Disclosure of Invention
To solve the above problems, according to one aspect of the present invention, there is provided an online engineering quotation secure interaction method, the method comprising:
obtaining a first hash value of an online engineering quotation plaintext, and obtaining a second hash value according to the first hash value;
generating a plaintext key by using the first hash value and the second hash value, and encrypting the online engineering quotation plaintext to obtain a first ciphertext; and calculating a third hash value of the first ciphertext;
encrypting the first ciphertext by using the first key to obtain a second ciphertext; encrypting the third hash value with the second key to obtain a third ciphertext; transmitting the second ciphertext and the third ciphertext to a receiver;
decrypting the second ciphertext according to the secret key corresponding to the first secret key to obtain the first ciphertext, decrypting the third ciphertext according to the secret key corresponding to the second secret key to obtain the third hash value;
judging whether the first ciphertext is changed or not according to whether a fourth hash value calculated by the first ciphertext obtained after decryption is the same as the received third hash value; and if the fourth hash value is the same as the received third hash value, the first ciphertext is decrypted by using the plaintext key to obtain an online engineering quotation plaintext.
Preferably, obtaining the second hash value from the first hash value includes: and inputting the first hash value into a hash function for calculation to obtain the second hash value, wherein the hash function used for calculating the first hash value is different from the hash function used for calculating the second hash value.
Preferably, the first hash value and the third hash value are encrypted by a second key to obtain the third ciphertext and sent to a receiver, or after the online engineering quotation is finished, the first hash value is copied into the electronic equipment of the receiver by using a movable storage medium when the online engineering quotation result is published, so that the online engineering quotation result of each quoter is published; alternatively, the first hash value is transmitted using quantum communication techniques, and the second ciphertext and the third ciphertext are transmitted using non-quantum communication techniques.
Preferably, generating the plaintext key using the first hash value and the second hash value includes: encrypting the plaintext of the online engineering quotation by taking the numerical value processed according to the first hash value and the second hash value and the preset rule as a plaintext key; the preset rule comprises the following steps: and the first hash value and the second hash value are subjected to cascading or exclusive-or processing, or the result obtained after the exclusive-or operation of the first hash value and the second hash value is subjected to cascading to the processing after the first hash value or the second hash value, and the bit number with the proper length is selected from the processed result.
Preferably, the second hash value is generated according to the first hash value, the plaintext key is obtained according to the preset rule, and the first ciphertext is decrypted according to the plaintext key to obtain the first plaintext.
According to another aspect of the present invention, there is provided an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of any one of the above-mentioned online engineering quotation secure interaction methods when executing the computer program.
According to another aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program, characterized in that the program when executed by a processor implements the steps of any one of the above-mentioned online engineering quotation secure interaction methods.
According to another aspect of the present invention, there is provided an online engineering quotation security interaction system, the system comprising:
a first acquisition unit: obtaining a first hash value of an online engineering quotation plaintext, and obtaining a second hash value according to the first hash value;
a first encryption unit: encrypting the plaintext of the online engineering quotation by using a plaintext key generated by the first hash value and the second hash value to obtain a first ciphertext; and calculating a third hash value of the first ciphertext;
a second encryption unit: encrypting the first ciphertext by using the first key to obtain a second ciphertext; encrypting the third hash value with the second key to obtain a third ciphertext; transmitting the second ciphertext and the third ciphertext to the receiver;
a first decryption unit: decrypting the second ciphertext according to the key corresponding to the first key to obtain the first ciphertext, decrypting the third ciphertext according to the key corresponding to the second key to obtain the third hash value;
a second decryption unit: calculating whether the hash value of the first ciphertext obtained after decryption is the same as the received third hash value or not, and judging whether the first ciphertext is changed or not; if the hash value calculated by the first ciphertext is the same as the received third hash value, the first ciphertext is not changed, and the plaintext key is utilized to decrypt the first ciphertext, so that the online engineering quotation plaintext is obtained.
Preferably, the first obtaining unit obtaining the second hash value according to the first hash value includes: inputting the first hash value into a hash function for calculation to obtain a second hash value, or cascading the online engineering quotation with the first hash value and then inputting the first hash value into the hash function to obtain the second hash value; wherein the hash function used to calculate the first hash value is different from the hash function used to calculate the second hash value.
Preferably, the second encryption unit is further configured to: the first hash value and the third hash value are encrypted by a second key to obtain a third ciphertext, and the third ciphertext is sent to a receiver; or after the online engineering quotation is finished, copying the first hash value into the electronic equipment of the receiver by using a movable storage medium when the online engineering quotation result is published so as to publish the online engineering quotation result of each quoter; alternatively, the first hash value is transmitted using quantum communication techniques, and the second ciphertext and the third ciphertext are transmitted using non-quantum communication techniques.
Preferably, the first encryption unit further encrypts the online engineering quotation plaintext by using a numerical value processed according to a preset rule according to the first hash value and the second hash value as a plaintext key; the preset rule comprises the following steps: and the first hash value and the second hash value are subjected to cascading or exclusive-or processing, or the result of the cascading exclusive-or operation of the first hash value and the second hash value is subjected to cascading to the processing of the first hash value or the second hash value, and the bit number with the proper length is selected from the processed result.
Preferably, the second decryption unit decrypts the first ciphertext using the plaintext key, including: and generating the second hash value according to the first hash value, obtaining the plaintext key according to the preset rule, and decrypting the first ciphertext according to the plaintext key to obtain a first plaintext.
The invention has the beneficial effects that: the invention uses the first hash value related to the online engineering quotation to generate the plaintext encryption of the online engineering quotation, and the first hash value related to the online engineering quotation and the corresponding plaintext encryption key are different due to the different online engineering quotations when each quotation is performed, so compared with the traditional encryption scheme of the fixed encryption key, the invention effectively improves the safety of the online engineering quotation, prevents the online engineering quotation from being tampered, eliminates the potential safety hazard of the online engineering quotation, and simultaneously avoids the need of a special encryption key generation function to generate the plaintext encryption key. Meanwhile, the first hash value is transmitted by utilizing the quantum communication technology, and the second ciphertext and the third ciphertext are transmitted by utilizing the non-quantum communication technology, so that the safety of online engineering quotation is enhanced, and meanwhile, the communication cost is considered.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
FIG. 1 is a flow chart of a safe interaction method for online engineering quotations according to an embodiment of the invention. As shown in fig. 1, the present implementation provides an online engineering quotation secure interaction method, which includes:
s101, obtaining a first hash value of a plaintext of an online engineering quotation to be encrypted, and obtaining a second hash value according to the first hash value; the online engineering quotation comprises quotation person information, quotation data information, quotation project, quotation receiver information and the like.
S102, generating a plaintext key by using the first hash value and the second hash value, and encrypting the plaintext of the online engineering quotation to obtain a first ciphertext; and calculating a third hash value of the first ciphertext; the first ciphertext may be obtained using a DES algorithm, a 3DES algorithm, or an AES algorithm; and calculating a third hash value of the first ciphertext; the first hash value and the second hash value are 128 bits, but may be of other lengths.
S103, encrypting the first ciphertext by using the first key to obtain a second ciphertext; encrypting the third hash value with the second key to obtain a third ciphertext; transmitting the second ciphertext and the third ciphertext to the receiver;
s104, decrypting the second ciphertext according to the key corresponding to the first key to obtain a first ciphertext, and decrypting the third ciphertext according to the key corresponding to the second key to obtain a third hash value;
s105, judging whether the first ciphertext is changed according to whether a fourth hash value calculated by the first ciphertext obtained after decryption is the same as the received third hash value; if the fourth hash value is the same as the received third hash value, the first ciphertext is decrypted by using the plaintext key to obtain the plaintext of the online engineering quotation.
In the prior art, symmetric encryption and asymmetric encryption algorithms are included. The asymmetric encryption algorithm requires two keys, a public key (public key) and a private key (private key). The public key and the private key are a pair, and if the public key is used for encrypting the data, the data can be decrypted only by the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key. In the present invention, the first key and the second key, and the keys corresponding thereto may be public keys and private keys in an asymmetric encryption algorithm, respectively.
The hash algorithm in the present invention may be MD5 or SHA, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms (collectively referred to as SHA-2), SHA-3, etc.
In this embodiment, obtaining the second hash value according to the first hash value includes: the first hash value is input into a hash function to be calculated so as to obtain a second hash value, wherein the hash function used for calculating the first hash value is different from the hash function used for calculating the second hash value. And calculating the third hash value and the hash function used for calculating the fourth hash value are the same.
In this embodiment, the first hash value and the third hash value may be encrypted with a second key to obtain a third ciphertext and sent to the receiver, or when the online engineering quotation result is published after the online engineering quotation is finished, the first hash value is copied to the electronic device of the receiver by using a removable storage medium so as to decrypt the first ciphertext and publish the online engineering quotation result of each quoter; the first hash value is transmitted using quantum communication techniques. Only the first hash value is transmitted by utilizing a quantum communication technology, so that not only is the online engineering quotation of the whole flow ensured, but also the safety of communication is ensured; and meanwhile, the increase of communication cost caused by using quantum communication to transmit all online engineering quotations is avoided. Therefore, the first hash value of the online engineering quotation is transmitted by utilizing quantum communication, and the second ciphertext and the third ciphertext encrypted by the online engineering quotation are transmitted by utilizing traditional network communication, so that the safety can be ensured, and the communication cost is not excessively increased.
In this embodiment, the plaintext of the online engineering quotation is encrypted by using the value processed according to the preset rule as the plaintext key according to the first hash value and the second hash value; the preset rule comprises the following steps: and the first hash value and the second hash value are subjected to cascading or exclusive-or processing, or the result obtained after the exclusive-or operation of the first hash value and the second hash value is subjected to cascading to the processing after the first hash value or the second hash value, and the bit number with the proper length is selected from the processed result.
For example, an exclusive or result of the 128-bit first hash value and the second hash value may be calculated, and a plaintext key for encrypting the plaintext of the online engineering quotation may be selected according to a preset rule; for example, the preset rule is that one of the second hash value of 128 bits and the exclusive or result of the first hash value and the second hash value is selected, and the first 56 bits or the last 56 bits or the middle 56 bits are selected from the selected values to be used as keys of a DES algorithm; or after the exclusive OR result of the first hash value and the second hash value is cascaded with the second hash value or the first hash value, selecting 3 56-bit numerical values from the first hash value and the second hash value, wherein the numerical values can be the first 56 bits, the last 56 bits and the middle 56 bits as keys of a 3DES algorithm; the preset rule further comprises that the value obtained after the exclusive OR of the first hash value and the second hash value is cascaded to the first hash value or the second hash value; and selects 192 bits from the concatenated result as the AES key, e.g., the first 192 bits or the last 192 bits, or the middle 192 bits. The concatenated 256 bits may also be used as an AES key.
And the receiver generates the second hash value according to the first hash value, obtains the plaintext key according to the preset rule, and decrypts the first ciphertext according to the plaintext key to obtain a first plaintext. The fifth hash value is calculated by using the first plaintext, the adopted hash function is the same as the hash function for calculating the first hash value, and whether the first plaintext is tampered or not is verified according to the first hash value and the fifth hash value so as to verify the transmission security.
Example 2
The present embodiment provides an online engineering quotation secure interaction system, as shown in fig. 2, which includes a first acquisition unit 201, a first encryption unit 202, a second encryption unit 203, a first decryption unit 204, and a second decryption unit 205.
The system comprises:
the first acquisition unit 201: obtaining a first hash value of an online engineering quotation plaintext, and obtaining a second hash value according to the first hash value;
the first encryption unit 202: encrypting the plaintext of the online engineering quotation by using a plaintext key generated by the first hash value and the second hash value to obtain a first ciphertext; and calculating a third hash value of the first ciphertext;
the second encryption unit 203: encrypting the first ciphertext by using the first key to obtain a second ciphertext; encrypting the third hash value with the second key to obtain a third ciphertext; transmitting the second ciphertext and the third ciphertext to the receiver;
the first decryption unit 204: decrypting the second ciphertext according to the secret key corresponding to the first secret key to obtain a first ciphertext, and decrypting the third ciphertext according to the secret key corresponding to the second secret key to obtain a third hash value;
the second decryption unit 205: judging whether the first ciphertext is changed according to whether a fourth hash value calculated by the first ciphertext obtained after decryption is the same as the received third hash value; if the fourth hash value is the same as the received third hash value, the first ciphertext is decrypted by using the plaintext key to obtain the plaintext of the online engineering quotation.
In the prior art, symmetric encryption and asymmetric encryption algorithms are included. The asymmetric encryption algorithm requires two keys, a public key (public key) and a private key (private key). The public key and the private key are a pair, and if the public key is used for encrypting the data, the data can be decrypted only by the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key. In the present invention, the first key and the second key, and the keys corresponding thereto may be public keys and private keys in an asymmetric encryption algorithm, respectively.
The hash algorithm in the present invention may be MD5 or SHA, SHA-224, SHA-256, SHA-384, and SHA-512 algorithms (collectively referred to as SHA-2), SHA-3, etc.
In this embodiment, the first obtaining unit 201 obtaining the second hash value according to the first hash value includes: inputting the first hash value into a hash function for calculation to obtain a second hash value, or cascading the online engineering quotation with the first hash value and then inputting the first hash value into the hash function to obtain the second hash value; wherein the hash function used to calculate the first hash value is different from the hash function used to calculate the second hash value. The hash function used to calculate the third hash value and the fourth hash value is the same.
In this embodiment, the second encryption unit 203 is further configured to: the first hash value and the third hash value can be encrypted by a second key to obtain a third ciphertext and sent to a receiver, or the first hash value is copied into electronic equipment of the receiver by a movable storage medium when the online engineering quotation result is published after the online engineering quotation is finished so as to decrypt the first ciphertext and publish the online engineering quotation result of each quoter; the first hash value is transmitted using quantum communication techniques. Only the first hash value is transmitted by utilizing a quantum communication technology, so that not only is the online engineering quotation of the whole flow ensured, but also the safety of communication is ensured; and meanwhile, the increase of communication cost caused by using quantum communication to transmit all online engineering quotations is avoided. Therefore, the first hash value of the online engineering quotation is transmitted by utilizing quantum communication, and the second ciphertext and the third ciphertext encrypted by the online engineering quotation are transmitted by utilizing traditional network communication, so that the safety can be ensured, and the communication cost is not excessively increased.
In this embodiment, the first encryption unit 202 further encrypts the online engineering quotation plaintext by using the value processed according to the first hash value and the second hash value and the preset rule as the plaintext key; the preset rule comprises the following steps: and the first hash value and the second hash value are subjected to cascading or exclusive-or processing, or the result obtained after the exclusive-or operation of the first hash value and the second hash value is subjected to cascading to the processing after the first hash value or the second hash value, and the bit number with the proper length is selected from the processed result.
For example, an exclusive or result of the 128-bit first hash value and the second hash value may be calculated, and a key for encrypting the plaintext of the online engineering quotation may be selected according to a preset rule; for example, the preset rule is that one of the second hash value of 128 bits and the exclusive or result of the first hash value and the second hash value is selected, and the first 56 bits or the last 56 bits or the middle 56 bits are selected from the selected values to be used as keys of a DES algorithm; or after cascade connection of the second hash value and the exclusive or result of the first hash value and the second hash value, selecting 3 values of 56 bits from the second hash value, wherein the values can be the first 56 bits, the last 56 bits and the middle 56 bits as keys of a 3DES algorithm; the preset rule further comprises that the value obtained after the exclusive OR of the first hash value and the second hash value is cascaded to the first hash value or the second hash value; and selects 192 bits from the concatenated result as the AES key, e.g., the first 192 bits or the last 192 bits, or the middle 192 bits. The concatenated 256 bits may also be used as an AES key.
In this embodiment, the second decryption unit 205 generates the second hash value according to the first hash value, obtains the plaintext key according to the preset rule, and decrypts the first ciphertext according to the plaintext key to obtain the first plaintext. The fifth hash value may be calculated by using the first plaintext, the hash function used is the same as the hash function used to calculate the first hash value, and whether the first plaintext is tampered is verified according to the first hash value and the fifth hash value, so as to verify the security of transmission.
Example 3
The present embodiment provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the online engineering quotation secure interaction method described in embodiment 1 when the computer program is executed.
Example 4
The present embodiment provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the online engineering quotation secure interaction method described in embodiment 1.
More specifically, among others, readable storage media may be employed including, but not limited to: portable disk, hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible embodiment, the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps of implementing the online engineering quotation secure interaction method as described in example 1, when said program product is run on the terminal device.
Wherein the program code for carrying out the invention may be written in any combination of one or more programming languages, which program code may execute entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device and partly on the remote device or entirely on the remote device.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.