[go: up one dir, main page]

CN101399627B - Method and system for synchronization recovery - Google Patents

Method and system for synchronization recovery Download PDF

Info

Publication number
CN101399627B
CN101399627B CN2008101716865A CN200810171686A CN101399627B CN 101399627 B CN101399627 B CN 101399627B CN 2008101716865 A CN2008101716865 A CN 2008101716865A CN 200810171686 A CN200810171686 A CN 200810171686A CN 101399627 B CN101399627 B CN 101399627B
Authority
CN
China
Prior art keywords
key seed
encryption
value
decryption
decrypting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008101716865A
Other languages
Chinese (zh)
Other versions
CN101399627A (en
Inventor
王兴军
闫峰冰
雷大明
陈晨
胡坚珉
梅红兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING UNITEND TECHNOLOGIES Inc
Original Assignee
BEIJING UNITEND TECHNOLOGIES Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING UNITEND TECHNOLOGIES Inc filed Critical BEIJING UNITEND TECHNOLOGIES Inc
Priority to CN2008101716865A priority Critical patent/CN101399627B/en
Publication of CN101399627A publication Critical patent/CN101399627A/en
Application granted granted Critical
Publication of CN101399627B publication Critical patent/CN101399627B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a synchronous recovery method and a system thereof. An encryption end and a decryption end pre-generate key seeds for the synchronous recovery. The key seeds for the synchronous recovery are different from the key seeds for the current encryption and decryption. When a trigger condition happens, the encryption end and the decryption end respectively generate a check value representing self state; if the check values generated by the two ends are not consistent, then the encryption end and the decryption end utilize the key seeds for the synchronous recovery to perform the encryption and decryption processing of the subsequent data. The method solves the problem that the keys generated by the two ends are not consistent owing to noise and the like in the encryption and decryption course, and also enhances the safety of the system by continuously updating the key seeds in the transmission course.

Description

A kind of method and system of synchronous recovery
Technical field
The present invention relates to field of encryption, particularly a kind of method and system that in ciphering process, recovers synchronously.
Background technology
At present, in the stream encryption process, normally encrypted end equipment and decrypting end equipment through authenticate-acknowledge after the other side's the legitimacy, encrypt end and generate consistent key seed, in order to claimed content encryption and decryption with decrypting end.But because the problem of noise etc., the key that causes the encryption and decryption two ends to utilize key seed to generate simultaneously easily is inconsistent, causes correctly decryption content of decrypting end.For normal encrypting and decrypting process, if this situation often occurs, can cause key asynchronous, thereby cause the step-out of data, influence the encryption and decryption two ends and work normally.And in present stream encryption process, do not relate to the function that the employed key of encryption and decryption is recovered synchronously, so; Under the inconsistent situation of both sides key, can't detect this mistake, more can't recover this mistake; The result can cause the data decryption mistake, can't decipher.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method of synchronous recovery, makes it in time find that in the encryption and decryption process encryption and decryption two ends lose synchronous state, and makes it as early as possible to recover synchronously.
Another object of the present invention is to provide a kind of system of synchronous recovery, make it in time find that in the encryption and decryption process encryption and decryption two ends lose synchronous state, and recover synchronously as early as possible.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
A kind of method of synchronous recovery, encryption and decryption two ends generate the key seed of using when recovering synchronously, and the key seed of using when this recovers synchronously is different with the key seed that current encryption and decryption is utilized; When trigger condition takes place; Encrypt end and decrypting end and extract its inner value that can characterize encrypted state and decrypted state that produces respectively; With the value of this extraction directly as the check the value of expression oneself state, perhaps the value of this extraction is carried out the computing of set algorithm after, the result that computing is obtained is as the check the value of representing oneself state; If the check the value that two ends generate is inconsistent, then encrypt the encryption and decryption processing that the key seed of using when end and decrypting end utilization recover is synchronously carried out follow-up data.
Trigger condition comprises: every transmission finishes a medium Frame of designated length in advance, perhaps, receives the synchronous restore instruction of user's input, perhaps, encrypts and holds Equipment Inspection unusual to the encryption process appearance of self.
Generate the key seed that this subsynchronous recovery is used respectively for recovery synchronously each time;
The step of the key seed of using when said generation recovers synchronously comprises: when generating the key seed that the first time, recovery was synchronously used; SKey carries out computing to the initial key seed, and the appointment figure place of getting operation result obtains the key seed used when recovering synchronously for the first time;
When generating the key seed that subsequent synchronisation recovers to use, the key seed that the last time recovers to use is synchronously carried out computing, the key seed of using when the appointment figure place of getting operation result obtains this subsynchronous recovery.
The said value that can characterize encrypted state and decrypted state is for encrypting the appointment figure place of the output valve of clock linear feedback shift register LFSR_CC in end and the decrypting end; Perhaps; Appointment figure place for clock linear feedback shift register LFSR_CC some transmission values of its internal register in running; Perhaps; Be to encrypt the appointment figure place of the output valve of sequence scrambling module in end and the decrypting end, perhaps, be combining of the appointment figure place of the appointment figure place of the value of clock linear feedback shift register LFSR_CC and sequence scrambling module output valve;
The generation module that said LFSR_CC and said sequence scrambling module are encryption and decryption two ends key seed.
Said set algorithm is a hash algorithm, or is and computing, perhaps is exclusive disjunction;
Wherein, When being exclusive disjunction; The said computing that this value is carried out set algorithm comprises: said median is carried out XOR with the appointment figure place of the output valve of encrypting clock linear feedback shift register LFSR_CC in end and the decrypting end and/or sequence scrambling module obtain a value, again this value is divided into N part, and this N part is done XOR; As check the value, wherein N is a natural number with last value that obtains.
Said method further comprises: it is every when decrypting end is transmitted the short data frame of a designated length to encrypt end, encrypts end and decrypting end and carries out a motor synchronizing, and this motor synchronizing comprises:
A, encryption end and decrypting end read the key seed that last designated length short data frame encryption and decryption is used respectively;
The key seed that the last designated length short data frame encryption and decryption that b, encryption end and decrypting end will read is respectively used is put into the encryption and decryption machine, carries out computing, obtains a new key seed;
The key seed that c, encryption end and decrypting end adopt new key seed to use as current designated length short data frame encryption and decryption.
Said method further comprises: it is every when decrypting end is transmitted the long data frame of a designated length to encrypt end, and encryption end and decrypting end are carried out once synchronous again, and this comprises synchronously again:
Encrypt between end and the decrypting end and carry out authentication, negotiate a key seed, as the key seed of subsequent data frame encryption and decryption use.
This method further comprises: encrypt end and decrypting end after carrying out synchronously again, this key seed that negotiates in synchronizing process is again carried out computing, the key seed of use when forcing operation result as subsynchronous recovery down.
A kind of system of synchronous recovery comprises: encrypt end, decrypting end, said encryption end and decrypting end generate the key seed of using when recovering synchronously, and the key seed of using when this recovers synchronously is different with the key seed that current encryption and decryption is utilized; When trigger condition takes place; Encrypt end and decrypting end and extract its inner value that can characterize encrypted state and decrypted state that produces respectively; With the direct check the value of the value of this extraction as the expression oneself state; After perhaps the value of this extraction being carried out the computing of set algorithm, the result that computing is obtained is as the check the value of expression oneself state, and the check the value that two ends generate is checked; If check the value is inconsistent, then encrypt the encryption and decryption processing that the key seed of using when end and decrypting end utilization recover is synchronously carried out follow-up data.
Said encryption end and decrypting end are carried out computing to initial key seed SKey, and the appointment figure place of getting operation result is as the key seed of recovering synchronously for the first time to use;
The key seed that said encryption end and decrypting end are recovered to use to the last time is synchronously carried out computing, and the appointment figure place of getting operation result is as the key seed of recovering synchronously afterwards for the first time to use.
Said encryption end is every when decrypting end is transmitted the short data frame of a designated length; Encrypt end and decrypting end and read the key seed of the short data frame encryption and decryption use of last designated length respectively; And it is carried out computing, the key seed that the new key seed that obtains is used as next designated length short data frame encryption and decryption;
And/or said encryption end is every to be encrypted between end and the decrypting end and carries out authentication when decrypting end is transmitted the long data frame of a designated length, negotiates a key seed, as the key seed of subsequent data frame encryption and decryption use.
This shows that the present invention carries out the inspection of state through after the certain Frame of transmission to the encryption and decryption two ends, can learn in time whether the two ends state is synchronous, and after step-out, in time generate new key seed, make it to recover synchronously.In preferred embodiment of the present invention, can transmit each short data frame and carry out motor synchronizing afterwards, in time guarantee the two ends state consistency, key seed can in time be changed simultaneously, has reduced the possibility of the system that cracks after being stolen, and has increased fail safe; After long data frame of every transmission, the periodic pressure can further be improved fail safe again synchronously; And the present invention has good compatibility, can in multiple quick stream cipher algorithm, use.
Description of drawings
Fig. 1 recovers flow chart during medium data frame transfer synchronously in the embodiment of the invention;
Motor synchronizing flow chart when Fig. 2 is the short-and-medium data frame transfer of the embodiment of the invention.
Embodiment
For make the object of the invention, technical scheme, and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is explained further details.
The present invention proposes a kind of synchronous restoration methods, the core concept of this method is, generates the key seed of using when recovering synchronously, and the key seed of using when this recovers synchronously is different with the key seed of current encryption and decryption utilization; When trigger condition takes place, encrypt the check the value that end and decrypting end generate the expression oneself state respectively, if the check the value that two ends generate is inconsistent, the key seed of using when then encryption end and decrypting end utilization recover is synchronously carried out the encryption and decryption of follow-up data and is handled.Like this, the encryption and decryption two ends can learn in time that two ends lose synchronous state, and recover synchronously as early as possible, thereby have solved because the key that noise etc. cause the encryption and decryption two ends to generate is inconsistent, cause the correctly problem of decryption content of decrypting end.
Correspondingly; The invention allows for a kind of system of synchronous recovery; This system comprises encrypts end and decrypting end, encrypts the key seed of using when end and decrypting end generate synchronous the recovery respectively, and the key seed of using when this recovers synchronously is different with the key seed that current encryption and decryption is utilized; When trigger condition takes place; Encrypt the check the value that end and decrypting end generate the expression oneself state respectively; And the check the value that two ends generate checked, if check the value is inconsistent, then encrypt the encryption and decryption processing that the key seed of using when end recovers with the decrypting end utilization is synchronously carried out follow-up data.In this system, the encryption and decryption two ends can learn in time that two ends lose synchronous state, and recover synchronously as early as possible, thereby have solved because the key that noise etc. cause the encryption and decryption two ends to generate is inconsistent, cause the correctly problem of decryption content of decrypting end.
Wherein, preferably, above-mentioned trigger condition takes place and can be exemplified as: every transmission finishes a medium Frame of designated length in advance; Perhaps; Receive the synchronous restore instruction of user input, perhaps, encrypt encryption process that end detects self and occur unusual or the like.
In addition; In order further to optimize technical scheme of the present invention; Handle thereby ciphering process is carried out safety assurance further, in the present invention, can further include the motor synchronizing process; This motor synchronizing process comprises: behind short data frame of every transmission, encrypt end and utilize the consistent key seed that self regenerates to come data are carried out encryption and decryption respectively with decrypting end.In addition, among the present invention, can further include synchronous process, this synchronous again process comprises again: behind long data frame of every transmission, encrypt end and decrypting end and carry out authentication again, and negotiate the key seed that both sides use again.
In the above description, the length of short data frame, medium Frame and long data frame can be specified according to actual business requirement and characteristics neatly.Such as, in digital TV field, the data line frame is appointed as a short data frame, frame data are appointed as a medium Frame, multiframe is appointed as a long data frame like three frames or four frame data.Certainly, this is that some are given an example, and at digital TV field or other field, can specify arbitrarily the length of short data frame, medium Frame and long data frame as required.
The process of the synchronous restoration methods that the present invention proposes can with above-mentioned motor synchronizing process and again any one process in the synchronizing process be used in combination, perhaps with the motor synchronizing process and again synchronizing process be used in combination simultaneously.
The present invention can be applied in any field of encryption, such as, the field that need encrypt normal stream, and perhaps need be to the field of quick stream encryption etc.Wherein, need can be exemplified as DTV, video sharing, field such as game on line in many ways to the field of quick stream encryption.
Be example with the quick stream encryption process in the digital TV field below, respectively to synchronous recovery process, motor synchronizing process and again in method and the system of the present invention of synchronizing process the function and the annexation of each equipment be elaborated.
At first; With process identical in the prior art be: after encrypting end equipment and decrypting end equipment initially is connected completion; Encrypted between end equipment and the decrypting end equipment through authenticate-acknowledge the other side's legitimacy; Afterwards, encrypt end equipment and generate consistent initial key seed SKey, use this key seed that the data of transmission are carried out encryption and decryption then and handle with decrypting end equipment.
Data transmitted a certain amount of after, whether the encryption and decryption two ends need check both sides' state, lose synchronously with the inspection two ends, if forfeiture is synchronous, need do handled, make the two ends recovering state synchronous.Concrete workflow is following:
Step 101: encrypt end and decrypting end and respectively SKey is carried out the Hash operation that secure hash calculates (SHA-1) in advance; And the key seed used when recovering synchronously of the appointment figure place of getting operation result; For ease of later description, the key seed of using when this is recovered synchronously is called A01.
In this step, the specific bit numerical example be as getting 128 of the operation result highest significant position perhaps, gets 128 of the minimum or middle significance bit of operation result etc.
In addition, in this step, what SKey was carried out is that secure hash calculates the Hash operation of (SHA-1), in the business realizing of reality, also can adopt other any feasible algorithms that SKey is carried out computing.
In addition; In this step, the key seed that the appointment figure place of getting operation result is used when recovering synchronously, in other embodiments of the invention; The key seed of also can be directly operation result being used when recovering synchronously; Perhaps adopt other transform methods, method such as displacement is for example come the key seed of using when being recovered synchronously through operation result.
Step 102: it is every after decrypting end transmission one-frame video data to encrypt end; Encrypt end and decrypting end and read the key seed that the former frame data encrypting and deciphering uses respectively; If promptly pass is N frame video data; Then encrypt end and decrypting end and read the key seed of N-1 frame video data respectively,, then encrypt end equipment and decrypting end equipment reads SKey if this row video data is first frame data.
Step 103: encrypt end and decrypting end and respectively the key seed of the former frame that reads is put into the encryption and decryption machine, carry out computing, obtain the new key seed that encryption and decryption data uses, for being different from key seed A 01, this key seed is expressed as K 01
Step 104: it is every after decrypting end transmission one-frame video data to encrypt end, and the encryption and decryption machine of encrypting in end and the decrypting end obtains a median respectively.
In this step, resulting median has been represented the self-operating state of encrypting end and the current encryption and decryption of decrypting end.
Step 105: encrypt end and decrypting end and extract median respectively, and it is carried out computing obtain a check the value.
Generally speaking, in the present invention, when generating check the value; Concrete principle is: encrypt end and decrypting end and extract its inner value that can characterize encrypted state and decrypted state that produces respectively; And should be worth as median, can this median directly be carried out the check the value of status checkout as two ends, but from security consideration; After also can carrying out the computing of set algorithm to this value, the result that computing is obtained is as said check the value.
Wherein, Preferably; The said value that can characterize encryption end state or decrypting end state; Being that median can be the appointment figure place of encrypting the value of clock linear feedback shift register (LFSR_CC) module in end and the decrypting end, for example can be the appointment figure place of the final output valve of this module, also can be the appointment figure place of this module some transmission values of its internal register in running; Said median can also be various ways such as appointment figure place corresponding of appointment figure place and sequence scrambling module output valve of value of encrypting appointment figure place or the clock linear feedback shift register (LFSR_CC) of the output valve of sequence scrambling module in end and the decrypting end combines.The value of why taking clock linear feedback shift register (LFSR_CC) and/or sequence scrambling module is as median; Be because this two module is exactly the generation module of encryption and decryption two ends key seed originally, so utilize the appointment figure place of its output valve can accurately reflect the running status at encryption and decryption two ends as median.
The above-mentioned calculating process that median is carried out set algorithm can be exemplified as: median self is carried out the computing of set algorithm; Perhaps, the appointment figure place of the output valve behind median and clock linear feedback shift register (LFSR_CC) and/or the sequence scrambling module operation some cycles is carried out the multiple compute modes such as computing of set algorithm.
Above-mentioned set algorithm can be any one feasible algorithm, such as being and computing, perhaps is exclusive disjunction, perhaps is Hash operation or the like.
Down in the face of the appointment figure place of the output valve of clock linear feedback shift register (LFSR_CC) as median, thereby and the appointment figure place of the output valve of this median and sequence scrambling module carried out the concrete implementation that XOR obtains check the value be elaborated.
In above-mentioned steps 104 and step 105, the output of clock linear feedback shift registers (LFSR_CC) is extracted at the encryption and decryption two ends, and the appointment figure place of getting its output valve is as median.
The computational process of check the value is: obtain after the median; Sequence scrambling module in the encryption and decryption end continues the operation some cycles; Synchronous recovery module is carried out XOR with the appointment figure place of resulting median and sequence scrambling module output valve at this moment and is obtained a value, again this value is divided into N part (N is a natural number) afterwards, again with the mutual XOR of this N part; Obtain last value, be called check the value.Wherein, the mutual XOR in this step can be to carry out XOR with the 1st part with the 2nd part; Its result carries out XOR with the 3rd part again, by that analogy, and up to N part; Also can be that N part is divided into groups, the XOR of each part at first organizing, the operation result with each group carries out XOR more then; Until drawing end product, can also there be other can realize the XOR method of purpose certainly.
Provide a kind of more concrete implementation procedure that obtains median and check the value below.
In the prior art, comprise clock linear feedback shift register (LFSR_CC) module and sequence scrambling module in encryption end and the decrypting end, in ciphering process, the generation of key seed, median and detected value is all accomplished by above-mentioned module.
Obtain new key seed K at the encryption and decryption two ends 01Afterwards, the LFSR_CC module continues 34 cycles of operation, 128 of extracting its output, and this value is called median.
Median is the numerical value that can represent encryption and decryption end running status, in view of security of system, need median is carried out conversion, but transformation results is not lost its representativeness; So after obtaining median, can do like down conversion it: the sequence scrambling module continues 6 cycles of operation, high 128 of its output valve are carried out XOR with median; Obtain one 128 value, then this value is divided into 8 parts, the line number of going forward side by side, 16 every part; Carry out XOR with the 1st part with the 2nd part, its result carries out XOR with the 3rd part again, by that analogy; Until to the 16th part, obtain one 16 value, be referred to as check the value.
Need to prove; The process of the generation check the value described in above-mentioned steps 104 to the step 105 is the cited a kind of preferable implementation procedure that generates check the value of present embodiment; In other embodiments of the invention, also can utilize additive method to generate the check the value that can reflect the encryption and decryption equipment running, such as; Directly with the appointment figure place of the median that obtains in the step 104 as check the value; Perhaps, with the appointment figure place of the median that obtains in the step 104 carry out computing such as Hash operation after, the result that computing is obtained is as check the value or the like.
Step 106: decrypting end sends to the encryption end with the check the value of its generation, encrypts end and judges whether the check the value that self obtains is identical with the check the value that receives, if check result is identical; Then execution in step 107; If check result is different, show that the two ends state is inconsistent, then execution in step 108.
In this step,, then show and encrypt end equipment and decrypting end equipment two ends state consistency if check result is identical; That is to say that the key seed of its use is consistent, therefore; Utilize that this key seed generates Frame is carried out the employed key of encryption and decryption is synchronous, need not to recover synchronously to handle, can proceed the data encrypting and deciphering process of same treatment in follow-up and the prior art; If check result is inequality, show that then encryption end equipment and decrypting end equipment two ends state are inconsistent, that is to say; The key seed of its use is inconsistent, therefore, utilize that this key seed generates Frame is carried out the employed key of encryption and decryption is nonsynchronous; Need recover synchronously to handle, promptly the key seed of new unanimity need be used in two ends, execution in step 108.
Step 107: encrypt end notice decrypting end two ends state consistency, and K is adopted at two ends 01Carry out encryption and decryption, finish current flow process.
Step 108: it is inconsistent to encrypt end notice decrypting end two ends state, encrypts end and decrypting end and adopts key seed A 01Carry out encryption and decryption.
In this step, encrypt end and decrypting end and adopt key seed A 01The process of carrying out encryption and decryption is meant utilizes key seed A 01The initial key seed that uses as first frame data in the follow-up data comes the data encrypting and deciphering process of execution in step 102 and principle shown in the step 103, promptly utilizes A 01Come follow-up first frame data are carried out encryption and decryption, utilize A then 01The result who carries out obtaining after the computing carries out encryption and decryption to follow-up second frame data, by that analogy.
After this, can be to A 01Carry out the Hash operation of SHA-1, and get the appointment figure place of operation result, for example can get 128 of its highest significant position etc., and it is referred to as A 02, as the key seed of the following employed encryption and decryption of subsynchronous recovery.
Need to prove, to step 108, be by decrypting end the check the value that self generates to be sent to encrypt end in above-mentioned steps 106, judge by encrypting end whether two check the values are identical, and whether notice decrypting end state is consistent.In other embodiments of the invention; Also can the check the value that self generates be sent to decrypting end by encrypting end; Judge by decrypting end whether two check the values are identical, and notify encryption end state whether consistent, thereby triggering is held by encryption and decrypting end use K when state consistency 01And when state is inconsistent, use A 01As key seed.
So far, realized in the video data ciphering process encryption and decryption two ends state-detection and recover synchronous process.
In the practical video data transmission procedure, be the further fail safe and the flexibility of raising system, at the encryption and decryption two ends during short-sighted audio data of every transmission, the encryption and decryption two ends can directly be carried out motor synchronizing and need not to do to detect and handle.
Motor synchronizing flow chart when Fig. 2 is the transmission of short data frame, as shown in the figure, concrete steps are following:
Step 201: it is every after decrypting end transmission delegation video data to encrypt end; Encryption end and decrypting end read the key seed of previous row respectively; If promptly pass is the capable video data of N; Then encrypt the key seed that end and decrypting end read the capable video data of N-1 respectively,, then encrypt end and decrypting end and read SKey if this row video data is first line data.
Step 202: encrypt end and decrypting end and respectively the previous row key seed that reads is put into the encryption and decryption machine, carry out computing, obtain a new key seed.
Step 203: the encryption seed of new key seed as the next line video data adopted at two ends.
Motor synchronizing when so far, having realized the short-and-medium data frame transfer of video data ciphering process.
Equally, after a longer video data had been transmitted at the encryption and decryption two ends, the encryption and decryption two ends also need not to carry out state-detection and directly to carry out the pressure at two ends synchronous again, to improve the fail safe of system.
It is following that synchronous concrete operations are carried out at the encryption and decryption two ends again:
It is every after decrypting end transmission multiframe is like three frame video datas to encrypt end, needs to carry out: encrypt end and decrypting end and carry out authentication, negotiate a key seed, as the key seed of subsequent data frame encryption and decryption.
Synchronous again when so far, having accomplished the transmission of long data frame in the video data ciphering process.
Accomplishing this again after the synchronizing process, from security consideration, the new key seed that is generated in the synchronizing process is again done the Hash operation of SHA-1, obtain another one key seed A 11, the function of this key seed is following: when M-1 subsynchronous recovery (M be greater than 1 natural number) has been carried out at the encryption and decryption two ends, and generated time subsynchronous recover the key seed A that will use 0M, at this moment,,,, also produced a key seed A along with the end of synchronizing process again so that the encryption and decryption two ends will be carried out once is synchronous again because encryption and decryption two ends data quantity transmitted has reached the long data frame of a designated length 11, so this key seed will be in the synchronous recovery process of next time mandatory replacement A 0MKey seed as synchronous recovery.
Can be drawn by above embodiment: the present invention carries out the inspection of state through after the certain Frame of transmission to the encryption and decryption two ends, can learn in time whether the two ends state is synchronous, and after step-out, in time generates new key seed, makes it to recover synchronously.In preferred embodiment of the present invention, can transmit each short data frame and carry out motor synchronizing afterwards, in time guarantee the two ends state consistency, key seed can in time be changed simultaneously, has reduced the possibility of the system that cracks after being stolen, and has increased fail safe; After field data frame of every transmission, the periodic pressure can further be improved fail safe again synchronously; And the present invention has good compatibility, can in multiple quick stream cipher algorithm, use.
In a word; The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, and is all within spirit of the present invention and principle; Any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1. method of recovering synchronously, it is characterized in that: generate the key seed of using when recovering synchronously, the key seed of using when this recovers synchronously is different with the key seed of current encryption and decryption utilization; When trigger condition takes place; Encrypt end and decrypting end and extract its inner value that can characterize encrypted state and decrypted state that produces respectively; With the value of this extraction directly as the check the value of expression oneself state, perhaps the value of this extraction is carried out the computing of set algorithm after, the result that computing is obtained is as the check the value of representing oneself state; If the check the value that two ends generate is inconsistent, then encrypt the encryption and decryption processing that the key seed of using when end and decrypting end utilization recover is synchronously carried out follow-up data.
2. the method for claim 1; It is characterized in that: trigger condition comprises: every transmission finishes a medium Frame of designated length in advance, perhaps, receives the synchronous restore instruction of user's input; Perhaps, encrypting the encryption process of holding Equipment Inspection to arrive self occurs unusual.
3. the method for claim 1 is characterized in that: generate the key seed that this subsynchronous recovery is used respectively for recovery synchronously each time;
The step of the key seed of using when said generation recovers synchronously comprises: when generating the key seed that the first time, recovery was synchronously used; SKey carries out computing to the initial key seed, the key seed that the appointment figure place of getting operation result is used when recovering synchronously for the first time;
When generating the key seed that subsequent synchronisation recovers to use, the key seed that the last time recovers to use is synchronously carried out computing, the key seed that the appointment figure place of getting operation result is used during as this subsynchronous recovery.
4. method as claimed in claim 3; It is characterized in that: the said value that can characterize encrypted state and decrypted state is: the appointment figure place of encrypting the output valve of clock linear feedback shift register LFSR_CC in end and the decrypting end; Perhaps; Be the appointment figure place of clock linear feedback shift register LFSR_CC transmission value of its internal register in running, perhaps, for encrypting the appointment figure place of the output valve of sequence scrambling module in end and the decrypting end; Perhaps, combining for the appointment figure place of the appointment figure place of the value of clock linear feedback shift register LFSR_CC and sequence scrambling module output valve;
The generation module that said LFSR_CC and said sequence scrambling module are encryption and decryption two ends key seed.
5. method as claimed in claim 4 is characterized in that: said set algorithm is a hash algorithm, or is and computing, perhaps is exclusive disjunction;
Wherein, When being exclusive disjunction; The said computing that this value is carried out set algorithm comprises: the value that will extract with encrypt in end and the decrypting end appointment figure place of the output valve of sequence scrambling module and carry out XOR and obtain a value, again this value is divided into N part, and this N part is done XOR; As check the value, wherein N is a natural number with last value that obtains.
6. like any described method in the claim 1 to 5, it is characterized in that: said method further comprises: it is every when decrypting end is transmitted the short data frame of a designated length to encrypt end, encrypts end and decrypting end and carries out a motor synchronizing, and this motor synchronizing comprises:
A, encryption end and decrypting end read the key seed that last designated length short data frame encryption and decryption is used respectively;
The key seed that the last designated length short data frame encryption and decryption that b, encryption end and decrypting end will read is respectively used is put into the encryption and decryption machine, carries out computing, obtains a new key seed;
The key seed that c, encryption end and decrypting end adopt new key seed to use as current designated length short data frame encryption and decryption.
7. like any described method in the claim 1 to 5, it is characterized in that: said method further comprises: it is every when decrypting end is transmitted the long data frame of a designated length to encrypt end, and encryption end and decrypting end are carried out once synchronous again, and this comprises synchronously again:
Encrypt between end and the decrypting end and carry out authentication, negotiate a key seed, as the key seed of subsequent data frame encryption and decryption use.
8. method as claimed in claim 7; It is characterized in that: this method further comprises: encrypt end and decrypting end carry out again synchronous after; This key seed that negotiates in synchronizing process is again carried out computing, the key seed of use when forcing operation result as subsynchronous recovery the down.
9. system of recovering synchronously; Said system comprises: encrypt end, decrypting end; It is characterized in that: the key seed of using when said encryption end and decrypting end generate synchronous the recovery respectively, the key seed of using when this recovers synchronously is different with the key seed that current encryption and decryption is utilized; When trigger condition takes place; Encrypt end and decrypting end and extract its inner value that can characterize encrypted state and decrypted state that produces respectively; With the direct check the value of the value of this extraction as the expression oneself state; After perhaps the value of this extraction being carried out the computing of set algorithm, the result that computing is obtained is as the check the value of expression oneself state, and the check the value that two ends generate is checked; If check the value is inconsistent, then encrypt the encryption and decryption processing that the key seed of using when end and decrypting end utilization recover is synchronously carried out follow-up data.
10. system as claimed in claim 9 is characterized in that:
Said encryption end and decrypting end are carried out computing to initial key seed SKey, and the appointment figure place of getting operation result is as the key seed of recovering synchronously for the first time to use;
The key seed that said encryption end and decrypting end are recovered to use to the last time is synchronously carried out computing, and the appointment figure place of getting operation result is as the key seed of recovering synchronously afterwards for the first time to use.
11. like any described system in the claim 9 to 10; It is characterized in that: said encryption end is every when decrypting end is transmitted the short data frame of a designated length; Encrypt end and decrypting end and read the key seed of the short data frame encryption and decryption use of last designated length respectively; And it is carried out computing, the key seed that the new key seed that obtains is used as next designated length short data frame encryption and decryption;
And/or said encryption end is every to be encrypted between end and the decrypting end and carries out authentication when decrypting end is transmitted the long data frame of a designated length, negotiates a key seed, as the key seed of subsequent data frame encryption and decryption use.
CN2008101716865A 2008-09-27 2008-10-23 Method and system for synchronization recovery Active CN101399627B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101716865A CN101399627B (en) 2008-09-27 2008-10-23 Method and system for synchronization recovery

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200810223214 2008-09-27
CN200810223214.X 2008-09-27
CN2008101716865A CN101399627B (en) 2008-09-27 2008-10-23 Method and system for synchronization recovery

Publications (2)

Publication Number Publication Date
CN101399627A CN101399627A (en) 2009-04-01
CN101399627B true CN101399627B (en) 2012-08-29

Family

ID=40517912

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101716865A Active CN101399627B (en) 2008-09-27 2008-10-23 Method and system for synchronization recovery

Country Status (1)

Country Link
CN (1) CN101399627B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107749782A (en) * 2012-01-27 2018-03-02 苹果公司 The method and apparatus that controlling symbols are intelligently scrambled

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063832A1 (en) * 2000-02-22 2001-08-30 Zyfer, Inc. System and method for secure cryptographic communications
CN1784899A (en) * 2003-05-13 2006-06-07 三星电子株式会社 Security method for broadcasting service in mobile communication system
CN1849774A (en) * 2003-09-12 2006-10-18 安全电子邮件哥德堡公司 Message security
CN1993920A (en) * 2003-07-08 2007-07-04 高通股份有限公司 Method and apparatus for security in a data processing system
CN101002420A (en) * 2003-12-19 2007-07-18 摩托罗拉公司(在特拉华州注册的公司) Mobile device and method for providing certificate based cryptography
CN101030849A (en) * 2006-03-01 2007-09-05 华为技术有限公司 Method and system for realizing packet key synchronization between multiple base stations
CN101213839A (en) * 2005-05-25 2008-07-02 真尼诗电子有限公司 Encryption/decryption of program data other than PSI data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063832A1 (en) * 2000-02-22 2001-08-30 Zyfer, Inc. System and method for secure cryptographic communications
CN1784899A (en) * 2003-05-13 2006-06-07 三星电子株式会社 Security method for broadcasting service in mobile communication system
CN1993920A (en) * 2003-07-08 2007-07-04 高通股份有限公司 Method and apparatus for security in a data processing system
CN1849774A (en) * 2003-09-12 2006-10-18 安全电子邮件哥德堡公司 Message security
CN101002420A (en) * 2003-12-19 2007-07-18 摩托罗拉公司(在特拉华州注册的公司) Mobile device and method for providing certificate based cryptography
CN101213839A (en) * 2005-05-25 2008-07-02 真尼诗电子有限公司 Encryption/decryption of program data other than PSI data
CN101030849A (en) * 2006-03-01 2007-09-05 华为技术有限公司 Method and system for realizing packet key synchronization between multiple base stations

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107749782A (en) * 2012-01-27 2018-03-02 苹果公司 The method and apparatus that controlling symbols are intelligently scrambled
CN107749782B (en) * 2012-01-27 2020-05-15 苹果公司 Method and apparatus for intelligent scrambling of control symbols

Also Published As

Publication number Publication date
CN101399627A (en) 2009-04-01

Similar Documents

Publication Publication Date Title
CA2337306C (en) Method and apparatus for symmetric-key encryption
CN104579646B (en) Method, device and circuit that the limited monotonic transformation of clobber book and encryption and decryption thereof are applied
CN108476132B (en) Method, apparatus and computer readable medium for key sequence generation for cryptographic operations
CN111385084A (en) Key management method and device for digital assets and computer readable storage medium
CN101401141A (en) Information processing system, information processing method, and information processing program
US20150016606A1 (en) Generating device, re-encrypting device, method, and computer program product
JP6575532B2 (en) Encryption device, decryption device, encryption processing system, encryption method, decryption method, encryption program, and decryption program
CN112084525B (en) Distributed key encryption method and device, electronic equipment and storage medium
CN105871549A (en) Digital signal encryption processing method
CN111010266B (en) Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
JP5652363B2 (en) Cryptographic processing apparatus, cryptographic processing method, and program
CN113890731A (en) Key management method, key management device, electronic equipment and storage medium
CN114826587A (en) Data encryption method, data decryption method, data encryption device, data decryption device and data decryption equipment
CN116186742A (en) Method, device and equipment for encrypting and storing arrow-mounted data
CN101399627B (en) Method and system for synchronization recovery
US7773753B2 (en) Efficient remotely-keyed symmetric cryptography for digital rights management
EP3996321A1 (en) Method for processing encrypted data
CN103853340A (en) Touch keyword using national cipher SM1 encryption chip and encryption method thereof
KR20180065183A (en) Embedded module for secure CCTV camera image encryption
CN103532706B (en) Data encryption/decryption method, device and mobile terminal
CN117375836A (en) Encryption and decryption method and system for long text segment based on RSA encryption algorithm
CN112149166B (en) Unconventional password protection method and intelligent bank machine
CN115225272A (en) Big data disaster recovery system, method and equipment based on domestic commercial cryptographic algorithm
CN114499825A (en) Double-control key management method, system, encryption machine and storage medium
JP2003032244A (en) Stream cipher apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant