CN116405304A - Communication encryption method, system, terminal and storage medium - Google Patents
Communication encryption method, system, terminal and storage medium Download PDFInfo
- Publication number
- CN116405304A CN116405304A CN202310429622.5A CN202310429622A CN116405304A CN 116405304 A CN116405304 A CN 116405304A CN 202310429622 A CN202310429622 A CN 202310429622A CN 116405304 A CN116405304 A CN 116405304A
- Authority
- CN
- China
- Prior art keywords
- information
- sensitive information
- communication
- key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 89
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims abstract description 17
- 230000004044 response Effects 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 21
- 238000012937 correction Methods 0.000 claims description 9
- 238000011835 investigation Methods 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000005856 abnormality Effects 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 238000007405 data analysis Methods 0.000 claims description 4
- 230000008859 change Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Economics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Water Supply & Treatment (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Medical Informatics (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the field of electronic information security, and in particular, to a communication encryption method, system, terminal and storage medium. The method comprises the following steps: acquiring a division rule of common information and sensitive information, reading data information and dividing the common information and the sensitive information; encrypting and transmitting common information and dividing rules through a symmetrical encryption algorithm; a public key encryption algorithm is adopted to obtain a secret key, sensitive information is encrypted, and communication encryption and transmission are carried out; judging whether the sensitive information is tampered before being transmitted to a receiver, if not, sending an information effective signal, and if so, sending an alarm signal; responding to the alarm signal, refusing to accept the sensitive information by the receiver, modifying the secret key, replacing the secret key once in each communication, and ensuring that the secret key in each communication is unique; and in response to the information valid signal, combining the sensitive information with the common information according to the division rule. The method and the device have the effects of improving communication safety and guaranteeing data validity.
Description
Technical Field
The present invention relates to the field of electronic information security, and in particular, to a communication encryption method, system, terminal, and storage medium.
Background
In the field of power utilization operation and maintenance of the power line, the power operation and the power rush repair of a professional team, a novel operation terminal and back clamp equipment are introduced for improving the field operation efficiency as matched tools for operating power grid equipment, the back clamp equipment is expansion equipment, and functional components such as a national network company standard safety module, a 5G chip and the like are arranged in the back clamp equipment, and the back clamp equipment is connected with the operation terminal through Bluetooth.
The field operator can exchange information with the electric power equipment such as the ammeter, the concentrator and the like only by the operation terminal. The operation terminal APP can be used for easily completing a series of operations such as site repair, parameter setting and checking, site power failure, site recharging, secret key downloading, electricity price adjustment and the like of the electric energy meter, and currently, the service functions of the operation terminal and the back clamp basically cover all service scenes of the electric power metering site operation.
At present, the Bluetooth communication between the universal terminal and the back clamp adopts plaintext transmission, data is easy to intercept, tamper or lose, the safety of communication is low, and the effectiveness of the data cannot be ensured.
Disclosure of Invention
In order to improve communication safety and ensure data validity, the application provides a communication encryption method.
In a first aspect, the present application provides a communication encryption method, which adopts the following technical scheme:
a communication encryption method, comprising the steps of: acquiring a division rule of common information and sensitive information, reading data information and dividing the common information and the sensitive information; encrypting and transmitting common information and dividing rules through a symmetrical encryption algorithm; a public key encryption algorithm is adopted to obtain a secret key, the sensitive information is encrypted, and communication encryption and transmission are carried out; judging whether the sensitive information is tampered before being transmitted to a receiver, if not, sending an information effective signal, and if so, sending an alarm signal; responding to the alarm signal, refusing to accept the sensitive information by a receiver, modifying the secret key, and replacing the secret key once in each communication to ensure that the secret key in each communication is unique; and responding to the information effective signal, and combining the sensitive information with the common information according to the dividing rule.
By adopting the technical scheme, the data are divided, sensitive information is determined, and common information and division rules adopt a symmetrical encryption algorithm which has the advantages of high encryption and decryption speeds. And for the sensitive information, the communication encryption is carried out by adopting the combination of an asymmetric encryption algorithm and a hash algorithm, so that the security is higher, whether the sensitive data is tampered or not is judged, if yes, an alarm is given, and if no, the common information and the sensitive information are combined through a division rule, so that a complete data message is obtained. The information data is protected by a multilayer encryption and decryption mode, so that the phenomenon that the data is easy to intercept, tamper or lose is reduced, and the safety and confidentiality of communication are improved.
Preferably, in the step of obtaining a key by using a public key encryption algorithm, encrypting the sensitive information, and performing communication encryption and transmission, the key includes a first private key, a public key of a receiver, a second private key and a private key of the receiver, and the steps include: performing abstract operation on sensitive information based on a hash algorithm, and generating and transmitting an information abstract according to the sensitive information; encrypting the information abstract according to the information abstract and the private key of the sender, and generating and sending a digital name; encrypting the digital signature and the sensitive information through a first private key, generating a ciphertext containing the sensitive information and transmitting the ciphertext; encrypting a first private key through a public key of a receiver to generate and send a digital envelope, wherein the digital envelope comprises the public key of the receiver and the first private key; decrypting the digital envelope through the private key of the receiver to obtain the first private key; and decrypting the ciphertext according to the first private key to obtain the sensitive information and the digital signature.
By adopting the technical scheme, the first private key stored in the sender encrypts the information to obtain the ciphertext, the set public key of the receiver encrypts the first private key to obtain the digital envelope, one end of the receiver decrypts the digital envelope according to the private key of the receiver stored in the receiver to obtain the first private key, and then decrypts the ciphertext through the first private key to obtain the sensitive information, the sensitive information is protected in a multi-layer encryption and decryption mode, so that the phenomenon that the data is easy to intercept, tamper or lose is reduced, the safety of communication is improved, the sensitive information is refused to be accepted if the sensitive information is tampered, and the first private key is modified, so that the correctness and the effectiveness of the data are ensured, the safety of data transmission is improved, and the storage management of the secret key is simpler and more flexible;
at one end of a sender, sensitive information is calculated to generate a fixed-length information abstract, the information abstract is an authentication identifier of information uniqueness, when the sensitive information has tiny change, the change of the information abstract can be caused, a private key of the sender is used for encrypting the information abstract, a section of digital string is generated as a data signature, and the reliability and the safety of message transmission are ensured by the digital signature.
Preferably, the step of determining whether the sensitive information is tampered before being transmitted to the receiver, if not, sending an information valid signal, and if so, sending an alarm signal, includes the following steps: decrypting the digital signature according to a preset sender public key to obtain a signature abstract; decrypting according to the sensitive information to obtain an information abstract; responsive to the signature digest being the same as the message digest, issuing a message valid signal; and sending an alarm signal in response to the signature digest being different from the message digest.
By adopting the technical scheme, comparing the signature abstract with the information abstract, if the digital signature is valid, generating an information valid signal and receiving the sensitive information, wherein the original sensitive information is not tampered; if the original sensitive information or signature is modified or the sensitive information or signature is not trustworthy, an alarm signal is sent.
Preferably, the receiving party refuses to accept the sensitive information in response to the alarm signal, modifies the key, changes the key once every communication, ensures that the key in every communication is unique, and includes the following steps: responding to the alarm signal, refusing to accept the sensitive information by a receiver, and sending a refusal signal; modifying the first private key at the sender in response to the rejection signal; correcting the tampered sensitive information; tracing the reason why the sensitive information is tampered with.
By adopting the technical scheme, for the sensitive information judged to be tampered, the receiver refuses to accept, modifies the first key at one end of the sender, corrects the tampered sensitive information, ensures the accuracy and the effectiveness of data transmission, and traces the reason of the tampered sensitive information so as to take corresponding precautionary measures.
Preferably, the correcting the tampered sensitive information includes the steps of:
generating a correction instruction for retransmitting the sensitive information at the receiving party;
and at the sender, responding to the correction instruction, applying the modified first private key to generate and send the ciphertext and the digital envelope.
By adopting the technical scheme, after the sensitive information is tampered, the sensitive information is corrected, the ciphertext and the digital envelope are generated according to the modified first key, and the encryption and decryption processes are carried out again, so that the transmission of the sensitive information is carried out again.
Preferably, the tracing the reason why the sensitive information is tampered includes the following steps: performing data tracing and data investigation of the sensitive information; the identity of the suspected tampering is determined for reference.
By adopting the technical scheme, the data is comprehensively tracked and inspected through data tracing and data investigation, the data tracing and investigation are automatically carried out, and the sources and flows of the data are inspected one by one; and checking and investigating the possible suspects by confirming whether the data is tampered and the time and the position of the tampering, analyzing the users, the manager, the transmitter and the like of the data, checking whether the improper behavior of the internal personnel exists, determining the possible tampering identity and providing the information of the tampering identity for the manager to refer to and check.
Preferably, the step of performing data tracing and investigation includes the following steps: knowing the source and flow of the sensitive information through a preset data analysis tool; and checking the data record and the data log of the sensitive information through a preset log monitoring tool, and generating a tampered record of the sensitive information.
By adopting the technical scheme, the transmission process of the sensitive information is monitored, the data is comprehensively tracked and checked by means of monitoring means such as a data analysis tool, a log monitoring tool and the like, the data is automatically traced and checked, the sources and the processes of the data are checked one by one, the data record and the log are checked, and whether the data is tampered or not and the tampered time and position are confirmed.
In a second aspect, the present application discloses a communication encryption system, which adopts the above communication encryption method, including: the data dividing module is used for acquiring dividing rules of the common information and the sensitive information, reading the data information and dividing the common information and the sensitive information; the first communication module encrypts and transmits common information and division rules through a symmetrical encryption algorithm; the second communication module adopts a public key encryption algorithm to obtain a secret key, encrypts the sensitive information and performs communication encryption and transmission; the abnormality judging module judges whether the sensitive information is tampered before being transmitted to a receiver, if not, the abnormality judging module sends out an information effective signal, and if so, the abnormality judging module sends out an alarm signal; the abnormal alarm module responds to the alarm signal, the receiver refuses to accept the sensitive information, modifies the secret key, changes the secret key once in each communication, and ensures that the secret key in each communication is unique; and the information merging module is used for responding to the information effective signal and merging the sensitive information and the common information according to the dividing rule.
By adopting the technical scheme, the data are divided through the data division model, sensitive information is determined, and the common information and the division rule are subjected to communication encryption by adopting a symmetric encryption algorithm through the first communication module, so that the encryption and decryption speed is higher. And carrying out communication encryption on the sensitive information by adopting the combination of an asymmetric encryption algorithm and a hash algorithm through a second communication module, judging whether the sensitive data is tampered or not through an anomaly judgment module with higher safety, alarming through an anomaly alarming module if the sensitive data is tampered, and merging common information and the sensitive information according to a division rule through an information merging module if the sensitive data is not tampered, so as to obtain complete data information. The sensitive information is protected by a multilayer encryption and decryption mode, the phenomenon that data is easy to intercept, tamper or lose is reduced, and the safety and confidentiality of communication are improved.
In a third aspect, the present application discloses a terminal device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor adopts the above-mentioned communication encryption method when loading and executing the computer program.
By adopting the technical scheme, the computer program is generated by the communication encryption method and stored in the memory to be loaded and executed by the processor, so that the terminal equipment is manufactured according to the memory and the processor, and the use of a user is facilitated.
In a fourth aspect, the present application discloses a computer readable storage medium, which adopts the following technical scheme: a computer readable storage medium having a computer program stored therein, the computer program when loaded and executed by a processor employing the communication encryption method described above.
By adopting the technical scheme, the computer program is generated by the communication encryption method and stored in the computer readable storage medium to be loaded and executed by the processor, and the computer program is convenient to read and store by the computer readable storage medium.
Drawings
Fig. 1 is a flowchart of a method of steps S1-S6 of a communication encryption method according to an embodiment of the present application.
Fig. 2 is a flowchart of a method of steps S30-S15 of a communication encryption method according to an embodiment of the present application.
Fig. 3 is a flowchart of a method of steps S40-S43 of a communication encryption method according to an embodiment of the present application.
Fig. 4 is a flowchart of a method of steps S50-S53 of a communication encryption method according to an embodiment of the present application.
Fig. 5 is a flowchart of a method of steps S520-S521 of a communication encryption method according to an embodiment of the present application.
Fig. 6 is a flowchart of a method of steps S530-S531 of a communication encryption method according to an embodiment of the present application.
Detailed Description
The present application is described in further detail below in conjunction with figures 1-6.
The embodiment of the application discloses a communication encryption method, referring to fig. 1, the communication encryption method comprises steps S1-S6, specifically as follows:
s1, acquiring a division rule of common information and sensitive information, reading data information and dividing the common information and the sensitive information.
And reading the data information, and dividing the data information into common information and sensitive information according to a dividing rule set or selected by a user, wherein the data information is divided into asset data and user data as sensitive information, and the equipment data is common information.
S2, encrypting and transmitting common information and dividing rules through a symmetrical encryption algorithm;
each message of the communication is encrypted and decrypted separately. The message is encrypted using a key, an encryption algorithm, and an encryption mode at the time of encryption, and a ciphertext is transmitted. And decrypting the ciphertext by using the same key, encryption algorithm and encryption mode during decryption, and obtaining the original message.
In this application, the encryption algorithm and the key length are determined according to the requirements, and the application uses AES algorithm and 128-bit key, so that the sender and the receiver set the same key, uses a key exchange algorithm, such as DH (Diffie-Hellman) algorithm, or uses a pre-shared key, such as first sharing the key under the condition of physical security.
The encryption module of the present application uses ECB (Electronic Codebook, codebook), CBC (ciphered block chaining), CFB (Cipher text feedback) or OFB (output feedback), wherein ECB is the simplest block encryption mode, but the security is relatively low, because the same block will get the same Cipher text when encrypting; CBC is a more secure block encryption mode, which requires a random initialization vector to guarantee independence between blocks; CFB and OFB are stream encryption modes that can change the encryptor into a pseudo-random number generator that generates a pseudo-random number stream that is then used to encrypt or decrypt.
To take cryptographic integrity and authentication into account, a Message Authentication Code (MAC) may be used to protect the integrity and authenticity of the message. The MAC hashes the message using the key and hash function and signs the message with a key to ensure that the message is not tampered with.
S3, a public key encryption algorithm is adopted to obtain a secret key, sensitive information is encrypted, communication encryption and transmission are carried out, referring to FIG. 2, step S3 comprises steps S30-S35, and the method specifically comprises the following steps:
s30, carrying out abstract operation on the sensitive information based on a hash algorithm, and generating and transmitting an information abstract according to the sensitive information;
specifically, a hash algorithm is used at one end of a sender to calculate the sensitive information to generate a fixed-length information abstract, the information abstract is a unique authentication mark of the information, and when the sensitive information has small change, the change of the information abstract is caused. The transmitting end of the application is a working terminal and can be a device terminal such as a mobile phone.
S31, encrypting the information abstract according to the information abstract and the private key of the sender, and generating and sending a digital name.
At one end of the sender, an elliptic curve public key cryptographic algorithm is used, the information abstract is encrypted through a private key of the sender, a section of digital string is generated to serve as a data signature, the digital signature ensures the reliability and the safety of message transmission, the identity of the sender is not required to be proved by the data sender through other mechanisms, and the receiver can completely trust the identity of the sender.
S32, encrypting the digital signature and the sensitive information through a first private key, generating a ciphertext containing the sensitive information, and transmitting the ciphertext.
S33, encrypting the first private key through the public key of the receiver to generate and send a digital envelope, wherein the digital envelope comprises the public key of the receiver and the first private key.
At one end of a sender, a block symmetric cryptographic algorithm is used, a digital signature and sensitive information are encrypted through a first private key, a ciphertext is generated, the first private key is encrypted through a set public key of a receiver, a digital envelope is generated, and the digital envelope and the ciphertext are sent out together.
S34, decrypting the digital envelope through the private key of the receiver to obtain a first private key.
At the receiver end, the digital envelope is decrypted by using a block symmetric cryptographic algorithm, and the data of the first private key is obtained at the receiver.
And S35, decrypting the ciphertext according to the first private key to obtain the sensitive information and the digital signature.
And at the receiving end, decrypting the ciphertext by using a block symmetric cipher algorithm, and obtaining the sensitive information and the digital signature at the receiving end.
S4, judging whether the sensitive information is tampered before being transmitted to a receiver, if not, sending out an information effective signal, and if so, sending out an alarm signal, referring to FIG. 3, wherein the step S4 comprises the steps S40-S43, and specifically comprises the following steps:
s40, decrypting the digital signature according to a preset sender public key to obtain a signature abstract.
S41, decrypting according to the sensitive information to obtain the information abstract.
And S42, sending out an information valid signal in response to the signature digest being identical to the information digest.
And S43, sending out an alarm signal in response to the fact that the signature abstract is different from the information abstract.
Comparing the signature abstract with the information abstract, if the same description indicates that the digital signature is valid, the original sensitive information is not tampered, generating an information valid signal, and receiving the sensitive information; if the original sensitive information or signature is modified or the sensitive information or signature is not trustworthy, an alarm signal is sent.
S5, responding to the alarm signal, refusing to accept the sensitive information by the receiver, modifying the secret key, replacing the secret key once in each communication, ensuring that the secret key in each communication is unique, referring to FIG. 4, the step S5 comprises the steps S50-S52, and the specific steps are as follows:
and S50, responding to the alarm signal, refusing to accept the sensitive information by the receiver, and sending a refusal signal.
After the alarm signal is generated, the receiver refuses to accept the decrypted sensitive information and sends a signal to the sender, and meanwhile, the tampered sensitive information is deleted, so that the memory occupied by the junk data is reduced.
And S51, responding to the rejection signal, and modifying the first private key at the sender.
When the sender receives a rejection signal sent by the receiver, the original stored first private key is automatically deleted, a new first private key is generated, and the new first private key is stored in the sender.
And S52, correcting tampered sensitive information.
When the sensitive information is tampered, the sensitive information is corrected, and the correction method of the application can be to retransmit the sensitive information. Referring to fig. 5, step S52 includes steps S520 to S521, specifically as follows:
s520, generating a correction instruction for transmitting retransmission sensitive information at the receiving side;
s521, at the sender, in response to the correction instruction, the modified first private key is applied to generate and send the ciphertext and the digital envelope.
And S53, tracing the reason why the sensitive information is tampered. Referring to fig. 6, step S53 includes steps S530 to S531, specifically as follows:
and S530, performing data tracing and data investigation of the sensitive information.
The method comprises the steps of monitoring the transmission process of information data, comprehensively tracking and checking the data by means of monitoring means such as a data analysis tool and a log monitoring tool, automatically tracing and checking the data, checking the source and the flow of the data one by one, checking data records and logs, confirming whether the data is tampered and the time and the position of the tampering, generating an abnormal list, and sending the abnormal list to a manager for the manager to check.
And S531, determining suspicious tampered identity for reference.
After confirming whether the data is tampered and the time and the position of the tampering, the possible suspects are inspected and surveyed, users, managers, transmitters and the like of the data are analyzed, whether the improper behaviors of internal personnel exist or not is surveyed, the possible tampering identity is determined, information of the tampering identity is provided, and the information of the tampering identity is recorded in the abnormal list for reference and survey of management personnel.
And S6, responding to the information effective signal, and combining the sensitive information with the common information according to the division rule.
And when the sensitive information is confirmed to be effective, combining the common information with the sensitive information according to the decrypted dividing rule and the common information to obtain complete information.
The implementation principle of the communication encryption method in the embodiment of the application is as follows:
the data is divided to determine the sensitive information, the common information and the dividing rule adopt a symmetrical encryption algorithm, and the symmetrical encryption algorithm has the advantage of high encryption and decryption speeds. And for the sensitive information, the communication encryption is carried out by adopting the combination of an asymmetric encryption algorithm and a hash algorithm, so that the security is higher, whether the sensitive data is tampered or not is judged, if yes, an alarm is given, and if no, the common information and the sensitive information are combined through a division rule, so that a complete data message is obtained. The information data is protected by a multilayer encryption and decryption mode, so that the phenomenon that the data is easy to intercept, tamper or lose is reduced, and the safety and confidentiality of communication are improved. By judging whether the information data is tampered or not, if so, refusing to accept the information data and modifying the first private key, so that the correctness and the effectiveness of the data are ensured, the safety of data transmission is improved, and the storage management of the secret key is simpler and more flexible.
The embodiment of the application also discloses a communication encryption system, which comprises: the digital signature generation module encrypts information data sent by a sender to generate a digital signature; the ciphertext generating module is used for encrypting the digital signature and the information data through a first private key, generating a ciphertext containing the information data and transmitting the ciphertext; the digital envelope generation module encrypts the first private key through a preset public key of a receiver to generate and send a digital envelope, wherein the digital envelope comprises the public key of the receiver and the first private key; the first decryption module decrypts the digital envelope through a receiver private key preset by a receiver to obtain a first private key; the second decryption module decrypts the ciphertext according to the first private key to obtain information data and a digital signature; the tamper judging module is used for judging whether the information data is tampered or not, if not, sending out an information effective signal, and if so, sending out an alarm signal; and the correction module is used for correcting the first private key of the sender in response to the alarm signal.
The implementation principle of the communication encryption system in the embodiment of the application is as follows:
the data is divided through the data division model, sensitive information is determined, and the common information and the division rule are subjected to communication encryption through the first communication module by adopting a symmetric encryption algorithm, so that the encryption and decryption speed is higher. And carrying out communication encryption on the sensitive information by adopting the combination of an asymmetric encryption algorithm and a hash algorithm through a second communication module, judging whether the sensitive data is tampered or not through an anomaly judgment module with higher safety, alarming through an anomaly alarming module if the sensitive data is tampered, and merging common information and the sensitive information according to a division rule through an information merging module if the sensitive data is not tampered, so as to obtain complete data information. The information data is protected by a multilayer encryption and decryption mode, so that the phenomenon that the data is easy to intercept, tamper or lose is reduced, and the safety and confidentiality of communication are improved.
The embodiment of the application also discloses a terminal device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the communication encryption method of the embodiment is adopted when the processor executes the computer program.
The terminal device may be a computer device such as a desktop computer, a notebook computer, or a cloud server, and the terminal device includes, but is not limited to, a processor and a memory, for example, the terminal device may further include an input/output device, a network access device, a bus, and the like.
The processor may be a Central Processing Unit (CPU), or of course, according to actual use, other general purpose processors, digital Signal Processors (DSP), application Specific Integrated Circuits (ASIC), ready-made programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the general purpose processor may be a microprocessor or any conventional processor, etc., which is not limited in this application.
The memory may be an internal storage unit of the terminal device, for example, a hard disk or a memory of the terminal device, or may be an external storage device of the terminal device, for example, a plug-in hard disk, a Smart Memory Card (SMC), a secure digital card (SD), or a flash memory card (FC) equipped on the terminal device, or the like, and may be a combination of the internal storage unit of the terminal device and the external storage device, where the memory is used to store a computer program and other programs and data required by the terminal device, and the memory may be used to temporarily store data that has been output or is to be output, which is not limited in this application.
The communication encryption method of the embodiment is stored in the memory of the terminal device through the terminal device, and is loaded and executed on the processor of the terminal device, so that the user can use the communication encryption method conveniently.
The embodiment of the application also discloses a computer readable storage medium, and the computer readable storage medium stores a computer program, wherein the communication encryption method of the embodiment is adopted when the computer program is executed by a processor.
The computer program may be stored in a computer readable medium, where the computer program includes computer program code, where the computer program code may be in a source code form, an object code form, an executable file form, or some middleware form, etc., and the computer readable medium includes any entity or device capable of carrying the computer program code, a recording medium, a usb disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, etc., where the computer readable medium includes, but is not limited to, the above components.
The communication encryption method of the above embodiment is stored in the computer readable storage medium through the computer readable storage medium, and is loaded and executed on the processor, so as to facilitate the storage and application of the communication encryption method.
The foregoing description of the preferred embodiments of the present application is not intended to limit the scope of the application, in which any feature disclosed in this specification (including abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. That is, each feature is one example only of a generic series of equivalent or similar features, unless expressly stated otherwise.
Claims (10)
1. A method of encrypting communications comprising the steps of:
acquiring a division rule of common information and sensitive information, reading data information and dividing the common information and the sensitive information;
encrypting and transmitting common information and dividing rules through a symmetrical encryption algorithm;
a public key encryption algorithm is adopted to obtain a secret key, the sensitive information is encrypted, and communication encryption and transmission are carried out;
judging whether the sensitive information is tampered before being transmitted to a receiver, if not, sending an information effective signal, and if so, sending an alarm signal;
responding to the alarm signal, refusing to accept the sensitive information by a receiver, modifying the secret key, and replacing the secret key once in each communication to ensure that the secret key in each communication is unique;
and responding to the information effective signal, and combining the sensitive information with the common information according to the dividing rule.
2. The communication encryption method according to claim 1, wherein the steps of obtaining a key by using a public key encryption algorithm, encrypting the sensitive information, and performing communication encryption and transmission, wherein the key includes a first private key, a public key of a receiver, a second private key, and a private key of the receiver include:
performing abstract operation on sensitive information based on a hash algorithm, and generating and transmitting an information abstract according to the sensitive information;
encrypting the information abstract according to the information abstract and the private key of the sender, and generating and sending a digital name;
encrypting the digital signature and the sensitive information through a first private key, generating a ciphertext containing the sensitive information and transmitting the ciphertext;
encrypting a first private key through a public key of a receiver to generate and send a digital envelope, wherein the digital envelope comprises the public key of the receiver and the first private key;
decrypting the digital envelope through the private key of the receiver to obtain the first private key;
and decrypting the ciphertext according to the first private key to obtain the sensitive information and the digital signature.
3. The communication encryption method according to claim 2, wherein the step of determining whether the sensitive information is tampered with before being transmitted to the receiving party, if not, sending an information valid signal, and if so, sending an alarm signal, comprises the steps of:
decrypting the digital signature according to a preset sender public key to obtain a signature abstract;
decrypting according to the sensitive information to obtain an information abstract;
responsive to the signature digest being the same as the message digest, issuing a message valid signal;
and sending an alarm signal in response to the signature digest being different from the message digest.
4. The method of encrypting communications according to claim 2, wherein said receiving party refuses to accept said sensitive information in response to said alarm signal, modifies said key, changes said key once per communication, ensures that the key is unique in each communication, comprising the steps of:
responding to the alarm signal, refusing to accept the sensitive information by a receiver, and sending a refusal signal;
modifying the first private key at the sender in response to the rejection signal;
correcting the tampered sensitive information;
tracing the reason why the sensitive information is tampered with.
5. The communication encryption method according to claim 2, further comprising:
the correction of the tampered sensitive information comprises the following steps:
generating a correction instruction for retransmitting the sensitive information at the receiving party;
and at the sender, responding to the correction instruction, applying the modified first private key to generate and send the ciphertext and the digital envelope.
6. The communication encryption method according to claim 4, wherein the tracing of the cause of the tampering of the sensitive information comprises the steps of:
performing data tracing and data investigation of the sensitive information;
the identity of the suspected tampering is determined for reference.
7. The communication encryption method according to claim 6, wherein the performing of data tracing and investigation includes the steps of:
knowing the source and flow of the sensitive information through a preset data analysis tool;
and checking the data record and the data log of the sensitive information through a preset log monitoring tool, and generating a tampered record of the sensitive information.
8. A communication encryption system, characterized in that the communication encryption method according to any one of claims 1 to 7 is used, comprising:
the data dividing module is used for acquiring dividing rules of the common information and the sensitive information, reading the data information and dividing the common information and the sensitive information;
the first communication module encrypts and transmits common information and division rules through a symmetrical encryption algorithm;
the second communication module adopts a public key encryption algorithm to obtain a secret key, encrypts the sensitive information and performs communication encryption and transmission;
the abnormality judging module judges whether the sensitive information is tampered before being transmitted to a receiver, if not, the abnormality judging module sends out an information effective signal, and if so, the abnormality judging module sends out an alarm signal;
the abnormal alarm module responds to the alarm signal, the receiver refuses to accept the sensitive information, modifies the secret key, changes the secret key once in each communication, and ensures that the secret key in each communication is unique;
and the information merging module is used for responding to the information effective signal and merging the sensitive information and the common information according to the dividing rule.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and capable of running on the processor, characterized in that the computer program is loaded and executed by the processor by means of a communication encryption method according to any one of claims 1-7.
10. A computer readable storage medium having a computer program stored therein, wherein the computer program, when loaded and executed by a processor, employs the communication encryption method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310429622.5A CN116405304A (en) | 2023-04-19 | 2023-04-19 | Communication encryption method, system, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310429622.5A CN116405304A (en) | 2023-04-19 | 2023-04-19 | Communication encryption method, system, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116405304A true CN116405304A (en) | 2023-07-07 |
Family
ID=87014060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310429622.5A Pending CN116405304A (en) | 2023-04-19 | 2023-04-19 | Communication encryption method, system, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116405304A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429753A (en) * | 2015-12-30 | 2016-03-23 | 宇龙计算机通信科技(深圳)有限公司 | Voice data method for improving security of VoLTE communication, system and mobile terminal |
| CN109257744A (en) * | 2018-11-05 | 2019-01-22 | 广东工业大学 | 5G data transmission method, system and 5G data send and receive device |
| WO2020155622A1 (en) * | 2019-01-28 | 2020-08-06 | 平安科技(深圳)有限公司 | Method, device and system for enhancing security of image data transmission, and storage medium |
| CN114422115A (en) * | 2021-12-10 | 2022-04-29 | 国网浙江省电力有限公司宁波供电公司 | Power grid data encryption transmission method, system, equipment and readable storage medium |
| CN114826656A (en) * | 2022-03-02 | 2022-07-29 | 国家电网有限公司大数据中心 | Trusted data link transmission method and system |
| CN114884697A (en) * | 2022-04-12 | 2022-08-09 | 平安国际智慧城市科技股份有限公司 | Data encryption and decryption method based on state cryptographic algorithm and related equipment |
-
2023
- 2023-04-19 CN CN202310429622.5A patent/CN116405304A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429753A (en) * | 2015-12-30 | 2016-03-23 | 宇龙计算机通信科技(深圳)有限公司 | Voice data method for improving security of VoLTE communication, system and mobile terminal |
| CN109257744A (en) * | 2018-11-05 | 2019-01-22 | 广东工业大学 | 5G data transmission method, system and 5G data send and receive device |
| WO2020155622A1 (en) * | 2019-01-28 | 2020-08-06 | 平安科技(深圳)有限公司 | Method, device and system for enhancing security of image data transmission, and storage medium |
| CN114422115A (en) * | 2021-12-10 | 2022-04-29 | 国网浙江省电力有限公司宁波供电公司 | Power grid data encryption transmission method, system, equipment and readable storage medium |
| CN114826656A (en) * | 2022-03-02 | 2022-07-29 | 国家电网有限公司大数据中心 | Trusted data link transmission method and system |
| CN114884697A (en) * | 2022-04-12 | 2022-08-09 | 平安国际智慧城市科技股份有限公司 | Data encryption and decryption method based on state cryptographic algorithm and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10595201B2 (en) | Secure short message service (SMS) communications | |
| CN103729941B (en) | A kind of main cipher key T MK method for safely downloading of terminal and system | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| US9647845B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN108206831B (en) | Electronic seal realization method, server, client and readable storage medium | |
| US20060206433A1 (en) | Secure and authenticated delivery of data from an automated meter reading system | |
| US11914754B2 (en) | Cryptographic method for verifying data | |
| CN101627390A (en) | Method for the secure storing of program state data in an electronic device | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| US11888832B2 (en) | System and method to improve user authentication for enhanced security of cryptographically protected communication sessions | |
| CN1778065B (en) | Security method and apparatus using biometric data | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN112332975A (en) | Internet of things equipment secure communication method and system | |
| CN111769938A (en) | Key management system and data verification system of block chain sensor | |
| CN106790045A (en) | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method | |
| CN113918982B (en) | Data processing method and system based on identification information | |
| CN114499875A (en) | Service data processing method and device, computer equipment and storage medium | |
| CN117640150A (en) | Terminal authentication method, carbon emission supervision integrated platform and terminal authentication device | |
| CN112910641A (en) | Verification method and device for cross-link transaction supervision, relay link node and medium | |
| CN114866317B (en) | Multi-party data security calculation method and device, electronic equipment and storage medium | |
| KR20140071775A (en) | Cryptography key management system and method thereof | |
| CN113411321B (en) | Block chain-based electricity consumption data acquisition method and system | |
| CN116405304A (en) | Communication encryption method, system, terminal and storage medium | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN112818384B (en) | Asset processing method, device, equipment and storage medium based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |