CN116455604A - Terminal equipment and data encryption method - Google Patents

Terminal equipment and data encryption method Download PDF

Info

Publication number
CN116455604A
CN116455604A CN202310237489.3A CN202310237489A CN116455604A CN 116455604 A CN116455604 A CN 116455604A CN 202310237489 A CN202310237489 A CN 202310237489A CN 116455604 A CN116455604 A CN 116455604A
Authority
CN
China
Prior art keywords
integer
random
initial
data
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310237489.3A
Other languages
Chinese (zh)
Inventor
周立辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Visual Technology Co Ltd
Original Assignee
Hisense Visual Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Visual Technology Co Ltd filed Critical Hisense Visual Technology Co Ltd
Priority to CN202310237489.3A priority Critical patent/CN116455604A/en
Publication of CN116455604A publication Critical patent/CN116455604A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

Some embodiments of the present application provide a terminal device and a data encryption method, where after obtaining initial data, the terminal device may perform integer encoding on the initial data to obtain an initial integer; then, a safe random number with any length is obtained, and an initial integer and the safe random number are spliced to obtain a spliced random integer; and then performing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver. According to the technical scheme, the initial data transmitted by the sender can be encrypted into random integers for transmission, the random processing is carried out on the initial data, the encrypted results are different each time, interception or leakage of the initial data can be prevented, and the safety of the initial data is ensured. Meanwhile, in the encryption process, related parameters can be adjusted, so that the randomness of the result is ensured, and the problem of low data security in the data transmission process is solved.

Description

Terminal equipment and data encryption method
Technical Field
Embodiments of the present application relate to the technical field of terminal devices, and in particular, to a terminal device and a data encryption method.
Background
In an application scenario of a terminal device such as a smart tv, various data needs to be transmitted. For example, data transmission may be performed between terminal devices, between a terminal device and a server, between respective functional modules disposed inside the terminal device, and the like.
In the data transmission process, the transmission mode can be divided into two modes of encrypted transmission and unencrypted transmission. Wherein, the encrypted transmission is a transmission mode for protecting the security of data transmission, a sender can encrypt data by using a specific encryption technology and then send the encrypted data to a receiver, and only the sender and the receiver of the data can access and decrypt the data. For example, the algorithm for encrypting the transmission can comprise symmetric encryption and asymmetric encryption, and the encryption algorithm is adopted to encrypt the data so as to improve the security of the data.
However, algorithms such as symmetric encryption and asymmetric encryption require a sender to transfer a key to a receiver, and require a large amount of computation, and a large amount of use of the algorithm may cause degradation of performance of a terminal device. Therefore, for some data, a non-encrypted transmission manner is generally adopted. However, in transmitting data using the non-encrypted transmission method, since the transmitted data is not encrypted, the security of the data is low.
Disclosure of Invention
Some embodiments of the present application provide a terminal device and a data encryption method, so as to solve the problem of low data security in the data transmission process.
In a first aspect, some embodiments of the present application provide a terminal device, including:
a communicator configured to establish a communication connection with a data receiver;
a controller configured to:
acquiring initial data, and executing integer coding on the initial data to obtain an initial integer;
acquiring a safety random number with any length;
splicing the initial integer and the safe random number to obtain a spliced random integer;
and executing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver.
In a second aspect, some embodiments of the present application further provide a method for encrypting data, which is applied to the terminal device of the first aspect, where the terminal device includes a communicator and a controller that establish a communication connection with a data receiver; the data encryption method comprises the following steps:
acquiring initial data, and executing integer coding on the initial data to obtain an initial integer;
acquiring a safety random number with any length;
Splicing the initial integer and the safe random number to obtain a spliced random integer;
and executing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver.
As can be seen from the above technical solutions, some embodiments of the present application provide a terminal device and a data encryption method, where after obtaining initial data, the terminal device may perform integer encoding on the initial data to obtain an initial integer; then, a safe random number with any length is obtained, and an initial integer and the safe random number are spliced to obtain a spliced random integer; and then performing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver. According to the technical scheme, the initial data transmitted by the sender can be encrypted into random integers for transmission, the random processing is carried out on the initial data, the encrypted results are different each time, interception or leakage of the initial data can be prevented, and the safety of the initial data is ensured. Meanwhile, in the encryption process, related parameters can be adjusted, so that the randomness of the result is ensured, and the problem of low data security in the data transmission process is solved.
Drawings
In order to more clearly illustrate some embodiments of the present application or technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an operation scenario between a terminal device and a control device provided in some embodiments of the present application;
fig. 2 is a block diagram of a hardware configuration of a terminal device according to some embodiments of the present application;
FIG. 3 is a block diagram of a hardware configuration of a control device provided in some embodiments of the present application;
fig. 4 is a schematic diagram of software configuration in a terminal device according to some embodiments of the present application;
fig. 5 is a flow chart of a method for encrypting data performed by a terminal device according to some embodiments of the present application;
fig. 6 is a schematic structural diagram of a functional module configured in a terminal device according to some embodiments of the present application;
FIG. 7 is a schematic diagram illustrating the effect of an encoder according to some embodiments of the present application to perform integer encoding;
FIG. 8 is a flow chart of performing integer encoding on initial data to obtain an initial integer according to some embodiments of the present application;
FIG. 9 is a schematic flow chart of a process for splitting an initial integer and a secure random number to obtain a split random integer by a splitter according to some embodiments of the present application;
FIG. 10 is a schematic diagram illustrating the effect of a splicer according to some embodiments of the present application for splicing an initial integer and a secure random number to obtain a spliced random integer;
FIG. 11 is a schematic flow chart of a process for splitting an initial integer and a safe random number to obtain a split random integer by a splitter according to other embodiments of the present application;
FIG. 12 is a schematic diagram showing the effect of the initial integer and the safe random number to obtain a split random integer by the split device according to other embodiments of the present application;
FIG. 13 is a flowchart illustrating masking a split random integer to obtain a new random integer according to some embodiments of the present application;
FIG. 14 is a flow chart of inserting a static mask based on an insertion location to obtain a new random integer, according to some embodiments of the present application;
FIG. 15 is a schematic diagram of static mask insertion and process integer grouping provided by some embodiments of the present application;
FIG. 16 is a schematic diagram of masking packet operations on process integers provided in some embodiments of the present application;
fig. 17 is a schematic flow chart of configuring different dynamic random masks for packet data by a terminal device according to some embodiments of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of some embodiments of the present application more clear, the technical solutions of some embodiments of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application.
It should be noted that the brief description of the terms in some embodiments of the present application is only for convenience in understanding the embodiments described below, and is not intended to limit the implementation of some embodiments of the present application. Unless otherwise indicated, these terms should be construed in their ordinary and customary meaning.
The terms first, second, third and the like in the description and in the claims and in the above-described figures are used for distinguishing between similar or similar objects or entities and not necessarily for describing a particular sequential or chronological order, unless otherwise indicated. It is to be understood that the terms so used are interchangeable under appropriate circumstances.
The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements is not necessarily limited to all elements explicitly listed, but may include other elements not expressly listed or inherent to such product or apparatus.
The term "module" refers to any known or later developed hardware, software, firmware, artificial intelligence, fuzzy logic, or combination of hardware or/and software code that is capable of performing the function associated with that element.
Fig. 1 is a schematic diagram of an operation scenario between a terminal device and a control device provided in some embodiments of the present application. As shown in fig. 1, a user may operate the terminal device 200 through the mobile terminal 300 and the control device 100.
In some embodiments, the mobile terminal 300 may install a software application with the terminal device 200, and implement connection communication through a network communication protocol for the purpose of one-to-one control operation and data communication. The audio/video content displayed on the mobile terminal 300 can also be transmitted to the terminal device 200, so as to realize the synchronous display function.
As also shown in fig. 1, the terminal device 200 also communicates data with the server 400 through a variety of communication means. The terminal device 200 may be permitted to make communication connection through a Local Area Network (LAN), a Wireless Local Area Network (WLAN), and other networks.
The terminal device 200 may additionally provide an intelligent network television function of a computer support function, including, but not limited to, a network television, an intelligent television, an Internet Protocol Television (IPTV), etc., in addition to the broadcast receiving television function.
Fig. 2 is a block diagram of a hardware configuration of the terminal device 200 in fig. 1 according to some embodiments of the present application.
In some embodiments, terminal device 200 includes at least one of a modem 210, a communicator 220, a detector 230, an external device interface 240, a controller 250, a display 260, an audio output interface 270, memory, a power supply, a user interface.
In some embodiments, the detector 230 is used to collect signals of the external environment or interaction with the outside.
In some embodiments, the display 260 includes a display screen component for presenting a picture, and a driving component for driving an image display, for receiving an image signal from the controller output, for displaying video content, image content, and components of a menu manipulation interface, and a user manipulation UI interface, etc.
In some embodiments, communicator 220 is a component for communicating with external devices or servers 400 according to various communication protocol types.
In some embodiments, the controller 250 controls the operation of the terminal device and responds to the user's operations by various software control programs stored on the memory. The controller 250 controls the overall operation of the terminal device 200.
In some embodiments, a user may input a user command through a Graphical User Interface (GUI) displayed on the display 260, and the user input interface receives the user input command through the Graphical User Interface (GUI).
In some embodiments, user interface 280 is an interface that may be used to receive control inputs.
Fig. 3 is a block diagram of a hardware configuration of the control device in fig. 1 according to some embodiments of the present application. As shown in fig. 3, the control device 100 includes a controller 110, a communication interface 130, a user input/output interface, a memory, and a power supply.
The control device 100 is configured to control the terminal device 200, and can receive an input operation instruction of a user, and convert the operation instruction into an instruction recognizable and responsive by the terminal device 200, functioning as an interaction mediation between the user and the terminal device 200.
In some embodiments, the control device 100 may be a smart device. Such as: the control apparatus 100 may install various applications of the control terminal apparatus 200 according to user demands.
In some embodiments, as shown in fig. 1, a mobile terminal 300 or other intelligent electronic device may serve a similar function as the control device 100 after installing an application that manipulates the terminal device 200.
The controller 110 includes a processor unit 112 and RAM 113 and ROM 114, a communication interface 130, and a communication bus. The controller 110 is used to control the operation and operation of the control device 100, as well as the communication collaboration among the internal components and the external and internal data processing functions.
The communication interface 130 enables communication of control signals and data signals with the terminal device 200 under the control of the controller 110. The communication interface 130 may include at least one of a WiFi chip 131, a bluetooth module 132, an NFC module 133, and other near field communication modules.
A user input/output interface 140, wherein the input interface includes at least one of a microphone 141, a touchpad 142, a sensor 143, keys 144, and other input interfaces.
In some embodiments, the control device 100 includes at least one of a communication interface 130 and an input-output interface 140. The control device 100 is provided with a communication interface 130 such as: the WiFi, bluetooth, NFC, etc. modules may send the user input instruction to the terminal device 200 through a WiFi protocol, or a bluetooth protocol, or an NFC protocol code.
A memory 190 for storing various operation programs, data and applications for driving and controlling the control device 100 under the control of the controller. The memory 190 may store various control signal instructions input by a user.
A power supply 180 for providing operating power support for the various elements of the control device 100 under the control of the controller.
Fig. 4 is a schematic view of software configuration in the terminal device in fig. 1 provided in some embodiments of the present application, in some embodiments, the system is divided into four layers, namely, an application (Applications) layer (abbreviated as "application layer"), an application framework (Application Framework) layer (abbreviated as "framework layer"), and a system library layer (abbreviated as "system runtime layer"), and a kernel layer from top to bottom.
In some embodiments, at least one application program is running in the application program layer, and these application programs may be a Window (Window) program of an operating system, a system setting program, a clock program, a camera application, and the like; or may be an application developed by a third party developer.
The framework layer provides an application programming interface (Aplication Pogramming Iterface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions. The application framework layer corresponds to a processing center that decides to let the applications in the application layer act.
As shown in fig. 4, the application framework layer in some embodiments of the present application includes a manager (manager), a Content Provider (Content Provider), a View System (View System), and the like. Wherein the manager comprises at least one of the following modules: an Activity Manager (Activity Manager) is used to interact with all activities that are running in the system; a Location Manager (Location Manager) is used to provide system services or applications with access to system Location services; a Package Manager (Package Manager) for retrieving various information about an application Package currently installed on the device; a notification manager (Notification Manager) for controlling the display and clearing of notification messages; a Window Manager (Window Manager) is used to manage bracketing icons, windows, toolbars, wallpaper, and desktop components on the user interface.
In some embodiments, the activity manager is to: managing the lifecycle of the individual applications and typically the navigation rollback functionality.
In some embodiments, a window manager is used to manage all window programs.
In some embodiments, the system runtime layer provides support for the upper layers, namely the framework layer, and when the framework layer is accessed, the operating system runs the C/C++ libraries contained in the system runtime layer to implement the functions to be implemented by the framework layer.
In some embodiments, the kernel layer is a layer between hardware and software. As shown in fig. 4, the kernel layer contains at least one of the following drivers: audio drive, display drive, bluetooth drive, camera drive, WIFI drive, USB drive, HDMI drive, sensor drive (e.g., fingerprint sensor, temperature sensor, touch sensor, pressure sensor, etc.), and the like.
In some embodiments, the kernel layer further includes a power driver module for power management.
In some embodiments, the software programs and/or modules corresponding to the software architecture in fig. 4 are stored in the first memory or the second memory shown in fig. 2 or fig. 3.
Based on the above-described terminal device 200, a specific display screen can be output. Taking intelligent electricity as an example, a user can watch various media assets in a network by using a video player installed in the intelligent television, for example, the user can play various media assets such as movies, television dramas, videos and the like by displaying the player. Meanwhile, the terminal device 200 may also present various user interfaces.
In an application scenario of a terminal device such as a smart tv, various data needs to be transmitted. For example, data transmission may be performed between the terminal device and other terminal devices, between the terminal device and a server, between each functional module disposed inside the terminal device, and so on. For example, when terminal device a performs data interaction with terminal device B, terminal device a may transmit its internal data to terminal device B, and likewise, terminal device B may transmit its internal data to terminal device a. It will be appreciated that when a plurality of functional modules are deployed in the terminal device 200, there is also a case where data interaction exists between the respective functional modules.
In some embodiments, the manner of data transmission can be divided into two modes, namely encrypted transmission and unencrypted transmission. Encrypted transmission is a transmission scheme for securing data transmission, in which a sender can encrypt data using a specific encryption technique and then send it to a receiver, and only the sender and receiver of the data can access and decrypt the data. The algorithm for encrypting the transmission may include symmetric encryption and asymmetric encryption, wherein symmetric encryption is an encryption method using a single key cryptosystem, and the same key may be used to encrypt and decrypt data at the same time, for example, advanced encryption standard (Advanced Encryption Standard, AES) is symmetric encryption. The asymmetric encryption refers to a pair of an encryption key and a decryption key, and when the encryption key is used to encrypt data, the decryption can only be performed by using the decryption key corresponding to the encryption key, for example, RSA is asymmetric encryption. Whether symmetric encryption or asymmetric encryption is adopted, the data can be encrypted, and therefore the safety of the data is improved.
However, although the above encryption algorithm may improve the security of data, since the algorithms such as symmetric encryption and asymmetric encryption require a large amount of computation, a large amount of use of the algorithm may cause performance degradation of the terminal device 200. Thus, for some data, a non-encrypted transmission may be used. For example, for some data that is not particularly long, such as short data, a non-encrypted transmission may be employed. However, in the process of transmitting data by using the non-encryption transmission method, since the transmitted data is not encrypted, the security of the data is low and is easily intercepted by the outside.
In order to raise the problem of low data security in the data transmission process, some embodiments of the present application provide a terminal device 200, where the terminal device 200 includes a controller 250 and a communicator 220 for establishing a communication connection with a data receiving party. The terminal device 200 may encrypt the initial data transmitted by the sender into one or several integers for transmission, and at the same time, randomize the initial data, so that the result of each encryption of the initial data is different, thereby preventing interception or leakage of the data. In the encryption process, the related parameters can be adjusted, so that the method can be suitable for the characteristics of different communication data.
In order to facilitate understanding of the technical solutions in some embodiments of the present application, the following details of each step are described with reference to some specific embodiments and the accompanying drawings. Fig. 5 is a flowchart of a method for executing data encryption by a terminal device according to some embodiments of the present application, where, as shown in fig. 5, when the terminal device 200 executes data encryption, the method may include the following steps S1 to S4, and the specific contents are as follows:
step S1: the terminal device 200 acquires initial data and performs integer encoding on the initial data to obtain an initial integer.
In order to enable the terminal device 200 to perform a process of data encryption, a plurality of functional modules may be disposed within the terminal device 200. For example, referring to fig. 6, fig. 6 is a schematic structural diagram of functional modules configured in a terminal device provided in some embodiments of the present application, and in some embodiments, the terminal device 200 may be configured with an encoder 201, a random number generator 202, a splicer 203, and a mask 204. The encoder 201 is configured to digitally encode the initial data, and encode the initial data into 1 or several integers according to the actual situation of the service, so as to shorten the length of the initial data as much as possible with less calculation amount; the random number generator 202 is used for generating a secure random number with any length; the splicer 203 is configured to splice the secure random number and the integer output by the encoder 201 according to a predetermined rule to form a new random integer; the mask 204 is used for masking the random integer generated by the split 203 according to rules. Specific functions performed by the respective functional modules will be described in detail below.
In some embodiments, the encoder 201 functions to perform integer encoding of the initial data. Fig. 7 is a schematic diagram illustrating the effect of performing integer encoding by the encoder according to some embodiments of the present application, as shown in fig. 7, after the initial data with any length is input into the encoder 201, one or more integers may be output after encoding by the encoder 201. Illustratively, the output integer may be a fixed length integer, such as a 64-bit or 32-bit integer, or the like. The encoder 201 may perform specific integer encoding, and the algorithm may be multiple, may be a more general encoding manner, or may customize an encoding scheme according to actual characteristics of the initial data, and so on. For example, compression algorithms such as zip, rar, etc. may be adopted to save storage space, and then data is cut by adopting a data cutting manner, etc., which is not particularly limited in this application.
It should be noted that, in the process of transmitting the initial data, the functional module for transmitting the data and the functional module for receiving the data need to use the same coding scheme, so that the data receiver can decode the data according to the same coding rule. For example, when integer encoding is performed on the initial data, first the length information of the initial data may be acquired, and then the initial data may be integer encoded according to the length information and a preset encoding rule to generate an initial integer of a fixed length.
Fig. 8 is a schematic flow chart of performing integer encoding on initial data to obtain an initial integer, as shown in fig. 8, the terminal device 200 may first traverse a character string and a non-character string in the initial data, then obtain a correspondence between the character string and an encoded number according to a preset binary encoding form, then perform encoding on the character string according to the correspondence to form the character string integer, and finally generate the initial integer according to the non-character string and the character string integer.
Taking initial data as HIGH as an example, H, I, G, H strings exist in the initial data. In some embodiments, referring to table 1, there may be the following correspondence between the initial data and the encoded numbers:
as can be seen from table 1, the code numbers corresponding to the character string H, I, G, H are respectively H17, i 18 and g 16. For the coded numbers corresponding to the character strings, the following conversion can be performed according to a 36-system form:
“HIGH”=17*36 3 +18*36 2 +16*36+17=817073=0xC77B1;
the corresponding string integer after the string "HIGH" code is 817073, and it will be appreciated that in this example, the string integers are the last initial integer.
In some embodiments, the initial data may include a plurality of letters and numbers, and the calculation may be performed as described above. Illustratively, in table 1, when the initial data is 0, its corresponding code number is also 0, and when the initial data is 1, its corresponding code number is also 1. With reference to the above calculation method, the integer corresponding to the non-character string can be calculated, and finally the initial integer is generated according to the non-character string and the character string integer. After the completion of the execution of step S1, the following step S2 may be executed.
Step S2: the terminal device 200 acquires a security random number of an arbitrary length.
In some embodiments, the terminal device 200 may be deployed with a random number generator 202 to generate a secure random number of any length by the random number generator 202. Illustratively, the random number generator 202 may generate a specified number of random numbers, such as a secure random number, according to the specific condition of the initial data, so that the secure random number may be spliced or otherwise manipulated with the initial data to enhance the security of the initial data. After the completion of the execution of step S2, the following step S3 may be executed.
Step S3: the terminal device 200 concatenates the initial integer and the secure random number to obtain a concatenated random integer.
In order to improve the security of the initial data during transmission, the terminal device 200 may be deployed with a splicer 203. The splicer 203 is configured to splice the secure random number generated by the random number generator 202 and the initial integer output by the encoder 201 according to a predetermined rule to form a spliced random integer, so as to improve the security of the initial data by splicing. By the process of stitching, the two integers, the initial integer and the secure random number, can be stitched into a larger integer.
It should be noted that, before performing stitching, a certain stitching rule needs to be defined. For example, the splicing rule may be defined according to the actual situation of the initial data or according to the requirements of the data sender and the data receiver, and the rule needs to be consistent between the sending module and the receiving module for transmitting the data. The stitching process is further described below.
Fig. 9 is a schematic flow chart of splitting an initial integer and a secure random number by a splitter according to some embodiments of the present application to obtain a split random integer, as shown in fig. 9, when splitting the initial integer and the secure random number, a splitter 203 in a terminal device 200 may first traverse the initial integer and the secure random number to obtain a first bit occupation number of the initial integer and a second bit occupation number of the secure random number. The first bit occupation number can be understood as all bit numbers occupied by the initial integer, and the second bit occupation number can be understood as all bit numbers occupied by the secure random number. After the first bit occupation number and the second bit occupation number are determined, the occupation number of the random integer can be obtained according to the first bit occupation number and the second bit occupation number, it can be understood that the occupation number can be the sum of the first bit occupation number and the second bit occupation number, then the occupation positions of all bits of the random integer can be determined according to the occupation number, and finally the bits of the initial integer and the bits of the safe random number are added in the occupation positions in a penetrating manner according to a preset splicing rule to generate the random integer.
Illustratively, the initial integer received by the splicer 203 from the encoder 201 may be Mn, the secure random number received from the random number generator 202 may be Rn, and during the splicing, each bit of the initial integer Mn and each bit of the secure random number Rn may be defined in terms of bits in the positions of all bits of the spliced random integer.
In some embodiments, each bit of the initial integer Mn and the secure random number Rn may be interspersed with each bit of the split random integer. Taking the split random integer as an example and using Kn as an expression, fig. 10 is a schematic diagram of an effect of splitting an initial integer and a safe random number by using a splitter provided in some embodiments of the present application to obtain the split random integer, as shown in fig. 10, a binary expression form of the initial integer Mn may be 1100, a binary expression form of the safe random number Rn may be 0101, and a preset splitting rule may be customized according to actual requirements.
For example, the preset stitching rule may be An, which may take the form of 1010. The splicing sequence may be defined in a preset splicing rule, for example, 1 indicates that when the initial integer Mn and the safe random number Rn are inserted, the bit row of the safe random number Rn is in front of the initial integer Mn, and 0 indicates that the bit row of the safe random number Rn is behind the initial integer Mn. Thus, when the initial integer Mn and the secure random number Rn are inserted into the bit positions of the split random integer Kn, the bits can be inserted one by one according to the rule. The above is merely an example of the splicing rule, and is not limited thereto.
When the split 203 performs the split process, the initial integer Mn and the secure random number Rn are first traversed, so that the split occupation number of the split random integer Kn can be determined by the initial integer Mn and the secure random number Rn. In the above embodiment, the initial integer Mn is 1100, the secure random number Rn is 0101, and the preset splicing rule is 1010, where 1 indicates that the bit row of the secure random number Rn is in front of the initial integer Mn, and 0 indicates that the bit row of the secure random number Rn is behind the initial integer Mn.
In the specific splicing process, when the first two bits of the splicing random integer Kn are determined, the corresponding rule number is 1, and then the first two bits of the splicing random integer Kn are the first bit '0' of the safe random number Rn before and the first bit '1' of the initial integer Mn after; similarly, when the third and fourth bits of the split random integer Kn are determined, the corresponding rule number is 0, and then the third and fourth bits of the split random integer Kn should be the second bit "1" of the safe random number Rn and then the second bit "1" of the initial integer Mn is preceded; when the fifth and sixth bits of the split random integer Kn are determined, the corresponding rule number is 1, and then the fifth and sixth bits of the split random integer Kn should be the third bit "0" of the safe random number Rn before and the third bit "0" of the initial integer Mn after; when the seventh and eighth bits of the split random integer Kn are determined, the corresponding rule number is 0, and the seventh and eighth bits of the split random integer Kn should be the fourth bit "1" of the safe random number Rn followed by the fourth bit "0" of the initial integer Mn, as shown in fig. 10. In this way, the bits of the initial integer Mn and all the bits of the secure random number Rn can be inserted into the corresponding occupying positions according to the preset splicing rule, and the final splicing random integer Kn is generated.
Fig. 11 is a schematic flow chart of a process of splitting an initial integer and a secure random number by a split device to obtain a split random integer according to another embodiment of the present application, as shown in fig. 11, when the split device 203 in the terminal device 200 splits the initial integer and the secure random number, the split device may generate a space occupying sequence of the split random integer according to the split space occupying number after traversing the initial integer and the secure random number to obtain a first bit space occupying number of the initial integer and a second bit space occupying number of the secure random number, and obtain the split space occupying number of the split random integer according to the first bit space occupying number and the second bit space occupying number, which may be generated randomly or according to a certain rule. After the space-occupying sequence is generated, the bit storage positions of the initial integer and the safety random number are determined according to the space-occupying sequence so as to generate the split random integer.
Illustratively, the position of each bit of the initial integer Mn and the secure random number Rn in the split random integer Kn may be specified by a pre-generated placeholder sequence, it being understood that the rules used during transmission of the split random integers should be consistent between the data transmission module and the transmission module.
In some embodiments, each bit of the initial integer Mn and the secure random number Rn may be saved in the form of an array. Fig. 12 is a schematic diagram showing the effect of splitting an initial integer and a safe random number to obtain a split random integer according to another embodiment of the present application, as shown in fig. 12, each bit of the split random integer Kn may be numbered, and taking an example that the initial integer Mn and the safe random number Rn are integers of 32 bits, where the number range is 0-63, a non-repeated space occupying sequence in the range of 0-63 may be generated. In one embodiment, a bit storage rule may be set by itself, for example, the 0 th bit of the initial integer Mn may be stored in the 1 st bit of the split random integer Kn, the 1 st bit of Mn may be stored in the 2 nd bit of the split random integer Kn, and so on, and after the initial integer Mn is stored, each bit of the secure random number Rn is stored in sequence. After all bits are stored, the splicing process of splicing the random integers Kn is completed. After step S3 is completed by itself, the following step S4 may be performed.
Step S4: the terminal device 200 performs a masking process on the split random integer to obtain a new random integer, to transmit the new random integer as target transmission data to the data reception side.
In order to further improve the security of the initial data, in some embodiments, the terminal device 200 may further perform mask processing on the split random integer to obtain a new random integer, so as to transmit the new random integer as the target transmission data to the data receiver, so as to further improve the security of the initial data in the transmission process.
Fig. 13 is a schematic flow chart of masking a split random integer to obtain a new random integer according to some embodiments of the present application, as shown in fig. 13, the terminal device 200 may first determine an insertion position of an inserted static mask based on a split occupation number of the split random integer, where the static mask may also be a random integer, and the purpose of inserting the static mask is to further improve security of initial data. After the insertion position is determined, a static mask with a preset bit number is obtained, the specific bit number can be determined according to the actual condition of initial data or the use scene of the data, the user requirement and other factors, and finally the static mask is inserted based on the insertion position, so that a new random integer is obtained.
In some embodiments, masking may be performed on the split random integer by the masker 204. An N1-bit random number, such as a static mask, may be generated by the random number generator 202 prior to performing the masking process, where the length of N1 may be arbitrarily specified, but N1 is typically no greater than the length of the integer output by the splicer 203. After the length of the static mask is determined, the insertion position of the inserted static mask may be determined based on the split occupation number of the split random integer. Taking the inserting position Nk as an example and taking the static mask Mk as an example, when defining the static mask Mk, the static mask may be any integer of N1 bits, and finally inserting the static mask based on the inserting position to obtain a new random integer.
Fig. 14 is a schematic flow chart of obtaining a new random integer based on inserting a static mask at an insertion position according to some embodiments of the present application, as shown in fig. 14, when the terminal device 200 inserts the static mask based on the insertion position, the process integer after inserting the static mask may be obtained first, then the process integer is grouped according to a preset bit length, for example, N, to obtain grouped data, then a dynamic random mask with a preset bit number is obtained, and finally an exclusive or mapping operation is performed on the grouped data according to the dynamic random mask to obtain a final new random integer.
In some embodiments, when determining the insertion position of the static mask, a preset bit length for grouping the process integers may be obtained first, then the bit occupation corresponding to the insertion position is set to be a multiple of the preset bit length, and then the static mask is inserted according to the insertion position corresponding to the bit occupation. That is, the insertion position Nk should be an integer multiple of the preset bit length N, and in some embodiments, the length N1 of the static mask may be equal to the preset bit length N, which is not specifically limited in this application. The process of inserting the static mask and the process of generating the new random integer are described below in connection with the actual example.
For example, when inserting the static mask, the static mask value Mk may be inserted at the Nk bit position of the split random integer Kn output by the split 203, where the process integer Km, nk should be an integer multiple of the preset bit length N. Thereafter, the process integer Km is split into m bit sequences of length N. In some embodiments, bit positions that are less than an integer multiple may be filled with 0.
Fig. 15 is a schematic diagram of static mask insertion and process integer grouping according to some embodiments of the present application, and as shown in fig. 15, n=4 is taken as an example, that is, the preset bit length is 4, and a group of data is divided into every 4 bit lengths. Then at the time of inserting the static mask Mk, it may be inserted at the 4 th bit position of the split random integer Kn. Note that fig. 15 shows only grouping in such a manner that the preset bit length is 4, and inserting the static mask into the position of nk=4. In an actual scenario, there may be multiple dividing manners, or may be inserted into a space occupying sequence with a multiple of the preset bit length N, which is not limited in this application specifically. Therefore, the grouping modes are different, the inserting positions of the static masks are also different, and the generated process integers and the final new random integers are also different, so that the randomness of the result after each encryption can be ensured, and the safety of the data is further improved.
Fig. 16 is a schematic diagram of performing a masking grouping operation on a process integer according to some embodiments of the present application, as shown in fig. 16, after inserting a static masking value Mk at a Nk bit position of a split random integer Kn to obtain the process integer Km, splitting the process integer Km into m bit sequences with a length N, where m is a positive integer. For each set of bit sequences, the exclusive-or process may be performed segment by segment. For example, the dynamic random mask Mr may be used to exclusive-or map each set of packet data, and in some embodiments, the dynamic random mask Mr may be in binary form of 1010, and after exclusive-or mapping each set of packet data, a new random integer Mk is obtained.
It should be noted that, after the randomizing processing is performed on the initial data according to the processing manner of the foregoing embodiment, the processing result of the initial data is different each time, so that the security of the initial data in the transmission process can be ensured. Illustratively, when the terminal device 200 needs to send a request to the server, the request needs to be delivered to the server through a uniform resource locator (Uniform Resource Locator, URL), and some parameter information is included in the request. The initial data transferred by the terminal device 200 is, for example: https:// hostname/requestparam1=msga & param2=msgb. However, during the transmission process, some sensitive data, such as user account, user password or other relevant data in important scenes, are not hoped to be intercepted or found by a third party during the transmission process, so that the above initial data can be randomly processed based on the technical scheme of the application.
For example, in the initial data, the parameters are msgA and msgB, and by adopting the technical scheme of the application, the processing result after the first randomization is https:// hostname/request 1234=12345678 & 5678=12345678, and the result of the second randomization is https:// hostname/request 4321=987654321 & 8765=987654321. The two processing results show that the same parameters msgA and msgB become completely different random integers after randomization, so that even if the initial data is intercepted by a third party in the transmission process, the rule of the data cannot be analyzed, and the content of the initial data before randomization cannot be analyzed, thereby ensuring the safety of the initial data.
In the foregoing embodiment, the new random integer finally generated is different due to the different stitching rules, the different mask positions, and the different values of the static mask. As long as any one of the parameters is changed, the final generation result is changed, so that the randomness of a new random integer can be ensured through the technical scheme of the application. Meanwhile, in the whole calculation process, a large amount of calculation is not needed, namely, the calculation amount is small, so that the safety of initial data can be ensured on the basis of ensuring the performance of the terminal equipment 200.
As can be seen from the above technical solutions, after the terminal device 200 provided in the above embodiments obtains the initial data, the terminal device may perform integer encoding on the initial data to obtain an initial integer; then, a safe random number with any length is obtained, and an initial integer and the safe random number are spliced to obtain a spliced random integer; and then performing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver. According to the technical scheme, the initial data transmitted by the sender can be encrypted into random integers for transmission, the random processing is carried out on the initial data, the encrypted results are different each time, interception or leakage of the initial data can be prevented, and the safety of the initial data is ensured. Meanwhile, in the encryption process, related parameters can be adjusted, so that the randomness of the result is ensured, and the problem of low data security in the data transmission process is solved.
To improve security during initial data transmission, in some embodiments, the terminal device 200 may also lengthen the preset bit length of the process integer packet, using a larger range of random masks. The foregoing is exemplified by a preset bit length of 4 bits, and may also be 6 bits, 8 bits, or other bit lengths.
In order to improve the security during the initial data transmission, the terminal device 200 may also configure different dynamic random masks for the packet data. Fig. 17 is a schematic flow chart of configuring different dynamic random masks for packet data by a terminal device according to some embodiments of the present application, as shown in fig. 17, in some embodiments, the terminal device 200 may traverse all packet data, and then configure different dynamic random masks for each packet data, and set a separate derivation rule for each dynamic random mask. Therefore, the randomness of the final random integer is further ensured, and the safety in the initial data transmission process can be further improved.
In some embodiments, after the terminal device 200 transmits the initial data to the data receiving party in the above-described random encrypted form, the receiving party may perform reverse processing, and obtain the initial data after decryption. It should be noted that, as long as both parties of the communication agree in advance and make the same rule, the receiving party can successfully decrypt the initial data.
Illustratively, the receiver may obtain the value of the random mask used in the encryption according to the position of the static mask and the two parameters of the position of the static mask and the value of the static mask by using the inverse operation of the dynamic mask operation. And then, according to the random mask and a preset grouping mode, carrying out reverse mask operation on each group of encrypted data to obtain integer values after random splicing, decrypting the initial integers before splicing by utilizing a preset splicing rule for random splicing, and finally, carrying out inverse coding operation on the coded initial integers by utilizing a preset coding mode to obtain initial data transmitted by both parties.
Some embodiments of the present application also provide a data encryption method, which corresponds to the terminal device 200 in the foregoing embodiment, and may be applied to the terminal device 200 in the foregoing embodiment, and the terminal device 200 may include a controller 250 and a communicator 220 for establishing a communication connection with a data receiver. In some embodiments, a method of data encryption may include the steps of:
the terminal device 200 acquires initial data and performs integer encoding on the initial data to obtain an initial integer. In some embodiments, the initial data may be integer encoded using encoder 201. After the initial data of an arbitrary length is input in the encoder 201, one or more integers may be output through the encoding of the encoder 201.
The terminal device 200 acquires a security random number of an arbitrary length. In some embodiments, the terminal device 200 may be deployed with a random number generator 202 to generate a secure random number of any length by the random number generator 202.
The terminal device 200 concatenates the initial integer and the secure random number to obtain a concatenated random integer. In order to improve the security of the initial data during transmission, the terminal device 200 may be deployed with a splicer 203. The splicer 203 is configured to splice the secure random number generated by the random number generator 202 and the initial integer output by the encoder 201 according to a predetermined rule to form a spliced random integer, so as to improve the security of the initial data through the splicing process. By combining the initial integer and the secure random number, the two integers of the initial integer and the secure random number can be combined into a larger integer.
The terminal device 200 performs a masking process on the split random integer to obtain a new random integer, to transmit the new random integer as target transmission data to the data reception side. In order to further improve the security of the initial data, in some embodiments, the terminal device 200 may further perform mask processing on the split random integer to obtain a new random integer, so as to transmit the new random integer as the target transmission data to the data receiver, so as to further improve the security of the initial data in the transmission process. The new random integer finally generated is different due to different splicing rules, different mask positions and different values of the static mask. As long as any one of the parameters is changed, the final generation result is changed, so that the randomness of a new random integer can be ensured through the technical scheme of the application. Meanwhile, in the whole calculation process, a large amount of calculation is not needed, namely, the calculation amount is small, so that the safety of initial data can be ensured on the basis of ensuring the performance of the terminal equipment 200.
According to the technical scheme, the data encryption method in the embodiment can encrypt the initial data transmitted by the sender into random integers for transmission, and the initial data is subjected to randomization treatment, so that the encrypted results are different each time, interception or leakage of the initial data can be prevented, and the safety of the initial data is ensured. Meanwhile, in the encryption process, related parameters can be adjusted, so that the randomness of the result is ensured, and the problem of low data security in the data transmission process is solved.
The same and similar parts of the embodiments in this specification are referred to each other, and are not described herein.
It will be apparent to those skilled in the art that the techniques of embodiments of the present invention may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied essentially or in parts contributing to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method of the embodiments or some parts of the embodiments of the present invention.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
The foregoing description, for purposes of explanation, has been presented in conjunction with specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the embodiments to the precise forms disclosed above. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles and the practical application, to thereby enable others skilled in the art to best utilize the embodiments and various embodiments with various modifications as are suited to the particular use contemplated.

Claims (10)

1. A terminal device, comprising:
a communicator configured to establish a communication connection with a data receiver;
a controller configured to:
acquiring initial data, and executing integer coding on the initial data to obtain an initial integer;
acquiring a safety random number with any length;
splicing the initial integer and the safe random number to obtain a spliced random integer;
and executing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver.
2. The terminal device of claim 1, wherein the controller performs integer encoding of the initial data to obtain an initial integer, further configured to:
Acquiring the length information of the initial data;
and executing integer coding on the initial data according to the length information and a preset coding rule to generate an initial integer with a fixed length.
3. The terminal device of claim 1, wherein the controller performs integer encoding of the initial data to obtain an initial integer, further configured to:
traversing the character strings and the non-character strings in the initial data;
acquiring the corresponding relation between the character string and the coded number according to a preset binary coding form;
performing coding on the character strings according to the corresponding relation to form character string integers;
and generating the initial integer according to the non-character string and the character string integer.
4. The terminal device of claim 1, wherein the controller performs the step of concatenating the initial integer and the secure random number to obtain a concatenated random integer, further configured to:
traversing the initial integer and the secure random number to obtain a first bit occupation of the initial integer and a second bit occupation of the secure random number;
acquiring a split occupying number of a split random integer according to the first bit occupying number and the second bit occupying number;
Determining the occupation positions of all bits of the spliced random integer according to the spliced occupation number;
and the bits of the initial integer and the bits of the safety random number are added in the occupying position in a penetrating way according to a preset splicing rule so as to generate a spliced random integer.
5. The terminal device of claim 1, wherein the controller performs the step of concatenating the initial integer and the secure random number to obtain a concatenated random integer, further configured to:
traversing the initial integer and the secure random number to obtain a first bit occupation of the initial integer and a second bit occupation of the secure random number;
acquiring a split occupying number of a split random integer according to the first bit occupying number and the second bit occupying number;
generating a occupation sequence of the spliced random integer according to the spliced occupation number;
and determining the bit storage positions of the initial integer and the safety random number according to the occupying sequence so as to generate a spliced random integer.
6. The terminal device according to claim 4 or 5, wherein the controller performs masking processing on the split random integer to obtain a new random integer, and is further configured to:
Determining an insertion position of an inserted static mask based on the split occupation number of the split random integer;
acquiring a static mask of a preset bit number;
and inserting the static mask based on the insertion position to obtain a new random integer.
7. The terminal device of claim 6, wherein the controller performs the step of inserting the static mask based on the insertion location to obtain a new random integer, further configured to:
acquiring a process integer after the static mask is inserted;
grouping the process integers according to a preset bit length to obtain grouping data;
acquiring a dynamic random mask of a preset bit number;
and performing exclusive-or mapping operation on the grouping data according to the dynamic random mask to obtain a new random integer.
8. The terminal device of claim 7, wherein the controller is further configured to:
acquiring the preset bit length;
setting the bit occupation corresponding to the insertion position to be a multiple of the preset bit length;
and inserting the static mask according to the insertion position corresponding to the bit occupation.
9. The terminal device of claim 7, wherein the controller is further configured to:
Traversing the packet data;
configuring different dynamic random masks for the packet data, and setting separate derivation rules for the dynamic random masks.
10. A method of encrypting data, comprising:
acquiring initial data, and executing integer coding on the initial data to obtain an initial integer;
acquiring a safety random number with any length;
splicing the initial integer and the safe random number to obtain a spliced random integer;
and executing mask processing on the spliced random integer to obtain a new random integer, and transmitting the new random integer as target transmission data to a data receiver.
CN202310237489.3A 2023-03-13 2023-03-13 Terminal equipment and data encryption method Pending CN116455604A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310237489.3A CN116455604A (en) 2023-03-13 2023-03-13 Terminal equipment and data encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310237489.3A CN116455604A (en) 2023-03-13 2023-03-13 Terminal equipment and data encryption method

Publications (1)

Publication Number Publication Date
CN116455604A true CN116455604A (en) 2023-07-18

Family

ID=87131091

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310237489.3A Pending CN116455604A (en) 2023-03-13 2023-03-13 Terminal equipment and data encryption method

Country Status (1)

Country Link
CN (1) CN116455604A (en)

Similar Documents

Publication Publication Date Title
CN109933995B (en) User sensitive data protection and system based on cloud service and block chain
US10187200B1 (en) System and method for generating a multi-stage key for use in cryptographic operations
CN106612275B (en) User terminal and method for transmitting and receiving messages
JP4596256B2 (en) Transmission / reception system and method, transmission device and method, reception device and method, and program
CN110138749A (en) Data security protection method and related equipment
JP2019017102A (en) Internet of things device
CN102164034A (en) Device and method for establishing secure trust key
CN112788012B (en) Log file encryption method and device, storage medium and electronic equipment
JP7420779B2 (en) Key protection processing method, device, equipment and storage medium
CN104602238A (en) Wireless network connecting method, device and system
CN106899607A (en) The method and device that a kind of information encryption is sent and decryption is received
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
US20160308669A1 (en) Method and System for Real Time Data Protection with Private Key and Algorithm for Transmission and Storage
CN104735484A (en) Method and device for playing video
KR20170097509A (en) Operation method based on white-box cryptography and security apparatus for performing the method
CN111756690A (en) Data processing system, method and server
CN112182624A (en) Encryption method, encryption device, storage medium and electronic equipment
CN114499836B (en) Key management method, device, computer equipment and readable storage medium
US10432596B2 (en) Systems and methods for cryptography having asymmetric to symmetric key agreement
EP2227014B1 (en) Securely providing secret data from a sender to a receiver
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN114969768A (en) Data processing method and device and storage medium
CN116455572A (en) Data encryption method, device and equipment
KR102038217B1 (en) Information security system through encrypting and decrypting personal data and contents in smart device based on Lightweight Encryption Algorithm, method thereof and computer recordable medium storing program to perform the method
CN116455604A (en) Terminal equipment and data encryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination