CN117459931A - Data encryption method, system and storage medium - Google Patents
Data encryption method, system and storage medium Download PDFInfo
- Publication number
- CN117459931A CN117459931A CN202311302304.9A CN202311302304A CN117459931A CN 117459931 A CN117459931 A CN 117459931A CN 202311302304 A CN202311302304 A CN 202311302304A CN 117459931 A CN117459931 A CN 117459931A
- Authority
- CN
- China
- Prior art keywords
- server
- mobile terminal
- relay
- dynamic password
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000005540 biological transmission Effects 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 16
- 239000000284 extract Substances 0.000 claims description 5
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 14
- 238000007639 printing Methods 0.000 abstract description 6
- 230000006854 communication Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 12
- 230000005855 radiation Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000003111 delayed effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
- G06F21/608—Secure printing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1202—Dedicated interfaces to print systems specifically adapted to achieve a particular effect
- G06F3/1222—Increasing security of the print job
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1223—Dedicated interfaces to print systems specifically adapted to use a particular technique
- G06F3/1237—Print job management
- G06F3/1238—Secure printing, e.g. user identification, user rights for device usage, unallowed content, blanking portions or fields of a page, releasing held jobs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1278—Dedicated interfaces to print systems specifically adapted to adopt a particular infrastructure
- G06F3/1292—Mobile client, e.g. wireless printing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The application relates to a data encryption method, a system and a storage medium, wherein the method comprises the steps that a mobile terminal obtains a dynamic password sent by a server; searching and connecting the matched relay equipment according to the dynamic password acquired by the mobile terminal, and periodically updating the dynamic password by the server and sending the dynamic password to the relay equipment; the mobile terminal sends the information to be encrypted to a server; the relay equipment sends preset encryption rules to the server, and different relay equipment is preset with corresponding different encryption rules; after receiving the information to be encrypted and the encryption rule, the server encrypts the information to be encrypted and generates printable label information; and sending the printable label information to the mobile terminal for printing and generating by the mobile terminal, wherein the relay equipment establishes short-distance connection with the mobile terminal. The method and the device improve the reliability of the encryption process, and simultaneously limit the encryption process to a fixed range, so that the encryption process cannot be added through a mobile terminal in a different place.
Description
Technical Field
The present invention relates to the field of data encryption, and in particular, to a data encryption method, system, and storage medium.
Background
In general, conventional data encryption performs a corresponding encryption operation on data through a mutual response between a terminal device and a server, so that data uploaded from the terminal can be encrypted for subsequent use.
In some cases, when the encrypted result is a two-dimensional code or a label of a bar code, the label may be photographed by a mobile device and transferred to a mobile device in a different place to perform a corresponding operation, and the interaction between the two directions is easy to directly interfere with the actual encryption flow, so that modification of the encryption result or leakage of the encryption process is easy to cause, and the reliability of the actual encryption is affected.
Disclosure of Invention
In order to improve the reliability of the encryption process, the application provides a data encryption method, a data encryption system and a storage medium.
In a first aspect, the present application provides a data encryption method, which adopts the following technical scheme:
a method of data encryption, comprising:
the mobile terminal acquires a dynamic password sent by a server;
searching and connecting the matched relay equipment according to the dynamic password acquired by the mobile terminal, and periodically updating the dynamic password by the server and sending the dynamic password to the relay equipment;
the mobile terminal sends the information to be encrypted to a server;
the relay equipment sends preset encryption rules to the server, and different relay equipment is preset with corresponding different encryption rules;
after receiving the information to be encrypted and the encryption rule, the server encrypts the information to be encrypted and generates printable label information;
the printable tag information is sent to the mobile terminal for the mobile terminal to print out,
and the relay equipment establishes short-distance connection with the mobile terminal.
By adopting the technical scheme, under the design mode, the connection between the server and the mobile terminal does not determine the encryption and decryption modes of the information, but determines what mode is adopted for the encryption and decryption of the information through the relay equipment. Meanwhile, the related flow also determines that the connection between the mobile terminal and the relay device can be performed by decrypting the same dynamic password in the same way, and the server can learn the corresponding encryption rule and decryption rule to perform the corresponding encryption and decryption operation only after the relay device and the mobile terminal are connected. Meanwhile, since the short-distance connection mode of the mobile terminal and the relay device also limits that the mobile terminal needs to be in the radiation range of the relay device, the mobile terminal has no way to encrypt and decrypt by sending the tag photo under the long-distance condition. The encryption and decryption steps in this manner are therefore extremely regionalized and difficult to crack by third party devices.
Preferably, the method for connecting the mobile terminal to the matching relay device includes:
the mobile terminal decrypts the dynamic password to obtain terminal matching information;
the relay equipment decrypts the dynamic password to obtain relay matching information;
the relay equipment modifies an equipment identifier, wherein the equipment identifier of the relay equipment is provided with a preset expression field, and the expression field contains the relay matching information;
and searching all equipment identifiers capable of establishing connection in the range by the mobile terminal, and attempting to establish connection with equipment corresponding to the equipment identifier containing relay matching information.
Preferably, the device identifier of the relay device is in a non-broadcast state, and the device identifier of the relay device is at least composed of relay matching information and time stamp information, and the time stamp information is determined by the moment when the relay device receives the dynamic password sent by the server;
and the mobile terminal generates an addressing identifier according to the terminal matching information and the current moment, searches the equipment identifier in a non-broadcasting state according to the addressing identifier in a searching range and connects the equipment identifier.
By adopting the technical scheme, the device identifier of the relay device can be hidden in the state, and the device identifier cannot be known, so that the device identifier is not easy to be decoded or connected. The method for constructing the equipment identifier by the relay matching information and the timestamp information can also continuously change the equipment identifier of the relay equipment within a certain time, and improve the decoding difficulty.
Preferably, the moment when the server sends the dynamic password has preset sending logic, and the preset sending logic is synchronous with the relay equipment and the mobile terminal;
when the relay equipment receives the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained to be used as time stamp information;
when the mobile terminal obtains the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained as time stamp information, and the time stamp information is combined with the terminal matching information to generate an addressing identifier.
Preferably, the server and the relay device communicate through data packets, the data packets each include check bits, and the data encryption method further includes:
after receiving the data packet sent by the server, the relay equipment extracts a check code of a check bit in the data packet and verifies the check code;
after the verification is passed, the relay device analyzes the data packet;
before the relay equipment sends a data packet to a server, the relay equipment randomly generates and records the check code;
the relay device integrates the check code into check bits of the data packet sent to the server.
By adopting the technical scheme, whether the data is changed or decoded can be effectively monitored, and the safety during data transmission is improved.
Preferably, after the server updates the dynamic password and sends the dynamic password to the relay device, the relay device receives the dynamic password and verifies the check bit;
decrypting the dynamic password after the verification bit passes the verification;
before the server updates the dynamic password, the relay equipment randomly generates a check code and packages the check code and a request updating instruction to generate a data packet;
the relay device sends the data packet to the server;
the server responds to the data packet sent by the relay equipment and splits the check bit to obtain a check code;
the server generates a dynamic password, and integrates the dynamic password with the acquired check code to generate a data packet to be sent to the relay device.
Preferably, after the mobile terminal establishes connection with the relay device, the relay device randomly generates a check code and packages the check code with a preset encryption rule to generate a data packet;
the relay device sends the data packet to the server;
the server responds to the data packet sent by the relay equipment and splits the check bit to obtain a check code;
the server generates a receiving success instruction, and integrates the receiving success instruction with the acquired check code to generate a data packet to be sent to the relay equipment;
the relay equipment receives the data packet sent by the server and analyzes the data packet to verify the check bit;
when the check bit passes verification, the relay device stops the flow and waits for generating a request update instruction;
and when the relay equipment does not receive the data packet sent by the server within the preset time, retransmitting the data packet to the server.
In a second aspect, the present application provides a data encryption system that adopts the following technical scheme:
a data encryption system, comprising,
the mobile terminal is used for sending the information to be encrypted to the server, acquiring the dynamic password sent by the server, and searching and connecting the matched relay equipment according to the acquired dynamic password;
the relay equipment is used for sending preset encryption rules to the server after the mobile terminal is connected, wherein different relay equipment is preset with corresponding different encryption rules;
the server is used for receiving the information to be encrypted sent by the mobile terminal and the encryption rule sent by the relay equipment, encrypting the information to be encrypted and generating printable label information; the server updates the dynamic password periodically and sends the dynamic password to the relay device.
In a third aspect, the present application provides a computer storage medium capable of storing a corresponding program, which adopts the following technical scheme:
a computer readable storage medium storing a computer program capable of being loaded by a processor and executing any one of the data encryption methods described above.
In summary, the present application includes at least one of the following beneficial technical effects:
the connection between the server and the mobile terminal does not determine the encryption and decryption methods of the information, but determines what method the encryption and decryption of the information is implemented by the relay device. Meanwhile, the related flow also determines that the connection between the mobile terminal and the relay equipment can be performed by decrypting the same dynamic password in the same way, and the server can learn the corresponding encryption rule and decryption rule to perform the corresponding encryption and decryption operation only after the relay equipment and the mobile terminal are connected;
the short-distance connection mode of the mobile terminal and the relay device also limits that the mobile terminal needs to be in the radiation range of the relay device, and the mobile terminal has no way to encrypt and decrypt by sending the tag photo under the long-distance condition;
the mode of jointly constructing the equipment identifier by the relay matching information and the timestamp information can also continuously change the equipment identifier of the relay equipment within a certain time, so that the decoding difficulty is improved.
Drawings
Fig. 1 is a flow chart of a data encryption method according to an embodiment of the invention.
Fig. 2 is a schematic flow chart of connection matching between a relay device and a mobile terminal according to an embodiment of the present invention.
Fig. 3 is a flow chart of communication between a relay device and a server through a data packet according to an embodiment of the present invention.
Fig. 4 is a schematic flow chart of communication between a server and a relay device through a data packet when the server generates a dynamic password according to an embodiment of the present invention.
Fig. 5 is a schematic flow chart of communication between a relay device and a server through a data packet when the relay device sends a preset encryption rule to the server according to an embodiment of the present invention.
Fig. 6 is a flow chart of a decryption process according to an embodiment of the invention.
Detailed Description
The present application is described in further detail below in conjunction with figures 1-6.
The embodiment of the application discloses a data encryption method, which is implemented by mutual communication among a mobile terminal, a relay device and a server, wherein the server can be erected in a machine room of an operator, the mobile terminal can be mobile equipment (such as a handheld phone) in a user hand or mobile equipment special for data encryption, and the mobile equipment can integrate a printing module, so that an encryption result is carried in a printable label form and is used for follow-up. The relay device is used for communication connection with the server and the mobile terminal, the server and the relay device can be connected through an established public network, and short-distance wireless connection can be established between the mobile terminal and the relay device in a Bluetooth or WiFi mode.
As a specific data encryption method, referring to fig. 1, the steps specifically include:
step S100: the mobile terminal obtains the dynamic password sent by the server.
The dynamic password is generated by a dynamic password generator built in the server, and can be a series of keys which are randomly generated by a preset algorithm or a section of character strings with fixed length which are randomly generated by a random number generation rule. In general, a dynamic password will be specified as eight or sixteen bits in length.
After the mobile terminal establishes connection with the server through the public network, a request instruction is sent to the server, and after the server receives the request instruction sent by the mobile terminal, the generated dynamic password is sent to the mobile terminal, so that the mobile terminal obtains the dynamic password sent by the server.
When the mobile terminal is a handheld mobile device such as a mobile phone, a corresponding APP (mobile phone software) can be installed on the mobile terminal to run a corresponding program for interacting with the server and the relay device, for example, the mobile terminal communicates with the server and establishes long connection after opening the APP, and then a dynamic password sent by the server is obtained. In the following steps, each operation or procedure initiated by the mobile terminal can also push the corresponding procedure operation by setting up the corresponding operation button on the APP.
Step S200: and searching and connecting the matched relay equipment according to the dynamic password acquired by the mobile terminal, and periodically updating the dynamic password by the server and sending the dynamic password to the relay equipment.
After the server updates the dynamic password periodically, the dynamic password is also sent to the relay device, and the relay device stores the dynamic password which is newly issued by the server. At the same time, the dynamic passwords received by the relay device and the mobile terminal are the same, so that the corresponding mobile terminal and the relay device can be correspondingly connected through verifying the dynamic passwords, and the mobile terminal and other devices cannot be caused to be connected.
As a specific implementation manner of connection matching, referring to fig. 2, specifically includes:
step S210: the mobile terminal decrypts the dynamic password to obtain the terminal matching information.
Step S220: the relay device decrypts the dynamic password to obtain relay matching information.
The step S210 is decryption of the dynamic password by the mobile terminal, the step S220 is decryption of the dynamic password by the relay device, and the steps S210 and S220 may be changed according to the actual situation. In general, the decryption of the dynamic password by the relay device and the mobile terminal generally starts to decrypt after receiving the dynamic password sent by the server, and the relay device always maintains a long connection with the server, so the relay device always performs the corresponding decryption step first from the time sequence.
The decryption method for the dynamic password described herein may be to execute a preset operation logic on the character string, for example, insert a character, execute a corresponding logic operation, perform an confusion operation, etc., where the operation logic may be set by itself according to the need, and there is no need to be limited in practice, but it should be noted that the decryption methods for the dynamic password by the mobile terminal and the relay device need to be the same, and the decryption methods need to be preset in the mobile terminal and the relay device when configuring the file.
Step S230: the relay device modifies a device identifier, the device identifier of the relay device having a preset expression field, and the expression field containing the relay matching information.
When the relay device is connected with the mobile terminal in a WIFI mode, the device identifier is represented by an SSID, which represents identification information that the device can be connected. When the relay device and the mobile terminal are connected in a Bluetooth connection mode, the device identifier represents the Bluetooth device name of the relay device. The expression field represents a specific expression string of the device identifier, in one embodiment, the device identifier may be formed by only relay matching information, in another embodiment, the device identifier may be formed by relay matching information and a preset fixed field, for example, AAA-BBBBBBBB, where AAA may be a preset fixed field, and BBBBBBBB is a string of relay matching information obtained by dynamic password decryption. In this application, the generation time of the dynamic password may also be added to the generation of the device identifier as a time stamp, and the specific value of the time stamp information is determined by the time when the relay device receives the dynamic password sent by the server.
The server has preset logic in the process of generating the dynamic password, for example, the generation of two adjacent dynamic passwords is separated by a preset fixed time, the preset logic is synchronized to the relay device and the mobile terminal, and the relay device can judge the expression character string of the timestamp information corresponding to the received dynamic password according to the preset logic, specifically, the method comprises the following steps:
step S231: when the relay device receives the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained as time stamp information.
When the preset sending logic is known by the relay device, since the information sent by the server to the relay device is delayed, and the time when the relay device receives the dynamic password is definitely after the time when the server generates the dynamic password, the relay device can compare the current time with the preset sending logic, and takes a timestamp of a time before the current time in the sending logic as timestamp information, where the timestamp information represents a string that can represent the time, for example, a string that can be represented by a 12 th day of 2020, a 12 th month, a 22 th day, a 45 th minute, or a string that can be represented by timestamp information, for example, 1245, can be represented by only a hour and a minute of each day in one mode.
Step S232: when the mobile terminal obtains the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained as time stamp information, and the time stamp information is combined with the terminal matching information to generate an addressing identifier.
Similarly, when the preset sending logic is known by the mobile terminal, the information sent to the mobile terminal by the server is delayed, and the time when the mobile terminal receives the dynamic password is definitely after the time when the server generates the dynamic password, so that the mobile terminal can compare the current time with the preset sending logic according to the current time, and the timestamp of the sending logic located at the time before the current time is used as the timestamp information. In general, the time stamp information here represents the same format as that represented by the relay device, for example, when the time stamp information of the relay device is in a string format, the time stamp information of the mobile interrupt also needs to be in a string format.
In general, the time stamp information of the relay device and the time stamp information of the mobile terminal should be completely identical between two adjacent dynamic password update intervals, so that the addressing indicator generated in this way can accurately find the device identifier corresponding to the relay device.
On the premise that the equipment identifier of the relay equipment can be in a non-broadcast state, other terminal equipment cannot directly acquire the equipment identifier of the relay equipment, and therefore related information cannot be reversely decoded through the equipment identifier of the relay equipment. Instead, after the mobile terminal that needs to establish a connection acquires the corresponding device identifier, a connection may still be established with the corresponding relay device.
Step S240: and searching all equipment identifiers capable of establishing connection in the range by the mobile terminal, and attempting to establish connection with equipment corresponding to the equipment identifier containing relay matching information.
The relay matching information may include not only the above-described time stamp information and relay matching information, but also other representative information such as geographical location information. Meanwhile, the relay device can have a preset password for the mobile terminal to connect, and under the premise, the preset password also needs to be known by the mobile terminal for the mobile terminal to establish connection with the relay device. Generally, the search range of the mobile terminal is related to the broadcast radiation intensity of the relay device, and the greater the intensity of the relay device, the further the mobile terminal can search for the relay device.
Step S300: and the mobile terminal sends the information to be encrypted to the server.
The mobile terminal can input corresponding data into the mobile terminal in a manual input mode, connection is established between the mobile terminal and the server through a public network, and the mobile terminal can input the information to be encrypted of the mobile terminal in the step through the manual input mode
Step S400: the relay equipment sends preset encryption rules to the server, and different relay equipment is preset with corresponding different encryption rules.
Each relay device pre-stores an encryption rule, the encryption rule is converted into a corresponding character string and stored in the relay device, and the relay device sends the corresponding character string to the server in the step. The server can correspondingly judge which encryption rule the relay device belongs to after receiving the character string information. Generally, the encryption rules may be DES, 3DES, AES, RSA, DSA, SHA-1, MD5, etc., or may be other self-defined encryption methods, and the character strings corresponding to each encryption rule may be mapped by establishing a mapping table, so that the corresponding encryption rule may be obtained through the corresponding character string.
Step S500: after receiving the information to be encrypted and the encryption rule, the server encrypts the information to be encrypted and generates printable label information.
After step S400, the server knows the encryption rule sent by the relay device, and receives the information to be encrypted sent by the mobile terminal in step S300, the server encrypts the information to be encrypted by adopting the corresponding encryption rule, and the encrypted printable tag information is the encrypted ciphertext character string obtained by encryption.
Step S600: and sending the printable label information to the mobile terminal for the mobile terminal to print and generate.
After the printable label information is generated, the server sends the printable label information to the mobile terminal, the mobile terminal can integrate the printing module, and the mobile terminal converts the printable label information into information identifiable by the printing module for printing by the printing module after receiving the printable label information. Generally, the mobile terminal prints and generates a two-dimensional code label, and in some cases, a barcode label may also be printed and generated.
On this basis, the communication between the server and the relay device delivers the required information by means of data packets. The data packet includes a corresponding check code as an identification bit, the check code is in the check bit of the data packet, the server only identifies the check bit in the received data packet and correspondingly extracts the check code, the check code is integrated into the data packet sent to the relay device again in the subsequent operation process, and the relay device has a check code unit for identifying, judging and generating the check code, so that it can be known whether the communication process between the relay device and the server is interfered or decoded, referring to fig. 3, specifically:
step S1: and after receiving the data packet sent by the server, the relay equipment extracts the check code of the check bit in the data packet and verifies the check code.
The data packet at least includes a transmission bit for storing data to be transmitted and a check bit for storing a check code, in one embodiment, the overall length of the data packet is fixed, and the position of the check bit is fixed, so that the occupied length of the check bit and the transmission bit is also fixed, in another embodiment, the length and the position of the check bit are fixed, for example, in the first byte or the end byte of the data packet, and the rest positions are corresponding transmission bits. Therefore, in either way, the relay device can directly extract the check code of the check bit in the data packet and verify the check code. Generally, the check code for verification is the check code generated by the check code unit of the relay device in the previous time, and the verification process only needs to judge whether the check code unit and the check code unit are consistent.
Step S2: and after the verification is passed, the relay device analyzes the data packet.
The verification is that the check code in the check bit is consistent with the check code generated in the previous time, and the analysis of the data packet refers to extracting the related information corresponding to the transmission bit in the data packet in the step.
Step S3: before the relay device sends the data packet to the server, the relay device randomly generates and records the check code.
The relay device randomly generates a check code with a fixed length according to the preset length of the check code, and records the check code for checking and checking the check code when receiving the data packet sent by the server next time. In one embodiment, the check code recorded previously in the relay device is overwritten after the random generation of the check code, so that the relay device always records only one check code.
Step S4: the relay device integrates the check code into check bits of the data packet sent to the server.
The integration refers to placing the corresponding data into the corresponding position in the data packet, for example, the data to be transmitted is filled into the transmission bit of the data packet, and the randomly generated check code is filled into the check bit of the data packet, and the positions of the check bit and the transmission bit follow the construction manner of the data packet in step S1.
Based on this, in order to satisfy the loop communication between the server and the relay device, for the generation of the dynamic password, before the server generates the dynamic password, the relay device generates a request update instruction at a fixed transmission interval and transmits the request update instruction to the server, and the server generates the dynamic password by responding to the request update instruction, and since the request update instruction of the relay device is transmitted at a prescribed interval, the update of the dynamic password of the server also has a preset logic, and the communication between the server and the relay device can form a complete loop without the relay device transmitting the encryption rule to the server.
Specifically, referring to fig. 4, the steps include:
step S11: after the server updates the dynamic password and sends the dynamic password to the relay device, the relay device receives the dynamic password and verifies the check bit.
In this step, the dynamic password is still sent to the relay device by means of a data packet, and the relay device obtains the check code from the check bit by parsing the data packet, and the way of verifying the check code is the same as in step S1.
Step S12: and after the verification bit passes the verification, decrypting the dynamic password.
Step S13: before the server updates the dynamic password, the relay device randomly generates a check code and packages the check code and a request updating instruction to generate a data packet.
The request updating instruction is a fixed string, and after the server receives the request updating instruction, the corresponding driving corresponding module generates a dynamic password. The relay device generates the request update instruction under the preset generation logic, and the server responds to the request update instruction to generate the dynamic password, so that the dynamic password can also be considered to be generated under the preset generation logic. In general, generation of two adjacent request update instructions is at regular intervals.
Further, on this basis, the time stamp information mentioned for the previous step regarding the time required for the relay device to generate the device identifier may be determined according to the logic of the relay device generation request update instruction.
Step S14: the relay device sends the data packet to the server.
Step S15: the server responds to the data packet sent by the relay device and splits the check bit to obtain the check code.
In this step, the check bit is split to obtain the check code without verification, and only the character string of the check bit in the data packet is extracted to obtain the corresponding check code.
Step S16: the server generates a dynamic password, and integrates the dynamic password with the acquired check code to generate a data packet to be sent to the relay device.
Wherein, after step S16 is completed, a complete communication closed loop is formed after the generation of the dynamic password, and because the generation and transmission of the dynamic password are in response to the generation of the request update command, the generation, transmission of the request update command and the generation and transmission of the dynamic password can be regarded as completed in a short time, and the relay device will not send the encryption rule to the server during this time.
Therefore, it can be known that the encryption rule sent by the relay device to the server is between the communication closed-loop moments generated by two adjacent dynamic passwords, so that in the case that the encryption rule is sent by the relay device to the server, the server also needs to return a data packet to the relay device so that the relay device can regenerate the check code when the relay device establishes a connection with the mobile terminal next time or generates a request update instruction. Specifically, referring to fig. 5, the step of sending the encryption rule to the server for the complete relay device includes:
step S21: after the mobile terminal establishes connection with the relay equipment, the relay equipment randomly generates a check code and packages the check code with a preset encryption rule to generate a data packet.
Step S22: the relay device sends the data packet to the server.
Step S23: the server responds to the data packet sent by the relay device and splits the check bit to obtain the check code.
Step S24: and the server generates a receiving success instruction, and integrates the receiving success instruction with the acquired check code to generate a data packet to be sent to the relay equipment.
In one embodiment, in step S23, the content of the transmission bit may be obtained by splitting the data packet, and the server may respond to the generation of the reception success instruction after determining that the content of the transmission bit is a preset encryption rule, or may synchronously generate the reception success instruction in the process of splitting the data packet. The reception success instruction may be a character string of a predetermined character length and fixed content, for example, an eight-bit all-1 character string representing the reception success instruction. If the data packet fails to be received or the data packet fails to be parsed, a reception failure instruction may be generated, and similarly, the reception failure instruction may be an eight-bit all-0 string. The successful receipt instruction and the failed receipt instruction are integrated into the transmission bit of the data packet.
Step S25: the relay device receives the data packet sent by the server and analyzes the data packet to verify the check bit.
In this step, the data packet may be parsed and the data in the transmission bit may be checked synchronously, i.e. whether to receive a success instruction or a failure instruction.
Step S26: and when the check bit passes verification and a receiving success instruction is received, the relay equipment stops the flow and waits for generating a request updating instruction.
The relay device stopping flow refers to a flow of stopping and jumping out of S21-S26, and thereafter the relay device prepares to generate a request update instruction at a corresponding time.
Step S27: and when the relay equipment does not receive the data packet sent by the server within the preset time, retransmitting the data packet to the server.
The relay device may have a packet loss when the relay device does not receive the data packet sent by the server within the preset time, which may be that the relay device does not send the data packet to the server, or that the data sent by the server to the relay device is lost. Meanwhile, when the data packet received by the relay device includes a reception failure instruction, the data packet is also retransmitted to the server, where the data packet transmitted by the relay device to the server is the data packet generated in step S21.
In addition, in the embodiment of the application, the process of decrypting the data is initiated through the mobile terminal, the mobile terminal acquires the encrypted data after scanning the print label, the relay device is triggered to send the decryption rule flow to the server through connection with the relay device, and then the server decrypts the encrypted information through receiving the encrypted information sent by the mobile terminal and the decryption rule sent by the relay device and returns the decrypted information to the mobile terminal.
Specifically, referring to fig. 6, the process includes:
step S1000: the mobile terminal obtains the dynamic password sent by the server.
Similarly, in a device in which the mobile terminal is a handheld mobile device such as a mobile phone, the APP installed in the mobile terminal is operated to acquire a dynamic password transmitted by the server. The specific execution logic is the same as that of the aforementioned step S100.
Step S2000: and searching and connecting the matched relay equipment according to the dynamic password acquired by the mobile terminal.
Step S3000: the mobile terminal scans the tag to obtain the encrypted information and sends the encrypted information to the server.
When the encrypted information takes the two-dimensional code as a carrier, the two-dimensional code can be scanned by a camera arranged on the mobile terminal to correspondingly acquire the encrypted character string to be used as the encrypted information, and when the encrypted information takes the playing code as the carrier, the encrypted character string can be correspondingly acquired by a scanner arranged on the mobile terminal and the like.
Step S4000: the relay device sends a preset decryption rule to the server.
Each relay device has a decryption rule corresponding to a preset encryption rule, wherein the decryption rule is recorded in the relay device in a character string mode, and when the server receives the character string representing the decryption rule sent by the relay device, the decryption rule mapped with the character string is obtained, so that the server can decrypt the encrypted information by using the decryption rule.
Step S5000: after receiving the encryption information and the decryption rule, the server decrypts the encryption information and sends a decryption result to the mobile terminal.
The information interaction between the relay device and the server in the steps S1000-S5000 are all transferred by means of data packets, and follow the steps in the steps S1-S4.
It can be seen that in this design, the connection between the server and the mobile terminal does not determine the encryption and decryption of the information, but rather determines by the relay device what way the encryption and decryption of the information is implemented. Meanwhile, the related flow also determines that the connection between the mobile terminal and the relay equipment can be performed in a certain encryption mode, and the server can know the corresponding encryption rule and decryption rule to perform the corresponding encryption and decryption operation only after the relay equipment and the mobile terminal are connected. Meanwhile, since the short-distance connection mode of the mobile terminal and the relay device also limits that the mobile terminal needs to be in the radiation range of the relay device, the mobile terminal has no way to encrypt and decrypt by sending the tag photo under the long-distance condition. The encryption and decryption steps in this manner are therefore extremely regionalized and difficult to crack by third party devices.
In general, this approach is suitable for fixed locations in offices, malls, etc., and the relay devices may also be hidden in the gateway, ONU, OLT, WIFI, etc. stand-alone devices. Encryption and decryption operations can be correspondingly performed through the mobile terminal in the fixed area.
Based on the same inventive concept, the embodiment of the application also discloses a data encryption system, which is realized based on the mobile terminal, the relay device and the server and comprises:
the mobile terminal is used for sending the information to be encrypted to the server, acquiring the dynamic password sent by the server, and searching and connecting the matched relay equipment according to the acquired dynamic password.
And the relay equipment is used for sending preset encryption rules to the server after the mobile terminal is connected, wherein different relay equipment is preset with different corresponding encryption rules.
The server is used for receiving the information to be encrypted sent by the mobile terminal and the encryption rule sent by the relay equipment, encrypting the information to be encrypted and generating printable label information; the server updates the dynamic password periodically and sends the dynamic password to the relay device.
Wherein, the relay device establishes short-distance connection with the mobile terminal.
For the disclosed data encryption system, the mobile terminal, the relay device, and the server may also perform the various steps as described in the flow of fig. 1-6.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Embodiments of the present invention also provide a computer readable storage medium storing instructions capable of implementing the steps described in the flowcharts of fig. 1-6 when loaded and executed by a processor.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing embodiments are only used to describe the technical solutions of the present application in detail, but the descriptions of the foregoing embodiments are only used to help understand the method and the core idea of the present invention, and should not be construed as limiting the present invention. Variations or alternatives, which are easily conceivable by those skilled in the art, are included in the scope of the present invention.
Claims (9)
1. A data encryption method, comprising:
the mobile terminal acquires a dynamic password sent by a server;
searching and connecting the matched relay equipment according to the dynamic password acquired by the mobile terminal, and periodically updating the dynamic password by the server and sending the dynamic password to the relay equipment;
the mobile terminal sends the information to be encrypted to a server;
the relay equipment sends preset encryption rules to the server, and different relay equipment is preset with corresponding different encryption rules;
after receiving the information to be encrypted and the encryption rule, the server encrypts the information to be encrypted and generates printable label information;
the printable tag information is sent to the mobile terminal for the mobile terminal to print out,
and the relay equipment establishes short-distance connection with the mobile terminal.
2. The data encryption method according to claim 1, wherein the method for connecting the mobile terminal to the matching relay device comprises:
the mobile terminal decrypts the dynamic password to obtain terminal matching information;
the relay equipment decrypts the dynamic password to obtain relay matching information;
the relay equipment modifies an equipment identifier, wherein the equipment identifier of the relay equipment is provided with a preset expression field, and the expression field contains the relay matching information;
and searching all equipment identifiers capable of establishing connection in the range by the mobile terminal, and attempting to establish connection with equipment corresponding to the equipment identifier containing relay matching information.
3. The data encryption method according to claim 2, wherein the device identifier of the relay device is in a non-broadcast state, the device identifier of the relay device being composed of at least relay matching information and time stamp information, the time stamp information being determined by a time when the relay device received the dynamic password transmitted by the server;
and the mobile terminal generates an addressing identifier according to the terminal matching information and the current moment, searches the equipment identifier in a non-broadcasting state according to the addressing identifier in a searching range and connects the equipment identifier.
4. A data encryption method according to claim 3, wherein the moment when the server transmits the dynamic password has preset transmission logic, and the preset transmission logic is synchronized with the relay device and the mobile terminal;
when the relay equipment receives the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained to be used as time stamp information;
when the mobile terminal obtains the dynamic password sent by the server, the time stamp of the receiving time before the current time in the sending logic is obtained as time stamp information, and the time stamp information is combined with the terminal matching information to generate an addressing identifier.
5. The data encryption method according to claim 2, wherein the server and the relay device communicate via data packets, and the data packets each include a check bit, the data encryption method further comprising:
after receiving the data packet sent by the server, the relay equipment extracts a check code of a check bit in the data packet and verifies the check code;
after the verification is passed, the relay device analyzes the data packet;
before the relay equipment sends a data packet to a server, the relay equipment randomly generates and records the check code;
the relay device integrates the check code into check bits of the data packet sent to the server.
6. The data encryption method according to claim 5, wherein after the server updates the dynamic password and sends the dynamic password to the relay device, the relay device receives the dynamic password and verifies the check bit;
decrypting the dynamic password after the verification bit passes the verification;
before the server updates the dynamic password, the relay equipment randomly generates a check code and packages the check code and a request updating instruction to generate a data packet;
the relay device sends the data packet to the server;
the server responds to the data packet sent by the relay equipment and splits the check bit to obtain a check code;
the server generates a dynamic password, and integrates the dynamic password with the acquired check code to generate a data packet to be sent to the relay device.
7. The method for encrypting data according to claim 6, wherein,
after the mobile terminal establishes connection with the relay equipment, the relay equipment randomly generates a check code and packages the check code with a preset encryption rule to generate a data packet;
the relay device sends the data packet to the server;
the server responds to the data packet sent by the relay equipment and splits the check bit to obtain a check code;
the server generates a receiving success instruction, and integrates the receiving success instruction with the acquired check code to generate a data packet to be sent to the relay equipment;
the relay equipment receives the data packet sent by the server and analyzes the data packet to verify the check bit;
when the check bit passes verification and a receiving success instruction is received, the relay equipment stops the flow and waits for generating a request updating instruction;
and when the relay equipment does not receive the data packet sent by the server within the preset time, retransmitting the data packet to the server.
8. A data encryption system, comprising,
the mobile terminal is used for sending the information to be encrypted to the server, acquiring the dynamic password sent by the server, and searching and connecting the matched relay equipment according to the acquired dynamic password;
the relay equipment is used for sending preset encryption rules to the server after the mobile terminal is connected, wherein different relay equipment is preset with corresponding different encryption rules;
the server is used for receiving the information to be encrypted sent by the mobile terminal and the encryption rule sent by the relay equipment, encrypting the information to be encrypted and generating printable label information; the server updates the dynamic password regularly and sends the dynamic password to the relay equipment;
and the relay equipment establishes short-distance connection with the mobile terminal.
9. A computer readable storage medium, characterized in that a computer program is stored which can be loaded by a processor and which performs the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311302304.9A CN117459931A (en) | 2023-10-10 | 2023-10-10 | Data encryption method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311302304.9A CN117459931A (en) | 2023-10-10 | 2023-10-10 | Data encryption method, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117459931A true CN117459931A (en) | 2024-01-26 |
Family
ID=89588257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311302304.9A Pending CN117459931A (en) | 2023-10-10 | 2023-10-10 | Data encryption method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117459931A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080065903A1 (en) * | 2006-09-07 | 2008-03-13 | International Business Machines Corporation | Selective encryption of data stored on removable media in an automated data storage library |
| US20120296830A1 (en) * | 2010-09-19 | 2012-11-22 | Zte Corporation | Method and mobile terminal for realizing network payment |
| CN104579627A (en) * | 2014-12-06 | 2015-04-29 | 上海移远通信技术有限公司 | Data encryption method and system |
| CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
| CN104978542A (en) * | 2015-06-11 | 2015-10-14 | 福建天晴数码有限公司 | Secure data storage and data access method and system |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
| CN109474583A (en) * | 2018-10-26 | 2019-03-15 | 温州博盈科技有限公司 | A kind of data safety management system |
| CN114399007A (en) * | 2021-11-30 | 2022-04-26 | 中国建设银行股份有限公司 | Information feedback method and device, computer equipment and storage medium |
-
2023
- 2023-10-10 CN CN202311302304.9A patent/CN117459931A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080065903A1 (en) * | 2006-09-07 | 2008-03-13 | International Business Machines Corporation | Selective encryption of data stored on removable media in an automated data storage library |
| US20120296830A1 (en) * | 2010-09-19 | 2012-11-22 | Zte Corporation | Method and mobile terminal for realizing network payment |
| CN104579627A (en) * | 2014-12-06 | 2015-04-29 | 上海移远通信技术有限公司 | Data encryption method and system |
| CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
| CN104978542A (en) * | 2015-06-11 | 2015-10-14 | 福建天晴数码有限公司 | Secure data storage and data access method and system |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
| CN109474583A (en) * | 2018-10-26 | 2019-03-15 | 温州博盈科技有限公司 | A kind of data safety management system |
| CN114399007A (en) * | 2021-11-30 | 2022-04-26 | 中国建设银行股份有限公司 | Information feedback method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2963959B1 (en) | Method, configuration device, and wireless device for establishing connection between devices | |
| JP4759373B2 (en) | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMPUTER PROGRAM | |
| US8014529B2 (en) | In-band device enrollment without access point support | |
| EP2156700B1 (en) | Wi-fi protected setup in adhoc network | |
| EP3567503A1 (en) | Systems and methods for provisioning a camera with a dynamic qr code and a ble connection | |
| KR100886691B1 (en) | Communication apparatus and method thereof | |
| CN104010309A (en) | Method for establishing connection between access point and terminal and terminal | |
| CN102387501A (en) | Secure wireless link between two devices using probes | |
| CN107820325B (en) | Wireless communication method and system, computer storage medium and device | |
| JP2018006983A (en) | Communication device, communication method, and program | |
| US20170208465A1 (en) | Communication apparatus, method of sharing communication parameters, and program | |
| KR101963545B1 (en) | Communication device, communication method, and program | |
| JP2006050526A5 (en) | ||
| WO2018113113A1 (en) | Double-system terminal wifi sharing method and device | |
| CN112020120A (en) | Network configuration method, device, equipment and system | |
| JP2007199789A (en) | Network printer system, printer, method for controlling computer, and program | |
| CN113114665A (en) | Data transmission method and device, storage medium and electronic device | |
| WO2018030296A1 (en) | Communication device, communication method and program | |
| US8369530B2 (en) | Network set-up device | |
| CN117459931A (en) | Data encryption method, system and storage medium | |
| KR100617132B1 (en) | Mobile terminal and method for file sharing using thereof | |
| US20190037030A1 (en) | Method for Pairing Internet-of-Things Devices to Cloud Services | |
| JP6540381B2 (en) | Information processing system and encryption communication method | |
| JP2017046025A (en) | Radio network setting system, communication terminal, and radio network setting method | |
| US20230006843A1 (en) | Data transmission method, apparatus, and system, computer device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |