Nothing Special   »   [go: up one dir, main page]

CN115208705A - Encryption and decryption method and device based on link data self-adaptive adjustment - Google Patents

Encryption and decryption method and device based on link data self-adaptive adjustment Download PDF

Info

Publication number
CN115208705A
CN115208705A CN202211127979.XA CN202211127979A CN115208705A CN 115208705 A CN115208705 A CN 115208705A CN 202211127979 A CN202211127979 A CN 202211127979A CN 115208705 A CN115208705 A CN 115208705A
Authority
CN
China
Prior art keywords
encryption
key
terminal
algorithm
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211127979.XA
Other languages
Chinese (zh)
Other versions
CN115208705B (en
Inventor
刘曼
张奇惠
董文强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Wise Security Technology Co Ltd
Original Assignee
Guangzhou Wise Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Wise Security Technology Co Ltd filed Critical Guangzhou Wise Security Technology Co Ltd
Priority to CN202211127979.XA priority Critical patent/CN115208705B/en
Publication of CN115208705A publication Critical patent/CN115208705A/en
Application granted granted Critical
Publication of CN115208705B publication Critical patent/CN115208705B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an encryption and decryption method and device based on link data self-adaptive adjustment, wherein the method comprises the steps that a server receives connection establishment information, determines the data scene type of a first terminal according to the connection establishment information, and acquires the safety record data of a second terminal; determining a key identifier and an algorithm identifier based on the data scene type and the safety record data, and respectively sending the key identifier and the algorithm identifier to the first terminal and the second terminal; determining a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, encrypting data through the encryption key and the encryption algorithm, and sending the encrypted data to the second terminal; and determining a corresponding decryption key and a decryption algorithm based on the key identification and the algorithm identification, and decrypting the received encrypted data through the decryption key and the decryption algorithm. According to the scheme, the encryption transmission mechanism of the encrypted information is optimized, and the safety is ensured while the data processing efficiency is improved.

Description

Encryption and decryption method and device based on link data self-adaptive adjustment
Technical Field
The application relates to the technical field of security chips, in particular to an encryption and decryption method and device based on link data self-adaptive adjustment.
Background
With the development of big data and network transmission, data security is more and more emphasized. If the sending end and the receiving end of the data are both integrated with the security chip, the security chip is integrated with the encryption algorithm, the encryption key is stored in the security chip, the sending data is encrypted through the encryption key and the encryption algorithm, and the corresponding receiving end uses the stored decryption algorithm and the decryption key to perform corresponding decryption.
In the related art, for example, patent document CN114266083A proposes a secure storage method for a key in a chip, which uses the characteristic of rebooting the chip after the chip is powered on, to obtain the configuration of a chip user in a flash memory in a bootrom boot flow, where the user sets the key of the chip according to the requirement and configures the read-write permission of the key in an encryption module; the configuration in the flash memory can be divided into a key configuration area and a key storage area according to an address space; the key configuration area can be configured with read protection and write protection of the encryption module key, and the key storage area stores the key of the chip; after the chip is powered on, the encryption module downloads a key from the flash memory for an encryption algorithm in the module to use; the key storage area in the flash memory flash is always read protected, the key cannot be read at any time, after the used chip key is determined, the key storage area in the whole flash memory flash is configured to be write protected, meanwhile, the write protection is irreversible, and the key is solidified in the flash memory flash, so that the key cannot be changed by any user in subsequent use. However, in the existing schemes, data encryption is mostly performed by adopting a fixed key fixed encryption algorithm, and even though there are schemes of changing keys and changing encryption algorithms, random updating is mostly performed only from the perspective of security, and adjustment cannot be performed by integrating the transmission condition of the whole link and the specific use scene.
Disclosure of Invention
The invention provides an encryption and decryption method and device based on link data self-adaptive adjustment, which solve the problem that in the related technology, mostly only from the perspective of security, random updating is carried out, and the transmission condition of the whole link and the specific use scene cannot be integrated for adjustment, optimize the encryption transmission mechanism of encrypted information, improve the data processing efficiency and ensure the security.
In a first aspect, the present invention provides an encryption and decryption method based on link data adaptive adjustment, where the method includes:
the first terminal sends connection establishment information to the server, wherein the connection establishment information is used for establishing communication transmission with the second terminal;
the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal;
the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and respectively sends the key identifier and the algorithm identifier to the first terminal and the second terminal;
the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal;
and the second terminal determines a corresponding decryption key and a corresponding decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm.
Optionally, the determining the data scene type of the first terminal according to the connection establishment information and acquiring the security record data of the second terminal include:
determining the data scene type of the first terminal according to networking data recorded in the connection establishment information, wherein the networking data comprises a safe networking identifier and a non-safe networking identifier;
and acquiring the attack times and the attack information of the second terminal, which are respectively received and stored in advance by a database.
Optionally, the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, including:
the server determines an encryption algorithm based on the data scene type, and the server determines the complexity of an encryption key based on the safety record data;
matching is carried out on the stored multiple encryption algorithms and key data based on the encryption algorithms and the encryption key complexity to obtain matched encryption algorithms and key data;
and determining the position information of the matched encryption algorithm and key data in a plurality of encryption algorithms and key data, and generating a key identification and an algorithm identification based on the position information.
Optionally, the server determines an encryption algorithm based on the data scene type, including:
and inquiring one or more encryption algorithms corresponding to the data scene type according to pre-recorded safety level standard information, wherein the safety level standard information records encryption algorithms with different safety levels and complexity.
Optionally, the determining, by the server, the complexity of the encryption key based on the security record data includes:
determining an attacked probability and a cracked probability based on the security record data;
and determining the complexity of an encryption key according to the attacked probability, the cracked probability and the respectively set probability threshold.
Optionally, the determining, by the first terminal, a corresponding encryption key and an encryption algorithm based on the key identifier and the algorithm identifier includes:
the first terminal acquires a pre-stored encryption algorithm and a pre-stored encryption key, wherein the first terminal and the server pre-store a plurality of same encryption algorithms and encryption keys which have the same sequence;
and determining the encryption algorithm and the encryption key which are currently used from the pre-stored encryption algorithm and encryption key based on the key identification and the algorithm identification.
Optionally, the determining, by the second terminal, a corresponding decryption key and decryption algorithm based on the key identifier and the algorithm identifier includes:
the second terminal determines an encryption algorithm and an encryption key used by the first terminal based on the key identification and the algorithm identification;
and acquiring a decryption algorithm and a decryption key corresponding to the encryption algorithm and the encryption key used by the first terminal.
In a second aspect, the present invention further provides an encryption and decryption apparatus based on link data adaptive adjustment, including:
the information sending module is configured to send connection establishment information to the server by the first terminal, wherein the connection establishment information is used for establishing communication transmission with the second terminal;
the information determining module is configured to receive the connection establishment information by the server, determine the data scene type of the first terminal according to the connection establishment information, and acquire the safety record data of the second terminal;
the identification determining module is configured to determine a key identification and an algorithm identification by the server based on the data scene type and the safety record data, and respectively send the key identification and the algorithm identification to the first terminal and the second terminal;
the encryption module is configured to enable the first terminal and the second terminal to receive the key identification and the algorithm identification, enable the first terminal to determine a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, encrypt data through the encryption key and the encryption algorithm, and send the encrypted data to the second terminal;
and the decryption module is configured to determine a corresponding decryption key and a corresponding decryption algorithm based on the key identifier and the algorithm identifier, and decrypt the received encrypted data through the decryption key and the decryption algorithm.
In a third aspect, the present invention also provides an encryption and decryption device adaptively adjusted based on link data, where the device includes:
one or more processors;
a storage secure chip device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the encryption and decryption method based on link data adaptive adjustment according to the present invention.
In a fourth aspect, the present invention further provides a storage medium containing computer executable instructions, which when executed by a computer processor, are used to perform the link data adaptation-based encryption and decryption method of the present invention.
In a fifth aspect, the present application further provides a computer program product, where the computer program product includes a computer program, the computer program is stored in a computer-readable storage medium, and at least one processor of the device reads the computer-readable storage medium and executes the computer program, so that the device executes the encryption and decryption method based on link data adaptive adjustment described in the present application.
In the invention, connection establishment information is sent to a server through a first terminal, and the connection establishment information is used for establishing communication transmission with a second terminal; the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal; the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and sends the key identifier and the algorithm identifier to the first terminal and the second terminal respectively; the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal; and the second terminal determines a corresponding decryption key and a decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm. The scheme solves the problem that in the related technology, mostly only from the perspective of safety, random updating is carried out, and the transmission condition of the whole link and the specific use scene cannot be integrated for adjustment, optimizes the encryption transmission mechanism of the encrypted information, improves the data processing efficiency and ensures the safety.
Drawings
Fig. 1 is a flowchart of an encryption and decryption method based on adaptive adjustment of link data according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for determining a key identifier and an algorithm identifier according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for determining respective keys and algorithms by a first terminal and a second terminal according to an embodiment of the present invention;
fig. 4 is a block diagram of an encryption/decryption apparatus based on link data adaptive adjustment according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an encryption and decryption device based on link data adaptive adjustment according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad invention. It should be further noted that, for convenience of description, only some structures, not all structures, relating to the embodiments of the present invention are shown in the drawings.
Fig. 1 is a flowchart of an encryption and decryption method based on link data adaptive adjustment according to an embodiment of the present invention, and an embodiment of the present invention specifically includes the following steps:
and step S101, the first terminal sends connection establishment information to a server, wherein the connection establishment information is used for establishing communication transmission with the second terminal.
The first terminal and the second terminal are both terminal equipment which is integrated with a security chip and can encrypt and decrypt data information. Such as a car networking terminal, a video monitoring terminal and the like. When the first terminal and the second terminal are ready for data communication transmission, the first terminal firstly sends connection establishment information to the server. The connection establishment information is used for triggering the establishment of the connection between the first terminal and the second terminal, and simultaneously carries relevant information for the server to determine a subsequent algorithm and a key.
Optionally, the server receives the connection establishment information, sends a corresponding instruction to the second terminal according to the identifier of the second terminal recorded in the connection establishment information, and responds to the first terminal to complete establishment of the connection between the first terminal and the second terminal.
And step S102, the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal.
In one embodiment, the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the security record data of the second terminal. The data scene type represents the networking type of the scene where the first terminal is located, and the safety record data comprises the recorded attack times and attack information related to the terminal.
When the security record data of the second terminal is determined, the server may query the security record data of the second terminal corresponding to the identifier recorded in the database according to the identifier of the second terminal recorded in the connection establishment information. When determining the data scene type, the scene type can be determined according to the networking data recorded in the connection establishment information.
Optionally, the following may be: determining the data scene type of the first terminal according to networking data recorded in the connection establishment information, wherein the networking data comprises a safe networking identifier and a non-safe networking identifier; and acquiring the attack times and the attack information of the second terminal, which are respectively received and stored in advance by a database. The secure networking identifier and the non-secure networking identifier may be added to the connection establishment information, the secure networking identifier exemplarily corresponds to a secure internal networking or wifi networking, and the non-secure networking identifier corresponds to a public network or a networking network without a key connection. The attack frequency may include the frequency of attack access, malicious information acquisition, information tampering, or the like, and the attack information includes attack types or attack contents corresponding to specific different attack frequencies.
Step S103, the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and sends the key identifier and the algorithm identifier to the first terminal and the second terminal respectively.
In one embodiment, after the server determines the data scene type and the security record data, the key identification and the algorithm identification are determined based on the data scene type and the security record data. The key identifier is used to indicate the used key, and includes an encryption key and a decryption key (in the case of a symmetric encryption algorithm, the two are the same), and the algorithm identifier is used to indicate the specific encryption algorithm used. And after determining the key identification and the algorithm identification, respectively sending the key identification and the algorithm identification to the first terminal and the second terminal.
Optionally, a process of determining the key identifier and the algorithm identifier is shown in fig. 2, where fig. 2 is a flowchart of a method for determining the key identifier and the algorithm identifier according to an embodiment of the present invention, and specifically includes:
and step S1031, the server determines an encryption algorithm based on the data scene type, and the server determines the complexity of an encryption key based on the safety record data.
In one embodiment, the process of determining an encryption algorithm based on the data scene type may be: and inquiring one or more encryption algorithms corresponding to the data scene type according to pre-recorded security level standard information, wherein the security level standard information records encryption algorithms with different security levels and complexity. The safety level standard information may be algorithms with different safety levels set by preset industry standards or national safety standards.
In one embodiment, the process of the server determining the encryption key complexity based on the security record data may be: determining an attacked probability and a cracked probability based on the security record data; and determining the complexity of an encryption key according to the attacked probability, the cracked probability and the respectively set probability threshold. The attack probability is determined by recorded attack information, for example, the number of days of the attack date is determined, the attack probability is calculated according to the number of days of the attack date occupying the statistical period, for example, 30 days is taken as the statistical period, the number of days of the attack is recorded as 2 days, the attack probability is 1/15, when the crack probability is determined, and the attack frequency and the information falsification condition are determined, for example, the number of times of cracking to cause information leakage or falsification is divided by the attack frequency to obtain the crack probability. And when the complexity of the encryption key is determined, determining the complexity of the encryption key according to the attacked probability, the cracked probability and the respectively set probability threshold values. For example, the probability threshold may be set as multiple groups according to different key complexities, and when the attacked probability and the cracked probability meet the set corresponding probability threshold interval, the complexity of the key corresponding to the probability threshold interval is selected as the encryption key complexity, where the different complexities may refer to key lengths.
And S1032, matching is carried out on the plurality of stored encryption algorithms and key data based on the encryption algorithm and the encryption key complexity to obtain matched encryption algorithms and key data.
Step S1033, determining location information of the matched encryption algorithm and key data in the plurality of encryption algorithms and key data, and generating a key identification and an algorithm identification based on the location information.
In one embodiment, the encryption algorithm and encryption key complexity is followed by matching among a pre-stored number of available encryption algorithms and keys. Illustratively, four encryption algorithms of RSA, ECC, 3DES and AES are recorded in sequence, if it is determined that the used encryption algorithm is ECC, the corresponding sequence identifiers (identifiers are 1, 2, 3 and 4 in sequence) are used as examples, and according to the position where the sequence identifier is the second bit, the determined algorithm identifier is 2; correspondingly, the server stores a plurality of keys with different complexities in advance, for example, four keys with complexity 1, complexity 2, complexity 3 and complexity 4 are stored in the server, and the identifiers are 1, 2, 3 and 4 in sequence, if the complexity of the used encryption key is determined to be 3, and the corresponding key identifier is 3 according to the position of the encryption key as a third bit. Of course, the above description is only an exemplary description, and the number of keys in actual use is not limited.
And step S104, the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal.
In one embodiment, after determining the key identifier and the algorithm identifier, the server sends the key identifier and the algorithm identifier to the first terminal and the second terminal, and the first terminal determines an encryption key and an encryption algorithm used in data encryption based on the key identifier and the algorithm identifier to complete data encryption.
And S105, the second terminal determines a corresponding decryption key and a decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm.
In one embodiment, after receiving the key identifier and the algorithm identifier, the second terminal determines a decryption key and a decryption algorithm for decrypting the data based on the key identifier and the algorithm identifier. Of course, in the first terminal and the second terminal, taking the case that the first terminal transmits data and the second terminal receives data as an example, the first terminal performs encryption and the second terminal performs decryption, and the two terminals can perform exchange between the transmitting end and the receiving end, and similarly, the encryption and decryption processes are exchanged.
As can be seen from the above, connection establishment information is sent to the server through the first terminal, and the connection establishment information is used for establishing communication transmission with the second terminal; the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal; the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and sends the key identifier and the algorithm identifier to the first terminal and the second terminal respectively; the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal; and the second terminal determines a corresponding decryption key and a corresponding decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm. The scheme solves the problem that in the related technology, mostly only from the perspective of safety, random updating is carried out, and the transmission condition of the whole link and the specific use scene cannot be integrated for adjustment, optimizes the encryption transmission mechanism of the encrypted information, improves the data processing efficiency and ensures the safety.
Fig. 3 is a flowchart of a method for determining a key and an algorithm of a first terminal and a second terminal according to an embodiment of the present invention, and as shown in fig. 3, the method specifically includes:
step S201, the first terminal sends connection establishment information to a server, and the connection establishment information is used for establishing communication transmission with the second terminal.
Step S202, the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal.
Step S203, the server determines an encryption algorithm based on the data scene type, determines the complexity of an encryption key based on the security record data, matches the encryption algorithm and the encryption key complexity in a plurality of stored encryption algorithms and key data to obtain matched encryption algorithm and key data, determines the position information of the matched encryption algorithm and key data in the plurality of encryption algorithms and key data, generates a key identifier and an algorithm identifier based on the position information, and sends the key identifier and the algorithm identifier to the first terminal and the second terminal respectively.
Step S204, the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal obtains a pre-stored encryption algorithm and an encryption key, wherein the first terminal and the server pre-store a plurality of same encryption algorithms and encryption keys, the same encryption algorithms and encryption keys have the same sequence, the encryption algorithm and the encryption key which are currently used are determined in the pre-stored encryption algorithms and encryption keys based on the key identification and the algorithm identification, and data encryption is performed through the encryption key and the encryption algorithm and sent to the second terminal.
In one embodiment, in order to ensure the security of the key and the confidentiality of the used encryption algorithm, the first terminal, the second terminal and the server store the set key and algorithm which are recorded in a consistent sequence in advance, and the unique determination is carried out in an identification mode. If the algorithm corresponding to the algorithm identifier a in the server and the first terminal is the same algorithm, and the key corresponding to the key identifier b in the server and the first terminal is the same key text, the encryption algorithm and the encryption key are determined.
Step S205, the second terminal determines, based on the key identifier and the algorithm identifier, an encryption algorithm and an encryption key used by the first terminal, obtains a decryption algorithm and a decryption key corresponding to the encryption algorithm and the encryption key used by the first terminal, and decrypts the received encrypted data through the decryption key and the decryption algorithm.
In one embodiment, if the symmetric encryption algorithm is adopted, the synchronization step S204 is consistent, and it can be determined that the corresponding encryption algorithm and encryption key are also used for decryption, and if the asymmetric encryption algorithm is adopted, the corresponding decryption key stored in association with the determined encryption key is obtained for decrypting the received encrypted data, wherein the decryption algorithm can be consistent with the encryption algorithm.
As can be seen from the above, connection establishment information is sent to the server through the first terminal, and the connection establishment information is used for establishing communication transmission with the second terminal; the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal; the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and sends the key identifier and the algorithm identifier to the first terminal and the second terminal respectively; the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal; and the second terminal determines a corresponding decryption key and a corresponding decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm. The scheme solves the problem that in the related technology, mostly only from the perspective of safety, random updating is carried out, and the transmission condition of the whole link and the specific use scene cannot be integrated for adjustment, optimizes the encryption transmission mechanism of the encrypted information, improves the data processing efficiency and ensures the safety.
Fig. 4 is a structural block diagram of an encryption and decryption device based on link data adaptive adjustment according to an embodiment of the present invention, where the security chip device is configured to execute the encryption and decryption method based on link data adaptive adjustment according to the above-mentioned data receiving end embodiment, and has corresponding functional modules and beneficial effects of the execution method. As shown in fig. 4, the security chip device specifically includes: an information transmission module 101, an information determination module 102, an identification determination module 103, an encryption module 104, and a decryption module 105, wherein,
an information sending module 101 configured to send, by a first terminal, connection establishment information to a server, where the connection establishment information is used to establish communication transmission with a second terminal;
an information determining module 102, configured to receive the connection establishment information, determine a data scene type of the first terminal according to the connection establishment information, and obtain security record data of the second terminal;
an identifier determining module 103, configured to determine, by the server, a key identifier and an algorithm identifier based on the data scene type and the security record data, and send the key identifier and the algorithm identifier to the first terminal and the second terminal, respectively;
the encryption module 104 is configured to receive the key identifier and the algorithm identifier by the first terminal and the second terminal, determine a corresponding encryption key and an encryption algorithm based on the key identifier and the algorithm identifier by the first terminal, encrypt data through the encryption key and the encryption algorithm, and send the encrypted data to the second terminal;
a decryption module 105 configured to determine a corresponding decryption key and decryption algorithm based on the key identifier and algorithm identifier, and decrypt the received encrypted data through the decryption key and the decryption algorithm.
According to the scheme, the connection establishment information is sent to the server through the first terminal, and the connection establishment information is used for establishing communication transmission with the second terminal; the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal; the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and respectively sends the key identifier and the algorithm identifier to the first terminal and the second terminal; the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and sent to the second terminal; and the second terminal determines a corresponding decryption key and a corresponding decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm. The scheme solves the problem that in the related technology, mostly only from the perspective of safety, random updating is carried out, and the transmission condition of the whole link and the specific use scene cannot be integrated for adjustment, optimizes the encryption transmission mechanism of the encrypted information, improves the data processing efficiency and ensures the safety. Correspondingly, the functions executed by the modules are respectively as follows:
in a possible embodiment, the determining a data scene type of the first terminal according to the connection establishment information and acquiring security record data of the second terminal include:
determining the data scene type of the first terminal according to networking data recorded in the connection establishment information, wherein the networking data comprises a safe networking identifier and a non-safe networking identifier;
and acquiring the attack times and the attack information of the second terminal, which are respectively received and stored in advance by a database.
In one possible embodiment, the server determines a key identification and an algorithm identification based on the data scene type and the security record data, including:
the server determines an encryption algorithm based on the data scene type, and the server determines the complexity of an encryption key based on the security record data;
matching among a plurality of stored encryption algorithms and key data based on the encryption algorithm and the encryption key complexity to obtain matched encryption algorithms and key data;
and determining the position information of the matched encryption algorithm and key data in a plurality of encryption algorithms and key data, and generating a key identification and an algorithm identification based on the position information.
In one possible embodiment, the server determines an encryption algorithm based on the data scene type, including:
and inquiring one or more encryption algorithms corresponding to the data scene type according to pre-recorded security level standard information, wherein the security level standard information records encryption algorithms with different security levels and complexity.
In one possible embodiment, the server determines an encryption key complexity based on the security record data, comprising:
determining an attacked probability and a cracked probability based on the security record data;
and determining the complexity of an encryption key according to the attacked probability, the cracked probability and the respectively set probability threshold.
In one possible embodiment, the first terminal determines a corresponding encryption key and encryption algorithm based on the key identifier and algorithm identifier, including:
the first terminal acquires a pre-stored encryption algorithm and a pre-stored encryption key, wherein the first terminal and the server pre-store a plurality of same encryption algorithms and encryption keys which have the same sequence;
and determining the encryption algorithm and the encryption key which are currently used from the pre-stored encryption algorithm and encryption key based on the key identification and the algorithm identification.
In one possible embodiment, the second terminal determines a corresponding decryption key and decryption algorithm based on the key identifier and algorithm identifier, including:
the second terminal determines an encryption algorithm and an encryption key used by the first terminal based on the key identification and the algorithm identification;
and acquiring a decryption algorithm and a decryption key corresponding to the encryption algorithm and the encryption key used by the first terminal.
Fig. 5 is a schematic structural diagram of an encryption and decryption apparatus based on link data adaptive adjustment according to an embodiment of the present invention, as shown in fig. 5, the apparatus includes a processor 201, a memory 202, an input device 203, and an output device 204; the number of the processors 201 in the device may be one or more, and one processor 201 is taken as an example in fig. 5; the processor 201, the memory 202, the input device 203 and the output device 204 in the apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example. The memory 202 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the encryption and decryption method based on link data adaptive adjustment in the embodiment of the present invention. The processor 201 executes various functional applications of the device and data processing, i.e., implements the above-described encryption and decryption method based on link data adaptive adjustment, by running software programs, instructions, and modules stored in the memory 202. The input device 203 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the apparatus. The output device 204 may include a display device such as a display screen.
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform a method for encryption and decryption based on link data adaptive adjustment, where the method includes:
the first terminal sends connection establishment information to the server, wherein the connection establishment information is used for establishing communication transmission with the second terminal;
the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal;
the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and respectively sends the key identifier and the algorithm identifier to the first terminal and the second terminal;
the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and sent to the second terminal;
and the second terminal determines a corresponding decryption key and a decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm.
From the above description of the embodiments, it is obvious for those skilled in the art that the embodiments of the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better implementation in many cases. Based on such understanding, the technical solutions of the embodiments of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a service, or a network device) to execute the methods described in the embodiments of the present invention.
It should be noted that, in the embodiment of the encryption and decryption apparatus based on link data adaptive adjustment, the included units and modules are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the invention.
In some possible embodiments, various aspects of the methods provided by this application may also be implemented in the form of a program product, which includes program code for causing a computer device to perform the steps in the methods according to various exemplary embodiments of this application described above in this specification when the program product runs on the computer device, for example, the computer device may perform the encryption and decryption method based on link data adaptation described in the embodiments of this application. The program product may be implemented using any combination of one or more readable media.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. Those skilled in the art will appreciate that the embodiments of the present invention are not limited to the specific embodiments described herein, and that various obvious changes, adaptations, and substitutions are possible, without departing from the scope of the embodiments of the present invention. Therefore, although the embodiments of the present invention have been described in more detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and many other equivalent embodiments can be included without departing from the concept of the embodiments of the present invention, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.

Claims (10)

1. The encryption and decryption method based on the link data self-adaptive adjustment is characterized by comprising the following steps:
the first terminal sends connection establishment information to the server, wherein the connection establishment information is used for establishing communication transmission with the second terminal;
the server receives the connection establishment information, determines the data scene type of the first terminal according to the connection establishment information, and acquires the safety record data of the second terminal;
the server determines a key identifier and an algorithm identifier based on the data scene type and the safety record data, and respectively sends the key identifier and the algorithm identifier to the first terminal and the second terminal;
the first terminal and the second terminal receive the key identification and the algorithm identification, the first terminal determines a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, and data encryption is carried out through the encryption key and the encryption algorithm and is sent to the second terminal;
and the second terminal determines a corresponding decryption key and a corresponding decryption algorithm based on the key identification and the algorithm identification, and decrypts the received encrypted data through the decryption key and the decryption algorithm.
2. The encryption and decryption method based on link data adaptive adjustment according to claim 1, wherein the determining a data scene type of the first terminal according to the connection establishment information and acquiring security record data of the second terminal includes:
determining the data scene type of the first terminal according to networking data recorded in the connection establishment information, wherein the networking data comprises a safe networking identifier and a non-safe networking identifier;
and acquiring attack times and attack information of the second terminal, which are respectively received and stored in advance by a database.
3. The encryption and decryption method based on link data adaptive adjustment according to claim 1, wherein the server determines a key identifier and an algorithm identifier based on the data scene type and the security record data, and comprises:
the server determines an encryption algorithm based on the data scene type, and the server determines the complexity of an encryption key based on the security record data;
matching is carried out on the stored multiple encryption algorithms and key data based on the encryption algorithms and the encryption key complexity to obtain matched encryption algorithms and key data;
and determining the position information of the matched encryption algorithm and key data in a plurality of encryption algorithms and key data, and generating a key identification and an algorithm identification based on the position information.
4. The encryption and decryption method based on link data adaptive adjustment according to claim 3, wherein the server determines an encryption algorithm based on the data scene type, and the method comprises:
and inquiring one or more encryption algorithms corresponding to the data scene type according to pre-recorded security level standard information, wherein the security level standard information records encryption algorithms with different security levels and complexity.
5. The encryption and decryption method based on link data adaptive adjustment according to claim 3, wherein the server determines the encryption key complexity based on the security record data, and the method comprises:
determining an attacked probability and a cracked probability based on the security record data;
and determining the complexity of an encryption key according to the attacked probability, the cracked probability and the respectively set probability threshold.
6. The encryption and decryption method based on link data adaptive adjustment according to any one of claims 3-5, wherein the first terminal determines the corresponding encryption key and encryption algorithm based on the key identification and algorithm identification, and comprises:
the first terminal acquires a pre-stored encryption algorithm and a pre-stored encryption key, wherein the first terminal and the server pre-store a plurality of same encryption algorithms and encryption keys which have the same sequence;
and determining the encryption algorithm and the encryption key which are currently used from the pre-stored encryption algorithm and encryption key based on the key identification and the algorithm identification.
7. The encryption and decryption method based on link data adaptive adjustment according to any one of claims 3-5, wherein the second terminal determines a corresponding decryption key and decryption algorithm based on the key identifier and algorithm identifier, and the method comprises:
the second terminal determines an encryption algorithm and an encryption key used by the first terminal based on the key identification and the algorithm identification;
and acquiring a decryption algorithm and a decryption key corresponding to the encryption algorithm and the encryption key used by the first terminal.
8. The encryption and decryption device based on the link data self-adaptive adjustment is characterized by comprising the following components:
the information sending module is configured to send connection establishment information to the server by the first terminal, wherein the connection establishment information is used for establishing communication transmission with the second terminal;
the information determining module is configured to receive the connection establishment information by the server, determine the data scene type of the first terminal according to the connection establishment information, and acquire the security record data of the second terminal;
the identification determining module is configured to determine a key identification and an algorithm identification by the server based on the data scene type and the safety record data, and respectively send the key identification and the algorithm identification to the first terminal and the second terminal;
the encryption module is configured to enable the first terminal and the second terminal to receive the key identification and the algorithm identification, enable the first terminal to determine a corresponding encryption key and an encryption algorithm based on the key identification and the algorithm identification, encrypt data through the encryption key and the encryption algorithm, and send the encrypted data to the second terminal;
and the decryption module is configured to determine a corresponding decryption key and a corresponding decryption algorithm based on the key identifier and the algorithm identifier, and decrypt the received encrypted data through the decryption key and the decryption algorithm.
9. An encryption and decryption device adaptively adjusted based on link data, the device comprising: one or more processors; a storage security chip apparatus for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the link data adaptation based encryption and decryption method according to any one of claims 1 to 7.
10. A storage medium containing computer executable instructions for performing the link data adaptation based encryption and decryption method of any one of claims 1-7 when executed by a computer processor.
CN202211127979.XA 2022-09-16 2022-09-16 Encryption and decryption method and device based on link data self-adaptive adjustment Active CN115208705B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211127979.XA CN115208705B (en) 2022-09-16 2022-09-16 Encryption and decryption method and device based on link data self-adaptive adjustment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211127979.XA CN115208705B (en) 2022-09-16 2022-09-16 Encryption and decryption method and device based on link data self-adaptive adjustment

Publications (2)

Publication Number Publication Date
CN115208705A true CN115208705A (en) 2022-10-18
CN115208705B CN115208705B (en) 2022-12-20

Family

ID=83571751

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211127979.XA Active CN115208705B (en) 2022-09-16 2022-09-16 Encryption and decryption method and device based on link data self-adaptive adjustment

Country Status (1)

Country Link
CN (1) CN115208705B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116094815A (en) * 2023-02-03 2023-05-09 广州万协通信息技术有限公司 Data encryption processing method and device based on flow self-adaptive control adjustment
CN116132035A (en) * 2023-02-03 2023-05-16 广州万协通信息技术有限公司 High-performance password operation method and device based on multi-parameter dynamic adjustment
CN116866015A (en) * 2023-06-26 2023-10-10 天津航天中为数据系统科技有限公司 Self-adaptive adjustment unmanned aerial vehicle data link encryption transmission system and method
WO2024098550A1 (en) * 2022-11-10 2024-05-16 阿里巴巴(中国)有限公司 Encryption method and decryption method for user identifier in data, system, and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102412967A (en) * 2011-09-29 2012-04-11 用友软件股份有限公司 Data transmission system and method
CN102780558A (en) * 2012-04-28 2012-11-14 华为终端有限公司 Data encryption and transmission method, algorithm distribution method, equipment and system
CN105391691A (en) * 2015-10-19 2016-03-09 浪潮(北京)电子信息产业有限公司 Communication control method, device and system based on cloud computing
CN106921493A (en) * 2017-03-31 2017-07-04 杭州翼兔网络科技有限公司 A kind of encryption method and system
US20190012488A1 (en) * 2017-07-04 2019-01-10 Baidu Online Network Technology (Beijing) Co., Ltd. Method, apparatus and device for storing vehicle travelling data
CN114520727A (en) * 2022-04-15 2022-05-20 广州万协通信息技术有限公司 Security chip data protection method and system
WO2022116629A1 (en) * 2020-12-03 2022-06-09 珠海格力电器股份有限公司 Data transmission method, apparatus, and device, and computer-readable storage medium
CN114915457A (en) * 2022-04-27 2022-08-16 烽台科技(北京)有限公司 Message transmission method, dynamic encryption method, device, electronic equipment and medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102412967A (en) * 2011-09-29 2012-04-11 用友软件股份有限公司 Data transmission system and method
CN102780558A (en) * 2012-04-28 2012-11-14 华为终端有限公司 Data encryption and transmission method, algorithm distribution method, equipment and system
CN105391691A (en) * 2015-10-19 2016-03-09 浪潮(北京)电子信息产业有限公司 Communication control method, device and system based on cloud computing
CN106921493A (en) * 2017-03-31 2017-07-04 杭州翼兔网络科技有限公司 A kind of encryption method and system
US20190012488A1 (en) * 2017-07-04 2019-01-10 Baidu Online Network Technology (Beijing) Co., Ltd. Method, apparatus and device for storing vehicle travelling data
WO2022116629A1 (en) * 2020-12-03 2022-06-09 珠海格力电器股份有限公司 Data transmission method, apparatus, and device, and computer-readable storage medium
CN114520727A (en) * 2022-04-15 2022-05-20 广州万协通信息技术有限公司 Security chip data protection method and system
CN114915457A (en) * 2022-04-27 2022-08-16 烽台科技(北京)有限公司 Message transmission method, dynamic encryption method, device, electronic equipment and medium

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024098550A1 (en) * 2022-11-10 2024-05-16 阿里巴巴(中国)有限公司 Encryption method and decryption method for user identifier in data, system, and device
CN116094815A (en) * 2023-02-03 2023-05-09 广州万协通信息技术有限公司 Data encryption processing method and device based on flow self-adaptive control adjustment
CN116132035A (en) * 2023-02-03 2023-05-16 广州万协通信息技术有限公司 High-performance password operation method and device based on multi-parameter dynamic adjustment
CN116094815B (en) * 2023-02-03 2023-12-22 广州万协通信息技术有限公司 Data encryption processing method and device based on flow self-adaptive control adjustment
CN116132035B (en) * 2023-02-03 2024-04-12 广州万协通信息技术有限公司 High-performance password operation method and device based on multi-parameter dynamic adjustment
CN116866015A (en) * 2023-06-26 2023-10-10 天津航天中为数据系统科技有限公司 Self-adaptive adjustment unmanned aerial vehicle data link encryption transmission system and method
CN116866015B (en) * 2023-06-26 2024-04-02 天津航天中为数据系统科技有限公司 Self-adaptive adjustment unmanned aerial vehicle data link encryption transmission system and method

Also Published As

Publication number Publication date
CN115208705B (en) 2022-12-20

Similar Documents

Publication Publication Date Title
CN115208705B (en) Encryption and decryption method and device based on link data self-adaptive adjustment
CN107770182B (en) Data storage method of home gateway and home gateway
CN110099064B (en) File processing method, device, equipment and storage medium based on Internet of things
EP1415430B1 (en) A method and a system for processing information in an electronic device
CN106790223B (en) Data transmission method, equipment and system
KR101704569B1 (en) Method, Apparatus and System For Controlling Dynamic Vehicle Security Communication Based on Ignition
CN111080857B (en) Vehicle digital key management and use method and device, mobile terminal and storage medium
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN107005577B (en) Fingerprint data processing method and processing device
CN114637987B (en) Security chip firmware downloading method and system based on platform verification
US20230224701A1 (en) Network connection method, terminal, device to be connected to network, and storage medium
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN115118419A (en) Data transmission method of security chip, security chip device, equipment and medium
CN108848413B (en) System, method and device for preventing video from replay attack and storage medium
CN109088729B (en) Key storage method and device
CN113127844A (en) Variable access method, device, system, equipment and medium
CN115567200B (en) Http interface anti-brushing method, system and related equipment
CN111431846B (en) Data transmission method, device and system
CN109302284B (en) Hardware wallet
CN115001716B (en) Network data processing method and system of education all-in-one machine and education all-in-one machine
CN115361140B (en) Method and device for verifying security chip key
CN115208569B (en) Encryption and decryption method and device for dynamic key distribution
CN114666173B (en) Internet of things information transmission method and device based on intermediate equipment
JP7170588B2 (en) Data processing method and data processing system
CN105184116A (en) Intelligent equipment software encryption and personal authentication device and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant