CN117527206A

CN117527206A - Data security encryption method, system and readable storage medium

Info

Publication number: CN117527206A
Application number: CN202311404513.4A
Authority: CN
Inventors: 郭鑫; 潘志双
Original assignee: Shanghai Hanwei Technology Co ltd
Current assignee: Shanghai Hanwei Technology Co ltd
Priority date: 2023-10-26
Filing date: 2023-10-26
Publication date: 2024-02-06

Abstract

A data security encryption method, system and readable storage medium, the method includes: negotiating a current key using a key exchange protocol technique; transmitting current encryption transmission information, and updating a current key according to a preset key updating rule; after updating the current key, decrypting the current encryption reply information according to the current key to obtain current reply information, and updating the numerical value N of the information counting parameter to be N+1; updating the current key according to a preset key updating rule, determining the next piece of transmission information as current information, and executing the step of transmitting the current encrypted transmission information; determining the next piece of encryption reply information as current encryption reply information, and executing the step that the first information interaction device updates the current key according to a preset key updating rule; the method improves the security of data and the forward security by resetting the value N of the information count parameter, performing the step of negotiating the current key using a key exchange protocol technique.

Description

Data security encryption method, system and readable storage medium

Technical Field

The present disclosure relates to the field of data security technologies, and in particular, to a data security encryption method, system, and readable storage medium.

Background

In daily life and work in modern society, transmission and exchange of data have been permeated into various aspects including information interaction between two devices, for example, communication between smart home devices, data exchange between a mobile phone and a server, information transmission between a vehicle and an infrastructure in the internet of vehicles, etc., in which security and confidentiality of data are critical, and for this reason, various data encryption methods are widely used.

In the related art, a static key encryption mode is generally adopted, that is, when a first information interaction device and a second information interaction device communicate, a shared key is determined through a key exchange protocol, and then in the subsequent communication process, information is encrypted and decrypted by using the key.

However, this technique has a significant drawback of lacking forward security, in that if the static key is compromised at some future point in time, all data encrypted using this key, whether in the past, present or future, may be decrypted by an attacker, in other words, once the key is compromised, the attacker can obtain all the communication information, and the security of the data is thus severely compromised.

Disclosure of Invention

The application provides a data security encryption method, a data security encryption system and a readable storage medium, which are used for improving the security and forward security of data.

In a first aspect, the present application provides a data security encryption method, including: the first information interaction device negotiates a current key with the second information interaction device by using a key exchange protocol technology under the condition that the first information interaction device detects the current transmission information input by a user; the method comprises the following steps of taking current sending information, current encryption reply information and current secret key as loop variables, and executing the following steps: the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key, and the value N of the information counting parameter is updated to be N+1; under the condition that the first information interaction device receives the current encryption reply information sent by the second information interaction device, the first information interaction device updates the current key according to a preset key updating rule; after updating the current key, the first information interaction device decrypts the current encryption reply information according to the current key to obtain current reply information, and updates the value N of the information counting parameter to be N+1; under the condition that the first information interaction device detects the next piece of sending information input by a user, the first information interaction device updates the current key according to a preset key updating rule, determines the next piece of sending information as the current information, and executes the step that the first information interaction device sends the current encrypted sending information to the second information interaction device; under the condition that the first information interaction device receives the next piece of encryption reply information sent by the second information interaction device, the first information interaction device determines the next piece of encryption reply information as current encryption reply information, and the first information interaction device updates the current key according to a preset key updating rule; and under the condition that the value N of the information counting parameter exceeds a preset counting threshold, the first information interaction device resets the value N of the information counting parameter and executes the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

In the above embodiment, by updating the key after each information interaction, each sending information and each reply information have independent security assurance, even if the key at a certain time point is revealed, only the sending information and the reply information after the time point are affected, but not the sending information and the reply information before the time point are affected, so that the safety and the forward safety of data are improved, and meanwhile, when the value of the information counting parameter exceeds the preset threshold, the information counting parameter and the current key are reset. Further, only the transmission information and the reply information after the time point and before the reset are affected, so that the influence is reduced. In addition, by generating the next key from the previous key, the need to store and manage a large number of keys can be avoided, thereby reducing the complexity of key management.

With reference to some embodiments of the first aspect, in some embodiments, the first information interaction device sends current encrypted sending information to the second information interaction device, so that the second information interaction device decrypts the current encrypted sending information according to the current key to obtain current sending information, the current encrypted sending information is obtained by the first information interaction device encrypting the current sending information according to the current key, and after updating the value N of the information counting parameter to n+1, the method further includes: the first information interaction device determines the next piece of sending information as current information under the condition that the first information interaction device detects the next piece of sending information input by a user and does not receive the current encryption reply information sent by the second information interaction device; the first information interaction device updates the current key according to a preset key updating rule; after updating the current key, the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key; the first information interaction device updates the value N of the information counting parameter to be N+1.

In the above embodiment, under the condition that the reply information of the second information interaction device is not received, the first information interaction device can still send new sending information, so that data transmission can be more effectively performed in various network environments and is not influenced by lack or delay of the reply information, and therefore flexibility and efficiency of information interaction are remarkably improved.

With reference to some embodiments of the first aspect, in some embodiments, in a case that the first information interaction device receives the current encrypted reply message sent by the second information interaction device, after the first information interaction device updates the current key according to the preset key update rule, the method further includes: the first information interaction device determines the next piece of encryption reply information as current encryption reply information under the condition that the first information interaction device does not detect the next piece of transmission information input by a user and receives the next piece of encryption reply information transmitted by the second information interaction device; the first information interaction device updates the current key according to a preset key updating rule; after updating the current key, the first information interaction device decrypts the current encrypted reply information according to the current key to obtain current reply information; the first information interaction device updates the value N of the information counting parameter to be N+1.

In the above embodiment, the first information interaction device is capable of receiving and processing a plurality of pieces of encrypted reply information from the second information interaction device even without new input information, and the design enables the information interaction process to process a large amount of reply information more flexibly without waiting for the user to input information, so that flexibility and response speed of information processing are improved significantly.

With reference to some embodiments of the first aspect, in some embodiments, the first information interaction device sends current encrypted sending information to the second information interaction device, so that the second information interaction device decrypts the current encrypted sending information according to the current key to obtain current sending information, the current encrypted sending information is obtained by the first information interaction device encrypting the current sending information according to the current key, and after updating the value N of the information counting parameter to n+1, the method further includes: the first information interaction device determines the next piece of sending information as current information under the condition that the first information interaction device detects the next piece of sending information input by a user and does not receive the current encryption reply information sent by the second information interaction device; the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key; the first information interaction device updates the value N of the information counting parameter to be N+1.

In the above embodiment, in the case that the reply information of the second information interaction device is not received, the first information interaction device may still transmit new transmission information, so that data transmission may be performed more effectively in various network environments and is not affected by the lack or delay of the reply information, so that flexibility and efficiency of information interaction are significantly improved, and efficiency of information transfer is improved, especially in the case of processing a large amount of transmission information.

With reference to some embodiments of the first aspect, in some embodiments, in a case that the first information interaction device receives the current encrypted reply message sent by the second information interaction device, after the first information interaction device updates the current key according to the preset key update rule, the method further includes: the first information interaction device determines the next piece of encryption reply information as current encryption reply information under the condition that the first information interaction device does not detect the next piece of transmission information input by a user and receives the next piece of encryption reply information transmitted by the second information interaction device; the first information interaction device decrypts the current encryption reply information according to the current key to obtain current reply information; the first information interaction device updates the value N of the information counting parameter to be N+1.

In the above embodiment, the first information interaction device is capable of receiving and processing a plurality of pieces of encrypted reply information from the second information interaction device even without new input information, and this design allows the information interaction process to process a large amount of reply information more flexibly without waiting for the user to input information, so that flexibility and response speed of information processing are significantly improved, and efficiency of information transfer is improved, particularly in the case of processing a large amount of reply information.

With reference to some embodiments of the first aspect, in some embodiments, in a case where the value N of the information count parameter exceeds a preset count threshold, the first information interaction device resets the value N of the information count parameter, and after performing the step of negotiating the current key by the first information interaction device and the second information interaction device using the key exchange protocol technology, the method further includes: and under the condition that the first information interaction device judges that the communication time of the first information interaction device and the second information interaction device is larger than the time threshold, resetting the numerical value N of the information counting parameter and the communication time, and executing the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

In the embodiment, by introducing the time threshold, the security risk caused by the conversation period without interaction for a long time can be prevented, so that the security and the reliability of the data security encryption method are improved.

With reference to some embodiments of the first aspect, in some embodiments, when detecting current transmission information input by a user, the first information interaction device negotiates a current key with the second information interaction device by using a key exchange protocol technology, and specifically includes: the first information interaction device and the second information interaction device jointly select one key in the key bank as a current key under the condition that the current sending information input by the user is detected.

In the above embodiment, the first information interaction device and the second information interaction device may negotiate to obtain a new secret key on the premise that they do not have a secret key generation technology, so as to provide an effective dynamic key selection mechanism, and may perform key replacement according to the actual requirement of information interaction.

In a second aspect, the present application provides a data security encryption system, the data security encryption system including a first information interaction device and a second information interaction device, the first information interaction device including:

The negotiation module is used for negotiating a current key with the second information interaction equipment by using a key exchange protocol technology under the condition that the current transmission information input by the user is detected;

the loop variable determining module is used for circularly executing the following steps from the current sending information, the current encryption reply information and the current key as loop variables:

the first sending module is used for sending current encryption sending information to the second information interaction equipment, enabling the second information interaction equipment to decrypt the current encryption sending information according to the current key to obtain current sending information, enabling the current encryption sending information to be obtained by encrypting the current sending information according to the current key, and updating the numerical value N of the information counting parameter to be N+1;

the first updating module is used for updating the current key according to a preset key updating rule under the condition that the current encryption reply information sent by the second information interaction device is received;

the first decryption module is used for decrypting the current encryption reply information according to the current key to obtain the current reply information after updating the current key, and updating the numerical value N of the information counting parameter to be N+1;

the first circulation module is used for updating the current key according to a preset key updating rule under the condition that the next piece of sending information input by the user is detected, determining the next piece of sending information as the current information, and executing the step of sending the current encrypted sending information to the second information interaction equipment;

The second circulation module is used for determining the next piece of encryption reply information as the current encryption reply information under the condition of receiving the next piece of encryption reply information sent by the second information interaction equipment, and executing the step of updating the current key according to the preset key updating rule;

and the third circulation module is used for resetting the numerical value N of the information counting parameter under the condition that the numerical value N of the information counting parameter exceeds a preset counting threshold value, and executing the step of negotiating the current key with the second information interaction equipment by using a key exchange protocol technology.

With reference to some embodiments of the second aspect, in some embodiments, the first information interaction device further includes:

the first determining module is used for determining the next piece of sending information as current information under the condition that the next piece of sending information input by a user is detected and the current encryption reply information sent by the second information interaction device is not received;

the second updating module is used for updating the current key according to a preset key updating rule;

the second sending module is used for sending current encryption sending information to the second information interaction equipment after updating the current key, so that the second information interaction equipment decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by encrypting the current sending information according to the current key;

And the third updating module is used for updating the numerical value N of the information counting parameter to be N+1.

the second determining module is used for determining the next piece of encryption reply information as the current encryption reply information under the condition that the next piece of transmission information input by the user is not detected and the next piece of encryption reply information transmitted by the second information interaction equipment is received;

a fourth updating module, configured to update the current key according to a preset key updating rule;

the second decryption module is used for decrypting the current encryption reply information according to the current key to obtain the current reply information after updating the current key;

the fifth updating module updates the value N of the information counting parameter to be N+1.

the third determining module is used for determining the next piece of sending information as current information under the condition that the next piece of sending information input by the user is detected and the current encryption reply information sent by the second information interaction device is not received;

the third sending module is used for sending current encryption sending information to the second information interaction equipment, so that the second information interaction equipment decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by encrypting the current sending information according to the current key;

And a sixth updating module, configured to update the value N of the information count parameter to n+1.

a fourth determining module, configured to determine, when the next piece of transmission information input by the user is not detected and the next piece of encrypted reply information sent by the second information interaction device is received, the next piece of encrypted reply information as current encrypted reply information;

the third decryption module is used for decrypting the current encryption reply information according to the current key to obtain the current reply information;

and a seventh updating module, configured to update the value N of the information count parameter to n+1.

and the fourth circulation module is used for resetting the numerical value N of the information counting parameter and the communication time under the condition that the communication time with the second information interaction equipment is larger than the time threshold value, and executing the step of negotiating the current key with the second information interaction equipment by using the key exchange protocol technology.

With reference to some embodiments of the second aspect, in some embodiments, the negotiation module specifically includes:

And the selecting sub-module is used for jointly selecting a key in the key bank as the current key with the second information interaction device under the condition that the current transmission information input by the user is detected.

In a third aspect, embodiments of the present application provide a data security encryption system, including: one or more processors and memory;

the memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that the one or more processors call to cause the data security encryption system to perform the method as described in the first aspect and any one of the possible implementations of the first aspect.

In a fourth aspect, embodiments of the present application provide a computer program product comprising instructions which, when run on a server, cause the server to perform a method as described in the first aspect and any possible implementation of the first aspect.

In a fifth aspect, embodiments of the present application provide a computer-readable storage medium comprising instructions that, when executed on a server, cause the server to perform a method as described in the first aspect and any possible implementation of the first aspect.

It will be appreciated that the data security encryption system provided in the second aspect, the data security encryption system provided in the third aspect, the computer program product provided in the fourth aspect, and the computer storage medium provided in the fifth aspect are all configured to perform the data security encryption method provided in the embodiments of the present application. Therefore, the advantages achieved by the method can be referred to as the advantages of the corresponding method, and will not be described herein.

One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:

1. according to the data security encryption method, the key is updated after each information interaction, so that each piece of sent information and each piece of reply information have independent security assurance, even if the key at a certain time point is leaked, the sent information and the reply information at the time point are only affected, and the prior sent information and reply information are not affected, therefore, the data security and the forward security are improved, and meanwhile, when the numerical value of the information counting parameter exceeds a preset threshold, the information counting parameter and the current key are reset. Further, only the transmission information and the reply information after the time point and before the reset are affected, so that the influence is reduced. In addition, by generating the next key from the previous key, the need to store and manage a large number of keys can be avoided, thereby reducing the complexity of key management. .

2. According to the data security encryption method, under the condition that the reply information of the second information interaction device is not received, the first information interaction device can still send new sending information, so that data transmission can be effectively carried out in various network environments without being influenced by lack or delay of the reply information, and therefore flexibility and efficiency of information interaction are remarkably improved.

3. According to the data security encryption method, even if no new input information exists, the first information interaction device can receive and process multiple pieces of encrypted reply information from the second information interaction device, the information interaction process can process a large amount of reply information more flexibly, waiting for the user to input information is not needed, and therefore flexibility and response speed of information processing are improved remarkably.

Drawings

Fig. 1 is a schematic diagram of an information interaction scenario of a data security encryption system provided in the present application.

Fig. 2 is a schematic flow chart of a data security encryption method provided in the present application.

Fig. 3 is another flow chart of the data security encryption method provided in the present application.

Fig. 4 is another flow chart of the data security encryption method provided in the present application.

Fig. 5 is another flow chart of the data security encryption method provided in the present application.

Fig. 6 is a schematic diagram of a modular virtual device of the data security encryption system provided in the present application.

Fig. 7 is a schematic diagram of an entity device of the data security encryption system provided in the present application.

Detailed Description

The terminology used in the following embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification and the appended claims, the singular forms "a", "an", and "the" include plural referents unless the context clearly dictates otherwise. It will also be understood that the terms and/or expressions used in this application are intended to encompass any and all possible combinations of one or more of the listed items.

The terms first and second are used in the following description only and should not be construed to imply or imply relative importance or the indicated number of technical features. Thus, a feature defining a first or second may explicitly or implicitly include one or more such feature, and in the description of embodiments of the present application, plural means two or more unless otherwise indicated.

Referring to fig. 1, fig. 1 is a schematic diagram of an information interaction scenario of a data security encryption system provided in the present application; the data security encryption system comprises: the system comprises a first information interaction device, a second information interaction device, a first security component and a second security component.

The following embodiments will be described by taking a mobile terminal as an example, and are not limited thereto.

The first information interaction device is responsible for detecting the sending information input by the user and sending the encrypted information to the second information interaction device. Meanwhile, the first information interaction device is also responsible for maintaining an information counting parameter for recording the amount of information sent and received, and in the actual use process, the first information interaction device can be a sender or a receiver, and for better understanding, the first information interaction device is defined as the sender, which is not limited herein.

The second information interaction device is in charge of detecting reply information input by a user and sending encrypted information to the first information interaction device. Meanwhile, the information counting parameter is also responsible for maintaining an information counting parameter for recording the quantity of transmitted and received information, and the second information interaction device can be a sender or a receiver in the actual use process, so that the second information interaction device is defined as a replier for better understanding, and the information counting parameter is not limited herein.

The first security component is a part of components for implementing a key exchange protocol technology in the first information interaction device and updating a current key and an information encryption and decryption function according to a preset key updating rule, so that the first security component is integrated in the first information interaction device for reducing complexity of a scheme, and is not limited herein.

The second security component is a part of components for implementing a key exchange protocol technology in the second information interaction device and updating the current key and the information encryption and decryption functions according to a preset key updating rule, so that the second security component is integrated in the second information interaction device for reducing the complexity of the scheme, and is not limited herein.

The following describes a data security encryption method in this embodiment:

It should be noted that, for ease of understanding, fig. 3 is provided on the basis of fig. 2, and the steps in fig. 3 are further explained for the steps in fig. 2;

S201, under the condition that the first information interaction device detects the current sending information input by the user, the first information interaction device negotiates a current key with the second information interaction device by using a key exchange protocol technology.

In a case where the first transmission information input by the user is detected, corresponding to step S201, S301, the first information interaction device negotiates a first key using a key exchange protocol technique.

The key exchange protocol may be a generally recognized secure protocol in which the first information interaction device and the second information interaction device exchange public keys with each other and use their own private keys and the other's public key to calculate a shared key, which is the current key, that will be used for subsequent encryption and decryption of information.

In other embodiments, the first information interaction device and the second information interaction device together select a key as the current key in a keystore, which is a set comprising a plurality of predefined keys, which may be randomly generated or generated according to an algorithm, in which each key has a unique identifier, such that the first information interaction device and the second information interaction device can select and reference the key via the identifier.

Therefore, the first information interaction device and the second information interaction device can negotiate to acquire a new secret key on the premise that the secret key generation technology is not provided, so that an effective dynamic secret key selection mechanism is provided, and secret key replacement can be performed according to the actual requirement of information interaction.

S202, taking the current transmission information, the current encryption reply information and the current secret key as loop variables, and executing the following steps in a loop.

S203, the first information interaction device sends current encryption sending information to the second information interaction device, and the numerical value N of the information counting parameter is updated to be N+1.

Corresponding to step S203, S302, the first information interaction device encrypts the first transmission information according to the first key to obtain first encrypted transmission information.

S303, the first information interaction device sends the first encrypted sending information.

S304, the second information interaction device decrypts the first encrypted transmission information by using the first key to obtain first transmission information

The information count parameter is used to record the amount of information transmitted and received.

The first transmission information or the current transmission information, which is the information that the current user wants to transmit, may be a text message, a picture, or any other data that can be transmitted by the electronic device. Both the first and the current prefix refer to the information that the user is attempting to send at the current point in time.

The first encryption transmission information or the current encryption transmission information is the result of encryption processing of the current transmission information, and encryption is used for protecting the security of the information and preventing the information from being stolen or tampered in the transmission process. Both the first and the current prefix refer to this being the encrypted information that the user is attempting to send at the current point in time.

The first key or the current key: this is the key used to encrypt the currently transmitted information, and encryption typically requires a key that is used to convert the original information into encrypted information, and only those who have the same key can restore the encrypted information to the original information, both the first and current prefixes referring to the key used to encrypt the information at the current point in time.

Therefore, when speaking the first transmitted information, i.e. the current transmitted information, the first encrypted transmitted information, i.e. the current encrypted transmitted information, and the first key, i.e. the current key, are the information being processed or used, the encrypted information and the key at a particular point in time, these first and current prefixes do not differ in nature, but describe the same thing from different angles (or different dimensions).

The second, third, etc. of the following embodiments are also substantially the same, and will not be described in detail.

In addition, in step S301 to step S304, the first information interaction is expressed, that is, the first information interaction device sends information to the second information interaction device.

S204, under the condition that the first information interaction device receives the current encryption reply information sent by the second information interaction device, the first information interaction device updates the current key according to a preset key updating rule.

Corresponding to step S204, in the case that the first reply information input by the user is detected, S305, the second information interaction device updates the first key according to the preset key updating rule to obtain the second key.

S306, the second information interaction device encrypts the first reply information according to the second key to obtain first encrypted reply information.

S307, the second information interaction device sends the first encryption reply information.

The preset key update rule may be a simple rule, such as performing some operation on the current key and a constant to obtain a new key.

In addition, in step S305 to step S309, the second information interaction is expressed, that is, the second information interaction device sends information to the first information interaction device.

S205, after updating the current key, the first information interaction device decrypts the current encryption reply information according to the current key to obtain the current reply information, and updates the numerical value N of the information counting parameter to be N+1.

Corresponding to step S205, S308, the first information interaction device updates the first key according to the preset key update rule to obtain the second key.

S309, decrypting the first encrypted reply message by using the second key to obtain the first reply message.

It should be noted that, the second information interaction device and the first information interaction device update the rule and the same initial key (first key) with the same preset key, so that the second key obtained by them is the same, and the updated key after such pushing is the same.

S206, under the condition that the first information interaction device detects the next piece of sending information input by the user, the first information interaction device updates the current key according to the preset key updating rule, determines the next piece of sending information as the current information, and executes the step that the first information interaction device sends the current encrypted sending information to the second information interaction device.

S310, the first information interaction device updates the second key according to a preset key updating rule to obtain a third key.

S311, the first information interaction device encrypts the second sending information according to the third key to obtain second sending reply information.

S312, the first information interaction device sends the second encrypted sending information.

S313, updating the second key according to the preset key updating rule to obtain a third key.

S314, decrypting the second encrypted transmission information by using the third key to obtain second transmission information.

S310 to S314 are similar to the implementation principle of S305 to S309, except that the change of the main body is performed, and the specific implementation steps are not limited herein with reference to S305 to S309.

In addition, in step S310 to step S314, a third information interaction is expressed, that is, the first information interaction device sends information to the second information interaction device.

S207, under the condition that the first information interaction device receives the next piece of encryption reply information sent by the second information interaction device, the first information interaction device determines the next piece of encryption reply information as current encryption reply information, and the first information interaction device executes the step of updating the current key according to the preset key updating rule.

And S208, under the condition that the value N of the information counting parameter exceeds a preset counting threshold, the first information interaction device resets the value N of the information counting parameter and executes the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

In the case that the value N of the information count parameter exceeds the preset count threshold, corresponding to step S205, S315 resets the value N of the information count parameter.

In the case that the value N of the information counting parameter exceeds the preset counting threshold, the first information interaction device resets the value N of the information counting parameter, and after executing the step of negotiating the current key by the first information interaction device and the second information interaction device using the key exchange protocol technology, the method further includes:

and under the condition that the first information interaction device judges that the communication time of the first information interaction device and the second information interaction device is larger than the time threshold, resetting the numerical value N of the information counting parameter and the communication time, and executing the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

Therefore, by introducing the time threshold, the security risk caused by the conversation period without interaction for a long time can be prevented, so that the security and the reliability of the data security encryption method are improved.

Therefore, by updating the key after each information interaction, each sent information and reply information have independent security assurance, even if the key at a certain time point is leaked, only the sent information and reply information after the time point are affected, but the prior sent information and reply information are not affected, so that the safety and forward safety of data are improved, and meanwhile, when the numerical value of the information counting parameter exceeds a preset threshold, the information counting parameter and the current key are reset. Further, only the transmission information and the reply information after the time point and before the reset are affected, so that the influence is reduced. In addition, by generating the next key from the previous key, the need to store and manage a large number of keys can be avoided, thereby reducing the complexity of key management.

The above-described embodiments improve the security and forward security of data, but in actual use, the communication of the information interaction devices is not always alternated, for example, the first information interaction device may send new information when no reply information of the second information interaction device is received, or even in the absence of new user input information, the first information interaction device may be able to receive and process multiple pieces of encrypted reply information from the second information interaction device, in order to solve these problems, we will take two possible solutions as an example, and describe in more detail the embodiments of the present application in connection with the embodiment shown in fig. 4:

In the first method, each piece of transmission information in the session is regarded as an independent individual, and referring to fig. 4, fig. 4 is another flow diagram of the data security encryption method provided in the present application.

S401, when the first information interaction device detects the next piece of sending information input by the user and does not receive the current encryption reply information sent by the second information interaction device, the first information interaction device determines the next piece of sending information as current information.

I.e. the first information interaction device may send new information when no reply message from the second information interaction device is received.

S402, the first information interaction device updates the current key according to a preset key updating rule.

The steps adopted in this embodiment are the same as those adopted in the above embodiment, and the specific implementation process is shown in step S204.

S403, after updating the current key, the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key.

S404, the first information interaction device updates the numerical value N of the information counting parameter to be N+1.

S405, under the condition that the first information interaction device does not detect the next piece of transmitted information input by the user and receives the next piece of encrypted reply information transmitted by the second information interaction device, the first information interaction device determines the next piece of encrypted reply information as the current encrypted reply information.

I.e. the first information interaction device is also able to receive and process pieces of encrypted reply information from the second information interaction device without new user input information.

S406, the first information interaction device updates the current key according to a preset key updating rule.

The steps adopted in this embodiment are the same as those adopted in the above embodiment, and the specific implementation process is shown in step S206.

And S407, after updating the current key, the first information interaction device decrypts the current encrypted reply information according to the current key to obtain the current reply information.

S408, the first information interaction device updates the numerical value N of the information counting parameter to be N+1.

Therefore, under the condition that the reply information of the second information interaction device is not received, the first information interaction device can still send new sending information, so that data transmission can be more effectively carried out in various network environments and is not influenced by lack or delay of the reply information, and therefore flexibility and efficiency of information interaction are remarkably improved.

It can be seen that the first information interaction device is capable of receiving and processing a plurality of pieces of encrypted reply information from the second information interaction device even without new input information, and the design allows the information interaction process to process a large amount of reply information more flexibly without waiting for the user to input information, so that flexibility and response speed of information processing are remarkably improved.

The second method regards all transmitted messages in the session, for which no reply message is received, as a whole, they will use the same key.

501. And the first information interaction device determines the next piece of sending information as current information under the condition that the first information interaction device detects the next piece of sending information input by the user and does not receive the current encryption reply information sent by the second information interaction device.

502. The first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key.

The last transmitted information and the own transmitted information are encrypted by adopting the same secret key.

503. The first information interaction device updates the value N of the information counting parameter to be N+1.

503. And the first information interaction device determines the next piece of encryption reply information as the current encryption reply information under the condition that the first information interaction device does not detect the next piece of transmission information input by the user and receives the next piece of encryption reply information transmitted by the second information interaction device.

504. The first information interaction device decrypts the current encrypted reply information according to the current key to obtain the current reply information.

The last reply message and the last reply message are decrypted by adopting the same secret key.

505. The first information interaction device updates the value N of the information counting parameter to be N+1.

It can be seen that, under the condition that the reply information of the second information interaction device is not received, the first information interaction device can still send new sending information, so that data transmission can be more effectively performed under various network environments and is not influenced by lack or delay of the reply information, and therefore flexibility and efficiency of information interaction are remarkably improved, and meanwhile information transmission efficiency is improved, particularly under the condition that a large amount of sending information is processed.

It can be seen that the first information interaction device is capable of receiving and processing a plurality of pieces of encrypted reply information from the second information interaction device even without new input information, and the design allows the information interaction process to process a large amount of reply information more flexibly without waiting for the user to input information, so that flexibility and response speed of information processing are remarkably improved, and efficiency of information transfer is improved, particularly in the case of processing a large amount of reply information.

The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.

Referring to fig. 6, the present application provides a data security encryption system, the data security encryption system including a first information interaction device and a second information interaction device, the first information interaction device including:

a negotiation module 601, configured to negotiate a current key with the second information interaction device using a key exchange protocol technology when detecting current transmission information input by a user;

the loop variable determining module 602 is configured to loop the following steps from the current transmission information, the current encryption reply information, and the current key as loop variables:

a first sending module 603, configured to send current encrypted sending information to the second information interaction device, so that the second information interaction device decrypts the current encrypted sending information according to the current key to obtain current sending information, where the current encrypted sending information is obtained by encrypting the current sending information according to the current key, and updates the value N of the information counting parameter to n+1;

the first updating module 604 is configured to update the current key according to a preset key updating rule when receiving the current encryption reply message sent by the second information interaction device;

the first decryption module 605 is configured to decrypt the current encrypted reply message according to the current key to obtain the current reply message after updating the current key, and update the value N of the information count parameter to n+1;

A first round robin module 606, configured to, when detecting a next piece of transmission information input by a user, update a current key according to a preset key update rule, determine the next piece of transmission information as current information, and perform a step of transmitting the current encrypted transmission information to the second information interaction device;

the second round module 607 is configured to determine, when receiving the next encrypted reply message sent by the second information interaction device, the next encrypted reply message as the current encrypted reply message, and perform a step of updating the current key according to a preset key updating rule;

a third loop module 608, configured to reset the value N of the information count parameter if the value N of the information count parameter exceeds the preset count threshold, and perform a step of negotiating a current key with the second information interaction device using a key exchange protocol technology.

In some embodiments, further comprising:

In some embodiments, the negotiation module specifically includes:

The application also discloses a data security encryption system. Referring to fig. 7, a schematic diagram of an entity device of the data security encryption system provided in the present application is shown. The information interaction device 700 may include: at least one processor 701, at least one network interface 704, a user interface 703, a memory 705, at least one communication bus 702.

Wherein the communication bus 702 is used to enable connected communications between these components.

The user interface 703 may include a Display screen (Display), a Camera (Camera), and the optional user interface 703 may further include a standard wired interface, and a wireless interface.

The network interface 704 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.

Wherein the processor 701 may include one or more processing cores. The processor 701 connects various portions of the overall server using various interfaces and lines, performs various functions of the server and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 705, and invoking data stored in the memory 705. Alternatively, the processor 701 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 701 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 701 and may be implemented by a single chip.

The Memory 705 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 705 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 705 may be used to store instructions, programs, code, sets of codes, or instruction sets. The memory 705 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described above, etc.; the storage data area may store data or the like involved in the above respective method embodiments. The memory 705 may also optionally be at least one storage device located remotely from the processor 701. Referring to fig. 7, an operating system, a network communication module, a user interface module, and an application program for data security encryption may be included in the memory 705, which is a type of computer storage medium.

In the information interaction device 700 shown in fig. 7, the user interface 703 is mainly used for providing an input interface for a user, and acquiring data input by the user; and processor 701 may be configured to invoke application programs for secure encryption of data stored in memory 705, which when executed by one or more processors 701, cause information-interaction device 700 to perform the methods as described in one or more of the embodiments above. It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, such as a division of units, merely a division of logic functions, and there may be additional divisions in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some service interface, device or unit indirect coupling or communication connection, electrical or otherwise.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned memory includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a magnetic disk or an optical disk.

The foregoing is merely exemplary embodiments of the present disclosure and is not intended to limit the scope of the present disclosure. That is, equivalent changes and modifications are contemplated by the teachings of this disclosure, which fall within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure.

This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a scope and spirit of the disclosure being indicated by the claims.

Claims

1. A method for secure encryption of data, the method comprising:

under the condition that the first information interaction device detects the current sending information input by a user, the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology;

the method comprises the following steps of taking current sending information, current encryption reply information and current secret key as loop variables, and executing the following steps:

the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to a current key to obtain current sending information, the current encryption sending information is obtained by the first information interaction device according to the current key encryption of the current sending information, and the numerical value N of the information counting parameter is updated to be N+1;

Under the condition that the first information interaction device receives the current encryption reply information sent by the second information interaction device, the first information interaction device updates a current key according to a preset key updating rule;

after updating the current key, the first information interaction device decrypts the current encryption reply information according to the current key to obtain current reply information, and updates the numerical value N of the information counting parameter to be N+1;

under the condition that the first information interaction device detects the next piece of sending information input by a user, the first information interaction device updates a current key according to a preset key updating rule, determines the next piece of sending information as current information, and executes the step that the first information interaction device sends the current encrypted sending information to the second information interaction device;

the first information interaction device determines the next piece of encryption reply information as current encryption reply information under the condition that the first information interaction device receives the next piece of encryption reply information sent by the second information interaction device, and the first information interaction device executes the step of updating the current key according to a preset key updating rule;

And under the condition that the value N of the information counting parameter exceeds a preset counting threshold, the first information interaction device resets the value N of the information counting parameter and executes the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

2. The data security encryption method according to claim 1, wherein the first information interaction device sends current encryption transmission information to the second information interaction device, so that the second information interaction device decrypts the current encryption transmission information according to a current key to obtain current transmission information, the current encryption transmission information is obtained by the first information interaction device encrypting the current transmission information according to the current key, and after updating the value N of the information count parameter to n+1, the method further comprises:

the first information interaction device determines the next piece of sending information as current information when the next piece of sending information input by a user is detected and the current encryption reply information sent by the second information interaction device is not received;

the first information interaction device updates a current key according to a preset key updating rule;

After updating the current key, the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to the current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key;

and the first information interaction equipment updates the numerical value N of the information counting parameter to be N+1.

3. The method for securely encrypting data according to claim 2, wherein in the case that the first information interaction device receives the current encrypted reply message sent by the second information interaction device, the first information interaction device updates the current key according to a preset key update rule, the method further comprises:

the first information interaction device determines the next encrypted reply information as the current encrypted reply information under the condition that the first information interaction device does not detect the next transmitted information input by a user and receives the next encrypted reply information transmitted by the second information interaction device;

After updating the current key, the first information interaction device decrypts the current encrypted reply information according to the current key to obtain current reply information;

4. The data security encryption method according to claim 1, wherein the first information interaction device sends current encryption transmission information to the second information interaction device, so that the second information interaction device decrypts the current encryption transmission information according to a current key to obtain current transmission information, the current encryption transmission information is obtained by the first information interaction device encrypting the current transmission information according to the current key, and after updating the value N of the information count parameter to n+1, the method further comprises:

the first information interaction device sends current encryption sending information to the second information interaction device, so that the second information interaction device decrypts the current encryption sending information according to a current key to obtain current sending information, and the current encryption sending information is obtained by the first information interaction device encrypting the current sending information according to the current key;

5. The method for securely encrypting data according to claim 4, wherein in the case that the first information interaction device receives the current encrypted reply message sent by the second information interaction device, the first information interaction device updates the current key according to a preset key update rule, the method further comprises:

the first information interaction device decrypts the current encryption reply information according to the current key to obtain current reply information;

6. The data security encryption method according to claim 1, wherein the first information interaction device resets the value N of the information counting parameter in case the value N of the information counting parameter exceeds a preset counting threshold, and after performing the step of negotiating a current key by the first information interaction device and the second information interaction device using a key exchange protocol technique, the method further comprises:

And under the condition that the first information interaction device judges that the communication time of the first information interaction device and the second information interaction device is larger than a time threshold, resetting the numerical value N of the information counting parameter and the communication time, and executing the step that the first information interaction device and the second information interaction device negotiate a current key by using a key exchange protocol technology.

7. The data security encryption method according to claim 1, wherein the first information interaction device negotiates a current key with the second information interaction device using a key exchange protocol technology in case that the current transmission information inputted by the user is detected, specifically comprising:

and under the condition that the first information interaction device detects the current transmitted information input by the user, the first information interaction device and the second information interaction device jointly select one key in the key bank as the current key.

8. A data security encryption system comprising a first information interaction device and a second information interaction device, the first information interaction device comprising:

the first circulation module is used for updating the current key according to a preset key updating rule under the condition that the next piece of sending information input by a user is detected, determining the next piece of sending information as the current information, and executing the step of sending the current encrypted sending information to the second information interaction equipment;

The second circulation module is used for determining the next piece of encryption reply information as the current encryption reply information under the condition of receiving the next piece of encryption reply information sent by the second information interaction device, and executing the step of updating the current key according to a preset key updating rule;

9. A data security encryption system, comprising: one or more processors and memory;

the memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that the one or more processors invoke to cause the data security encryption system to perform the method of any of claims 1-7.

10. A computer readable storage medium comprising instructions which, when run on a data security encryption system, cause the data security encryption system to perform the method of any one of claims 1-7.