CN120342616B - Data security transmission method, system, computer and storage medium - Google Patents
Data security transmission method, system, computer and storage mediumInfo
- Publication number
- CN120342616B CN120342616B CN202510821478.9A CN202510821478A CN120342616B CN 120342616 B CN120342616 B CN 120342616B CN 202510821478 A CN202510821478 A CN 202510821478A CN 120342616 B CN120342616 B CN 120342616B
- Authority
- CN
- China
- Prior art keywords
- data
- time
- transmission
- fragment
- key seed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明提供一种数据安全传输方法、系统、计算机及存储介质,该方法包括以下步骤:根据传输设备的网络环境参数生成动态密钥种子序列;基于动态密钥种子序列建立数据加密的变换矩阵对分片单元数据进行变换;接收端基于验证哈希进行完整性及时空连续性校验。通过实时采集网络环境参数动态生成密钥种子序列实现单次一密加密,阻断重放攻击;利用变换矩阵对分片数据实施异或变换,增强密文随机性以抵御流量分析;构建时空关联的验证哈希实现多路径传输数据的完整性及时序连续性双重校验,提高工业互联网高动态环境中的传输可靠率。
The present invention provides a data security transmission method, system, computer, and storage medium. The method includes the following steps: generating a dynamic key seed sequence based on the network environment parameters of the transmission device; establishing a data encryption transformation matrix based on the dynamic key seed sequence to transform the slice unit data; and performing integrity and spatiotemporal continuity verification on the receiving end based on a verification hash. By dynamically generating a key seed sequence by collecting network environment parameters in real time, single-time, single-pad encryption is achieved to block replay attacks; using the transformation matrix to perform an exclusive-or transformation on the slice data to enhance the randomness of the ciphertext and resist traffic analysis; and constructing a spatiotemporal-correlated verification hash to achieve dual integrity and temporal continuity verification of multi-path transmission data, thereby improving transmission reliability in the highly dynamic environment of the Industrial Internet.
Description
Technical Field
The present invention relates to the field of data transmission technologies, and in particular, to a data security transmission method, system, computer, and storage medium.
Background
Meanwhile, the traditional single hash check mechanism cannot identify time-space dimension attacks such as data tampering, disordered injection and the like in multi-path transmission, so that key industrial control instructions and sensing data face security threats such as confidentiality destruction, instruction spoofing, time sequence tampering and the like, and the data transmission security is poor.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a data security transmission method, a system, a computer and a storage medium, which aim to solve the technical problem of poor data transmission security in the prior art.
In order to achieve the above object, in a first aspect, the present invention provides a data security transmission method, comprising the steps of:
Collecting real-time performance parameters and network environment parameters of transmission equipment;
generating a dynamic key seed sequence based on the round trip delay jitter parameter and the packet loss rate characteristic of a transmission path according to the network environment parameters of the transmission equipment;
Dynamically generating a data slicing strategy according to the performance parameters of the transmission equipment, dividing the data to be transmitted into a plurality of slicing units based on the data slicing strategy, and establishing a data encryption transformation matrix based on a dynamic key seed sequence to transform and encrypt the slicing unit data;
Packaging the fragment unit data through an encryption window, and generating a transmission path quality evaluation parameter according to a mapping algorithm so as to dynamically adjust the offset of the encryption window according to the quality evaluation parameter;
And constructing a time-space associated verification hash based on the dynamic key seed sequence, transmitting the encrypted fragment unit data through multiple paths, and checking the integrity and the time-space continuity of the receiving end based on the verification hash.
According to an aspect of the foregoing technical solution, the step of dynamically generating the data slicing policy according to the performance parameter of the transmission device specifically includes:
Establishing a joint perception model of equipment performance and network state, and dynamically sampling performance load factors corresponding to the performance parameters of the transmission equipment through a sliding window mechanism;
determining a fragmentation threshold according to the nonlinear mapping relation between the characteristics of the data to be transmitted and the performance load factor:
;
;
in the formula, In order to be a fragmentation threshold value,For the total size of the data to be transmitted,For the value of the reference bandwidth it is,For the currently available bandwidth to be available,As a quality coefficient of the server,As a function of the performance loading factor,For the device coefficient of performance, n is the number of samples of the sliding window,Processor utilization for the kth sample,For the memory usage of the kth sample,For the time difference between the current time and the kth sample,In order to average the time delay,Is the total memory.
According to an aspect of the foregoing technical solution, the calculation expression of the dynamic key seed sequence is:
;
;
in the formula, For a dynamic key seed sequence,() The function is derived from HKDF of the functions,H is the path stability factor) As a hash function, t is a byte sequence corresponding to a timestamp,S is a byte sequence corresponding to the path characteristic entropy value of the dynamic key seed sequence for the fragment length,Representing a byte splice operation, m is the number of transmission paths,In order to average the transmission delay time,For the delay jitter of the i-th path,For the packet loss rate of the ith path,Is a modulo operation.
According to an aspect of the foregoing technical solution, the step of dividing the data to be transmitted into a plurality of slicing units based on the data slicing policy specifically includes:
Calculating a dynamic correction factor through bandwidth fluctuation rate to correct the fragmentation threshold based on the dynamic correction factor to obtain a correction threshold, wherein the calculation expression of the dynamic correction factor is as follows:
;
in the formula, As an absolute value of the bandwidth fluctuation,For the average bandwidth to be the same,Is the standard fragment size;
the calculation expression of the transformation matrix is as follows:
;
in the formula, In order to transform the matrix,For the path feature check value,For a byte sequence corresponding to the dynamic key seed sequence,For a byte sequence corresponding to the available bandwidth,U is the exclusive OR operation) Indicating a cyclic shift-left operation,Represents the number of shift bits and,For the transformation of the matrix row entropy values,Is the transform matrix column entropy value.
According to an aspect of the foregoing aspect, the transmission path quality evaluation parameter is calculated as:
;
in the formula, For the transmission path quality assessment parameters,For the bandwidth of the i-th path,At the level of the maximum bandwidth to be achieved,Is a time delay normalization factor.
According to an aspect of the foregoing technical solution, the step of dynamically adjusting the offset of the encryption window according to the quality assessment parameter specifically includes:
Calculating the offset parameter difference degree of adjacent fragment units, and generating a phase offset correction factor according to the difference degree and the quality evaluation parameter so as to update the offset in real time according to the phase offset correction factor, wherein the offset is calculated by the following expression:
;
;
;
in the formula, As the current phase offset amount,For the phase offset of the previous period, G is the number of fragment units contained in the current encryption window,For the partial derivative of the quality assessment parameter Q with respect to the bandwidth of the g-th fragmented transmission path,For the absolute value of the fluctuation of the bandwidth of the g-th sliced transmission path,For the delay jitter parameter of the bandwidth of the g-th sliced transmission path,And (5) a weighted average value of the quality evaluation parameters of the transmission paths corresponding to all the fragment units in the current encryption window.
According to an aspect of the above technical solution, the step of constructing a space-time correlation verification hash based on the dynamic key seed sequence, and transmitting the encrypted fragmented unit data through multiple paths, where the receiving end performs integrity and space-time continuity verification based on the verification hash specifically includes:
constructing a coordinate marker based on the column-row entropy value of the transformation matrix and the time stamp of the data slicing unit according to the following calculation formula:
;
in the formula, For the transmission time offset of the f-th slice relative to the first slice,A dynamic key corresponding to the dynamic key seed sequence;
calculating a hash value for each fragment unit according to the following calculation formula, generating a verification hash of a space-time dimension based on the hash value and the coordinate mark, and marking the fragment unit by taking the verification hash as a label:
;
in the formula, For the verification hash of the f-th fragment,For the ciphertext data of the f-th fragment,The verification hash for the previous fragment;
The receiving end performs integrity and time-space continuity check based on verification hash according to the following calculation formula:
;
;
in the formula, For the conjunctive symbol, F is the number of slices,For the verification hash of the f-th slice,In order to receive the ciphertext data,For the validated valid hash of the f-1 th shard,For the coordinate marks calculated at the receiving end,For the reception timestamp of the f-th slice,For the reception timestamp of the f-1 st slice,Is a time threshold.
In a second aspect, the present invention provides a data security transmission system, comprising:
the acquisition module acquires real-time performance parameters and network environment parameters of the transmission equipment;
The key module generates a dynamic key seed sequence based on the round trip delay jitter parameter and the packet loss rate characteristic of a transmission path according to the network environment parameters of the transmission equipment;
the fragmentation module dynamically generates a data fragmentation strategy according to the performance parameters of the transmission equipment, so as to divide the data to be transmitted into a plurality of fragmentation units based on the data fragmentation strategy, and establishes a data encryption transformation matrix based on a dynamic key seed sequence to transform and encrypt the fragmentation unit data;
The encryption module is used for packaging the fragment unit data through the encryption window and generating a transmission path quality evaluation parameter according to a mapping algorithm so as to dynamically adjust the offset of the encryption window according to the quality evaluation parameter;
and the verification module is used for constructing a time-space associated verification hash based on the dynamic key seed sequence, transmitting the encrypted fragment unit data through multiple paths, and verifying the integrity and the time-space continuity based on the verification hash by the receiving end.
According to an aspect of the foregoing technical solution, the slicing module is specifically configured to:
Establishing a joint perception model of equipment performance and network state, and dynamically sampling performance load factors corresponding to the performance parameters of the transmission equipment through a sliding window mechanism;
determining a fragmentation threshold according to the nonlinear mapping relation between the characteristics of the data to be transmitted and the performance load factor:
;
;
in the formula, In order to be a fragmentation threshold value,For the total size of the data to be transmitted,For the value of the reference bandwidth it is,For the currently available bandwidth to be available,As a quality coefficient of the server,As a function of the performance loading factor,For the device coefficient of performance, n is the number of samples of the sliding window,Processor utilization for the kth sample,For the memory usage of the kth sample,For the time difference between the current time and the kth sample,In order to average the time delay,Is the total memory.
According to an aspect of the foregoing technical solution, the slicing module is specifically further configured to:
Calculating a dynamic correction factor through bandwidth fluctuation rate to correct the fragmentation threshold based on the dynamic correction factor to obtain a correction threshold, wherein the calculation expression of the dynamic correction factor is as follows:
;
in the formula, As an absolute value of the bandwidth fluctuation,For the average bandwidth to be the same,Is the standard fragment size;
the calculation expression of the transformation matrix is as follows:
;
in the formula, In order to transform the matrix,For the path feature check value,For a byte sequence corresponding to the dynamic key seed sequence,For a byte sequence corresponding to the available bandwidth,U is the exclusive OR operation) Indicating a cyclic shift-left operation,Represents the number of shift bits and,For the transformation of the matrix row entropy values,Is the transform matrix column entropy value.
According to an aspect of the foregoing technical solution, the encryption module is specifically configured to:
Calculating the offset parameter difference degree of adjacent fragment units, and generating a phase offset correction factor according to the difference degree and the quality evaluation parameter so as to update the offset in real time according to the phase offset correction factor, wherein the offset is calculated by the following expression:
;
;
;
in the formula, As the current phase offset amount,For the phase offset of the previous period, G is the number of fragment units contained in the current encryption window,For the partial derivative of the quality assessment parameter Q with respect to the bandwidth of the g-th fragmented transmission path,For the absolute value of the fluctuation of the bandwidth of the g-th sliced transmission path,For the delay jitter parameter of the bandwidth of the g-th sliced transmission path,And (5) a weighted average value of the quality evaluation parameters of the transmission paths corresponding to all the fragment units in the current encryption window.
According to an aspect of the foregoing technical solution, the verification module is specifically configured to:
constructing a coordinate marker based on the column-row entropy value of the transformation matrix and the time stamp of the data slicing unit according to the following calculation formula:
;
in the formula, For the transmission time offset of the f-th slice relative to the first slice,A dynamic key corresponding to the dynamic key seed sequence;
calculating a hash value for each fragment unit according to the following calculation formula, generating a verification hash of a space-time dimension based on the hash value and the coordinate mark, and marking the fragment unit by taking the verification hash as a label:
;
in the formula, For the verification hash of the f-th fragment,For the ciphertext data of the f-th fragment,The verification hash for the previous fragment;
The receiving end performs integrity and time-space continuity check based on verification hash according to the following calculation formula:
;
;
in the formula, For the conjunctive symbol, F is the number of slices,For the verification hash of the f-th slice,In order to receive the ciphertext data,For the validated valid hash of the f-1 th shard,For the coordinate marks calculated at the receiving end,For the reception timestamp of the f-th slice,For the reception timestamp of the f-1 st slice,Is a time threshold.
The method has the advantages that single encryption is achieved through dynamic generation of a key seed sequence through real-time acquisition of network environment parameters, replay attack is blocked, data slicing strategies are dynamically adjusted based on equipment performance parameters, retransmission rate is reduced, exclusive or transformation is conducted on sliced data through a transformation matrix, cipher text randomness is enhanced to resist flow analysis, offset of an encryption window is adjusted in real time through transmission path quality assessment parameters, jitter network throughput rate is improved while safety is guaranteed, and finally time-space correlation verification hash is built to achieve integrity and time-sequence double verification of multipath transmission data, and transmission reliability in high dynamic environments of industrial Internet is improved.
Drawings
Fig. 1 is a flow chart of a data security transmission method according to a first embodiment of the invention;
fig. 2 is a block diagram of a data security transmission system according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram of a hardware configuration of a computer according to a third embodiment of the present invention;
the invention will be further described in the following detailed description in conjunction with the above-described figures.
Detailed Description
In order that the invention may be readily understood, a more complete description of the invention will be rendered by reference to the appended drawings. Several embodiments of the invention are presented in the figures. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "mounted" on another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Example 1
Referring to fig. 1, a flowchart of a data security transmission method according to a first embodiment of the present invention is shown, and the method includes the following steps:
Step S100, collecting real-time performance parameters and network environment parameters of the transmission equipment. Specifically, in this embodiment, the real-time performance parameters include the memory usage and the processor utilization, and the network environment parameters include the path delay jitter, the path packet loss rate, and the available bandwidth.
Step 200, generating a dynamic key seed sequence based on the round trip delay jitter parameter and the packet loss rate characteristic of the transmission path according to the network environment parameters of the transmission equipment.
Preferably, in this embodiment, the calculation expression of the dynamic key seed sequence is:
;
;
in the formula, For a dynamic key seed sequence,() The function is derived from HKDF of the functions,H is the path stability factor) As a hash function, t is a byte sequence corresponding to a timestamp,S is a byte sequence corresponding to the path characteristic entropy value of the dynamic key seed sequence for the fragment length,Representing a byte splice operation, m is the number of transmission paths,In order to average the transmission delay time,For the delay jitter of the i-th path,For the packet loss rate of the ith path,Is a modulo operation.
In particular the number of the elements,For quantifying the path jitter relative intensity,For non-linear amplification of the packet loss rate,For generating a 32-bit entropy value S compatible with AES-256 key length. In some application scenarios of this embodiment, when a certain AGV cart passes through 5G (path 1) and Wi-Fi (path 2) dual transmission, there is a difference between the delay and the packet loss rate.
Step S300, a data slicing strategy is dynamically generated according to the performance parameters of the transmission equipment, data to be transmitted is split into a plurality of slicing units based on the data slicing strategy, and a transformation matrix for data encryption is established based on a dynamic key seed sequence to transform and encrypt the slicing unit data.
Specifically, in this embodiment, the step of dynamically generating the data slicing policy according to the performance parameter of the transmission device specifically includes:
Establishing a joint perception model of equipment performance and network state, and dynamically sampling performance load factors corresponding to the performance parameters of the transmission equipment through a sliding window mechanism;
determining a fragmentation threshold according to the nonlinear mapping relation between the characteristics of the data to be transmitted and the performance load factor:
;
;
in the formula, In order to be a fragmentation threshold value,For the total size of the data to be transmitted,For the value of the reference bandwidth it is,For the currently available bandwidth to be available,As a quality coefficient of the server,As a function of the performance loading factor,For the device coefficient of performance, n is the number of samples of the sliding window,Processor utilization for the kth sample,For the memory usage of the kth sample,For the time difference between the current time and the kth sample,In order to average the time delay,Is the total memory. Specifically, the slicing is automatically reduced when the load is high, and the pressure of the equipment is relieved.
Further, the step of dividing the data to be transmitted into a plurality of slicing units based on the data slicing policy specifically includes:
Calculating a dynamic correction factor through bandwidth fluctuation rate to correct the fragmentation threshold based on the dynamic correction factor to obtain a correction threshold, wherein the calculation expression of the dynamic correction factor is as follows:
;
in the formula, As an absolute value of the bandwidth fluctuation,For the average bandwidth to be the same,Is a standard tile size. Specifically, the fragmentation is further narrowed when the bandwidth fluctuates, reducing the retransmission probability.
The calculation expression of the transformation matrix is as follows:
;
in the formula, In order to transform the matrix,For the path feature check value,For a byte sequence corresponding to the dynamic key seed sequence,For a byte sequence corresponding to the available bandwidth,U is the exclusive OR operation) Indicating a cyclic shift-left operation,Represents the number of shift bits and,For the transformation of the matrix row entropy values,Is the transform matrix column entropy value. In this step H%) SHA3-256 hash security functions are employed.
Further, in the embodiment, the transform encryption of the sliced unit data adopts an AES algorithm, and specifically comprises the steps of firstly taking bytes of a 16-system representation corresponding to the sliced unit data as a plaintext matrix, sequentially extracting elements in the transform matrix in sequence to generate a key of the 16-system representation, and sequentially performing multiple exclusive-or transformation of byte substitution, row shifting and column confusion to obtain the ciphertext matrix.
Step S400, the fragment unit data are packaged through the encryption window, and a transmission path quality evaluation parameter is generated according to a mapping algorithm, so that the offset of the encryption window is dynamically adjusted according to the quality evaluation parameter.
Specifically, in the present embodiment, the calculation expression of the transmission path quality evaluation parameter is:
;
in the formula, For the transmission path quality assessment parameters,For the bandwidth of the i-th path,At the level of the maximum bandwidth to be achieved,Is a time delay normalization factor.
Further, the step of dynamically adjusting the offset of the encryption window according to the quality assessment parameter specifically includes:
Calculating the offset parameter difference degree of adjacent fragment units, and generating a phase offset correction factor according to the difference degree and the quality evaluation parameter so as to update the offset in real time according to the phase offset correction factor, wherein the offset is calculated by the following expression:
;
;
;
in the formula, As the current phase offset amount,For the phase offset of the previous period, G is the number of fragment units contained in the current encryption window,For the partial derivative of the quality assessment parameter Q with respect to the bandwidth of the g-th fragmented transmission path,For the absolute value of the fluctuation of the bandwidth of the g-th sliced transmission path,For the delay jitter parameter of the bandwidth of the g-th sliced transmission path,And (5) a weighted average value of the quality evaluation parameters of the transmission paths corresponding to all the fragment units in the current encryption window.
In particular, the encryption window is used to load data-slicing units as needed, then adjusted by the current phase offset,The degree of difference of the degree of mixing is indicated,And as the phase shift correction factor, the same data are subjected to differentiated encapsulation on different paths through the phase shift correction factor so as to resist traffic analysis and replay attack.
And S500, constructing a space-time associated verification hash based on the dynamic key seed sequence, transmitting the encrypted fragment unit data through multiple paths, and checking the integrity and the space-time continuity of the receiving end based on the verification hash.
Preferably, in this embodiment, a verification hash of space-time association is constructed based on a dynamic key seed sequence, and the step of performing integrity and space-time continuity verification by a receiving end based on the verification hash by transmitting encrypted fragment unit data through multiple paths specifically includes:
constructing a coordinate marker based on the column-row entropy value of the transformation matrix and the time stamp of the data slicing unit according to the following calculation formula:
;
in the formula, For the transmission time offset of the f-th slice relative to the first slice,The dynamic key corresponding to the dynamic key seed sequence is H #) By usingA hash security function;
calculating a hash value for each fragment unit according to the following calculation formula, generating a verification hash of a space-time dimension based on the hash value and the coordinate mark, and marking the fragment unit by taking the verification hash as a label:
;
in the formula, For the verification hash of the f-th fragment,For the ciphertext data of the f-th fragment,H for the verification hash of the previous fragment) By usingA hash security function;
The receiving end performs integrity and time-space continuity check based on verification hash according to the following calculation formula:
;
;
in the formula, For the conjunctive symbol, F is the number of slices,For the verification hash of the f-th slice,In order to receive the ciphertext data,For the validated valid hash of the f-1 th shard,For the coordinate marks calculated at the receiving end,For the reception timestamp of the f-th slice,For the reception timestamp of the f-1 st slice,Is a time threshold value H%) By usingHash security function. In particular the number of the elements,Meaning that for all slices f=1 to F, the equation condition is satisfied,And if the received hash value is consistent with the locally calculated hash value, checking the data integrity, wherein the coordinate mark calculated by the receiving end can be calculated by referring to the coordinate mark of the transmitting end, wherein the transformation matrix row-column entropy value and the transmission time offset are added in the data packet for transmission, and the dynamic key is synchronized by the key distribution center.
The maximum value of the absolute value of the time offset difference representing all adjacent fragments is smaller than the time threshold, and even if the fragments arrive out of order, the fragment arrival time difference of the adjacent sequence numbers is within the time threshold after the fragments are ordered according to the sequence numbers so as to ensure the sequence continuity.
In summary, the data security transmission method in the above embodiment of the present invention dynamically generates a key seed sequence by collecting network environment parameters in real time to realize single-time one-time encryption and block replay attack, dynamically adjusts a data slicing strategy based on device performance parameters to reduce retransmission rate, implements exclusive or transformation on sliced data by using a transformation matrix to enhance ciphertext randomness to resist flow analysis, adjusts offset of an encryption window in real time by a transmission path quality evaluation parameter to improve jitter network throughput while ensuring security, and finally constructs a time-space associated verification hash to realize dual verification of integrity and time continuity of multipath transmission data and improve transmission reliability in high dynamic environment of industrial internet.
Example two
The second embodiment of the present application further provides a data secure transmission system, which is used for implementing the embodiments and the preferred implementation manner, and the description is omitted herein. As used below, the terms "module," "unit," "sub-unit," and the like may be a combination of software and/or hardware that implements a predetermined function. While the system described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
As shown in fig. 2, the system includes an acquisition module 100, a key module 200, a fragmentation module 300, an encryption module 400, and a verification module 500.
The acquisition module 100 is used for acquiring real-time performance parameters and network environment parameters of the transmission equipment;
The key module 200 is configured to generate a dynamic key seed sequence based on a round trip delay jitter parameter and a packet loss rate characteristic of a transmission path according to a network environment parameter of the transmission device;
The slicing module 300 is configured to dynamically generate a data slicing policy according to a performance parameter of the transmission device, so as to divide data to be transmitted into a plurality of slicing units based on the data slicing policy, and establish a data encrypted transformation matrix based on a dynamic key seed sequence to transform the slicing unit data;
The encryption module 400 is configured to encapsulate the fragment unit data through an encryption window, and generate a transmission path quality evaluation parameter according to a mapping algorithm, so as to dynamically adjust an offset of the encryption window according to the quality evaluation parameter;
The verification module 500 is configured to construct a space-time associated verification hash based on the dynamic key seed sequence, and transmit the encrypted fragment unit data through multiple paths, and the receiving end performs integrity and space-time continuity verification based on the verification hash.
Preferably, in this embodiment, the slicing module 300 is specifically configured to:
Establishing a joint perception model of equipment performance and network state, and dynamically sampling performance load factors corresponding to the performance parameters of the transmission equipment through a sliding window mechanism;
determining a fragmentation threshold according to the nonlinear mapping relation between the characteristics of the data to be transmitted and the performance load factor:
;
;
in the formula, In order to be a fragmentation threshold value,For the total size of the data to be transmitted,For the value of the reference bandwidth it is,For the currently available bandwidth to be available,As a quality coefficient of the server,As a function of the performance loading factor,For the device coefficient of performance, n is the number of samples of the sliding window,Processor utilization for the kth sample,For the memory usage of the kth sample,For the time difference between the current time and the kth sample,In order to average the time delay,Is the total memory.
Preferably, in this embodiment, the slicing module 300 is specifically further configured to:
Calculating a dynamic correction factor through bandwidth fluctuation rate to correct the fragmentation threshold based on the dynamic correction factor to obtain a correction threshold, wherein the calculation expression of the dynamic correction factor is as follows:
;
in the formula, As an absolute value of the bandwidth fluctuation,For the average bandwidth to be the same,Is the standard fragment size;
the calculation expression of the transformation matrix is as follows:
;
in the formula, In order to transform the matrix,For the path feature check value,For a byte sequence corresponding to the dynamic key seed sequence,For a byte sequence corresponding to the available bandwidth,U is the exclusive OR operation) Indicating a cyclic shift-left operation,Represents the number of shift bits and,For the transformation of the matrix row entropy values,Is the transform matrix column entropy value.
Preferably, in this embodiment, the encryption module 400 is specifically configured to:
Calculating the offset parameter difference degree of adjacent fragment units, and generating a phase offset correction factor according to the difference degree and the quality evaluation parameter so as to update the offset in real time according to the phase offset correction factor, wherein the offset is calculated by the following expression:
;
;
;
in the formula, As the current phase offset amount,For the phase offset of the previous period, G is the number of fragment units contained in the current encryption window,For the partial derivative of the quality assessment parameter Q with respect to the bandwidth of the g-th fragmented transmission path,For the absolute value of the fluctuation of the bandwidth of the g-th sliced transmission path,For the delay jitter parameter of the bandwidth of the g-th sliced transmission path,And (5) a weighted average value of the quality evaluation parameters of the transmission paths corresponding to all the fragment units in the current encryption window.
Preferably, in this embodiment, the verification module 500 is specifically configured to:
constructing a coordinate marker based on the column-row entropy value of the transformation matrix and the time stamp of the data slicing unit according to the following calculation formula:
;
in the formula, For the transmission time offset of the f-th slice relative to the first slice,A dynamic key corresponding to the dynamic key seed sequence;
calculating a hash value for each fragment unit according to the following calculation formula, generating a verification hash of a space-time dimension based on the hash value and the coordinate mark, and marking the fragment unit by taking the verification hash as a label:
;
in the formula, For the verification hash of the f-th fragment,For the ciphertext data of the f-th fragment,The verification hash for the previous fragment;
The receiving end performs integrity and time-space continuity check based on verification hash according to the following calculation formula:
;
;
in the formula, For the conjunctive symbol, F is the number of slices,For the verification hash of the f-th slice,In order to receive the ciphertext data,For the validated valid hash of the f-1 th shard,For the coordinate marks calculated at the receiving end,For the reception timestamp of the f-th slice,For the reception timestamp of the f-1 st slice,Is a time threshold.
The respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the modules may be located in the same processor, or the modules may be located in different processors in any combination.
Example III
A third embodiment of the application provides a computer which may include a processor 81 and a memory 82 storing computer program commands.
In particular, the processor 81 may include a Central Processing Unit (CPU), or an Application SPECIFIC INTEGRATED Circuit (ASIC), or may be configured as one or more integrated circuits that implement embodiments of the present application.
The memory 82 may include, among other things, mass storage for data or commands. By way of example, and not limitation, memory 82 may comprise a hard disk drive (HARD DISK DRIVE, abbreviated HDD), floppy disk drive, solid state drive (Solid STATE DRIVE, abbreviated SSD), flash memory, optical disk, magneto-optical disk, magnetic tape, or universal serial bus (Universal Serial Bus, abbreviated USB) drive, or a combination of two or more of these. The memory 82 may include removable or non-removable (or fixed) media, where appropriate. The memory 82 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 82 is a Non-Volatile (Non-Volatile) memory. In particular embodiments, memory 82 includes Read-Only Memory (ROM) and random access Memory (Random Access Memory, RAM). Where appropriate, the ROM may be a mask-programmed ROM, a programmable ROM (Programmable Read-Only Memory, abbreviated PROM), an erasable PROM (Erasable Programmable Read-Only Memory, abbreviated EPROM), an electrically erasable PROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, abbreviated EEPROM), an electrically rewritable ROM (ELECTRICALLY ALTERABLE READ-Only Memory, abbreviated EAROM), or a FLASH Memory (FLASH), or a combination of two or more of these. The RAM may be a Static Random-Access Memory (SRAM) or a dynamic Random-Access Memory (Dynamic Random Access Memory DRAM), where the DRAM may be a fast page mode dynamic Random-Access Memory (Fast Page Mode Dynamic Random Access Memory, FPMDRAM), an extended data output dynamic Random-Access Memory (Extended Date Out Dynamic Random Access Memory, EDODRAM), a synchronous dynamic Random-Access Memory (Synchronous Dynamic Random-Access Memory, SDRAM), or the like, as appropriate.
Memory 82 may be used to store or cache various data files that need to be processed and/or communicated, as well as possible computer program commands executed by processor 81.
The processor 81 implements any of the data security transmission methods of the above embodiments by reading and executing the computer program commands stored in the memory 82.
In some of these embodiments, the computer may also include a communication interface 83 and a bus 80. As shown in fig. 3, the processor 81, the memory 82, and the communication interface 83 are connected to each other through the bus 80 and perform communication with each other.
The communication interface 83 is used to enable communication between modules, devices, units and/or units in embodiments of the application. The communication interface 83 may also enable data communication with other components such as external devices, image/data acquisition devices, databases, external storage, and image/data processing workstations.
Bus 80 includes hardware, software, or both, coupling the components of the computer to one another. The Bus 80 includes, but is not limited to, at least one of a Data Bus (Data Bus), an Address Bus (Address Bus), a Control Bus (Control Bus), an Expansion Bus (Expansion Bus), and a Local Bus (Local Bus). By way of example, and not limitation, bus 80 may include a graphics acceleration interface (ACCELERATED GRAPHICS Port, abbreviated as AGP) or other graphics Bus, an enhanced industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) Bus, a Front Side Bus (Front Side Bus, abbreviated as FSB), a HyperTransport (abbreviated as HT) interconnect, an industry standard architecture (Industry Standard Architecture, abbreviated as ISA) Bus, a wireless bandwidth (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a micro channel architecture (Micro Channel Architecture, abbreviated as MCA) Bus, a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, abbreviated as PCI) Bus, a PCI-Express (PCI-X) Bus, a serial advanced technology attachment (SERIAL ADVANCED Technology Attachment, abbreviated as SATA) Bus, a video electronics standards Association local (Video Electronics Standards Association Local Bus, abbreviated as VLB) Bus, or other suitable Bus, or a combination of two or more of these. Bus 80 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
Example IV
A fourth embodiment of the present application provides a readable storage medium. The readable storage medium has stored thereon computer program instructions which when executed by a processor implement any of the data security transmission methods of the above embodiments.
The technical features of the above-described embodiments may be arbitrarily combined, and for brevity, all of the possible combinations of the technical features of the embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (4)
1. A method for secure transmission of data, comprising the steps of:
Collecting real-time performance parameters and network environment parameters of transmission equipment;
generating a dynamic key seed sequence based on the round trip delay jitter parameter and the packet loss rate characteristic of a transmission path according to the network environment parameters of the transmission equipment;
Dynamically generating a data slicing strategy according to the performance parameters of the transmission equipment, dividing the data to be transmitted into a plurality of slicing units based on the data slicing strategy, and establishing a data encryption transformation matrix based on a dynamic key seed sequence to transform and encrypt the slicing unit data;
Packaging the fragment unit data through an encryption window, and generating a transmission path quality evaluation parameter according to a mapping algorithm so as to dynamically adjust the offset of the encryption window according to the quality evaluation parameter;
Constructing a time-space correlation verification hash based on the dynamic key seed sequence, transmitting the encrypted fragment unit data through multiple paths, and checking the integrity and the time-space continuity of the receiving end based on the verification hash;
The step of dynamically generating the data slicing strategy according to the performance parameters of the transmission equipment specifically comprises the following steps:
Establishing a joint perception model of equipment performance and network state, and dynamically sampling performance load factors corresponding to the performance parameters of the transmission equipment through a sliding window mechanism;
determining a fragmentation threshold according to the nonlinear mapping relation between the characteristics of the data to be transmitted and the performance load factor:
;
;
in the formula, In order to be a fragmentation threshold value,For the total size of the data to be transmitted,For the value of the reference bandwidth it is,For the currently available bandwidth to be available,As a quality coefficient of the server,As a function of the performance loading factor,For the device coefficient of performance, n is the number of samples of the sliding window,Processor utilization for the kth sample,For the memory usage of the kth sample,For the time difference between the current time and the kth sample,In order to average the time delay,Is the total memory quantity;
The calculation expression of the dynamic key seed sequence is as follows:
;
;
in the formula, For a dynamic key seed sequence,() The function is derived from HKDF of the functions,H is the path stability factor) As a hash function, t is a byte sequence corresponding to a timestamp,S is a byte sequence corresponding to the path characteristic entropy value of the dynamic key seed sequence for the fragment length,Representing a byte splice operation, m is the number of transmission paths,In order to average the transmission delay time,For the delay jitter of the i-th path,For the packet loss rate of the ith path,Performing modular operation;
the step of dividing the data to be transmitted into a plurality of slicing units based on the data slicing strategy specifically comprises the following steps:
Calculating a dynamic correction factor through bandwidth fluctuation rate to correct the fragmentation threshold based on the dynamic correction factor to obtain a correction threshold, wherein the calculation expression of the dynamic correction factor is as follows:
;
in the formula, As an absolute value of the bandwidth fluctuation,For the average bandwidth to be the same,Is the standard fragment size;
the calculation expression of the transformation matrix is as follows:
;
in the formula, In order to transform the matrix,For the path feature check value,For a byte sequence corresponding to the dynamic key seed sequence,For a byte sequence corresponding to the available bandwidth,U is the exclusive OR operation) Indicating a cyclic shift-left operation,Represents the number of shift bits and,For the transformation of the matrix row entropy values,Entropy values are used as transformation matrix columns;
the calculation expression of the transmission path quality evaluation parameter is as follows:
;
in the formula, For the transmission path quality assessment parameters,For the bandwidth of the i-th path,At the level of the maximum bandwidth to be achieved,Is a time delay normalization factor;
the step of dynamically adjusting the offset of the encryption window according to the quality evaluation parameter specifically includes:
Calculating the offset parameter difference degree of adjacent fragment units, and generating a phase offset correction factor according to the difference degree and the quality evaluation parameter so as to update the offset in real time according to the phase offset correction factor, wherein the offset is calculated by the following expression:
;
;
;
in the formula, As the current phase offset amount,For the phase offset of the previous period, G is the number of fragment units contained in the current encryption window,For the partial derivative of the quality assessment parameter Q with respect to the bandwidth of the g-th fragmented transmission path,For the absolute value of the fluctuation of the bandwidth of the g-th sliced transmission path,For the delay jitter parameter of the bandwidth of the g-th sliced transmission path,A weighted average value of quality evaluation parameters of the transmission paths corresponding to all the fragment units in the current encryption window;
the method comprises the steps of constructing a time-space associated verification hash based on a dynamic key seed sequence, transmitting encrypted fragment unit data through multiple paths, and checking the integrity and the time-space continuity of a receiving end based on the verification hash, wherein the steps comprise:
constructing a coordinate marker based on the column-row entropy value of the transformation matrix and the time stamp of the data slicing unit according to the following calculation formula:
;
in the formula, For the transmission time offset of the f-th slice relative to the first slice,A dynamic key corresponding to the dynamic key seed sequence;
calculating a hash value for each fragment unit according to the following calculation formula, generating a verification hash of a space-time dimension based on the hash value and the coordinate mark, and marking the fragment unit by taking the verification hash as a label:
;
in the formula, For the verification hash of the f-th fragment,For the ciphertext data of the f-th fragment,The verification hash for the previous fragment;
The receiving end performs integrity and time-space continuity check based on verification hash according to the following calculation formula:
;
;
in the formula, For the conjunctive symbol, F is the number of slices,For the verification hash of the f-th slice,In order to receive the ciphertext data,For the validated valid hash of the f-1 th shard,For the coordinate marks calculated at the receiving end,For the reception timestamp of the f-th slice,For the reception timestamp of the f-1 st slice,Is a time threshold.
2. A data security transmission system for implementing the method of claim 1, comprising:
the acquisition module acquires real-time performance parameters and network environment parameters of the transmission equipment;
The key module generates a dynamic key seed sequence based on the round trip delay jitter parameter and the packet loss rate characteristic of a transmission path according to the network environment parameters of the transmission equipment;
the fragmentation module dynamically generates a data fragmentation strategy according to the performance parameters of the transmission equipment, so as to divide the data to be transmitted into a plurality of fragmentation units based on the data fragmentation strategy, and establishes a data encryption transformation matrix based on a dynamic key seed sequence to transform and encrypt the fragmentation unit data;
The encryption module is used for packaging the fragment unit data through the encryption window and generating a transmission path quality evaluation parameter according to a mapping algorithm so as to dynamically adjust the offset of the encryption window according to the quality evaluation parameter;
and the verification module is used for constructing a time-space associated verification hash based on the dynamic key seed sequence, transmitting the encrypted fragment unit data through multiple paths, and verifying the integrity and the time-space continuity based on the verification hash by the receiving end.
3. A computer comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for secure transmission of data as claimed in claim 1 when executing the computer program.
4. A storage medium having stored thereon a computer program, which when executed by a processor implements the data security transmission method according to claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510821478.9A CN120342616B (en) | 2025-06-19 | 2025-06-19 | Data security transmission method, system, computer and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510821478.9A CN120342616B (en) | 2025-06-19 | 2025-06-19 | Data security transmission method, system, computer and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120342616A CN120342616A (en) | 2025-07-18 |
| CN120342616B true CN120342616B (en) | 2025-08-29 |
Family
ID=96358570
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510821478.9A Active CN120342616B (en) | 2025-06-19 | 2025-06-19 | Data security transmission method, system, computer and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120342616B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119561605A (en) * | 2025-01-16 | 2025-03-04 | 深圳市微星物联科技有限公司 | A low-orbit satellite Internet of Things communication method and system based on dynamic blockchain |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1999007077A2 (en) * | 1997-07-31 | 1999-02-11 | Stanford Syncom Inc. | Means and method for a synchronous network communications system |
| US9998434B2 (en) * | 2015-01-26 | 2018-06-12 | Listat Ltd. | Secure dynamic communication network and protocol |
| TWI808317B (en) * | 2020-04-01 | 2023-07-11 | 阿證科技股份有限公司 | Quantum Resistant System for Key Management Mechanism |
| US11544560B2 (en) * | 2020-04-10 | 2023-01-03 | Microsoft Technology Licensing, Llc | Prefetching and/or computing resource allocation based on predicting classification labels with temporal data |
| JP2023004495A (en) * | 2021-06-26 | 2023-01-17 | 広海 大谷 | Devise of business model through internet and invention of method for strengthening security |
| CN119544210A (en) * | 2024-11-28 | 2025-02-28 | 雄安京创云超科技有限公司 | A method for secure transmission of digital information in the Internet of Things |
| CN120128361A (en) * | 2025-02-24 | 2025-06-10 | 安徽微智物联网科技有限公司 | A method for information security management based on data processing |
| CN119922011A (en) * | 2025-03-18 | 2025-05-02 | 深圳市聪询电子科技有限公司 | Computer network security data transmission method and device |
| CN120165862A (en) * | 2025-04-14 | 2025-06-17 | 中国长江电力股份有限公司 | A dual password system fast switching method and system |
| CN120105485B (en) * | 2025-05-08 | 2025-07-25 | 北京天耀宏图科技有限公司 | A real estate registration privacy protection method and system based on zero-knowledge proof |
-
2025
- 2025-06-19 CN CN202510821478.9A patent/CN120342616B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119561605A (en) * | 2025-01-16 | 2025-03-04 | 深圳市微星物联科技有限公司 | A low-orbit satellite Internet of Things communication method and system based on dynamic blockchain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN120342616A (en) | 2025-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8943578B2 (en) | Method and apparatus for fast check and update of anti-replay window without bit-shifting in internet protocol security | |
| US9237015B2 (en) | Compact and efficient communication security through combining anti-replay with encryption | |
| EP3065341B1 (en) | Content classification medthod and device | |
| CN116707908B (en) | Intelligent encryption method and system for message | |
| US10425231B2 (en) | Information processing apparatus and method for authenticating message | |
| US10412069B2 (en) | Packet transmitting apparatus, packet receiving apparatus, and computer readable medium | |
| US20160119121A1 (en) | Encryption/decryption apparatus and encryption/decryption method thereof | |
| US10200356B2 (en) | Information processing system, information processing apparatus, information processing method, and recording medium | |
| CN113507482B (en) | Data security transmission method, security transaction method, system, medium and equipment | |
| CN117640256A (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| CN120342616B (en) | Data security transmission method, system, computer and storage medium | |
| US12003648B2 (en) | Method and apparatus for securing real-time data transfer from a device | |
| CN119030753A (en) | Data transmission method of routing node and related equipment | |
| JP2010258993A (en) | Data processing device | |
| Lakshmikanthan et al. | Protecting Self-Driving Vehicles from attack threats | |
| CN102542070A (en) | Method for structuring one-way Hash function based on random function | |
| KR101976840B1 (en) | Apparatus and method for multichannel data communication | |
| CN113645176A (en) | Method and device for detecting counterfeit flow and electronic equipment | |
| Soni | Moving target network steganography | |
| CN116668004B (en) | Method and device for rapidly identifying abnormal information and storage medium thereof | |
| Fu et al. | Preimage attacks on xoodyak and gaston based on algebraic strategies | |
| CN118764199B (en) | A quantum key-based encryption method for IoT terminals | |
| US20220393987A1 (en) | Method, system, and conversion apparatus | |
| Rathnala et al. | A practical approach to differential power analysis using PIC micrcontroller based embedded system | |
| CN120546825A (en) | A data transmission method based on checksum verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |