WO2020037577A1 - Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal - Google Patents

Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal Download PDF

Info

Publication number
WO2020037577A1
WO2020037577A1 PCT/CN2018/101825 CN2018101825W WO2020037577A1 WO 2020037577 A1 WO2020037577 A1 WO 2020037577A1 CN 2018101825 W CN2018101825 W CN 2018101825W WO 2020037577 A1 WO2020037577 A1 WO 2020037577A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication channel
ciphertext
address
port
public key
Prior art date
Application number
PCT/CN2018/101825
Other languages
English (en)
Chinese (zh)
Inventor
袁振南
孟天晖
Original Assignee
袁振南
区链通网络有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 袁振南, 区链通网络有限公司 filed Critical 袁振南
Priority to PCT/CN2018/101825 priority Critical patent/WO2020037577A1/fr
Priority to CN201880002398.9A priority patent/CN109792451B/zh
Publication of WO2020037577A1 publication Critical patent/WO2020037577A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present application relates to the field of computer technology, and in particular, the present application relates to a method, device, memory, and terminal for encrypting, decrypting, and establishing a communication channel.
  • the communication channels between users and users, between users and servers, and between servers and servers may be cut off by malicious parties, resulting in the communication between users being interrupted. For example, in the email system shown in FIG. 1, if the communication channel between the user 101 and the first server 102 is cut off, or the communication channel between the second user 104 and the second server 103, or the first server 102 and the second server If the communication channel between the servers 103 is cut off, the user 101 and the user 104 cannot send or receive mail.
  • This application proposes an encryption method, a decryption method, a establishment method and a device, a memory, and a terminal, to solve the problem that the communication channel between users in the prior art is easily cut off.
  • the communication channel encryption method proposed in this application includes steps:
  • This application also proposes a method for decrypting a communication channel, including steps:
  • the first ciphertext is decrypted by using the private key of the asymmetric algorithm to obtain the address and port of the communication channel.
  • the second ciphertext is a typo in the message body
  • the step of inverse mapping the second ciphertext through a codebook to obtain the first ciphertext includes:
  • the typo of the second ciphertext is converted into a character, and the character is used as the first ciphertext.
  • This application also proposes a method for establishing a communication channel, including steps:
  • the sender obtains the address and port of the communication channel; encrypts the address and port of the communication channel with the public key of the asymmetric algorithm to generate a first ciphertext; maps the first ciphertext through a codebook to obtain a second Ciphertext; mixing the second ciphertext with the selected text segment to generate a message body;
  • the receiver obtains the text of the message; finds the second ciphertext from the text of the message according to the selected text fragment; reverse-maps the second ciphertext through the codebook to obtain the first Ciphertext; decrypting the first ciphertext using the asymmetric algorithm's private key to obtain the address and port of the communication channel; and accessing the device node corresponding to the address and port of the communication channel to establish a communication channel.
  • This application also proposes a communication channel encryption device, including:
  • Address acquisition module used to obtain the address and port of the communication channel
  • a public key encryption module configured to encrypt the address and port of the communication channel with a public key of an asymmetric algorithm to generate a first cipher text
  • a mapping encryption module configured to map the first ciphertext through a codebook to obtain a second ciphertext
  • a hybrid encryption module is configured to mix the second ciphertext with a selected text segment to generate a message body.
  • This application also proposes a communication channel decryption device, including:
  • An information obtaining module configured to obtain the information body, which is obtained by mixing the second ciphertext with the selected text segment;
  • a ciphertext search module configured to search the second ciphertext from the message body according to the selected text segment
  • a password decryption module configured to inverse map the second ciphertext through a cipher book to obtain a first ciphertext
  • the private key decryption module decrypts the first cipher text by using the private key of the asymmetric algorithm to obtain the address and port of the communication channel.
  • the present application also proposes a computer-readable memory storing a computer program that implements the communication channel encryption method described in any one of the foregoing when the program is executed by the processor; or the program implements any of the foregoing when the processor is executed The communication channel decryption method described in one item; or the communication channel establishment method implemented when the program is executed by a processor.
  • This application also proposes a terminal, where the terminal includes:
  • One or more processors are One or more processors;
  • a storage device for storing one or more programs
  • the one or more programs are executed by the one or more processors, so that the one or more processors implement the communication channel encryption method according to any one of the foregoing; or, the one or more processors
  • the processor implements the communication channel decryption method according to any one of the foregoing; or causes the one or more processors to implement the communication channel establishment method.
  • This application solves the problem of easily leaking the communication channel when the terminal sends the address and port of the communication channel to other terminals or users through layer-by-layer encryption methods such as public key encryption, codebook mapping, and mixing with text fragments. And the communication channel is easy to be attacked or cut off; moreover, the public key generated by the asymmetric algorithm is used to encrypt, even if the text of the information is leaked to a third party, if the third party does not have the private key, It is also impossible to obtain the information of the address and port of the communication channel through reverse or conventional decryption methods, which further reduces the probability of the communication channel being interrupted and cut off. It is not only suitable for establishing a communication channel between two users, but also for open communication. A communication channel is established in a multi-person communication system.
  • This application can send the text of the message by email that is not easily blocked by most networks, which improves the success probability of sending the address and port of the communication channel between users, and is suitable for those with poor network conditions or being attacked.
  • Network system moreover, the encrypted second ciphertext can be hidden in the selected text segment to avoid being intercepted by the mail filtering system, which further improves the success probability of sending the address and port of the communication channel.
  • FIG. 1 is a schematic structural diagram of an embodiment of a real email system
  • FIG. 2 is a schematic flowchart of a first embodiment of a communication channel encryption method according to the present application
  • FIG. 3 is a schematic flowchart of a first embodiment of a communication channel decryption method according to the present application
  • FIG. 4 is a schematic flowchart of an embodiment of a communication channel establishment method according to the present application.
  • FIG. 5 is a schematic structural diagram of an embodiment of a communication system described in this application.
  • FIG. 6 is a schematic structural diagram of a terminal embodiment described in this application.
  • Such equipment may include: cellular or other communication equipment, which has a single-line display or multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service, Personal Communication System), which can combine voice and data Processing, fax and / or data communication capabilities; PDA (Personal Digital Assistant), which may include radio frequency receivers, pagers, internet / intranet access, web browsers, notepads, calendars and / or GPS (Global Positioning System (Global Positioning System) receiver; a conventional laptop and / or palmtop computer or other device having and / or a conventional laptop and / or palmtop computer or other device including a radio frequency receiver.
  • GPS Global Positioning System
  • terminal may be portable, transportable, installed in a vehicle (air, sea, and / or land), or suitable and / or configured to operate locally, and / or Operate in a distributed fashion on any other location on Earth and / or space.
  • the "terminal” and “terminal equipment” used herein may also be communication terminals, Internet terminals, music / video playback terminals, such as PDA, MID (Mobile Internet Device), and / or have music / video playback
  • Functional mobile phones can also be smart TVs, set-top boxes and other devices.
  • the present application proposes an encryption method, a decryption method, a establishment method and a device, a memory, and a terminal, which are used to improve the anti-cutoff ability of a communication channel and the confidentiality.
  • the first embodiment of the communication channel encryption method shown in FIG. 2 includes the following steps:
  • Step S10 Obtain the address and port of the communication channel
  • Step S20 encrypt the address and port of the communication channel with a public key of an asymmetric algorithm to generate a first ciphertext
  • Step S30 Map the first ciphertext through a codebook to obtain a second ciphertext
  • Step S40 Mix the second ciphertext with the selected text segment to generate a message body.
  • Step S10 Obtain the address and port of the communication channel.
  • the address of the communication channel includes a server IP address used for communication or other device nodes used for communication.
  • the address and port of the communication channel can be used to send and receive data according to specific needs, so as to realize data exchange between two different users or multiple users.
  • Step S20 The address and port of the communication channel are encrypted with a public key of an asymmetric algorithm to generate a first ciphertext.
  • the sender can use an asymmetric encryption algorithm to obtain a pair of private and public keys.
  • the public key is used to encrypt the communication data
  • the private key can be used to encrypt the communication data, and it can also decrypt the received data; in some cases, the private key can also be used as the number in the communication Signing certificate, etc.
  • the present invention can save the public key used for encryption in the sender and the private key used for decryption in the receiver before the sender and receiver communicate. So that the sender uses the public key for encryption, and the encrypted communication data can only be decrypted by the receiver's private key, thereby ensuring the privacy of the communication data.
  • the interceptor When the first ciphertext is transmitted on the network, if it is intercepted by other malicious programs, when the interceptor does not have the corresponding private key, the intercepted content cannot be known. Therefore, this step is performed by using the public key pair in the asymmetric algorithm. Encrypting the address and port of the communication channel can ensure the privacy of the address and port of the communication channel and improve the security in the subsequent communication process.
  • the asymmetric algorithm may adopt a related asymmetric algorithm such as an ECC algorithm or an RSA algorithm.
  • the ECC algorithm is based on the elliptic curve algorithm. It mainly uses the rational points on the elliptic curve to form the calculation of the ellipse discrete logarithm on the Abel addition group.
  • the RSA encryption algorithm is based on the large number decomposition algorithm. It was proposed by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. Therefore, the combination of the initials of their three surnames RSA is used as the name of the algorithm.
  • the RSA algorithm mainly uses factorization of large integers.
  • the generation algorithm used for the public key can be determined according to the complexity of the public key obtained by the asymmetric algorithm, the difficulty of generating and verifying the signature, and the frequency of generating and verifying the signature in use.
  • m ip such as 100.100.100.1:1234
  • this application also proposes another embodiment: before the address and port of the communication channel is encrypted with an asymmetric algorithm public key, before generating the first ciphertext, the method further includes:
  • a public key d P for encryption is generated according to the private key d A.
  • the generation algorithm of the public key d P includes a large number decomposition algorithm or an elliptic curve algorithm.
  • Embodiment of the present embodiment may be employed based on factoring algorithm or elliptic curve algorithm to generate a pair of public and private key d A d P; wherein the private key d A random number may be generated according to a public key may be based on the private key d P d A is generated.
  • the process of generating the private key d A and the public key d P based on the large number decomposition algorithm or the elliptic curve algorithm refer to the description of the asymmetric encryption algorithm, and details are not described herein again.
  • the public key d P may also adopt a lattice-based password, a hash-based password, or a code-based password.
  • algorithms such as Multivariate Public Key Cryptography and Falcon encryption.
  • the private key d A may be generated according to a random polynomial, and then the private key d A is generated using the Falcon encryption algorithm to generate the public key d P to obtain a private key with a higher security level.
  • d A and public key d P The Falcon encryption algorithm is a post-quantum cryptographic algorithm submitted to the National Institute of Standards and Technology (NIST) on November 30, 2017. The feature is that the generated public key is facing the quantum Computer, you can continue to secure your encrypted data.
  • the Falcon encryption algorithm is an NTRU encryption system based on the Lattice digital signature scheme.
  • the algorithm framework is established. After obtaining the short polynomials f, g, F, and G, a binary or ternary Falcon structure tree can be established to obtain the private key.
  • d P corresponding to d A please refer to the post-quantum cryptography algorithm submitted to NIST and other related descriptions of the Falcon encryption algorithm for specific calculation methods.
  • the public key d P After obtaining the public key d P and the private key d A , the public key d P is stored on the sender, and the private key d A is held on the receiver; when the public key d P is not generated on the sender At this time, the sender can obtain the public key d P through public release, public key directory table, public key management agency, data transmission, etc., for encrypting the address and port of the communication channel. Of course, the sender can also obtain the public key d P by means such as email.
  • Step S30 Map the first ciphertext through a codebook to obtain a second ciphertext.
  • the cipher book is a conversion rule that can correspondingly convert a specific set of character strings into another set of character strings, for example, convert English letters into corresponding Arabic numbers.
  • the codebook may be a one-time codebook that is used only once, or a non-one-time codebook.
  • the codebook can be agreed with other communication terminals in advance, so that other terminals can learn the mapping relationship in the codebook and facilitate decryption. In this step, by continuing to encrypt the first ciphertext, the security of establishing a communication channel can be further improved.
  • the codebook may be a mapping relationship between typos and characters; based on the first embodiment, another embodiment may be specifically: the mapping of the first ciphertext through the codebook To get the second ciphertext, including:
  • the characters of the first ciphertext are converted into typos, and the typos are used as the second ciphertext.
  • the codebook may originate from other terminals or may be generated by the terminal where the sender is located.
  • the mapping relationship between the typo and the character may be a relationship in which different characters are mapped to other different characters, for example, a letter A is mapped to a letter P, and a letter B is mapped to a letter C.
  • the typo can be picked out and combined in a predetermined order to obtain the second ciphertext; if the second ciphertext is restored according to the mapping relationship, that is, Articles without typos are available.
  • the correct first ciphertext is mapped to obtain a mapped second ciphertext, which further improves the security of the ciphertext.
  • Step S40 Mix the second ciphertext with the selected text segment to generate a message body.
  • the second ciphertext obtained in step S30 is all the encrypted address and port information of the communication channel.
  • the second ciphertext is garbled that does not comply with the correct language rules. Blocked or filtered by the system, or identified as special information, the second ciphertext can be mixed and sent in an article that complies with the correct language rules to avoid attention, which can further improve the security of the system and prevent the second secret
  • the text failed to be sent due to blocking or filtering.
  • the text fragments can be intercepted from English encyclopedic text, or from literary carriers such as English articles and novels, so that the transmitted ciphertext information as a whole will not be intercepted during the transmission process, or attract the attention of the monitoring system.
  • This embodiment solves the problem of easily leaking the address and port of the communication channel when the terminal sends the address and port of the communication channel to other terminals or users by using public key encryption, codebook mapping, and mixing with text fragments. This leads to the problem that the communication channel is easy to be attacked or cut off.
  • this embodiment also encrypts the public key generated by the asymmetric algorithm, and the receiver can decrypt the private key corresponding to the public key, which further improves the encryption.
  • the security is particularly applicable to an open multi-person communication system; on the other hand, after the receiver corresponding to this embodiment receives the message text, the address and port of the communication channel can be obtained through a corresponding decryption method, It is convenient to establish a communication channel with the sender of the address and port of the communication channel, which can effectively avoid the conversion of the communication channel between multiple servers, guarantee the security of the established communication channel, and is suitable for scenarios that may be maliciously blocked in the network. Provides a reliable method for unrestricted communication between communication servers.
  • the encrypting the address and port of the communication channel with a public key of an asymmetric algorithm to generate a first ciphertext includes:
  • the address of the communication channel, the port, and the random information are encrypted with a public key of an asymmetric algorithm to generate a first ciphertext.
  • the public key is used for encryption in this embodiment, not only the address and port of the communication channel are encrypted, but also the random information is mixed into the address and port of the communication channel before encryption, which further improves Encrypted security.
  • the generated random information may be generated by the terminal that is the sender, or may be generated by other devices, and a consensus is formed between each sender and the receiver.
  • the method further includes:
  • the text of the message is sent to the recipient via email.
  • the present application also proposes a communication channel decryption method of the receiver, as shown in FIG. 3, including steps:
  • Step S60 Obtain an information body, which is obtained by mixing the second ciphertext with the selected text segment;
  • Step S70 Find the second ciphertext from the message body according to the selected text segment
  • Step S80 reverse mapping the second ciphertext through a cipher book to obtain the first ciphertext
  • step S60 when the receiver of the message receives the message body, the message body includes not only the encrypted second ciphertext, but also the selected text segment to make the second password
  • the whole text will not be intercepted or caught the attention of the monitoring system during the sending process; the selected literary fragments also play an encryption role, so that when the information body is leaked, other users will not be directly informed by The second ciphertext makes it more difficult for other users to decrypt.
  • step S70 if the receiver of the information knows the selected literary segment inserted, or knows the rules for mixing the second ciphertext with the selected text segment, the selected literary segment may be based on the selected literary segment. Or the rule, find the second ciphertext from the message body. For example, the second ciphertext is mixed with a piece of literary work. When the receiver predicts that the mixed content is the literary work, the literary work may be deleted to filter out the second ciphertext; or The hiding rule predicted by the receiver hides the character corresponding to the second ciphertext in the literary work, so that the receiver finds and combines the second ciphertext according to the received literary work.
  • step S80 if the sender uses the cipher pad to convert the first ciphertext to the second ciphertext during the encryption process, the receiver can convert the second ciphertext to the corresponding first ciphertext by inverse mapping. Ciphertext.
  • the sender and receiver can keep the codebooks synchronized by pre-appointment or data synchronization, so as to keep the mapping relationship between the two codebooks consistent.
  • the first ciphertext can be decrypted by using the corresponding private key to obtain the information before encryption.
  • the private key and the public key can be generated at the receiver of the communication, and then the public key can be sent to the sender of the communication in advance through data transmission, mail, etc., so that the sender of the communication uses the public key for encryption .
  • This embodiment first finds the second ciphertext, and obtains the first ciphertext by inverse mapping of the found second ciphertext, and finally decrypts the first ciphertext by using the private key to
  • the address and port of the communication channel before encryption are obtained.
  • This embodiment guarantees the concealment of the address and port of the communication channel through layer-by-layer decryption, and reduces the attack and interception of the address and port of the communication channel due to leakage.
  • the receiver needs to use the asymmetric algorithm's private key for decryption. Even if the text of the information is leaked to a third party, if the third party does not have the private key, it cannot be obtained by reverse or conventional decryption methods.
  • the information of the address and port of the communication channel further reduces the probability that the communication channel is disturbed and cut off.
  • the embodiments of the present application are not only applicable to a communication channel established between two users, but also applicable to a scenario of multi-party communication.
  • the second ciphertext is a typo in the message body
  • the step of inverse mapping the second ciphertext through a codebook to obtain the first ciphertext includes:
  • the typo of the second ciphertext is converted into a character, and the character is used as the first ciphertext.
  • the decryption step of this embodiment is directed to the method of encrypting the typo in the message body as the second ciphertext.
  • a piece of literary work is used as the body of the information.
  • some letters in the literary work are replaced with corresponding typos, or extra characters are added to part of the sentence to form a text with extra characters. Words, the extra characters can be used as typos.
  • the receiver receives the text of the message, it can search for typos in the literary work and combine the typos into the second cipher text according to a preset rule; then according to the preset codebook , Converting the typo into a corresponding character through inverse mapping, and the character is the first ciphertext.
  • This embodiment is suitable for using typos as the encryption method of the second cipher text.
  • the encryption method is simple, the terminal resource consumption is low, and the applicable range is wide. Moreover, the text of the message mixed with typos cannot be easily intercepted by the system. The success rate of sending the message text is improved.
  • the decrypting the first ciphertext using a private key of an asymmetric algorithm to obtain an address and port of a communication channel includes:
  • the random information in the plain text is removed to obtain the address and port of the communication channel.
  • this embodiment may process the decrypted plain text according to the random information obtained in advance or a rule mixed with random information to obtain the address of the communication channel. With port. This embodiment further improves the concealment of the address and port of the communication channel through the random information, and enhances the encryption effect.
  • the obtaining information text includes:
  • the message text is sent by email, which can increase the probability of successful transmission.
  • the message text is based on a large number decomposition algorithm or an elliptic curve algorithm. Encryption of the public key of the message enhances the security of the message body. Even if other users obtain the message body, it is difficult to crack and obtain the encrypted message body in the message body by means such as Bruteforce even without a private key. Address and port of the communication channel.
  • the codebooks and public keys of the sender and receiver of the message can also be synchronized by mail, or kept synchronized by other data transmission methods.
  • the method further includes:
  • the device node corresponding to the address and port of the communication channel is accessed to establish a communication channel.
  • the device node may be a server address where the sender is located or a node address in a blockchain system.
  • the receiver can establish a connection with the device node established by the sender by accessing the address and port of the communication channel, thereby completing the process of establishing the communication channel between the sender and the receiver.
  • this application also proposes an embodiment of a method for establishing a communication channel. This embodiment includes the following steps:
  • the sender obtains the address and port of the communication channel; encrypts the address and port of the communication channel with the private key of the asymmetric algorithm to generate a first ciphertext; and maps the first ciphertext through a codebook to obtain a second Ciphertext; mixing the second ciphertext with the selected text segment to generate a message body;
  • the receiver obtains the text of the message; finds the second ciphertext from the text of the message according to the selected text fragment; reverse-maps the second ciphertext through the codebook to obtain the first Ciphertext; decrypting the first ciphertext using the asymmetric algorithm's private key to obtain the address and port of the communication channel; and accessing the device node corresponding to the address and port of the communication channel to establish a communication channel.
  • the communication channel established by this embodiment has good anti-blocking performance. It can flexibly and freely establish an unrestricted communication connection in a network environment with attack blocking. Moreover, the established communication connection is not easy to be monitored by other users and communication can be maintained. Confidentiality of content.
  • This application also proposes an embodiment of a communication channel establishment method as shown in FIG. 4, which includes the following steps:
  • Step S11 The sender and the receiver establish a codebook b s through negotiation, where the codebook b s is a mapping from English typos to English characters;
  • Step S12 The sender determines the server IP address and port m ip of the terminal communication, and adds the server IP address and port m ip (such as 100.100.100.1:1234) plus random information m r ;
  • Step S31 use the codebook b s to convert the first ciphertext m s into a corresponding typo to obtain the second ciphertext;
  • Step S41 The second ciphertext is hidden in an English article to generate the message body; in order to prevent the second ciphertext from being filtered by the email of the email provider when the message body is sent by email System interception; the English article can be randomly intercepted from English encyclopedia or English article;
  • Step S51 sending the text of the message with the typo to the receiver via email;
  • Step S61 After receiving the email, the recipient obtains the English article with the typo, that is, the message body;
  • Step S71 find a typo from the English article, and combine the typo into the second cipher text
  • Step S81 use the codebook b s to convert the second cipher text to the first cipher text m s ;
  • Step S92 The receiver connects to the server of the sender through the server IP address and port to establish a communication channel.
  • a communication system as shown in FIG. 5 can be established.
  • the user 1001 can encrypt the IP address and port m ip of the server 1002 and send it to the user 1004 via email.
  • the user 1004 decrypts the IP address and port m ip of the server 1002 information, and establishing a communication channel between the user and the access server 1001 through the IP address and port of the m ip 1002.
  • the communication system established by this application has higher anti-interference ability, avoids information forwarding between multiple servers, and reduces the possibility of the established communication channel being cut off; moreover, the communication process is not easy to be monitored by a third party. Higher confidentiality.
  • the encrypted communication server IP address and port can be sent to the receiver by blocking most emails that cannot be completely blocked by the network, which improves the success rate of sending the message text.
  • the second ciphertext is mixed in the English article, which reduces the probability that the second ciphertext is intercepted by the mail filtering system, and further increases the probability that the message body is successfully sent.
  • the public key of the asymmetric encryption algorithm and the pre-appointed cipher book are used to hide the server IP address and port in the e-mail to ensure the covert transmission of the message body sent.
  • the method for establishing a communication channel in this embodiment is not only applicable to establishing a connection between two parties, but also applicable to a scenario of multi-party communication; and it can flexibly and freely realize an unrestricted communication connection in a network environment with attack blocking.
  • the communication channel encryption device includes:
  • Address acquisition module used to obtain the address and port of the communication channel
  • a public key encryption module configured to encrypt the address and port of the communication channel with a public key of an asymmetric algorithm to generate a first cipher text
  • a mapping encryption module configured to map the first ciphertext through a codebook to obtain a second ciphertext
  • a hybrid encryption module is configured to mix the second ciphertext with a selected text segment to generate a message body.
  • the communication channel decryption device includes:
  • An information obtaining module configured to obtain the information body, which is obtained by mixing the second ciphertext with the selected text segment;
  • a ciphertext search module configured to search the second ciphertext from the message body according to the selected text segment
  • a password decryption module configured to inverse map the second ciphertext through a cipher book to obtain a first ciphertext
  • the private key decryption module decrypts the first cipher text by using the private key of the asymmetric algorithm to obtain the address and port of the communication channel.
  • the embodiment of the communication channel encryption device has the same beneficial effects as the corresponding embodiment of the communication channel encryption method, and the embodiment of the communication channel decryption device has the same beneficial effects as the corresponding embodiment of the communication channel decryption method. Here, No longer.
  • a computer-readable memory stored in the present application stores a computer program that implements the communication channel encryption method described in any one of the foregoing when the program is executed by the processor; or implements any one of the foregoing when the program is executed by the processor
  • the communication channel decryption method; or the communication channel establishment method is implemented when the program is executed by a processor.
  • the memory includes, but is not limited to, any type of disk (including a floppy disk, a hard disk, an optical disk, a CD-ROM, and a magneto-optical disk), a ROM (Read-Only Memory, read-only memory), and a RAM (Random Access Memory).
  • the memory includes any medium that stores or transfers information in a readable form by a device (eg, a computer). It can be read-only memory, magnetic disk or optical disk, etc.
  • This application also proposes a terminal, where the terminal includes:
  • One or more processors are One or more processors;
  • a storage device for storing one or more programs
  • the one or more programs are executed by the one or more processors, so that the one or more processors implement the communication channel encryption method according to any one of the foregoing; or, the one or more processors
  • the processor implements the communication channel decryption method according to any one of the foregoing; or causes the one or more processors to implement the communication channel establishment method.
  • the terminal can be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales, sales terminal), a vehicle-mounted computer, a server, and the like.
  • a mobile phone a tablet computer
  • PDA Personal Digital Assistant
  • POS Point of Sales, sales terminal
  • vehicle-mounted computer a server
  • server a server
  • FIG. 6 is a block diagram showing a partial structure of a mobile phone related to a terminal provided by an embodiment of the present application.
  • the mobile phone includes: a radio frequency (RF) circuit 1510, a memory 1520, an input unit 1530, a display unit 1540, a sensor 1550, an audio circuit 1560, a wireless fidelity (Wi-Fi) module 1570, and processing Device 1580, and power supply 1590 and other components.
  • RF radio frequency
  • the RF circuit 1510 may be used for receiving and sending signals during information transmission and reception or during a call.
  • the downlink information of the base station is received and processed by the processor 1580.
  • the design uplink data is transmitted to the base station.
  • the RF circuit 1510 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like.
  • the RF circuit 1510 can also communicate with a network and other devices through wireless communication.
  • the above wireless communication can use any communication standard or protocol, including but not limited to Global System of Mobile (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division Multiple Access) Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), etc.
  • GSM Global System of Mobile
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • E-mail Short Messaging Service
  • the memory 1520 can be used to store software programs and modules.
  • the processor 1580 runs the software programs and modules stored in the memory 1520 to execute various functional applications and data processing of the mobile phone.
  • the memory 1520 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application required by a function (such as encryption or decryption, etc.); the storage data area may store information required by a mobile phone according to the usage of the mobile phone. Created data (such as codebooks or public keys).
  • the memory 1520 may include a high-speed random access memory, and may further include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage device.
  • the input unit 1530 can be used to receive inputted numeric or character information, and generate key signal inputs related to user settings and function control of the mobile phone.
  • the input unit 1530 may include a touch panel 1531 and other input devices 1532.
  • the touch panel 1531 also known as a touch screen, can collect user's touch operations on or near it (such as the user using a finger, a stylus or any suitable object or accessory on the touch panel 1531 or near the touch panel 1531 Operation), and drive the corresponding connection device according to a preset program.
  • the touch panel 1531 may include two parts, a touch detection device and a touch controller.
  • the touch detection device detects the user's touch position, and detects the signal caused by the touch operation, and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device, converts it into contact coordinates, and sends it To the processor 1580, and can receive the command sent by the processor 1580 and execute it.
  • various types such as resistive, capacitive, infrared, and surface acoustic wave can be used to implement the touch panel 1531.
  • the input unit 1530 may include other input devices 1532.
  • the other input devices 1532 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
  • the display unit 1540 may be used to display information input by the user or information provided to the user and various menus of the mobile phone.
  • the display unit 1540 may include a display panel 1541.
  • the display panel 1541 may be configured by using a liquid crystal display (Liquid Crystal Display, LCD), an organic light emitting diode (Organic Light-Emitting Diode, OLED), and the like.
  • the touch panel 1531 may cover the display panel 1541. When the touch panel 1531 detects a touch operation on or near the touch panel 1531, it is transmitted to the processor 1580 to determine the type of the touch event. The processor 1580 then The type provides corresponding visual output on the display panel 1541.
  • the touch panel 1531 and the display panel 1541 are implemented as two independent components to implement the input and input functions of the mobile phone, in some embodiments, the touch panel 1531 and the display panel 1541 can be integrated and Realize the input and output functions of the mobile phone.
  • the mobile phone may further include at least one sensor 1550, such as a light sensor, a motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor.
  • the ambient light sensor may adjust the brightness of the display panel 1541 according to the brightness of the ambient light.
  • the proximity sensor may close the display panel 1541 and / when the mobile phone is moved to the ear. Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three axes), and can detect the magnitude and direction of gravity when it is stationary.
  • the mobile phone can be used for applications that recognize the attitude of mobile phones (such as horizontal and vertical screen switching, related Games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tap), etc .; as for the mobile phone can also be equipped with gyroscope, barometer, hygrometer, thermometer, infrared sensor and other sensors, no longer here To repeat.
  • attitude of mobile phones such as horizontal and vertical screen switching, related Games, magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tap
  • the mobile phone can also be equipped with gyroscope, barometer, hygrometer, thermometer, infrared sensor and other sensors, no longer here To repeat.
  • the audio circuit 1560, the speaker 1561, and the microphone 1562 can provide an audio interface between the user and the mobile phone.
  • the audio circuit 1560 can transmit the received electrical data converted electrical signal to the speaker 1561, and the speaker 1561 converts it into a voiceprint signal output.
  • the microphone 1562 converts the collected voiceprint signal into an electrical signal, and the audio
  • the circuit 1560 receives and converts the audio data into audio data, and then processes the audio data output processor 1580, and then sends it to another mobile phone via the RF circuit 1510, or outputs the audio data to the memory 1520 for further processing.
  • Wi-Fi is a short-range wireless transmission technology.
  • the mobile phone can help users send and receive emails, browse web pages, and access streaming media through the Wi-Fi module 1570. It provides users with wireless broadband Internet access.
  • FIG. 6 shows the Wi-Fi module 1570, it can be understood that it does not belong to the necessary structure of the mobile phone, and can be omitted as needed without changing the essence of the invention.
  • the processor 1580 is a control center of the mobile phone, and uses various interfaces and lines to connect various parts of the entire mobile phone.
  • the processor 1580 runs or executes software programs and / or modules stored in the memory 1520 and calls data stored in the memory 1520 to execute Various functions and processing data of the mobile phone, so as to monitor the mobile phone as a whole.
  • the processor 1580 may include one or more processing units.
  • the processor 1580 may integrate an application processor and a modem processor.
  • the application processor mainly processes an operating system, a user interface, and an application program.
  • the modem processor mainly handles wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 1580.
  • the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne des procédés et des appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, une mémoire et un terminal. Le procédé de chiffrement de canal de communication comprend les étapes consistant : à obtenir l'adresse et le port d'un canal de communication ; à chiffrer l'adresse et le port du canal de communication à l'aide d'une clé publique obtenue selon un algorithme asymétrique pour générer un premier texte chiffré ; à mapper le premier texte chiffré au moyen d'un livre de codes pour obtenir un second texte chiffré ; et à mélanger le second texte chiffré avec des segments de texte sélectionnés pour générer un texte de message. La présente invention peut réduire la probabilité qu'un canal de communication soit perturbé ou coupé, et est appropriée pour établir un canal de communication entre deux utilisateurs ou dans un système de communication ouvert à plusieurs personnes.
PCT/CN2018/101825 2018-08-22 2018-08-22 Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal WO2020037577A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/101825 WO2020037577A1 (fr) 2018-08-22 2018-08-22 Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal
CN201880002398.9A CN109792451B (zh) 2018-08-22 2018-08-22 通讯通道加密、解密和建立方法及装置、存储器和终端

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/101825 WO2020037577A1 (fr) 2018-08-22 2018-08-22 Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal

Publications (1)

Publication Number Publication Date
WO2020037577A1 true WO2020037577A1 (fr) 2020-02-27

Family

ID=66499482

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/101825 WO2020037577A1 (fr) 2018-08-22 2018-08-22 Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal

Country Status (2)

Country Link
CN (1) CN109792451B (fr)
WO (1) WO2020037577A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436697A (zh) * 2023-06-07 2023-07-14 北京华云安信息技术有限公司 数据传输加解密方法、装置、电子设备及存储介质

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111797417A (zh) * 2020-07-06 2020-10-20 上海明略人工智能(集团)有限公司 文件的上传方法和装置、存储介质及电子装置
CN111781890A (zh) * 2020-07-14 2020-10-16 厦门海为科技有限公司 一种组态工程中多设备工程通讯方法及系统
CN112202868B (zh) * 2020-09-27 2021-11-30 上海交通大学 基于无线空中计算的区块链共识协议的实现方法
CN113808303B (zh) * 2021-08-24 2023-04-07 珠海市安科电子有限公司 复合加密方法、门锁系统及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949750A (zh) * 2006-11-24 2007-04-18 杭州华为三康技术有限公司 生成树协议的报文发送和接收方法、处理方法及设备
WO2011161494A1 (fr) * 2010-06-22 2011-12-29 Sandisk Il Ltd. Dispositif de stockage, dispositif hôte et procédé pour communiquer un mot de passe entre des premier et second dispositifs de stockage à l'aide d'un plan de chiffrement double
CN102624749A (zh) * 2012-04-13 2012-08-01 宁波市北仑海伯精密机械制造有限公司 一种安全通信的负载均衡方法及系统
CN104301283A (zh) * 2013-07-15 2015-01-21 镇江金钛软件有限公司 一种客户端登录服务器的方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471772A (zh) * 2007-12-27 2009-07-01 华为技术有限公司 一种通信方法、装置和系统
GB201206636D0 (en) * 2012-04-16 2012-05-30 Maidsafe Net Ltd Method of encrypting data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949750A (zh) * 2006-11-24 2007-04-18 杭州华为三康技术有限公司 生成树协议的报文发送和接收方法、处理方法及设备
WO2011161494A1 (fr) * 2010-06-22 2011-12-29 Sandisk Il Ltd. Dispositif de stockage, dispositif hôte et procédé pour communiquer un mot de passe entre des premier et second dispositifs de stockage à l'aide d'un plan de chiffrement double
CN102624749A (zh) * 2012-04-13 2012-08-01 宁波市北仑海伯精密机械制造有限公司 一种安全通信的负载均衡方法及系统
CN104301283A (zh) * 2013-07-15 2015-01-21 镇江金钛软件有限公司 一种客户端登录服务器的方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116436697A (zh) * 2023-06-07 2023-07-14 北京华云安信息技术有限公司 数据传输加解密方法、装置、电子设备及存储介质
CN116436697B (zh) * 2023-06-07 2023-09-12 北京华云安信息技术有限公司 数据传输加解密方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN109792451A (zh) 2019-05-21
CN109792451B (zh) 2022-11-18

Similar Documents

Publication Publication Date Title
WO2020037577A1 (fr) Procédés et appareils de chiffrement, de déchiffrement et d'établissement de canaux de communication, mémoire et terminal
EP3605989A1 (fr) Procédé d'envoi d'informations, procédé de réception d'informations, appareil et système
EP3226463B1 (fr) Procédé de cryptage et de décryptage de données et dispositif de cryptage et de décryptage
US10103891B2 (en) Method of generating a deniable encrypted communications via password entry
CN106850220B (zh) 数据加密方法、数据解密方法及装置
KR100734836B1 (ko) 재생가능한 세션 키들을 생성하는 시스템 및 방법
CN108769027B (zh) 安全通信方法、装置、移动终端和存储介质
Rayarikar et al. SMS encryption using AES algorithm on android
US20100250939A1 (en) System and method of handling encrypted backup data
US20160248734A1 (en) Multi-Wrapped Virtual Private Network
CN111600710A (zh) 密钥存储方法、装置、终端、服务器及可读介质
CN107968999B (zh) 一种隐私保护方法及相关设备
CN111563251B (zh) 一种终端设备中私密信息的加密方法和相关装置
US9659189B2 (en) Systems and methods of safeguarding user information while interacting with online service providers
CN106790009B (zh) 信息处理方法、装置及移动终端
CN109886010B (zh) 验证图片发送方法、合成方法及装置、存储介质和终端
CN105227578A (zh) 传输文件的加密和解密方法及加密和解密装置
CN104683301A (zh) 一种密码保存的方法及装置
CN108028754B (zh) 加密、解密方法、装置及终端
JP4798796B2 (ja) データの秘匿性及び復元性を提供するデータ保護方法、クライアント装置及びプログラム
US20170054733A1 (en) Method and system for providing secure point-to-point communication
US20120131346A1 (en) Securing private key access for cross-component message processing
CN114629649B (zh) 基于云计算的数据处理方法、装置及存储介质
CN108270917B (zh) 一种加密智能手机
US20130080763A1 (en) Personal messaging security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18931025

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18931025

Country of ref document: EP

Kind code of ref document: A1