CN117857078A - Variable-length hybrid dynamic transmission encryption and decryption method and device - Google Patents
Variable-length hybrid dynamic transmission encryption and decryption method and device Download PDFInfo
- Publication number
- CN117857078A CN117857078A CN202311575315.4A CN202311575315A CN117857078A CN 117857078 A CN117857078 A CN 117857078A CN 202311575315 A CN202311575315 A CN 202311575315A CN 117857078 A CN117857078 A CN 117857078A
- Authority
- CN
- China
- Prior art keywords
- encryption
- parameter table
- key parameter
- dynamic key
- data stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 177
- 230000005540 biological transmission Effects 0.000 title claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 57
- 238000004364 calculation method Methods 0.000 claims abstract description 26
- 238000004891 communication Methods 0.000 claims description 26
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 claims description 3
- 241001441724 Tetraodontidae Species 0.000 claims description 3
- 238000005336 cracking Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000033764 rhythmic process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A variable length hybrid dynamic transmission encryption and decryption method and device relate to the field of encryption and decryption devices. In order to realize high-strength encryption of a terminal scene with ultra-low power consumption and ultra-low power consumption, the invention provides an encryption method, which is characterized in that a dynamic key parameter table is generated dynamically and randomly, the encryption method in the dynamic key parameter table, the sequence of the encryption method, a key or parameter corresponding to the encryption method and the length of data to be processed by the encryption method are randomly generated, and the dynamic key parameter table at least comprises a first power encryption algorithm and a second power encryption algorithm, wherein the encryption strength of the second power encryption algorithm is far higher than that of the first power encryption algorithm, and the requirement on the power is also higher than that of the first power encryption algorithm. The invention realizes the encryption strength far higher than that of a single encryption method under the environment of lower calculation power support, and is mainly used for encrypting and decrypting the high-confidentiality data with ultra-low power consumption, ultra-low calculation power and low storage space of the industrial Internet of things system.
Description
Technical Field
The invention relates to the field of encryption and decryption devices, in particular to a variable-length hybrid dynamic transmission encryption and decryption method and device.
Background
The industrial internet of things is widely popularized, the data transmission security is widely demanded by enterprise technologies, and the current network information encryption and decryption means simply adopt a method for enhancing the secret key or encryption strength to ensure the data transmission security. Under the condition of high encryption requirement, the key needs to be properly lengthened according to the encryption intensity, such as 128 bits and 256 bits, the requirement of high encryption intensity on the computing capability of the terminal is continuously increased, and the hardware computing power of the terminal scene with ultra-low power consumption and ultra-low computing power is limited, so that the terminal is difficult to encrypt the data with high intensity; the simple encryption and decryption process with shift and negation has high efficiency and high speed, but has low encryption degree. That is, it is difficult to encrypt and decrypt high-security data with ultra-low power consumption, ultra-low computation power and low storage space by the existing encryption method.
Disclosure of Invention
The invention aims to solve the bottleneck that high-confidentiality data is difficult to encrypt and decrypt under the ultra-low power consumption and ultra-low power terminal scene, and provides a variable-length hybrid dynamic transmission encryption and decryption method and device capable of encrypting and decrypting the high-confidentiality data under the ultra-low power consumption and ultra-low power terminal scene by importing and applying a key parameter table.
The invention relates to a variable-length hybrid dynamic transmission encryption and decryption method, which comprises the following steps:
s1: encrypting the plaintext data stream, comprising:
s11: receiving a plaintext data stream;
s12: receiving a dynamic key parameter table, wherein the dynamic key parameter table comprises a plurality of encryption methods which are arranged randomly or identification IDs corresponding to the encryption methods, keys corresponding to the encryption methods and data lengths which need to be encrypted by the encryption methods;
s13: sequentially carrying out sectional hybrid encryption on the plaintext data stream based on the encryption method, the key or the parameter in the dynamic key parameter table and the data length;
s14: obtaining a ciphertext data stream, wherein the ciphertext data stream comprises a time stamp;
s2: decrypting the ciphertext data stream specifically includes:
s21: receiving a ciphertext data stream;
s22: inquiring a corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream;
s23: and reversely decrypting the ciphertext data stream according to the encryption method in the corresponding dynamic key parameter table.
Further: the time stamp attached to the dynamic key parameter table is the time of generation of the dynamic key parameter table; the encryption method, the number of the encryption methods, the keys or parameters corresponding to the encryption methods, the arrangement of the encryption methods and the data length to be encrypted corresponding to the encryption methods in the dynamic key parameter table are dynamically and randomly generated, and the encrypted data length accords with the basic requirement of the corresponding encryption method and is smaller than a preset data length threshold.
Further: the encryption method is symmetric encryption.
Further: the encryption method comprises a first computational effort encryption method and a second computational effort encryption method, and under the same condition, the data volume which can be encrypted by the first computational effort encryption method in unit time is higher than that of the second computational effort encryption method, namely the requirement of the first computational effort encryption method on hardware computational effort is lower than that of the second computational effort encryption method on hardware computational effort.
The dynamic key parameter table comprises at least one first computing power encryption method and at least one second computing power encryption method; if the dynamic key parameter table comprises two or more second calculation power encryption methods, at least one first calculation power encryption method exists between two adjacent second calculation power encryption methods. The two algorithms with different calculation force requirements are mixed together, so that the encryption strength is ensured, and the encryption efficiency is also ensured.
Further: the first algorithm includes, but is not limited to, shifting, inverting, replacing, and out-of-order;
the second algorithm includes, but is not limited to, DES algorithm, 3DES algorithm, AES algorithm, TDEA algorithm, blowfish algorithm, RC5 algorithm, IDEA algorithm.
Further: the dynamic key parameter table and the ciphertext data stream are transmitted in different communication modes.
Further: the dynamic key parameter table can be manually forced to be updated, updated according to a preset rule and updated based on a request.
The encryption and decryption device for realizing the variable-length hybrid dynamic transmission encryption and decryption method comprises a control terminal and a computing management center, wherein the control terminal comprises a communication module, a first encryption and decryption module and a first setting tool, and the computing management center comprises a key parameter table generator, a second encryption and decryption module and a second setting tool;
the communication module comprises a first communication unit and a second communication unit, wherein the first communication unit is used for acquiring a dynamic key parameter table of the computing management center, and the second communication unit is used for transmitting a plaintext data stream and a ciphertext data stream;
the first encryption and decryption module is used for decrypting the dynamic key parameter table, carrying out sectional encryption on the plaintext data stream according to the dynamic key parameter table and adding a time stamp into the encrypted ciphertext data stream;
the key parameter table generator is used for randomly generating the dynamic key parameter table;
the second encryption and decryption module is used for inquiring a corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream, decrypting the dynamic key parameter table and decrypting the ciphertext data stream based on the dynamic key parameter table;
the second setting tool is used for setting working parameters; the working parameters comprise an updating mode of a dynamic key parameter table, the number of encryption methods contained in each key parameter table, the number of second calculation power encryption methods contained in each key parameter table, the interval between adjacent second calculation power encryption methods, the maximum encryption data length of any encryption method, a key output mode, an alternative first calculation power encryption method and an alternative second calculation power encryption method, a state log and whether encryption is started or not;
the update mode includes: manual update, timing update, real-time update, on-demand update;
the dynamic key parameter table output mode includes: the hardware outputs a dynamic key parameter table and the software outputs a dynamic key parameter table.
Further: and the information in the dynamic key parameter table is output to the hardware I/O port in turn according to a preset rule for being read by the second encryption and decryption module.
The beneficial effects of the invention are as follows:
the invention relates to a variable length mixed dynamic transmission encryption and decryption method, which is an encryption method implemented in a pure software mode and matched with software and hardware, and the encryption method is dynamic, namely the encryption method, the combination sequence of the encryption method, the length of encrypted data, and encryption keys or parameters are all dynamically variable. When encrypting, the data information to be encrypted is formed into a plaintext data stream, the plaintext data stream is placed in an encryption buffer area, the plaintext data stream is encrypted in blocks according to the data length required to be encrypted by each encryption method in a dynamic key parameter table, different data blocks are formed, and different symmetrical encryption methods are applied to the different data blocks for encryption. According to the method, the data to be encrypted is segmented in random length, each segment is encrypted by adopting a random encryption method, each dynamic key parameter table at least comprises a second algorithm encryption method with higher relative encryption strength, so that the encryption strength is greatly improved, the cracking difficulty is improved, the encryption strength is improved under the condition that the key length is not increased, the defect that the cracking difficulty can only be improved by improving the key complexity in the past is overcome, and the number, the arrangement relation, the encryption data length and the like of the first algorithm encryption method and the second algorithm encryption method are reasonably configured, so that the method is applicable to a lower algorithm environment, and the encryption strength of low-algorithm terminal data is greatly improved.
In short, the scheme ensures that the encrypted data has the dynamic variable characteristics of unfixed encryption mode, unfixed encryption length and unfixed decryption key. The encryption effect is strong, the cracking difficulty is high, and the calculation force requirement is low.
Drawings
FIG. 1 is a flow chart of encryption and decryption;
FIG. 2 is a schematic diagram of a device for encrypting and decrypting data;
fig. 3 is a schematic diagram of encryption and decryption processing in the hardware output mode.
Detailed Description
The following preferred embodiments of the present invention are provided, but the scope of the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the scope of the present invention. The examples described below are only for the purpose of illustrating the invention and should not be construed as limiting the invention, which is intended to be covered by the claims. The following detailed description of embodiments of the invention is provided for convenience in describing the invention and simplifying the description, and technical terms used in the description of the invention should be construed broadly, including but not limited to conventional alternatives not mentioned in the present application, including both direct implementation and indirect implementation.
Example 1
Referring to fig. 1, a variable-length hybrid dynamic transmission encryption and decryption method disclosed in the present embodiment includes the following steps:
s1: encrypting the plaintext data stream, comprising:
s11: receiving a plaintext data stream; continuously judging the length of the plaintext data stream, if the length of the data is greater than zero, indicating that the data is received, otherwise, continuing monitoring;
s12: a dynamic key parameter table is received and,
judging whether the transmission mode of the dynamic key parameter table is hardware I/O reading or software interface reading, and reading the dynamic key parameter table based on the transmission mode;
the dynamic key parameter table comprises a plurality of encryption methods which are arranged randomly and or identification IDs corresponding to the encryption methods, keys corresponding to the encryption methods and encrypted data lengths corresponding to the encryption methods;
the dynamic key parameter table may include only the identification ID corresponding to the encryption method and does not include the name of the encryption method, because the corresponding encryption method can be uniquely determined based on this identification ID and is represented by the identification ID, so that random extraction of the encryption method is facilitated.
The following is an example of a specific dynamic key parameter table:
table 1: dynamic key parameter table
| Sequence number | Encryption method | Identification ID | Key/parameter | Encryption length |
| 1 | Bit not | 01 | NULL | 64Byte |
| 2 | AES | 03 | 0x65B1AADD | 1024Byte |
| 3 | Shift of | 02 | 16 | 1024Byte |
| 4 | AES | 03 | 0x3270FD10 | 1024Byte |
| 5 | Bit not | 01 | NULL | 128Byte |
| 6 | AES | 03 | 0x1A790D23 | 2048Byte |
| 7 | Shift of | 02 | 08 | 256Byte |
| 8 | Exclusive OR | 04 | 0xFAFAFAFA | 128Byte |
In table 1, each generated encryption method is randomly extracted from the existing encryption methods in the encryption engine, specifically the length of the generated key parameter table, that is, how many lines are combined into the key parameter table is randomly generated according to the setting, 8 lines in table 1, 9 lines, 10 lines or other lengths can also be used, and each line corresponds to one encryption method; in practical operation, each encryption method is given an identification ID, for example, the identification ID01 in table 1 corresponds to a bit not operated, 02 corresponds to a shift operation, 03 corresponds to an AES encryption method, so that the dynamic key parameter table only includes the identification ID corresponding to the encryption method, and thus, a specific encryption method can not be continuously corresponded to the dynamic key parameter table, the corresponding key or parameter of each encryption method is randomly generated according to the encryption method, for example, the first row encryption method is bit not, the encryption method does not need parameters, only needs to be reversed bit by bit, so that the corresponding key/parameter column is NULL, the second row encryption method and the fourth row encryption method are both AES encryption methods, the corresponding key or data in the parameter column are randomly generated keys, and because the AES encryption algorithm has higher requirement on computation force, the hardware is not to be solved, the shift algorithm of the third row is inserted between the two AES encryption algorithms, the requirement on computation force is low, the hardware is whetted, the corresponding key/parameter column is not to be continuously encrypted, and if the corresponding key/parameter column is the key/parameter column is defined, if the key column is the key/parameter column is the key. Each encryption method is used for encrypting the data length which is also randomly generated, for example, the bit non-operation of the first row needs to encrypt 64 bytes, the bit non-operation of the fifth row needs to encrypt 128 bytes, the AES of the fourth row encrypts 1024 bytes, and the AES encryption method of the sixth row is used for encrypting 2048 bytes, namely, the data length encrypted by any encryption method is also random, so that the difficulty of cracking is further increased, the length of the encrypted data needs to meet the requirement of the encryption method on the data length, the hardware capacity of the low-calculation-force terminal is adapted (the hardware capacity of the low-calculation-force terminal cannot be set too long at one time), and meanwhile, the integral multiple of 2 needs to be adopted to adapt to the characteristics of the digital data;
s13: sequentially carrying out sectional hybrid encryption on the plaintext data stream based on an encryption method, a secret key/parameter, a data length and the like in the dynamic secret key parameter table; and each encryption process can be completely calculated in parallel, so that the calculation efficiency is improved;
table 2: encryption and decryption schematic table
| 64Byte | 1024Byte | 1024Byte | 1024Byte | 128Byte | …… | |
| Plaintext | Plaintext block 1 | Plaintext block 2 | Plaintext block 3 | Plaintext block 4 | Plaintext block 5 | …… |
| After encryption | Bit non-ciphertext | AES ciphertext | Shift ciphertext | AES ciphertext | Bit non-ciphertext | …… |
| After decryption | Plaintext block 1 | Plaintext block 2 | Plaintext block 3 | Plaintext block 4 | Plaintext block 5 | …… |
And during encryption, the plaintext data stream is segmented according to the encryption length corresponding to the encryption method preset in the dynamic key parameter table, and the segmented data is encrypted according to the corresponding encryption method.
Specifically, the nth row of the dynamic key parameter table (N is initially set to 1 and is less than or equal to the total number of rows N of the dynamic key parameter table) is read, and encryption operation is performed, where each row of the dynamic key parameter table includes a specific encryption method, a corresponding key/parameter, and a data length encrypted according to the encryption method.
Judging whether the length of the unencrypted data is smaller than zero, if so, ending the encryption and decryption process; otherwise, judging whether N is smaller than N, if so, setting n=n+1, otherwise, setting n=1, returning to step S121, and continuing the encryption calculation.
Of course, the above method is single-thread encryption, and block encryption can also be completely calculated in parallel, but the low power consumption of the invention is considered, and the parallel calculation is not described here.
S14: obtaining a ciphertext data stream;
and (3) judging that the length of the unencrypted data is less than zero, ending the encryption process, and finally adding time stamp information to the data stream to obtain a final ciphertext data stream.
In the method, each dynamic key parameter table is attached with a time stamp, and the time stamp is the generation time of the dynamic key parameter table; the encryption method, the number of the encryption methods, the keys/parameters corresponding to the encryption methods, the arrangement of the encryption methods and the encryption data length corresponding to the encryption methods in the dynamic key parameter table are all dynamically and randomly generated, the encryption data length accords with the basic requirement of the corresponding encryption method and is smaller than a preset data length threshold, for example, the maximum data length cannot exceed 2048 bytes, so that the situation that too much data needs to be encrypted by a high-calculation algorithm is avoided, and the burden is brought to hardware; the encryption method is symmetric encryption, the requirement of the symmetric encryption method on the calculation force is lower than that of the asymmetric encryption method, and the method is more suitable for scenes with low calculation force;
the encryption method comprises a first computational effort encryption method and a second computational effort encryption method, and under the same condition, the data volume which can be encrypted by the first computational effort encryption method in unit time is higher than that of the second computational effort encryption method, namely the requirement of the first computational effort encryption method on computational effort is lower than that of the second computational effort encryption method.
The first algorithm includes, but is not limited to, shifting, inverting, replacing, and out-of-order; the first computing power encryption method is a low computing power encryption algorithm, can be applied to a low computing power chip, namely can be applied to a processor with relatively low computing speed and computing capacity;
the second algorithm includes, but is not limited to, DES algorithm, 3DES algorithm, AES algorithm, TDEA algorithm, blowfish algorithm, RC5 algorithm, IDEA algorithm. The second algorithm is an encryption algorithm requiring higher computational power than the first algorithm, and the encryption strength of the algorithm is stronger than that of the first algorithm, but the requirement on computational power is also high;
the dynamic key parameter table comprises at least one first computing power encryption method and at least one second computing power encryption method; if the dynamic key parameter table comprises two or more second calculation power encryption methods, at least one first calculation power encryption method exists between two adjacent second calculation power encryption methods.
The dynamic key parameter table and the ciphertext data stream are transmitted in different communication modes. I.e. the dynamic key parameter table is different from the transmission path of the encrypted ciphertext data stream.
According to a preset rule, dynamically updating a dynamic key parameter table, wherein the dynamic key parameter table is only required to be ensured to be synchronous by two ends for executing encryption and decryption, and the transmission path of the dynamic key parameter table is different from the transmission path of data to be encrypted, for example, if the data transmission path is a CAN bus and a MODBUS protocol is transmitted, the dynamic key parameter table is required to be copied through a 4G network, lan and Wifi or hardware, and the security of a data stream CAN be ensured to a greater extent as long as the data stream transmission path is not the same; in actual operation, the dynamic key parameter table generally synchronizes the parameter table to the control terminal device in real time by using at least two communication ways, and if the control terminal device does not receive the dynamic key parameter table, the newly generated dynamic key parameter table cannot be started. The communication mode here mainly refers to more than one communication mode, generally more than 2, between the server and the control terminal, one of which is mainly and one of which is standby. Such as 4g+wifi, or 4g+lan+modbu, etc. The dynamic key parameter table can be manually and forcedly updated, updated according to a preset rule and/or updated based on a request; for example, the update may be timed automatically, or in real time.
Referring also to FIG. 1, the decryption process is the reverse of the encryption process
S2: decrypting the ciphertext data stream specifically includes:
s21: receiving a ciphertext data stream; continuously judging the length of the ciphertext data stream, if the data length is greater than zero, indicating that the data is received, otherwise, continuing monitoring;
s22: inquiring a corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream; it should be noted that, the time stamp in the ciphertext data stream is only used for determining the dynamic key parameter table used when the ciphertext data stream is encrypted, that is, whether the synchronization rule of the dynamic key parameter table is preset or the dynamic key parameter table is also time stamped, so long as the correspondence between the ciphertext data stream and the dynamic key parameter table can be realized;
judging whether the transmission mode of the dynamic key parameter table is hardware I/O reading or software interface reading, and reading the dynamic key parameter table based on the transmission mode;
s23: and reversely decrypting the ciphertext data stream according to the encryption method in the corresponding dynamic key parameter table. During decryption, the ciphertext data stream is segmented according to the preset encryption length in the same dynamic key parameter table, and then the segmented data is decrypted according to the corresponding encryption method, and similarly, the time division decryption during decryption can be completely calculated in parallel.
Example 2
Referring to fig. 2 and embodiment 1, an encryption and decryption device for implementing the variable length hybrid dynamic transmission encryption and decryption method described in embodiment 1 is disclosed in this embodiment, and includes a control terminal and a computing management center, where the control terminal includes a communication module, a first encryption and decryption module, and a first setting tool, and the computing management center includes a key parameter table generator, a second encryption and decryption module, and a second setting tool;
the communication module comprises a first communication unit and a second communication unit, wherein the first communication unit is used for acquiring a dynamic key parameter table of the computing management center, and the second communication unit is used for transmitting a plaintext data stream and a ciphertext data stream;
the first encryption and decryption module is used for analyzing the dynamic key parameter table, carrying out sectional encryption on the plaintext data stream according to the dynamic key parameter table and adding a time stamp into the encrypted ciphertext data stream;
the key parameter table generator is used for randomly generating a dynamic key parameter table according to various encryption and decryption algorithms preset in the encryption and decryption engine and set by the function setting tool; the encryption method, the key/parameter of each encryption method, the ordering of each encryption method and the data length of each encryption method for encryption in the dynamic key parameter table are all dynamically randomly generated, but at least one first algorithm encryption algorithm is required to be ensured between two second algorithm encryption algorithms, so that the two continuous encryption algorithms are both second algorithm encryption algorithms, and downtime caused by overload operation of a low-algorithm terminal is avoided; the encryption length may be set to a constant value, for example, in order to increase the operation speed.
The second encryption and decryption module is used for inquiring the corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream, analyzing the corresponding dynamic key parameter table, and decrypting the ciphertext data stream based on the dynamic key parameter table;
according to the setting, the dynamic key parameter table can be output through a hardware I/O port or can be output through software inquiry.
The first setting tool is used for setting working parameters of the data sending end, including an encryption method used for decrypting the dynamic key parameter table, an updating mode of the dynamic key parameter table and whether encryption is started or not;
the second setting tool is used for setting working parameters of the data receiving end; the working parameters comprise an updating mode of a dynamic key parameter table, the number of encryption methods contained in each key parameter table, the number of second calculation encryption methods contained in each key parameter table, the interval between adjacent second calculation encryption methods, the maximum encryption data length of each encryption method, the output mode of the dynamic key parameter table and whether encryption is started or not;
the update mode includes: manual update, timing update, real-time update, on-demand update;
the output modes of the dynamic key parameter table include: hardware output and software output. The hardware output mode is as shown in fig. 3, in which the information in the dynamic key parameter table is filled into the address space mapped by the hardware I/O interface through the key parameter table output module in a certain order, the program only needs to read the hardware I/O interface at a scheduled time, the implementation mode of hardware output is generally in dual CPU mode, i.e. the control terminal and the computing management center both comprise two CPUs of a function processing CPU and a dynamic key parameter table storage CPU, the dynamic key parameter table is stored in the cache area of the dynamic key parameter table storage CPU, the function processing CPU reads the I/O interface of the dynamic key parameter table storage CPU under the control of the program to obtain the encryption parameters, and the method includes: encryption method, ID, key and encryption length, encryption of corresponding length is completed on the plaintext data stream in the data buffer area, and so on until all encryption is completed on the plaintext data stream; the method has the advantages that the dynamic key parameter table and the ciphertext data stream are respectively stored in flash spaces of different CPUs, when the flash spaces are cracked by violence, flash contents of the two CPUs are required to be cracked, the flash contents of the two CPUs are required to be read and analyzed, even if the flash contents of the two CPUs are cracked, the situation that the key parameter table is updated at any time is also faced, the cracked difficulty is greatly improved, and the technical effect of greatly improving the safety under the condition that the calculated amount of an encryption process is not increased is achieved.
The software output mode is to call the software to read and obtain the return value, and compared with the software output mode, the hardware output mode has more stable working rhythm because no queuing is needed for processing other processes in the software.
The key parameter table generator is generally arranged in the computing management center, generates a dynamic key parameter table, marks a timestamp on the dynamic key parameter table and is used for identifying the use time of the current dynamic key parameter table, the first encryption and decryption module compares whether the timestamp of the current dynamic key parameter table is consistent with the timestamp of the dynamic key parameter table received by the first communication, the second encryption and decryption module compares whether the timestamp of the dynamic key parameter table is consistent with the timestamp marked when the ciphertext data stream is encrypted, so that whether the correct dynamic key parameter table is used in the encryption and decryption process is confirmed, the timestamp can be used as a basis for switching the new dynamic key parameter table, when the timestamp of the dynamic key parameter table used by the control terminal is different from the timestamp of the dynamic key parameter table received by the communication module, the encryption terminal and the decryption terminal enable the dynamic key parameter table with the latest timestamp, and when the dynamic key parameter table is dynamically switched in real time, the control terminal initiates a sending request to the computing management center, and after the management center replies OK, the control terminal and the computing management center simultaneously switches the new dynamic key parameter table.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (9)
1. The variable length hybrid dynamic transmission encryption and decryption method is characterized by comprising the following steps:
s1: encrypting the plaintext data stream, comprising:
s11: receiving a plaintext data stream;
s12: receiving a dynamic key parameter table, wherein the dynamic key parameter table comprises a plurality of encryption methods which are arranged randomly or identification IDs corresponding to the encryption methods, keys or parameters corresponding to the encryption methods and data lengths required to be encrypted by the encryption methods;
s13: sequentially carrying out sectional hybrid encryption on the plaintext data stream based on the encryption method, the key or the parameter in the dynamic key parameter table and the data length to be encrypted by the encryption method;
s14: adding a time stamp attached to the dynamic key parameter table to obtain a ciphertext data stream;
s2: decrypting the ciphertext data stream specifically includes:
s21: receiving a ciphertext data stream;
s22: inquiring a corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream;
s23: and reversely decrypting the ciphertext data stream according to the encryption method in the corresponding dynamic key parameter table.
2. The method for encrypting and decrypting a variable-length hybrid dynamic transmission according to claim 1, wherein the time stamp attached to the dynamic key parameter table is a time when the key parameter table is generated; the encryption methods, the number of the encryption methods, the keys corresponding to the encryption methods, the arrangement of the encryption methods and the encryption data length corresponding to the encryption methods in the dynamic key parameter table are all dynamically and randomly generated, and the encryption data length accords with the basic requirement of the corresponding encryption method and is smaller than a preset data length threshold.
3. The method for encrypting and decrypting variable-length hybrid dynamic transmission according to claim 1, wherein the encryption methods are symmetric encryption.
4. A variable length hybrid dynamic transmission encryption and decryption method according to claim 3, wherein the encryption method comprises a first computational power encryption method and a second computational power encryption method, and under equal conditions, the amount of data that can be encrypted by the first computational power encryption method in a unit time is much higher than that by the second computational power encryption method;
the dynamic key parameter table comprises at least one first computing power encryption method and at least one second computing power encryption method; if the dynamic key parameter table comprises two or more second calculation power encryption methods, at least one first calculation power encryption method exists between two adjacent second calculation power encryption methods.
5. The method for encrypting and decrypting variable-length hybrid dynamic transmission according to claim 4, wherein the first algorithm includes but is not limited to shift, negation, replacement, and disorder;
the second algorithm includes, but is not limited to, DES algorithm, 3DES algorithm, AES algorithm, TDEA algorithm, blowfish algorithm, RC5 algorithm, IDEA algorithm, SM1, SM4.
6. The method of claim 1, wherein the dynamic key parameter table is communicated with the ciphertext data stream in a different communication manner.
7. The method for encrypting and decrypting hybrid dynamic transmission according to claim 1, wherein the dynamic key parameter table can be updated manually and forcedly, according to a preset rule, and based on a request.
8. The encryption and decryption device for realizing the variable-length hybrid dynamic transmission encryption and decryption method according to any one of claims 1 to 7, which is characterized by comprising a control terminal and a computing management center, wherein the control terminal comprises a communication module and a first encryption and decryption module, and the computing management center comprises a key parameter table generator, a second encryption and decryption module and a function setting tool;
the communication module comprises a first communication unit and a second communication unit, wherein the first communication unit is used for acquiring a dynamic key parameter table of the computing management center, and the second communication unit is used for transmitting a plaintext data stream and a ciphertext data stream;
the first encryption and decryption module is used for carrying out segmented encryption on the plaintext data stream according to the dynamic key parameter table and adding a time stamp into the encrypted ciphertext data stream;
the key parameter table generator is used for randomly generating the dynamic key parameter table;
the second encryption and decryption module is used for inquiring a corresponding dynamic key parameter table according to the time stamp in the ciphertext data stream and decrypting the ciphertext data stream based on the dynamic key parameter table;
the function setting tool is used for setting working parameters; the working parameters comprise an updating mode of a dynamic key parameter table, the number of encryption methods contained in each key parameter table, the number of second calculation encryption methods contained in each key parameter table, the interval between adjacent second calculation encryption methods, the maximum encryption data length of any encryption method, the output mode of the dynamic key parameter table and whether encryption is started or not;
the update mode includes: manual update, timing update, real-time update, on-demand update;
the dynamic key parameter table output mode includes: the hardware outputs a dynamic key parameter table and the software outputs a dynamic key parameter table.
9. The device of claim 8, wherein the hardware output dynamic key parameter table is data in the dynamic key parameter table, and the data is alternately output to the hardware I/O port for reading by the second encryption/decryption module according to a preset rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311575315.4A CN117857078B (en) | 2023-11-23 | 2023-11-23 | Variable-length hybrid dynamic transmission encryption and decryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311575315.4A CN117857078B (en) | 2023-11-23 | 2023-11-23 | Variable-length hybrid dynamic transmission encryption and decryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117857078A true CN117857078A (en) | 2024-04-09 |
| CN117857078B CN117857078B (en) | 2024-06-11 |
Family
ID=90529430
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311575315.4A Active CN117857078B (en) | 2023-11-23 | 2023-11-23 | Variable-length hybrid dynamic transmission encryption and decryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117857078B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119382863A (en) * | 2024-12-31 | 2025-01-28 | 河北省科学院应用数学研究所 | Data transmission method, device, equipment and storage medium based on homomorphic encryption |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030007635A1 (en) * | 2001-07-09 | 2003-01-09 | C4 Technology, Inc. | Encryption method, program for encryption, memory medium for storing the program, and encryption apparatus, as well as decryption method and decryption apparatus |
| CN1480851A (en) * | 2002-09-04 | 2004-03-10 | 斌 杨 | Computer encryption unit and encryption method |
| CN1486014A (en) * | 2002-09-24 | 2004-03-31 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
| CN102752109A (en) * | 2012-06-05 | 2012-10-24 | 西安邮电大学 | Secret key management method and device for encrypting data base column |
| CN103561024A (en) * | 2013-10-31 | 2014-02-05 | 大连金马衡器有限公司 | Data transmission method based on weighing instrument and remote server |
| US20140248929A1 (en) * | 2011-04-06 | 2014-09-04 | Tufts University | Sudoku arrays |
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN109474423A (en) * | 2018-12-10 | 2019-03-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, server and storage medium |
| CN113158210A (en) * | 2021-04-21 | 2021-07-23 | 建信金融科技有限责任公司 | Database encryption method and device |
-
2023
- 2023-11-23 CN CN202311575315.4A patent/CN117857078B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030007635A1 (en) * | 2001-07-09 | 2003-01-09 | C4 Technology, Inc. | Encryption method, program for encryption, memory medium for storing the program, and encryption apparatus, as well as decryption method and decryption apparatus |
| CN1480851A (en) * | 2002-09-04 | 2004-03-10 | 斌 杨 | Computer encryption unit and encryption method |
| CN1486014A (en) * | 2002-09-24 | 2004-03-31 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
| US20140248929A1 (en) * | 2011-04-06 | 2014-09-04 | Tufts University | Sudoku arrays |
| CN102752109A (en) * | 2012-06-05 | 2012-10-24 | 西安邮电大学 | Secret key management method and device for encrypting data base column |
| CN103561024A (en) * | 2013-10-31 | 2014-02-05 | 大连金马衡器有限公司 | Data transmission method based on weighing instrument and remote server |
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN109474423A (en) * | 2018-12-10 | 2019-03-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, server and storage medium |
| CN113158210A (en) * | 2021-04-21 | 2021-07-23 | 建信金融科技有限责任公司 | Database encryption method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119382863A (en) * | 2024-12-31 | 2025-01-28 | 河北省科学院应用数学研究所 | Data transmission method, device, equipment and storage medium based on homomorphic encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117857078B (en) | 2024-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103457727B (en) | A kind of methods, devices and systems for realizing media data processing | |
| US8948377B2 (en) | Encryption device, encryption system, encryption method, and encryption program | |
| US11128452B2 (en) | Encrypted data sharing with a hierarchical key structure | |
| RU2638639C1 (en) | Encoder, decoder and method for encoding and encrypting input data | |
| CN114584278B (en) | Data homomorphic encryption method and device, data transmission method and device | |
| CN107534558B (en) | Method for protecting the information security of data transmitted via a data bus and data bus system | |
| CN117857078B (en) | Variable-length hybrid dynamic transmission encryption and decryption method and device | |
| CN108765230B (en) | Resident household registration information management method and server | |
| CN113347144A (en) | Method, system, equipment and storage medium for reciprocal data encryption | |
| CN112073372A (en) | Double encryption method and decryption method for communication messages of power system and message interaction system | |
| CN111131158A (en) | Single byte symmetric encryption and decryption method, device and readable medium | |
| CN112738037B (en) | Data encryption communication method | |
| CN115567219A (en) | Secure communication method, device and storage medium based on 5G virtual private network slicing | |
| WO2020149913A2 (en) | Computing key rotation period for block cipher-based encryption schemes system and method | |
| CN112532384B (en) | Method for quickly encrypting and decrypting transmission key based on packet key mode | |
| CN113452654B (en) | Data decryption method | |
| CN110381067B (en) | IP packet encryption method, decryption method and device thereof | |
| CN117792699A (en) | A distributed cycle encryption method | |
| CN118802123A (en) | Key updating method, device, related equipment and readable storage medium | |
| CN114978699B (en) | Data encryption and data decryption methods, devices, equipment and storage medium | |
| CN114124369B (en) | Multi-group quantum key cooperation method and system | |
| CN104954447A (en) | Mobile intelligent device security service implementation method and system supporting attribute based encryption | |
| CN115834113A (en) | OT communication method, OT communication device, electronic device, and storage medium | |
| CN113542234A (en) | Method for carrying out national encryption by using RDMA PSN | |
| CN115021906A (en) | Method, terminal and device for realizing data transmission of digital envelope |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |