WO2021036952A1 - Method for encrypted transmission of data - Google Patents

Method for encrypted transmission of data Download PDF

Info

Publication number
WO2021036952A1
WO2021036952A1 PCT/CN2020/110620 CN2020110620W WO2021036952A1 WO 2021036952 A1 WO2021036952 A1 WO 2021036952A1 CN 2020110620 W CN2020110620 W CN 2020110620W WO 2021036952 A1 WO2021036952 A1 WO 2021036952A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
encryption
receiving end
sending end
Prior art date
Application number
PCT/CN2020/110620
Other languages
French (fr)
Chinese (zh)
Inventor
朱小军
肖列
Original Assignee
杭州来布科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州来布科技有限公司 filed Critical 杭州来布科技有限公司
Publication of WO2021036952A1 publication Critical patent/WO2021036952A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • the invention relates to the field of data transmission security, and more specifically, to a data encryption transmission method.
  • the secure transmission of data is an eternal topic in the information age, and the secure transmission of data is related to the privacy of users.
  • the existing data transmission method encrypts the transmitted data, but the encryption key used is only generated by the sender.
  • the encryption key can be cracked by cracking the sender end, and the data can also be intercepted to imitate and deceive, and the security is low. .
  • the technical problem to be solved by the present invention is to provide a data encryption transmission method in view of the above-mentioned defects of the prior art.
  • the technical solution adopted by the present invention to solve its technical problems is: constructing a data encryption transmission method, including:
  • the data sending end generates a first partial data key, and sends the first partial data key to the data receiving end;
  • the data receiving end generates a second partial data key, and sends the second partial data key to the data sending end;
  • the data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data to the data receiving end;
  • the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  • the step S1 sending the first partial data key to the data receiving end includes:
  • the data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
  • the step S2 sending the second partial data key to the data sending end includes:
  • the data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key
  • the step S2 sending the second partial data key to the data sending end includes:
  • the data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
  • the preset encryption algorithm is a private key of an asymmetric encryption algorithm
  • the preset decryption algorithm is a public key of the asymmetric encryption algorithm
  • the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is an external device Unreadable area.
  • the encryption key in the step S3 is a symmetric algorithm encryption key
  • the decryption key is a symmetric algorithm decryption key
  • the data sending end generating the first partial data key includes: the random number generator of the data sending end generates the first partial data key, and each The key of the first part of the data generated this time is different;
  • the data receiving end generating the second partial data key includes: the random number generator of the data receiving end generates the second partial data key, and the second partial data key generated each time is different .
  • the data to be transmitted in the step S4 is stored in the FLASH memory of the data sending end using a circular queue, and the data between the latest data pointer and the current data pointer is Is the data to be transmitted.
  • the method further includes:
  • the data sending end is a data collection terminal
  • the data receiving end is a server
  • the present invention also provides a data encryption transmission method, which is applied to the data sending end, and includes:
  • the data sending end generates a first partial data key, and sends the first partial data key
  • the data sending end receives the second part of the data key sent by the data receiving end;
  • F3. Generate an encryption key from the first part data key and the second part data key
  • the data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data.
  • the step F1 sending the first part of the data key includes: F11, encrypting the first part of the data key using a preset encryption algorithm, and sending the generated first part of the data key. Encryption key.
  • the step F2 includes:
  • the data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by the first part of the data key;
  • the data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key
  • the step F2 includes:
  • the data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by a preset encryption algorithm;
  • the data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
  • the preset encryption algorithm is a private key of an asymmetric encryption algorithm
  • the private key of the asymmetric encryption algorithm is stored in the encryption chip of the data sending end.
  • a key storage area, and the key storage area is an area that is not readable by an external device.
  • the data sending end generating the first partial data key includes: the random number generator of the data sending end generates the first partial data key, and each The keys of the first part of the data generated this time are different.
  • the data to be transmitted in the step F4 is stored in the FLASH memory of the data sending end using a circular queue, and the data between the latest data pointer and the current data pointer is Is the data to be transmitted.
  • the encryption key in step F3 is a symmetric algorithm encryption key
  • the data sending end is a data collection terminal, and the data receiving end is a server.
  • the present invention also provides a data encryption transmission method, which is applied to the data receiving end, and includes:
  • the data receiving end receives the first part of the data key sent by the data sending end;
  • the data receiving end generates a second partial data key, and sends the second partial data key
  • the data receiving end receives encrypted data sent by the data sending end, where the encrypted data includes data to be transmitted;
  • the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  • the step J1 includes:
  • the data receiving end receives the first encryption key sent by the data sending end, where the first encryption key is obtained by encrypting the first part of the data key through a preset encryption algorithm;
  • the data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
  • the sending of the second partial data key in step J2 includes: J21, using the first partial data key to encrypt the second partial data key, Send the generated second encryption key; or
  • J22 Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key.
  • the preset encryption algorithm is a private key of an asymmetric encryption algorithm
  • the preset decryption algorithm is a public key of the asymmetric encryption algorithm
  • the data receiving end generating the second partial data key includes: the random number generator of the data receiving end generates the second partial data key, And the second part of the data key generated each time is different.
  • the decryption key is a symmetric algorithm decryption key
  • the data sending end is a data collection terminal, and the data receiving end is a server.
  • a data encryption transmission method implementing the present invention has the following beneficial effects: the encryption key of the present invention is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, effectively preventing data interception and data transmission. Crack, improve data transmission security.
  • FIG. 1 is a flowchart of a method for data encryption transmission provided by an embodiment
  • FIG. 2 is a flowchart of a data encryption transmission method provided by an embodiment
  • FIG. 3 is a flowchart of a data encryption transmission method provided by an embodiment
  • FIG. 4 is a flowchart of a data encryption transmission method provided by an embodiment
  • Fig. 5 is a sequence diagram of a data encryption transmission method provided by an embodiment.
  • the data encryption transmission method of this embodiment is applied to data transmission between a data sending end and a data receiving end.
  • a process of transmitting data at a time between the data sending end and the data receiving end is described in this embodiment.
  • the data receiving end can also be used as a data sending end at the same time, and the data sending end can also be used as a data receiving end at the same time, thereby realizing two-way data transmission.
  • the method includes the following steps:
  • the data sending end generates a first part of the data key, and sends the first part of the data key to the data receiving end.
  • the random number generator at the data sending end generates the first part of the data key, and the random number generated each time is different, so that the first part of the data key generated each time is different. Because the key of the first part of the data generated each time is different, it is guaranteed that the key of the first part of the data transmitted to the data receiving end is different each time.
  • this embodiment encrypts the first part of the data key, and sends the encrypted first part of the data key.
  • the specific encryption process is as follows:
  • the data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
  • the preset encryption algorithm and the preset decryption algorithm correspond to each other, and are stored in the data sending end and the data receiving end in advance.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the corresponding preset decryption algorithm in the decryption process is the public key of the asymmetric encryption algorithm.
  • the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is an unreadable area for external devices. Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
  • the data receiving end generates the second part of the data key, and sends the second part of the data key to the data sending end.
  • the random number generator at the data receiving end generates the second part of the data key, and the second part of the data key generated each time is different. Since the key of the second part of the data generated each time is different, it is guaranteed that the key of the second part of the data transmitted to the data sender is different each time.
  • this embodiment performs encryption processing on the second part of the data key, and sends the encrypted second part of the data key.
  • This embodiment provides two key encryption methods for the second part of the data:
  • the first encryption method of the second part of the data key :
  • the data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key. Since the first part of the data key is generated by the data sender, the data sender has already stored the first part of the data key.
  • the data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
  • the preset encryption algorithm and the preset decryption algorithm correspond to each other, and are stored in the data sending end and the data receiving end in advance.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the preset decryption algorithm is the public key of the asymmetric encryption algorithm.
  • the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices. Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
  • the first part of the data key and the second part of the data key are stored on the data sending end and the data receiving end, and the data sending end is encrypted by the first part of the data key and the second part of the data key.
  • the encryption key and the decryption key are generated by the data receiving end from the first part of the data key and the second part of the data key.
  • only one one-way data transmission is described.
  • the data sending end only needs to generate an encryption key from the first part of the data key and the second part of the data key, and the data receiving end is composed of the first part of the data key and the second part of the data.
  • the key only needs to generate the decryption key.
  • the encryption key is a symmetric algorithm encryption key
  • the decryption key is a symmetric algorithm decryption key
  • the symmetric algorithm encryption key is the RC4 encryption key
  • the symmetric algorithm decryption key is the RC4 decryption key.
  • the data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data to the data receiving end.
  • the data to be transmitted in the data sender is stored in the FLASH memory of the data sender using a circular queue, and the data between the latest data pointer and the current data pointer is the data to be transmitted.
  • After reading the data to be transmitted use the encryption key generated from the first part of the data key and the second part of the data key to encrypt the data to be transmitted, generate encrypted data after encryption, and send the generated encrypted data to the data receiving end.
  • the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  • the data receiving end generates an encryption key and a decryption key from the first part of the data key and the second part of the data key, because the encrypted data is generated by the first part of the data key and the second part of the data key to generate the encryption key to encrypt the data to be transmitted ,
  • the corresponding data receiving end uses the decryption key generated by the first part data key and the second part data key to decrypt the encrypted data to obtain the data to be transmitted, so as to realize the safe transmission of the data.
  • the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
  • the data sending end is a data collection terminal
  • the data receiving end is a server.
  • the encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
  • the data encryption transmission method of this embodiment further includes after step S5:
  • S6 Determine whether the session connection duration between the data sending end and the data receiving end reaches a preset duration. The timing starts when the data sending end and the data receiving end establish a session connection, and the preset duration can be set as needed.
  • the session connection between the data sending end and the data receiving end is re-established.
  • the random number generator at the data sending end regenerates the first part data key, and the regenerated first part data key is different from all the first part data keys previously generated.
  • the random number generator at the data receiving end regenerates the second partial data key, and the regenerated second partial data key is different from all the second partial data keys previously generated.
  • the encryption key and the decryption key are generated from the first part of the data key and the second part of the data key again to realize the dynamization of the encryption key and the decryption key.
  • connection between the data sending end and the data receiving end is re-established after the preset session time interval, and the first part of the encryption key and the second part of the encryption key are regenerated at the same time, so that the encryption key and the decryption key are dynamic and improve security. Sex.
  • a data encryption transmission method of this embodiment is applied to a data sending end, and the method includes the following steps:
  • the data sending end generates the first part of the data key, and sends the first part of the data key.
  • the random number generator at the data sending end generates the first part of the data key, and the first part of the data key generated each time is different. Because the key of the first part of the data generated each time is different, it is guaranteed that the key of the first part of the data transmitted to the data receiving end is different each time.
  • this embodiment encrypts the first part of the data key.
  • the specific encryption process is: F11. Use a preset encryption algorithm to encrypt the first part of the data key, and send the generated first encryption Key; the preset encryption algorithm is stored in the data sending end in advance.
  • the data sending end receives the second part of the data key sent by the data receiving end.
  • this embodiment performs encryption processing on the second part data key, and this embodiment provides two encryption methods for the second part data key:
  • the first encryption method of the second part of the data key :
  • the data sending end receives the second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of the data key by the first part of the data key, and the first part of the data key is sent by the data sending end to At the data receiving end.
  • the data sender uses the first part of the data key to decrypt the second encryption key to obtain the second part of the data key. Since the first part of the data key is generated by the data sender, the data sender has already stored the first part of the data key.
  • the data sending end receives the second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of the data key with a preset encryption algorithm.
  • the data sending end uses the preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second part of the data key.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices . Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
  • F3. Generate an encryption key from the first part of the data key and the second part of the data key.
  • the first part of the data key and the second part of the data key are stored on the data sending end, and the data sending end generates the encryption key and the decryption key from the first part of the data key and the second part of the data key.
  • the encryption key is a symmetric algorithm encryption key.
  • the symmetric algorithm encryption key is an RC4 encryption key.
  • the data sender uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data.
  • the data to be transmitted in the data sender is stored in the FLASH memory of the data sender using a circular queue, and the data between the latest data pointer and the current data pointer is the data to be transmitted.
  • After reading the data to be transmitted use the encryption key generated from the first part of the data key and the second part of the data key to encrypt the data to be transmitted, generate encrypted data after encryption, and send the generated encrypted data to realize safe data transmission.
  • the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
  • the data sending end is a data collection terminal
  • the data receiving end is a server.
  • the encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
  • a data encryption transmission method of this embodiment is applied to a data receiving end, and the method includes the following steps:
  • the data receiving end receives the first part of the data key sent by the data sending end.
  • the first part of the data key is generated by the random number generator of the data sending end, and the first part of the data key generated each time is different, that is, the first part of the data key received by the data receiving end is different each time.
  • the data sender encrypts the first part of the data key, that is, the data sender encrypts the first part of the data key using a preset encryption algorithm, and sends the generated first encryption key To the data receiving end.
  • the data receiving end receives the first encryption key sent by the data sending end, and the first encryption key is obtained by encrypting the first part of the data key through a preset encryption algorithm.
  • the data receiving end uses the preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first part of the data key.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the preset decryption algorithm is the public key of the asymmetric encryption algorithm.
  • the preset encryption algorithm and the preset decryption algorithm correspond to each other, and the preset encryption algorithm is stored in the data sending end in advance, and the preset decryption algorithm is stored in the data receiving end in advance.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the preset decryption algorithm is the public key of the asymmetric encryption algorithm.
  • the data receiving end generates the second part of the data key and sends the second part of the data key.
  • the random number generator at the data receiving end generates the second part of the data key, and the second part of the data key generated each time is different. Since the key of the second part of the data generated each time is different, it is guaranteed that the key of the second part of the data transmitted to the data sender is different each time.
  • this embodiment performs encryption processing on the second part of the data key, and this embodiment provides two encryption methods for the second part of the data key:
  • the first encryption method of the second part of the data key J21, use the first part of the data key to encrypt the second part of the data key, and send the generated second encryption key; the first part of the data key is sent by the data sender to At the data receiving end.
  • the second encryption method of the second part of the data key J22.
  • the preset encryption algorithm is the private key of the asymmetric encryption algorithm
  • the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices . Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
  • the decryption key is a symmetric algorithm decryption key
  • the symmetric algorithm decryption key is an RC4 decryption key
  • the data receiving end receives the encrypted data sent by the data sending end, and the encrypted data includes the data to be transmitted.
  • the data sending end uses the encryption key generated from the first part data key and the second part data key to encrypt the data to be transmitted, generates encrypted data after encryption, and sends the generated encrypted data to the data receiving end.
  • the data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  • the data receiving end generates a decryption key from the first part of the data key and the second part of the data key, because the encrypted data is obtained by encrypting the data to be transmitted by the encryption key of the first part of the data key and the second part of the data key, and the corresponding data
  • the receiving end uses the decryption key generated by the first part data key and the second part data key to decrypt the encrypted data to obtain the data to be transmitted, so as to realize the safe transmission of the data.
  • the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
  • the data sending end is a data collection terminal
  • the data receiving end is a server.
  • the encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
  • the data sending end is a data terminal
  • the data terminal includes a sensor and an encryption chip
  • the data receiving end is a server
  • a 5G network connection is used between the data terminal and the server.
  • the first part of the data key is denoted as M1
  • the second part of the data key is denoted as M2
  • the first part of the data key and the second part of the data key are combined into an encryption key and a decryption key M3
  • the first part of the data key and the second part are combined into an encryption key and a decryption key M3.
  • Part of the data key is RC4 key.
  • the data encryption transmission method includes the following steps:
  • Step 1 Data collection: The sensor collects the signal and obtains the data through the analog-to-digital conversion circuit.
  • Step 2 Data storage: Store the data in FLASH memory.
  • Step 3 Setting: Set the current data pointer to the latest value.
  • Step 4 Generate the RC4 key: Generate the RC4 key through the true random number generator of the encryption chip, and the key length can be specified.
  • Step 5 Encrypt the terminal ID: use the RC4 key to encrypt the terminal ID.
  • Step 6 Encrypt the RC4 key: encrypt the RC4 key with the RSA private key through the encryption chip.
  • Step 7 Establish a connection: establish a TCP connection with the server through the 5G module.
  • Step 8 Transmit ID and RC4 key: Transmit the encrypted terminal ID and RC4 key to the server.
  • Step 9 Decrypt the ID and RC4 key: The server decrypts the ID and RC4 key.
  • Step 10 Identity authentication: The server decrypts the RC4 key, decrypts the ID with the RC4 key, and authenticates the identity through ID comparison.
  • Step 11 Generate M2 randomly: The server generates the second half of the RC4 key M2.
  • Step 12. Encrypt M2 Use M1 as the key to encrypt M2.
  • Step 13 Return result: return the encrypted M2 and data serial number.
  • Step 14 Decrypt M2: The sensor uses M1 to decrypt M2.
  • Step 16 Setting: reset the current data serial number to the current data pointer register.
  • Step 18 Read data: read data.
  • Step 19 RC4 encrypts data: Use RC4 to encrypt data with M3 as the key.
  • Step 20 Transmit encrypted data: transmit encrypted data.
  • Step 21 Setting: Set the current data serial number to get the current data pointer register.
  • Step 22 Decrypt the data: The server uses RC4 to decrypt the current data with M3 as the key.
  • the steps of the method or algorithm described in combination with the embodiments disclosed in this document can be directly implemented by hardware, a software module executed by a processor, or a combination of the two.
  • the software module can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or all areas in the technical field. Any other known storage media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method for encrypted transmission of data. The method comprises: S1, a data sending end generating a first part of a data key, and sending the first part of the data key to a data receiving end; S2, the data receiving end generating a second part of the data key, and sending the second part of the data key to the data sending end; S3, the first part of the data key and the second part of the data key generating an encryption key and a decryption key; S4, the data sending end using the encryption key to encrypt data to be transmitted, and sending generated encrypted data to the data receiving end; and S5, the data receiving end using the decryption key to decrypt the received encrypted data, so as to obtain the data to be transmitted. The encryption key in the present invention is jointly generated by the data sending end and the data receiving end, and only part of the key is transmitted each time, thereby effectively preventing data interception and data hacking, and improving the data transmission security.

Description

一种数据加密传输方法A data encryption transmission method 技术领域Technical field
本发明涉及数据传输安全领域,更具体地说,涉及一种数据加密传输方法。The invention relates to the field of data transmission security, and more specifically, to a data encryption transmission method.
背景技术Background technique
数据的安全传输是信息时代的永恒话题,数据的安全传输关系到用户的隐私。现有数据传输方法对传输数据进行加密,但所使用的加密密钥仅由发送端产生,通过破解发送端一端即可实现加密密钥的破解,也可通过数据拦截进行模仿欺骗,安全性低。The secure transmission of data is an eternal topic in the information age, and the secure transmission of data is related to the privacy of users. The existing data transmission method encrypts the transmitted data, but the encryption key used is only generated by the sender. The encryption key can be cracked by cracking the sender end, and the data can also be intercepted to imitate and deceive, and the security is low. .
技术问题technical problem
本发明要解决的技术问题在于,针对现有技术的上述缺陷,提供一种数据加密传输方法。The technical problem to be solved by the present invention is to provide a data encryption transmission method in view of the above-mentioned defects of the prior art.
技术解决方案Technical solutions
本发明解决其技术问题所采用的技术方案是:构造一种数据加密传输方法,包括:The technical solution adopted by the present invention to solve its technical problems is: constructing a data encryption transmission method, including:
S1、数据发送端生成第一部分数据密钥,发送所述第一部分数据密钥至数据接收端;S1. The data sending end generates a first partial data key, and sends the first partial data key to the data receiving end;
S2、所述数据接收端生成第二部分数据密钥,发送所述第二部分数据密钥至所述数据发送端;S2. The data receiving end generates a second partial data key, and sends the second partial data key to the data sending end;
S3、由所述第一部分数据密钥和所述第二部分数据密钥生成加密密钥和解密密钥;S3. Generate an encryption key and a decryption key from the first part data key and the second part data key;
S4、所述数据发送端使用所述加密密钥加密待传输数据,将生成的加密数据发送至所述数据接收端;S4. The data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data to the data receiving end;
S5、所述数据接收端使用所述解密密钥解密接收的所述加密数据,得到所述待传输数据。S5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
进一步,在本发明所述的数据加密传输方法中,所述步骤S1中发送所述第一部分数据密钥至数据接收端包括:Further, in the data encryption transmission method of the present invention, the step S1 sending the first partial data key to the data receiving end includes:
S11、使用预设加密算法加密所述第一部分数据密钥,将生成的第一加密密钥发送至所述数据接收端;S11. Use a preset encryption algorithm to encrypt the first part of the data key, and send the generated first encryption key to the data receiving end;
S12、所述数据接收端使用与所述预设加密算法对应的预设解密算法解密所述第一加密密钥得到所述第一部分数据密钥。S12. The data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
进一步,在本发明所述的数据加密传输方法中,所述步骤S2中发送所述第二部分数据密钥至所述数据发送端包括:Further, in the data encryption transmission method of the present invention, the step S2 sending the second partial data key to the data sending end includes:
S21、使用所述第一部分数据密钥加密所述第二部分数据密钥,将生成的第二加密密钥发送至所述数据发送端;S21. Use the first partial data key to encrypt the second partial data key, and send the generated second encryption key to the data sending end;
S22、所述数据发送端使用所述第一部分数据密钥解密所述第二加密密钥得到所述第二部分数据密钥;S22. The data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key;
或者or
所述步骤S2中发送所述第二部分数据密钥至所述数据发送端包括:The step S2 sending the second partial data key to the data sending end includes:
S23、使用预设加密算法加密所述第二部分数据密钥,将生成的第二加密密钥发送至所述数据发送端;S23. Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key to the data sending end;
S24、所述数据发送端使用与所述预设加密算法对应的预设解密算法解密所述第二加密密钥得到所述第二部分数据密钥。S24. The data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
进一步,在本发明所述的数据加密传输方法中,所述预设加密算法为非对称加密算法的私钥,所述预设解密算法为所述非对称加密算法的公钥。Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
进一步,在本发明所述的数据加密传输方法中,所述非对称加密算法的私钥存储在所述数据发送端内加密芯片的密钥存储区内,且所述密钥存储区为外部设备不可读取区域。Further, in the data encryption transmission method of the present invention, the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is an external device Unreadable area.
进一步,在本发明所述的数据加密传输方法中,所述步骤S3中所述加密密钥为对称算法加密密钥,所述解密密钥为对称算法解密密钥。Further, in the data encryption transmission method of the present invention, the encryption key in the step S3 is a symmetric algorithm encryption key, and the decryption key is a symmetric algorithm decryption key.
进一步,在本发明所述的数据加密传输方法中,所述步骤S1中数据发送端生成第一部分数据密钥包括:所述数据发送端的随机数发生器生成所述第一部分数据密钥,且每次生成的所述第一部分数据密钥不同;Further, in the data encryption transmission method of the present invention, in the step S1, the data sending end generating the first partial data key includes: the random number generator of the data sending end generates the first partial data key, and each The key of the first part of the data generated this time is different;
所述步骤S2中所述数据接收端生成第二部分数据密钥包括:所述数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的所述第二部分数据密钥不同。In the step S2, the data receiving end generating the second partial data key includes: the random number generator of the data receiving end generates the second partial data key, and the second partial data key generated each time is different .
进一步,在本发明所述的数据加密传输方法中,所述步骤S4中所述待传输数据采用环形队列存储在所述数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为所述待传输数据。Further, in the data encryption transmission method of the present invention, the data to be transmitted in the step S4 is stored in the FLASH memory of the data sending end using a circular queue, and the data between the latest data pointer and the current data pointer is Is the data to be transmitted.
进一步,在本发明所述的数据加密传输方法中,在所述步骤S5之后还包括:Further, in the data encryption transmission method of the present invention, after the step S5, the method further includes:
S6、判断所述数据发送端和所述数据接收端的会话连接时长是否达到预设时长;S6. Determine whether the session connection duration between the data sending end and the data receiving end reaches a preset duration;
S7、若是,则重新建立所述数据发送端和所述数据接收端的会话连接。S7. If yes, re-establish a session connection between the data sending end and the data receiving end.
进一步,在本发明所述的数据加密传输方法中,所述数据发送端为数据采集终端,所述数据接收端为服务器。Further, in the data encryption transmission method of the present invention, the data sending end is a data collection terminal, and the data receiving end is a server.
另,本发明还提供一种数据加密传输方法,应用于数据发送端,包括:In addition, the present invention also provides a data encryption transmission method, which is applied to the data sending end, and includes:
F1、所述数据发送端生成第一部分数据密钥,发送所述第一部分数据密钥;F1. The data sending end generates a first partial data key, and sends the first partial data key;
F2、所述数据发送端接收数据接收端发送的第二部分数据密钥;F2. The data sending end receives the second part of the data key sent by the data receiving end;
F3、由所述第一部分数据密钥和所述第二部分数据密钥生成加密密钥;F3. Generate an encryption key from the first part data key and the second part data key;
F4、所述数据发送端使用所述加密密钥加密待传输数据,发送生成的加密数据。F4. The data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data.
进一步,在本发明所述的数据加密传输方法中,所述步骤F1中发送所述第一部分数据密钥包括:F11、使用预设加密算法加密所述第一部分数据密钥,发送生成的第一加密密钥。Further, in the data encryption transmission method of the present invention, the step F1 sending the first part of the data key includes: F11, encrypting the first part of the data key using a preset encryption algorithm, and sending the generated first part of the data key. Encryption key.
进一步,在本发明所述的数据加密传输方法中,所述步骤F2包括:Further, in the data encryption transmission method of the present invention, the step F2 includes:
F21、所述数据发送端接收数据接收端发送的第二加密密钥,所述第二加密密钥由所述第一部分数据密钥加密所述第二部分数据密钥生成;F21. The data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by the first part of the data key;
F22、所述数据发送端使用所述第一部分数据密钥解密所述第二加密密钥得到所述第二部分数据密钥;F22. The data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key;
或者or
所述步骤F2包括:The step F2 includes:
F23、所述数据发送端接收数据接收端发送的第二加密密钥,所述第二加密密钥由预设加密算法加密所述第二部分数据密钥生成;F23. The data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by a preset encryption algorithm;
F24、所述数据发送端使用与所述预设加密算法对应的预设解密算法解密所述第二加密密钥得到所述第二部分数据密钥。F24. The data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
进一步,在本发明所述的数据加密传输方法中,所述预设加密算法为非对称加密算法的私钥,所述非对称加密算法的私钥存储在所述数据发送端内加密芯片的密钥存储区内,且所述密钥存储区为外部设备不可读取区域。Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the private key of the asymmetric encryption algorithm is stored in the encryption chip of the data sending end. A key storage area, and the key storage area is an area that is not readable by an external device.
进一步,在本发明所述的数据加密传输方法中,所述步骤F1中数据发送端生成第一部分数据密钥包括:所述数据发送端的随机数发生器生成所述第一部分数据密钥,且每次生成的所述第一部分数据密钥不同。Further, in the data encryption transmission method of the present invention, in the step F1, the data sending end generating the first partial data key includes: the random number generator of the data sending end generates the first partial data key, and each The keys of the first part of the data generated this time are different.
进一步,在本发明所述的数据加密传输方法中,所述步骤F4中所述待传输数据采用环形队列存储在所述数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为所述待传输数据。Further, in the data encryption transmission method of the present invention, the data to be transmitted in the step F4 is stored in the FLASH memory of the data sending end using a circular queue, and the data between the latest data pointer and the current data pointer is Is the data to be transmitted.
进一步,在本发明所述的数据加密传输方法中,所述步骤F3中所述加密密钥为对称算法加密密钥;Further, in the data encryption transmission method of the present invention, the encryption key in step F3 is a symmetric algorithm encryption key;
所述数据发送端为数据采集终端,所述数据接收端为服务器。The data sending end is a data collection terminal, and the data receiving end is a server.
另,本发明还提供一种数据加密传输方法,应用于数据接收端,包括:In addition, the present invention also provides a data encryption transmission method, which is applied to the data receiving end, and includes:
J1、所述数据接收端接收数据发送端发送的第一部分数据密钥;J1. The data receiving end receives the first part of the data key sent by the data sending end;
J2、所述数据接收端生成第二部分数据密钥,发送所述第二部分数据密钥;J2, the data receiving end generates a second partial data key, and sends the second partial data key;
J3、由所述第一部分数据密钥和所述第二部分数据密钥生成解密密钥;J3. Generate a decryption key from the first partial data key and the second partial data key;
J4、所述数据接收端接收所述数据发送端发送的加密数据,所述加密数据包括待传输数据;J4. The data receiving end receives encrypted data sent by the data sending end, where the encrypted data includes data to be transmitted;
J5、所述数据接收端使用所述解密密钥解密接收的所述加密数据,得到所述待传输数据。J5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
进一步,在本发明所述的数据加密传输方法中,所述步骤J1包括:Further, in the data encryption transmission method of the present invention, the step J1 includes:
J11、所述数据接收端接收所述数据发送端发送的第一加密密钥,所述第一加密密钥由所述第一部分数据密钥经预设加密算法加密得到;J11. The data receiving end receives the first encryption key sent by the data sending end, where the first encryption key is obtained by encrypting the first part of the data key through a preset encryption algorithm;
J12、所述数据接收端使用与所述预设加密算法对应的预设解密算法解密所述第一加密密钥得到所述第一部分数据密钥。J12. The data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
进一步,在本发明所述的数据加密传输方法中,所述步骤J2中发送所述第二部分数据密钥包括:J21、使用所述第一部分数据密钥加密所述第二部分数据密钥,发送生成的第二加密密钥;或Further, in the data encryption transmission method of the present invention, the sending of the second partial data key in step J2 includes: J21, using the first partial data key to encrypt the second partial data key, Send the generated second encryption key; or
J22、使用预设加密算法加密所述第二部分数据密钥,发送生成的第二加密密钥。J22. Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key.
进一步,在本发明所述的数据加密传输方法中,所述预设加密算法为非对称加密算法的私钥,所述预设解密算法为所述非对称加密算法的公钥。Further, in the data encryption transmission method of the present invention, the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
进一步,在本发明所述的数据加密传输方法中,所述步骤J2中所述数据接收端生成第二部分数据密钥包括:所述数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的所述第二部分数据密钥不同。Further, in the data encryption transmission method of the present invention, in the step J2, the data receiving end generating the second partial data key includes: the random number generator of the data receiving end generates the second partial data key, And the second part of the data key generated each time is different.
进一步,在本发明所述的数据加密传输方法中,所述解密密钥为对称算法解密密钥;Further, in the data encryption transmission method of the present invention, the decryption key is a symmetric algorithm decryption key;
所述数据发送端为数据采集终端,所述数据接收端为服务器。The data sending end is a data collection terminal, and the data receiving end is a server.
有益效果Beneficial effect
实施本发明的一种数据加密传输方法,具有以下有益效果:本发明的加密密钥由数据发送端和数据接收端共同产生,且每次传输的仅是一部分密钥,有效防止数据拦截和数据破解,提高数据传输安全。A data encryption transmission method implementing the present invention has the following beneficial effects: the encryption key of the present invention is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, effectively preventing data interception and data transmission. Crack, improve data transmission security.
附图说明Description of the drawings
下面将结合附图及实施例对本发明作进一步说明,附图中:The present invention will be further described below in conjunction with the accompanying drawings and embodiments. In the accompanying drawings:
图1是一实施例提供的一种数据加密传输方法的流程图;FIG. 1 is a flowchart of a method for data encryption transmission provided by an embodiment;
图2是一实施例提供的一种数据加密传输方法的流程图;FIG. 2 is a flowchart of a data encryption transmission method provided by an embodiment;
图3是一实施例提供的一种数据加密传输方法的流程图;FIG. 3 is a flowchart of a data encryption transmission method provided by an embodiment;
图4是一实施例提供的一种数据加密传输方法的流程图;FIG. 4 is a flowchart of a data encryption transmission method provided by an embodiment;
图5是一实施例提供的一种数据加密传输方法的时序图。Fig. 5 is a sequence diagram of a data encryption transmission method provided by an embodiment.
本发明的实施方式Embodiments of the present invention
为了对本发明的技术特征、目的和效果有更加清楚的理解,现对照附图详细说明本发明的具体实施方式。In order to have a clearer understanding of the technical features, objectives and effects of the present invention, specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings.
实施例Example
参考图1,本实施例的数据加密传输方法应用于数据发送端和数据接收端之间的数据传输,本实施例以数据发送端和数据接收端一次传输数据过程进行说明。可以理解,数据接收端也可同时作为数据发送端,数据发送端也可同时作为数据接收端,从而实现数据的双向传输。该方法包括下述步骤:1, the data encryption transmission method of this embodiment is applied to data transmission between a data sending end and a data receiving end. In this embodiment, a process of transmitting data at a time between the data sending end and the data receiving end is described in this embodiment. It can be understood that the data receiving end can also be used as a data sending end at the same time, and the data sending end can also be used as a data receiving end at the same time, thereby realizing two-way data transmission. The method includes the following steps:
S1、数据发送端生成第一部分数据密钥,发送第一部分数据密钥至数据接收端。S1. The data sending end generates a first part of the data key, and sends the first part of the data key to the data receiving end.
具体的,数据发送端的随机数发生器生成第一部分数据密钥,且每次生成的随机数不同,使得每次生成的第一部分数据密钥不同。因每次生成的第一部分数据密钥不同,保证每次传输给数据接收端的第一部分数据密钥不同。Specifically, the random number generator at the data sending end generates the first part of the data key, and the random number generated each time is different, so that the first part of the data key generated each time is different. Because the key of the first part of the data generated each time is different, it is guaranteed that the key of the first part of the data transmitted to the data receiving end is different each time.
为了进一步提高第一部分数据密钥的安全性,本实施例对第一部分数据密钥进行加密处理,发送加密后的第一部分数据密钥,具体加密过程为:In order to further improve the security of the first part of the data key, this embodiment encrypts the first part of the data key, and sends the encrypted first part of the data key. The specific encryption process is as follows:
S11、使用预设加密算法加密第一部分数据密钥,将生成的第一加密密钥发送至数据接收端。S11. Use a preset encryption algorithm to encrypt the first part of the data key, and send the generated first encryption key to the data receiving end.
S12、数据接收端使用与预设加密算法对应的预设解密算法解密第一加密密钥得到第一部分数据密钥。其中预设加密算法和预设解密算法相互对应,且提前存储在数据发送端和数据接收端。S12. The data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key. The preset encryption algorithm and the preset decryption algorithm correspond to each other, and are stored in the data sending end and the data receiving end in advance.
作为选择,上述加密过程中预设加密算法为非对称加密算法的私钥,解密过程中对应的预设解密算法为非对称加密算法的公钥。非对称加密算法的私钥存储在数据发送端内加密芯片的密钥存储区内,且密钥存储区为外部设备不可读取区域。因非对称加密算法的私钥不可能被读取,仅能供加密芯片内部使用,从而在源头上实现绝对安全。Alternatively, in the foregoing encryption process, the preset encryption algorithm is the private key of the asymmetric encryption algorithm, and the corresponding preset decryption algorithm in the decryption process is the public key of the asymmetric encryption algorithm. The private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is an unreadable area for external devices. Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
S2、数据接收端生成第二部分数据密钥,发送第二部分数据密钥至数据发送端。S2. The data receiving end generates the second part of the data key, and sends the second part of the data key to the data sending end.
具体的,数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的第二部分数据密钥不同。因每次生成的第二部分数据密钥不同,保证每次传输给数据发送端的第二部分数据密钥不同。Specifically, the random number generator at the data receiving end generates the second part of the data key, and the second part of the data key generated each time is different. Since the key of the second part of the data generated each time is different, it is guaranteed that the key of the second part of the data transmitted to the data sender is different each time.
为了进一步提高第二部分数据密钥的安全性,本实施例对第二部分数据密钥进行加密处理,发送加密后的第二部分数据密钥。本实施例提供两种对第二部分数据密钥加密方式:In order to further improve the security of the second part of the data key, this embodiment performs encryption processing on the second part of the data key, and sends the encrypted second part of the data key. This embodiment provides two key encryption methods for the second part of the data:
第二部分数据密钥的第一加密方式:The first encryption method of the second part of the data key:
S21、使用第一部分数据密钥加密第二部分数据密钥,将生成的第二加密密钥发送至数据发送端。若第一部分数据使用预设加密算法加密,则数据接收端首先需要使用与预设加密算法对应的预设解密算法解密得到第一部分数据密钥。S21. Use the first partial data key to encrypt the second partial data key, and send the generated second encryption key to the data sending end. If the first part of data is encrypted using a preset encryption algorithm, the data receiving end first needs to decrypt it by using a preset decryption algorithm corresponding to the preset encryption algorithm to obtain the first part of the data key.
S22、数据发送端使用第一部分数据密钥解密第二加密密钥得到第二部分数据密钥。因第一部分数据密钥由数据发送端产生,所以数据发送端已经存储有第一部分数据密钥。S22. The data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key. Since the first part of the data key is generated by the data sender, the data sender has already stored the first part of the data key.
第二部分数据密钥的第二加密方式:The second encryption method of the second part of the data key:
S23、使用预设加密算法加密第二部分数据密钥,将生成的第二加密密钥发送至数据发送端。S23. Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key to the data sending end.
S24、数据发送端使用与预设加密算法对应的预设解密算法解密第二加密密钥得到第二部分数据密钥。其中预设加密算法和预设解密算法相互对应,且提前存储在数据发送端和数据接收端。S24. The data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key. The preset encryption algorithm and the preset decryption algorithm correspond to each other, and are stored in the data sending end and the data receiving end in advance.
作为选择,预设加密算法为非对称加密算法的私钥,预设解密算法为非对称加密算法的公钥。非对称加密算法的私钥存储在数据接收端内加密芯片的密钥存储区内,且密钥存储区为外部设备不可读取区域。因非对称加密算法的私钥不可能被读取,仅能供加密芯片内部使用,从而在源头上实现绝对安全。Alternatively, the preset encryption algorithm is the private key of the asymmetric encryption algorithm, and the preset decryption algorithm is the public key of the asymmetric encryption algorithm. The private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices. Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
S3、由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥。S3. Generate an encryption key and a decryption key from the first part of the data key and the second part of the data key.
具体的,经过上述步骤,在数据发送端和数据接收端都存储有第一部分数据密钥和第二部分数据密钥,则数据发送端由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥,数据接收端由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥。本实施例中仅描述一次单向数据传输,则数据发送端由第一部分数据密钥和第二部分数据密钥仅需生成加密密钥,数据接收端由第一部分数据密钥和第二部分数据密钥仅需生成解密密钥。Specifically, after the above steps, the first part of the data key and the second part of the data key are stored on the data sending end and the data receiving end, and the data sending end is encrypted by the first part of the data key and the second part of the data key. The encryption key and the decryption key are generated by the data receiving end from the first part of the data key and the second part of the data key. In this embodiment, only one one-way data transmission is described. The data sending end only needs to generate an encryption key from the first part of the data key and the second part of the data key, and the data receiving end is composed of the first part of the data key and the second part of the data. The key only needs to generate the decryption key.
作为选择,加密密钥为对称算法加密密钥,解密密钥为对称算法解密密钥。例如对称算法加密密钥为RC4加密密钥,对称算法解密密钥为RC4解密密钥。Alternatively, the encryption key is a symmetric algorithm encryption key, and the decryption key is a symmetric algorithm decryption key. For example, the symmetric algorithm encryption key is the RC4 encryption key, and the symmetric algorithm decryption key is the RC4 decryption key.
S4、数据发送端使用加密密钥加密待传输数据,将生成的加密数据发送至数据接收端。首先读取数据发送端的待传输数据,例如数据发送端中待传输数据采用环形队列存储在数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为待传输数据。读取待传输数据后,使用由第一部分数据密钥和第二部分数据密钥生成加密密钥加密待传输数据,加密后生成加密数据,将生成的加密数据发送至数据接收端。S4. The data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data to the data receiving end. First, read the data to be transmitted at the data sender. For example, the data to be transmitted in the data sender is stored in the FLASH memory of the data sender using a circular queue, and the data between the latest data pointer and the current data pointer is the data to be transmitted. After reading the data to be transmitted, use the encryption key generated from the first part of the data key and the second part of the data key to encrypt the data to be transmitted, generate encrypted data after encryption, and send the generated encrypted data to the data receiving end.
S5、数据接收端使用解密密钥解密接收的加密数据,得到待传输数据。数据接收端由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥,因加密数据由第一部分数据密钥和第二部分数据密钥生成加密密钥加密待传输数据得到,对应的数据接收端使用由第一部分数据密钥和第二部分数据密钥生成的解密密钥解密加密数据,得到待传输数据,实现数据的安全传输。S5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted. The data receiving end generates an encryption key and a decryption key from the first part of the data key and the second part of the data key, because the encrypted data is generated by the first part of the data key and the second part of the data key to generate the encryption key to encrypt the data to be transmitted , The corresponding data receiving end uses the decryption key generated by the first part data key and the second part data key to decrypt the encrypted data to obtain the data to be transmitted, so as to realize the safe transmission of the data.
作为选择,数据发送端和数据接收端之间的网络为有线通信网络或无线通信网络,本实施例对此不做限定,能够进行数据传输的网络都可使用本实施例的数据加密传输方法传输数据,都属于本实施例的保护范围。Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
作为选择,数据发送端为数据采集终端,数据接收端为服务器。本实施例的加密密钥由数据发送端和数据接收端共同产生,且每次传输的仅是一部分密钥,有效防止数据拦截和数据破解,提高数据传输安全。Alternatively, the data sending end is a data collection terminal, and the data receiving end is a server. The encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
实施例Example
参考图2,在上述实施例的基础上,本实施例的数据加密传输方法中在步骤S5之后还包括:Referring to FIG. 2, on the basis of the foregoing embodiment, the data encryption transmission method of this embodiment further includes after step S5:
S6、判断数据发送端和数据接收端的会话连接时长是否达到预设时长。数据发送端和数据接收端建立会话连接时开始计时,预设时长可根据需要设置。S6. Determine whether the session connection duration between the data sending end and the data receiving end reaches a preset duration. The timing starts when the data sending end and the data receiving end establish a session connection, and the preset duration can be set as needed.
S7、若达到预设时长,则重新建立数据发送端和数据接收端的会话连接。重新连接时,数据发送端的随机数发生器重新生成第一部分数据密钥,重新生成的第一部分数据密钥不同于之前生成的所有第一部分数据密钥。同时,数据接收端的随机数发生器重新生成第二部分数据密钥,重新生成的第二部分数据密钥不同于之前生成的所有第二部分数据密钥。进而重新由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥,实现加密密钥和解密密钥的动态化。S7. If the preset duration is reached, the session connection between the data sending end and the data receiving end is re-established. When reconnecting, the random number generator at the data sending end regenerates the first part data key, and the regenerated first part data key is different from all the first part data keys previously generated. At the same time, the random number generator at the data receiving end regenerates the second partial data key, and the regenerated second partial data key is different from all the second partial data keys previously generated. Furthermore, the encryption key and the decryption key are generated from the first part of the data key and the second part of the data key again to realize the dynamization of the encryption key and the decryption key.
本实施例间隔预设会话时长后重新建立数据发送端和数据接收端的连接,同时重新生成第一部分加密密钥和第二部分加密密钥,实现加密密钥和解密密钥的动态化,提高安全性。In this embodiment, the connection between the data sending end and the data receiving end is re-established after the preset session time interval, and the first part of the encryption key and the second part of the encryption key are regenerated at the same time, so that the encryption key and the decryption key are dynamic and improve security. Sex.
实施例Example
参考图3,本实施例的一种数据加密传输方法应用于数据发送端,该方法包括下述步骤:Referring to FIG. 3, a data encryption transmission method of this embodiment is applied to a data sending end, and the method includes the following steps:
F1、数据发送端生成第一部分数据密钥,发送第一部分数据密钥。F1. The data sending end generates the first part of the data key, and sends the first part of the data key.
具体的,数据发送端的随机数发生器生成第一部分数据密钥,且每次生成的第一部分数据密钥不同。因每次生成的第一部分数据密钥不同,保证每次传输给数据接收端的第一部分数据密钥不同。Specifically, the random number generator at the data sending end generates the first part of the data key, and the first part of the data key generated each time is different. Because the key of the first part of the data generated each time is different, it is guaranteed that the key of the first part of the data transmitted to the data receiving end is different each time.
为了进一步提高第一部分数据密钥的安全性,本实施例对第一部分数据密钥进行加密处理,具体加密过程为:F11、使用预设加密算法加密第一部分数据密钥,发送生成的第一加密密钥;其中预设加密算法提前存储在数据发送端。In order to further improve the security of the first part of the data key, this embodiment encrypts the first part of the data key. The specific encryption process is: F11. Use a preset encryption algorithm to encrypt the first part of the data key, and send the generated first encryption Key; the preset encryption algorithm is stored in the data sending end in advance.
F2、数据发送端接收数据接收端发送的第二部分数据密钥。F2. The data sending end receives the second part of the data key sent by the data receiving end.
具体的,为了进一步提高第二部分数据密钥的安全性,本实施例对第二部分数据密钥进行加密处理,且本实施例提供两种对第二部分数据密钥加密方式:Specifically, in order to further improve the security of the second part data key, this embodiment performs encryption processing on the second part data key, and this embodiment provides two encryption methods for the second part data key:
第二部分数据密钥的第一加密方式:The first encryption method of the second part of the data key:
F21、数据发送端接收数据接收端发送的第二加密密钥,第二加密密钥由第一部分数据密钥加密第二部分数据密钥生成,其中第一部分数据密钥是由数据发送端发送至数据接收端的。F21. The data sending end receives the second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of the data key by the first part of the data key, and the first part of the data key is sent by the data sending end to At the data receiving end.
F22、数据发送端使用第一部分数据密钥解密第二加密密钥得到第二部分数据密钥,因第一部分数据密钥由数据发送端产生,所以数据发送端已经存储有第一部分数据密钥。F22. The data sender uses the first part of the data key to decrypt the second encryption key to obtain the second part of the data key. Since the first part of the data key is generated by the data sender, the data sender has already stored the first part of the data key.
第二部分数据密钥的第二加密方式:The second encryption method of the second part of the data key:
F23、数据发送端接收数据接收端发送的第二加密密钥,第二加密密钥由预设加密算法加密第二部分数据密钥生成。F23. The data sending end receives the second encryption key sent by the data receiving end, and the second encryption key is generated by encrypting the second part of the data key with a preset encryption algorithm.
F24、数据发送端使用与预设加密算法对应的预设解密算法解密第二加密密钥得到第二部分数据密钥。F24. The data sending end uses the preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second part of the data key.
作为选择,预设加密算法为非对称加密算法的私钥,非对称加密算法的私钥存储在数据接收端内加密芯片的密钥存储区内,且密钥存储区为外部设备不可读取区域。因非对称加密算法的私钥不可能被读取,仅能供加密芯片内部使用,从而在源头上实现绝对安全。Alternatively, the preset encryption algorithm is the private key of the asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices . Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
F3、由第一部分数据密钥和第二部分数据密钥生成加密密钥。F3. Generate an encryption key from the first part of the data key and the second part of the data key.
具体的,经过上述步骤,在数据发送端存储有第一部分数据密钥和第二部分数据密钥,则数据发送端由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥。作为选择,加密密钥为对称算法加密密钥。例如对称算法加密密钥为RC4加密密钥。Specifically, after the above steps, the first part of the data key and the second part of the data key are stored on the data sending end, and the data sending end generates the encryption key and the decryption key from the first part of the data key and the second part of the data key. key. Alternatively, the encryption key is a symmetric algorithm encryption key. For example, the symmetric algorithm encryption key is an RC4 encryption key.
F4、数据发送端使用加密密钥加密待传输数据,发送生成的加密数据。首先读取数据发送端的待传输数据,例如数据发送端中待传输数据采用环形队列存储在数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为待传输数据。读取待传输数据后,使用由第一部分数据密钥和第二部分数据密钥生成加密密钥加密待传输数据,加密后生成加密数据,并发送生成的加密数据,实现数据的安全传输。F4. The data sender uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data. First, read the data to be transmitted at the data sender. For example, the data to be transmitted in the data sender is stored in the FLASH memory of the data sender using a circular queue, and the data between the latest data pointer and the current data pointer is the data to be transmitted. After reading the data to be transmitted, use the encryption key generated from the first part of the data key and the second part of the data key to encrypt the data to be transmitted, generate encrypted data after encryption, and send the generated encrypted data to realize safe data transmission.
作为选择,数据发送端和数据接收端之间的网络为有线通信网络或无线通信网络,本实施例对此不做限定,能够进行数据传输的网络都可使用本实施例的数据加密传输方法传输数据,都属于本实施例的保护范围。Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
作为选择,数据发送端为数据采集终端,数据接收端为服务器。Alternatively, the data sending end is a data collection terminal, and the data receiving end is a server.
本实施例的加密密钥由数据发送端和数据接收端共同产生,且每次传输的仅是一部分密钥,有效防止数据拦截和数据破解,提高数据传输安全。The encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
实施例Example
参考图4,本实施例的一种数据加密传输方法应用于数据接收端,该方法包括下述步骤:Referring to FIG. 4, a data encryption transmission method of this embodiment is applied to a data receiving end, and the method includes the following steps:
J1、数据接收端接收数据发送端发送的第一部分数据密钥。第一部分数据密钥为数据发送端的随机数发生器生成,且每次生成的第一部分数据密钥都不相同,即数据接收端每次接收的第一部分数据密钥都不相同。J1. The data receiving end receives the first part of the data key sent by the data sending end. The first part of the data key is generated by the random number generator of the data sending end, and the first part of the data key generated each time is different, that is, the first part of the data key received by the data receiving end is different each time.
为了进一步提高第一部分数据密钥的安全性,数据发送端对第一部分数据密钥进行加密传输,即数据发送端使用预设加密算法加密第一部分数据密钥,将生成的第一加密密钥发送至数据接收端。In order to further improve the security of the first part of the data key, the data sender encrypts the first part of the data key, that is, the data sender encrypts the first part of the data key using a preset encryption algorithm, and sends the generated first encryption key To the data receiving end.
J11、数据接收端接收数据发送端发送的第一加密密钥,第一加密密钥由第一部分数据密钥经预设加密算法加密得到。J11. The data receiving end receives the first encryption key sent by the data sending end, and the first encryption key is obtained by encrypting the first part of the data key through a preset encryption algorithm.
J12、数据接收端使用与预设加密算法对应的预设解密算法解密第一加密密钥得到第一部分数据密钥。预设加密算法为非对称加密算法的私钥,预设解密算法为非对称加密算法的公钥。其中预设加密算法和预设解密算法相互对应,且预设加密算法提前存储在数据发送端,预设解密算法提前存储在数据接收端。作为选择,上述加密过程中预设加密算法为非对称加密算法的私钥,预设解密算法为非对称加密算法的公钥。J12. The data receiving end uses the preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first part of the data key. The preset encryption algorithm is the private key of the asymmetric encryption algorithm, and the preset decryption algorithm is the public key of the asymmetric encryption algorithm. The preset encryption algorithm and the preset decryption algorithm correspond to each other, and the preset encryption algorithm is stored in the data sending end in advance, and the preset decryption algorithm is stored in the data receiving end in advance. Alternatively, in the foregoing encryption process, the preset encryption algorithm is the private key of the asymmetric encryption algorithm, and the preset decryption algorithm is the public key of the asymmetric encryption algorithm.
J2、数据接收端生成第二部分数据密钥,发送第二部分数据密钥。J2. The data receiving end generates the second part of the data key and sends the second part of the data key.
具体的,数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的第二部分数据密钥不同。因每次生成的第二部分数据密钥不同,保证每次传输给数据发送端的第二部分数据密钥不同。Specifically, the random number generator at the data receiving end generates the second part of the data key, and the second part of the data key generated each time is different. Since the key of the second part of the data generated each time is different, it is guaranteed that the key of the second part of the data transmitted to the data sender is different each time.
为了进一步提高第二部分数据密钥的安全性,本实施例对第二部分数据密钥进行加密处理,且本实施例提供两种对第二部分数据密钥加密方式:In order to further improve the security of the second part of the data key, this embodiment performs encryption processing on the second part of the data key, and this embodiment provides two encryption methods for the second part of the data key:
第二部分数据密钥的第一加密方式:J21、使用第一部分数据密钥加密第二部分数据密钥,发送生成的第二加密密钥;其中第一部分数据密钥是由数据发送端发送至数据接收端的。The first encryption method of the second part of the data key: J21, use the first part of the data key to encrypt the second part of the data key, and send the generated second encryption key; the first part of the data key is sent by the data sender to At the data receiving end.
第二部分数据密钥的第二加密方式:J22、使用预设加密算法加密第二部分数据密钥,发送生成的第二加密密钥。作为选择,预设加密算法为非对称加密算法的私钥,非对称加密算法的私钥存储在数据接收端内加密芯片的密钥存储区内,且密钥存储区为外部设备不可读取区域。因非对称加密算法的私钥不可能被读取,仅能供加密芯片内部使用,从而在源头上实现绝对安全。The second encryption method of the second part of the data key: J22. Use the preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key. Alternatively, the preset encryption algorithm is the private key of the asymmetric encryption algorithm, the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data receiving end, and the key storage area is an unreadable area for external devices . Because the private key of the asymmetric encryption algorithm cannot be read, it can only be used internally by the encryption chip, thereby achieving absolute security at the source.
J3、由第一部分数据密钥和第二部分数据密钥生成解密密钥。经过上述步骤,在数据接收端都存储有第一部分数据密钥和第二部分数据密钥,数据接收端由第一部分数据密钥和第二部分数据密钥生成加密密钥和解密密钥。因本实施例仅描述一次单向传输,仅需数据接收端由第一部分数据密钥和第二部分数据密钥生成解密密钥。作为选择,解密密钥为对称算法解密密钥,对称算法解密密钥为RC4解密密钥。J3. Generate a decryption key from the first part of the data key and the second part of the data key. After the above steps, the first part data key and the second part data key are stored at the data receiving end, and the data receiving end generates an encryption key and a decryption key from the first part data key and the second part data key. Since this embodiment only describes one-way transmission, only the data receiving end needs to generate a decryption key from the first part of the data key and the second part of the data key. Alternatively, the decryption key is a symmetric algorithm decryption key, and the symmetric algorithm decryption key is an RC4 decryption key.
J4、数据接收端接收数据发送端发送的加密数据,加密数据包括待传输数据。数据发送端使用由第一部分数据密钥和第二部分数据密钥生成加密密钥加密待传输数据,加密后生成加密数据,将生成的加密数据发送至数据接收端。J4. The data receiving end receives the encrypted data sent by the data sending end, and the encrypted data includes the data to be transmitted. The data sending end uses the encryption key generated from the first part data key and the second part data key to encrypt the data to be transmitted, generates encrypted data after encryption, and sends the generated encrypted data to the data receiving end.
J5、数据接收端使用解密密钥解密接收的加密数据,得到待传输数据。数据接收端由第一部分数据密钥和第二部分数据密钥生成解密密钥,因加密数据由第一部分数据密钥和第二部分数据密钥生成加密密钥加密待传输数据得到,对应的数据接收端使用由第一部分数据密钥和第二部分数据密钥生成的解密密钥解密加密数据,得到待传输数据,实现数据的安全传输。J5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted. The data receiving end generates a decryption key from the first part of the data key and the second part of the data key, because the encrypted data is obtained by encrypting the data to be transmitted by the encryption key of the first part of the data key and the second part of the data key, and the corresponding data The receiving end uses the decryption key generated by the first part data key and the second part data key to decrypt the encrypted data to obtain the data to be transmitted, so as to realize the safe transmission of the data.
作为选择,数据发送端和数据接收端之间的网络为有线通信网络或无线通信网络,本实施例对此不做限定,能够进行数据传输的网络都可使用本实施例的数据加密传输方法传输数据,都属于本实施例的保护范围。Alternatively, the network between the data sending end and the data receiving end is a wired communication network or a wireless communication network, which is not limited in this embodiment, and any network capable of data transmission can use the data encryption transmission method of this embodiment to transmit The data all belong to the protection scope of this embodiment.
作为选择,数据发送端为数据采集终端,数据接收端为服务器。Alternatively, the data sending end is a data collection terminal, and the data receiving end is a server.
本实施例的加密密钥由数据发送端和数据接收端共同产生,且每次传输的仅是一部分密钥,有效防止数据拦截和数据破解,提高数据传输安全。The encryption key in this embodiment is jointly generated by the data sending end and the data receiving end, and only a part of the key is transmitted each time, which effectively prevents data interception and data cracking, and improves data transmission security.
实施例Example
参考图5,本实施例中数据发送端为数据终端,该数据终端包含传感器和加密芯片,数据接收端为服务器,数据终端和服务器之间使用5G网络连接。第一部分数据密钥表示为M1,第二部分数据密钥表示为M2,第一部分数据密钥和第二部分数据密钥合并为加密密钥和解密密钥M3,第一部分数据密钥和第二部分数据密钥为RC4密钥。该数据加密传输方法包括下述步骤:Referring to FIG. 5, in this embodiment, the data sending end is a data terminal, the data terminal includes a sensor and an encryption chip, the data receiving end is a server, and a 5G network connection is used between the data terminal and the server. The first part of the data key is denoted as M1, the second part of the data key is denoted as M2, the first part of the data key and the second part of the data key are combined into an encryption key and a decryption key M3, and the first part of the data key and the second part are combined into an encryption key and a decryption key M3. Part of the data key is RC4 key. The data encryption transmission method includes the following steps:
步骤1、数据采集:传感器采集信号,经过模数转换电路得到数据。Step 1. Data collection: The sensor collects the signal and obtains the data through the analog-to-digital conversion circuit.
步骤2、数据存储:将数据存储到FLASH内存中。Step 2. Data storage: Store the data in FLASH memory.
步骤3、设置:将当前数据指针设置为最新值。Step 3. Setting: Set the current data pointer to the latest value.
步骤4、生成RC4密钥:通过加密芯片的真随机数发生器生成RC4密钥,密钥长度可以指定。Step 4. Generate the RC4 key: Generate the RC4 key through the true random number generator of the encryption chip, and the key length can be specified.
步骤5、加密终端ID:用RC4密钥加密终端ID。Step 5. Encrypt the terminal ID: use the RC4 key to encrypt the terminal ID.
步骤6、加密RC4密钥:通过加密芯片用RSA的私钥加密RC4密钥。Step 6. Encrypt the RC4 key: encrypt the RC4 key with the RSA private key through the encryption chip.
步骤7、建立连接:通过5G模块建立与服务器的TCP连接。Step 7. Establish a connection: establish a TCP connection with the server through the 5G module.
步骤8、传输ID和RC4密钥:将加密后的终端ID和RC4密钥传到服务器。Step 8. Transmit ID and RC4 key: Transmit the encrypted terminal ID and RC4 key to the server.
步骤9、解密ID和RC4密钥:服务器解密ID和RC4密钥。Step 9. Decrypt the ID and RC4 key: The server decrypts the ID and RC4 key.
步骤10、身份认证:服务器解密RC4密钥,并以RC4密钥解密ID,通过ID对比认证身份。Step 10. Identity authentication: The server decrypts the RC4 key, decrypts the ID with the RC4 key, and authenticates the identity through ID comparison.
步骤11、随机生成M2:服务器生成后半部分RC4密钥M2。Step 11. Generate M2 randomly: The server generates the second half of the RC4 key M2.
步骤12、加密M2,:以M1为密钥加密M2。Step 12. Encrypt M2: Use M1 as the key to encrypt M2.
步骤13、返回结果:返回加密过的M2和数据序列号。Step 13. Return result: return the encrypted M2 and data serial number.
步骤14、解密M2:传感器用M1解密M2。Step 14. Decrypt M2: The sensor uses M1 to decrypt M2.
步骤15、得到M3:M3=M1+M2。Step 15. Obtain M3: M3=M1+M2.
步骤16、设置:重置当前数据序列号到当前数据指针寄存器。Step 16. Setting: reset the current data serial number to the current data pointer register.
步骤17、读取数据指针:读取当前数据序列号。Step 17. Read the data pointer: read the current data serial number.
步骤18、读取数据:读取数据。Step 18. Read data: read data.
步骤19、RC4加密数据:用RC4以M3为密钥加密数据。Step 19. RC4 encrypts data: Use RC4 to encrypt data with M3 as the key.
步骤20、传输加密数据:传输加密数据。Step 20: Transmit encrypted data: transmit encrypted data.
步骤21、设置:设置当前数据序列号得到当前数据指针寄存器。Step 21. Setting: Set the current data serial number to get the current data pointer register.
步骤22、解密数据:服务器用RC4以M3为密钥解密当前数据。Step 22: Decrypt the data: The server uses RC4 to decrypt the current data with M3 as the key.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments can be referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method part.
专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals may further realize that the units and algorithm steps of the examples described in the embodiments disclosed in this article can be implemented by electronic hardware, computer software, or a combination of the two, in order to clearly illustrate the possibilities of hardware and software. Interchangeability, in the above description, the composition and steps of each example have been generally described in accordance with the function. Whether these functions are performed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of the present invention.
结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the method or algorithm described in combination with the embodiments disclosed in this document can be directly implemented by hardware, a software module executed by a processor, or a combination of the two. The software module can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or all areas in the technical field. Any other known storage media.
以上实施例只为说明本发明的技术构思及特点,其目的在于让熟悉此项技术的人士能够了解本发明的内容并据此实施,并不能限制本发明的保护范围。凡跟本发明权利要求范围所做的均等变化与修饰,均应属于本发明权利要求的涵盖范围。The above embodiments are only to illustrate the technical concept and features of the present invention, and their purpose is to enable those familiar with the technology to understand the content of the present invention and implement them accordingly, and do not limit the protection scope of the present invention. All equivalent changes and modifications made to the scope of the claims of the present invention shall fall within the scope of the claims of the present invention.

Claims (23)

  1. 一种数据加密传输方法,其特征在于,包括:A data encryption transmission method, characterized in that it comprises:
    S1、数据发送端生成第一部分数据密钥,发送所述第一部分数据密钥至数据接收端;S1. The data sending end generates a first partial data key, and sends the first partial data key to the data receiving end;
    S2、所述数据接收端生成第二部分数据密钥,发送所述第二部分数据密钥至所述数据发送端;S2. The data receiving end generates a second partial data key, and sends the second partial data key to the data sending end;
    S3、由所述第一部分数据密钥和所述第二部分数据密钥生成加密密钥和解密密钥;S3. Generate an encryption key and a decryption key from the first part data key and the second part data key;
    S4、所述数据发送端使用所述加密密钥加密待传输数据,将生成的加密数据发送至所述数据接收端;S4. The data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data to the data receiving end;
    S5、所述数据接收端使用所述解密密钥解密接收的所述加密数据,得到所述待传输数据。S5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  2. 根据权利要求1所述的数据加密传输方法,其特征在于,所述步骤S1中发送所述第一部分数据密钥至数据接收端包括:The data encryption transmission method according to claim 1, wherein in the step S1, sending the first part of the data key to the data receiving end comprises:
    S11、使用预设加密算法加密所述第一部分数据密钥,将生成的第一加密密钥发送至所述数据接收端;S11. Use a preset encryption algorithm to encrypt the first part of the data key, and send the generated first encryption key to the data receiving end;
    S12、所述数据接收端使用与所述预设加密算法对应的预设解密算法解密所述第一加密密钥得到所述第一部分数据密钥。S12. The data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
  3. 根据权利要求1或2所述的数据加密传输方法,其特征在于,所述步骤S2中发送所述第二部分数据密钥至所述数据发送端包括:The data encryption transmission method according to claim 1 or 2, wherein the step S2 sending the second part of the data key to the data sending end comprises:
    S21、使用所述第一部分数据密钥加密所述第二部分数据密钥,将生成的第二加密密钥发送至所述数据发送端;S21. Use the first partial data key to encrypt the second partial data key, and send the generated second encryption key to the data sending end;
    S22、所述数据发送端使用所述第一部分数据密钥解密所述第二加密密钥得到所述第二部分数据密钥;S22. The data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key;
    或者or
    所述步骤S2中发送所述第二部分数据密钥至所述数据发送端包括:The step S2 sending the second partial data key to the data sending end includes:
    S23、使用预设加密算法加密所述第二部分数据密钥,将生成的第二加密密钥发送至所述数据发送端;S23. Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key to the data sending end;
    S24、所述数据发送端使用与所述预设加密算法对应的预设解密算法解密所述第二加密密钥得到所述第二部分数据密钥。S24. The data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
  4. 根据权利要求3所述的数据加密传输方法,其特征在于,所述预设加密算法为非对称加密算法的私钥,所述预设解密算法为所述非对称加密算法的公钥。The data encryption transmission method according to claim 3, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
  5. 根据权利要求4所述的数据加密传输方法,其特征在于,所述非对称加密算法的私钥存储在所述数据发送端内加密芯片的密钥存储区内,且所述密钥存储区为外部设备不可读取区域。The data encryption transmission method according to claim 4, wherein the private key of the asymmetric encryption algorithm is stored in the key storage area of the encryption chip in the data sending end, and the key storage area is The area not readable by external devices.
  6. 根据权利要求1所述的数据加密传输方法,其特征在于,所述步骤S3中所述加密密钥为对称算法加密密钥,所述解密密钥为对称算法解密密钥。The data encryption transmission method according to claim 1, wherein in the step S3, the encryption key is a symmetric algorithm encryption key, and the decryption key is a symmetric algorithm decryption key.
  7. 根据权利要求1所述的数据加密传输方法,其特征在于,所述步骤S1中数据发送端生成第一部分数据密钥包括:所述数据发送端的随机数发生器生成所述第一部分数据密钥,且每次生成的所述第一部分数据密钥不同;The data encryption transmission method according to claim 1, wherein the generating of the first partial data key by the data sending end in step S1 comprises: generating the first partial data key by a random number generator of the data sending end, And the first part of the data key generated each time is different;
    所述步骤S2中所述数据接收端生成第二部分数据密钥包括:所述数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的所述第二部分数据密钥不同。In the step S2, the data receiving end generating the second partial data key includes: the random number generator of the data receiving end generates the second partial data key, and the second partial data key generated each time is different .
  8. 根据权利要求1所述的数据加密传输方法,其特征在于,所述步骤S4中所述待传输数据采用环形队列存储在所述数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为所述待传输数据。The data encryption transmission method according to claim 1, wherein the data to be transmitted in the step S4 is stored in the FLASH memory of the data sending end using a circular queue, between the latest data pointer and the current data pointer The data is the data to be transmitted.
  9. 根据权利要求1所述的数据加密传输方法,其特征在于,在所述步骤S5之后还包括:The data encryption transmission method according to claim 1, characterized in that, after the step S5, it further comprises:
    S6、判断所述数据发送端和所述数据接收端的会话连接时长是否达到预设时长;S6. Determine whether the session connection duration between the data sending end and the data receiving end reaches a preset duration;
    S7、若是,则重新建立所述数据发送端和所述数据接收端的会话连接。S7. If yes, re-establish a session connection between the data sending end and the data receiving end.
  10. 根据权利要求1所述的数据加密传输方法,其特征在于,所述数据发送端为数据采集终端,所述数据接收端为服务器。The data encryption transmission method according to claim 1, wherein the data sending end is a data collection terminal, and the data receiving end is a server.
  11. 一种数据加密传输方法,应用于数据发送端,其特征在于,包括:A data encryption transmission method, applied to a data sending end, and is characterized in that it includes:
    F1、所述数据发送端生成第一部分数据密钥,发送所述第一部分数据密钥;F1. The data sending end generates a first partial data key, and sends the first partial data key;
    F2、所述数据发送端接收数据接收端发送的第二部分数据密钥;F2. The data sending end receives the second part of the data key sent by the data receiving end;
    F3、由所述第一部分数据密钥和所述第二部分数据密钥生成加密密钥;F3. Generate an encryption key from the first part data key and the second part data key;
    F4、所述数据发送端使用所述加密密钥加密待传输数据,发送生成的加密数据。F4. The data sending end uses the encryption key to encrypt the data to be transmitted, and sends the generated encrypted data.
  12. 根据权利要求11所述的数据加密传输方法,其特征在于,所述步骤F1中发送所述第一部分数据密钥包括:F11、使用预设加密算法加密所述第一部分数据密钥,发送生成的第一加密密钥。The data encryption transmission method according to claim 11, wherein the sending of the first part of the data key in the step F1 comprises: F11, encrypting the first part of the data key using a preset encryption algorithm, and sending the generated The first encryption key.
  13. 根据权利要求12所述的数据加密传输方法,其特征在于,所述步骤F2包括:The data encryption transmission method according to claim 12, wherein the step F2 comprises:
    F21、所述数据发送端接收数据接收端发送的第二加密密钥,所述第二加密密钥由所述第一部分数据密钥加密所述第二部分数据密钥生成;F21. The data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by the first part of the data key;
    F22、所述数据发送端使用所述第一部分数据密钥解密所述第二加密密钥得到所述第二部分数据密钥;F22. The data sending end uses the first partial data key to decrypt the second encryption key to obtain the second partial data key;
    或者or
    所述步骤F2包括:The step F2 includes:
    F23、所述数据发送端接收数据接收端发送的第二加密密钥,所述第二加密密钥由预设加密算法加密所述第二部分数据密钥生成;F23. The data sending end receives a second encryption key sent by the data receiving end, where the second encryption key is generated by encrypting the second part of the data key by a preset encryption algorithm;
    F24、所述数据发送端使用与所述预设加密算法对应的预设解密算法解密所述第二加密密钥得到所述第二部分数据密钥。F24. The data sending end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the second encryption key to obtain the second partial data key.
  14. 根据权利要求13所述的数据加密传输方法,其特征在于,所述预设加密算法为非对称加密算法的私钥,所述非对称加密算法的私钥存储在所述数据发送端内加密芯片的密钥存储区内,且所述密钥存储区为外部设备不可读取区域。The data encryption transmission method according to claim 13, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the private key of the asymmetric encryption algorithm is stored in an encryption chip in the data sending end The key storage area of, and the key storage area is an area that is not readable by an external device.
  15. 根据权利要求11所述的数据加密传输方法,其特征在于,所述步骤F1中数据发送端生成第一部分数据密钥包括:所述数据发送端的随机数发生器生成所述第一部分数据密钥,且每次生成的所述第一部分数据密钥不同。The data encryption transmission method according to claim 11, wherein the generating of the first partial data key by the data sending end in step F1 comprises: generating the first partial data key by a random number generator of the data sending end, And the first part of the data key generated each time is different.
  16. 根据权利要求11所述的数据加密传输方法,其特征在于,所述步骤F4中所述待传输数据采用环形队列存储在所述数据发送端的FLASH内存中,在最新数据指针和当前数据指针之间的数据为所述待传输数据。The data encryption transmission method according to claim 11, wherein the data to be transmitted in the step F4 is stored in the FLASH memory of the data sending end using a circular queue, between the latest data pointer and the current data pointer The data is the data to be transmitted.
  17. 根据权利要求11所述的数据加密传输方法,其特征在于,所述步骤F3中所述加密密钥为对称算法加密密钥;The data encryption transmission method according to claim 11, wherein the encryption key in the step F3 is a symmetric algorithm encryption key;
    所述数据发送端为数据采集终端,所述数据接收端为服务器。The data sending end is a data collection terminal, and the data receiving end is a server.
  18. 一种数据加密传输方法,应用于数据接收端,其特征在于,包括:A data encryption transmission method, which is applied to a data receiving end, and is characterized in that it includes:
    J1、所述数据接收端接收数据发送端发送的第一部分数据密钥;J1. The data receiving end receives the first part of the data key sent by the data sending end;
    J2、所述数据接收端生成第二部分数据密钥,发送所述第二部分数据密钥;J2, the data receiving end generates a second partial data key, and sends the second partial data key;
    J3、由所述第一部分数据密钥和所述第二部分数据密钥生成解密密钥;J3. Generate a decryption key from the first partial data key and the second partial data key;
    J4、所述数据接收端接收所述数据发送端发送的加密数据,所述加密数据包括待传输数据;J4. The data receiving end receives encrypted data sent by the data sending end, where the encrypted data includes data to be transmitted;
    J5、所述数据接收端使用所述解密密钥解密接收的所述加密数据,得到所述待传输数据。J5. The data receiving end uses the decryption key to decrypt the received encrypted data to obtain the data to be transmitted.
  19. 根据权利要求18所述的数据加密传输方法,其特征在于,所述步骤J1包括:The data encryption transmission method according to claim 18, wherein the step J1 comprises:
    J11、所述数据接收端接收所述数据发送端发送的第一加密密钥,所述第一加密密钥由所述第一部分数据密钥经预设加密算法加密得到;J11. The data receiving end receives the first encryption key sent by the data sending end, where the first encryption key is obtained by encrypting the first part of the data key through a preset encryption algorithm;
    J12、所述数据接收端使用与所述预设加密算法对应的预设解密算法解密所述第一加密密钥得到所述第一部分数据密钥。J12. The data receiving end uses a preset decryption algorithm corresponding to the preset encryption algorithm to decrypt the first encryption key to obtain the first partial data key.
  20. 根据权利要求19所述的数据加密传输方法,其特征在于,所述步骤J2中发送所述第二部分数据密钥包括:J21、使用所述第一部分数据密钥加密所述第二部分数据密钥,发送生成的第二加密密钥;或The data encryption transmission method according to claim 19, wherein the sending of the second part of the data key in the step J2 comprises: J21, using the first part of the data key to encrypt the second part of the data key Key, send the generated second encryption key; or
    J22、使用预设加密算法加密所述第二部分数据密钥,发送生成的第二加密密钥。J22. Use a preset encryption algorithm to encrypt the second part of the data key, and send the generated second encryption key.
  21. 根据权利要求20所述的数据加密传输方法,其特征在于,所述预设加密算法为非对称加密算法的私钥,所述预设解密算法为所述非对称加密算法的公钥。The data encryption transmission method according to claim 20, wherein the preset encryption algorithm is a private key of an asymmetric encryption algorithm, and the preset decryption algorithm is a public key of the asymmetric encryption algorithm.
  22. 根据权利要求18所述的数据加密传输方法,其特征在于,所述步骤J2中所述数据接收端生成第二部分数据密钥包括:所述数据接收端的随机数发生器生成第二部分数据密钥,且每次生成的所述第二部分数据密钥不同。The data encryption transmission method according to claim 18, wherein the generating of the second part of the data key by the data receiving end in the step J2 comprises: the random number generator of the data receiving end generates the second part of the data encryption key. Key, and the second part of the data key generated each time is different.
  23. 根据权利要求18所述的数据加密传输方法,其特征在于,所述解密密钥为对称算法解密密钥;The data encryption transmission method according to claim 18, wherein the decryption key is a symmetric algorithm decryption key;
    所述数据发送端为数据采集终端,所述数据接收端为服务器。The data sending end is a data collection terminal, and the data receiving end is a server.
PCT/CN2020/110620 2019-08-23 2020-08-21 Method for encrypted transmission of data WO2021036952A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910785868.XA CN110572261A (en) 2019-08-23 2019-08-23 data encryption transmission method
CN201910785868.X 2019-08-23

Publications (1)

Publication Number Publication Date
WO2021036952A1 true WO2021036952A1 (en) 2021-03-04

Family

ID=68776062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/110620 WO2021036952A1 (en) 2019-08-23 2020-08-21 Method for encrypted transmission of data

Country Status (2)

Country Link
CN (1) CN110572261A (en)
WO (1) WO2021036952A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572261A (en) * 2019-08-23 2019-12-13 杭州来布科技有限公司 data encryption transmission method
CN113761542A (en) * 2020-05-18 2021-12-07 致伸科技股份有限公司 Wireless input device and information transmission method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
WO2014117275A1 (en) * 2013-01-31 2014-08-07 Ellison Information Manufacturing Inc. Method and system for protecting data using data passports
CN107040536A (en) * 2017-04-10 2017-08-11 北京德威特继保自动化科技股份有限公司 Data ciphering method, device and system
CN110572261A (en) * 2019-08-23 2019-12-13 杭州来布科技有限公司 data encryption transmission method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281261A (en) * 2010-06-10 2011-12-14 杭州华三通信技术有限公司 Data transmission method, system and apparatus
WO2014117275A1 (en) * 2013-01-31 2014-08-07 Ellison Information Manufacturing Inc. Method and system for protecting data using data passports
CN107040536A (en) * 2017-04-10 2017-08-11 北京德威特继保自动化科技股份有限公司 Data ciphering method, device and system
CN110572261A (en) * 2019-08-23 2019-12-13 杭州来布科技有限公司 data encryption transmission method

Also Published As

Publication number Publication date
CN110572261A (en) 2019-12-13

Similar Documents

Publication Publication Date Title
US11552792B2 (en) Systems and methods for generating signatures
WO2017097041A1 (en) Data transmission method and device
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
CN104796265B (en) A kind of Internet of Things identity identifying method based on Bluetooth communication access
JP6168415B2 (en) Terminal authentication system, server device, and terminal authentication method
TWI357250B (en) Method and apparatus for transmitting data using a
US7231526B2 (en) System and method for validating a network session
ES2250771T3 (en) PROCEDURES TO CHANGE A REMOTE COMMUNICATIONS PASSWORD.
US20030210791A1 (en) Key management
CN104270242B (en) A kind of ciphering and deciphering device for network data encryption transmission
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
CA2551113A1 (en) Authentication system for networked computer applications
WO2012024872A1 (en) Method, system and related apparatus for encrypting communication in mobile internet
CN108881960B (en) Intelligent camera safety control and data confidentiality method based on identification password
WO2018137225A1 (en) Fingerprint data processing method and processing apparatus
WO2015024426A1 (en) Identity authentication system, apparatus, and method, and identity authentication request apparatus
WO2019127265A1 (en) Blockchain smart contract-based data writing method, device and storage medium
CN110336673B (en) Block chain design method based on privacy protection
US6640303B1 (en) System and method for encryption using transparent keys
CN113612797A (en) Kerberos identity authentication protocol improvement method based on state cryptographic algorithm
CN103905384A (en) Embedded inter-terminal session handshake realization method based on security digital certificate
KR100668446B1 (en) Safe --method for transferring digital certificate
WO2021036952A1 (en) Method for encrypted transmission of data
TW201633206A (en) Improved security through authentication tokens
WO2023098389A1 (en) Computer file security encryption method, computer file security decryption method, and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20858963

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20858963

Country of ref document: EP

Kind code of ref document: A1