CN114363888A

CN114363888A - Data transmission method, device, storage medium and electronic equipment

Info

Publication number: CN114363888A
Application number: CN202111646936.8A
Authority: CN
Inventors: 潘蓝兰; 邱若男; 杨明慧
Original assignee: Hangzhou Douku Software Technology Co Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2021-12-29
Filing date: 2021-12-29
Publication date: 2022-04-15
Anticipated expiration: 2041-12-29
Also published as: CN114363888B

Abstract

The embodiments of the present application disclose a data transmission method, device, storage medium, and electronic device, wherein the method includes: obtaining environment information where it is located, transmitting the environment information to a second device, and obtaining a symmetric key for the second device and referring to the initial parameters, generating an initialization vector based on the environment information and the reference initial parameters, encrypting the first data based on the symmetric key and the initialization vector to obtain second data, and sending the second data to the second device. By adopting the embodiments of the present application, the security of data transmission can be improved.

Description

Data transmission method, device, storage medium and electronic device

技术领域technical field

本申请涉及计算机技术领域，尤其涉及一种数据传输方法、装置、存储介质及电子设备。The present application relates to the field of computer technology, and in particular, to a data transmission method, apparatus, storage medium, and electronic device.

背景技术Background technique

随着通信技术的快速发展，通信系统不再局限于传统的音频、视频等流媒体服务，而是向着多样化的数据服务方向发展。随着多样化的数据服务发展，对数据传输过程进行加密传输，并对数据实现接收解密以及避免传输过程中设备被追踪等安全性需求也显得越来越重要。With the rapid development of communication technology, communication systems are no longer limited to traditional audio, video and other streaming media services, but are developing towards diversified data services. With the development of diversified data services, it is becoming more and more important to encrypt and transmit the data transmission process, realize the receiving and decryption of the data, and prevent the device from being tracked during the transmission process.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供了一种数据传输方法、装置、存储介质及电子设备，所述技术方案如下：Embodiments of the present application provide a data transmission method, device, storage medium, and electronic device, and the technical solutions are as follows:

第一方面，本申请实施例提供了一种数据传输方法，所述方法包括：In a first aspect, an embodiment of the present application provides a data transmission method, the method comprising:

获取所处的环境信息，将所述环境信息传输至第二设备；obtaining the environment information where it is located, and transmitting the environment information to the second device;

获取针对所述第二设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；acquiring a symmetric key for the second device and a reference initial parameter, and generating an initialization vector based on the environment information and the reference initial parameter;

基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备，所述第二数据用于指示所述第二设备基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密。Encrypt the first data based on the symmetric key and the initialization vector to obtain second data, and send the second data to the second device, where the second data is used to instruct the second device based on the The second data is decrypted by referring to the initial parameter, the symmetric key and the environment information.

第二方面，本申请实施例提供了一种数据传输方法，所述方法包括：In a second aspect, an embodiment of the present application provides a data transmission method, the method comprising:

获取第一设备传输的环境信息，接收所述第一设备发送的第二数据；所述第二数据基于初始化向量和对称密钥对第一数据加密生成；Obtain the environment information transmitted by the first device, and receive the second data sent by the first device; the second data is encrypted and generated based on the initialization vector and the symmetric key for the first data;

获取针对所述第一设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；acquiring a symmetric key for the first device and a reference initial parameter, and generating an initialization vector based on the environment information and the reference initial parameter;

基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据。Decrypt the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

第三方面，本申请实施例提供了一种数据传输装置，所述装置包括：In a third aspect, an embodiment of the present application provides a data transmission device, the device comprising:

传输模块，用于获取当前的环境信息，将所述环境信息传输至第二设备；a transmission module, configured to acquire current environmental information and transmit the environmental information to the second device;

向量生成模块，用于获取针对所述第二设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；a vector generation module, configured to obtain a symmetric key for the second device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter;

数据加密模块，用于基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备，所述第二数据用于指示所述第二设备基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密。A data encryption module, configured to encrypt the first data based on the symmetric key and the initialization vector to obtain second data, and send the second data to the second device, where the second data is used to indicate the The second device decrypts the second data based on the reference initial parameter, the symmetric key, and the environment information.

第四方面，本申请实施例提供了一种数据传输装置，所述装置包括：In a fourth aspect, an embodiment of the present application provides a data transmission device, the device comprising:

信息获取模块，用于获取第一设备传输的环境信息，接收所述第一设备发送的第二数据；an information acquisition module, configured to acquire the environmental information transmitted by the first device, and receive the second data sent by the first device;

向量生成模块，用于获取针对所述第一设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；a vector generation module, configured to obtain a symmetric key for the first device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter;

数据解密模块，用于基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据。A data decryption module, configured to decrypt the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

第五方面，本申请实施例提供一种计算机存储介质，所述计算机存储介质存储有多条指令，所述指令适于由处理器加载并执行上述的方法步骤。In a fifth aspect, an embodiment of the present application provides a computer storage medium, where the computer storage medium stores a plurality of instructions, and the instructions are suitable for being loaded by a processor and executing the above method steps.

第六方面，本申请实施例提供一种电子设备，可包括：处理器和存储器；其中，所述存储器存储有计算机程序，所述计算机程序适于由所述处理器加载并执行上述的方法步骤。In a sixth aspect, an embodiment of the present application provides an electronic device, which may include: a processor and a memory; wherein, the memory stores a computer program, and the computer program is adapted to be loaded by the processor and execute the above method steps .

本申请一些实施例提供的技术方案带来的有益效果至少包括：The beneficial effects brought by the technical solutions provided by some embodiments of the present application include at least:

在本申请一个或多个实施例中，第一设备可以通过获取所处的环境信息并将环境信息传输至第二设备，然后获取针对第二设备的对称密钥以及参考初始参数，基于环境信息和参考初始参数来生成初始化向量，以便采用对称密钥以及初始化向量对第一数据加密得到第二数据，最后将第二数据发送至第二设备；整个数据传输过程避免采用递增序列而是基于环境信息来生成初始化向量，同时不直接向数据接收方传输初始化向量，降低了数据传输时的设备追踪概率，提高了数据传输的安全性。In one or more embodiments of the present application, the first device may obtain the environment information where it is located and transmit the environment information to the second device, and then obtain the symmetric key for the second device and refer to the initial parameters, based on the environment information and refer to the initial parameters to generate an initialization vector, so as to use the symmetric key and the initialization vector to encrypt the first data to obtain the second data, and finally send the second data to the second device; the entire data transmission process avoids using an incremental sequence and is based on the environment information to generate an initialization vector, and at the same time, the initialization vector is not directly transmitted to the data receiver, which reduces the device tracking probability during data transmission and improves the security of data transmission.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required for the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

图1是本申请实施例提供的一种数据传输方法的流程示意图；1 is a schematic flowchart of a data transmission method provided by an embodiment of the present application;

图2是本申请实施例提供的一种数据传输方法的流程示意图；2 is a schematic flowchart of a data transmission method provided by an embodiment of the present application;

图3是本申请实施例提供的一种数据协商传输过程的示意图；3 is a schematic diagram of a data negotiation and transmission process provided by an embodiment of the present application;

图4是本申请实施例提供的一种派生处理的场景示意图；4 is a schematic diagram of a scenario of a derivation process provided by an embodiment of the present application;

图5是本申请实施例提供的一种派生处理的场景示意图；5 is a schematic diagram of a scenario of a derivation process provided by an embodiment of the present application;

图6是本申请实施例涉及的一种数据加密的场景示意图；6 is a schematic diagram of a data encryption scenario involved in an embodiment of the present application;

图7是本申请实施例提供的一种数据传输方法的流程示意图；7 is a schematic flowchart of a data transmission method provided by an embodiment of the present application;

图8是本申请实施例提供的一种数据传输方法的流程示意图；8 is a schematic flowchart of a data transmission method provided by an embodiment of the present application;

图9是本申请实施例提供的一种数据传输系统的场景示意图；9 is a schematic diagram of a scenario of a data transmission system provided by an embodiment of the present application;

图10是本申请实施例提供的一种数据传输装置的结构示意图；10 is a schematic structural diagram of a data transmission apparatus provided by an embodiment of the present application;

图11是本申请实施例提供的一种向量生成模块的结构示意图；11 is a schematic structural diagram of a vector generation module provided by an embodiment of the present application;

图12是本申请实施例提供的一种数据传输装置的结构示意图；12 is a schematic structural diagram of a data transmission apparatus provided by an embodiment of the present application;

图13是本申请实施例提供的一种电子设备的结构示意图；13 is a schematic structural diagram of an electronic device provided by an embodiment of the present application;

图14是本申请实施例提供的操作系统和用户空间的结构示意图；14 is a schematic structural diagram of an operating system and a user space provided by an embodiment of the present application;

图15是图14中安卓操作系统的架构图；Figure 15 is an architecture diagram of the Android operating system in Figure 14;

图16是图14中IOS操作系统的架构图；Fig. 16 is the architecture diagram of the IOS operating system in Fig. 14;

图17是本申请实施例提供的一种电子设备的结构示意图。FIG. 17 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.

在本申请的描述中，需要理解的是，术语“第一”、“第二”等仅用于描述目的，而不能理解为指示或暗示相对重要性。在本申请的描述中，需要说明的是，除非另有明确的规定和限定，“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元，而是可选地还包括没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或设备固有的其他步骤或单元。对于本领域的普通技术人员而言，可以具体情况理解上述术语在本申请中的具体含义。此外，在本申请的描述中，除非另有说明，“多个”是指两个或两个以上。“和/或”，描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。In the description of the present application, it should be understood that the terms "first", "second" and the like are used for descriptive purposes only, and should not be construed as indicating or implying relative importance. In the description of the present application, it should be noted that, unless otherwise expressly specified and defined, "including" and "having" and any modifications thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices. For those of ordinary skill in the art, the specific meanings of the above terms in this application can be understood in specific situations. Also, in the description of the present application, unless otherwise specified, "a plurality" means two or more. "And/or", which describes the association relationship of the associated objects, means that there can be three kinds of relationships, for example, A and/or B, which can mean that A exists alone, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects are an "or" relationship.

下面结合具体的实施例对本申请进行详细说明。The present application will be described in detail below with reference to specific embodiments.

在一个实施例中，如图1所示，特提出了一种数据传输方法，该方法可依赖于计算机程序实现，可运行于基于冯诺依曼体系的数据传输装置上。该计算机程序可集成在应用中，也可作为独立的工具类应用运行。所述数据传输装置可以为电子设备，包括但不限于：个人电脑、平板电脑、手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备等。在不同的网络中终端设备可以叫做不同的名称，例如：用户设备、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置、蜂窝电话、无绳电话、5G网络或未来演进网络中的电子设备等。In one embodiment, as shown in FIG. 1 , a data transmission method is proposed, which can be implemented by relying on a computer program and can be run on a data transmission device based on the von Neumann system. The computer program can be integrated into an application or run as a stand-alone utility application. The data transmission device may be an electronic device, including but not limited to: a personal computer, a tablet computer, a handheld device, an in-vehicle device, a wearable device, a computing device, or other processing device connected to a wireless modem. Terminal equipment may be called by different names in different networks, for example: user equipment, access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication Equipment, user agent or user equipment, cellular phone, cordless phone, electronic equipment in 5G network or future evolution network, etc.

具体的，该数据传输方法包括：Specifically, the data transmission method includes:

S101：获取所处的环境信息，将所述环境信息传输至第二设备；S101: Acquire the environmental information where it is located, and transmit the environmental information to a second device;

所述所处的环境信息可以理解为第一设备在当前环境下的：所处环境的海拔参数、所处环境的温度参数、所处环境的湿度参数、所处环境的天气参数、所处环境的时间参数、所处环境的磁力参数等等。The information about the environment where it is located can be understood as the information about the first device in the current environment: the altitude parameter of the environment where it is located, the temperature parameter of the environment where it is located, the humidity parameter of the environment where it is located, the weather parameter of the environment where it is located, the environment where it is located time parameters, magnetic parameters of the environment, etc.

可以理解的，在至少两个设备处于近端通信场景时，通常数据传输会涉及到相应数据(业务数据)的加密传输过程，加密传输过程会涉及到初始化向量的传输，初始化向量和对称密钥将用于对相应数据进行数据加密；进一步的，数据接收方(如第二设备)进行数据解码时也需要初始化向量，而在一些近端通信场景中，常以随机递增序列作为初始化向量，然后数据发送方在发送加密数据之前会首先将初始化向量明文传输至数据接收方，以便于后续数据接收方进行数据解密。It is understandable that when at least two devices are in a near-end communication scenario, data transmission usually involves the encrypted transmission process of corresponding data (service data), and the encrypted transmission process involves the transmission of initialization vectors, initialization vectors and symmetric keys. It will be used to encrypt the corresponding data; further, the data receiver (such as the second device) also needs an initialization vector when decoding the data. In some near-end communication scenarios, a random incrementing sequence is often used as the initialization vector, and then Before sending encrypted data, the data sender will first transmit the plaintext of the initialization vector to the data receiver, so that the subsequent data receiver can decrypt the data.

可以理解的，在诸如无线蓝牙通信、无线近场通信(NFC)、ZigBee通信等除移动数据网络之外的近端通信场景中，通常参与近端通信的至少两个设备所处于同一环境中，可理解为参与数据传输的数据接收端以及数据发送端处于同一环境中，在数据传输加密时为了避免被位于同一环境的至少一个第三设备(如监听设备)所追踪，采用本申请所涉及的数据传输方法参与数据传输的至少两个设备不传输初始化向量；具体实施中，初始化向量通常由一端采用显示传输的方式发送至另一端，而初始化向量在传输过程中容易被位于同一环境的至少一个第三设备所获取到，这样第三设备可基于初始化向量的数据随机特性追踪到参与数据传输的设备，(如常用的：在计数器模式下常以随机递增序列作为初始化向量进行明文传输，通常每次明文传输的初始化向量常对外呈现数据递增特性，而在同一环境中每个数据发送设备的初始化向量通常是不一样，针对某一数据发送设备持续以数据递增的方式进行明文传输，这种持续数据递增特性将使得该“某一数据发送设备”极易被处于同一环境的其他设备追踪到相关设备(如数据发送端)，进而对其数据传输涉及的加密数据进行破解)。It can be understood that in near-end communication scenarios other than mobile data networks, such as wireless Bluetooth communication, wireless near field communication (NFC), ZigBee communication, etc., usually at least two devices participating in near-end communication are in the same environment, It can be understood that the data receiving end and the data transmitting end participating in the data transmission are in the same environment. In order to avoid being tracked by at least one third device (such as a monitoring device) located in the same environment during data transmission encryption, the method involved in this application is adopted. Data transmission method At least two devices participating in data transmission do not transmit initialization vectors; in specific implementation, initialization vectors are usually sent from one end to the other end by means of display transmission, and initialization vectors are easily transmitted by at least one device located in the same environment during the transmission process. obtained by the third device, so that the third device can track the devices involved in data transmission based on the random data characteristics of the initialization vector, (such as commonly used: in the counter mode, the random increment sequence is often used as the initialization vector for plaintext transmission, usually every The initialization vector of the second plaintext transmission often exhibits the characteristic of data increment, and the initialization vector of each data sending device in the same environment is usually different. The data increment feature will make it very easy for the "a certain data sending device" to be traced by other devices in the same environment to related devices (such as the data sending end), and then the encrypted data involved in its data transmission can be cracked).

在本申请中，与第一设备同处于同一环境的第三设备易于获取到采用显示传输方式直接传输的初始化向量，为了避免设备追踪情况，在数据传输场景中的第一设备可不采用上述方式传输初始化向量；本申请涉及的数据传输方法，第一设备通过获取当前所处环境的环境信息，将环境信息传输至第二设备，以便于第二设备获取到环境信息之后在后续加密数据传输场景中可对相应加密数据进行解密；另外，由于对与同一环境中的每个设备(如第一设备、第二设备、第三设备)通常获取到的环境信息高度相似，例如“所处环境的海拔参数、所处环境的温度参数、所处环境的湿度参数、所处环境的天气参数、所处环境的时间参数、所处环境的磁力参数等”中的至少一种对于处于同一环境的每个设备而言这些环境信息均是一样的(例如时间参数一样、温湿度参数一样等)，基于此，即使任一数据发送设备(如第一设备)在数据传输之前向数据接收设备(第二设备)所发送的环境信息被同一环境中的其他设备(如第三设备)所获取，第三设备也无法实现对第一设备或第二设备的追踪。可理解为，由于同处于同一环境的设备所获取到的环境信息彼此之间都是一样的，这样采用明文传输等显示传输方式传输环境信息，由于环境信息彼此之间都是一样的可以对其他设备起到一种追踪迷惑的效果，使得其他设备在所有设备的环境信息彼此之间都一样的情况下无法实现对当前数据传输设备(如第一设备、第二设备)的设备追踪。另外，在相关技术中，尤其在计数器模式下，计数器的初始值通常被预给定为初始化向量(后续基于递增序列递增产生的值作为初始化向量)。通常在划分和同步密码功能性的场景，由于通常将初始化向量显式传输至数据接收端，为了避免数据攻击等泄露情形，会避免多次传递相同的初始化向量或选择初始化向量，基于此在显式传输初始化向量时每次初始化向量会不同，常以前述递增序列的形式产生初始化向量，在本申请不向第二设备直接传输初始化向量而是传输环境信息，在实际应用阶段可以不必保证每次环境信息都不同，即使每次基于环境信息生成的初始化向量均相同但由于参考初始参数对外不可见，第三设备即使获取到环境信息也无法得到初始化向量，从而大幅节省了数据传输的处理量，提升了数据传输的便捷性以及鲁棒性，优化了数据传输流程。In this application, the third device in the same environment as the first device can easily obtain the initialization vector directly transmitted by the display transmission method. In order to avoid device tracking, the first device in the data transmission scenario may not use the above-mentioned transmission method. Initialization vector; in the data transmission method involved in this application, the first device transmits the environmental information to the second device by acquiring the environmental information of the current environment, so that the second device obtains the environmental information in subsequent encrypted data transmission scenarios The corresponding encrypted data can be decrypted; in addition, since the environmental information usually obtained by each device (such as the first device, the second device, and the third device) in the same environment is highly similar, for example, “the altitude of the At least one of parameters, temperature parameters of the environment, humidity parameters of the environment, weather parameters of the environment, time parameters of the environment, magnetic parameters of the environment, etc. As far as the device is concerned, the environmental information is the same (for example, the time parameters are the same, the temperature and humidity parameters are the same, etc.). Based on this, even if any data sending device (such as the first device) sends the data to the data receiving device (the second device) before data transmission The environment information sent by ) is acquired by other devices (such as a third device) in the same environment, and the third device cannot track the first device or the second device. It can be understood that since the environmental information obtained by the devices in the same environment is the same as each other, the environmental information is transmitted by display transmission methods such as plaintext transmission. The device has a tracking and confusing effect, so that other devices cannot track the current data transmission device (eg, the first device and the second device) when the environmental information of all devices is the same. In addition, in the related art, especially in the counter mode, the initial value of the counter is usually predetermined as an initialization vector (the value generated by subsequent incrementing based on the increment sequence is used as the initialization vector). Usually in the scenario of partitioning and synchronizing password functionality, since the initialization vector is usually explicitly transmitted to the data receiving end, in order to avoid leakage situations such as data attacks, it is avoided to transmit the same initialization vector multiple times or select the initialization vector. The initialization vector will be different each time when the initialization vector is transmitted in the same way, and the initialization vector is often generated in the form of the aforementioned incremental sequence. In this application, the initialization vector is not directly transmitted to the second device, but the environment information is transmitted. In the actual application stage, it is not necessary to ensure that each time The environmental information is different. Even if the initialization vector generated based on the environmental information is the same each time, the reference initial parameters are not visible to the outside world. The convenience and robustness of data transmission are improved, and the data transmission process is optimized.

可以理解的，在本申请中：可以不直接以环境信息作为初始化向量，而是基于环境信息和参考初始参数来生成初始化向量，参考初始参数对外不可见，第二设备可以采用明文传输等显示传输方式传输环境信息进行数据传输前的协商，以提高数据传输的安全性，降低设备追踪的概率。It can be understood that in this application: the environment information may not be used as the initialization vector directly, but the initialization vector may be generated based on the environment information and reference initial parameters, the reference initial parameters are not visible to the outside world, and the second device may use plaintext transmission and other display transmission. The way to transmit environmental information and negotiate before data transmission to improve the security of data transmission and reduce the probability of device tracking.

S102：获取针对所述第二设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量。S102: Acquire a symmetric key for the second device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter.

所述对称密钥可以理解为参与数据传输的至少两个设备(如第一设备、第二设备)基于密钥派生算法(KDF)生成的派生对称密钥(K)，密钥派生算法(KDF)可以SHA-256算法、SM3算法、高级加密标准(Advanced Encryption Standard，AES)、SM4算法、三重数据加密标准(TripleData Encryption Standard，TDES)、HKDF算法等等。The symmetric key can be understood as the derived symmetric key (K) generated by at least two devices (such as the first device and the second device) participating in the data transmission based on the key derivation algorithm (KDF), and the key derivation algorithm (KDF) ) can be SHA-256 algorithm, SM3 algorithm, Advanced Encryption Standard (AES), SM4 algorithm, Triple Data Encryption Standard (TDES), HKDF algorithm and so on.

可以理解的，在数据传输之前，第一设备可以与第二设备进行密钥协商：采用密钥派生算法(KDF)派生出对称密钥，该对称密钥可视作会话密钥用于加密通信各端之间的会话数据(如业务数据)。在一些实施方式中，可以基于密钥派生算法对应的密钥派生函数至少从一个共享密钥串和参与通信各端的共享信息中派生出对称密钥K。It can be understood that before data transmission, the first device can perform key negotiation with the second device: a symmetric key is derived by using a key derivation algorithm (KDF), and the symmetric key can be regarded as a session key for encrypted communication. Session data (such as business data) between each end. In some embodiments, the symmetric key K may be derived from at least one shared key string and shared information of each end participating in the communication based on a key derivation function corresponding to the key derivation algorithm.

所述参考初始参数用于与环境信息生成初始化向量，参考初始参数不对外进行传输；在一些实施方式中，第一设备与第二设备可以基于前述对称密钥协商过程中的协商数据来计算参考初始参数(abcant)。例如可基于通信各端的共享信息和共享密钥串来计算参考初始参数。The reference initial parameter is used to generate an initialization vector with environmental information, and the reference initial parameter is not transmitted externally; in some embodiments, the first device and the second device may calculate the reference based on the negotiation data in the aforementioned symmetric key negotiation process. Initial parameter (abcant). For example, the reference initial parameter can be calculated based on the shared information and the shared key string of the communication terminals.

在一个或多个实施例中，也可以由服务器进行派生，第一设备与第二设备可将各自的共享信息发送至服务器，服务器随之确定共享密钥串以及基于参与通信各端的共享信息来派生出对称密钥K。In one or more embodiments, it can also be derived by the server. The first device and the second device can send their respective shared information to the server. Derive the symmetric key K.

在一个或多个实施例中，第一设备获取参考初始参数之后，可以是采用目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。In one or more embodiments, after acquiring the reference initial parameters, the first device may use an objective function to perform functional processing on the environment information and the reference initial parameters to obtain a functionally processed initialization vector.

可选的，所述目标函数方式可以是自定义的函数处理规则，也可以是相关技术中所涉及的函数处理规则以及加密处理规则等等，例如目标函数方式可以是异或函数、同或函数、哈希函数等等对应的函数处理方式，具体可以基于实际应用情况确定，此处不做具体限定。Optionally, the objective function method can be a self-defined function processing rule, or a function processing rule and an encryption processing rule involved in the related art. For example, the objective function method can be an XOR function, an XOR function. The function processing methods corresponding to the , hash function, etc., can be specifically determined based on the actual application, and are not specifically limited here.

在一个或多个实施例中，第一设备可以采用异或函数方式对所述环境信息以及所述参考初始参数进行异或处理，也就是将环境信息(如时间参数)以及参考初始参数(abcant)作为异或处理的输入，得到异或处理后的初始化向量(abc)；In one or more embodiments, the first device may perform XOR processing on the environment information and the reference initial parameter by using an XOR function, that is, the environment information (such as a time parameter) and the reference initial parameter (abcant ) as the input of XOR processing to obtain the initialization vector (abc) after XOR processing;

在一个或多个实施例中，第一设备可以采用哈希函数方式对所述环境信息以及所述参考初始参数进行哈希处理，也就是将环境信息(如时间参数)以及参考初始参数(abcant)作为哈希处理的输入，得到哈希处理后的初始化向量(abc)。In one or more embodiments, the first device may use a hash function to perform hash processing on the environment information and the reference initial parameter, that is, the environment information (such as a time parameter) and the reference initial parameter (abcant ) as the input of hashing, and get the initialization vector (abc) after hashing.

S103：基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备，所述第二数据用于指示所述第二设备基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密。S103: Encrypt the first data based on the symmetric key and the initialization vector to obtain second data, and send the second data to the second device, where the second data is used to instruct the second device The second data is decrypted based on the reference initial parameter, the symmetric key, and the context information.

所述第一数据可以理解为第一设备待加密发送至第二设备的目标数据，例如目标数据可以是业务数据(如业务数据atext)。The first data may be understood as target data to be encrypted and sent by the first device to the second device, for example, the target data may be service data (such as service data atext).

可以理解的，第一设备基于派生生成的对称密钥和初始化向量对第一数据进行加密来得到第二数据；第二数据可以理解为经对称加密之后生成的待传输数据；然后第一设备将加密之后的第二数据通过与第二设备之间的通信连接发送至第二设备。It can be understood that the first device encrypts the first data based on the derived symmetric key and the initialization vector to obtain the second data; the second data can be understood as the data to be transmitted generated after the symmetric encryption; then the first device will The encrypted second data is sent to the second device through the communication connection with the second device.

例如，第一设备与第二设备之间可以通过蓝牙网络建立蓝牙通信连接，第一设备可以基于蓝牙通信连接将第二数据发送至第二设备。For example, a Bluetooth communication connection may be established between the first device and the second device through a Bluetooth network, and the first device may send the second data to the second device based on the Bluetooth communication connection.

可以理解的，第一设备可以直接采用对称加密方式基于对称密钥和初始化向量对源数据(如第一数据)进行对称加密，以生成第二数据；进一步的，对称加密方式是指加密信息发送方以及接收方采用同一个对称密钥的基础上以基于环境信息生成的初始化向量进行加/解密。It can be understood that the first device can directly use the symmetric encryption method to perform symmetric encryption on the source data (such as the first data) based on the symmetric key and the initialization vector to generate the second data; further, the symmetric encryption method refers to the transmission of encrypted information. The receiver and the receiver use the same symmetric key to encrypt/decrypt with the initialization vector generated based on the environment information.

可选的，基于对称加密方式的算法可以是DES加密算法、TripleDES加密算法、RC2/RC4/RC5加密算法、Blowfish加密算法等等。Optionally, the algorithm based on the symmetric encryption method may be the DES encryption algorithm, the TripleDES encryption algorithm, the RC2/RC4/RC5 encryption algorithm, the Blowfish encryption algorithm, and so on.

在一个或多个实施例中，第一设备与第二设备基于对称加密的方式实现业务数据的安全传输；第二设备接收到第二数据之后，第二设备可以基于所述参考初始参数、所述对称密钥以及第一设备传输的所述环境信息对第二数据进行解密，得到解密之后的第三数据，其中，第二设备数据解密得到的第三数据通常与第一数据的数据相同。In one or more embodiments, the first device and the second device implement secure transmission of service data based on symmetric encryption; after the second device receives the second data, the second device may The second data is decrypted using the symmetric key and the environment information transmitted by the first device to obtain decrypted third data, wherein the third data obtained by decrypting the second device data is usually the same as the first data.

可以理解的，对于本领域普通技术人员来讲“应用于第一设备的数据传输方法所涉及的实施例”与“应用于第二设备的数据传输方法所涉及的实施例”通常为相互独立的实施例；在“应用于第一设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语与在“应用于第二设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语为具有独立含义的概念，通常在数据传输过程中，在“应用于第一设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语与“应用于第一设备的数据传输方法所涉及的实施例”中对应涉及的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等(同名)术语的术语数据值相同。例如，在第一设备将环境信息“aaaa...”传输给第二设备，那么第二设备也会接收到一个环境信息“aaaa...”，这时候第一设备和第二设备虽然都存储了一个相同的环境信息，这两个环境信息的值是相同的，但是却是分别独立存储于第一设备和第二设备的两个数据。It can be understood that, for those of ordinary skill in the art, "embodiments related to the data transmission method applied to the first device" and "embodiments related to the data transmission method applied to the second device" are usually independent of each other. Embodiments; terms such as environment information, symmetric key, reference initial parameter, initialization vector, key context information, vector context information, etc. Terms such as environment information, symmetric key, reference initial parameter, initialization vector, key context information, vector context information, etc. shown in "Embodiment Relevant to Data Transmission Method Applied to Second Device" have independent meanings The concept of , usually in the process of data transmission, such as environment information, symmetric key, reference initial parameter, initialization vector, key context information shown in "Embodiments involved in the data transmission method applied to the first device" , vector context information and other terms related to "embodiments related to the data transmission method applied to the first device" such as environment information, symmetric key, reference initial parameters, initialization vector, key context information, vector context information Identical (same-named) terms have the same term data value. For example, when the first device transmits the environmental information "aaaa..." to the second device, the second device will also receive the environmental information "aaaa...". The same environment information is stored, and the values of the two environment information are the same, but they are two pieces of data independently stored in the first device and the second device.

在本申请实施例中，第一设备可以通过获取所处的环境信息并将环境信息传输至第二设备，然后获取针对第二设备的对称密钥以及参考初始参数，基于环境信息和参考初始参数来生成初始化向量，以便采用对称密钥以及初始化向量对第一数据加密得到第二数据，最后将第二数据发送至第二设备；整个数据传输过程避免采用递增序列而是基于环境信息来生成初始化向量，同时不直接向数据接收方传输初始化向量，降低了数据传输时的设备追踪概率，提高了数据传输的安全性。In this embodiment of the present application, the first device may obtain the environment information where it is located and transmit the environment information to the second device, and then obtain the symmetric key for the second device and the reference initial parameter, based on the environment information and the reference initial parameter to generate an initialization vector, so as to encrypt the first data with the symmetric key and the initialization vector to obtain the second data, and finally send the second data to the second device; the entire data transmission process avoids using an incremental sequence and generates initialization based on environmental information At the same time, the initialization vector is not directly transmitted to the data receiver, which reduces the device tracking probability during data transmission and improves the security of data transmission.

请参见图2，图2是本申请提出的一种数据传输方法的另一种实施例的流程示意图。具体的：Please refer to FIG. 2 , which is a schematic flowchart of another embodiment of a data transmission method proposed in the present application. specific:

S201：从至少一个参考信息类型中确定环境信息类型，获取所述环境信息类型指示的环境信息，将所述环境信息传输至第二设备。S201: Determine an environmental information type from at least one reference information type, acquire environmental information indicated by the environmental information type, and transmit the environmental information to a second device.

所述参考信息类型可以是海拔参数类型、温度参数类型、湿度参数类型、天气参数类型、磁力参数类型、时间参数类型等等。The reference information type may be an altitude parameter type, a temperature parameter type, a humidity parameter type, a weather parameter type, a magnetic parameter type, a time parameter type, and the like.

在一个或多个实施例中，由于同一环境中的第一设备以及第二设备通常各自获取到的环境信息相同，且参考信息类型的种类可以是多种，为了提升数据传输的安全性，在至少一轮数据传输过程中，第一设备可以从至少一个参考信息类型中选取一种环境信息类型，来获取环境信息类型指示的环境信息；可以理解的，在数据传输涉及多轮会话场景时，第一设备可以在至少一轮会话场景对应的数据传输过程中采用不同的参考信息类型，以在各轮会话场景中至少采用部分不同类型的环境信息来生成初始化向量，以提高数据传输的安全性。可理解为，在至少一轮会话场景中，第一设备从至少一个参考信息类型中确定当前会话的环境信息类型，然后第一设备调用特定功能或特定部件获取环境信息类型对应的环境信息。例如第一设备调用时间获取功能获取当前的时间参数、第一设备调用磁力传感器获取当前所处环境的磁力参数。In one or more embodiments, since the first device and the second device in the same environment usually obtain the same environment information, and the types of reference information can be various, in order to improve the security of data transmission, in the During at least one round of data transmission, the first device may select an environmental information type from at least one reference information type to obtain the environmental information indicated by the environmental information type; it is understandable that when the data transmission involves multiple rounds of conversation scenarios, The first device may use different reference information types in the data transmission process corresponding to at least one round of session scenarios, so as to use at least some different types of environment information in each round of session scenarios to generate initialization vectors, so as to improve the security of data transmission . It can be understood that in at least one round of conversation scenarios, the first device determines the environmental information type of the current session from at least one reference information type, and then the first device invokes a specific function or specific component to obtain environmental information corresponding to the environmental information type. For example, the first device invokes the time acquisition function to acquire the current time parameter, and the first device invokes the magnetic sensor to acquire the magnetic parameter of the current environment.

可以理解的，第一设备获取到所述环境信息类型指示的环境信息之后，可以基于与第二设备之间的通信连接将环境信息传输至第二设备。进一步，对于第二设备而言第二设备不需要获取当前环境中的参考环境信息。It can be understood that, after acquiring the environmental information indicated by the environmental information type, the first device can transmit the environmental information to the second device based on the communication connection with the second device. Further, for the second device, the second device does not need to acquire the reference environment information in the current environment.

在一个或多个实施例中，由于同一环境中的第一设备以及第二设备通常各自获取到的环境信息相同，基于此，第一设备可向第二设备传输环境信息类型，以指示第二设备获取环境信息类型指示的环境信息；通过发送本轮数据传输对应的环境信息类型相对于直接发送环境信息而言，可以提升数据传输的智能性，第一设备可以有选择性的选择对应数据类型进行发送，同时可以节省数据传输第一数据(如业务数据)前的数据协商开销。In one or more embodiments, since the first device and the second device in the same environment usually obtain the same environment information, based on this, the first device can transmit the environment information type to the second device to indicate the second device. The device obtains the environmental information indicated by the environmental information type; by sending the environmental information type corresponding to the current round of data transmission, the intelligence of the data transmission can be improved compared to directly sending the environmental information, and the first device can selectively select the corresponding data type At the same time, the data negotiation overhead before the first data (such as service data) is transmitted can be saved.

可以理解，第一设备可以先获取当前的环境信息，将所述环境信息对应的环境信息类型传输至所述第二设备，环境信息类型用于指示第二设备获取所述信息类型对应的参考环境信息，参考环境信息与环境信息通常相同。It can be understood that the first device can first obtain the current environment information, and transmit the environment information type corresponding to the environment information to the second device, and the environment information type is used to instruct the second device to obtain the reference environment corresponding to the information type. information, the reference environment information is usually the same as the environment information.

在一些实施方式中，通常第一设备与第二设备直接通信时间快，第一设备与第二设备同处于同一环境(如同属于近端通信场景)，第一设备获取的环境信息和第二设备获取的参考环境信息之间的信息差异通常较小，可以通过设置信息参数精度来获取相应信息参数精度指示的环境信息从而抵消信息差异，以使得参考环境信息与环境信息相同；以环境信息为所处环境的时间为例，考虑到两端直接通信时间短，可取信息参数精度为精度秒，则获取的时间参数以秒为单位。In some implementations, usually the direct communication time between the first device and the second device is fast, the first device and the second device are in the same environment (as if they belong to a near-end communication scenario), the environment information obtained by the first device and the second device The information difference between the obtained reference environmental information is usually small, and the environmental information indicated by the corresponding information parameter precision can be obtained by setting the information parameter precision to offset the information difference, so that the reference environmental information is the same as the environmental information; Taking the time of the environment as an example, considering that the direct communication time between the two ends is short, the precision of the information parameter is preferably the precision second, and the obtained time parameter is in seconds.

可选的，第一设备从至少一个参考信息类型中确定环境信息类型可以是采用随机获取方式，也可以是自定义的选取规则来获取的，具体基于实际应用环境确定，此处不进行限定。Optionally, the first device determines the environmental information type from the at least one reference information type by using a random acquisition method or a self-defined selection rule, which is specifically determined based on the actual application environment and is not limited here.

S202：获取针对所述第二设备的共享密钥串以及第二共享信息，所述第二共享信息为所述第二设备向所述第一设备传输的共享信息；S202: Obtain a shared key string for the second device and second shared information, where the second shared information is shared information transmitted by the second device to the first device;

可以理解的，在数据传输前第一设备与第二设备涉及到加密协商过程；如图3所示，图3是本申请涉及的一种数据协商传输过程的示意图，在图3中，第一设备与第二设备基于密钥协商算法协商共享密钥串(如：密钥串Z)，密钥协商算法可以基于实际环境进行设置，例如可以基于Diffie-Hellman算法、RSA算法、SM2算法等。以密钥协商算法为Diffie-Hellman算法为例，第一设备与第二设备可以采用Diffie-Hellman算法在通讯双方不存在任何预先信息的条件下通过不安全信道创建一个密钥，也即共享密钥串，It can be understood that before data transmission, the first device and the second device are involved in an encryption negotiation process; as shown in FIG. 3 , FIG. 3 is a schematic diagram of a data negotiation transmission process involved in the present application. The device and the second device negotiate a shared key string (eg, key string Z) based on a key agreement algorithm. The key agreement algorithm can be set based on the actual environment, such as Diffie-Hellman algorithm, RSA algorithm, and SM2 algorithm. Taking the key agreement algorithm as the Diffie-Hellman algorithm as an example, the first device and the second device can use the Diffie-Hellman algorithm to create a key through an insecure channel without any prior information between the two communicating parties, that is, a shared key. keychain,

可以理解的，第一设备与第二设备在加密协商过程中，第一设备会向第二设备发送第一共享信息(xif-A)；同理，第二设备也会向第一设备发送第二共享信息(xif-B)。It can be understood that during the encryption negotiation process between the first device and the second device, the first device will send the first shared information (xif-A) to the second device; similarly, the second device will also send the first device to the first device. Two Shared Information (xif-B).

第一共享信息(xif-A)可以是第一设备生成的随机数，也可以是第一设备对应的业务关联信息等。The first shared information (xif-A) may be a random number generated by the first device, or may be service association information corresponding to the first device, or the like.

第二共享信息(xif-B)可以是第二设备生成的随机数，也可以是第二设备对应的业务关联信息等。The second shared information (xif-B) may be a random number generated by the second device, or may be service association information corresponding to the second device, or the like.

需要说明的，第一共享信息以及第二共享信息可以通常在加密协商过程中，由发送端采用诸如明文传输等显示传输方式发送至对端。第一共享信息以及第二共享信息的具体信息内容基于实际环境确定，此处不做限定。It should be noted that the first shared information and the second shared information may be sent to the opposite end by the sending end using a display transmission method such as plaintext transmission, usually during the encryption negotiation process. The specific information contents of the first shared information and the second shared information are determined based on the actual environment, and are not limited here.

S203：基于密钥上下文信息、所述共享密钥串、第一共享信息以及第二共享信息进行第一派生处理，生成对称密钥，所述第一共享信息为所述第一设备向第二设备传输的共享信息；S203: Perform a first derivation process based on the key context information, the shared key string, the first shared information, and the second shared information to generate a symmetric key, where the first shared information is the first device to the second shared information transmitted by the device;

所述密钥上下文信息可以理解为针对对称密钥的标识信息，可以基于实际应用场景进行自定义设置，用于标识对称密钥即可，例如可以是用于标识对称密钥的名称、含义、用途、规格、长度等标识性参数类型中的一种或多种，具体不做限定。The key context information can be understood as the identification information for the symmetric key, which can be customized based on the actual application scenario, and can be used to identify the symmetric key. For example, it can be used to identify the name, meaning, One or more of the types of identifying parameters such as usage, specification, length, etc., which are not specifically limited.

可以理解的，在一些实施场景中，密钥上下文信息在数据传输之前已经确定，在一些实施方式中：通常由通信双方预先进行协商确定。在一些实施方式中，基于第一设备与第二设备的目标功能服务初始化时所确定的用于标识对称密钥的上下文信息，例如：第一设备在使用该目标功能服务之前在服务初始化过程中所设置的。在一些实施方式中，第一设备与第二设备也可以采用相关技术中的协商算法协商出的密钥上下文信息，等等。It can be understood that, in some implementation scenarios, the key context information has been determined before data transmission, and in some implementations: it is usually determined by negotiation between the two parties in advance. In some embodiments, based on the context information for identifying the symmetric key determined when the target function service of the first device and the second device is initialized, for example, the first device is in the service initialization process before using the target function service set. In some embodiments, the first device and the second device may also use the key context information negotiated by the negotiation algorithm in the related art, and so on.

可以理解的，第一设备基于密钥上下文信息、所述共享密钥串、第一共享信息以及第二共享信息进行第一派生处理，来生成对称密钥；示意性的，如图4所示，图4是本申请涉及的一种派生处理的场景示意图，第一设备可以通过密钥派生算法基于密钥上下文信息、所述共享密钥串、第一共享信息以及第二共享信息作为算法输入，来派生对称密钥，对称密钥的生成过程可表示为：It can be understood that the first device performs a first derivation process based on the key context information, the shared key string, the first shared information and the second shared information to generate a symmetric key; schematically, as shown in FIG. 4 , FIG. 4 is a schematic diagram of a scenario of a derivation process involved in the present application. The first device can use the key derivation algorithm based on the key context information, the shared key string, the first shared information and the second shared information as an algorithm input , to derive the symmetric key, the generation process of the symmetric key can be expressed as:

K＝KDF1(Z,xif_A,xif_B,“wy”)K=KDF1(Z, xif_A, xif_B, "wy")

其中，K为对称密钥、Z为共享密钥串、KDF1()为第一派生处理、xif_A为第一共享信息、xif_B为第二共享信息、“wy”为密钥上下文信息。Among them, K is the symmetric key, Z is the shared key string, KDF1( ) is the first derivation process, xif_A is the first shared information, xif_B is the second shared information, and "wy" is the key context information.

S204：基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息进行第二派生处理，生成参考初始参数。S204: Perform a second derivation process based on the vector context information, the shared key string, the first shared information, and the second shared information to generate a reference initial parameter.

所述向量上下文信息(“abc”)可以理解为针对参考初始参数(abcant)的标识信息，可以基于实际应用场景进行自定义设置，用于标识参考初始参数(abcant)即可，例如可以是用于标识参考初始参数(abcant)的名称、含义、用途、规格、长度等标识性参数类型中的一种或多种，具体不做限定。The vector context information ("abc") can be understood as identification information for the reference initial parameter (abcant), which can be customized based on the actual application scenario and used to identify the reference initial parameter (abcant). It is used to identify one or more types of identifying parameters such as the name, meaning, purpose, specification, length, etc. of the reference initial parameter (abcant), which is not specifically limited.

其中，所述密钥上下文信息与所述向量上下文信息不同，也就是说密钥上下文信息与向量上下文信息两者之间不一样。The key context information is different from the vector context information, that is, the key context information and the vector context information are different.

可以理解的，在一些实施场景中，向量上下文信息在数据传输之前已经确定，在一些实施方式中：通常由通信双方预先进行协商确定。在一些实施方式中，基于第一设备与第二设备的目标功能服务初始化时所确定的用于标识参考初始参数(abcant)的上下文信息，例如：第一设备在使用该目标功能服务之前在服务初始化过程中所设置的。在一些实施方式中，第一设备与第二设备也可以采用相关技术中的协商算法协商出的向量上下文信息，等等。It can be understood that, in some implementation scenarios, the vector context information has been determined before data transmission. In some implementations, it is usually determined by negotiation between the two parties in the communication in advance. In some embodiments, based on the context information for identifying the reference initial parameter (abcant) determined when the target function service of the first device and the second device is initialized, for example, the first device is in the service before using the target function service. set during initialization. In some embodiments, the first device and the second device may also use vector context information negotiated by a negotiation algorithm in the related art, and so on.

可以理解的，第一设备基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息进行第一派生处理，来生成参考初始参数；示意性的，如图5所示，图5是本申请涉及的一种派生处理的场景示意图，第一设备可以通过密钥派生算法基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息作为算法输入，来派生参考初始参数，参考初始参数的生成过程可表示为：It can be understood that the first device performs a first derivation process based on the vector context information, the shared key string, the first shared information and the second shared information to generate the reference initial parameter; schematically, as shown in FIG. 5 . 5 is a schematic diagram of a scenario of a derivation process involved in this application. The first device can use a key derivation algorithm based on vector context information, the shared key string, the first shared information, and the second shared information as The algorithm input is used to derive the reference initial parameters. The generation process of the reference initial parameters can be expressed as:

abcant＝KDF2(Z,xif_A,xif_B,“abc”)abcant=KDF2(Z, xif_A, xif_B, "abc")

其中，abcant为参考初始参数、Z为共享密钥串、KDF2()为第二派生处理、xif_A为第一共享信息、xif_B为第二共享信息、“abc”为向量上下文信息。Among them, abcant is the reference initial parameter, Z is the shared key string, KDF2() is the second derivation process, xif_A is the first shared information, xif_B is the second shared information, and "abc" is the vector context information.

在一个或多个实施例中，第一设备与第二设备可以进行信息协商处理，生成密钥上下文信息以及向量上下文信息；如：第一设备与第二设备共同为标识对称密钥设置密钥上下文信息，又如：第一设备与第二设备共同为标识参考初始参数设置向量上下文信息。In one or more embodiments, the first device and the second device may perform information negotiation processing to generate key context information and vector context information; for example, the first device and the second device jointly set a key for identifying a symmetric key The context information, for another example: the first device and the second device jointly set the vector context information for the identification reference initial parameter.

可以理解的，完成信息协商处理之后，第一设备与第二设备各自保存密钥上下文信息以及向量上下文信息；所述密钥上下文信息与所述向量上下文信息不一样。It can be understood that after the information negotiation process is completed, the first device and the second device save key context information and vector context information respectively; the key context information is different from the vector context information.

S205：基于所述至少一个参考信息类型与参考函数的函数映射关系，确定所述环境信息类型对应的目标函数；S205: Determine the target function corresponding to the environmental information type based on the function mapping relationship between the at least one reference information type and the reference function;

所述函数映射关系用于表征各参考信息类型与其相对应的参考函数的映射，在一些实施例中，所述函数映射关系可以是以函数映射集合、函数映射表、函数映射数组等形式进行表征。The function mapping relationship is used to represent the mapping of each reference information type and its corresponding reference function. In some embodiments, the function mapping relationship may be represented in the form of a function mapping set, a function mapping table, a function mapping array, etc. .

所述参考函数可以是异或函数、同或函数、哈希函数等等对应的函数处理方式，具体可以基于实际应用情况确定，此处不做具体限定。The reference function may be a function processing manner corresponding to an exclusive-OR function, an exclusive-OR function, a hash function, etc., which may be specifically determined based on an actual application situation, which is not specifically limited here.

可以理解的，在本申请中，考虑环境信息可以对应多种参考信息类型，为了提升数据传输的安全性，可以将参考信息类型与后续生成初始化向量所采用的参考函数相关联，可以理解为，获取不同的参考信息类型的环境信息，则在生成初始化向量时可以采用不同的参考函数，以提升数据传输的安全性，降低设备追踪的可能，同时保障数据传输的安全性。It can be understood that, in this application, considering that environmental information can correspond to a variety of reference information types, in order to improve the security of data transmission, the reference information type can be associated with the reference function used for subsequent generation of the initialization vector, which can be understood as: To obtain environmental information of different reference information types, different reference functions can be used when generating initialization vectors to improve the security of data transmission, reduce the possibility of device tracking, and ensure the security of data transmission.

可以理解的，通过预先设置至少一个参考信息类型与参考函数的函数映射关系，则在获取到环境信息类型对应的环境信息之后，可以基于环境信息类型在函数映射关系中确定环境信息类型对应的目标函数，这样可以基于目标函数来确定初始化向量。It can be understood that by presetting the function mapping relationship between at least one reference information type and the reference function, after obtaining the environmental information corresponding to the environmental information type, the target corresponding to the environmental information type can be determined in the function mapping relationship based on the environmental information type. function, so that the initialization vector can be determined based on the objective function.

在一个或多个实施例中，第一设备可以是基于默认的目标函数(Func函数)，对所述环境信息以及所述参考初始参数进行函数处理，来生成初始化向量。例如，目标函数可以是异或函数，则对环境信息和参考初始参数进行异或计算，得到初始化向量。In one or more embodiments, the first device may perform functional processing on the environment information and the reference initial parameters based on a default objective function (Func function) to generate an initialization vector. For example, the objective function may be an XOR function, then the XOR calculation is performed on the environmental information and the reference initial parameters to obtain the initialization vector.

S206：采用所述目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。S206: Use the objective function to perform functional processing on the environmental information and the reference initial parameter to obtain an initialization vector after the functional processing.

在一种具体的实施场景中，以环境信息为时间参数类型的时间序列参数为例。在至少一轮数据传输过程中，第一设备与第二设备在开启目标模式(如CTR、GCM等计算器模式)，第一设备以参考初始参数结合每一轮所获取的时间序列t进行目标函数计算，获得初始化向量abc。以对称密钥K结合初始化向量abc，对称加密(Encrypt)第一数据(如业务数据atext)，以得到第二数据(如密文ctext)，具体如下：In a specific implementation scenario, take the environment information as an example of a time series parameter of a time parameter type. During at least one round of data transmission, the first device and the second device are in the target mode (such as CTR, GCM and other calculator modes), and the first device uses the reference initial parameters in combination with the time series t obtained in each round to target Function calculation to obtain initialization vector abc. Combine the initialization vector abc with the symmetric key K to symmetrically encrypt (Encrypt) the first data (such as business data atext) to obtain the second data (such as the ciphertext ctext), as follows:

第1轮数据传输：1st round of data transfer:

abc_1＝Func(abcant,t_1)abc_1=Func(abcant,t_1)

其中，abc_1为第1轮数据传输所计算得到的初始化向量，abcant为参考初始参数，t_1为第1轮数据传输时获取的时间参数；Func()为目标函数。Among them, abc_1 is the initialization vector calculated by the first round of data transmission, abcant is the reference initial parameter, t_1 is the time parameter obtained during the first round of data transmission; Func() is the objective function.

ctext_1＝Encrypt(K,abc_1,atext_1)ctext_1=Encrypt(K,abc_1,atext_1)

其中，ctext_1为第1轮数据传输过程中加密之后的第二数据、atext_1为第1轮数据传输过程中的第一数据(可理解为源数据)、K为对称密钥；Wherein, ctext_1 is the second data encrypted in the first round of data transmission, atext_1 is the first data (can be understood as source data) in the first round of data transmission, and K is the symmetric key;

第2轮数据传输：2nd round of data transfer:

abc_2＝Func(abcant,t_2)abc_2=Func(abcant,t_2)

其中，abc_2为第2轮数据传输所计算得到的初始化向量，abcant为参考初始参数，t_2为第2轮数据传输时获取的时间参数；Func()为目标函数；Among them, abc_2 is the initialization vector calculated by the second round of data transmission, abcant is the reference initial parameter, t_2 is the time parameter obtained during the second round of data transmission; Func() is the objective function;

ctext_2＝Encrypt(K,abc_2,atext_2)ctext_2=Encrypt(K,abc_2,atext_2)

其中，ctext_2为第2轮数据传输过程中加密之后的第二数据、atext_2为第2轮数据传输过程中的第一数据(可理解为源数据)、K为对称密钥；Wherein, ctext_2 is the second data encrypted in the second round of data transmission, atext_2 is the first data (can be understood as source data) in the second round of data transmission, and K is the symmetric key;

............

第i轮数据传输：The i-th round of data transmission:

abc_i＝Func(abcant,t_i)abc_i=Func(abcant,t_i)

其中，abc_i为第i轮数据传输所计算得到的初始化向量，abcant为参考初始参数，t_i为第i轮数据传输时获取的时间参数；Func()为目标函数Among them, abc_i is the initialization vector calculated by the i-th round of data transmission, abcant is the reference initial parameter, t_i is the time parameter obtained during the i-th round of data transmission; Func() is the objective function

ctext_i＝Encrypt(K,abc_i,atext_i)ctext_i=Encrypt(K,abc_i,atext_i)

其中，ctext_i为第i轮数据传输过程中加密之后的第二数据、atext_i为第i轮数据传输过程中的第一数据(可理解为源数据)、K为对称密钥；Wherein, ctext_i is the second data encrypted in the i-th round of data transmission process, atext_i is the first data (can be understood as source data) in the i-th round of data transmission process, and K is the symmetric key;

S207：基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备。S207: Encrypt the first data based on the symmetric key and the initialization vector to obtain second data, and send the second data to the second device.

可以理解的，如图6所示，图6是本申请实施例涉及的一种数据加密的场景示意图，在生成初始化向量之后，可以基于对称密钥k和初始化向量abc对第一数据进行加密，以生成加密之后的第二数据。It can be understood that, as shown in FIG. 6, FIG. 6 is a schematic diagram of a data encryption scenario involved in an embodiment of the present application. After the initialization vector is generated, the first data can be encrypted based on the symmetric key k and the initialization vector abc, to generate the encrypted second data.

可以理解的，对于本领域普通技术人员来讲“应用于第一设备的数据传输方法所涉及的实施例”与“应用于第二设备的数据传输方法所涉及的实施例”通常为相互独立的实施例；在“应用于第一设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语与在“应用于第二设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语为具有独立含义的概念，通常在数据传输过程中，在“应用于第一设备的数据传输方法所涉及的实施例”中示出的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等术语与“应用于第一设备的数据传输方法所涉及的实施例”中对应涉及的诸如环境信息、对称密钥、参考初始参数、初始化向量、密钥上下文信息、向量上下文信息等(同名)术语的术语数据值相同。It can be understood that, for those of ordinary skill in the art, "embodiments related to the data transmission method applied to the first device" and "embodiments related to the data transmission method applied to the second device" are usually independent of each other. Embodiments; terms such as environment information, symmetric key, reference initial parameter, initialization vector, key context information, vector context information, etc. Terms such as environment information, symmetric key, reference initial parameter, initialization vector, key context information, vector context information, etc. shown in "Embodiment Relevant to Data Transmission Method Applied to Second Device" have independent meanings The concept of , usually in the process of data transmission, such as environment information, symmetric key, reference initial parameter, initialization vector, key context information shown in "Embodiments involved in the data transmission method applied to the first device" , vector context information and other terms related to "embodiments related to the data transmission method applied to the first device" such as environment information, symmetric key, reference initial parameters, initialization vector, key context information, vector context information Identical (same-named) terms have the same term data value.

在本申请实施例中，第一设备可以通过获取所处的环境信息并将环境信息传输至第二设备，然后获取针对第二设备的对称密钥以及参考初始参数，基于环境信息和参考初始参数来生成初始化向量，以便采用对称密钥以及初始化向量对第一数据加密得到第二数据，最后将第二数据发送至第二设备；整个数据传输过程避免采用递增序列而是基于环境信息来生成初始化向量，同时不直接向数据接收方传输初始化向量，降低了数据传输时的设备追踪概率，提高了数据传输的安全性；以及，可以在至少一轮会话场景从多种参考信息类型中选择不同的环境信息类型以获取环境信息，可以提高数据传输的安全性；以及可以仅发送环境信息类型至第二设备以指示第二设备来获取相应的环境信息，提升了数据传输的便捷性节省了数据传输的开销量。In this embodiment of the present application, the first device may obtain the environment information where it is located and transmit the environment information to the second device, and then obtain the symmetric key for the second device and the reference initial parameter, based on the environment information and the reference initial parameter to generate an initialization vector, so as to encrypt the first data with the symmetric key and the initialization vector to obtain the second data, and finally send the second data to the second device; the entire data transmission process avoids using an incremental sequence and generates initialization based on environmental information At the same time, the initialization vector is not directly transmitted to the data receiver, which reduces the probability of device tracking during data transmission and improves the security of data transmission; and, different types of reference information can be selected in at least one round of session scenarios. The environmental information type can be used to obtain environmental information, which can improve the security of data transmission; and only the environmental information type can be sent to the second device to instruct the second device to obtain the corresponding environmental information, which improves the convenience of data transmission and saves data transmission. of sales.

在一个实施例中，如图7所示，特提出了一种数据传输方法，该方法可依赖于计算机程序实现，可运行于基于冯诺依曼体系的数据传输装置上。该计算机程序可集成在应用中，也可作为独立的工具类应用运行。所述数据传输装置可以为电子设备，包括但不限于：个人电脑、平板电脑、手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备等。在不同的网络中终端设备可以叫做不同的名称，例如：用户设备、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置、蜂窝电话、无绳电话、5G网络或未来演进网络中的电子设备等。In one embodiment, as shown in FIG. 7 , a data transmission method is proposed, which can be implemented by relying on a computer program, and can be run on a data transmission device based on the von Neumann system. The computer program can be integrated into an application or run as a stand-alone utility application. The data transmission device may be an electronic device, including but not limited to: a personal computer, a tablet computer, a handheld device, an in-vehicle device, a wearable device, a computing device, or other processing device connected to a wireless modem. Terminal equipment may be called by different names in different networks, for example: user equipment, access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication Equipment, user agent or user equipment, cellular phone, cordless phone, electronic equipment in 5G network or future evolution network, etc.

S301：获取第一设备传输的环境信息，接收所述第一设备发送的第二数据；所述第二数据基于初始化向量和对称密钥对第一数据加密生成；S301: Acquire environmental information transmitted by a first device, and receive second data sent by the first device; the second data is generated by encrypting the first data based on an initialization vector and a symmetric key;

在一个或多个实施例中，所述环境信息为第一设备获取的所处的环境信息，环境信息可理解为在当前环境下的：所处环境的海拔参数、所处环境的温度参数、所处环境的湿度参数、所处环境的天气参数、所处环境的时间参数、所处环境的磁力参数等等。In one or more embodiments, the environment information is the environment information obtained by the first device, and the environment information can be understood as: in the current environment: the altitude parameter of the environment, the temperature parameter of the environment, Humidity parameters of the environment, weather parameters of the environment, time parameters of the environment, magnetic parameters of the environment, and so on.

在一个或多个实施例中，第一设备通过获取所处的环境信息，将环境信息发送至第二设备；第二设备可以基于与第一设备之间的通信连接接收到第一设备所发送的环境信息。可以理解的，环境信息用于第二设备对第二数据进行解密。In one or more embodiments, the first device sends the environment information to the second device by acquiring the environment information where it is located; the second device may receive the information sent by the first device based on the communication connection with the first device environmental information. It can be understood that the environment information is used by the second device to decrypt the second data.

在一个或多个实施例中，第一设备通过获取针对所述第二设备的对称密钥以及参考初始参数，第一设备基于所述环境信息和所述参考初始参数生成初始化向量，然后第一设备基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备；此时，第二设备可以基于与第一设备之间的通信连接接收到第一设备发送的第二数据。In one or more embodiments, the first device generates an initialization vector based on the environment information and the reference initial parameters by acquiring the symmetric key for the second device and the reference initial parameters, and then the first device generates an initialization vector based on the environment information and the reference initial parameters. The device encrypts the first data based on the symmetric key and the initialization vector to obtain second data, and sends the second data to the second device; at this time, the second device may The communication connection receives the second data sent by the first device.

S302：获取针对所述第一设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；S302: Obtain a symmetric key for the first device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter;

可以理解的，在数据传输之前，第二设备可以与第一设备进行密钥协商：采用密钥派生算法(KDF)派生出对称密钥，该对称密钥可视作会话密钥用于加密通信各端之间的会话数据(如业务数据)。在一些实施方式中，可以基于密钥派生算法对应的密钥派生函数至少从一个共享密钥串和参与通信各端的共享信息中派生出对称密钥K。密钥派生算法(KDF)可以SHA-256算法、SM3算法、高级加密标准(Advanced Encryption Standard，AES)、SM4算法、三重数据加密标准(TripleData Encryption Standard，TDES)、HKDF算法等等。It can be understood that, before data transmission, the second device can perform key negotiation with the first device: a symmetric key is derived by using a key derivation algorithm (KDF), and the symmetric key can be regarded as a session key for encrypted communication. Session data (such as business data) between each end. In some embodiments, the symmetric key K may be derived from at least one shared key string and shared information of each end participating in the communication based on a key derivation function corresponding to the key derivation algorithm. The key derivation algorithm (KDF) can be SHA-256 algorithm, SM3 algorithm, Advanced Encryption Standard (AES), SM4 algorithm, Triple Data Encryption Standard (TDES), HKDF algorithm and so on.

所述参考初始参数用于与环境信息生成初始化向量，以便于第二设备基于初始化向量进行后续的数据解密，对于通信双方而言：参考初始参数不对外进行传输，第一设备和第二设备各自进行计算得到参考初始参数；在一些实施方式中，第一设备与第二设备可以基于前述对称密钥协商过程中的协商数据来计算参考初始参数(abcant)。例如可基于通信各端的共享信息和共享密钥串来计算参考初始参数。The reference initial parameter is used to generate an initialization vector with the environment information, so that the second device can perform subsequent data decryption based on the initialization vector. Perform calculation to obtain the reference initial parameter; in some embodiments, the first device and the second device may calculate the reference initial parameter (abcant) based on the negotiation data in the foregoing symmetric key negotiation process. For example, the reference initial parameter can be calculated based on the shared information and the shared key string of the communication terminals.

在一个或多个实施例中，第二设备获取参考初始参数之后，可以是采用目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。In one or more embodiments, after acquiring the reference initial parameters, the second device may use an objective function to perform functional processing on the environment information and the reference initial parameters to obtain a functionally processed initialization vector.

在一个或多个实施例中，第二设备可以采用哈希函数方式对所述环境信息以及所述参考初始参数进行哈希处理，也就是将环境信息(如时间参数)以及参考初始参数(abcant)作为哈希处理的输入，得到哈希处理后的初始化向量(abc)。In one or more embodiments, the second device may use a hash function to perform hash processing on the environment information and the reference initial parameter, that is, the environment information (such as a time parameter) and the reference initial parameter (abcant ) as the input of hashing, and get the initialization vector (abc) after hashing.

S303：基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据。S303: Decrypt the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

可以理解的，对第二数据进行解密可以理解为“对第一数据进行加密”的逆过程。It can be understood that decrypting the second data can be understood as a reverse process of "encrypting the first data".

可以理解的，第一设备基于派生生成的对称密钥和初始化向量对第一数据进行加密来得到第二数据；第二数据可以理解为经对称加密之后生成的待传输数据；然后第一设备将加密之后的第二数据通过与第二设备之间的通信连接发送至第二设备。则解密过程为：第二设备基于派生生成的对称密钥和初始化向量对第二数据进行解密来得到第三数据；第三数据可以理解为经数据解密之后生成的数据。其中，第二设备得到的第三数据通常与第一数据的数据相同。It can be understood that the first device encrypts the first data based on the derived symmetric key and the initialization vector to obtain the second data; the second data can be understood as the data to be transmitted generated after the symmetric encryption; then the first device will The encrypted second data is sent to the second device through the communication connection with the second device. The decryption process is as follows: the second device decrypts the second data based on the derived symmetric key and the initialization vector to obtain third data; the third data can be understood as data generated after data decryption. The third data obtained by the second device is generally the same as the data of the first data.

例如，第一设备与第二设备之间可以通过蓝牙网络建立蓝牙通信连接，第二设备可以基于蓝牙通信连接接收第二数据。For example, a Bluetooth communication connection may be established between the first device and the second device through a Bluetooth network, and the second device may receive the second data based on the Bluetooth communication connection.

可以理解的，第二设备直接采用对称加密方式所对应的逆过程“对称解密方式”基于对称密钥和初始化向量对第二数据进行对称解密，以生成第三数据；进一步的，对称解密方式是对称加密方式的逆过程：由于加密信息发送方以及接收方采用同一个对称密钥的基础上以基于环境信息生成的初始化向量进行解密。It can be understood that the second device directly uses the inverse process "symmetric decryption method" corresponding to the symmetric encryption method to symmetric decrypt the second data based on the symmetric key and the initialization vector to generate the third data; further, the symmetric decryption method is: The inverse process of the symmetric encryption method: since the sender and receiver of encrypted information use the same symmetric key to decrypt with the initialization vector generated based on the environmental information.

可选的，基于对称解密方式的算法可以是DES加密算法对应的解密方式、TripleDES加密算法对应的解密方式、RC2/RC4/RC5加密算法对应的解密方式、Blowfish加密算法对应的解密方式等等。Optionally, the algorithm based on the symmetric decryption method may be a decryption method corresponding to the DES encryption algorithm, a decryption method corresponding to the TripleDES encryption algorithm, a decryption method corresponding to the RC2/RC4/RC5 encryption algorithm, a decryption method corresponding to the Blowfish encryption algorithm, and the like.

在本申请实施例中，第二设备可以获取第一设备传输的环境信息，在接收所述第一设备发送的第二数据之后，通过获取针对所述第一设备的对称密钥以及参考初始参数，就可以基于所述环境信息和所述参考初始参数生成初始化向量，从而实现基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据；整个数据传输过程以及数据解密过程避免采用递增序列而是基于环境信息来生成初始化向量，同时不直接向数据接收方传输初始化向量，降低了数据传输时的设备追踪概率，提高了数据传输的安全性；以及，可以在至少一轮会话场景从多种参考信息类型中选择不同的环境信息类型以获取环境信息，可以提高数据传输的安全性；以及可以仅发送环境信息类型至第二设备以指示第二设备来获取相应的环境信息，提升了数据传输的便捷性节省了数据传输的开销量。In this embodiment of the present application, the second device may obtain the environment information transmitted by the first device, and after receiving the second data sent by the first device, obtain the symmetric key for the first device and refer to the initial parameters by obtaining the symmetric key for the first device. , an initialization vector can be generated based on the environment information and the reference initial parameter, so that the second data can be decrypted based on the reference initial parameter, the symmetric key and the environment information to obtain the third data; The data transmission process and data decryption process avoid the use of incremental sequences but generate initialization vectors based on environmental information, and do not directly transmit initialization vectors to the data receiver, which reduces the probability of device tracking during data transmission and improves the security of data transmission; And, different environmental information types can be selected from a variety of reference information types in at least one session of the scene to obtain environmental information, which can improve the security of data transmission; and can only send the environmental information type to the second device to indicate the second device. The device can obtain the corresponding environmental information, which improves the convenience of data transmission and saves the cost of data transmission.

请参见图8，图8是本申请提出的一种数据传输方法的另一种实施例的流程示意图。具体的：Please refer to FIG. 8 , which is a schematic flowchart of another embodiment of a data transmission method proposed by the present application. specific:

S401：接收第一设备传输的环境信息类型，所述环境信息类型为第一设备获取的环境信息所对应的类型。S401: Receive an environment information type transmitted by a first device, where the environment information type is a type corresponding to the environment information acquired by the first device.

根据一些实施例中，第一设备从至少一个参考信息类型中可确定环境信息类型；或者，第一设备可以设置有默认的一个环境信息类型；然后将环境信息类型发送至第二设备；第二设备可以基于与第一设备之间的通信连接接收到环境信息类型。According to some embodiments, the first device can determine the environmental information type from at least one reference information type; or, the first device can be set with a default environmental information type; then send the environmental information type to the second device; the second device The device may receive the context information type based on the communication connection with the first device.

可以理解为，环境信息类型可以是海拔参数类型、温度参数类型、湿度参数类型、天气参数类型、磁力参数类型、时间参数类型等类型中的一种或多种的拟合。It can be understood that the environmental information type may be a fitting of one or more types of altitude parameter types, temperature parameter types, humidity parameter types, weather parameter types, magnetic parameter types, and time parameter types.

S402：获取所述环境信息类型对应的参考环境信息，将所述参考环境信息作为所述环境信息；S402: Acquire reference environment information corresponding to the environment information type, and use the reference environment information as the environment information;

在一个或多个实施例中，由于同一环境中的第一设备以及第二设备通常各自获取到的环境信息相同，且参考信息类型的种类可以是多种，为了提升数据传输的安全性，在至少一轮数据传输过程中，第一设备可以从至少一个参考信息类型中选取一种环境信息类型，来获取环境信息类型指示的环境信息；可以理解的，在数据传输涉及多轮会话场景时，第一设备可以在至少一轮会话场景对应的数据传输过程中采用不同的参考信息类型，以在各轮会话场景中至少采用部分不同类型的环境信息来生成初始化向量，以提高数据传输的安全性。可理解为，在至少一轮会话场景中，第二设备接收到第一设备发送的环境信息类型之后，可以调用特定功能或特定部件获取环境信息类型对应的参考环境信息，从而将该参考环境信息作为第一设备获取的环境信息，以便于后续对第二数据进行解密。例如第二设备调用时间获取功能获取当前的时间参数、第二设备调用磁力传感器获取当前所处环境的磁力参数。In one or more embodiments, since the first device and the second device in the same environment usually obtain the same environment information, and the types of reference information can be various, in order to improve the security of data transmission, in the During at least one round of data transmission, the first device may select an environmental information type from at least one reference information type to obtain the environmental information indicated by the environmental information type; it is understandable that when the data transmission involves multiple rounds of conversation scenarios, The first device may use different reference information types in the data transmission process corresponding to at least one round of session scenarios, so as to use at least some different types of environment information in each round of session scenarios to generate initialization vectors, so as to improve the security of data transmission . It can be understood that in at least one round of conversation scenarios, after the second device receives the environmental information type sent by the first device, it can call a specific function or specific component to obtain the reference environmental information corresponding to the environmental information type, so as to use the reference environmental information. As the environmental information acquired by the first device, it is convenient for subsequent decryption of the second data. For example, the second device invokes the time acquisition function to acquire the current time parameter, and the second device invokes the magnetic sensor to acquire the magnetic parameter of the current environment.

在一个或多个实施例中，由于同一环境中的第一设备以及第二设备通常各自获取到的环境信息相同，基于此，第一设备可向第二设备传输环境信息类型，以指示第二设备获取环境信息类型指示的参考环境信息来作为第一设备所获取到的环境新；通过接收第一设备本轮数据传输对应的环境信息类型相对于第一设备直接发送环境信息而言，可以提升数据传输的智能性，同时可以节省数据传输第一数据(如业务数据)前的数据协商开销。In one or more embodiments, since the first device and the second device in the same environment usually obtain the same environment information, based on this, the first device can transmit the environment information type to the second device to indicate the second device. The device obtains the reference environment information indicated by the environment information type as the environment information obtained by the first device; by receiving the environment information type corresponding to the current round of data transmission by the first device, compared with the environment information directly sent by the first device, it can improve the The intelligence of data transmission can also save the data negotiation overhead before the first data (such as service data) is transmitted.

S403：接收所述第一设备发送的第二数据；所述第二数据基于初始化向量和对称密钥对第一数据加密生成。S403: Receive second data sent by the first device; the second data is generated by encrypting the first data based on an initialization vector and a symmetric key.

具体可参考本申请其他实施例涉及的方法步骤，此处不再进行赘述。For details, reference may be made to the method steps involved in other embodiments of the present application, which will not be repeated here.

S404：获取针对所述第一设备的共享密钥串以及第一共享信息，所述第一共享信息为所述第一设备向所述第二设备传输的共享信息；S404: Obtain a shared key string and first shared information for the first device, where the first shared information is shared information transmitted by the first device to the second device;

K＝KDF1(Z,xif_A,xif_B,“wy”)K=KDF1(Z, xif_A, xif_B, "wy")

S405：基于密钥上下文信息、所述共享密钥串、第二共享信息以及第一共享信息进行第二派生处理，生成对称密钥，所述第二共享信息为所述第二设备向所述第一设备传输的共享信息；S405: Perform a second derivation process based on the key context information, the shared key string, the second shared information, and the first shared information to generate a symmetric key, where the second shared information is the information sent by the second device to the Shared information transmitted by the first device;

K＝KDF1(Z,xif_A,xif_B,“wy”)K=KDF1(Z, xif_A, xif_B, "wy")

S406：基于向量上下文信息、所述共享密钥串、所述第二共享信息以及第一共享信息进行第一派生处理，生成参考初始参数。S406: Perform a first derivation process based on the vector context information, the shared key string, the second shared information, and the first shared information to generate a reference initial parameter.

