CN116938529A - Safe data transmission method and system - Google Patents
Safe data transmission method and system Download PDFInfo
- Publication number
- CN116938529A CN116938529A CN202310713084.2A CN202310713084A CN116938529A CN 116938529 A CN116938529 A CN 116938529A CN 202310713084 A CN202310713084 A CN 202310713084A CN 116938529 A CN116938529 A CN 116938529A
- Authority
- CN
- China
- Prior art keywords
- information
- encryption
- coprocessor
- data transmission
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000005540 biological transmission Effects 0.000 title claims abstract description 37
- 238000003860 storage Methods 0.000 claims abstract description 46
- 230000006870 function Effects 0.000 claims description 21
- 238000009826 distribution Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000006854 communication Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000002372 labelling Methods 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000670 limiting effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 241000579895 Chlorostilbon Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000010976 emerald Substances 0.000 description 1
- 229910052876 emerald Inorganic materials 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000010977 jade Substances 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- ZLIBICFPKPWGIZ-UHFFFAOYSA-N pyrimethanil Chemical compound CC1=CC(C)=NC(NC=2C=CC=CC=2)=N1 ZLIBICFPKPWGIZ-UHFFFAOYSA-N 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
Abstract
The application relates to the technical field of data security, in particular to a safe data transmission method and system. The system comprises a server, wherein a key distribution center is configured in the server, the key distribution center is connected with an information receiver and an information sender, and the information receiver and the information sender are provided with a main processor, a coprocessor, a storage unit and an information sending and receiving unit. In the technical scheme provided by the embodiment of the application, the infrastructure is an risc-v processor, and an AES algorithm is configured on the basis of the risc-v architecture, so that the security assurance for the data transmission process is realized by combining hardware and an encryption algorithm.
Description
Technical Field
The application relates to the technical field of data security, in particular to a safe data transmission method and system.
Background
The current society is an informationized society, and the data is the basis for bearing information, so that the security of the data in the transmission process is ensured, and the important practical significance is achieved. When the data is transmitted through the network, the data needs to be completed by a certain medium basis, but in the process of transmitting the data through the network, the data is difficult to avoid to be attacked more or less in various aspects, and the security transmission of the data is threatened. The threats on the network include various threats such as data interception, interruption, falsification and forgery besides computer viruses.
Disclosure of Invention
In order to solve the problems, the application provides a safe data transmission method and a safe data transmission system, which can realize safe encryption of data at a hardware architecture end and a data processing end, and improve the safety in the data transmission process.
In order to achieve the above purpose, the technical scheme adopted by the embodiment of the application is as follows:
in a first aspect, a secure data transmission method is provided, and the secure data transmission method is applied to a server, wherein the server is connected with an information sender and an information receiver, the information sender and the information receiver are respectively provided with a main processor, a coprocessor, a storage unit and an information sending and receiving unit, the coprocessor comprises a function coprocessor and an encryption coprocessor, the main processor is connected with the encryption coprocessor and the function coprocessor, the function coprocessor is connected with the encryption coprocessor, the encryption coprocessor is connected with the storage unit, and the storage unit is connected with the information sending unit; the method comprises the following steps: the main processor sends an encryption instruction or a decryption instruction, and transmits the encryption instruction or the decryption instruction to the encryption coprocessor through an on-chip bus, and the encryption coprocessor performs encryption operation or decryption operation on data processed by the function coprocessor according to the encryption instruction to obtain encrypted data and decrypted data; the storage unit stores the encrypted data through verification of the encrypted meta information, and transmits the stored encrypted data to a target server through the information sending unit.
Further, the main processor is a RISC-V processor and is used for sending RISC-V functional instructions and encryption instructions.
Further, the main processor receives the encryption instruction, generates a random number based on the information sender, then initiates a key distribution request to the key distribution center, and attaches the IDs of the information sender and the information receiver and the random number in the request message.
Further, the request message is encrypted based on the self private key by the encryption coprocessor and then sent to the key distribution center.
Further, after receiving the allocation request, the allocation center obtains corresponding private keys according to the IDs of the information sender and the information receiver, encrypts the received random number based on the private keys corresponding to the information sender and the information receiver, and obtains a sending ciphertext and a receiving ciphertext corresponding to the information sender and the information receiver.
Further, the sender ciphertext is sent to the information sender, and the receiver ciphertext is sent to the information receiver.
Further, the information receiver and the information receiver decrypt the received receiver ciphertext and the sender ciphertext based on the corresponding private key to obtain plaintext and use the plaintext as a key for data transmission.
Further, the decryption method is an AES algorithm.
In a second aspect, a secure data transmission system is provided, including a server, in which a key distribution center is configured, the key distribution center is connected with an information receiver and an information sender, and the information receiver and the information sender are provided with a main processor, a coprocessor, a storage unit, and an information sending and receiving unit.
Further, the storage unit comprises an internal storage area, an external storage and a unique key, wherein a permanent counter is arranged in the internal storage area, the permanent counter performs an increment operation according to the updating operation of the object meta-information, and the unique key is obtained by a unique security identifier.
In a third aspect, a computer readable storage medium is provided, the computer readable storage medium storing a computer program which, when executed by a processor, implements the method of any one of the above.
In the technical scheme provided by the embodiment of the application, the infrastructure is an risc-v processor, and an AES algorithm is configured on the basis of the risc-v architecture, so that the security assurance for the data transmission process is realized by combining hardware and an encryption algorithm.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
The methods, systems, and/or programs in the accompanying drawings will be described further in terms of exemplary embodiments. These exemplary embodiments will be described in detail with reference to the drawings. These exemplary embodiments are non-limiting exemplary embodiments, wherein the exemplary numbers represent like mechanisms throughout the various views of the drawings.
Fig. 1 is a schematic flow chart of a secure data transmission method according to an embodiment of the present application.
Fig. 2 is a block diagram of a secure data transmission system according to an embodiment of the present application.
Fig. 3 is a schematic diagram of a secure data transmission device according to an embodiment of the present application.
Detailed Description
In order to better understand the above technical solutions, the following detailed description of the technical solutions of the present application is made by using the accompanying drawings and specific embodiments, and it should be understood that the specific features of the embodiments and the embodiments of the present application are detailed descriptions of the technical solutions of the present application, and not limiting the technical solutions of the present application, and the technical features of the embodiments and the embodiments of the present application may be combined with each other without conflict.
In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant teachings. It will be apparent, however, to one skilled in the art that the application can be practiced without these details. In other instances, well known methods, procedures, systems, components, and/or circuits have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the present application.
The present application uses a flowchart to illustrate the execution of a system according to an embodiment of the present application. It should be clearly understood that the execution of the flowcharts may be performed out of order. Rather, these implementations may be performed in reverse order or concurrently. Additionally, at least one other execution may be added to the flowchart. One or more of the executions may be deleted from the flowchart.
Before describing embodiments of the present application in further detail, the terms and terminology involved in the embodiments of the present application will be described, and the terms and terminology involved in the embodiments of the present application will be used in the following explanation.
(1) In response to a condition or state that is used to represent the condition or state upon which the performed operation depends, the performed operation or operations may be in real-time or with a set delay when the condition or state upon which it depends is satisfied; without being specifically described, there is no limitation in the execution sequence of the plurality of operations performed.
(2) Based on the conditions or states that are used to represent the operations that are being performed, one or more of the operations that are being performed may be in real-time or with a set delay when the conditions or states that are being relied upon are satisfied; without being specifically described, there is no limitation in the execution sequence of the plurality of operations performed.
With the continuous progress and development of modern society, intelligent terminal equipment gradually spreads all corners of people's life, and AIoT (artificial intelligence internet of things) is gradually spread in various fields of society. AIoT provides a more efficient, rapid and comfortable lifestyle for society, and has profound and great influence on social production and life. Meanwhile, social production and life in the information age also put more and more strict requirements on AIoT technology and development thereof, so that AIoT faces some problems to be solved urgently, and data security is one of the problems. Under the push of internet of things and digitized wave, enterprises and individuals increasingly transmit important personal information, business information and the like on the internet. This approach brings convenience to the whole society and also puts higher demands on the development of information security and data encryption technology.
In the field of data and information security, there is a symmetric encryption algorithm that is most commonly used, namely the advanced encryption standard (Advanced Encryption Standard, AES), also known as the Rijndael encryption/decryption algorithm. The AES algorithm is also adopted by the U.S. federal government as a block encryption standard, can encrypt and decrypt data at a faster rate, and is widely applied to the secure transmission of a large amount of data in various scenes. In the application of the Internet of things and the embedded type, the AES algorithm is also greatly existing in the data storage and communication process, and the encryption and decryption speed, the power consumption and the security of the AES algorithm greatly influence the data processing and transmission performance of the whole Internet of things equipment, so that the AES algorithm is accelerated, and the AES algorithm has practical significance for an AIoT system. In the internet of things and embedded type scenes, the power consumption of the device SoC (System on Chip) is low, the cost is low, the hardware scale is small, the usable resources are also greatly limited, the hardware resources which can be specially used for information security and data encryption are lacking, under the condition, the traditional information encryption and decryption scheme is difficult to be applied, and the internet of things and embedded type devices need to have a security chip which is more excellent in power consumption, area, research and development period, flexibility and the like so as to meet the requirements of lightweight application environments. Under the constraint of the above factors, the optional data encryption scheme mainly includes a hardware system that uses a software program to implement a cryptographic algorithm and adds a specific hardware unit to expand a low-power consumption processor in a small amount, and the following three modes can be specifically distinguished:
(1) A processor uses a software program mode to realize a cryptographic algorithm;
(2) Designing a relatively simple ASIC (application specific integrated circuit) to realize a specific cryptographic algorithm;
(3) The coprocessor and the expansion instruction special for the information security module are designed for the general processor.
The realization of the cryptographic operation in the mode of a software algorithm program is the most common scheme at present, the realization of the method only needs to be carried out by loading the software program for writing the cryptographic operation into a general processor, and the method has the most remarkable advantages of extremely low cost, shorter development period and no need of any additional design on hardware; designing a reduced ASIC to implement a specific cryptographic operation means designing a dedicated hardware circuit for a specific encryption and decryption algorithm to integrate into a chip, and the cryptographic operation implemented by this method generally has a higher encryption and decryption performance and a lower area and power consumption, so that it is widely applied to many chips of devices of the internet of things. However, the scheme has the defects that the cryptographic algorithm is customized in the chip, and the supportable encryption standard is limited, so that strict requirements are put on the encryption standard of each device in the internet of things system, namely, the devices for transmitting data in the network all adopt the same encryption standard, the flexibility is poor, and the supportable encryption standard is less.
With respect to the above background information, referring to fig. 2, an embodiment of the present application provides a secure data transmission system, which includes a server, in which a key distribution center is configured, the key distribution center is connected to an information receiver and an information sender, and the information receiver and the information sender are provided with a main processor, a coprocessor, a storage unit, and an information transmitting and receiving unit.
The system comprises a main processor, a function coprocessor, a storage unit and an information sending unit, wherein the main processor comprises a function coprocessor and an encryption coprocessor, the main processor is connected with the encryption coprocessor and the function coprocessor, the function coprocessor is connected with the encryption coprocessor, the encryption coprocessor is connected with the storage unit, and the storage unit is connected with the information sending unit.
The storage unit comprises an internal storage area, an external storage and a unique key, wherein a permanent counter is arranged in the internal storage area, the permanent counter performs an increment operation according to the updating operation of the object meta-information, and the unique key is obtained by a unique security identifier.
In this embodiment, in one embodiment, the main processor includes a base instruction submodule and an extended instruction submodule, where the base instruction submodule is configured to implement a standard instruction set defined by a RISC-V standard; the expanded instruction submodule is used for realizing a user-defined customized instruction set. The self-customized instruction set comprises functional instructions and encryption instructions, and is used for data processing and encryption processing of the processed data.
The processing system adopts the most reduced architecture RISC-V, and can discard a great number of redundant instructions, so that the kernel design is simple, and the power consumption is reduced.
Specifically, the RISC-V architecture is a modular architecture compared with other mature commercial architectures, and in the present application, a processor conforming to the RISC-V ISA standard includes a basic instruction submodule for implementing a standard instruction set defined by the RISC-V standard, where the standard instruction set includes RV32I, RV32E, RV I and RV128I, where RV32I is a 32-bit integer instruction set, RV32E is a subset of RV32I, for a small embedded scenario, RV64I is a 64-bit integer instruction set, compatible RV32I, RV128I is a 128-bit integer instruction set, compatible RV64I and RV32I; the main processor conforming to the RISC-VISA standard also includes an extended instruction sub-module 22 for implementing a user-defined custom instruction set. Not only is the RISC-V architecture short and straight, but the different parts of it can be organized together in a modular fashion in an attempt to meet a variety of different applications through a unified set of architectures that are not available with the x86 and ARM architectures. The open source of RISC-V ISA means that corresponding chip architecture can be created for different application scenes, the application can be accelerated more efficiently by means of corresponding customized instruction tools, and the heterogeneous characteristics of multiple cores also promote the optimization of power consumption.
In this embodiment, an instruction register and an encryption instruction register are correspondingly provided based on an instruction set, where the instruction register is used to connect with a function coprocessor through an on-chip bus and is used to store a function instruction dedicated to the function coprocessor, and the encryption instruction register is connected with a main processor and an encryption coprocessor through an on-chip bus and is used to store an encryption instruction dedicated to the encryption coprocessor.
In the present embodiment, the encrypted meta information and the object meta information are stored in an external memory, which is a concept with respect to an internal storage area under risc-v architecture. In this embodiment, the encrypted metadata and the object metadata, which are the processed encrypted data, and the general data are first stored in the external memory, and then the encrypted metadata and the object metadata are extracted and stored in the internal memory area via a specific storage mechanism.
In this embodiment, a unique key is also provided, wherein the obtaining of the unique key is based on the unique security identification of the corresponding processing device. And a permanent counter is also arranged in the internal storage area and is used for counting the processing procedures.
For the system provided by the embodiment of the application, a safe data transmission method is also provided for the system, and the method specifically comprises the following steps:
and S110, the main processor sends an encryption instruction or a decryption instruction, and transmits the encryption instruction or the decryption instruction to the encryption coprocessor through an on-chip bus, and the encryption coprocessor performs encryption operation or decryption operation on the data processed by the function coprocessor according to the encryption instruction to obtain encrypted data and decrypted data.
In the present embodiment, encryption meta information and object meta information are included for the encrypted data.
The main processor specifically aiming at the embodiment of the application is a RISC-V processor, which is used for sending RISC-V functional instructions and encryption instructions, and the corresponding coprocessor is a RISC-V coprocessor.
Wherein a random number is generated based on the information sender with respect to the main processor accepting the encryption instruction, and then a key distribution request is initiated to the key distribution center and the IDs of the information sender and the information receiver and the random number are attached to the request message. And the request message is encrypted based on the self private key by the encryption coprocessor and then sent to the key distribution center.
Specifically, after receiving the allocation request, the allocation center obtains corresponding private keys according to the IDs of the information sender and the information receiver, encrypts the received random number based on the private keys corresponding to the information sender and the information receiver, and obtains a sending ciphertext and a receiving ciphertext corresponding to the information sender and the information receiver.
And aiming at the sending ciphertext and the receiving ciphertext, sending the ciphertext of the sending party to the information sending party, and sending the ciphertext of the receiving party to the information receiving party.
Decrypting the received receiver ciphertext and the received sender ciphertext by aiming at the information receiver and the information receiver based on the corresponding private key to obtain plaintext and serve as a key for data transmission.
The processing procedure for the whole data further comprises a labeling process for labeling the information to be encrypted, the encryption level of the information to be encrypted is determined through the labeling process, and the determination of different encryption levels and different keys is realized for the determined encryption level.
The encryption tag is provided with a primary encryption tag, a secondary encryption tag and an N-level encryption tag, wherein the encryption level corresponding to the primary encryption tag is highest and is gradually decreased.
And S120, the storage unit stores the encrypted data through verification of the encrypted meta information, and the stored encrypted data is transmitted to a target server through the information sending unit.
Referring to fig. 3, there is also provided a secure data transmission apparatus 300, including:
and the encryption module 310 is used for carrying out encryption operation or decryption operation on the data processed by the function coprocessor according to the encryption instruction to obtain encrypted data and decrypted data. This module is used to perform the process of step S110.
And a data transmission module 320, configured to transmit the stored encrypted data to a target server through the information sending unit. This module is used to perform the process of step S120.
In the technical scheme provided by the embodiment of the application, the infrastructure is an risc-v processor, and an AES algorithm is configured on the basis of the risc-v architecture, so that the security assurance for the data transmission process is realized by combining hardware and an encryption algorithm.
The memory is configured to store a software program for executing the scheme of the present application, and the processor is used to control the execution of the software program, and the specific implementation manner may refer to the above method embodiment, which is not described herein again.
Alternatively, the memory may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, but may also be, without limitation, electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be integrated with the processor or may exist separately and be coupled to the processing unit through an interface circuit of the processor, which is not particularly limited by the embodiment of the present application.
It should be noted that the structure of the processor shown in this embodiment is not limited to the apparatus, and an actual apparatus may include more or less components than those shown in the drawings, or may combine some components, or may be different in arrangement of components.
In addition, the technical effects of the processor may refer to the technical effects of the method described in the foregoing method embodiments, which are not described herein.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example but not limitation, many forms of random access memory (random access memory, RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
In addition, those skilled in the art will appreciate that the various aspects of the application are illustrated and described in the context of a number of patentable categories or conditions, including any novel and useful processes, machines, products, or materials, or any novel and useful improvements thereof. Accordingly, aspects of the application may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.) or by a combination of hardware and software. The above hardware or software may be referred to as a "unit," component, "or" system. Furthermore, aspects of the application may be embodied as a computer product in at least one computer-readable medium, the product comprising computer-readable program code.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The computer readable signal medium may comprise a propagated data signal with computer program code embodied therein, for example, on a baseband or as part of a carrier wave. The propagated signal may take on a variety of forms, including electro-magnetic, optical, etc., or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer readable signal medium may be propagated through any suitable medium including radio, electrical, fiber optic, RF, or the like, or any combination of the foregoing.
Computer program code required for carrying out aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming such as Java, scala, smalltalk, eiffel, JADE, emerald, C ++, c#, vb net, python and the like, or similar conventional programming languages such as the "C" programming language, visual Basic, fortran 2003,Perl,COBOL 2002,PHP,ABAP, dynamic programming languages such as Python, ruby and Groovy or other programming languages. The programming code may execute entirely on the user's computer, or as a stand-alone software package, or partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any form of network, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as software as a service (SaaS).
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. The safe data transmission method is characterized by being applied to a server, wherein the server is connected with an information sender and an information receiver, the information sender and the information receiver are respectively provided with a main processor, a coprocessor, a storage unit and an information sending and receiving unit, the coprocessor comprises a function coprocessor and an encryption coprocessor, the main processor is connected with the encryption coprocessor and the function coprocessor, the function coprocessor is connected with the encryption coprocessor, the encryption coprocessor is connected with the storage unit, and the storage unit is connected with the information sending unit; the method comprises the following steps:
the main processor sends an encryption instruction or a decryption instruction, and transmits the encryption instruction or the decryption instruction to the encryption coprocessor through an on-chip bus, and the encryption coprocessor performs encryption operation or decryption operation on data processed by the function coprocessor according to the encryption instruction to obtain encrypted data and decrypted data;
the storage unit stores the encrypted data through verification of the encrypted meta information, and transmits the stored encrypted data to a target server through the information sending unit.
2. The method of claim 1, wherein the host processor is a RISC-V processor for transmitting RISC-V functional instructions and encryption instructions.
3. The secure data transmission method according to claim 2, wherein the main processor accepts the encryption instruction to generate a random number based on the information sender, and then initiates a key distribution request to the key distribution center and attaches the IDs of the information sender and the information receiver and the random number to the request message.
4. A secure data transmission method according to claim 3, wherein the request message is encrypted based on the self-private key by the encryption coprocessor and then sent to the key distribution center.
5. The secure data transmission method according to claim 4, wherein the distribution center obtains corresponding private keys according to IDs of an information sender and the information receiver after receiving the distribution request, and encrypts the received random number based on the private keys corresponding to the information sender and the information receiver, to obtain a transmission ciphertext and a reception ciphertext corresponding to the information sender and the information receiver.
6. The secure data transmission method according to claim 5, wherein the sender ciphertext is sent to the information sender and the receiver ciphertext is sent to the information receiver.
7. The secure data transmission method according to claim 6, wherein the information receiver and the information receiver decrypt the received receiver ciphertext and the sender ciphertext based on the corresponding private key to obtain plaintext and use the plaintext as a key for data transmission.
8. The secure data transmission method of claim 7, wherein the decryption method is an AES algorithm.
9. The safe data transmission system is characterized by comprising a server, wherein a key distribution center is configured in the server, the key distribution center is connected with an information receiver and an information sender, and the information receiver and the information sender are provided with a main processor, a coprocessor, a storage unit and an information sending and receiving unit.
10. The secure data transmission system of claim 9, wherein the storage unit includes an internal storage area, an external memory, and a unique key, the internal storage area having a permanent counter disposed therein, the permanent counter being incremented according to an update operation of the object meta information, the unique key being derived from a unique secure identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310713084.2A CN116938529A (en) | 2023-06-14 | 2023-06-14 | Safe data transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310713084.2A CN116938529A (en) | 2023-06-14 | 2023-06-14 | Safe data transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116938529A true CN116938529A (en) | 2023-10-24 |
Family
ID=88388573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310713084.2A Pending CN116938529A (en) | 2023-06-14 | 2023-06-14 | Safe data transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116938529A (en) |
-
2023
- 2023-06-14 CN CN202310713084.2A patent/CN116938529A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200372503A1 (en) | Transaction messaging | |
| JP6941183B2 (en) | Data tokenization | |
| KR101608510B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| US10757571B2 (en) | Internet of things device | |
| CN108520183A (en) | A kind of date storage method and device | |
| CN102855448B (en) | A kind of Field-level database encryption device | |
| US10943020B2 (en) | Data communication system with hierarchical bus encryption system | |
| Abdulraheem et al. | An efficient lightweight cryptographic algorithm for IoT security | |
| WO2019127265A1 (en) | Blockchain smart contract-based data writing method, device and storage medium | |
| CN101882197A (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
| CN103647636A (en) | Method and device for safe access to data | |
| CN112989391A (en) | Hybrid encryption method, hybrid decryption method, system, device and storage medium | |
| CN116436682A (en) | Data processing method, device and system | |
| CN112887297B (en) | Privacy-protecting differential data determining method, device, equipment and system | |
| CN109698839B (en) | Desensitization data comparison method and device based on asymmetric algorithm | |
| CN110419195A (en) | Data managing method and system in IOT lightweight terminal environments based on proxy re-encryption | |
| Ti et al. | Benchmarking dynamic searchable symmetric encryption scheme for cloud-internet of things applications | |
| Wu et al. | Research of the Database Encryption Technique Based on Hybrid Cryptography | |
| CN116938529A (en) | Safe data transmission method and system | |
| CN112822201B (en) | Privacy-protecting difference data determination method, device, equipment and system | |
| KR101709086B1 (en) | security method and system thereof based context for Internet of Things environment | |
| CN113922956A (en) | Quantum key based Internet of things data interaction method, system, device and medium | |
| Li et al. | A lightweight hash-based mutual authentication protocol for RFID | |
| KR20170107818A (en) | Data sharing system and method based on attributed re-encryption | |
| CN114095152A (en) | Method, system, medium and apparatus for updating key and encrypting and decrypting data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |