[go: up one dir, main page]

CN116032577A - System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment - Google Patents

System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment Download PDF

Info

Publication number
CN116032577A
CN116032577A CN202211629872.5A CN202211629872A CN116032577A CN 116032577 A CN116032577 A CN 116032577A CN 202211629872 A CN202211629872 A CN 202211629872A CN 116032577 A CN116032577 A CN 116032577A
Authority
CN
China
Prior art keywords
data
terminal
module
equipment
fingerprint data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211629872.5A
Other languages
Chinese (zh)
Inventor
李艳生
钟志峰
李房斌
易慧
邓赛南
宋虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Chengxin Yingtong Technology Co ltd
Original Assignee
Beijing Chengxin Yingtong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Chengxin Yingtong Technology Co ltd filed Critical Beijing Chengxin Yingtong Technology Co ltd
Priority to CN202211629872.5A priority Critical patent/CN116032577A/en
Publication of CN116032577A publication Critical patent/CN116032577A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the technical field of data security transmission in the Internet of things and industrial control industries, and discloses a system, a method, a medium and a terminal for realizing end-to-end data security transmission of terminal equipment. According to the invention, the local terminal equipment is realized through key initialization, certificate management, encryption and decryption, equipment monitoring and authority control, so that the cloud computing pressure is effectively reduced, the authorized analysis efficiency is improved, meanwhile, the on-line transmission of the security key is reduced, the hijacking risk of the key is reduced, and the security of the transmitted data is increased.

Description

实现终端设备端到端的数据安全传输系统、传输方法、介质及终端Realize end-to-end data security transmission system, transmission method, medium and terminal of terminal equipment

技术领域technical field

本发明属于物联网、工控行业的数据安全传输技术领域,尤其涉及一种实现终端设备端到端的数据安全传输系统、传输方法、介质及终端。The invention belongs to the technical field of secure data transmission in the Internet of Things and industrial control industries, and in particular relates to a system, a transmission method, a medium and a terminal for realizing end-to-end secure data transmission of terminal equipment.

背景技术Background technique

目前,随着物联网和新一代通信技术兴起,端到端的信息通信随之增涨,由于数据量的不断加大、中心化计算面对数据压力以及计算压力越来越突出,同时,各种各样的木马、病毒、恶意攻击等行为不断的增多,严重威胁着数据传输安全。At present, with the rise of the Internet of Things and a new generation of communication technology, end-to-end information communication is increasing. Due to the increasing amount of data, centralized computing is facing more and more pressure on data and computing. At the same time, various Such Trojan horses, viruses, malicious attacks and other behaviors continue to increase, seriously threatening the security of data transmission.

现有技术中,简单的传输协议数据很容易被劫持和破解,造成通信或生产隐患,例如信息数据泄露,工控生产指令错误发送与执行;因此,大多采用端到端的边缘环境身份验证,如此授权解析效率和压力逐步加大,边缘设备身份难以识别,同时,现有技术中数据传输采用中心方案,以云端服务器作为各设备数据传输及加解密的中心,加解密的运算大部分集中在云端完成,造成云端的计算压力较大,授权解析的效率降低,安全密钥全部需要线上传递,降低了数据的安全性。In the existing technology, simple transmission protocol data is easily hijacked and cracked, causing hidden dangers in communication or production, such as information data leakage, wrong sending and execution of industrial control production instructions; The analysis efficiency and pressure are gradually increasing, and the identity of the edge device is difficult to identify. At the same time, the data transmission in the existing technology adopts the central scheme, and the cloud server is used as the center of the data transmission and encryption and decryption of each device. Most of the encryption and decryption operations are completed in the cloud. , resulting in high computing pressure on the cloud, reduced authorization resolution efficiency, and all security keys need to be transmitted online, reducing data security.

通过上述分析,现有技术存在的问题及缺陷为:现有技术中采用端到端的边缘环境身份验证,授权解析效率和压力逐步加大,边缘设备身份难以识别,同时,加解密的运算大部分集中在云端完成,造成云端的计算压力较大,授权解析的效率降低,安全密钥全部需要线上传递,降低了数据的安全性。Through the above analysis, the existing problems and defects of the existing technology are: the existing technology adopts end-to-end edge environment authentication, the efficiency and pressure of authorization analysis gradually increase, and the identity of the edge device is difficult to identify. At the same time, most of the encryption and decryption operations Centralized in the cloud, resulting in greater computing pressure on the cloud, reduced efficiency of authorization analysis, and all security keys need to be transmitted online, reducing data security.

解决以上问题及缺陷的意义为:本发明采用端到端的应用程序控制,以及数安全传输方法解决云端计算压力,能够有效提高授权解析效率,同时减少安全密钥的线上传递,保障了数据的安全性。The significance of solving the above problems and defects is: the present invention adopts end-to-end application program control and data security transmission method to solve the pressure of cloud computing, which can effectively improve the efficiency of authorization analysis, reduce the online transmission of security keys, and ensure the security of data. safety.

发明内容Contents of the invention

针对现有技术存在的问题,本发明提供了一种实现终端设备端到端的数据安全传输系统、传输方法、介质及终端。Aiming at the problems existing in the prior art, the present invention provides an end-to-end secure data transmission system, transmission method, medium and terminal for terminal equipment.

本发明是这样实现的,一种实现终端设备端到端的数据安全传输系统,包括:The present invention is achieved in this way, a system for realizing end-to-end data security transmission of terminal equipment, including:

终端服务层,其包括多个终端设备,所述终端设备包括:A terminal service layer, which includes a plurality of terminal devices, the terminal devices including:

密钥初始化模块,用于生成非对称公私密钥对和设备指纹数据;Key initialization module, used to generate asymmetric public-private key pair and device fingerprint data;

注册中心模块,用于存储公私密钥对及设备指纹数据,并通过云端将公钥及设备指纹数据同步到指定的各终端设备注册中心模块;The registration center module is used to store the public-private key pair and device fingerprint data, and synchronize the public key and device fingerprint data to the designated terminal device registration center module through the cloud;

加解密模块,用于预设指令操作对传输数据进行加解密;The encryption and decryption module is used to encrypt and decrypt the transmitted data by preset instruction operation;

权限控制模块:用于通过白名单、设备指纹等数据进行可传输设备配置;Authority control module: used for transmissible device configuration through whitelist, device fingerprint and other data;

云服务层,包括云端,用于获取注册中心模块存储的公钥及设备指纹数据,并将获取的公钥及设备指纹数据同步到其他各终端设备注册中心模块;The cloud service layer, including the cloud, is used to obtain the public key and device fingerprint data stored in the registration center module, and synchronize the obtained public key and device fingerprint data to other terminal device registration center modules;

网络传输层,用于实现各终端设备之间和各终端设备与云端的数据传输。The network transport layer is used to implement data transmission between terminal devices and between terminal devices and the cloud.

进一步,所述终端设备还包括设备状态监控模块,用于对终端设备使用状态进行监控并上报;Further, the terminal device also includes a device status monitoring module, which is used to monitor and report the usage status of the terminal device;

进一步,所述终端设备还包括数据接口,用于连接网络传输层。Further, the terminal device also includes a data interface for connecting to the network transport layer.

进一步,所述云端为公有云或私有云,所述网络传输层为无线网络或以太网。Further, the cloud is a public cloud or a private cloud, and the network transport layer is a wireless network or Ethernet.

本发明的另一目的在于提供一种应用实现终端设备端到端的数据安全传输系统的实现终端设备端到端的数据安全传输系统的传输方法,所述实现终端设备端到端的数据安全传输系统的传输方法包括以下步骤:Another object of the present invention is to provide a transmission method for realizing the end-to-end data security transmission system of the terminal equipment by applying the terminal equipment end-to-end data security transmission system, and the transmission method of the terminal equipment end-to-end data security transmission system The method includes the following steps:

步骤一,终端设备初始化通过密钥初始化模块生成非对称密钥对和设备指纹数据,并将公钥和指纹数据同步到注册中心模块;Step 1, the terminal device is initialized to generate an asymmetric key pair and device fingerprint data through the key initialization module, and synchronize the public key and fingerprint data to the registration center module;

步骤二,权限控制模块根据白名单和设备指纹数据进行可传输设备配置;Step 2, the authority control module performs transferable device configuration according to the whitelist and device fingerprint data;

步骤三,注册中心模块对获取的非对称密钥对和设备指纹数据进行存储,并通过云端将公钥和设备指纹数据分发到权限控制模块配置的其他终端设备的注册中心模块;Step 3, the registration center module stores the obtained asymmetric key pair and device fingerprint data, and distributes the public key and device fingerprint data to the registration center module of other terminal devices configured by the authority control module through the cloud;

步骤四,发送端设备通过加解密模块对明文进行加密并生成通信协议,并将通信协议发送至接收端设备;Step 4, the sending device encrypts the plaintext through the encryption and decryption module to generate a communication protocol, and sends the communication protocol to the receiving device;

步骤五,接收端设备接收传输协议,通过加解密模块对通信协议进行解密及验证。Step 5, the receiver device receives the transmission protocol, and decrypts and verifies the communication protocol through the encryption and decryption module.

进一步,所述通信协议包括计算标识、密文数据、时间戳、设备SN和摘要M。Further, the communication protocol includes calculation identification, ciphertext data, time stamp, device SN and digest M.

进一步,所述步骤四中的加解密模块对明文进行加密并生成通信协议包括:Further, the encryption and decryption module in the step 4 encrypts the plaintext and generates a communication protocol including:

S1,调用接收端设备公钥对明文进行加密生成密文;S1, call the public key of the receiver device to encrypt the plaintext to generate ciphertext;

S2,调用本设备指纹数据和接收端设备指纹数据做异或运算运用国密SM3算法进行hash运算,对运算结果截取128bit数据作为加密因子P;S2, call the fingerprint data of this device and the fingerprint data of the receiving end device to do XOR operation, use the national secret SM3 algorithm to perform hash operation, and intercept 128bit data from the operation result as the encryption factor P;

S3,将密文和加密因子通过国密SM4算法加密生成密文数据;S3, encrypting the ciphertext and the encryption factor through the national secret SM4 algorithm to generate ciphertext data;

S4,将明文数据通过SM3算法获取到摘要数据M;S4, obtain the summary data M from the plaintext data through the SM3 algorithm;

S5,将计算标识、密文数据、时间戳、设备SN和摘要M整理生成通信协议。S5, sort out the calculation identifier, ciphertext data, time stamp, device SN and digest M to generate a communication protocol.

进一步,所述步骤五中的加解密模块对通信协议进行解密及验证包括:Further, the decryption and verification of the communication protocol by the encryption and decryption module in the step five includes:

S6,根据通信协议截取密文数据,并根据本设备私钥通过SM2算法获取密文;S6, intercepting the ciphertext data according to the communication protocol, and obtaining the ciphertext through the SM2 algorithm according to the private key of the device;

S7,通过注册中心获取发送端设备的设备指纹数据并与本设备的设备指纹数据做异或处理,将处理结果做SM3运算后的结果截取128bit作为加密因子P;S7, obtain the device fingerprint data of the sending device through the registration center and perform XOR processing with the device fingerprint data of the device, and perform SM3 operation on the processing result to intercept 128bit as the encryption factor P;

S8,将密文和加密因子P做SM4解密运算获取到明文数据;S8, performing SM4 decryption operation on the ciphertext and encryption factor P to obtain plaintext data;

S9,将明文数据通过SM3算法做哈希运算,得到摘要数据M1,根据通信协议截取摘要数据M,对比摘要数据M1与摘要数据M是否相同,如果相同则说明数据完整,如果不同则证明接收数据不完整或数据被篡改。S9, hash the plaintext data through the SM3 algorithm to obtain the summary data M1, intercept the summary data M according to the communication protocol, compare whether the summary data M1 and the summary data M are the same, if they are the same, it means that the data is complete, and if they are different, it proves that the received data Incomplete or falsified data.

本发明的另一目的在于提供一种计算机可读存储介质,存储有计算机程序,所述计算机程序被处理器执行时,使得所述处理器执行如下步骤:Another object of the present invention is to provide a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the processor performs the following steps:

终端设备初始化通过密钥初始化模块生成非对称密钥对和设备指纹数据,并将公钥和指纹数据同步到注册中心模块;权限控制模块通过白名单和设备指纹数据进行可传输设备配置;注册中心模块对获取的非对称密钥对和设备指纹数据进行存储,并通过云端将公钥和设备指纹数据分发到权限控制模块配置的其他终端设备的注册中心模块;发送端终端设备通过加解密模块对明文进行加密并生成通信协议,通过云端发送至接收端终端设备;接收端终端设备接收传输协议,通过加解密模块对通信协议进行解密及验证。The terminal device initialization generates an asymmetric key pair and device fingerprint data through the key initialization module, and synchronizes the public key and fingerprint data to the registration center module; the authority control module performs transmittable device configuration through the white list and device fingerprint data; the registration center The module stores the obtained asymmetric key pair and device fingerprint data, and distributes the public key and device fingerprint data to the registration center module of other terminal devices configured by the authority control module through the cloud; The plaintext is encrypted and a communication protocol is generated, which is sent to the receiving terminal device through the cloud; the receiving terminal device receives the transmission protocol, and decrypts and verifies the communication protocol through the encryption and decryption module.

本发明的另一目的在于提供一种信息数据处理终端,所述信息数据处理终端用于实现终端设备端到端的数据安全传输系统。Another object of the present invention is to provide an information data processing terminal, which is used to implement an end-to-end data security transmission system for terminal equipment.

本发明提供的实现终端设备端到端的数据安全传输系统及传输方法的具有以下效果:The end-to-end data security transmission system and transmission method provided by the present invention have the following effects:

(1)实现了密钥初始化、公钥终端同步、数据终端验证、访问权限控制等功能,并融合了国密算法、设备指纹、数据防篡改校验,实现端到端直连传输数据安全;(1) Realize functions such as key initialization, public key terminal synchronization, data terminal verification, and access control, and integrate national secret algorithms, device fingerprints, and data tamper-proof verification to achieve end-to-end direct connection transmission data security;

(2)密钥初始化在终端设备,证书管理也在终端设备,初始化密钥后密钥同步到本地注册中心模块,同时设备指纹信息也一同保存在本地注册中心模块,在收到密钥变化后,密钥会通过云端动态注册到各个终端设备中,如此减少密钥被劫持风险,定期更改密钥对,增加指令数据的安全性。(2) The key is initialized on the terminal device, and the certificate management is also on the terminal device. After the key is initialized, the key is synchronized to the local registration center module, and the device fingerprint information is also stored in the local registration center module. After receiving the key change , the key will be dynamically registered to each terminal device through the cloud, so as to reduce the risk of key hijacking, change the key pair regularly, and increase the security of instruction data.

(3)加解密本地终端设备化,本地应用融合了国密算法、设备指纹及数据防篡改指令,并在本地调用加解密模块实现数据的安全性校验、发送和接收,极大的减小了云端的计算压力,提高了授权解析的效率。(3) Encryption and decryption of local terminal equipment, the local application integrates national secret algorithms, device fingerprints and data tamper-proof instructions, and calls the encryption and decryption module locally to realize data security verification, sending and receiving, greatly reducing It reduces the computing pressure on the cloud and improves the efficiency of authorization resolution.

(4)终端设备监控和权限控制本地终端设备化,在终端实时监控设备的运行状态、并设置访问权限、可以做到设备状态快速的态势感知和隔离。(4) Terminal equipment monitoring and authority control Local terminal equipment, real-time monitoring of equipment operating status on the terminal, and setting access permissions can achieve rapid situational awareness and isolation of equipment status.

(5)数据报文定制化,根据实际工作情况需要,可定制化设定密钥的加密方案。(5) Customization of the data message, according to the needs of the actual work, the encryption scheme of the key can be customized.

本发明的技术方案转化后的商业价值为:The commercial value after the conversion of the technical solution of the present invention is:

本方案技术转化后可以应用到工控、物联网等领域。通过去中心化的设计,减小系统的总线宽带、减少中心服务器的设备,起到将本增效的效果;同时实现报文数据的扁平化传输,可以提高端到端直连通信的安全性、高效性;赋予端到端设备自我检测能力及设备状态的通知及监控。After the technical transformation of this solution, it can be applied to industrial control, Internet of Things and other fields. Through the decentralized design, the bus bandwidth of the system is reduced and the equipment of the central server is reduced, which has the effect of increasing the efficiency; at the same time, the flat transmission of message data can be realized, which can improve the security of end-to-end direct communication , Efficiency; end-to-end device self-detection capability and notification and monitoring of device status.

随着信息化建设的不断增强,以及端到端设备的不断更新及扩展,该方案的降本增效能力将进一步放大和突出。With the continuous enhancement of informatization construction and the continuous update and expansion of end-to-end equipment, the cost reduction and efficiency enhancement capabilities of this solution will be further enlarged and highlighted.

附图说明Description of drawings

为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例中所需要使用的附图做简单的介绍,显而易见地,下面所描述的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following will briefly introduce the drawings that need to be used in the embodiments of the present invention. Obviously, the drawings described below are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

图1是本发明实施例提供的实现终端设备端到端的数据安全传输系统的架构示意图。FIG. 1 is a schematic diagram of an architecture of a system for realizing end-to-end secure data transmission of a terminal device provided by an embodiment of the present invention.

图2是本发明实施例提供的实现终端设备端到端的数据安全传输系统的组件图。Fig. 2 is a component diagram of a system for realizing end-to-end secure data transmission of a terminal device provided by an embodiment of the present invention.

图3是本发明实施例提供的实现终端设备端到端的数据安全传输系统的传输方法的流程图。FIG. 3 is a flow chart of a transmission method for implementing an end-to-end data security transmission system for a terminal device provided by an embodiment of the present invention.

图4是本发明实施例提供的加解密模块对明文进行加密并生成通信协议的流程图。Fig. 4 is a flow chart of encrypting plaintext and generating a communication protocol by the encryption and decryption module provided by the embodiment of the present invention.

图5是本发明实施例提供的加解密模块对通信协议进行解密及验证的流程图。Fig. 5 is a flow chart of decrypting and verifying the communication protocol by the encryption and decryption module provided by the embodiment of the present invention.

图6是本发明实施例提供的实现终端设备端到端的数据安全传输系统的传输方法的加解密算法流程图。FIG. 6 is a flowchart of an encryption and decryption algorithm of a transmission method for implementing an end-to-end data security transmission system for a terminal device provided by an embodiment of the present invention.

图7是本发明实施例提供的数据加密算法流程图。Fig. 7 is a flowchart of a data encryption algorithm provided by an embodiment of the present invention.

图8是本发明实施例提供的数据解密算法流程图。Fig. 8 is a flowchart of a data decryption algorithm provided by an embodiment of the present invention.

图9是本发明实施例提供的验证数据完整性算法流程图。FIG. 9 is a flowchart of an algorithm for verifying data integrity provided by an embodiment of the present invention.

图中:100、终端服务层;200、云服务层;300、网络传输层;101、终端设备;201、云端;1、密钥初始化模块;2、注册中心模块;3、加解密模块;4、权限控制模块;5、设备状态监控模块;6、数据接口。In the figure: 100, terminal service layer; 200, cloud service layer; 300, network transmission layer; 101, terminal device; 201, cloud; 1, key initialization module; 2, registration center module; 3, encryption and decryption module; 4 , Authority control module; 5, Equipment status monitoring module; 6, Data interface.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

针对现有技术存在的问题,本发明提供了一种实现终端设备端到端的数据安全传输系统及传输方法,下面结合附图对本发明作详细的描述。Aiming at the problems existing in the prior art, the present invention provides an end-to-end secure data transmission system and transmission method for terminal devices. The present invention will be described in detail below with reference to the accompanying drawings.

如图1-2所示,一种实现终端设备101端到端的数据安全传输系统,包括终端服务层100、云服务层200和网络传输层300,终端服务层100包括多个终端设备101,终端设备101包括密钥初始化模块1、注册中心模块2、加解密模块3、权限控制模块4和设备状态监控模块5,密钥初始化模块1用于生成非对称公私密钥对和设备指纹数据,注册中心模块2用于存储公私密钥对及设备指纹数据,并通过云端201将公钥及设备指纹数据同步到指定的各终端设备101注册中心模块2,加解密模块3用于预设指令操作对传输数据进行加解密,权限控制模块4用于通过白名单、设备指纹等数据进行可传输设备配置,设备状态监控模块5用于对终端设备101使用状态进行实时监控,当设备运行异常及设备被入侵则上报设备异常信息到云端201,云服务层200包括云端201,用于获取注册中心模块2存储的公钥及设备指纹数据,并将获取的公钥及设备指纹数据同步到其他各终端设备101注册中心模块2,云端201可以为公有云或私有云,网络传输层300用于实现各终端设备101之间和各终端设备101与云端201的数据传输,网络传输层300可以为无线网络或以太网,无线网络与公有云配套使用,以太网与私有云配套使用,终端设备101还设有数据接口6,网络传输层300连接各终端设备101的数据接口6,使各终端设备101之间能够直接进行数据传输,同时网络传输层300还连接云端201,使各终端设备101与云端201之间能够进行数据传输。As shown in Figure 1-2, an end-to-end secure data transmission system for terminal devices 101 includes a terminal service layer 100, a cloud service layer 200, and a network transport layer 300. The terminal service layer 100 includes multiple terminal devices 101, terminal The device 101 includes a key initialization module 1, a registration center module 2, an encryption and decryption module 3, an authority control module 4, and a device status monitoring module 5. The key initialization module 1 is used to generate an asymmetric public-private key pair and device fingerprint data, and register The central module 2 is used to store the public-private key pair and device fingerprint data, and synchronize the public key and device fingerprint data to the designated terminal devices 101 through the cloud 201 to register the central module 2, and the encryption and decryption module 3 is used for preset instruction operation pairs The transmission data is encrypted and decrypted. The authority control module 4 is used to configure the transmittable device through whitelist, device fingerprint and other data. The device status monitoring module 5 is used to monitor the usage status of the terminal device 101 in real time. The intrusion reports device abnormality information to the cloud 201, and the cloud service layer 200 includes the cloud 201, which is used to obtain the public key and device fingerprint data stored in the registration center module 2, and synchronize the obtained public key and device fingerprint data to other terminal devices 101 registration center module 2, the cloud 201 can be a public cloud or a private cloud, the network transport layer 300 is used to realize the data transmission between each terminal device 101 and between each terminal device 101 and the cloud 201, the network transport layer 300 can be a wireless network or Ethernet, wireless network and public cloud are used together, and Ethernet is used together with private cloud. The terminal equipment 101 is also provided with a data interface 6, and the network transport layer 300 is connected to the data interface 6 of each terminal equipment 101, so that between each terminal equipment 101 Data transmission can be performed directly, and at the same time, the network transport layer 300 is also connected to the cloud 201 , so that data transmission can be performed between each terminal device 101 and the cloud 201 .

如图3所示,本发明实施例提供的实现终端设备端到端的数据安全传输系统的传输方法包括以下步骤:As shown in FIG. 3, the transmission method for realizing the end-to-end data security transmission system of the terminal device provided by the embodiment of the present invention includes the following steps:

步骤一,终端设备初始化通过密钥初始化模块生成非对称密钥对和设备指纹数据,并将公钥和指纹数据同步到注册中心模块;Step 1, the terminal device is initialized to generate an asymmetric key pair and device fingerprint data through the key initialization module, and synchronize the public key and fingerprint data to the registration center module;

步骤二,权限控制模块根据白名单和设备指纹数据进行可传输设备配置;Step 2, the authority control module performs transferable device configuration according to the whitelist and device fingerprint data;

步骤三,注册中心模块对获取的非对称密钥对和设备指纹数据进行存储,并通过云端将公钥和设备指纹数据分发到权限控制模块配置的其他终端设备的注册中心模块;Step 3, the registration center module stores the obtained asymmetric key pair and device fingerprint data, and distributes the public key and device fingerprint data to the registration center module of other terminal devices configured by the authority control module through the cloud;

步骤四,发送端设备通过加解密模块对明文进行加密并生成通信协议,并直接将通信协议发送至接收端设备;Step 4, the sending device encrypts the plaintext through the encryption and decryption module to generate a communication protocol, and directly sends the communication protocol to the receiving device;

步骤五,接收端设备接收传输协议,通过加解密模块对通信协议进行解密及验证。Step 5, the receiver device receives the transmission protocol, and decrypts and verifies the communication protocol through the encryption and decryption module.

如图4所示,本发明实施例中,通信协议由计算标识、密文数据、时间戳、设备SN和摘要M组成;As shown in Figure 4, in the embodiment of the present invention, the communication protocol consists of calculation identification, ciphertext data, time stamp, device SN and digest M;

在步骤四中的加解密模块对明文进行加密并生成通信协议包括如下步骤:The encryption and decryption module in step 4 encrypts the plaintext and generates a communication protocol including the following steps:

S1,调用接收端设备公钥对明文进行加密生成密文;S1, call the public key of the receiver device to encrypt the plaintext to generate ciphertext;

S2,调用本设备指纹数据和接收端设备指纹数据做异或运算运用国密SM3算法进行hash运算,对运算结果截取128bit数据作为加密因子P;S2, call the fingerprint data of this device and the fingerprint data of the receiving end device to do XOR operation, use the national secret SM3 algorithm to perform hash operation, and intercept 128bit data from the operation result as the encryption factor P;

S3,将密文和加密因子通过国密SM4算法加密生成密文数据;S3, encrypting the ciphertext and the encryption factor through the national secret SM4 algorithm to generate ciphertext data;

S4,将明文数据通过SM3算法获取到摘要数据M;S4, obtain the summary data M from the plaintext data through the SM3 algorithm;

S5,将计算标识、密文数据、时间戳、设备SN和摘要M整理生成通信协议。S5, sort out the calculation identifier, ciphertext data, time stamp, device SN and digest M to generate a communication protocol.

如图5所示,在步骤五中的加解密模块对通信协议进行解密及验证包括如下步骤:As shown in Figure 5, the encryption and decryption module in step 5 decrypts and verifies the communication protocol including the following steps:

S6,根据通信协议截取密文数据,并根据本设备私钥通过SM2算法获取密文。S6, intercepting the ciphertext data according to the communication protocol, and obtaining the ciphertext through the SM2 algorithm according to the private key of the device.

S7,通过注册中心获取发送端设备的设备指纹数据并与本设备的设备指纹数据做异或处理,将处理结果做SM3运算后的结果截取128bit作为加密因子P。S7. Obtain the device fingerprint data of the sending device through the registration center and perform XOR processing with the device fingerprint data of the device, and perform SM3 operation on the processing result to intercept 128 bits as the encryption factor P.

S8,将密文和加密因子P做SM4解密运算获取到明文数据;S8, performing SM4 decryption operation on the ciphertext and encryption factor P to obtain plaintext data;

S9,将明文数据通过SM3算法做哈希运算,得到摘要数据M1,根据通信协议截取摘要数据M,对比摘要数据M1与摘要数据M是否相同,如果相同则说明数据完整,如果不同则证明接收数据不完整或数据被篡改。S9, hash the plaintext data through the SM3 algorithm to obtain the summary data M1, intercept the summary data M according to the communication protocol, compare whether the summary data M1 and the summary data M are the same, if they are the same, it means that the data is complete, and if they are different, it proves that the received data Incomplete or falsified data.

下面结合具体实施例对本发明的技术效果作进一步描述:The technical effect of the present invention will be further described below in conjunction with specific embodiment:

为说明本方案,我们以两个终端设备为例,对本发明提供的实现终端设备端到端的数据安全传输系统及传输方法进行描述:To illustrate this solution, we take two terminal devices as an example to describe the end-to-end data security transmission system and transmission method for terminal devices provided by the present invention:

如图6所示,终端设备中均设置密钥初始化模块1、注册中心模块2、加解密模块3、设备状态监控和权限控制模块4,首先为终端设备初始化阶段:权限控制模块4根据白名单和设备SN码进行相关过滤实现可传输终端设备101的配置,在设备初始化时通过密钥初始化模块1生成非对称密钥对和设备指纹数据,生成密钥对后将密钥对和设备指纹数据同步到本设备的注册中心模块2,本设备注册中心模块2对密钥对和设备指纹数据进行存储并通过网络出输层上传至云端201,由云端201将本设备的公钥和设备指纹数据分发到其他所配置传输终端设备101的注册中心模块2并进行存储,设备监控模块实时监控设备状态信息,当设备运行异常及设备被入侵则上报设备异常信息到云端201;As shown in Figure 6, the key initialization module 1, registration center module 2, encryption and decryption module 3, device status monitoring and authority control module 4 are all set in the terminal equipment. First, the terminal equipment initialization stage: the authority control module 4 Perform correlation filtering with the device SN code to realize the configuration of the transmittable terminal device 101, generate an asymmetric key pair and device fingerprint data through the key initialization module 1 when the device is initialized, and generate the key pair and device fingerprint data after generating the key pair Synchronized to the registration center module 2 of the device, the device registration center module 2 stores the key pair and the device fingerprint data and uploads them to the cloud 201 through the network output layer, and the cloud 201 transfers the public key of the device and the device fingerprint data Distributed to the registration center module 2 of other configured transmission terminal devices 101 and stored, the device monitoring module monitors the device status information in real time, and reports the device abnormal information to the cloud 201 when the device is running abnormally or the device is invaded;

如图7所示,接下来进行数据加密发送:发送端设备的加解密模块3读取本机设备指纹数据,并通过注册中心模块2获取到接收端设备的指纹数据和公钥,将本机设备指纹数据和接收端设备指纹数据做异或操作生成处理因子,将处理因子通过国米SM3算法进行哈希运算获取得到256bit数据,截取该数据其中128bit数据作为加密因子P;通过自身设备注册中心模块2获取接收端设备公钥,用国密SM2算法通过公钥对明文数据进行加密获取密文,将加密因子P当作密钥,通过国密SM4算法对密文进行对称加密获取到密文数据,将明文数据通过SM3运算得到256bit摘要M;将计算标识向,密文数据,时间戳,设备和摘要信息M整理组成通信协议,然后直接发送至接收端设备;As shown in Figure 7, the next step is to encrypt and send data: the encryption and decryption module 3 of the sending device reads the fingerprint data of the local device, and obtains the fingerprint data and public key of the receiving device through the registration center module 2, and sends the local The fingerprint data of the device and the fingerprint data of the receiving end device are XORed to generate a processing factor, and the processing factor is hashed through the Inter Milan SM3 algorithm to obtain 256bit data, and 128bit of the data is intercepted as the encryption factor P; through its own device registration center module 2 Obtain the public key of the receiver device, use the national secret SM2 algorithm to encrypt the plaintext data through the public key to obtain the ciphertext, use the encryption factor P as the key, and use the national secret SM4 algorithm to symmetrically encrypt the ciphertext to obtain the ciphertext data , the plaintext data is calculated by SM3 to obtain a 256-bit summary M; the calculation identification direction, ciphertext data, time stamp, device and summary information M are organized into a communication protocol, and then directly sent to the receiving end device;

通信协议的具体结构定义如下:The specific structure of the communication protocol is defined as follows:

Figure BDA0004005329940000091
Figure BDA0004005329940000091

如图8所示,接下来进行数据接收和解密:接收端设备对通信协议进行接收,加解密模块3根据约定通信协议格式截取摘要数据M以及密文数据,通过本设备注册中心模块2获取发送端设备指纹数据,将发送端设备指纹数据和本设备指纹数据进行异或运算获取处理因子,将处理因子通过国密SM3算法进行哈希运算获取256bit运算值并截取128bit作为加密因子P;以加密因子P作为密钥,通过国密SM4算法对密文数据进行解密,获取非对称加密的密文;调用国密SM2算法通过本设备的私钥对密文进行解密获取明文数据。As shown in Figure 8, data reception and decryption are performed next: the receiver device receives the communication protocol, and the encryption and decryption module 3 intercepts the summary data M and ciphertext data according to the agreed communication protocol format, and obtains and sends them through the device registration center module 2. The fingerprint data of the terminal device, the fingerprint data of the sending terminal device and the fingerprint data of the device are XORed to obtain the processing factor, and the processing factor is hashed through the SM3 algorithm to obtain the 256bit operation value and 128bit is intercepted as the encryption factor P; Factor P is used as a key to decrypt the ciphertext data through the national secret SM4 algorithm to obtain asymmetrically encrypted ciphertext; call the national secret SM2 algorithm to decrypt the ciphertext through the private key of the device to obtain plaintext data.

如图9所示,最后为数据完整性校验:将解密后的明文数据通过SM3算法做哈希运算得到摘要数据M1,截取通信协议中摘要数据M对比,根据数据报文格式,截取报文中摘要数据M对比摘要数据M1,如果相同则证明数据完成,如果数据不同则数据不完整或数据被篡改。As shown in Figure 9, the last is the data integrity check: hash the decrypted plaintext data through the SM3 algorithm to obtain the summary data M1, intercept the summary data M in the communication protocol for comparison, and intercept the message according to the format of the data message The summary data M is compared with the summary data M1. If they are the same, it proves that the data is complete. If the data is different, the data is incomplete or the data has been tampered with.

本发明主要的有益效果在于:Main beneficial effects of the present invention are:

本发明实现了密钥初始化、公钥终端同步、数据终端验证、访问权限控制等功能,并融合了国密算法、设备指纹、数据防篡改校验,实现端到端直连传输数据安全,并且密钥初始化、加解密及验证、证书管理、终端设备监控和权限控制都实现本地终端设备化,通过去中心化的设计,不但减小系统的总线宽带、减少中心服务器的设备,起到降本增效的效果,而且减少安全密钥的线上传递,保障了数据的安全性;同时实现报文数据的扁平化传输,可以提高端到端直连通信的安全性、高效性;赋予端到端设备自我检测能力及设备状态的通知及监控;The present invention realizes functions such as key initialization, public key terminal synchronization, data terminal verification, and access authority control, and integrates national secret algorithms, device fingerprints, and data tamper-proof verification to realize end-to-end direct connection transmission data security, and Key initialization, encryption, decryption and verification, certificate management, terminal device monitoring, and authority control all realize local terminal equipment. Through the decentralized design, it not only reduces the bus bandwidth of the system, reduces the equipment of the central server, but also reduces costs. The effect of increasing efficiency and reducing the online transmission of security keys ensures data security; at the same time, it realizes flat transmission of message data, which can improve the security and efficiency of end-to-end direct communication; endows end-to-end Notification and monitoring of terminal equipment self-test capability and equipment status;

与中心化方案相比,本方案将加解密处理逻辑转移到终端,可以减少50%以上的服务器投入;端到端信息传递及解析由于采用了设备端的服务、再解析效率上提高30%以上。Compared with the centralized solution, this solution transfers the encryption and decryption processing logic to the terminal, which can reduce the server investment by more than 50%; the end-to-end information transmission and analysis adopts the device-side service, and the re-analysis efficiency increases by more than 30%.

在本发明的描述中,除非另有说明,“多个”的含义是两个或两个以上;术语“上”、“下”、“左”、“右”、“内”、“外”、“前端”、“后端”、“头部”、“尾部”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。此外,术语“第一”、“第二”、“第三”等仅用于描述目的,而不能理解为指示或暗示相对重要性。In the description of the present invention, unless otherwise stated, the meaning of "plurality" is two or more; the terms "upper", "lower", "left", "right", "inner", "outer" , "front end", "rear end", "head", "tail", etc. indicate the orientation or positional relationship based on the orientation or positional relationship shown in the drawings, and are only for the convenience of describing the present invention and simplifying the description, rather than Nothing indicating or implying that a referenced device or element must have a particular orientation, be constructed, and operate in a particular orientation should therefore not be construed as limiting the invention. In addition, the terms "first", "second", "third", etc. are used for descriptive purposes only and should not be construed as indicating or implying relative importance.

在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用全部或部分地以计算机程序产品的形式实现,计算机程序产品包括一个或多个计算机指令。在计算机上加载或执行所述计算机程序指令时,全部或部分地产生按照本发明实施例所述的流程或功能。计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输)。计算机可读取存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质(例如软盘、硬盘、磁带)、光介质(例如DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented wholly or partly in the form of a computer program product, the computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on the computer, the processes or functions according to the embodiments of the present invention will be generated in whole or in part. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g. Coaxial cable, optical fiber, digital subscriber line (DSL) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or data center). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server, a data center, etc. integrated with one or more available media. Available media may be magnetic media (such as floppy disks, hard disks, magnetic tapes), optical media (such as DVDs), or semiconductor media (such as Solid State Disks (SSDs)).

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,都应涵盖在本发明的保护范围之内。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone familiar with the technical field within the technical scope disclosed in the present invention, whoever is within the spirit and principles of the present invention Any modifications, equivalent replacements and improvements made within shall fall within the protection scope of the present invention.

Claims (10)

1. A system for implementing end-to-end data security transmission for a terminal device, comprising:
a terminal service layer comprising a plurality of terminal devices, the terminal devices comprising:
the key initialization module is used for generating an asymmetric public and private key pair and equipment fingerprint data;
the register center module is used for storing the public and private key pair and the device fingerprint data and synchronizing the public key and the device fingerprint data to the designated register center module of each terminal device through the cloud;
the encryption and decryption module is used for encrypting and decrypting the transmission data by preset instruction operation;
the permission control module: the device is used for configuring the transmissible device through data such as a white list, device fingerprints and the like;
the cloud service layer comprises a cloud end and is used for acquiring the public key and the device fingerprint data stored by the registry module and synchronizing the acquired public key and device fingerprint data to other terminal device registry modules;
and the network transmission layer is used for realizing data transmission among the terminal devices and between the terminal devices and the cloud.
2. The system for implementing end-to-end data security transmission of terminal equipment according to claim 1, wherein said terminal equipment further comprises an equipment status monitoring module for monitoring and reporting a usage status of the terminal equipment;
3. the system for implementing end-to-end data security transmission of a terminal device of claim 1, wherein said terminal device further comprises a data interface for interfacing with a network transport layer.
4. The system for implementing end-to-end data security transmission of terminal equipment according to claim 1, wherein the cloud is public cloud or private cloud, and the network transmission layer is a wireless network or ethernet.
5. A transmission method for implementing a terminal equipment end-to-end data security transmission system using the implementing terminal equipment end-to-end data security transmission system according to claim 1, wherein the transmission method for implementing the terminal equipment end-to-end data security transmission system comprises the steps of:
step one, initializing terminal equipment, namely generating an asymmetric key pair and equipment fingerprint data through a key initializing module, and synchronizing a public key and the fingerprint data to a registry module;
step two, configuring transmissible equipment by the permission control module according to the white list and the equipment fingerprint data;
step three, the registry module stores the obtained asymmetric key pair and the device fingerprint data, and distributes the public key and the device fingerprint data to the registry module of other terminal devices configured by the permission control module through the cloud;
step four, the transmitting terminal equipment encrypts the plaintext through an encryption and decryption module, generates a communication protocol and transmits the communication protocol to the receiving terminal equipment;
and fifthly, the receiving end equipment receives the transmission protocol, and decrypts and verifies the communication protocol through the encryption and decryption module.
6. The transmission method for implementing an end-to-end data security transmission system of a terminal device according to claim 5, wherein the communication protocol includes a computation identifier, ciphertext data, a time stamp, a device SN, and a digest M.
7. The transmission method for implementing the end-to-end data security transmission system of the terminal device according to claim 5, wherein the encrypting and decrypting module in the fourth step encrypts the plaintext and generates the communication protocol comprises:
s1, calling a public key of receiving end equipment to encrypt a plaintext to generate a ciphertext;
s2, invoking the fingerprint data of the equipment and the fingerprint data of the receiving end to carry out exclusive OR operation, carrying out hash operation by using a SM3 cryptographic algorithm, and intercepting 128-bit data from an operation result as an encryption factor P;
s3, encrypting the ciphertext and the encryption factor through a national encryption SM4 algorithm to generate ciphertext data;
s4, acquiring summary data M from the plaintext data through an SM3 algorithm;
s5, the calculation identification, the ciphertext data, the time stamp, the equipment SN and the abstract M are arranged to generate a communication protocol.
8. The transmission method for implementing the end-to-end data security transmission system of the terminal device according to claim 5, wherein the decrypting module in the fifth step decrypts and verifies the communication protocol comprises:
s6, intercepting ciphertext data according to a communication protocol, and acquiring ciphertext through an SM2 algorithm according to the private key of the equipment.
S7, acquiring the device fingerprint data of the transmitting end device through the registry, performing exclusive OR processing on the device fingerprint data of the transmitting end device and the device fingerprint data of the transmitting end device, and intercepting 128 bits of a result obtained after SM3 operation of a processing result as an encryption factor P.
S8, performing SM4 decryption operation on the ciphertext and the encryption factor P to obtain plaintext data;
s9, carrying out hash operation on the plaintext data through an SM3 algorithm to obtain summary data M1, intercepting the summary data M according to a communication protocol, comparing whether the summary data M1 and the summary data M are identical, if so, indicating that the data are complete, and if not, proving that the received data are incomplete or the data are tampered.
9. A computer readable storage medium storing a computer program, wherein the computer program, when executed by a processor, causes the processor to perform the steps of:
the terminal equipment is initialized, an asymmetric key pair and equipment fingerprint data are generated through a key initialization module, and a public key and the fingerprint data are synchronized to a registry module; the permission control module performs transmissible equipment configuration through the white list and the equipment fingerprint data; the registration center module stores the obtained asymmetric key pair and the device fingerprint data, and distributes the public key and the device fingerprint data to the registration center module of other terminal devices configured by the permission control module through the cloud; the transmitting terminal equipment encrypts the plaintext through an encryption and decryption module, generates a communication protocol and transmits the communication protocol to the receiving terminal equipment through a cloud; the receiving terminal equipment receives the transmission protocol, and decrypts and verifies the communication protocol through the encryption and decryption module.
10. An information data processing terminal, characterized in that the information data processing terminal is used for realizing the terminal equipment end-to-end data security transmission system according to claim 1.
CN202211629872.5A 2022-12-19 2022-12-19 System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment Pending CN116032577A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211629872.5A CN116032577A (en) 2022-12-19 2022-12-19 System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211629872.5A CN116032577A (en) 2022-12-19 2022-12-19 System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment

Publications (1)

Publication Number Publication Date
CN116032577A true CN116032577A (en) 2023-04-28

Family

ID=86080526

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211629872.5A Pending CN116032577A (en) 2022-12-19 2022-12-19 System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment

Country Status (1)

Country Link
CN (1) CN116032577A (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104079404A (en) * 2014-07-07 2014-10-01 北京深思数盾科技有限公司 Sensitive data secure exchange method and system
CN106453612A (en) * 2016-11-10 2017-02-22 华中科技大学 Data storage and sharing system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN110785977A (en) * 2018-11-30 2020-02-11 深圳市大疆创新科技有限公司 Data transmission method, equipment, terminal, server and storage medium
US20200186358A1 (en) * 2018-12-11 2020-06-11 Syccure Inc. Persistent network device authentication
CN111935212A (en) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 Security router and Internet of things security networking method based on security router
CN112311528A (en) * 2020-10-17 2021-02-02 深圳市德卡科技股份有限公司 Data secure transmission method based on state cryptographic algorithm
CN112543189A (en) * 2020-11-27 2021-03-23 北京中电飞华通信有限公司 Data secure transmission method and system
CN112866197A (en) * 2020-12-31 2021-05-28 北京安御道合科技有限公司 Password edge calculation method and system for realizing security of terminal of Internet of things and terminal
WO2021168652A1 (en) * 2020-02-25 2021-09-02 深圳市欢太科技有限公司 Terminal device information transmission method, device fingerprint generation method, and related product
CN113595742A (en) * 2021-08-02 2021-11-02 广东电网有限责任公司佛山供电局 Data transmission method, system, computer device and storage medium
CN114448644A (en) * 2022-03-04 2022-05-06 芜湖雄狮汽车科技有限公司 Method, device, equipment and medium for realizing digital certificate based on symmetric algorithm
CN114697122A (en) * 2022-04-08 2022-07-01 中国电信股份有限公司 Data transmission method and device, electronic equipment and storage medium
CN115242392A (en) * 2022-08-01 2022-10-25 北京成鑫盈通科技有限公司 Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN115396096A (en) * 2022-08-29 2022-11-25 北京航空航天大学 Encryption and decryption method and protection system for secret file based on national cryptographic algorithm

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104079404A (en) * 2014-07-07 2014-10-01 北京深思数盾科技有限公司 Sensitive data secure exchange method and system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN106453612A (en) * 2016-11-10 2017-02-22 华中科技大学 Data storage and sharing system
CN110785977A (en) * 2018-11-30 2020-02-11 深圳市大疆创新科技有限公司 Data transmission method, equipment, terminal, server and storage medium
US20200186358A1 (en) * 2018-12-11 2020-06-11 Syccure Inc. Persistent network device authentication
WO2021168652A1 (en) * 2020-02-25 2021-09-02 深圳市欢太科技有限公司 Terminal device information transmission method, device fingerprint generation method, and related product
CN111935212A (en) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 Security router and Internet of things security networking method based on security router
CN112311528A (en) * 2020-10-17 2021-02-02 深圳市德卡科技股份有限公司 Data secure transmission method based on state cryptographic algorithm
CN112543189A (en) * 2020-11-27 2021-03-23 北京中电飞华通信有限公司 Data secure transmission method and system
CN112866197A (en) * 2020-12-31 2021-05-28 北京安御道合科技有限公司 Password edge calculation method and system for realizing security of terminal of Internet of things and terminal
CN113595742A (en) * 2021-08-02 2021-11-02 广东电网有限责任公司佛山供电局 Data transmission method, system, computer device and storage medium
CN114448644A (en) * 2022-03-04 2022-05-06 芜湖雄狮汽车科技有限公司 Method, device, equipment and medium for realizing digital certificate based on symmetric algorithm
CN114697122A (en) * 2022-04-08 2022-07-01 中国电信股份有限公司 Data transmission method and device, electronic equipment and storage medium
CN115242392A (en) * 2022-08-01 2022-10-25 北京成鑫盈通科技有限公司 Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN115396096A (en) * 2022-08-29 2022-11-25 北京航空航天大学 Encryption and decryption method and protection system for secret file based on national cryptographic algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
汪佩怡;游林;简志华;胡耿然;: "结合时间戳的指纹密钥数据加解密传输方案", 中国图象图形学报, no. 01, 16 January 2020 (2020-01-16) *
陈庄;齐锋;叶成荫;: "一种基于国密算法的云数据加密方案研究", 信息安全研究, no. 07, 5 July 2018 (2018-07-05) *

Similar Documents

Publication Publication Date Title
CN112182609A (en) Block chain-based data uplink storage method and tracing method, device and equipment
US20250088352A1 (en) Password security hardware module
CN112350826A (en) Industrial control system digital certificate issuing management method and encrypted communication method
CN106973056B (en) Object-oriented security chip and encryption method thereof
CN118802139A (en) A method for using a secure distributed key update and recovery mechanism for the Internet of Things
CN112400299B (en) Data interaction method and related equipment
CN105610837A (en) Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system
CN113612610B (en) Session key negotiation method
WO2023151427A1 (en) Quantum key transmission method, device and system
CN115484038A (en) A data processing method and device thereof
CN117930736A (en) PLC communication safety detection method
CN109981271B (en) Network multimedia safety protection encryption method
WO2025016183A1 (en) Data processing method and related device
CN112910641B (en) Verification method and device for cross-link transaction supervision, relay link node and medium
JP2022522555A (en) Secure message delivery using semi-trusted relayers
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN118449786B (en) Local communication lightweight authentication method, system, equipment and medium of power terminal
CN115567195A (en) Secure communication method, client, server, terminal and network side device
CN119652507A (en) A quantum attack-resistant SSL communication system and method
KR20220128615A (en) Transmission of Security Information in Content Distribution Networks
CN112437436A (en) Identity authentication method and device
CN112020037A (en) A domestic communication encryption method suitable for rail transit
CN116032577A (en) System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment
Baskaran et al. Blind key distribution mechanism to secure wireless metropolitan area network
CN110855628A (en) Data transmission method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20230428

RJ01 Rejection of invention patent application after publication