CN117479151A - Data encryption transmission method - Google Patents
Data encryption transmission method Download PDFInfo
- Publication number
- CN117479151A CN117479151A CN202311811164.8A CN202311811164A CN117479151A CN 117479151 A CN117479151 A CN 117479151A CN 202311811164 A CN202311811164 A CN 202311811164A CN 117479151 A CN117479151 A CN 117479151A
- Authority
- CN
- China
- Prior art keywords
- data
- terminal
- key
- task
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000005540 biological transmission Effects 0.000 title claims abstract description 39
- 238000004806 packaging method and process Methods 0.000 claims abstract description 6
- 238000012795 verification Methods 0.000 claims description 49
- 238000012856 packing Methods 0.000 claims description 26
- 230000008569 process Effects 0.000 claims description 11
- 230000003993 interaction Effects 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 claims description 7
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000010295 mobile communication Methods 0.000 claims description 4
- 239000003550 marker Substances 0.000 description 10
- 238000004891 communication Methods 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a data encryption transmission method, and relates to the field of data transmission. The invention encrypts the task request and initiates the task request; decrypting the task request when the first terminal is legal, comparing the task request with a database, and requesting data from a central server according to the task serial number when the comparison is consistent; storing and truncating the returned real data to obtain confusion data; encrypting and marking the real data and the confusion data respectively to obtain a data group; marking the generated keys respectively to obtain a key group; packaging the data group, encrypting and transmitting to a corresponding second terminal; when the mobile server is legal, determining the real encrypted data; the mobile server packs the key group and encrypts and sends the key group to the first terminal; when the mobile server is legal, a key list to be sent is generated, encrypted and sent to a corresponding second terminal; when the first terminal is legal, determining a real key; decrypting the encrypted data to parse the encrypted data to obtain the required real data so as to ensure high security of information transmission.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a data encryption transmission method.
Background
In the current mobile space-based system, the terminal often needs to provide instructions and a large amount of data information by the mobile server, and also needs to send the collected latest information to the mobile server, such as the data mode of sending the data from the mobile server to the terminal shown in fig. 1, and such as the data mode of sending the data from the terminal to the mobile server shown in fig. 2. In the data transmission process of the existing mobile space-based system, encrypted data is easy to steal and crack, and in the process of transferring the encrypted data, the information is missed and misplaced, and the encryption process is simple, so that the information is leaked and other problems are solved. Encryption technology is an important means for data security transmission, and the current encryption mode mainly includes symmetric encryption algorithms (such as DES (data encryption standard, data Encryption Standard), AES (advanced encryption standard ) and the like) and asymmetric encryption algorithms (such as RSA encryption algorithm, ECC (error correction code, error Correcting Code) and the like). If a symmetric encryption algorithm is used, the same key is used for encryption and decryption, and besides the key is saved, the other party also knows the key to decrypt the data. If the keys are also passed together, there is a potential for password leakage. The asymmetric encryption algorithm is very inefficient and is not suitable for encrypting large amounts of original information.
Based on this, the prior art needs to solve two problems: firstly, how to encrypt and decrypt information; and how to safely and reliably transmit the key, including key generation, distribution, storage and the like. Further, in order to prevent data from being intercepted and interpreted, causing information leakage, it is necessary to study a working method of data transmission to ensure high security performance at the time of information transmission.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a data encryption transmission method.
In order to achieve the above object, the present invention provides the following.
The data encryption transmission method is realized based on a mobile space-based system; the mobile space-based system comprises a first terminal, a second terminal, a mobile server and a central server; the first terminal and the second terminal perform data interaction with the mobile server through a mobile communication technology; the mobile server performs data interaction with the central server; the first terminal is used for generating a scheduling instruction; the second terminal is used for completing data receiving; the data encryption transmission method comprises the following steps.
Encrypting the task request by using the public key of the mobile server to obtain an encrypted task request; the encryption of the task request is completed in the first terminal; the content of the task request comprises a second terminal serial number and a task serial number.
Decrypting the task request by using a private key of the mobile server, and verifying the validity of the first terminal by adopting a digital signature to obtain a first verification result; the verification process is completed in the mobile server;
and when the first verification result is illegal, not responding.
And when the first verification result is legal, comparing the decrypted task request with data in the database to obtain a comparison result.
And when the comparison result shows that the task scope of the task request belongs to the database, requesting data from a central server according to the task serial number.
And when the comparison result is that the task range of the task request does not belong to the database, the mobile server confirms whether information is wrongly sent to the first terminal, and a confirmation result is obtained.
And when the confirmation result is the information which is sent by mistake, the first terminal resends the task request.
And when the confirmation result is that the information is not wrongly sent, the mobile server requests data from the central server according to the task serial number.
And storing the data returned by the central server and taking the data as real data.
And carrying out truncation and recombination on the real data to obtain confusion data.
Encrypting the real data and the confusion data, respectively generating a real key and a confusion key, marking the encrypted real data and confusion data according to a first setting rule and marking the key according to a second setting rule.
The first setting rule and the second setting rule respectively define a marking position, and define a certain position as a specific marking position of the real data and the real key, and the marking position is used for distinguishing the real data, the confusing data, the real key and the confusing key.
And packaging the marked mixed encrypted data and the marked real encrypted data to obtain packaged data, encrypting the packaged data by using a first fixed password, and transmitting the encrypted packaged data to a corresponding second terminal.
And verifying the validity of the mobile server by adopting the token in the request header to obtain a second verification result.
And when the second verification result is illegal, not responding.
And when the second verification result is legal, the second terminal decrypts according to the first fixed password, determines the real encrypted data according to the marked first set rule and stores the real encrypted data.
The mobile server performs packing processing on the marked confusion encryption key and the real encryption key to obtain a packing key, encrypts a second terminal serial number and task time in packing data corresponding to the packing key and the packing key by using a second fixed password to obtain encrypted data and sends the encrypted data to the first terminal.
And verifying the validity of the mobile server by adopting the token in the request header to obtain a third verification result.
And when the third verification result is illegal, not responding.
When the third verification result is legal, decrypting according to the second fixed password to generate a to-be-sent key list; the key list to be sent comprises a key, a second terminal serial number and task time.
And encrypting the packing key in the key list to be sent by using a third fixed password, sending the encrypted packing key to a second terminal corresponding to the serial number of the second terminal in the key list to be sent, and verifying the legitimacy of the first terminal by adopting a token in the request header by the second terminal to obtain a fourth verification result.
And when the fourth verification result is legal, decrypting by using the third fixed password, determining a real key according to the second set rule, and decrypting the real encrypted data by using the real key to obtain the real data.
And when the fourth verification result is illegal, not responding.
Optionally, the encryption technique employed in encrypting the task request using the mobile server public key to obtain the encrypted task request is an asymmetric encryption technique.
Alternatively, the encryption technique employed when encrypting the real data and the obfuscated data is a symmetric encryption technique.
Optionally, the label position of the confusion data is different from the label position of the task data, and the label position of each confusion data is also different.
Optionally, the first fixed password, the second fixed password and the third fixed password are all determined by negotiation, and one task corresponds to one negotiation result.
The invention further provides another data encryption transmission method, which is realized based on the mobile antenna-based system; the mobile space-based system comprises a first terminal, a second terminal, a mobile server and a central server; the first terminal and the second terminal perform data interaction with the mobile server through a mobile communication technology; the mobile server performs data interaction with the central server; the first terminal is used for generating a scheduling instruction, and the second terminal is used for completing data acquisition; the data encryption transmission method comprises the following steps.
Task data is collected and confusion data is obtained based on the task data.
Encrypting the task data and the confusion data, and obtaining a real key and a confusion key.
Marking the encrypted task data and the encrypted confusion data according to a third setting rule, and marking the real key and the confusion key according to a fourth setting rule.
And packaging the marked encryption task data and the marked encryption confusion data, encrypting the encrypted encryption confusion data by using a fourth fixed password, and transmitting the encrypted encryption confusion data to the mobile server.
And verifying the validity of the second terminal by adopting a token in the request header to obtain a fifth verification result.
And when the fifth verification result is illegal, not responding.
And when the fifth verification result is legal, the mobile server decrypts by using the fourth fixed password, determines the real encrypted task data according to the third set rule and stores the real encrypted task data.
And the packaged and marked real key and the mixed key are used for obtaining a packaged key group, and the packaged key group and the corresponding second terminal serial number are encrypted by using a fifth fixed password and are sent to the first terminal.
And verifying the legitimacy of the second terminal by adopting the token in the request header to obtain a sixth verification result.
And when the sixth verification result is illegal, terminating the operation.
When the sixth verification result is legal, decrypting by using a fifth fixed password to generate a to-be-sent key list; the key list to be sent comprises a packing key and a second terminal serial number.
And packing the to-be-sent key list and sending the to-be-sent key list to the mobile server by using the sixth fixed password encryption.
And verifying the validity of the first terminal by adopting a token in the request header to obtain a seventh verification result.
And when the seventh verification result is illegal, terminating the operation.
And when the seventh verification result is legal, decrypting by using a sixth fixed password, determining a real key according to a fourth set rule, and decrypting corresponding to the serial number of the second terminal to obtain real task data.
Alternatively, the encryption technique employed when encrypting the real data and the obfuscated data is a symmetric encryption technique.
Optionally, the label position of the confusion data is different from the label position of the task data, and the label position of each confusion data is also different.
Optionally, the fourth fixed password, the fifth fixed password and the sixth fixed password are all determined by negotiation, and one task corresponds to one negotiation result.
According to the specific embodiments provided by the invention, the following technical effects are disclosed.
1) The encrypted data and the secret key are sent separately, and the secret key is sent through the third party (namely the first terminal), so that the security can be improved, and the cracking difficulty can be increased.
2) The invention adopts a multitask confusion mode, namely that the real data are mixed in other false data (confusion data), the second terminal and the mobile server make corresponding rules (namely set rules), the real data can be obtained through an algorithm, and even if the real data are intercepted by an adversary, the adversary cannot know which group the real data are.
3) According to the invention, different terminals are adopted for data receiving and collecting and task scheduling, so that the safety can be further improved.
4) The invention carries out secondary encryption on the encrypted data group, thereby improving the security.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a mobile server transmitting data to a terminal in a conventional base communication system.
Fig. 2 is a flow chart of data transmission from a terminal to a mobile server in a conventional base communication system.
Fig. 3 is a flowchart of a first data encryption transmission method provided by the present invention.
Fig. 4 is a flowchart of a second data encryption transmission method according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide a data encryption transmission method which can ensure high safety performance during information transmission.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
In the data transmission process of the mobile space-based system, a communication mobile server usually uses a 3G/4G network as a communication means to communicate with a terminal, and the mobile server of the mobile network based on the 3G network or the 4G network is difficult to meet the transmission requirement of a larger data volume in terms of software and hardware, particularly the requirement of high-definition video data transmission, so that the terminal and the mobile server communicate by using a 5G network in order to solve the problem. The first terminal is a unified scheduling terminal, and the second terminal is a data receiving and collecting terminal. Based on the above, the invention provides two different data encryption transmission methods to ensure high security performance during information transmission.
As shown in fig. 3, the data encryption transmission method provided by the invention comprises the following steps.
Step one, a first terminal encrypts a task request by using a mobile server public key, wherein task request contents comprise a second terminal serial number, a task serial number and the like. Encryption is a common asymmetric encryption mode, because the task request only contains a sequence number, and even if the task request is stolen and cracked, specific contents are not known.
In the actual application process, the first terminal and the mobile server share their own public keys respectively, the mobile server and the second terminal share their own public keys respectively, and the private keys of the first terminal and the mobile server are stored.
And step two, the first terminal initiates a request to the mobile server.
The first terminal and the mobile server are provided with a second terminal serial number list, task time and a task serial number list.
And thirdly, the mobile server receives the first terminal request and decrypts the first terminal request by using the private key of the mobile server, and meanwhile, the validity of the first terminal is verified, if the first terminal is legal, the next step is performed, and if the first terminal is not legal, the first terminal is not responded.
In the practical application process, the validity verification can use digital signature, and the digital signature has two functions: one is to be able to determine that the message was indeed signed and sent out by the first terminal, since someone else cannot impersonate the signature of the first terminal. And secondly, the digital signature can determine the integrity of the message. Because the digital signature is characterized in that it represents a feature of a file, the value of the digital digest will change if the file changes. Different files will get different digital summaries. A digital signature involves a hash function, the public key of the receiver, the private key of the sender.
And step four, comparing the database by the mobile server, and checking whether the requested task scope (namely the task request) is reasonable. If so, requesting data from the central server according to the task sequence number. If not, the mobile server confirms whether the information is wrongly sent to the first terminal, and if so, the first terminal resends the request. If the result is correct, the next step is performed. In the actual application process, whether the request task scope is reasonable refers to whether the task is matched with the given task in the second terminal, for example, the geographical position of the second terminal is A, and the task requirement acts on a far distance B, which is that the request task scope is not matched.
And fifthly, the mobile server requests data from the central server according to the task sequence number. The central server obtains the data and sends the data to the mobile server.
And step six, the mobile server receives and processes the data returned by the central server to obtain a plurality of groups of confusion data. Specifically, after storing the received data, the mobile server truncates and reassembles the real data to finally obtain other data for confusion (for example, the data for confusion may be truncated and reassembled into 9 groups).
And step seven, encrypting the real data and the confusion data in the step six respectively, obtaining a real key and a confusion key, and marking and distinguishing the encrypted data. Specifically, marking is performed at a specific position of the real encrypted data according to a first setting rule of the data marking, and marking is performed at an unspecified position in other confused encrypted data so as to distinguish the data from the real encrypted data.
And step eight, marking and distinguishing the secret key, namely marking the specific position in the real secret key according to a second setting rule of the secret key marking to determine that the secret key is the real secret key. Non-specific locations in other obfuscated keys are marked to determine the key as an obfuscated key.
The first setting rule is for specifying the marker positions of the real data and the marker positions of the confusion data, the marker positions of the real data being specific positions, the marker positions of the confusion data being non-specific positions (taking 1 set of real data and 9 sets of confusion data as an example, the first setting rule specifies 10 marker positions and specifies 1 specific position among the 10 marker positions for distinction). The second setting rule is for specifying a marker position of the real key and a marker position of the confusion key, the marker position of the real key being a specific position, the marker position of the confusion key being an unspecific position. The first set rule and the second set rule are known only to the mobile server and the second terminal and are updated periodically.
And step nine, packaging the encrypted and marked data, encrypting and transmitting to the second terminal. The encrypted data is packaged and sent to the second terminal by using the first fixed password encryption.
In the actual application process, the first fixed password is determined for negotiation, and only the mobile server and the second terminal are aware of each other, so that the negotiation is performed before each task.
And step ten, the second terminal verifies whether the mobile server is legal or not, if so, the next step is that the mobile server is illegal, and if not, the exception processing is carried out, if so, the mobile server is terminated and reported.
Because of the large amount of data, digital signatures are not applicable, where the legitimacy is verified, token in the request header may be used to verify that the source of the data is legitimate.
And step eleven, the second terminal receives the encrypted data to determine the real encrypted data and stores the real encrypted data. Specifically, the second terminal uses the first fixed password to decrypt, and determines and stores the real encrypted data set by software according to a first set rule marked between the mobile server and the second terminal.
And step twelve, the mobile server packages the keys in the step eight to obtain a package key group, encrypts the package key group, the second terminal serial number and the task time by using the second fixed password, and sends the package key group, the second terminal serial number and the task time to the first terminal.
In practical application, the second fixed password is determined for negotiation, and only the mobile server and the first terminal are known, and updated before each task.
And thirteenth, the first terminal decrypts and checks whether the data source is legal. Specifically, the first terminal verifies the validity of the mobile server, and if so, the next step is to be performed; if not, the mobile server does not respond and reports the abnormal situation of the mobile server.
Because of the large amount of data, digital signatures are not applicable, where the legitimacy is verified, token in the request header may be used to verify that the source of the data is legitimate.
And fourteen, the first terminal uses the second fixed password to decrypt, stores the packing key group, the second terminal serial number and the task time, and generates a key list to be sent.
Fifteen, the first terminal uses the third fixed password to encrypt the to-be-sent key group in a packing mode, and sends the encrypted to-be-sent key group to the second terminal with the corresponding sequence number.
In practical application, the third fixed password is determined for negotiation, and only the first terminal and the second terminal are known, and updated before each task.
Step sixteen, the second terminal decrypts and checks whether the first terminal is legal or not, if so, the next step is to be executed; if not, the method does not respond, and performs exception handling, for example, reporting the first terminal exception condition.
Because of the large amount of data, digital signatures are not applicable, where legitimacy verification can be used with the token in the request header to verify the source of the data and that it is legal.
Seventeenth, the second terminal decrypts the third fixed password, determines the real key in the key group by using the software according to the second set rule of the mark between the mobile server and the second terminal, decrypts the real data group in the eleventh step by using the key, and obtains the required data (i.e., the real data).
The key used in the process of decrypting the data by the second terminal has uniqueness, namely the key is used once and then is invalid.
As shown in fig. 4, another data encryption transmission method provided by the present invention includes the following steps.
Step one, the second terminal collects information (task data).
And step two, processing task data (namely original data) by using software to obtain a plurality of groups (for example 9 groups) of confusion data.
And thirdly, encrypting the data, generating a secret key, and marking the encrypted data. Specifically, the real data and the confusion in the second step are respectively encrypted to obtain encrypted real data and encrypted confusion data, the corresponding real key and confusion key, and the encrypted data is marked according to a third set rule.
The third setting rule is for specifying a mark position of the real data and a mark position of the mix-up data, marks of each set of data being different from each other, and determining a specific mark position of the task data. The third set of rules for data is known only to the second terminal and the mobile server, updated before each task.
And step four, packaging the encrypted data after the encryption marking, and encrypting and sending to the mobile server. Specifically, the second terminal packages the encrypted data in the third step, and encrypts and sends the encrypted data to the mobile server by using the fourth fixed password.
In practical application, the fourth fixed password is determined for negotiation, and is only known between the mobile server and the second terminal, and updated before each task.
And fifthly, decrypting and verifying whether the second east segment is legal. Specifically, the mobile server decrypts and verifies the validity of the second terminal, if the second terminal is legal, the next step is illegal, and the second terminal is terminated.
And step six, the mobile server uses the fourth fixed password to decrypt, and determines and stores the true encrypted data according to the third setting rule of the data.
And step seven, the second terminal marks the secret key. Specifically, the second terminal marks the key according to the fourth set rule to distinguish the true key from the mixed key.
The rule four is used for defining the marking position of the real key and the marking position of the confusing key, wherein the marking position of the real key is a specific position, and the marking position of the confusing key is a different nonspecific position. The fourth set-up rule is known only to the second terminal and the mobile server, updated before each task.
And step eight, the second terminal packs the key group, encrypts the packing key group and the second terminal serial number, and sends the first terminal. Specifically, the second terminal packages the key set in the step seven to obtain a packaged key set, encrypts the packaged key set and the second terminal serial number by using a fifth fixed password, and sends the packaged key set and the second terminal serial number to the first terminal.
In practical application, the fifth fixed password is determined for negotiation, and only the first terminal and the second terminal are known, and updated before each task.
And step nine, the first terminal detects whether the second terminal is legal or not, if yes, the next step is performed, and if not, the exception handling is performed.
And step ten, the first terminal packages the key group and the second terminal serial number, encrypts and sends the key group and the second terminal serial number to the mobile server. Specifically, the first terminal uses the fifth fixed password to decrypt, generates a to-be-transmitted key list, wherein the to-be-transmitted key list comprises a packing key group and a second terminal serial number, packs the to-be-transmitted key list, uses the sixth fixed password to encrypt, and sends the to the mobile server.
In practical applications, the sixth fixed password is determined for negotiation, and is only known between the first terminal and the mobile server, and updated before each task.
Step eleven, the mobile server decrypts and verifies whether the first terminal is legal, if so, the next step is to terminate if not.
And step twelve, the mobile server determines the real key, stores the key and the second terminal serial number, and generates a key list. Specifically, the mobile server uses the sixth fixed password to decrypt, determines the real key according to the fourth set rule of the key, and combines the serial number of the second terminal to generate a key list.
Step thirteen, the mobile server decrypts the data and uploads the data to the central server. Specifically, the mobile server decrypts by using the real key, acquires the original information and uploads the original information to the central server.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.
Claims (9)
1. The data encryption transmission method is characterized by being realized based on a mobile space-based system; the mobile space-based system comprises a first terminal, a second terminal, a mobile server and a central server; the first terminal and the second terminal perform data interaction with the mobile server through a mobile communication technology; the mobile server performs data interaction with the central server; the first terminal is used for generating a scheduling instruction; the second terminal is used for completing data receiving; the data encryption transmission method comprises the following steps:
encrypting the task request by using the public key of the mobile server to obtain an encrypted task request; the encryption of the task request is completed in the first terminal; the content of the task request comprises a second terminal serial number and a task serial number;
decrypting by using a private key of the mobile server, and verifying the validity of the first terminal by adopting a digital signature to obtain a first verification result; the verification process is completed in the mobile server;
when the first verification result is illegal, the first verification result is not responded;
when the first verification result is legal, comparing the decrypted task request with data in the database to obtain a comparison result;
when the comparison result shows that the task scope of the task request belongs to the database, requesting data from a central server according to the task serial number;
when the comparison result is that the task range of the task request does not belong to the database, the mobile server confirms whether information is wrongly sent to the first terminal, and a confirmation result is obtained;
when the confirmation result is the error information, the first terminal resends the task decryption request;
when the confirmation result is that the information is not wrongly sent, the mobile server requests data from the central server according to the task serial number;
storing the data returned by the central server and taking the data as real data;
cutting and reorganizing the real data to obtain confusion data;
encrypting the real data and the confusion data to generate a real key and a confusion key respectively, marking the encrypted real data and confusion data according to a first set rule, and marking the real key and the confusion key according to a second set rule;
the first setting rule and the second setting rule respectively define a marking position, and define a certain position as a specific marking position, and the marking position is used for distinguishing real data, confusing data, a real key and a confusing key;
packaging the marked mixed encrypted data and the marked real encrypted data to obtain packaged data, encrypting the packaged data by using a first fixed password and then sending the encrypted data to a corresponding second terminal;
verifying the validity of the mobile server by adopting a token in the request header to obtain a second verification result;
when the second verification result is illegal, the second verification result is not responded;
when the second verification result is legal, the second terminal decrypts according to the negotiated first fixed password, determines real encrypted data according to a first set rule and stores the real encrypted data;
the mobile server packs the marked confusion encryption key and the real encryption key to obtain a packing key, encrypts a second terminal serial number and task time in packing data corresponding to the packing key and the packing key by using a second fixed password to obtain encrypted data and sends the encrypted data to the first terminal;
verifying the validity of the mobile server by adopting a token in the request header to obtain a third verification result;
when the third verification result is illegal, the third verification result is not responded;
when the third verification result is legal, decrypting according to the second fixed password to generate a to-be-sent key list; the key list to be sent comprises a packing key, a second terminal serial number and task time;
encrypting the packing key in the key list to be sent by using a third fixed password, sending the encrypted packing key to a second terminal corresponding to the serial number of the second terminal in the key list to be sent, and verifying the legitimacy of the first terminal by adopting a token in a request header by the second terminal to obtain a fourth verification result;
when the fourth verification result is legal, decrypting by using a third fixed password, determining a real key according to a second set rule, and decrypting the real encrypted data by using the real key to obtain real data;
and when the fourth verification result is illegal, not responding.
2. The data encryption transmission method according to claim 1, wherein the encryption technology used in the process of encrypting the task request using the mobile server public key to obtain the encrypted task request is an asymmetric encryption technology.
3. The data encryption transmission method according to claim 1, wherein the encryption technique used in encrypting the real data and the obfuscated data is a symmetric encryption technique.
4. The data encryption transmission method according to claim 1, wherein the flag position of the mix-up data is different from the flag position of the task data, and the flag position of each mix-up data is also different.
5. The data encryption transmission method according to claim 1, wherein the first fixed password, the second fixed password and the third fixed password are all determined by negotiation, and one task corresponds to one negotiation result.
6. The data encryption transmission method is characterized by being realized based on a mobile space-based system; the mobile space-based system comprises a first terminal, a second terminal, a mobile server and a central server; the first terminal and the second terminal perform data interaction with the mobile server through a mobile communication technology; the mobile server performs data interaction with the central server; the first terminal is used for generating a scheduling instruction, and the second terminal is used for completing data acquisition; the data encryption transmission method comprises the following steps:
collecting task data and obtaining confusion data based on the task data;
encrypting task data and confusion data, and obtaining a real key and a confusion key;
marking the encrypted task data and the encrypted confusion data according to a third setting rule, and marking the real key and the confusion key according to a fourth setting rule;
the encrypted task data after being packaged and marked and the encrypted confusion data after being marked are encrypted by using a fourth fixed password and are sent to the mobile server;
verifying the legitimacy of the second terminal by adopting a token in the request header to obtain a fifth verification result;
when the fifth verification result is illegal, the method does not respond;
when the fifth verification result is legal, the mobile server uses a fourth fixed password to decrypt, and determines and stores real encryption task data according to a third set rule;
packing the marked real key and the confusion key to obtain a packing key group, encrypting the packing key group and the corresponding second terminal serial number by using a fifth fixed password, and transmitting the packing key group and the corresponding second terminal serial number to the first terminal;
verifying the legitimacy of the second terminal by adopting a token in the request header to obtain a sixth verification result;
when the sixth verification result is illegal, terminating the operation;
when the sixth verification result is legal, decrypting by using a fifth fixed password to generate a to-be-sent key list; the key list to be sent comprises a packing key and a second terminal serial number;
packing a to-be-sent key list and encrypting and sending the to-be-sent key list to the mobile server by using a sixth fixed password;
verifying the validity of the first terminal by adopting a token in the request header to obtain a seventh verification result;
when the seventh verification result is illegal, terminating the operation;
and when the seventh verification result is legal, decrypting by using a sixth fixed password, determining a real key according to a fourth set rule, and decrypting corresponding to the serial number of the second terminal to obtain real task data.
7. The data encryption transmission method according to claim 6, wherein the encryption technique used in encrypting the real data and the obfuscated data is a symmetric encryption technique.
8. The data encryption transmission method according to claim 6, wherein the flag position of the mix-up data is different from the flag position of the task data, and the flag position of each mix-up data is also different.
9. The data encryption transmission method according to claim 6, wherein the fourth fixed password, the fifth fixed password and the sixth fixed password are all determined by negotiation, and a task corresponds to a negotiation result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311811164.8A CN117479151B (en) | 2023-12-27 | 2023-12-27 | Data encryption transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311811164.8A CN117479151B (en) | 2023-12-27 | 2023-12-27 | Data encryption transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117479151A true CN117479151A (en) | 2024-01-30 |
| CN117479151B CN117479151B (en) | 2024-03-12 |
Family
ID=89627811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311811164.8A Active CN117479151B (en) | 2023-12-27 | 2023-12-27 | Data encryption transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117479151B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010091565A1 (en) * | 2009-02-12 | 2010-08-19 | Liu Haiyun | Random encryption method in need of using exhaustive method decryption |
| CN110932851A (en) * | 2019-11-29 | 2020-03-27 | 四川省数字证书认证管理中心有限公司 | PKI-based multi-party cooperative operation key protection method |
| CN114124572A (en) * | 2021-12-07 | 2022-03-01 | 建信金融科技有限责任公司 | Data transmission method, device, equipment and medium based on unidirectional network |
-
2023
- 2023-12-27 CN CN202311811164.8A patent/CN117479151B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010091565A1 (en) * | 2009-02-12 | 2010-08-19 | Liu Haiyun | Random encryption method in need of using exhaustive method decryption |
| CN102013980A (en) * | 2009-05-06 | 2011-04-13 | 刘海云 | Random encryption method for decrypting by adopting exhaustion method |
| CN110932851A (en) * | 2019-11-29 | 2020-03-27 | 四川省数字证书认证管理中心有限公司 | PKI-based multi-party cooperative operation key protection method |
| CN114124572A (en) * | 2021-12-07 | 2022-03-01 | 建信金融科技有限责任公司 | Data transmission method, device, equipment and medium based on unidirectional network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117479151B (en) | 2024-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835752B (en) | Lightweight authentication method based on equipment identity and gateway | |
| CN109559122A (en) | Block chain data transmission method and block chain data transmission system | |
| US11914754B2 (en) | Cryptographic method for verifying data | |
| CN108683647B (en) | Data transmission method based on multiple encryption | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN111614621B (en) | Internet of things communication method and system | |
| US20200351100A1 (en) | Cryptographic method for verifying data | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN104811427A (en) | Secure industrial control system communication method | |
| CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
| CN116886288A (en) | Quantum session key distribution method and device | |
| WO2022135391A1 (en) | Identity authentication method and apparatus, and storage medium, program and program product | |
| KR20010047563A (en) | Public key based mutual authentication method in wireless communication system | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
| CN114142995A (en) | Key secure distribution method and device for block chain relay communication network | |
| US8782406B2 (en) | Secure digital communications | |
| CN112948896A (en) | Signature information verification method and information signature method | |
| CN117479151B (en) | Data encryption transmission method | |
| CN110995671A (en) | Communication method and system | |
| CN112995140B (en) | Safety management system and method | |
| CN112437436B (en) | Identity authentication method and device | |
| CN112019351B (en) | Mobile terminal information interaction method based on SDKey | |
| CN113572755A (en) | Intelligent media terminal data secure transmission method | |
| US20050108528A1 (en) | Computer network and method for transmitting and authenticating data in the computer network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Data Encryption Transmission Method Granted publication date: 20240312 Pledgee: China CITIC Bank Corporation Limited Beijing Branch Pledgor: SUNKAISENS(Beijing)TECHNOLOGY Ltd. Registration number: Y2024110000135 |