CN116566695A - Encryption transmission method and system - Google Patents

Encryption transmission method and system Download PDF

Info

Publication number
CN116566695A
CN116566695A CN202310572471.9A CN202310572471A CN116566695A CN 116566695 A CN116566695 A CN 116566695A CN 202310572471 A CN202310572471 A CN 202310572471A CN 116566695 A CN116566695 A CN 116566695A
Authority
CN
China
Prior art keywords
certificate
parameter information
target certificate
encrypted data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310572471.9A
Other languages
Chinese (zh)
Inventor
杨涛
刘鑫全
宋华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202310572471.9A priority Critical patent/CN116566695A/en
Publication of CN116566695A publication Critical patent/CN116566695A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application discloses an encryption transmission method and system, wherein the method is applied to first equipment and comprises the following steps: interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment; determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through the first target certificate to obtain encrypted data; and sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.

Description

Encryption transmission method and system
Technical Field
The embodiments of the present application relate to communication technology, and relate to, but are not limited to, an encrypted transmission method and system.
Background
With the development of communication technology, the security requirements of networks and data are higher and higher, and the establishment of encrypted connection is also more and more important in the field of communication.
Disclosure of Invention
In view of this, an embodiment of the present application provides an encrypted transmission method and system.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides an encryption connection method, where the method is applied to a first device, and the method includes:
interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through the first target certificate to obtain encrypted data;
and sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
In some embodiments, the interacting with the second device to determine the parameter information includes: establishing an unencrypted connection with the second device; interacting with the second device based on the unencrypted connection to determine parameter information; wherein the parameter information further includes time information.
In some embodiments, the encrypting the data to be transmitted by the first target certificate to obtain encrypted data includes: encrypting the data to be transmitted through a first key of the first target certificate to obtain encrypted data; correspondingly, the sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule, including: transmitting the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second key of the second target certificate; wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
In some embodiments, the determining the first target certificate based on the parameter information and a preset rule includes: determining the first target certificate from a first certificate set based on the parameter information and a preset rule; the second device can determine a second target certificate from a second certificate set based on the parameter information and the preset rule.
In some embodiments, the first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
In some embodiments, the method further comprises at least one of: updating the preset rule every first preset time period; and updating the first certificate set and the second certificate set every second preset time period.
In a second aspect, an embodiment of the present application further provides an encrypted transmission method, where the method is applied to a second device, and the method includes:
interacting with the first device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
Determining a second target certificate based on the parameter information and a preset rule;
receiving encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate; the encrypted data is obtained by encrypting the data to be transmitted by the first device through a first target certificate determined based on the parameter information and a preset rule.
In some embodiments, the determining the second target certificate based on the parameter information and a preset rule includes: determining a second target certificate from a second certificate set based on the parameter information and a preset rule; the first device can determine a first target certificate from a first certificate set based on the parameter information and the preset rule; the first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
In a third aspect, an embodiment of the present application provides an encrypted transmission system, including:
a first device: for interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
Determining a first target certificate based on the parameter information and a preset rule;
encrypting the data to be transmitted through the first target certificate to obtain encrypted data;
transmitting the encrypted data to a second device;
the second device: for interacting with a first device to determine the parameter information;
determining a second target certificate based on the parameter information and a preset rule;
and receiving the encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate.
In some embodiments, the first device is configured to encrypt data to be transmitted with a first key of the first target certificate, to obtain encrypted data; the second device is configured to decrypt the encrypted data with a second key of the second target certificate; wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
Drawings
Fig. 1 is a schematic diagram of an implementation flow of an encryption transmission method according to an embodiment of the present application;
Fig. 2 is a schematic diagram of a second implementation flow of the encryption transmission method in the embodiment of the present application;
fig. 3 is a schematic diagram of an implementation flow of an encryption transmission method according to an embodiment of the present application;
fig. 4 is a schematic diagram of an implementation flow of an encryption transmission method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an encryption transmission architecture according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an encrypted transmission system according to an embodiment of the present application;
fig. 7A is a schematic diagram of a composition structure of an encryption transmission device according to an embodiment of the present application;
fig. 7B is a schematic diagram of a second component structure of the encryption transmission device according to the embodiment of the present application;
fig. 8 is a schematic diagram of a hardware entity of the device in the embodiment of the present application.
Detailed Description
The technical solutions of the present application are further described in detail below with reference to the drawings and examples. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, suffixes such as "module", "component", or "unit" for representing elements are used only for facilitating the description of the present application, and are not of specific significance per se. Thus, "module," "component," or "unit" may be used in combination.
It should be noted that the term "first\second\third" in relation to the embodiments of the present application is merely to distinguish similar objects and does not represent a specific ordering for the objects, it being understood that the "first\second\third" may be interchanged in a specific order or sequence, where allowed, to enable the embodiments of the present application described herein to be practiced in an order other than that illustrated or described herein.
At present, the method for establishing the encryption connection is that the two ends participating in the communication firstly establish the non-encryption connection, then negotiate the exchange certificate, and then establish the encryption connection; or the two ends are connected with the same server, and the server distributes certificates for the two ends of the communication. Both methods require a certain time to exchange or acquire certificates before establishing the encrypted connection, which results in a slower connection establishment speed and a certain delay.
Based on this, the embodiment of the application provides an encryption transmission method, and the function implemented by the method may be implemented by invoking program codes by a processor in the first device, and the program codes may be stored in a storage medium of the first device. Fig. 1 is a schematic diagram of an implementation flow of an encryption transmission method according to an embodiment of the present application, as shown in fig. 1, where the method includes:
Step S101, interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
here, the first device and the second device may be various types of devices having information processing capability, such as a navigator, a smart phone, a tablet computer, a wearable device, a laptop portable computer, a sweeping robot, a smart kitchen, a smart home, an automobile, a server, or a server cluster, etc.
In the embodiment of the application, the first device and the second device perform interaction of non-encrypted connection first to determine parameter information, where the parameter information is used to determine a certificate for encrypted transmission. The interaction of the unencrypted connection includes, but is not limited to (HTTP, hyper Text Transfer Protocol, hypertext transfer protocol) based interaction, TCP (Transmission Control Protocol ) based interaction, and the like. The parameter information includes, but is not limited to, device information of the first device and device information of the second device, wherein the device information includes, but is not limited to: MAC (Media Access Control Address, medium access control address) address of the device, IMEI (International Mobile Equipment Identity ) number of the device, IP (Internet Protocol, internet protocol) of the device, etc.
Step S102, determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through the first target certificate to obtain encrypted data;
here, the content of the first target certificate includes, but is not limited to: version number, serial number, start time, end time, issuer name, algorithm, parameters, public key, private key, etc.
In this embodiment of the present application, a certain number of certificates (i.e., a preset certificate set) may be preset in both the first device and the second device, and the same certificate selection algorithm may be built in both the first device and the second device. Furthermore, the first device may perform selection of the certificate based on the parameter information and the certificate selection algorithm, and determine the first target certificate from the preset certificate set. Thus, the preset rule may be a built-in certificate selection algorithm. After the first target certificate is selected, the first device encrypts the data to be transmitted by using the first target certificate to obtain encrypted data. Here, the data to be transmitted may be text data, audio/video data, or the like, which is not limited in the embodiment of the present application. Of course, the second device may also perform certificate selection based on the parameter information and the certificate selection algorithm, determine a second target certificate from the preset certificate set, and further decrypt the encrypted data using the second target certificate. Because the devices at both ends (i.e., the first device and the second device) have the same certificate set and also use the same certificate selection algorithm and parameter information, the devices at both ends can select the matched certificate pair, and thus can quickly establish the encrypted connection.
Step S103, sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
In this embodiment of the present invention, after encrypting data to be transmitted, the first device needs to send the encrypted data to the second device, so that the second device can decrypt the encrypted data through the second target certificate.
Here, by the above-described encryption transmission method in step S101 to step S103, the step of the certificate negotiation exchange can be omitted, thereby quickly establishing the encrypted connection.
Based on the foregoing embodiments, embodiments of the present application further provide an encrypted transmission method, where the method is applied to a first device, and the method includes:
step S111, establishing non-encryption connection with the second equipment;
for example, the unencrypted connection includes: WIFI (a wireless communication technology) connection, bluetooth connection, cellular mobile network connection, etc., and when the non-encrypted connection is used, data transmission is directly performed, and the transmitted data is not encrypted.
Step S112, interacting with the second device based on the unencrypted connection to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment, equipment information of the second equipment and time information;
In this embodiment of the present application, the parameter information includes, in addition to the device information of the first device and the device information of the second device, time information, for example, time point information (such as a timestamp) of the interaction. If the first device and the second device need to perform encryption transmission for multiple times, because the time points of each encryption transmission are different, certificates selected by the change of parameter information (the change of the time points) are changed, and the confidentiality of a certificate selection algorithm is hard to crack due to the change rule, so that the security of encryption transmission is ensured while the step of certificate exchange is omitted, the time consumption for establishing encryption connection is reduced.
Step S113, determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through the first target certificate to obtain encrypted data;
here, the preset rule may be a certificate selection algorithm, where the certificate selection algorithm may be formulated by a manufacturer of the device, and before the device leaves the factory, a program corresponding to the certificate selection algorithm is placed in a storage module of the device, so that the processing module of the device performs call execution.
Step S114, transmitting the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
In some embodiments, the first target certificate and the second target certificate are selected from a certificate library built in the device, that is, the certificates are built in the device before leaving the factory, and the trust relationship can be considered to be established, instead of receiving the certificates which are sent by other devices and need to verify the signature information. Therefore, the encryption transmission method in the embodiment of the application can omit the processes of mutually issuing public keys, checking trust degree through a signature and a trust chain and the like (because information such as trust relationship and the like is in a built-in certificate pool, and only the information is selected through an algorithm later), thereby quickly establishing encryption connection.
Here, by the above-described encryption transmission method in step S111 to step S114, the security of the encryption transmission can be ensured while omitting the step of exchanging certificates, reducing the time taken to establish the encryption connection.
Based on the foregoing embodiments, the embodiments of the present application further provide an encryption transmission method, where the method is applied to a first device, fig. 2 is a second schematic flowchart of implementation of the encryption transmission method of the embodiments of the present application, and as shown in fig. 2, the method includes:
step S201, interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
Step S202, determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through a first key of the first target certificate to obtain encrypted data;
step S203, transmitting the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second key of a second target certificate determined based on the parameter information and a preset rule;
wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
In this embodiment of the present application, the first target certificate and the second target certificate include the same first key and second key, where the first target certificate and the second target certificate may be the same certificate (which may also be understood as that the first target certificate and the second target certificate are a pair of certificates), and the first target certificate and the second target certificate may also be two different certificates. For example, the first key and the second key may be a pair of keys, namely a public key and a private key (asymmetric encryption), wherein the private key may be different if it is two different certificates, and the public key is the same. Or may be a key in the same certificate, i.e. the first key and the second key are identical (symmetric encryption).
Alternatively, the first key of the first target certificate and the second key of the second target certificate can form a key pair, or the second key of the first target certificate and the first key of the second target certificate can form a key pair, and then asymmetric encryption is performed. For example, the device a determines the certificate 1 through the parameter information and the preset rule, and the device B determines the certificate 2 through the parameter information and the preset rule, where the certificate 1 and the certificate 2 are a certificate pair, and the certificate 1 and the certificate 2 are different certificates. Certificate 1 includes public key 1 and private key 1, and certificate 2 includes public key 2 and private key 2. Furthermore, if the device a needs to transmit data to the device B, the device a may encrypt the data to be encrypted with the public key 1, send the encrypted data to the device B, and decrypt the data with the private key 2 after the device B receives the data. Similarly, if the device B needs to transmit data to the device a, the device B may encrypt the data to be encrypted with the public key 2, and transmit the encrypted data to the device a, and the device a decrypts the data with the private key 1 after receiving the data. That is, public key 1 and private key 2 are a key pair, and public key 2 and private key 1 are a key pair.
It should be noted that, in the embodiment of the present application, the number of keys and the key types in the first target certificate and the second target certificate are not limited.
Here, by the above-described encryption transmission method in step S201 to step S203, the step of the certificate negotiation exchange can be omitted, and encryption or decryption can be directly performed by using the key in the selected certificate, thereby quickly establishing the encrypted connection.
Based on the foregoing embodiments, the embodiments of the present application further provide an encryption transmission method, where the method is applied to a first device, fig. 3 is a schematic diagram of a third implementation flow of the encryption transmission method of the embodiments of the present application, and as shown in fig. 3, the method includes:
step S301, interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
step S302, determining the first target certificate from a first certificate set based on the parameter information and a preset rule; the second device can determine a second target certificate from a second certificate set based on the parameter information and the preset rule;
here, a first certificate set may be prefabricated, where the first certificate set includes a plurality of certificates or certificate pairs, and the first certificate set is built into the first device before the first device leaves the factory. Further, the first device may determine a first target certificate from the first certificate set based on the parameter information and a preset rule, and encrypt the sensitive data with the first target certificate. Likewise, a second set of credentials may be pre-prepared, the second set of credentials including a plurality of credentials or pairs of credentials, and the second set of credentials may be built into the second device prior to shipment of the second device. Further, the second device may determine a second target certificate from the second certificate set based on the same parameter information and the same preset rule, and decrypt the encrypted data sent by the first device using the second target certificate.
Step S303, encrypting the data to be transmitted through the first target certificate to obtain encrypted data;
step S304, sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
Here, by the above-described encryption transmission method in step S301 to step S304, the step of the certificate negotiation exchange can be omitted, and encryption or decryption can be performed directly by using a certificate selected from the built-in certificate set, thereby quickly establishing an encrypted connection.
In some embodiments, the first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
Here, the first device and the second device may be electronic devices manufactured by the same manufacturer or the same industry alliance manufacturer, and further, the first certificate set may be built in the first device and the second certificate set may be built in the second device before the devices leave the factory, and the first certificate set and the second certificate set are trusted certificates or authorized bodies from the same authorized body or the same industry alliance. In this way, the first device and the second device can select a matching certificate pair from the first certificate set or the second certificate set based on the same parameter information and the same preset rule.
In some embodiments, the method further comprises at least one of:
step S31, updating the preset rule every first preset time period;
step S32, updating the first certificate set and the second certificate set every second preset time period.
Here, the first preset time period and the second preset time period may be the same, and the first preset time period and the second preset time period may also be different, which is not limited in this embodiment of the present application. In the embodiment of the application, the security is ensured to be capable of periodically upgrading the preset rule (such as a certificate selection algorithm) and/or the certificate set (the first certificate set and the second certificate set).
Based on the foregoing embodiments, the embodiments of the present application further provide an encrypted transmission method, where the functions implemented by the method may be implemented by invoking program codes by a processor in the second device, and the program codes may be stored in a storage medium of the second device. Fig. 4 is a schematic diagram of an implementation flow chart of an encryption transmission method according to an embodiment of the present application, as shown in fig. 4, where the method includes:
step S401, interacting with a first device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
In this embodiment, the second device performs interaction with the first device in the non-encrypted connection first, so as to determine parameter information, where the parameter information is used to determine a certificate for performing encrypted transmission. The interaction of the unencrypted connection includes, but is not limited to (HTTP, hyper Text Transfer Protocol, hypertext transfer protocol) based interaction, TCP (Transmission Control Protocol ) based interaction, and the like. The parameter information includes, but is not limited to, device information of the first device and device information of the second device, wherein the device information includes, but is not limited to: MAC (Media Access Control Address, medium access control address) address of the device, IMEI (International Mobile Equipment Identity ) number of the device, IP (Internet Protocol, internet protocol) of the device, etc.
Step S402, determining a second target certificate based on the parameter information and a preset rule;
here, the content of the second target certificate includes, but is not limited to: version number, serial number, start time, end time, issuer name, algorithm, parameters, public key, private key, etc.
In this embodiment of the present application, a certain number of certificates (i.e., a preset certificate set) may be preset in both the first device and the second device, and the same certificate selection algorithm may be built in both the first device and the second device. Furthermore, the second device may perform selection of the certificate based on the parameter information and the certificate selection algorithm, and determine the second target certificate from the preset certificate set. Thus, the preset rule may be a built-in certificate selection algorithm. After the second target certificate is selected, the second device uses the second target certificate to decrypt the encrypted data sent by the first device. Because the devices at both ends (i.e., the first device and the second device) have the same certificate set and also use the same certificate selection algorithm and parameter information, the devices at both ends can select the matched certificate pair, and thus can quickly establish the encrypted connection.
Step S403, receiving encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate; the encrypted data is obtained by encrypting the data to be transmitted by the first device through a first target certificate determined based on the parameter information and a preset rule.
In this embodiment of the present application, the first device and the second device are configured to determine that parameter information of a certificate (performing certificate selection) and a preset rule are the same, so that a matched certificate pair may be selected.
Here, by the above-described encryption transmission method in step S401 to step S403, the step of the certificate negotiation exchange can be omitted, thereby quickly establishing the encrypted connection.
Based on the foregoing embodiments, embodiments of the present application further provide an encrypted transmission method, where the method is applied to a second device, and the method includes:
step S411, interacting with the first device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
step S412, determining a second target certificate from the second certificate set based on the parameter information and a preset rule; the first device can determine a first target certificate from a first certificate set based on the parameter information and the preset rule; the first certificate set and the second certificate set are mutually trusted certificates or are from the same authorized entity or authorized entities of the same industry alliance;
Here, a second certificate set may be prefabricated, which includes a plurality of certificates or certificate pairs, and is built in the second device before the second device leaves the factory. Further, the second device may determine a second target certificate from the second certificate set based on the same parameter information and the same preset rule, and decrypt the encrypted data sent by the first device using the second target certificate. Likewise, a first set of credentials may be pre-prepared, the first set of credentials including a plurality of credentials or pairs of credentials, and the first set of credentials being built into the first device prior to shipment of the first device. Furthermore, the first device may determine a first target certificate from the first certificate set based on the parameter information and a preset rule, encrypt the sensitive data with the first target certificate, and send the encrypted data to the second device. The first device and the second device may be electronic devices manufactured by the same manufacturer or a manufacturer of the same industry alliance, and further, the first certificate set may be built in the first device, the second certificate set may be built in the second device, and the first certificate set and the second certificate set are trusted certificates or are from the same authorized entity or an authorized entity of the same industry alliance before the devices leave the factory. In this way, the first device and the second device can select a matching certificate pair from the first certificate set or the second certificate set based on the same parameter information and the same preset rule.
Step S413, receiving the encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate; the encrypted data is obtained by encrypting the data to be transmitted by the first device through a first target certificate determined based on the parameter information and a preset rule.
Based on the foregoing embodiments, embodiments of the present application further provide an encrypted transmission method, where the method includes:
step S421, the first device interacts with the second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
step S422, the first device determines a first target certificate based on the parameter information and a preset rule, and encrypts data to be transmitted through the first target certificate to obtain encrypted data;
step S423, the first device sends the encrypted data to the second device;
step S424, the second device determines a second target certificate based on the parameter information and the preset rule;
here, when the first device interacts with the second device, the first device and the second device exchange device information with each other, and determine a unified time information. The two-end devices (the first device and the second device) can take the device information of the first device, the device information of the second device and the time information as basic information, and then input the basic information into a certificate selection algorithm to select respective certificates, so as to encrypt and decrypt.
Step S425, the second device receives the encrypted data sent by the first device, and decrypts the encrypted data through the second target certificate.
Based on the foregoing embodiments, the embodiments of the present application further provide an encrypted transmission method, which is applicable to the same manufacturer or the same manufacturer of the industry alliance. A certain number of certificates can be prefabricated before the product leaves the factory, a certificate selection algorithm is built in, the certificates are selected by combining parameters such as time and unique identification of equipment, the certificates selected by the change of the parameters are changed when the connection is established each time, and the change rule is hard to crack due to confidentiality of the algorithm, so that the step of certificate negotiation exchange can be omitted, and the time consumption for establishing encrypted connection is reduced while the safety is ensured.
Fig. 5 is a schematic diagram of an encrypted transmission architecture according to an embodiment of the present application, as shown in fig. 5, where the encrypted transmission architecture includes a device a and a device B, where the device a and the device B each include a certificate library 51, a selection module 52, and a network transmission module 53. Wherein, the certificate library 51 has a built-in certificate set, and the selection module has a certificate selection algorithm. When establishing the encryption connection, the devices at the two ends have the same certificate library and the same certificate selection algorithm, and the same algorithm parameters, such as standard time, MAC addresses of the two parties and the like, are used, so that the same certificate pair can be selected, and the encryption connection is quickly established.
In the embodiment of the application, the certificates in the certificate library are generated by a manufacturer before delivery, and the certificates in the certificate library are paired because: encryption between two devices must be certificate-pair, one public and one private. It is necessary that two devices each hold one of the certificate pairs if they are to communicate. The selection algorithm selects the corresponding certificate pair using time, device identification, IP address, etc. If the input parameters are the same, the certificates selected according to the algorithm are the same pair. Initially established is a non-encrypted connection for exchanging basic information such as IMEI number of the device, MAC address of the device, etc. The basic information is input to a selection module, a certificate is selected according to a selection algorithm, then the selected certificate is used for encrypting the sensitive information to be transmitted, and the encrypted sensitive information is transmitted. The network transmission modules are common transmission modules, such as HTPP and TCP, and each have respective certificates when performing encrypted communication through certificate exchange, for example, device a has certificate 1, device B has certificate 2, knows the public keys of the other parties, and uses the private keys of the own certificates to encrypt.
The encryption transmission method in the embodiment of the application has the advantages that:
(1) The encrypted connection is established quickly, the step of certificate negotiation exchange is omitted, and the connection is established more quickly.
(2) The security is ensured, and the certificate set and the certificate selection algorithm can be further changed through periodical upgrading.
Based on the foregoing embodiments, the present embodiment provides an encrypted transmission system, and fig. 6 is a schematic structural diagram of the encrypted transmission system according to the present embodiment, as shown in fig. 6, where the encrypted transmission system 600 includes a first device 601 and a second device 602, where:
the first device 601: for interacting with the second device 602 to determine parameter information; wherein the parameter information includes at least device information of the first device 601 and device information of the second device 602; determining a first target certificate based on the parameter information and a preset rule; encrypting the data to be transmitted through the first target certificate to obtain encrypted data; transmitting the encrypted data to the second device 602;
the second device 602: for interacting with the first device 601 to determine the parameter information; determining a second target certificate based on the parameter information and a preset rule; and receiving the encrypted data sent by the first device 601, and decrypting the encrypted data through the second target certificate.
In some embodiments, the first device 601 is configured to encrypt data to be transmitted with a first key of the first target certificate, to obtain encrypted data; the second device 602 is configured to decrypt the encrypted data with a second key of the second target certificate;
wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
It should be noted that the description of the system embodiment above is similar to the description of the method embodiment above, with similar advantageous effects as the method embodiment. For technical details not disclosed in the system embodiments of the present application, please refer to the description of the method embodiments of the present application for understanding.
Based on the foregoing embodiments, the embodiments of the present application provide an encryption transmission apparatus, where the apparatus includes units included, modules included in the units, and components included in the modules may be implemented by a processor in a first device; of course, the method can also be realized by a specific logic circuit; in an implementation, the processor may be a CPU (Central Processing Unit ), MPU (Microprocessor Unit, microprocessor), DSP (Digital Signal Processing, digital signal processor), or FPGA (Field Programmable Gate Array ), or the like.
Fig. 7A is a schematic diagram of the composition structure of an encryption transmission apparatus according to an embodiment of the present application, as shown in fig. 7A, the apparatus 70 includes:
a first interaction unit 71 for interacting with the second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
an encryption unit 72, configured to determine a first target certificate based on the parameter information and a preset rule, and encrypt data to be transmitted through the first target certificate to obtain encrypted data;
a transmitting unit 73, configured to transmit the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
In some embodiments, the first interaction unit 71 includes:
a connection establishment module for establishing an unencrypted connection with the second device;
a first interaction module for interacting with the second device based on the unencrypted connection to determine parameter information;
wherein the parameter information further includes time information.
In some embodiments, the encryption unit 72 includes:
the encryption subunit is used for encrypting the data to be transmitted through the first key of the first target certificate to obtain encrypted data;
correspondingly, the transmitting unit 73 includes:
a transmitting subunit, configured to transmit the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second key of the second target certificate;
wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
In some embodiments, the encryption unit 72 includes:
the first determining module is used for determining the first target certificate from a first certificate set based on the parameter information and a preset rule;
the second device can determine a second target certificate from a second certificate set based on the parameter information and the preset rule.
In some embodiments, the first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
In some embodiments, the apparatus further comprises at least one of:
the first updating unit is used for updating the preset rule every first preset time period;
and the second updating unit is used for updating the first certificate set and the second certificate set every second preset time period.
Based on the foregoing embodiments, the embodiments of the present application provide an encryption transmission apparatus, where the apparatus includes units included, and modules included in the units, and components included in the modules, may be implemented by a processor in a second device; of course, the method can also be realized by a specific logic circuit; in practice, the processor may be CPU, MPU, DSP, FPGA, or the like.
Fig. 7B is a schematic diagram of a second component structure of the encryption transmission apparatus according to the embodiment of the present application, as shown in fig. 7B, the apparatus 700 includes:
a second interaction unit 701, configured to interact with the first device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
a determining unit 702, configured to determine a second target certificate based on the parameter information and a preset rule;
A decryption unit 703, configured to receive encrypted data sent by the first device, and decrypt the encrypted data through the second target certificate; the encrypted data is obtained by encrypting the data to be transmitted by the first device through a first target certificate determined based on the parameter information and a preset rule.
In some embodiments, the determining unit 702 includes:
the determining subunit is used for determining a second target certificate from a second certificate set based on the parameter information and a preset rule;
the first device can determine a first target certificate from a first certificate set based on the parameter information and the preset rule;
the first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
The description of the apparatus embodiments above is similar to that of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the device embodiments of the present application, please refer to the description of the method embodiments of the present application for understanding.
It should be noted that, in the embodiment of the present application, if the above-mentioned encrypted transmission method is implemented in the form of a software functional module, and sold or used as a separate product, the encrypted transmission method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in essence or in a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing an electronic device (which may be a personal computer, a server, etc.) to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a ROM (Read Only Memory), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Correspondingly, the embodiment of the application provides an apparatus, comprising a memory and a processor, wherein the memory stores a computer program which can be run on the processor, and the processor executes the program to realize the steps in the encryption transmission method provided in the embodiment.
Correspondingly, the embodiment of the application provides a readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the above-mentioned encrypted transmission method.
It should be noted here that: the description of the storage medium and apparatus embodiments above is similar to that of the method embodiments described above, with similar benefits as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and the apparatus of the present application, please refer to the description of the method embodiments of the present application for understanding.
It should be noted that fig. 8 is a schematic diagram of a hardware entity of the apparatus according to the embodiment of the present application, as shown in fig. 8, the hardware entity of the apparatus 800 includes: a processor 801, a communication interface 802, and a memory 803, wherein
The processor 801 generally controls the overall operation of the device 800.
Communication interface 802 may enable device 800 to communicate with other devices or servers or platforms over a network.
The memory 803 is configured to store instructions and applications executable by the processor 801, and may also cache data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or processed by each module in the processor 801 and the device 800, which may be implemented by FLASH (FLASH memory) or RAM (Random Access Memory ).
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units. Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The methods disclosed in the several method embodiments provided in the present application may be arbitrarily combined without collision to obtain a new method embodiment.
The features disclosed in the several product embodiments provided in the present application may be combined arbitrarily without conflict to obtain new product embodiments.
The features disclosed in the several method or apparatus embodiments provided in the present application may be arbitrarily combined without conflict to obtain new method embodiments or apparatus embodiments.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An encrypted transmission method applied to a first device, the method comprising:
interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
Determining a first target certificate based on the parameter information and a preset rule, and encrypting data to be transmitted through the first target certificate to obtain encrypted data;
and sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule.
2. The method of claim 1, the interacting with a second device to determine parameter information, comprising:
establishing an unencrypted connection with the second device;
interacting with the second device based on the unencrypted connection to determine parameter information;
wherein the parameter information further includes time information.
3. The method according to claim 1, wherein encrypting the data to be transmitted by the first target certificate, to obtain encrypted data, includes:
encrypting the data to be transmitted through a first key of the first target certificate to obtain encrypted data;
correspondingly, the sending the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second target certificate determined based on the parameter information and a preset rule, including:
Transmitting the encrypted data to the second device, so that the second device can decrypt the encrypted data through a second key of the second target certificate;
wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
4. A method according to any one of claims 1 to 3, said determining a first target certificate based on said parameter information and a preset rule, comprising:
determining the first target certificate from a first certificate set based on the parameter information and a preset rule;
the second device can determine a second target certificate from a second certificate set based on the parameter information and the preset rule.
5. The method of claim 4, the first set of credentials and the second set of credentials being trusted credentials with each other or from the same authority or an authority of the same industry alliance.
6. The method of claim 4, further comprising at least one of:
Updating the preset rule every first preset time period;
and updating the first certificate set and the second certificate set every second preset time period.
7. An encrypted transmission method applied to a second device, the method comprising:
interacting with the first device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
determining a second target certificate based on the parameter information and a preset rule;
receiving encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate; the encrypted data is obtained by encrypting the data to be transmitted by the first device through a first target certificate determined based on the parameter information and a preset rule.
8. The method of claim 7, the determining a second target certificate based on the parameter information and a preset rule, comprising:
determining a second target certificate from a second certificate set based on the parameter information and a preset rule;
the first device can determine a first target certificate from a first certificate set based on the parameter information and the preset rule;
The first set of credentials and the second set of credentials are trusted credentials to each other or are from the same authority or an authority of the same industry alliance.
9. An encrypted transmission system comprising:
a first device: for interacting with a second device to determine parameter information; wherein the parameter information at least comprises equipment information of the first equipment and equipment information of the second equipment;
determining a first target certificate based on the parameter information and a preset rule;
encrypting the data to be transmitted through the first target certificate to obtain encrypted data;
transmitting the encrypted data to a second device;
the second device: for interacting with a first device to determine the parameter information;
determining a second target certificate based on the parameter information and a preset rule;
and receiving the encrypted data sent by the first device, and decrypting the encrypted data through the second target certificate.
10. The system according to claim 9,
the first device is configured to encrypt data to be transmitted through a first key of the first target certificate, so as to obtain encrypted data;
The second device is configured to decrypt the encrypted data with a second key of the second target certificate;
wherein the first target certificate and the second target certificate comprise the same first key and second key; or, the first key of the first target certificate and the second key of the second target certificate can form a key pair.
CN202310572471.9A 2023-05-19 2023-05-19 Encryption transmission method and system Pending CN116566695A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310572471.9A CN116566695A (en) 2023-05-19 2023-05-19 Encryption transmission method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310572471.9A CN116566695A (en) 2023-05-19 2023-05-19 Encryption transmission method and system

Publications (1)

Publication Number Publication Date
CN116566695A true CN116566695A (en) 2023-08-08

Family

ID=87492863

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310572471.9A Pending CN116566695A (en) 2023-05-19 2023-05-19 Encryption transmission method and system

Country Status (1)

Country Link
CN (1) CN116566695A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118264486A (en) * 2024-05-30 2024-06-28 鹏城实验室 Certificate dynamic loading method, device, equipment and readable storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118264486A (en) * 2024-05-30 2024-06-28 鹏城实验室 Certificate dynamic loading method, device, equipment and readable storage medium

Similar Documents

Publication Publication Date Title
EP3075096B1 (en) Method and system for encrypted communications
JP2020080530A (en) Data processing method, device, terminal, and access point computer
EP3535683B1 (en) Data encryption control using multiple controlling authorities
JP7292263B2 (en) Method and apparatus for managing digital certificates
WO2014159180A1 (en) Secure cloud storage and encryption management system
JP2019530265A (en) Method and apparatus for providing and acquiring graphic code information and terminal
CN109391468A (en) A kind of authentication method and system
CN111464295B (en) Bank card making method and device
JP2004343717A (en) Method for assigning encryption key between nodes in mobile ad hoc network and network device using the same
JP6930053B2 (en) Data encryption method and system using device authentication key
US10389523B2 (en) Apparatus and method for encrypting and decrypting
CN111327605B (en) Method, terminal, server and system for transmitting private information
US20190325146A1 (en) Data encryption and decryption method and system and network connection apparatus and data encryption and decryption method thereof
JP2022538465A (en) Anonymous device authentication
KR20120051344A (en) Portable integrated security memory device and service processing apparatus and method using the same
WO2023174038A9 (en) Data transmission method and related device
KR101952329B1 (en) Method for generating address information used in transaction of cryptocurrency based on blockchain, electronic apparatus and computer readable recording medium
EP3468133B1 (en) Method and apparatus for providing p2p data security service in iot environment
CN116566695A (en) Encryption transmission method and system
CN110166460B (en) Service account registration method and device, storage medium and electronic device
EP4016921A1 (en) Certificate management method and apparatus
KR20210061801A (en) Method and system for mqtt-sn security management for security of mqtt-sn protocol
CN109600631B (en) Video file encryption and publishing method and device
JP7115556B2 (en) Certification and authorization system and certification and authorization method
CN113452513B (en) Key distribution method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination