WO2007071140A1 - A method for transmitting data securely - Google Patents

A method for transmitting data securely Download PDF

Info

Publication number
WO2007071140A1
WO2007071140A1 PCT/CN2006/002417 CN2006002417W WO2007071140A1 WO 2007071140 A1 WO2007071140 A1 WO 2007071140A1 CN 2006002417 W CN2006002417 W CN 2006002417W WO 2007071140 A1 WO2007071140 A1 WO 2007071140A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encrypted
needs
hexadecimal
encryption
Prior art date
Application number
PCT/CN2006/002417
Other languages
French (fr)
Chinese (zh)
Inventor
Yuemin Qi
Wenbin Hu
Jintan Wu
Jingwen Xu
Original Assignee
China Unionpay
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay filed Critical China Unionpay
Publication of WO2007071140A1 publication Critical patent/WO2007071140A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to the field of security, and more particularly to a method for secure transmission of data.
  • Network security solutions can be divided into two categories: one is a passive defense scheme represented by firewall technology, and the other is an active open scheme centered on data encryption and user authorization authentication.
  • Passive security solutions can only passively protect corporate intranet security and have special requirements for the topology of the network.
  • the active open solution based on data encryption and user authentication does not require any network structure, and can directly protect the source data to achieve end-to-end security.
  • In a proactive and open approach only designated users or network devices can interpret the force. Confidential data, no doubt, encryption is at the heart of this type of solution.
  • Encryption technology is a technique for encoding and decoding information. The encoding is to translate the original readable information (also known as plaintext) into a code form (also known as ciphertext), and the reverse process is decoding (decryption).
  • the transmitting end sends data to the receiving end
  • the data is usually encrypted by using various encryption algorithms, and the receiving end uses the corresponding decryption algorithm for decryption.
  • the receiving end uses the corresponding decryption algorithm for decryption.
  • the possibility of a compromise in the data transmission process there is also the possibility of leaking at the transmitting end and the receiving end.
  • the way of making payment transactions on the Internet has gradually been accepted by the public. If a user uses a public computer for online payment, it is easy to leave a record on the public computer, such as a card number or a personal password.
  • each card issuer when transmitting various important data in the bank's local area network, for example, each card issuer periodically transmits a VIP file containing a VIP (very important person) account to UnionPay, although The VIP file is connected to the UnionPay's dedicated line through the card issuer, and in order to facilitate the receiver to correctly parse the file content, all the fields in the VIP file are displayed with visible characters. If the VIP account is directly placed in the VIP file as a visible character, Increase the possibility of leaks. In particular, the card issuer and UnionPay are usually a relatively complicated LAN. The VIP account is transmitted directly as visible characters with a low safety factor. Therefore, in addition to strengthening internal encryption management, it is necessary to reduce the leakage of important data (such as VIP accounts) from a technical level.
  • VIP very important person
  • the present invention discloses a method for data security transmission, including: (1) The transmitting end converts the data that needs to be encrypted first into an ASCII code, and then converts each character in the ASCII code into a corresponding hexadecimal number. (2) The transmitting end encrypts the data block containing the encrypted data block and sends it; (3) the receiving end decrypts the received data first, and then follows the steps corresponding to step (1). Decoding the heavily encrypted data block to obtain data that requires emphasis on encryption.
  • step (2) encryption is performed using a double length or a single long encryption algorithm.
  • Step (1) The encrypted data block includes the length of the data to be emphasized.
  • the data to be encrypted is an Internet payment password, and in step (2), the encryption key of the PIN is used for encryption, and in step (3), the corresponding decryption key is used for decryption.
  • the invention discloses another method for data security transmission, comprising: (1) the transmitting end converts the data that needs to be encrypted first into hexadecimal, and forms a fixed-format encrypted data block; (2) the transmitting end will contain emphasis. The data of the encrypted data block is encrypted and sent; (3) The receiving end decrypts the received data first, and then decodes the heavily encrypted data block according to the step corresponding to step (1) to obtain data that needs to be encrypted.
  • step (2) encryption is performed by using a double length or a single long encryption algorithm.
  • Step (2) further includes: inverting each byte of the invisible character obtained by encrypting the double-length encryption algorithm
  • the system converts two hexadecimal numbers, converts two hexadecimal numbers into visible ASCII code, or converts the binary number of each byte of all data obtained by encrypting the double-length encryption algorithm. Converts two hexadecimal numbers to visible ASCII code for two hexadecimal digits.
  • the step (2) further includes: generating an encryption key by using a key generation method of the file check code, and sending, by the sender, the encryption key to the receiving end.
  • the method for secure transmission of data disclosed by the invention includes: (1) the transmitting end converts the original data that needs to be encrypted with emphasis into a unified encoding; (2) the transmitting end encrypts and transmits the data including the unified encoding; (3) the receiving end The received data is decrypted first, and then the unified encoded data is decoded according to the step corresponding to the step (1), and the original data that needs to be encrypted is obtained.
  • the conversion of the original data into a unified code is specifically: converting the original data that needs to be encrypted first into an ASCII code, and then converting each character in the ASCII code into a corresponding hexadecimal, forming a fixed-format encrypted data block; or The data that needs to be encrypted is first converted into hexadecimal, which constitutes a fixed-format cryptographic data block.
  • the encrypted internal code is transmitted inside the local area network instead of the original data that needs to be encrypted.
  • the invention also discloses a method for file transmission in a local area network, wherein the file includes account data represented by a digital number, and the following steps are included:
  • the sender converts the account data that needs to be encrypted in the file into hexadecimal data, and forms a fixed-format encrypted data block;
  • the sender converts the binary number in each byte of the encrypted data into two hexadecimal numbers, and converts the two hexadecimal numbers into a visible ASCII code form;
  • the sender sends a file containing account data converted into ASCII code
  • the receiving end converts the account data in the form of ASCII code according to the reverse step corresponding to step (4), and then decrypts the converted data, and then decodes the decrypted data according to the reverse step corresponding to step (1). Get raw data that needs to be encrypted.
  • the transmitting end encrypts important data into another visible character, and then needs to send the data including the visible character.
  • the receiving end first decrypts the received data, and then converts the visible characters into important data by using the corresponding decryption method, thereby reducing the chance of leaking at the transmitting end and the receiving end, and improving data security.
  • the transmitting end and the receiving end are local area networks, the encrypted characters are transmitted inside the transmitting end and the receiving end, instead of the original data that needs to be encrypted, to ensure the reliability of the data.
  • FIG. 1 is a flow chart of a method for secure transmission of data disclosed by the present invention
  • FIG. 2 is a flow chart of an embodiment of data security transmission according to the present invention
  • FIG. 3 is a flow chart of another embodiment of data secure transmission of the present invention.
  • the core of the present invention is that after the transmitting end uniformly encodes important data into another visible character, the data to be transmitted including the visible character is encrypted and transmitted, and the receiving end first decrypts the received data. And then use the corresponding decryption method to convert the visible characters into important data.
  • the transmitting end is a local area network
  • the original important data is immediately encoded into other visible characters for display, and the data transmitted inside the local area network is the encoded visible character instead of the original important data.
  • the receiving end is a local area network
  • the encoded visible characters are obtained instead of the original important data.
  • the data transmitted over the LAN is the encoded visible character rather than the original important data.
  • FIG. 1 is a flow chart of a method for data secure transmission disclosed by the present invention. it includes:
  • S110 The sending end uniformly encodes the original data that needs to be encrypted.
  • S120 The sending end encrypts the data including the unified encoding and sends the data
  • S130 The receiving end first decrypts the received data, and then decrypts the unified encoded data according to the step corresponding to step S110 to obtain original data that needs to be encrypted.
  • step S110 the transmitting end displays the original data that needs to be encrypted intensively into other visible characters.
  • the user terminal inputs important data such as a personal account number and a network payment password or a card number and a personal password on a public computer, but the public computer displays other encoded visible characters, which cannot be directly obtained even if the criminals peek around. This raw data improves security.
  • the transmitting end is a local area network
  • the receiving terminal that receives the original important data can directly encode the original important data into other visible characters, and then add other visible characters to the data to be sent, and then send the encrypted data to the encrypting machine, and the encryption machine encrypts the encrypted data. After transmission, the security of the transmission between the receiving terminal and the encryption machine is improved.
  • the encryption machine can also be integrated on the receiving terminal, so that the receiving terminal receives the original important data, and then directly converts it into a uniformly encoded visible character, and then adds the visible character to the data to be sent, and finally contains the visible character.
  • the data that needs to be sent is encrypted and sent, which also improves the security of data transmission.
  • the original data that needs to be encrypted is first converted into an ASCII code, and then each character in the ASCII code is converted into a corresponding hexadecimal, which constitutes a fixed-format encrypted data block, and the emphasized encrypted data block is a visible character;
  • the data that needs to be encrypted is first converted into a hexadecimal, which constitutes a fixed-format encrypted data block, and the emphasized encrypted data block is a visible character.
  • the data containing the visible characters is encrypted, and the encryption algorithm used is very much, such as the DES algorithm.
  • the encryption algorithm used is a well-known technology, and will not be described here.
  • the receiving end first decrypts the received data according to the corresponding decryption algorithm, and then inversely converts the visible character into the original data that needs to be encrypted in accordance with the corresponding conversion manner. If the receiving end is a local area network, the encoded visible characters are transmitted inside the receiving end instead of the original data that needs to be encrypted.
  • the invention is illustrated below in two specific embodiments.
  • FIG. 2 is a flowchart of a data security transmission embodiment of the present invention, including:
  • S210 The sender converts the data that needs to be encrypted first into ASCII code, and then converts each character in the ASCII code into a corresponding hexadecimal code to form a fixed-format encrypted data block;
  • S220 The sending end encrypts the data including the encrypted data block and sends the data.
  • S230 The receiving end decrypts the received data first, and then decrypts the emphasized encrypted data block according to the step corresponding to step S210 to obtain data that needs to be encrypted. .
  • the encrypted data block includes the length of the data to be emphasized.
  • the encrypted data block is added to the data to be sent at the agreed position of the sender and the receiver, so that the receiver can perform correct decryption.
  • the way in which payment transactions are conducted on the Internet has been accepted by more and more people. Since the function of the Internet payment password is very similar to the personal identification code, in order to reduce the organizational changes, the algorithm should be designed as close as possible to the personal identification code.
  • the website of the card issuing institution or the intermediary service provider such as UnionPay is popping up the page and the user needs to input the payment password, the website can uniformly encode the received payment password into other visible characters in the following manner.
  • the payment password can be composed of numbers, characters or other symbols, just because the character password can be composed of such a large number of characters, it is necessary to find an encoding rule that can fully identify them in order to uniformly convert it into a coding form recognizable by the encryption machine. Otherwise, the conversion method will be complicated, which is not conducive to machine implementation.
  • the encoding rule that applies to the cartridge is ASCII. Therefore, the payment password can be converted to ASCII code.
  • N is the length of the payment password (8 - bit)
  • P is the character of the 8-bit binary internet payment password.
  • the ASCII code converted into each payment password has the fixed format of Table 2.
  • A2 Convert each character in the ASCII code to the corresponding hexadecimal number and re-encrypt the data block.
  • the payment password Since the payment password is a plain text display, it needs to be converted to ASCII first and then converted to a hexadecimal number, as shown in Table 3.
  • the length of the two characters is preceded by a total of
  • the payment cipher block is composed into a file or a packet, and the file or packet is encrypted.
  • the encryption key uses the PIN encryption key.
  • the encryption algorithm uses a double-length encryption algorithm or a single-length encryption algorithm depending on whether the key is double or single.
  • the decryption of the receiving end is an inverse process of decryption by the transmitting end, which is omitted here.
  • FIG. 3 is a flowchart of another data security transmission disclosed by the present invention. it includes:
  • S310 The sending end converts the data that needs to be encrypted first into hexadecimal, and forms a cryptographic data block in a fixed format
  • S320 The sending end encrypts the data including the encrypted data block and sends the data.
  • S330 The receiving end decrypts the received data first, and then decrypts the heavily encrypted data block according to the step corresponding to step S310, and obtains data that needs to be encrypted. .
  • step S320 the double-length encryption algorithm is used to encrypt the data to be sent. And it also includes: Converting the binary number of each byte of the invisible characters obtained by encrypting the double-length encryption algorithm into two hexadecimal numbers, and converting the two hexadecimal numbers into visible ASCII codes.
  • a VIP file is a data file developed by each bank for information about its important customers (ie, very pricey cardholders).
  • the VIP file includes the VIP number of the VIP customer, and under each corresponding card number, sets the important information of each cardholder in the corresponding card number.
  • VIP documents need to be updated regularly.
  • each bank will periodically send VIP files to UnionPay or other qualified merchants.
  • the card number of each VIP client in the VIP file is encrypted. Therefore, the important information in the VIP file is the card number of the VIP client, as long as The content is encrypted, even if the VIP file is stolen. Therefore, for To prevent the VIP client card number from being stolen, it is necessary to encrypt the VIP card number during the transmission.
  • the encryption algorithm for designing the VIP account master account is as follows:
  • the main account is composed of numbers. Since the card numbers are directly composed of numbers, they can be directly converted to hexadecimal. There is no need for an intermediate transition of ASCII, which is different from the Internet payment password. Therefore, it designs the structure of the encrypted data block to be similar to the format of the online PIN, but the length of the primary account is much larger than the online PIN, so it is still different in the specific implementation, and the format is as follows:
  • N is the length of the VIPPAN (4 - bit)
  • P/F is 4-bit binary VIPPAN digital /FILLER
  • F is 4-bit % B 1111 ( FILLER )
  • VIPPAN VIP main account character
  • VIPPAN BLOCK is:
  • the encryption key is generated by a key generation method similar to the file calibration code. Each time the file is generated, the encryption key is randomly generated at the same time (the generation of the key is also different from that of the Internet, here every time Randomly generated, this is in consideration of how the file is maintained by the key.
  • the key of the Internet is stored in advance and will not change for a certain period of time, and is stored in a special section of the VIP file. After receiving the VIP file, the receiver first takes out the key and then uses the key to decrypt the VIP primary account ciphertext. In order to ensure the security of the data, the key used is a mega-long key, and the calculation algorithm used is a double-length encryption algorithm.
  • the VIP primary account ciphertext calculated by the mega-long encryption algorithm is actually only 16 bytes, and most of them are invisible characters.
  • a binary representation to an ASCII code representation is also required, that is, Each byte first converts the 8-bit binary number into two 4-bit hexadecimal numbers, and then converts each 4-bit hexadecimal number to its corresponding 8 bits. Bit ASCII code, eventually available in file and screen Displayed on.
  • the process of decrypting the received file by the receiving end is the reverse process of the foregoing process, and the description of the device is as follows:
  • the receiving end first converts the account data in the form of ASCII code according to the reverse step corresponding to step (4);
  • the decrypted data is decoded according to the inverse step corresponding to step (1), and the original data that needs to be encrypted is obtained.

Abstract

A method for transmitting data securely includes the steps of: (1) transmitter uniformly encoding the original data that need to be encrypted importantly; (2) transmitter encrypting the encoded data and then transmitting the encrypted data; (3) receiver decrypting the received data, and then decoding the encoded data according to the corresponding step of step (1), restoring the original data that need to be encrypted importantly. That uniformly encoding the original data specifically is: firstly converting the original data that need to be encrypted importantly into ASCII code, and then converting each symbol in ASCII code into corresponding hexadecimal symbol, and forming into encrypted data block in fixed format; or firstly converting the data that need to be encrypted importantly into hexadecimal symbol, and forming into encrypted data block in fixed format.

Description

数据安全传输的方法 技术领域 本发明涉及安全领域, 尤其涉及数据安全传输的方法。  TECHNICAL FIELD The present invention relates to the field of security, and more particularly to a method for secure transmission of data.
背景技术 网络安全解决方案可以分为两大类:一类是以防火墙技术为代表 的被动防卫型方案, 另一类是以数据加密、 用户授权认证为核心的主 动开放型方案。 被动型安全解决方案只能被动地保护企业内部网安 全, 并且对网络的拓朴结构有特殊要求。 以数据加密和用户认证为基 础的主动开放型方案对网络结构不作任何要求,就能直接对源数据进 行主动保护, 实现端到端的安全。 在主动开放型方案中, 只有指定的 用户或网络设备才能够解译力。密数据, 毫无疑问, 加密技术是这类解 决方案的核心。 加密技术是对信息进行编码和解码的技术, 编码是把 原来可读信息 (又称明文)译成代码形式(又称密文), 其逆过程就 是解码 (解密)。 BACKGROUND OF THE INVENTION Network security solutions can be divided into two categories: one is a passive defense scheme represented by firewall technology, and the other is an active open scheme centered on data encryption and user authorization authentication. Passive security solutions can only passively protect corporate intranet security and have special requirements for the topology of the network. The active open solution based on data encryption and user authentication does not require any network structure, and can directly protect the source data to achieve end-to-end security. In a proactive and open approach, only designated users or network devices can interpret the force. Confidential data, no doubt, encryption is at the heart of this type of solution. Encryption technology is a technique for encoding and decoding information. The encoding is to translate the original readable information (also known as plaintext) into a code form (also known as ciphertext), and the reverse process is decoding (decryption).
为了尽量减少不法分子在数据传输过程中获得数据,在发送端向 接收端发送数据时, 通常先将数据利用各种加密算法进行加密, 接收 端采用对应的解密算法进行解密。但是, 除了在数据传输过程存在泄 密的可能外, 在发送端和接收端同样存在泄密的可能性。 比如, 个人 支付渠道拓展后,在互联网上进行支付交易的方式已渐渐被大众所接 受。 若用户使用公用计算机进行网上支付, 则很容易在公用计算机上 留下记录, 如卡号、 个人密码。 即使用户预先建立个人账号、 网络支 付密码与卡号、 个人密码建立的对应关系, 则用户可利用个人帐号和 网络支付密码进行网上支付,但在公用计算机上照样有可能留下个人 账号和网络支付密码。 很显然, 该些信息被不法分子获得后, 会给客 户带来经济上的损失。  In order to minimize the data obtained by the criminals in the data transmission process, when the transmitting end sends data to the receiving end, the data is usually encrypted by using various encryption algorithms, and the receiving end uses the corresponding decryption algorithm for decryption. However, in addition to the possibility of a compromise in the data transmission process, there is also the possibility of leaking at the transmitting end and the receiving end. For example, after the expansion of personal payment channels, the way of making payment transactions on the Internet has gradually been accepted by the public. If a user uses a public computer for online payment, it is easy to leave a record on the public computer, such as a card number or a personal password. Even if the user pre-establishes the correspondence between the personal account number, the network payment password and the card number, and the personal password, the user can use the personal account and the network payment password to make online payment, but on the public computer, it is possible to leave the personal account and the network payment password. . Obviously, after the information is obtained by the criminals, it will bring economic losses to the customers.
同样, 在银行局域网内传输各样重要数据时, 如各家发卡机构定 期向银联传送包含 VIP(very important person )账号的 VIP文件, 虽然 VIP文件是通过发卡机构与银联的专线进行连接, 并且为便于接收方 正确解析文件内容, VIP文件内的所有字段都是用可见字符显示, 若 将 VIP账号作为可见字符直接放置在 VIP文件中, 提高泄密的可能。 特别是发卡机构、 银联内部通常是一个较为复杂的局域网, 将 VIP 账号直接作为可见字符传输, 安全系数低。 因此, 除了加强内部加密 管理夕卜,还需要从技术层面上降低重要数据 (如 VIP账号)的泄密可能。 Similarly, when transmitting various important data in the bank's local area network, for example, each card issuer periodically transmits a VIP file containing a VIP (very important person) account to UnionPay, although The VIP file is connected to the UnionPay's dedicated line through the card issuer, and in order to facilitate the receiver to correctly parse the file content, all the fields in the VIP file are displayed with visible characters. If the VIP account is directly placed in the VIP file as a visible character, Increase the possibility of leaks. In particular, the card issuer and UnionPay are usually a relatively complicated LAN. The VIP account is transmitted directly as visible characters with a low safety factor. Therefore, in addition to strengthening internal encryption management, it is necessary to reduce the leakage of important data (such as VIP accounts) from a technical level.
也就是说, 现有技术在数据传输过程中, 除了防止数据传输过程 中被窃取外, 还需加强发送端和接收端的数据的安全性。  That is to say, in the prior art, in the data transmission process, in addition to preventing theft in the data transmission process, it is necessary to strengthen the security of the data of the transmitting end and the receiving end.
发明内容 Summary of the invention
本发明的目的在于提供一种数据安全传输的方法,以解决现有技 术中需提高发送端和接收端的数据安全性的技术问题。  It is an object of the present invention to provide a method for secure transmission of data to solve the technical problem of improving the data security of the transmitting end and the receiving end in the prior art.
相应地, 本发明公开了一种数据安全传输的方法, 包括: (1)发送 端将需要着重加密的数据先转换成 ASCII码, 再将 ASCII码中每个 字符转换成对应的十六进制, 組成固定格式的着重加密数据块; (2) 发送端将包含着重加密数据块的数据进行加密后发送;(3)接收端先解 密接收到的数据, 然后,按照步驟 (1)对应的步骤解码所述着重加密数 据块, 获得需要着重加密的数据。  Correspondingly, the present invention discloses a method for data security transmission, including: (1) The transmitting end converts the data that needs to be encrypted first into an ASCII code, and then converts each character in the ASCII code into a corresponding hexadecimal number. (2) The transmitting end encrypts the data block containing the encrypted data block and sends it; (3) the receiving end decrypts the received data first, and then follows the steps corresponding to step (1). Decoding the heavily encrypted data block to obtain data that requires emphasis on encryption.
步驟 (2)中采用双倍长或单倍长的加密算法进行加密。 步骤 (1)所 述加密数据块中包括所述需要着重加密数据的长度。所述需要加密的 数据为互联网支付密码, 并且, 步驟 (2)中采用 PIN的加密密钥进行 加密, 步骤 (3)中采用对应的解密密钥进行解密。  In step (2), encryption is performed using a double length or a single long encryption algorithm. Step (1) The encrypted data block includes the length of the data to be emphasized. The data to be encrypted is an Internet payment password, and in step (2), the encryption key of the PIN is used for encryption, and in step (3), the corresponding decryption key is used for decryption.
本发明公开了另一种数据安全传输的方法, 包括: (1)发送端将 需要着重加密的数据先转换成 16进制, 组成固定格式的着重加密数 据块; (2)发送端将包含着重加密数据块的数据进行加密后发送; (3) 接收端先解密接收到的数据,然后,按照步骤 (1)对应的步骤解码所述 着重加密数据块, 获得需要着重加密的数据。  The invention discloses another method for data security transmission, comprising: (1) the transmitting end converts the data that needs to be encrypted first into hexadecimal, and forms a fixed-format encrypted data block; (2) the transmitting end will contain emphasis. The data of the encrypted data block is encrypted and sent; (3) The receiving end decrypts the received data first, and then decodes the heavily encrypted data block according to the step corresponding to step (1) to obtain data that needs to be encrypted.
步骤 (2)中采用双倍长或单倍长的加密算法进行加密。 步骤 (2)还 包括:将双倍长加密算法加密后得到的不可见字符中每个字节的二进 制数转换为两个十六进制, 再将两个十六进制数转换为可见的 ASCII 码, 或者, 将双倍长加密算法加密后得到的所有数据的每个字节中二 进制数转换为两个十六进制, 再将两个十六进制数转换为可见的 ASCII码。 步骤 (2)还包括: 采用文件校验码的密钥生成方式生成加密 密钥, 并且, 发送端将加密密钥发送至接收端。 In step (2), encryption is performed by using a double length or a single long encryption algorithm. Step (2) further includes: inverting each byte of the invisible character obtained by encrypting the double-length encryption algorithm The system converts two hexadecimal numbers, converts two hexadecimal numbers into visible ASCII code, or converts the binary number of each byte of all data obtained by encrypting the double-length encryption algorithm. Converts two hexadecimal numbers to visible ASCII code for two hexadecimal digits. The step (2) further includes: generating an encryption key by using a key generation method of the file check code, and sending, by the sender, the encryption key to the receiving end.
本发明公开的数据安全传输的方法, 包括:(1)发送端将需要着重 加密的原始数据转换为统一编码;(2)发送端将包含统一编码的数据进 行加密后发送; (3)接收端先解密接收到的数据, 然后, 按照步骤 (1) 对应的步骤解码所述统一编码数据, 获得需要着重加密的原始数据。  The method for secure transmission of data disclosed by the invention includes: (1) the transmitting end converts the original data that needs to be encrypted with emphasis into a unified encoding; (2) the transmitting end encrypts and transmits the data including the unified encoding; (3) the receiving end The received data is decrypted first, and then the unified encoded data is decoded according to the step corresponding to the step (1), and the original data that needs to be encrypted is obtained.
原始数据转换为统一编码具体为:将需要着重加密的原始数据先 转换成 ASCII码, 再将 ASCII码中每个字符转换成对应的十六进制, 组成固定格式的着重加密数据块;或者将需要着重加密的数据先转换 成 16进制, 组成固定格式的着重加密数据块。  The conversion of the original data into a unified code is specifically: converting the original data that needs to be encrypted first into an ASCII code, and then converting each character in the ASCII code into a corresponding hexadecimal, forming a fixed-format encrypted data block; or The data that needs to be encrypted is first converted into hexadecimal, which constitutes a fixed-format cryptographic data block.
若发送端和接收端为一局域网,则在该局域网内部传输的是经加 密处理后的统一编码, 而非需要着重加密的原始数据。  If the sender and the receiver are a local area network, the encrypted internal code is transmitted inside the local area network instead of the original data that needs to be encrypted.
本发明还公开了一种局域网内文件传输的方法,所述文件中包括 釆用数字表示的帐号数据, 包括以下步骤:  The invention also discloses a method for file transmission in a local area network, wherein the file includes account data represented by a digital number, and the following steps are included:
( 1 )发送端将文件中需要着重加密的帐号数据转换为 16进制数 据, 组成固定格式的着重加密数据块;  (1) The sender converts the account data that needs to be encrypted in the file into hexadecimal data, and forms a fixed-format encrypted data block;
( 2 )发送端对包含着重加密数据块的数据进行加密;  (2) The sender encrypts the data containing the encrypted data block;
( 3 )发送端将加密后得到的数据的每个字节中二进制数转换为 两个十六进制, 再将两个十六进制数转换为可见的 ASCII码形式; (3) The sender converts the binary number in each byte of the encrypted data into two hexadecimal numbers, and converts the two hexadecimal numbers into a visible ASCII code form;
( 4 )发送端发送包含有转换为 ASCII码形式的帐号数据的文件;(4) The sender sends a file containing account data converted into ASCII code;
( 5 )接收端按照步驟( 4 )对应的逆步骤将 ASCII码形式的帐号 数据进行转换, 然后, 解密转换后的数据, 再按照步骤(1 )对应的 逆步骤解码所述解密后的数据, 获得需要着重加密的原始数据。 (5) The receiving end converts the account data in the form of ASCII code according to the reverse step corresponding to step (4), and then decrypts the converted data, and then decodes the decrypted data according to the reverse step corresponding to step (1). Get raw data that needs to be encrypted.
与现有技术相比, 本发明具有以下优点: 发送端将重要数据先进 行加密成另外的可见字符后,再将包含该可见字符的需要发送的数据 进行加密后发送, 同样, 接收端先解密接收到的数据, 再利用对应的 解密方式将该些可见字符转换成重要数据,可以降低发送端和接收端 泄密的机会,提高数据的安全性。另夕卜,若发送端和接收端为局域网, 在发送端和接收端内部传输的是经加密处理后的可见字符,而非需要 着重加密的原始数据, 保证数据的可靠性。 Compared with the prior art, the present invention has the following advantages: The transmitting end encrypts important data into another visible character, and then needs to send the data including the visible character. After the encryption is performed, the receiving end first decrypts the received data, and then converts the visible characters into important data by using the corresponding decryption method, thereby reducing the chance of leaking at the transmitting end and the receiving end, and improving data security. In addition, if the transmitting end and the receiving end are local area networks, the encrypted characters are transmitted inside the transmitting end and the receiving end, instead of the original data that needs to be encrypted, to ensure the reliability of the data.
附图说明 图 1是本发明公开的一种数据安全传输的方法的流程图; ' 图 2是本发明数据安全传输实施例的流程图; BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a flow chart of a method for secure transmission of data disclosed by the present invention; FIG. 2 is a flow chart of an embodiment of data security transmission according to the present invention;
图 3是为本发明数据安全传输另一实施例的流程图。  3 is a flow chart of another embodiment of data secure transmission of the present invention.
具体实施方式 以下结合附图, 具体说明本发明。 DETAILED DESCRIPTION OF THE INVENTION The present invention will be specifically described below with reference to the accompanying drawings.
考虑到接收方正确解析接收到的数据,很多场合需要将文件中所 有字段都须用可见字符进行显示,即使是加密内容也必须用可见字符 显示。 因此, 本发明的核心在于, 发送端将重要数据先进行统一编码 为另外的可见字符后,再将包含该可见字符的需要发送的数据进行加 密后发送, 同样, 接收端先解密接收到的数据, 再利用对应的解密方 式将该些可见字符转换成重要数据。 当发送端是一局域网的情况下, 在获得原始重要数据时立即统一编码成其它可见字符进行显示,在局 域网内部传输的数据是经编码的可见字符而非原始重要数据。当接收 端是一局域网的情况下,在解密接收到数据后获得的是编码后的可见 字符, 而非原始重要数据。 同样, 在局域网内传输的数据是编码后的 可见字符而非原始重要数据。通过上述处理, 能够保证数据传输的可 靠性, 特别是减少发送端和接收端直接泄密的机会, 提高数据传输的 安全性。  In view of the fact that the receiver correctly parses the received data, in many cases it is necessary to display all the fields in the file with visible characters, even if the encrypted content must be displayed with visible characters. Therefore, the core of the present invention is that after the transmitting end uniformly encodes important data into another visible character, the data to be transmitted including the visible character is encrypted and transmitted, and the receiving end first decrypts the received data. And then use the corresponding decryption method to convert the visible characters into important data. When the transmitting end is a local area network, the original important data is immediately encoded into other visible characters for display, and the data transmitted inside the local area network is the encoded visible character instead of the original important data. In the case where the receiving end is a local area network, after decrypting the received data, the encoded visible characters are obtained instead of the original important data. Similarly, the data transmitted over the LAN is the encoded visible character rather than the original important data. Through the above processing, the reliability of data transmission can be ensured, and in particular, the opportunity for direct leakage of the transmitting end and the receiving end can be reduced, and the security of data transmission can be improved.
请参阅图 1 , 其为本发明公开的一种数据安全传输的方法的流程 图。 它包括:  Please refer to FIG. 1 , which is a flow chart of a method for data secure transmission disclosed by the present invention. it includes:
S110: 发送端将需要着重加密的原始数据统一编码;  S110: The sending end uniformly encodes the original data that needs to be encrypted.
S120: 发送端将包含统一编码后的数据进行加密后发送; S130: 接收端先解密接收到的数据, 然后, 按照步驟 S110对应 的步骤解密所述统一编码数据, 获得需要着重加密的原始数据。 S120: The sending end encrypts the data including the unified encoding and sends the data; S130: The receiving end first decrypts the received data, and then decrypts the unified encoded data according to the step corresponding to step S110 to obtain original data that needs to be encrypted.
步驟 S110中发送端将需要着重加密的原始数据统一编码为其它 可见字符后显示。 比如, 用户终端在公众计算机上输入重要数据, 如 个人账号和网络支付密码或者卡号和个人密码,但是公众计算机上显 示的是经编码后的其它可见字符, 即使周遭不法分子偷窥, 也不能直 接获得该些原始数据, 提高了安全性。 另外, 若发送端是局域网时, 接收原始重要数据的接收终端可以直接将原始重要数据编码为其它 可见字符, 再将其它可见字符加入到需要发送的数据后发送至加密 机, 由加密机进行加密后发送,提高接收终端和加密机之间的传输的 安全性。 另外, 加密机也可以集成在接收终端上, 这样, 接收终端接 收原始重要数据, 再将之直接转换成统一编码后可见字符, 然后将可 见字符加入到需要发送的数据内,最后将包含可见字符的需要发送的 数据加密后发送, 同样也提高了数据传输的安全性。  In step S110, the transmitting end displays the original data that needs to be encrypted intensively into other visible characters. For example, the user terminal inputs important data such as a personal account number and a network payment password or a card number and a personal password on a public computer, but the public computer displays other encoded visible characters, which cannot be directly obtained even if the criminals peek around. This raw data improves security. In addition, if the transmitting end is a local area network, the receiving terminal that receives the original important data can directly encode the original important data into other visible characters, and then add other visible characters to the data to be sent, and then send the encrypted data to the encrypting machine, and the encryption machine encrypts the encrypted data. After transmission, the security of the transmission between the receiving terminal and the encryption machine is improved. In addition, the encryption machine can also be integrated on the receiving terminal, so that the receiving terminal receives the original important data, and then directly converts it into a uniformly encoded visible character, and then adds the visible character to the data to be sent, and finally contains the visible character. The data that needs to be sent is encrypted and sent, which also improves the security of data transmission.
原始数据转换为可见字符有很多的方式, 比如:  There are many ways to convert raw data into visible characters, such as:
将需要着重加密的原始数据先转换成 ASCII码, 再将 ASCII码 中每个字符转换成对应的十六进制, 组成固定格式的着重加密数据 块, 所述着重加密数据块即为可见字符; 或者  The original data that needs to be encrypted is first converted into an ASCII code, and then each character in the ASCII code is converted into a corresponding hexadecimal, which constitutes a fixed-format encrypted data block, and the emphasized encrypted data block is a visible character; Or
将需要着重加密的数据先转换成 16进制, 组成固定格式的着重 加密数据块, 所述着重加密数据块即为可见字符。  The data that needs to be encrypted is first converted into a hexadecimal, which constitutes a fixed-format encrypted data block, and the emphasized encrypted data block is a visible character.
上述公开的仅为本发明将原始数据转换为可见字符的几个实施 例, 便并非局限于此。  The above disclosure is only a few embodiments in which the present invention converts raw data into visible characters, and is not limited thereto.
将包含可见字符的数据进行加密, 采用的加密算法非常多, 比如 DES算法等, 由此采用的加密算法是公知技术, 在此不再赘述。  The data containing the visible characters is encrypted, and the encryption algorithm used is very much, such as the DES algorithm. The encryption algorithm used is a well-known technology, and will not be described here.
另外, 接收端先按照对应的解密算法解密接收到的数据, 再按照 对应的转换方式将所述可见字符逆转换为需要着重加密的原始数据。 若接收端为一局域网,则在接收端内部传输的是经编码处理后的可见 字符, 而非需要着重加密的原始数据。 以下以两个具体的实施例来说明本发明。 In addition, the receiving end first decrypts the received data according to the corresponding decryption algorithm, and then inversely converts the visible character into the original data that needs to be encrypted in accordance with the corresponding conversion manner. If the receiving end is a local area network, the encoded visible characters are transmitted inside the receiving end instead of the original data that needs to be encrypted. The invention is illustrated below in two specific embodiments.
请参阅图 2, 其为本发明数据安全传输实施例的流程图, 包括: Please refer to FIG. 2 , which is a flowchart of a data security transmission embodiment of the present invention, including:
S210: 发送端将需要着重加密的数据先转换成 ASCII码, 再将 ASCII码中每个字符转换成对应的十六进制 , 组成固定格式的着重加 密数据块; S210: The sender converts the data that needs to be encrypted first into ASCII code, and then converts each character in the ASCII code into a corresponding hexadecimal code to form a fixed-format encrypted data block;
S220: 发送端将包含着重加密数据块的数据进行加密后发送; S230: 接收端先解密接收到的数据, 然后, 按照步骤 S210对应 的步骤解密所述着重加密数据块, 获得需要着重加密的数据。  S220: The sending end encrypts the data including the encrypted data block and sends the data. S230: The receiving end decrypts the received data first, and then decrypts the emphasized encrypted data block according to the step corresponding to step S210 to obtain data that needs to be encrypted. .
所述加密数据块中包括所述需要着重加密数据的长度。加密数据 块加入到发送端和接收端约定位置的需要发送的数据中,以便接收端 进行正确的解密。  The encrypted data block includes the length of the data to be emphasized. The encrypted data block is added to the data to be sent at the agreed position of the sender and the receiver, so that the receiver can perform correct decryption.
以网上 4艮行的支付密码为例, 说明上述流程。  Take the online payment password as an example to illustrate the above process.
个人支付渠道拓展后,在互联网上进行支付交易的方式已被越来 越多的大众所接受。由于互联网支付密码的功能与个人标识码极其类 似, 为减少机构改动, 应将算法设计得尽量接近于个人标识码。 当发 卡机构或银联等中间服务提供机构所在的网站弹出页面,需要用户输 入支付密码时,所述网站可将接收到的支付密码按照以下方式进行统 一编码为其它可见字符。  After the expansion of personal payment channels, the way in which payment transactions are conducted on the Internet has been accepted by more and more people. Since the function of the Internet payment password is very similar to the personal identification code, in order to reduce the organizational changes, the algorithm should be designed as close as possible to the personal identification code. When the website of the card issuing institution or the intermediary service provider such as UnionPay is popping up the page and the user needs to input the payment password, the website can uniformly encode the received payment password into other visible characters in the following manner.
al、 将支付密码转换为 ASCII码  Al, convert the payment password to ASCII code
由于支付密码可以由数字、 字符或其它符号构成, 正因为字符密 码可由这么多字符构成,因此必须寻找一个能够全面标识它们的编码 规则才能将其统一转换, 转换为加密机可识别的编码形式, 否则转换 方式会很复杂, 不利于机器实现。 而筒单又适用的编码规则就是 ASCII。 因此, 可以将支付密码转换为 ASCII码。  Since the payment password can be composed of numbers, characters or other symbols, just because the character password can be composed of such a large number of characters, it is necessary to find an encoding rule that can fully identify them in order to uniformly convert it into a coding form recognizable by the encryption machine. Otherwise, the conversion method will be complicated, which is not conducive to machine implementation. The encoding rule that applies to the cartridge is ASCII. Therefore, the payment password can be converted to ASCII code.
表 1 Table 1
N N P P P P P P P P P P P P P P P P P P P P F F  N N P P P P P P P P P P P P P P P P P P P F F F
1 1 / 1 / 1 / 1 1 / 1 1 / / 1 1 / 1 / 1 / 1 1 / 1 1 / /
1 1 / 1 1 1 1 1 / 1 / /1 1 / 1 1 1 1 1 / 1 / /
F F F F F F F F F F F F F F 注 1 : P表示 Password, F表示 Filler FFFFFFFFFFFFFF Note 1: P means Password, F means Filler
注 2: N为支付密码的长度(8 - bit )  Note 2: N is the length of the payment password (8 - bit)
注 3: P为 8-bit二进制互联网支付密码的字符  Note 3: P is the character of the 8-bit binary internet payment password.
注 4: P/F为 8-bit二进制互联网支付密码的字符 /填充字符 注 5: F为 8-bit二进制互联网支付密码的填充字符  Note 4: P/F is the character of the 8-bit binary internet payment password / padding character Note 5: F is the padding character of the 8-bit binary internet payment password
每个支付密码转换成的 ASCII码具有表 2的固定格式  The ASCII code converted into each payment password has the fixed format of Table 2.
表 2  Table 2
Figure imgf000009_0001
Figure imgf000009_0001
其字符集为标准 ASCII转换表中所列字符。  Its character set is the characters listed in the standard ASCII conversion table.
a2: 再将 ASCII码中每个字符转换成对应的十六进制数, 重加密数据块。  A2: Convert each character in the ASCII code to the corresponding hexadecimal number and re-encrypt the data block.
示例如下:  An example is as follows:
明文支付密码: Hello! 123  Clear text payment password: Hello! 123
由于支付密码都是字符明文显示, 所以这里需将其首先转换为 ASCII码, 再将其转换为十六进制数, 如表 3所示。  Since the payment password is a plain text display, it needs to be converted to ASCII first and then converted to a hexadecimal number, as shown in Table 3.
表 3  table 3
Figure imgf000009_0002
根据上文描述的补充原则, 前面补两个字符的长度位, 该密码共
Figure imgf000009_0002
According to the supplementary principle described above, the length of the two characters is preceded by a total of
9个字符, 因此补 09两个字符, 转换为 ASCII是 48和 57, 转换为十 六进制是 0x30和 0x39。 后面需要补充 13位的空白字符, 转换为十 六进制为 OxFF, 因此最终得到的互联网支付密码块如下: 9 characters, thus complementing 09 two characters, converting to ASCII is 48 and 57, converting to hexadecimal is 0x30 and 0x39. Need to add 13-bit white space afterwards, convert to ten The hexadecimal is OxFF, so the resulting Internet payment password block is as follows:
0x30 0x39 0x48 0x65 0x6C 0x6C 0x6F 0x21 0x31 0x32 0x33 OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF 将支付密码块组成文件或数据包,再对所述文件或数据包进行加 密。其加密密钥采用 PIN的加密密钥,加密算法根据密钥是双倍长或 单倍长而选用双倍长加密算法或单倍长加密算法。  0x30 0x39 0x48 0x65 0x6C 0x6C 0x6F 0x21 0x31 0x32 0x33 OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF OxFF The payment cipher block is composed into a file or a packet, and the file or packet is encrypted. The encryption key uses the PIN encryption key. The encryption algorithm uses a double-length encryption algorithm or a single-length encryption algorithm depending on whether the key is double or single.
接收端的解密其为发送端解密的一逆过程, 在此就省略了。 请参阅图 3, 其为本发明公开的另一种数据安全传输的流程图。 它包括:  The decryption of the receiving end is an inverse process of decryption by the transmitting end, which is omitted here. Please refer to FIG. 3 , which is a flowchart of another data security transmission disclosed by the present invention. it includes:
S310: 发送端将需要着重加密的数据先转换成 16进制, 组成固 定格式的着重加密数据块;  S310: The sending end converts the data that needs to be encrypted first into hexadecimal, and forms a cryptographic data block in a fixed format;
S320: 发送端将包含着重加密数据块的数据进行加密后发送; S330: 接收端先解密接收到的数据, 然后, 按照步骤 S310对应 的步骤解密所述着重加密数据块, 获得需要着重加密的数据。  S320: The sending end encrypts the data including the encrypted data block and sends the data. S330: The receiving end decrypts the received data first, and then decrypts the heavily encrypted data block according to the step corresponding to step S310, and obtains data that needs to be encrypted. .
其中, 步骤 S320中采用双倍长的加密算法加密所述需要发送的 数据。 并且还包括: 将双倍长加密算法加密后得到的不可见字符中每 个字节的二进制数转换为两个十六进制,再将两个十六进制数转换为 可见的 ASCII码。  In step S320, the double-length encryption algorithm is used to encrypt the data to be sent. And it also includes: Converting the binary number of each byte of the invisible characters obtained by encrypting the double-length encryption algorithm into two hexadecimal numbers, and converting the two hexadecimal numbers into visible ASCII codes.
以下以 VIP文件中的 VIP主账号为例, 具体说明上述流程。 VIP文件是指各家银行对其重要客户(即非常有价格的持卡人)相 关信息制定的一个数据文件。 VIP文件中包括了 VIP客户的卡号, 并 在相应每个卡号下面设置对应卡号里的每一个持卡人的重要信息。 The following takes the VIP main account in the VIP file as an example to explain the above process. A VIP file is a data file developed by each bank for information about its important customers (ie, very pricey cardholders). The VIP file includes the VIP number of the VIP customer, and under each corresponding card number, sets the important information of each cardholder in the corresponding card number.
VIP 文件需要定期更新, 为了便于银联或其它有资质保证的商户对 VIP进行服务,各家银行会定期将 VIP文件发送至银联或其它有资质 保证的商户。 为了保证 VIP 文件在网络上传输的安全性, 不仅仅对 VIP文件进行保密,还需要对 VIP文件中的每一个 VIP客户的卡号进 行加密, 因此 VIP文件中的重要信息就是 VIP客户的卡号, 只要对 该内容进行了加密, 即使 VIP文件被窃取也是没有意义的。 因此, 为 了防止 VIP客户卡号被窃取, 需要对该传输过程中的 VIP卡号进行 加密。 VIP documents need to be updated regularly. In order to facilitate UnionPay or other qualified merchants to serve VIPs, each bank will periodically send VIP files to UnionPay or other qualified merchants. In order to ensure the security of the VIP file transmission on the network, not only the VIP file is kept secret, but also the card number of each VIP client in the VIP file is encrypted. Therefore, the important information in the VIP file is the card number of the VIP client, as long as The content is encrypted, even if the VIP file is stolen. Therefore, for To prevent the VIP client card number from being stolen, it is necessary to encrypt the VIP card number during the transmission.
设计 VIP文件主账号的加密算法如下:  The encryption algorithm for designing the VIP account master account is as follows:
主账号都是由数字构成的, 正由于卡号都是直接由数字构成的, 因此可以直接转换为 16进制, 不需要一个 ASCII的中间过渡, 这是 和互联网支付密码不同的地方。 因此, 其将加密数据块的构成设计成 类似于联机 PIN的格式, 但主账号长度远远大于联机 PIN, 故在具体 实现上仍然是有所不同的, 格式如下:  The main account is composed of numbers. Since the card numbers are directly composed of numbers, they can be directly converted to hexadecimal. There is no need for an intermediate transition of ASCII, which is different from the Internet payment password. Therefore, it designs the structure of the encrypted data block to be similar to the format of the online PIN, but the length of the primary account is much larger than the online PIN, so it is still different in the specific implementation, and the format is as follows:
表 4
Figure imgf000011_0002
Table 4
Figure imgf000011_0002
注 1: N为 VIPPAN的长度( 4 - bit )  Note 1: N is the length of the VIPPAN (4 - bit)
注 2: P为 4- bit二进制 VIPPAN的数码  Note 2: P is a 4-bit binary VIPPAN digital
注 3: P/F为 4- bit二进制 VIPPAN的数码 /FILLER  Note 3: P/F is 4-bit binary VIPPAN digital /FILLER
注 4: F为 4-bit % B 1111 ( FILLER )  Note 4: F is 4-bit % B 1111 ( FILLER )
概括起来为其格式为: To sum it up, the format is:
Figure imgf000011_0001
Figure imgf000011_0003
Figure imgf000011_0001
Figure imgf000011_0003
其字符集为:  Its character set is:
表 6  Table 6
VIP主账号字符(简记为: VIPPAN ) 二进制表示  VIP main account character (abbreviated as: VIPPAN) binary representation
0 0000  0 0000
1 0001 4 0100 1 0001 4 0100
5 0101  5 0101
6 0110  6 0110
7 0111  7 0111
8 1000  8 1000
9 1001  9 1001
示例如下:  An example is as follows:
明文 VIPPAN: 1234567890123456789  Clear text VIPPAN: 1234567890123456789
则 VIPPAN BLOCK为:  Then VIPPAN BLOCK is:
0x19 0x12 0x34 0x56 0x78 0x90 0x12 0x34 0x56 0x78 0x9F OxFF OxFF OxFF OxFF OxFF  0x19 0x12 0x34 0x56 0x78 0x90 0x12 0x34 0x56 0x78 0x9F OxFF OxFF OxFF OxFF OxFF
这里规定了一种转换方式: 将 " 12" 对应转换为 "0x12" , 即将 两个字节的 ASCII码字符转换为了一个字节的 16进制字符。 当然, 也可以采用其他可行的转换方式直接将用数字表示的 VIP 文件主账 号转换为 16进制的数字串。  This defines a conversion method: Convert the "12" correspondence to "0x12", which converts the two-byte ASCII characters into one-byte hexadecimal characters. Of course, other feasible conversion methods can also be used to directly convert the VIP account number of the VIP file into a hexadecimal digit string.
其加密密钥的生成采用的是类似于文件校驺码的密钥生成方式, 每次生成文件时都同时随机生成该加密密钥(密钥的生成也和互联网 的不同, 这里每次都是随机生成的, 这是考虑到文件对密钥的维护方 式。 而互联网的密钥是事先存放好的, 在一定时期内不会改变), 并 存放于 VIP文件的特殊段。 接收方在收到 VIP文件后, 首先取出该 密钥, 然后用该密钥对 VIP主账号密文进行解密。为保证该数据的安 全, 所用到的密钥为默倍长密钥, 所用到的计算算法为双倍长加密算 法。  The encryption key is generated by a key generation method similar to the file calibration code. Each time the file is generated, the encryption key is randomly generated at the same time (the generation of the key is also different from that of the Internet, here every time Randomly generated, this is in consideration of how the file is maintained by the key. The key of the Internet is stored in advance and will not change for a certain period of time, and is stored in a special section of the VIP file. After receiving the VIP file, the receiver first takes out the key and then uses the key to decrypt the VIP primary account ciphertext. In order to ensure the security of the data, the key used is a mega-long key, and the calculation algorithm used is a double-length encryption algorithm.
通过默倍长加密算法计算出来的 VIP主账号密文实际上只有 16 个字节, 且多为不可见字符, 为使其变为可见字符, 还需要进行二进 制表示到 ASCII码表示的转换, 即每个字节先将 8个 bit位二进制数 换算为两个 4个 bit位的十六进制数,然后再将每个 4个 bit位十六进 制数转换为与之对应的 8个 bit位的 ASCII码, 最终可在文件和屏幕 上显示。 The VIP primary account ciphertext calculated by the mega-long encryption algorithm is actually only 16 bytes, and most of them are invisible characters. In order to make it a visible character, a binary representation to an ASCII code representation is also required, that is, Each byte first converts the 8-bit binary number into two 4-bit hexadecimal numbers, and then converts each 4-bit hexadecimal number to its corresponding 8 bits. Bit ASCII code, eventually available in file and screen Displayed on.
示例如下:  An example is as follows:
若计算出来的一个字节为 11110001 ,对应的十六进制数为 "F1" , 然后再将这两个十六进制数 "F1" 转化为 ASCII字符 "F" 和 T。 最后, 不可见的一个字节数 11110001转换为了两个可见字符 "F" 和 "1"„  If the calculated one byte is 11110001, the corresponding hexadecimal number is "F1", and then the two hexadecimal numbers "F1" are converted into ASCII characters "F" and T. Finally, one invisible number of bytes 11110001 is converted to two visible characters "F" and "1".
接收端对接收到的文件进行解密的过程为前述过程的逆过程,筒 单描述如下:  The process of decrypting the received file by the receiving end is the reverse process of the foregoing process, and the description of the device is as follows:
接收端先按照步驟(4 )对应的逆步骤将 ASCII码形式的帐号数 据进行转换;  The receiving end first converts the account data in the form of ASCII code according to the reverse step corresponding to step (4);
然后, 采用相应的解密算法解密转换后的数据;  Then, decrypting the converted data by using a corresponding decryption algorithm;
最后按照步骤(1 )对应的逆步驟解码所述解密后的数据, 获得 需要着重加密的原始数据。  Finally, the decrypted data is decoded according to the inverse step corresponding to step (1), and the original data that needs to be encrypted is obtained.
以上公开的仅为本发明几个具体实施例, 但本发明并非局限于 此,任何本领域的技术人员能思之的变化都应落在本发明的保护范围 内。  The above disclosure is only a few specific embodiments of the present invention, but the present invention is not limited thereto, and any changes that can be made by those skilled in the art should fall within the protection scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种数据安全传输的方法, 其特征在于, 包括: A method for secure transmission of data, comprising:
(1)发送端将需要着重加密的数据先转换成 ASCII码,再将 ASCII 码中每个字符转换成对应的十六进制,組成固定格式的着重加密数据 块;  (1) The sender converts the data that needs to be encrypted first into ASCII code, and then converts each character in the ASCII code into a corresponding hexadecimal to form a fixed-format encrypted data block;
(2)发送端将包含着重加密数据块的数据进行加密后发送; (2) The transmitting end encrypts and transmits the data including the encrypted data block;
(3)接收端先解密接收到的数据, 然后, 按照步骤 (1)对应的步骤 解码所述着重加密数据块, 获得需要着重加密的数据。 (3) The receiving end decrypts the received data first, and then decodes the heavily encrypted data block according to the step corresponding to step (1) to obtain data that needs to be encrypted.
2、 如权利要求 1所述的数据安全传输的方法, 其特征在于, 步 骤 (2)中釆用双倍长或单倍长的加密算法进行加密。  2. The method of secure transmission of data according to claim 1, wherein in step (2), encryption is performed using a double length or a single long encryption algorithm.
3、 如权利要求 1所述的数据安全传输的方法, 其特征在于, 步 骤 (1)所述加密数据块中包括所述需要着重加密数据的长度。  The method of secure transmission of data according to claim 1, wherein in step (1), the encrypted data block includes the length of the data to be emphasized.
4、如权利要求 1或 3所述的数据安全传输的方法, 其特征在于, 所述需要加密的数据为互联网支付密码, 并且, 步骤 (2)中采用 PIN 的加密密钥进行加密 , 步骤 (3)中采用对应的解密密钥进行解密。  The method for secure transmission of data according to claim 1 or 3, wherein the data to be encrypted is an internet payment password, and in step (2), the encryption key of the PIN is used for encryption, the step ( 3) The corresponding decryption key is used for decryption.
5、 一种数据安全传输的方法, 其特征在于, 包括:  5. A method for secure transmission of data, characterized by comprising:
(1)发送端将需要着重加密的数据先转换成 16进制,组成固定格 式的着重加密数据块;  (1) The sender will convert the data that needs to be encrypted first into hexadecimal, and form a fixed format of the encrypted data block;
(2)发送端将包含着重加密数据块的数据进行加密后发送; (2) The transmitting end encrypts and transmits the data including the encrypted data block;
(3)接收端先解密接收到的数据, 然后, 按照步驟 (1)对应的步骤 解码所述着重加密数据块, 获得需要着重加密的数据。 (3) The receiving end decrypts the received data first, and then decodes the heavily encrypted data block according to the step corresponding to step (1) to obtain data that needs to be encrypted.
6、 如权利要求 5所述的数据安全传输的方法, 其特征在于, 步 骤 (2)中采用双倍长或单倍长的加密算法进行加密。  6. The method of secure transmission of data according to claim 5, wherein in step (2), encryption is performed using a double length or a single long encryption algorithm.
7、 如权利要求 6所述的数据安全传输的方法, 其特征在于, 步 骤 (2)还包括:将双倍长加密算法加密后得到的不可见字符中每个字节 的二进制数转换为两个十六进制,再将两个十六进制数转换为可见的 ASCII码, 或者, 将双倍长加密算法加密后得到的所有数据的每个字节中二进制 数转换为两个十六进制, 再将两个十六进制数转换为可见的 ASCII 码。 The method for secure transmission of data according to claim 6, wherein the step (2) further comprises: converting the binary number of each byte of the invisible character obtained by encrypting the double-length encryption algorithm into two Hexadecimal, then convert two hexadecimal numbers into visible ASCII code, or, The binary number in each byte of all data obtained by encrypting the double-length encryption algorithm is converted into two hexadecimal numbers, and then the two hexadecimal numbers are converted into visible ASCII codes.
8、 如权利要求 6所述的数据安全传输的方法, 其特征在于, 步 骤 (2)还包括: 采用文件校-险码的密钥生成方式生成加密密钥, 并且, 发送端将加密密钥发送至接收端。  The method for secure transmission of data according to claim 6, wherein the step (2) further comprises: generating an encryption key by using a key generation method of the file calibration-risk code, and the sender encrypts the key Send to the receiving end.
9、 一种数据安全传输的方法, 其特征在于, 包括:  9. A method of securely transmitting data, characterized by comprising:
(1)发送端将需要着重加密的原始数据转换为统一编码;  (1) The sender converts the original data that needs to be encrypted with emphasis into a unified code;
(2)发送端将包含统一编码的数据进行加密后发送;  (2) The transmitting end encrypts and transmits the data including the unified encoding;
(3)接收端先解密接收到的数据, 然后, 按照步骤 (1)对应的步骤 解码所述统一编码数据, 获得需要着重加密的原始数据。  (3) The receiving end decrypts the received data first, and then decodes the unified encoded data according to the step corresponding to step (1) to obtain original data that needs to be encrypted.
10、 如权利要求 9所述的数据安全传输的方法, 其特征在于, 原 始数据转换为统一编码具体为:  10. The method of secure transmission of data according to claim 9, wherein the conversion of the original data into the unified coding is specifically:
将需要着重加密的原始数据先转换成 ASCII码, 再将 ASCII码 中每个字符转换成对应的十六进制, 组成固定格式的着重加密数据 块; 或者  Raw data that needs to be encrypted is first converted into ASCII code, and then each character in the ASCII code is converted into a corresponding hexadecimal code to form a fixed-format encrypted data block; or
将需要着重加密的数据先转换成 16进制, 组成固定格式的着重 加密数据块。  The data that needs to be encrypted is first converted into hexadecimal, which constitutes a fixed-format cryptographic data block.
11、 如权利要求 9所述的数据安全传输的方法, 其特征在于, 若 发送端和接收端为一局域网,则在该局域网内部传输的是经加密处理 后的统一编码, 而非需要着重加密的原始数据。  The method for secure transmission of data according to claim 9, wherein if the transmitting end and the receiving end are a local area network, the unified encoding of the encrypted processing is transmitted inside the local area network, instead of requiring emphasis on encryption. Raw data.
12、 一种局域网内文件传输的方法, 所述文件中包括采用数字表 示的帐号数据, 其特征在于, 包括:  12. A method for file transfer in a local area network, wherein the file includes account data using a digital representation, and the method includes:
( 1 )发送端将文件中需要着重加密的帐号数据转换为 16进制数 据, 组成固定格式的着重加密数据块;  (1) The sender converts the account data that needs to be encrypted in the file into hexadecimal data, and forms a fixed-format encrypted data block;
( 2 )发送端对包含着重加密数据块的数据进行加密;  (2) The sender encrypts the data containing the encrypted data block;
( 3 )发送端将加密后得到的数据的每个字节中二进制数转换为 两个十六进制, 再将两个十六进制数转换为可见的 ASCII码形式; ( 4 )发送端发送包含有转换为 ASCII码形式的帐号数据的文件;(3) The sender converts the binary number in each byte of the encrypted data into two hexadecimal numbers, and then converts the two hexadecimal numbers into a visible ASCII code form; (4) The sender sends a file containing account data converted into ASCII code;
( 5 )接收端按照步驟( 4 )对应的逆步驟将 ASCII码形式的帐号 数据进行转换, 然后, 解密转换后的数据, 再按照步骤(1 )对应的 逆步骤解码所述解密后的数据, 获得需要着重加密的原始数据。 (5) The receiving end converts the account data in the form of ASCII code according to the reverse step corresponding to step (4), and then decrypts the converted data, and then decodes the decrypted data according to the reverse step corresponding to step (1). Get raw data that needs to be encrypted.
PCT/CN2006/002417 2005-12-21 2006-09-15 A method for transmitting data securely WO2007071140A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510111963.X 2005-12-21
CN 200510111963 CN1988441A (en) 2005-12-21 2005-12-21 Data safety transmission method

Publications (1)

Publication Number Publication Date
WO2007071140A1 true WO2007071140A1 (en) 2007-06-28

Family

ID=38185085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/002417 WO2007071140A1 (en) 2005-12-21 2006-09-15 A method for transmitting data securely

Country Status (2)

Country Link
CN (1) CN1988441A (en)
WO (1) WO2007071140A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102256246A (en) * 2011-07-05 2011-11-23 上海市安全生产科学研究所 Data transfer encryption method for mobile communication
CN103684760B (en) * 2012-09-24 2018-12-07 腾讯科技(深圳)有限公司 The encryption of communication and the method, apparatus of decryption and system
CN103067162B (en) * 2012-11-15 2016-08-03 新浪技术(中国)有限公司 A kind of method and device of data transmission
CN103973633A (en) * 2013-01-25 2014-08-06 苏州精易会信息技术有限公司 Method for improving safety of extranet data applications
JP2016513825A (en) * 2013-03-14 2016-05-16 マサチューセッツ インスティテュート オブ テクノロジー Safety communication method and apparatus
CN105471829A (en) * 2014-09-05 2016-04-06 深圳市同盛绿色科技有限公司 Signal transmission method and system
CN104363232B (en) * 2014-11-03 2017-12-01 叶春林 Anti-disclosure system in periodic traffic
CN104410619B (en) * 2014-11-21 2017-12-19 中国联合网络通信集团有限公司 Instant communicating method and system
CN104461884B (en) * 2014-12-05 2018-03-13 北京奇虎科技有限公司 A kind of method and apparatus for the input data for generating testing tool
CN104618367A (en) * 2015-01-27 2015-05-13 杨勇 Transfer privacy device and data transmission method
CN105141631B (en) * 2015-09-21 2019-06-11 宇龙计算机通信科技(深圳)有限公司 The methods, devices and systems that a kind of terminal, server and account safety log in
CN107786331B (en) * 2017-09-28 2020-03-17 平安普惠企业管理有限公司 Data processing method, device, system and computer readable storage medium
CN110768785B (en) * 2019-10-22 2023-05-02 宜人恒业科技发展(北京)有限公司 Encoding and decoding methods, related devices and computer equipment
CN111523905A (en) * 2020-04-26 2020-08-11 北京中关村银行股份有限公司 Security authentication method and device for verification code, storage medium and electronic equipment
CN112532388B (en) * 2020-12-04 2023-10-13 广州羊城通有限公司 Encryption method and device for air issuing data of air issuing card

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1157677A (en) * 1994-09-07 1997-08-20 米泰克技术有限公司 Biometric controlled key generation
CN1287339A (en) * 1999-09-07 2001-03-14 李东声 Method of realizing key data specificity in safe IC card Business
CN1622510A (en) * 2003-11-28 2005-06-01 神达电脑股份有限公司 Data security method of WLAN and architecture thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1157677A (en) * 1994-09-07 1997-08-20 米泰克技术有限公司 Biometric controlled key generation
CN1287339A (en) * 1999-09-07 2001-03-14 李东声 Method of realizing key data specificity in safe IC card Business
CN1622510A (en) * 2003-11-28 2005-06-01 神达电脑股份有限公司 Data security method of WLAN and architecture thereof

Also Published As

Publication number Publication date
CN1988441A (en) 2007-06-27

Similar Documents

Publication Publication Date Title
WO2007071140A1 (en) A method for transmitting data securely
CN104796265B (en) A kind of Internet of Things identity identifying method based on Bluetooth communication access
CN112532613B (en) Hidden communication method based on block chain address
CN102317904B (en) System and methods for encryption with authentication integrity
CA2286707C (en) Method and system for accessing electronic resources via machine-readable data on intelligent documents
CN103684794B (en) A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
US7020773B1 (en) Strong mutual authentication of devices
JP6301471B2 (en) ID authentication system, apparatus, method, and ID authentication request apparatus
CN102082790B (en) Method and device for encryption/decryption of digital signature
CN109951453A (en) A kind of safe encryption method based on block chain
MX2007008936A (en) Secure encryption system, device and method.
JPH0823330A (en) Safe data communication
CN106506487A (en) A kind of information Encrypt and Decrypt method and device
CN109766979A (en) Two-dimensional code generation method, verification method and device
CN109067517B (en) Encryption and decryption device, encryption and decryption method and communication method of hidden key
CN103108245B (en) A kind of intelligent television pays cipher key system and method for payment based on intelligent television
CN112738051A (en) Data information encryption method, system and computer readable storage medium
CN112383397A (en) Heterogeneous signcryption communication method based on biological characteristics
CN100459495C (en) Password dynamic enciphering inputmethod of public emipering mode
CN112800462A (en) Method for storing confidential information in cloud computing environment
CN109150505A (en) A kind of information transferring method and device for SAP system
CN111818026A (en) Data encryption method and system for public network transmission
JP2002077135A (en) Encrypting method, decrypting method and their equipment
CN108337233B (en) Method for encrypting content information, electronic equipment and storage medium
KR101100726B1 (en) A Method of Transporting Certificate to Mobile Terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 14-10-2008

122 Ep: pct application non-entry in european phase

Ref document number: 06791012

Country of ref document: EP

Kind code of ref document: A1