined by using a second key generator;

generating a second message by using a message generation function to enable the second key, the address information of the internet of things terminal, the address information of the server and a timestamp for generating the second key;

the second message is encrypted with the first public key and transmitted to the server.

In an embodiment of the application, if the server receives the second message, decrypting the second message to generate a second restored message, and comparing the second restored message, and generating a response message in response to the compared second restored message includes:

if the server receives the second message, decrypting the second message through a message reverse function to generate a second recovery message;

comparing the address information of the internet of things terminal and the address information of the server in the second recovery message with the address information of the internet of things terminal and the address information of the server which are stored in advance in a similar manner, and generating a response message after the comparison is passed;

and encrypting the response message based on the second secret key, and transmitting the response message to the terminal of the Internet of things.

In an embodiment of the application, if the internet of things terminal receives the response message, decrypting the response message to synchronize the second key in the response message includes:

if the internet of things terminal receives the response message, decrypting the response message through a message reverse function to obtain a response message, address information of the internet of things terminal, address information of the server and a second timestamp generated by a second secret key;

and comparing the response message, the address information of the Internet of things terminal, the address information of the server and a second timestamp generated by a second key with a pre-stored threshold value in the same class, and after the comparison is passed, performing data communication between the Internet of things terminal and the server by using the second key.

In an embodiment of the application, after the second key between the terminal of the internet of things and the server is synchronized, the using the second key between the terminal of the internet of things and the server to perform data encryption transmission includes:

and after the second key between the terminal of the Internet of things and the server is synchronized, the service data in the terminal of the Internet of things is encrypted and transmitted by using the synchronized second key.

In an embodiment of the application, the first public key is a public key of a cryptographic algorithm SM2, and the second public key is a cryptographic algorithm SM 4.

In an embodiment of the present application, receiving the trigger instruction includes: and receiving a trigger instruction from a software development kit in the terminal of the Internet of things.

In an embodiment of the application, before generating the first public key in response to receiving the encryption request, or/and before generating the response message in response to the compared second recovery message, the method further includes:

if the server response is not received within the preset time, the response is carried out again; if the server response is not received after the retry is repeated for many times, the plaintext is adopted to transmit the service data, and alarm information is generated to prompt.

In an embodiment of the application, after the data encryption transmission is performed between the terminal of the internet of things and the server by using the second key, the method further includes: if the server receives a plurality of access services, calling threads of a thread pool to perform parallel processing on each access service, and encrypting the communication session of the corresponding Internet of things terminal by each thread according to the Internet of things terminal identification carried by the encryption request; and when the life cycle of the thread adopting the first public key becomes zero, releasing the communication session corresponding to the current thread.

In an embodiment of the present application, after generating the first public key in response to receiving the encryption request, the method further includes:

timing the life cycle of the first public key, and determining the life cycle of the first public key;

if the business data communication of the encryption request exists in the life cycle and the life cycle reaches the preset time, updating the current first public key and synchronizing the updated first public key to the terminal of the Internet of things;

and if the service data communication of the encryption request does not exist in the life cycle is monitored, the current first public key is stopped to be updated until the encryption request from the terminal of the Internet of things is received.

In an embodiment of the application, after updating the current first public key and synchronizing the updated first public key to the terminal of the internet of things, the method further includes: if the current first public key is monitored and updated in the corresponding life cycle, the internet of things terminal is triggered to enable the second secret key to be updated in the corresponding life cycle, wherein the life cycle corresponding to the first public key is longer than the life cycle corresponding to the second secret key.

In a second aspect, the present application further provides a data encryption transmission apparatus, including:

the request triggering module is used for receiving a triggering instruction and sending an encryption request to the server in response to the triggering instruction, wherein the encryption request comprises a first timestamp initiated by the request and address information of the terminal of the Internet of things;

the public key generating module is used for responding to the received encryption request, generating a first public key and generating a first message according to the first public key, the address information of the terminal of the Internet of things and a first timestamp;

the key generation module is used for decrypting the first message if the internet of things terminal receives the first message, generating a first reduction message, comparing the first reduction message in parallel, determining a second key and generating a second message according to the second key and a message generation function;

the key response module is used for decrypting the second message to generate and compare a second reduction message if the server receives the second message, and generating a response message in response to the compared second reduction message;

the key synchronization module is used for decrypting the response message if the internet of things terminal receives the response message so as to enable the second key in the response message to be synchronized;

and the encryption transmission module is used for carrying out data encryption transmission between the Internet of things terminal and the server by using a second secret key after the second secret key between the Internet of things terminal and the server is synchronized.

In a third aspect, the present application also provides an electronic device comprising a processor, a memory, and a communication bus;

the communication bus is used for connecting the processor and the memory;

the processor is configured to execute the computer program stored in the memory to implement the data encryption transmission method according to any one of the embodiments.

In a fourth aspect, the present application also provides a computer-readable storage medium having stored thereon a computer program for causing a computer to execute the data encryption transmission method according to any one of the above embodiments.

The beneficial effect of this application: the method receives a trigger instruction, and sends an encryption request to a server in response to the trigger instruction; generating a first public key in response to receiving the encryption request, and generating a first message according to the first public key and the encryption request; if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second key, and generating a second message according to the second key and a message generation function; if the server receives the second message, decrypting the second message, generating a second reduction message and comparing the second reduction message to obtain a response message; if the internet of things terminal receives the response message, decrypting the response message to enable the second secret key in the response message to be synchronized; and after synchronization, carrying out data encryption transmission by using the second key. By means of the method, the problem that hardware cost is high when the internet of things terminal uses hardware equipment for encryption and decryption is avoided, encryption and decryption services are performed by software programs, the method is clean and efficient, data transmission safety is guaranteed, and the method meets the requirements of national laws and regulations.

Drawings

Fig. 1 is a flowchart of an internet of things transport protocol data transmission interaction provided in an embodiment of the present application;

fig. 2 is a schematic application diagram of an implementation environment of a data encryption transmission method provided in an embodiment of the present application;

fig. 3 is a flowchart of a data encryption transmission method provided in an embodiment of the present application;

FIG. 4 is a schematic diagram illustrating a principle of a data transmission method based on a cryptographic algorithm in an embodiment of the present application;

fig. 5 is a flowchart illustrating a complete data encryption transmission method according to an embodiment of the present application;

fig. 6 is a diagram illustrating a method for data encryption transmission according to an embodiment of the present application using a first public key integration;

fig. 7 is a schematic block diagram of a data encryption transmission apparatus provided in an embodiment of the present application;

fig. 8 is a block diagram of a data encryption transmission apparatus provided in an embodiment of the present application;

fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application is provided by way of specific examples, and other advantages and effects of the present application will be readily apparent to those skilled in the art from the disclosure herein. The present application is capable of other and different embodiments and its several details are capable of modifications and/or changes in various respects, all without departing from the spirit of the present application. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.

It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present application, and the drawings only show the components related to the present application and are not drawn according to the number, shape and size of the components in actual implementation, and the type, number and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.

In the following description, numerous details are set forth to provide a more thorough explanation of the embodiments of the present application, however, it will be apparent to one skilled in the art that the embodiments of the present application may be practiced without these specific details, and in other embodiments, well-known structures and devices are shown in block diagram form rather than in detail in order to avoid obscuring the embodiments of the present application.

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

In the related technology, the development of confidential evaluation is a clear requirement provided by relevant national laws and regulations, is legal responsibility and obligation of network security operators, and is the same as the evaluation of equal insurance, and all information technology-related systems and equipment need to pass the confidential evaluation. The code law of the people's republic of China stipulates that:

twenty-seventh: the key information infrastructure that laws, administrative laws and national regulations require the protection of passwords, the operator of which should use passwords for protection, and the password detection authority to perform password application security evaluation by himself or by entrusting.

Meanwhile, the law stipulates that domestic cryptographic algorithms such as the national cryptographic algorithms SM2, SM3, SM4 and SM9 are used for the commercial cipher. The use of foreign cryptographic algorithms is gradually abandoned.

The state cryptographic algorithm mainly comprises a public key cryptographic algorithm SM2 and a symmetric encryption algorithm SM4, the SM 2-elliptic curve public key cryptographic algorithm is used for replacing an RSA algorithm in the embodiment of the national commercial cipher, the currently commonly used 1024-bit RSA algorithm faces serious security threat, the SM2 adopts a basic elliptic curve (ECC) algorithm structure, the calculation complexity is completely exponential, compared with the RSA algorithm, the storage space is smaller, the key generation speed is 100 times faster than that of the RSA, and the decryption and encryption speed is faster than that of the RSA.

However, in the communication of the internet of things, the traditional data encryption transmission method is adopted, so that the data transmission safety cannot be ensured, the national legal and legal requirements cannot be met, and if physical hardware is used for encryption and decryption, the hardware cost is increased; therefore, a data encryption transmission method is needed to ensure the data transmission safety and meet the requirements of national laws and regulations.

Fig. 2 is a schematic diagram of an application environment of a data encryption transmission method according to an embodiment of the present application. As shown in fig. 2, the implementation environment application network architecture may include a server 01 (server cluster) and a LOT (terminal of internet of things) terminal cluster. The LOT terminal cluster may include one or more monitoring terminals, and the number of monitoring terminals is not limited herein. As shown in fig. 2, the monitoring terminal may specifically include a monitoring terminal 100a, a monitoring terminal 100b, a monitoring terminal 100c, \ 8230, and a monitoring terminal 100n. As shown in fig. 2, the monitoring terminals 100a, 100b, 100c, \ 8230, and 100n may be respectively connected to the server 10 through a network, so that each monitoring terminal may interact data with the server 10 through the network connection. The specific connection manner of the network connection is not limited herein, and for example, the connection may be directly or indirectly performed through a wired communication manner, or may be directly or indirectly performed through a wireless communication manner.

As shown in fig. 2, the server 01 in the embodiment of the present application may be a server corresponding to a monitoring terminal. The server 01 may be an independent physical server, a server cluster or a distributed device configured by a plurality of physical servers, or a cloud server providing cloud computing services. For understanding, the monitoring terminal can transmit the collected monitoring video to the server 01 for data encryption transmission. The data encryption transmission method can be performed in any device such as a server, a server cluster or a cloud computing service cluster. For example, the server has a function of encrypting and transmitting the target data.

Please refer to fig. 3, which is a schematic flow chart of a data encryption transmission method according to an embodiment of the present application, where the data encryption transmission method includes:

step S310, receiving a trigger instruction, and sending an encryption request to a server in response to the trigger instruction, wherein the encryption request comprises a first timestamp initiated by the request and address information of the terminal of the Internet of things;

the terminal of the internet of things is a device which is connected with a sensing network layer and a transmission network layer in the internet of things and used for acquiring data and sending the data to the network layer, and the terminal of the internet of things comprises but is not limited to a video monitoring terminal, an automobile-mounted intelligent terminal, a financial intelligent terminal, a home intelligent terminal, a 3G intelligent terminal, a digital conference desktop intelligent terminal and the like. And the server performs internet of things communication with the internet of things terminal through the internet of things platform, for example, service protocol data is transmitted between the internet of things platform and the internet of things terminal. For another example, the terminal of the internet of things includes (SDK, software development kit), (CPU, processor), (APP, application), and a national encryption module suite, etc., and the platform of the internet of things has a national encryption service and a national decryption service built therein to process the access service, and processes the service protocol raw data using the national encryption service, and obtains the service data using the national decryption service.

Here, it should be noted that the execution main body of step S310 is the internet of things terminal, and the software development kit of the internet of things terminal initiates a trigger instruction, that is, a connection request, to trigger an encryption request function of a national encryption module suite in the internet of things terminal, so that the national encryption module suite sends an encryption request to the server, where the encryption request includes a first timestamp initiated by the request and address information of the internet of things terminal, where the address information of the internet of things terminal is unique identification information, and may be, for example, MAC address information, that is, a physical address, and the first timestamp is time information initiated by the encryption request.

Step S320, responding to the received encryption request, generating a first public key, and generating a first message according to the first public key, the address information of the terminal of the Internet of things and a first timestamp;

specifically, the execution subject of step S320 is the server, and the server receives the encryption request, and in response to receiving the encryption request, randomly generates a first public key by using a first encryption algorithm; integrating the first public key, address information of the internet of things terminal, address information of a server and a first timestamp initiated by the encryption request according to a preset rule to obtain a character string confused with the first public key; and performing code conversion on the character string to generate a first message, and returning the first message to the server.

It should be noted that the first encryption algorithm is randomly a national secret SM2 algorithm generator, the first public key is generated through a pseudo random function of the national secret SM2 algorithm generator, and the first encryption algorithm is randomly implemented by running a software development kit through a processor, so that the magnitude of the usage of the national secret encryption algorithm is light, the occupied storage and other hardware resources are few, and the scene of the terminal device of the internet of things is very consistent.

Step S330, if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second key, and generating a second message according to the second key and a message generating function;

here, it should be noted that the execution subject of step S330 is an internet of things terminal, and specifically, if the internet of things terminal receives the first message, the first message is decrypted through a message inverse function, so as to generate a first recovery message;

generating a second message by using a message generating function to obtain the second key, the address information of the internet of things terminal, the address information of the server and the timestamp for generating the second key;

The second key is a cryptographic algorithm SM4 key, is generated through a pseudo-random number and is stored in the memory, and scheduling and using of the central processing unit are facilitated.

The message reverse function and the message generating function are preset, and belong to a part of the secret SM2 algorithm, and the following embodiments will be explained, and are not described in detail herein.

Step S340, if the server receives the second message, decrypting the second message, generating a second reduction message, comparing the second reduction message, and generating a response message in response to the compared second reduction message;

here, the execution subject of step S340 is a server.

Specifically, if the server receives the second message, the server decrypts the second message through a message reverse function to generate a second recovery message;

Step S350, if the terminal of the Internet of things receives the response message, the response message is decrypted so that the second secret key in the response message is synchronized;

here, it should be noted that the main execution subject of step S350 is the internet of things terminal.

Specifically, if the internet of things terminal receives the response message, the response message is decrypted through a message reverse function, and a response message, address information of the internet of things terminal, address information of the server and a second timestamp generated by a second secret key are obtained;

And step S360, after a second secret key between the terminal of the Internet of things and the server is synchronized, carrying out data encryption transmission between the terminal of the Internet of things and the server by using the second secret key.

Here, it should be noted that the main execution subject of step S360 is the terminal of the internet of things or the server.

Specifically, after a second key between the terminal of the internet of things and the server is synchronized, the service data in the terminal of the internet of things is encrypted and transmitted by using the synchronized second key.

In this embodiment, the cryptographic algorithms SM2 and SM4 are introduced, and a related key synchronization process and a key update mechanism are designed to complete cryptographic encryption in the internet of things re-data transmission process. The scheme has the advantages that:

firstly, dependence of the Internet of things terminal on the security chip is eliminated, the encryption and decryption processes are realized in a software mode, and the cost of hardware equipment is reduced.

Secondly, the key is generated through a pseudo-random number and is stored in a common FLASH (namely a FLASH memory) or an EEPROM (namely a charged erasable programmable read-only memory), the encryption operation is realized by general CPU (namely a processor) software, the magnitude is light, hardware resources such as storage are less occupied, and the application scene of the internet of things terminal is very consistent.

Thirdly, in the transformation of the republic cipher algorithm, physical hardware or software upgrading is not needed, the transformation can be completed through the remote upgrading OTA, and the national cipher evaluation requirement is met.

Fourthly, the lightweight encryption and decryption process is simple and efficient, and the communication time delay is hardly increased.

In some embodiments, before generating the first public key in response to receiving the encryption request in step S320, or/and before generating a response message in response to the compared second restore message in step S340, the method further includes:

The received request is timed, if the time generated by timing exceeds the preset time, the server responds again, and the response speed is improved through positive corresponding overtime processing, meanwhile, if the server response is not received after repeated retries, the server is judged to be abnormal, the service data is transmitted through the plaintext, so that the service data is not influenced, and meanwhile, the warning is sent or displayed or reported, so that the staff can respond in time.

In some embodiments, after the data encryption transmission is performed between the terminal of the internet of things and the server by using the second key, the method further includes: if the server receives a plurality of access services, calling threads of a thread pool to perform parallel processing on each access service, and encrypting the communication session of the corresponding Internet of things terminal by each thread according to the Internet of things terminal identification carried by the encryption request; and when the life cycle of the thread adopting the first public key becomes zero, releasing the communication session corresponding to the current thread.

Specifically, the server realizes multithreading processing, receives a plurality of access services, namely encryption and decryption services are realized on an accessed Internet of things terminal, calls each thread of a thread pool to perform parallel processing on each access service, and performs encryption communication session on the corresponding Internet of things terminal by each thread according to an Internet of things terminal identifier carried by the encryption request; and when the life cycle of the thread adopting the first public key becomes zero, the encryption time representing the first public key is used up, and the communication session corresponding to the thread at present is released.

In some embodiments, after generating the first public key in response to receiving the encryption request in step S320, the method further includes:

Specifically, a life cycle of the first public key is started through a timer, and service data is monitored in the life cycle, so that the secret key can be updated in the transmission process, and the security of data transmission is enhanced.

In some embodiments, after updating the current first public key and synchronizing the updated first public key to the terminal of the internet of things, the method further includes: if the current first public key is monitored and updated in the corresponding life cycle, the internet of things terminal is triggered to enable the second secret key to be updated in the corresponding life cycle, wherein the life cycle corresponding to the first public key is longer than the life cycle corresponding to the second secret key.

By the method, the second secret key is ensured to be synchronously updated along with the first public key, so that the data encryption security is greatly improved.

In some embodiments, in order to solve the problem that the encryption suite is not implanted in the internet of things terminal in the early stage, the firmware of the internet of things terminal can be upgraded by an OTA remote upgrade technology, and a national encryption suite is implanted to realize data encryption transmission between the internet of things terminal and the server.

Please refer to fig. 4, which is a schematic diagram of a principle of a data transmission method based on a cryptographic algorithm in an embodiment of the present application, and in detail, refer to an internet of things terminal (LOT device, i.e., client in fig. 5) and a server of an internet of things platform in fig. 4, and refer to fig. 5, which is a complete flow chart of the data encryption transmission method in an embodiment of the present application, and detailed below:

encryption request: the client carries the equipment MAC and carries on the random integration with the first time stamp, encode into the character string, and encrypt the character string and produce and encrypt the request;

specifically, when an SDK of an Internet of things terminal device initiates a connection request, an encryption request function in a secret encryption module suite is triggered, an encryption request is initiated to a server side by a national secret encryption suite, and the initiated encryption request comprises MAC address information of a client side and first timestamp information initiated by the request.

SM2 public key generation: the server side restores the equipment MAC and the first timestamp to generate an SM2 public key, integrates the restored equipment MAC, the first timestamp and the server MAC according to an SM2 algorithm to determine a first message, and encrypts the first message by using the SM2 public key to transmit the first message to the client side;

specifically, after the cryptographic encryption and decryption service of the server receives an encryption request of the device, the SM2 public key is generated through the SM2 algorithm generator of the service, a first message is generated through the SM2 public key, the client MAC address, the server MAC address and the first timestamp through the message generation function, and the generated first message is returned to the internet of things terminal by obfuscating the SM2 public key in this way.

SM4 key generation: the client restores the encrypted first message, compares the encrypted first message with the encrypted first message, determines an SM4 secret key after the comparison is passed, encrypts a second time stamp generated by the SM4 secret key, the equipment MAC, the server MAC and the SM4 secret key by using an SM2 public key, and feeds the second time stamp back to the server;

specifically, after the terminal of the internet of things receives the first message, the SM2 public key, the client side MAC, the first timestamp and the server MAC are restored through the message reverse function, the restored client side MAC and the first timestamp are compared with the MAC address information of the client side and the first timestamp in the encryption request in the same type respectively, an SM4 key is generated through an SM4 algorithm after all comparison is passed, then a second message is generated through an SM4 message generating function by the SM4 key, the client side MAC address, the server side MAC address and the second timestamp, and then the second message is encrypted through the SM2 public key and transmitted to the server side.

SM4 key response: the SM4 key, the second timestamp, the client MAC and the server MAC are restored and then compared, and after the comparison is passed, a response message is generated and the SM4 key is used for encrypting and transmitting the client;

specifically, after receiving the second message of the SM4 key, the server restores the SM4 key, the second timestamp, the client MAC, and the server MAC through the message reverse function, compares the two messages, and generates a response message by using the response OK message, the client MAC, the server MAC, and the second timestamp through the response function after the comparison is passed, and then sends the response message encrypted by the SM4 key to the internet of things client.

SM4 key synchronization: restoring the response message to obtain the client MAC, the server MAC and the second timestamp, respectively comparing, and completing SM4 key synchronization after the comparison is passed;

specifically, after receiving the response message encrypted by the SM4 key, the client decrypts the response message by using the inverse function to obtain the response ok message, the client MAC, the server MAC, and the second timestamp, and performs a similar comparison between the decrypted client MAC, server MAC, and second timestamp and the client MAC, server MAC, and second timestamp corresponding to the SM4 key generation, respectively, and after the comparison is passed, the SM4 key synchronization is completed. In the above SM4 synchronization process, if any one of the steps fails to perform the comparison, the process is ended.

And SM4 encryption service data transmission: after synchronization, SM4 encryption transmission is carried out on the service data by utilizing a national secret encryption module suite;

specifically, after the SM4 secret key is synchronized at the client and the server, data starts to be transmitted through the SM4, the service data is transmitted to the service SDK for processing after the terminal of the internet of things is decrypted through the national encryption module suite, and the service data is decrypted and transmitted to the access service which is correspondingly processed through the national encryption and decryption service at the server.

SM2 public key update: updating the SM2 public key according to the life cycle of the SM2 public key generated by the server;

specifically, after the SM2 public key is generated by the access service, the lifetime is started, and the lifetime as a parameter can be configured at the service end. And when service data communication exists in the lifetime period, updating the SM2 public key after the expiration period and transmitting the SM2 public key to the terminal of the Internet of things. And when no service data exists in the lifteleime period, stopping refreshing until an encryption request of the next internet of things terminal is received next.

SM4 key updating: according to the life cycle of the SM2 public key generated by the server and the life cycle of the SM4 secret key generated by the client, the SM4 secret key is updated;

specifically, the SM4 key updating mechanism and the SM2 public key updating mechanism are synchronous, after the SM2 public key of the server is received, the terminal national encryption suite of the Internet of things updates the SM4 key and refreshes lifetime, and the lifetime of the SM2 public key of the server is greater than that of the SM4 key of the client.

In the embodiment, by generating an SM2 public key in response to receiving the encryption request, a first message is generated according to the SM2 public key and the encryption request; if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message, determining an SM4 key, and generating a second message according to the SM4 key and a message generation function; if the server receives the second message, decrypting the second message, generating a second reduction message and comparing the second reduction message to obtain a response message; if the terminal of the Internet of things receives the response message, decrypting the response message to enable the SM4 secret key in the response message to be synchronized; after synchronization, data encryption transmission is performed by using the SM4 key. By means of the method, the problem that hardware cost is high when the internet of things terminal uses hardware equipment for encryption and decryption is avoided, encryption and decryption services are performed by software programs, the method is clean and efficient, data transmission safety is guaranteed, and the method meets the requirements of national laws and regulations.

In other embodiments, the first public key is a public key of a cryptographic algorithm SM2, the second public key is a cryptographic algorithm SM4 key, for example, data encryption transmission is performed between a client (i.e., an internet of things terminal) and a server (i.e., a server), which is detailed as follows:

the method comprises the following steps: cryptographic request trigger

When service data of the terminal of the internet of things is received and lifetime =0 (namely, lifetime), an encryption request function in the national encryption module suite is triggered to initiate an encryption request, and an ID of a bring-in device (namely, the terminal of the internet of things) is used for multithreading access of a server in the request, for example, an IMEI (international mobile equipment identity) of the bring-in device (namely, the terminal of the internet of things).

R＝SM2_Funcation(data，β,lifetime，id)

The data comprises a time stamp when a request is initiated and a client MAC address, and the MAC address and the first time stamp are integrated through a function: s = trim (MAC, time) such as the MAC address being 10E7C63C84E8, the time stamp being 1654916287, the character string s after integration being 1%0% E7-the C-th-8% by 8% C-8% the E-8% by 1% by 6% by 5% by 9% by 2% by 8% by 7%.

data＝base64(s)*β

The base64 is one of the most common encoding modes for transmitting the 8-Bit byte codes on the network, and encrypts the character string s through the base64, and randomly generates a random number between beta (2, 5) 2 and beta 5 for performing the base64 encryption on the character string s. <xnotran> s =1%0%E%7%C%6%3%C%8%4%E%8%1%6%5%4%9%1%6%2%8%7%, β =3 : </xnotran>

Data＝

VFZOVmQwcFZWV3hPZVZaRVNsUIpiRTE1VmtSS1ZHZHNUa05XUmtwVVoyeE5VMVV5U2xSVmJFNU RWVFZLVKVWc1RtbFZIVXBVWjJ4T2VWVTk。

Step two: SM2 public key acquisition timeout processing

After the encryption request is sent to the server by the national encryption suite, a timer is started, if the response of the server is not received within 3 seconds, retry is carried out, the response of the server is still not received after 3 times of retry, the server cannot provide encryption service, at the moment, normal service is not influenced, service data is transmitted in a plaintext mode, and the service data is directly communicated with the access service of the Internet of things platform according to the original mode. And if the SM2 public key is received, stopping the timer and entering the next process.

SM2_RESPONS＝SM2timesRetry(3,3)

COMM_MODE＝Change Channel(times Retry(3，3)，Channel_Type)

Step three: SM2 public key generation

Portable device MAC and first timestamp

Specifically, because the server of the platform of the internet of things provides the SM2 public key generating function, after an encryption request initiated by the terminal of the internet of things is received, the client MAC and the first timestamp are obtained by decoding the reverse function

S＝rever_data(data,β)

data and beta are the received client request data.

The public key generating function generates an SM2 public key through a 128-bit character string generated randomly, the SM2 public key is 256 bits, and meanwhile, a timer is started to refresh lifetime.

SM2_PUBLIC_KEY＝sm2Encrypt(random(“key”),lifetime)

The public key is integrated with the client MAC, the first timestamp and the server MAC according to rules, the integration mode is as follows, and detailed in fig. 6, wherein after the client MAC, the server MAC and the first timestamp are sequenced, the client MAC, the server MAC and the first timestamp are inserted into the SM2 public key according to 7 bits to generate a 290-bit character string s _ SM2, which includes the SM2 public key, the client MAC, the server MAC and the first timestamp information.

s_SM2＝sm2_create(MAC_client,MAC_server,time_1,SM2)

And performing base64 conversion on the integrated character strings to generate data of the message, and sending the data to the Internet of things.

data＝base64(s_SM2)*η

Eta is (random (2, 5)) 2-5 random numbers, which are used for performing base64 encryption times on s), and returning the s to the terminal of the internet of things, wherein the response message is as follows:

Re＝SM2_Fucation(data,η)

step four: SM4 key generation

After receiving the SM2 public key message, a national encryption suite of the Internet of things terminal restores the message through a reverse function, restores a client MAC, a server MAC and a first timestamp, performs similar comparison on the restored client MAC and the first timestamp respectively with the client MAC and the first timestamp corresponding to the time of sending the request, and enters the next step after the client MAC and the first timestamp pass the comparison.

The SM4 key generator is started to generate the SM4 key, and a timer is started to refresh lifetime.

SM4_PRIVAT_KEY＝sm4Encrypt(random(“key”),lifetime)

And encrypting the SM4 key, the client MAC, the server MAC and the second timestamp through the obtained SM2 public key, and sending the encrypted key to the server:

data＝sm2Encrypt(SM2_PUBLIC_KEY,MAC_client,MAC_server,time_2,SM4_PRIVAT_KEY)

step five: SM4 key response timeout handling

After the SM4 secret key is sent to the server by the national secret encryption suite, a timer is started, if the response of the server is not received within 3s, retry is carried out, the response of the server is still not received after 3 times of retry, the fact that the server cannot provide encryption service is shown, at the moment, normal service is not influenced, service data are transmitted in a plaintext mode, and the service data are directly communicated with the access service of the Internet of things platform according to the original mode. And if the server SM4 key response is received, stopping the timer and entering the next process.

Here, it should be further noted that if encrypted transmission cannot be provided, in order to avoid long-term influence on normal services, alarm information needs to be sent out in time, and the alarm information can be maintained and processed in time by a worker.

SM4_RESPONS＝SM4timesRetry(3,3)

COMM_MODE＝ChangeChannel(SM4timesRetry(3，3)，Channel_Type)

Step six: SM4 key response

And after receiving the SM4 key message, the server restores the message through a reverse function, restores the client MAC, the server MAC, the second timestamp and the SM4 key, performs similar comparison on the restored client MAC and server MAC and the stored client MAC and server MAC, and enters the next step after the comparison is passed. And responding to the client, and directly carrying out SM4 encryption on the client MAC, the server MAC and the second time stamp by the response message by using the received SM4 key.

SM4_ACK＝sm4Meesage(SM4_PRIVAT_KEY,MAC_client,MAC_server,time_2)

Step seven: SM4 key synchronization completion

After receiving the SM4 key response, the Internet of things client obtains the client MAC, the server MAC and the second timestamp in the response message through decryption, performs similar comparison with the pre-stored client MAC, server MAC and second timestamp, completes SM4 key synchronization after all comparisons are passed, and performs communication according to SM4 encryption and decryption in all subsequent communication processes. If the comparison fails, the communication is carried out according to the original unencrypted communication mode.

In the above steps, if no message is received or comparison fails in any step, it indicates that SM4 synchronization fails, and the terminal SM4 encrypts the communication flow and enters the unencrypted communication process.

Step eight: SM4 national secret encryption service data

And after the SM4 secret key is synchronized at the server side and the client side, all service messages at the client side of the Internet of things are encrypted and decrypted by the synchronized SM4 secret key through the national secret encryption module.

CLINET_MESSAGE_ENCRYPTION＝sm4Encrypt(SM4_PRIVAT_KEY,message)

CLIENT_MESSAGE_DECRYPT＝sm4Decrypt(SM4_PRIVAT_KEY,message)

And all service messages at the service end carry out encryption and decryption of service data through the national encryption service.

SERVER_MESSAGE_ENCRYPTION＝sm4Encrypt(SM4_PRIVAT_KEY,message)

SERVER_MESSAGE_DECRYPT＝sm4Decrypt(SM4_PRIVAT_KEY,message)

Step eight: server-side multithreading

And the server side provides encryption and decryption services for the access equipment, and after a large number of pieces of equipment are counted, an encryption communication Session corresponding to the Internet of things equipment is started in the thread pool through the equipment ID value in the encryption request in the step one. When the public key lifetime of SM2 is 0, the session is released.

CLIENT_SESSION＝threading(client_id,lifetime)

Step nine: SM2 public key update

And after the SM2 public key is generated by the access service, starting the lifetime which serves as a parameter and can be configured at the service end. And when service data communication exists in the lifetime period, updating the SM2 public key after the expiration and transmitting the SM2 public key to the terminal of the Internet of things. And when no service data exists in the lifteleime period, stopping refreshing until an encryption request of the next internet of things terminal is received next.

The lifetime of the SM2 public key is started through the timer, the service data is monitored in the lifetime period, and the secret key is updated in the transmission process, so that the data security is enhanced.

SM2_PUBLIC_KEY_REFRESH＝sm2Encrypt(random(“key”),lifetime＝0,client_message)

Step ten: SM4 key update

The SM4 key updating mechanism and the SM2 key updating mechanism are synchronous, after the SM2 public key of the server is received, the terminal national encryption suite of the Internet of things updates the SM4 key and refreshes the life time, and the life time of the SM2 public key of the server is larger than that of the SM4 key of the client.

And ensuring that the private key updating of the SM4 is actually triggered synchronously through SM2 public key updating by the fact that the life cycle corresponding to the first public key is longer than that corresponding to the second public key.

SM4_PRIVAT_KEY_REFRESH＝sm2Encrypt(SM2_PUBLIC_KEY,sm4Encrypt(random(“key”),re_lifetime))

In the embodiment, a trigger instruction is received, and an encryption request is sent to the server in response to the trigger instruction; generating a first public key in response to receiving the encryption request, and generating a first message according to the first public key and the encryption request; if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second secret key, and generating a second message according to the second secret key and a message generation function; if the server receives the second message, decrypting the second message, generating a second reduction message and comparing the second reduction message to obtain a response message; if the internet of things terminal receives the response message, decrypting the response message to enable the second secret key in the response message to be synchronized; and after synchronization, carrying out data encryption transmission by using the second key. This application uses above-mentioned mode, has avoided thing networking terminal to use hardware equipment encryption, decipher to bring the hardware with high costs, adopts software program to encrypt, decipher the service, clean high-efficient, both ensure data transmission safety, accord with the national laws and regulations requirement again.

Referring to fig. 7, a schematic structural block diagram of a data encryption transmission apparatus provided in an embodiment of the present application includes:

the encryption request module in the client sends an encryption request to the SM2 public key generating module in the server-side national secret encryption service, so that the SM2 public key generating module generates an SM2 public key; the SM2 public key updating module is used for monitoring whether the life cycle of the SM2 public key meets the updating condition, and if the life cycle of the SM2 public key meets the updating condition, updating the current SM2 public key;

feeding back the generated SM2 public key to an SM4 key generation module so that the SM4 key generation module generates an SM4 key, and encrypting and transmitting the generated SM4 key to a server by using the SM2 public key so that the server stores an SM4 encryption module and an SM4 decryption module; the SM4 secret key updating module is used for monitoring whether the life cycle of the SM4 secret key meets the updating condition or not, and if the life cycle of the SM4 secret key meets the updating condition, updating the current SM4 secret key;

in the above manner, the client and the server both store an SM4 encryption module, an SM4 decryption module and an SM4 encryption module, and are used for encrypting the service data to be transmitted; the SM4 decryption module is used for decrypting the received service data; the SM4 encryption thread pool of the server can process encryption of a plurality of access services, and the SM4 decryption thread pool of the server can process decryption of a plurality of access services.

Referring to fig. 8, the present embodiment provides a data encryption transmission apparatus, including:

the request triggering module 801 is configured to receive a triggering instruction, and send an encryption request to a server in response to the triggering instruction, where the encryption request includes a first timestamp of request initiation and address information of an internet of things terminal;

and receiving a trigger instruction from a software development kit in the terminal of the Internet of things.

A public key generating module 802, configured to generate a first public key in response to receiving the encryption request, and generate a first message according to the first public key, address information of the internet of things terminal, and a first timestamp;

a key generation module 803, configured to decrypt the first message, generate a first restored message, compare the first restored message with the second restored message, determine a second key, and generate a second message according to the second key and a message generation function if the internet of things terminal receives the first message;

a key response module 804, configured to decrypt the second message, generate and compare a second recovery message, and generate a response message in response to the compared second recovery message, if the server receives the second message;

a key synchronization module 805, configured to decrypt the response message if the internet of things terminal receives the response message, so as to complete synchronization of a second key in the response message;

and an encryption transmission module 806, configured to use the second key for data encryption transmission between the internet of things terminal and the server after the second key is synchronized between the internet of things terminal and the server.

In an embodiment, the public key generation module 802 is configured to:

in response to receiving the encryption request, randomly generating a first public key using a first encryption algorithm; integrating the first public key, address information of the internet of things terminal, address information of a server and a first timestamp initiated by the encryption request according to a preset rule to obtain a character string confused with the first public key; and performing code conversion on the character string to generate a first message, and returning the first message to the server.

In an embodiment, the key generation module 803 is configured to:

if the terminal of the Internet of things receives the first message, decrypting the first message through a message reverse function to generate a first reduction message; the address information and the first time stamp of the internet of things terminal in the first recovery message are compared with the address information and the first time stamp of the internet of things terminal in the encryption request in a same type, and after the comparison is passed, a second key is determined by using a second key generator; generating a second message by using a message generation function to enable the second key, the address information of the internet of things terminal, the address information of the server and a timestamp for generating the second key; and encrypting the second message by using the first public key and transmitting the second message to the server.

In one embodiment, the key response module 804 is configured to:

if the server receives the second message, decrypting the second message through a message reverse function to generate a second recovery message; comparing the address information of the internet of things terminal and the address information of the server in the second recovery message with the address information of the internet of things terminal and the address information of the server which are stored in advance in a similar manner, and generating a response message after the comparison is passed; and encrypting the response message based on the second secret key, and transmitting the response message to the terminal of the Internet of things.

In an embodiment, the key synchronization module 805 is configured to:

if the internet of things terminal receives the response message, decrypting the response message through a message reverse function to obtain a response message, address information of the internet of things terminal, address information of the server and a second timestamp generated by a second secret key; and comparing the response message, the address information of the Internet of things terminal, the address information of the server and a second timestamp generated by a second key with a pre-stored threshold value in the same class, and after the comparison is passed, performing data communication between the Internet of things terminal and the server by using the second key.

In an embodiment, the encrypted transmission module 806 is configured to:

The first public key is a public key of a cryptographic algorithm SM2, and the second public key is a cryptographic algorithm SM 4.

In an embodiment, before the public key generating module 802 or/and before the key responding module 804, the data encryption transmission apparatus further includes:

a response timeout processing module configured to: if the server response is not received within the preset time, the response is carried out again; if the server response is not received after the retry is repeated for many times, the plaintext is adopted to transmit the service data, and alarm information is generated to prompt.

In an embodiment, after the encrypting transmission module 806, the data encrypting transmission apparatus further includes: a doubling processing module configured to: if the server receives a plurality of access services, calling threads of a thread pool to perform parallel processing on each access service, and encrypting the communication session of the corresponding Internet of things terminal by each thread according to the Internet of things terminal identification carried by the encryption request; and when the life cycle of the thread adopting the first public key becomes zero, releasing the communication session corresponding to the current thread.

In an embodiment, after the public key generating module 802, the data encryption transmission apparatus further includes:

a public key update module configured to: timing the life cycle of the first public key, and determining the life cycle of the first public key; if the service data communication of the encryption request exists in the life cycle and the life cycle reaches the preset time, updating the current first public key and synchronizing the updated first public key to the terminal of the Internet of things; and if the service data communication of the encryption request does not exist in the life cycle is monitored, the current first public key is stopped to be updated until the encryption request from the terminal of the Internet of things is received.

In an embodiment, after the public key updating module, the data encryption transmission device further includes:

a key update module configured to: after updating the current first public key and synchronizing the updated first public key to the internet of things terminal, the method further includes: if the current first public key is monitored and updated in the corresponding life cycle, the internet of things terminal is triggered to enable the second secret key to be updated in the corresponding life cycle, wherein the life cycle corresponding to the first public key is longer than the life cycle corresponding to the second secret key.

In this embodiment, the data encryption transmission apparatus is substantially provided with a plurality of modules for executing the method in the above embodiments, and specific functions and technical effects may refer to the above method embodiments, which are not described herein again.

Referring to fig. 9, an embodiment of the present application further provides an electronic device 900, which includes a processor 901, a memory 902, and a communication bus 903;

a communication bus 903 is used to connect the processor 901 to the memory 902;

the processor 901 is adapted to execute a computer program stored in the memory 902 to implement the method according to one or more of the above-mentioned embodiments.

The embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, the computer program being used for causing a computer to execute the method according to any one of the above-mentioned embodiments.

Embodiments of the present application also provide a non-transitory readable storage medium, where one or more modules (programs) are stored in the storage medium, and when the one or more modules are applied to a device, the device may execute instructions (instructions) included in an embodiment of the present application.

It should be noted that the computer readable medium of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor device, apparatus, or a combination of any of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution apparatus, device, or apparatus. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution apparatus, device, or apparatus. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.

The computer readable medium may be embodied in the electronic device; or may be separate and not incorporated into the electronic device.

Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based devices that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The above embodiments are merely illustrative of the principles and utilities of the present application and are not intended to limit the application. Any person skilled in the art can modify or change the above-described embodiments without departing from the spirit and scope of the present application. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical concepts disclosed in the present application shall be covered by the claims of the present application.

Claims

1. A method for encrypted transmission of data, comprising:

if the terminal of the Internet of things receives the first message, decrypting the first message, generating a first reduction message, comparing the first reduction message with the first reduction message, determining a second key, and generating a second message according to the second key and a message generation function;

2. The method of claim 1, wherein generating a first public key in response to receiving the encryption request, generating a first message based on the first public key, address information of the terminal of the internet of things, and a timestamp of the request initiation, comprises:

3. The method of claim 1, wherein if the terminal of the internet of things receives the first message, the first message is decrypted to generate a first reduction message, and the first reduction message is compared to determine a second secret key; generating a second message according to the second key and a message generation function, comprising:

4. The method of claim 1, wherein if the server receives the second message, decrypting the second message to generate a second restored message and comparing the second restored message, and generating a response message in response to the compared second restored message, comprises:

5. The method of claim 1, wherein decrypting the response message if the internet of things terminal receives the response message to synchronize the second key in the response message comprises:

6. The method according to any of claims 1 to 5, wherein the first public key is a cryptographic algorithm SM2 public key and the second key is a cryptographic algorithm SM4 key.

7. The method of any one of claims 1 to 5, wherein after the encrypted data transmission between the terminal of the internet of things and the server is performed by using the second key, the method further comprises: if the server receives a plurality of access services, calling threads of a thread pool to perform parallel processing on each access service, and encrypting the communication session of the corresponding Internet of things terminal by each thread according to the Internet of things terminal identification carried by the encryption request; and when the life cycle of the thread adopting the first public key becomes zero, releasing the communication session corresponding to the current thread.

8. The method of any of claims 1 to 5, wherein, after generating the first public key in response to receiving the encryption request, further comprising:

and if the service data communication of the encryption request does not exist in the life cycle, stopping updating the current first public key until the encryption request from the terminal of the Internet of things is received.

9. The method of claim 8, wherein after updating the current first public key and synchronizing the updated first public key to the internet of things terminal, further comprising: if the current first public key is monitored and updated in the corresponding life cycle, the internet of things terminal is triggered to enable the second secret key to be updated in the corresponding life cycle, wherein the life cycle corresponding to the first public key is longer than the life cycle corresponding to the second secret key.

10. A data encryption transmission apparatus, comprising:

the key generation module is used for decrypting the first message if the internet of things terminal receives the first message, generating a first reduction message, comparing the first reduction message and the first reduction message in parallel, determining a second key, and generating a second message according to the second key and a message generation function;

11. An electronic device comprising a processor, a memory, and a communication bus;

the communication bus is used for connecting the processor and the memory;

the processor is configured to execute a computer program stored in the memory to implement the method of any one of claims 1-9.

12. A computer-readable storage medium, characterized in that a computer program is stored thereon for causing a computer to perform the method of any of claims 1-9.