可以理解的，在一些实施场景中，向量上下文信息在数据传输之前已经确定，在一些实施方式中：通常由通信双方预先进行协商确定。在一些实施方式中，基于第一设备与第二设备的目标功能服务初始化时所确定的用于标识参考初始参数(abcant)的上下文信息，例如：第二设备在使用该目标功能服务之前在服务初始化过程中所设置的。在一些实施方式中，第一设备与第二设备也可以采用相关技术中的协商算法协商出的向量上下文信息，等等。It can be understood that, in some implementation scenarios, the vector context information has been determined before data transmission, and in some implementations: it is usually determined by negotiation between the two parties in advance. In some embodiments, based on the context information for identifying the reference initial parameter (abcant) determined when the target function service of the first device and the second device is initialized, for example, the second device is in the service before using the target function service. set during initialization. In some embodiments, the first device and the second device may also use the vector context information negotiated by the negotiation algorithm in the related art, and so on.

可以理解的，第二设备基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息进行第一派生处理，来生成参考初始参数；示意性的，如图5所示，图5是本申请涉及的一种派生处理的场景示意图，第二设备可以通过密钥派生算法基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息作为算法输入，来派生参考初始参数，参考初始参数的生成过程可表示为：It can be understood that the second device performs a first derivation process based on the vector context information, the shared key string, the first shared information and the second shared information to generate the reference initial parameter; schematically, as shown in FIG. 5 . Figure 5 is a schematic diagram of a derivation process involved in the present application. The second device can use a key derivation algorithm based on the vector context information, the shared key string, the first shared information, and the second shared information as The algorithm input is used to derive the reference initial parameters. The generation process of the reference initial parameters can be expressed as:

abcant＝KDF2(Z,xif_A,xif_B,“abc”)abcant=KDF2(Z, xif_A, xif_B, "abc")

在一个或多个实施例中，第二设备可以与第一设备进行信息协商处理，生成密钥上下文信息以及向量上下文信息；如：第一设备与第二设备共同为标识对称密钥设置密钥上下文信息，又如：第一设备与第二设备共同为标识参考初始参数设置向量上下文信息。In one or more embodiments, the second device may perform an information negotiation process with the first device to generate key context information and vector context information; for example, the first device and the second device jointly set a key for identifying a symmetric key The context information, for another example: the first device and the second device jointly set the vector context information for the identification reference initial parameter.

可以理解的，完成信息协商处理之后，第二设备与第一设备各自保存密钥上下文信息以及向量上下文信息；所述密钥上下文信息与所述向量上下文信息不一样。It can be understood that after the information negotiation process is completed, the second device and the first device save key context information and vector context information respectively; the key context information is different from the vector context information.

S407：基于所述环境信息和所述参考初始参数生成初始化向量。S407: Generate an initialization vector based on the environment information and the reference initial parameter.

在一个或多个实施例中，第一可以基于所述至少一个参考信息类型与参考函数的函数映射关系，确定所述环境信息类型对应的目标函数，以采用目标函数得到初始化向量；基于此，第二设备可以保存至少一个参考信息类型与参考函数的函数映射关系，以此来确定所述环境信息类型对应的目标函数，采用目标函数得到第一设备在进行数据加密时所涉及的初始化向量。In one or more embodiments, first, an objective function corresponding to the environmental information type may be determined based on the function mapping relationship between the at least one reference information type and the reference function, so as to obtain an initialization vector by using the objective function; based on this, The second device can store at least one function mapping relationship between the reference information type and the reference function, so as to determine the target function corresponding to the environmental information type, and use the target function to obtain the initialization vector involved in the data encryption by the first device.

在一个或多个实施例中，目标函数也可以是第一设备与第二设备直接默认设置的，第二设备可以采用目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量In one or more embodiments, the objective function may also be directly set by the first device and the second device by default, and the second device may use the objective function to perform functional processing on the environment information and the reference initial parameters to obtain the function The processed initialization vector

S408：基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据。S408: Decrypt the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

具体可参考本申请涉及的其他实施例的方法步骤，此处不再赘述。For details, reference may be made to the method steps of other embodiments involved in this application, which will not be repeated here.

请参见图9，为本申请实施例提供的一种数据传输系统的场景示意图。如图9所示，所述数据传输系统可以包括第一设备100及第二设备110。Please refer to FIG. 9 , which is a schematic diagram of a scenario of a data transmission system provided by an embodiment of the present application. As shown in FIG. 9 , the data transmission system may include a first device 100 and a second device 110 .

所述第一设备100及第二设备110可以是一种电子设备，该电子设备包括但不限于：可穿戴设备、手持设备、个人电脑、平板电脑、车载设备、计算设备或连接到无线调制解调器的其它处理设备等。在不同的网络中用户终端可以叫做不同的名称，例如：用户设备、接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置、蜂窝电话、无绳电话、个人数字处理(personaldigital assistant，PDA)、5G网络或未来演进网络中的设备等。The first device 100 and the second device 110 may be an electronic device including, but not limited to, a wearable device, a handheld device, a personal computer, a tablet computer, an in-vehicle device, a computing device, or a wireless modem connected to a wireless modem. other processing equipment, etc. User terminals may be called by different names in different networks, for example: user equipment, access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication Equipment, user agent or user equipment, cellular phone, cordless phone, personal digital assistant (PDA), equipment in 5G network or future evolution network, etc.

第一设备100可以与第二设备110通过通信网络进行交互，通信网络可以是诸如无线蓝牙通信网络、无线近场通信(NFC)网络、ZigBee通信网络等除移动数据网络之外的近端通信网络。The first device 100 may interact with the second device 110 through a communication network, and the communication network may be a near-end communication network other than a mobile data network, such as a wireless Bluetooth communication network, a wireless near field communication (NFC) network, a ZigBee communication network, etc. .

第一设备100与第二设备110通常处于同一环境中，在数据传输过程中为了避免被位于同一环境的至少一个第三设备(如监听设备)所追踪，采用本申请所涉及的数据传输方法参与数据传输的第一设备100与第二设备110不涉及到传输初始化向量，可以理解的初始化向量不采用基于随机数所对应的随机递增序列，以避免第三设备可基于初始化向量的数据随机特性追踪到参与数据传输的设备，(如常用的以随机递增序列作为初始化向量进行明文传输，通常每次明文传输的初始化向量常对外呈现数据递增特性，而在同一环境中每个数据发送设备的初始化向量是不一样，针对某一数据发送设备持续以数据递增的方式进行明文传输，这将使得该“某一数据发送设备”极易被处于同一环境的其他设备基于数据递增特性追踪到相关设备，进而对其数据传输涉及的数据进行破解)。The first device 100 and the second device 110 are usually in the same environment. In order to avoid being tracked by at least one third device (such as a monitoring device) located in the same environment during data transmission, the data transmission method involved in this application is used to participate. The first device 100 and the second device 110 for data transmission are not involved in the transmission of the initialization vector. It is understandable that the initialization vector does not use a random incrementing sequence corresponding to random numbers, so as to prevent the third device from tracking the random characteristics of the data based on the initialization vector. To the device participating in data transmission, (for example, the commonly used random increment sequence is used as the initialization vector for plaintext transmission, usually the initialization vector of each plaintext transmission often exhibits the characteristic of data increment, and the initialization vector of each data sending device in the same environment The difference is that for a certain data sending device, it continues to transmit plaintext in the way of data increment, which will make the “a certain data sending device” very easy to be traced to related devices by other devices in the same environment based on the data increment feature, and then Cracking the data involved in its data transfer).

可以理解的，上述实施例提供的数据传输系统与数据传输方法实施例属于同一构思，其体现实现过程详见方法实施例，这里不再赘述。It can be understood that the data transmission system and the data transmission method embodiments provided by the above embodiments belong to the same concept, and the embodiment and implementation process thereof are detailed in the method embodiments, which will not be repeated here.

下面将结合图10，对本申请实施例提供的数据传输装置进行详细介绍。需要说明的是，图10所示的数据传输装置，用于执行本申请涉及的一个或多个实施例的方法，为了便于说明，仅示出了与本申请实施例相关的部分，具体技术细节未揭示的，请参照本申请涉及的一个或多个方法实施例。The data transmission apparatus provided by the embodiment of the present application will be described in detail below with reference to FIG. 10 . It should be noted that the data transmission device shown in FIG. 10 is used to execute the method of one or more embodiments involved in the present application. For the convenience of description, only the parts related to the embodiments of the present application are shown, and the specific technical details are If not disclosed, please refer to one or more method embodiments involved in this application.

请参见图10，其示出本申请实施例的数据传输装置的结构示意图。该数据传输装置1可以通过软件、硬件或者两者的结合实现成为用户终端的全部或一部分。根据一些实施例，该数据传输装置1包括数据传输模块11、数据传输模块12和数据传输模块13，具体用于：Please refer to FIG. 10 , which shows a schematic structural diagram of a data transmission apparatus according to an embodiment of the present application. The data transmission device 1 can be implemented as all or a part of the user terminal through software, hardware or a combination of the two. According to some embodiments, the data transmission device 1 includes a data transmission module 11, a data transmission module 12 and a data transmission module 13, which are specifically used for:

信息传输模块11，用于获取当前的环境信息，将所述环境信息传输至第二设备；an information transmission module 11, configured to acquire current environmental information and transmit the environmental information to the second device;

向量生成模块12，用于获取针对所述第二设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；a vector generation module 12, configured to obtain a symmetric key for the second device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter;

数据加密模块13，用于基于所述对称密钥以及所述初始化向量对第一数据加密得到第二数据，将所述第二数据发送至所述第二设备，所述第二数据用于指示所述第二设备基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密The data encryption module 13 is configured to encrypt the first data based on the symmetric key and the initialization vector to obtain second data, and send the second data to the second device, where the second data is used to indicate The second device decrypts the second data based on the reference initial parameter, the symmetric key, and the context information

可选的，如图11所示，所述向量生成模块12，包括：Optionally, as shown in FIG. 11 , the vector generation module 12 includes:

信息获取单元121，用于获取针对所述第二设备的共享密钥串以及第二共享信息，所述第二共享信息为所述第二设备向所述第一设备传输的共享信息；an information acquisition unit 121, configured to acquire a shared key string for the second device and second shared information, where the second shared information is shared information transmitted by the second device to the first device;

密钥生成单元122，用于基于密钥上下文信息、所述共享密钥串、第一共享信息以及第二共享信息进行第一派生处理，生成对称密钥，所述第一共享信息为所述第一设备向所述第二设备传输的共享信息；The key generation unit 122 is configured to perform a first derivation process based on the key context information, the shared key string, the first shared information and the second shared information to generate a symmetric key, where the first shared information is the shared information transmitted by the first device to the second device;

参数生成单元123，用于基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息进行第二派生处理，生成参考初始参数。The parameter generating unit 123 is configured to perform a second derivation process based on the vector context information, the shared key string, the first shared information, and the second shared information to generate reference initial parameters.

可选的，所述装置1，具体用于：Optionally, the device 1 is specifically used for:

与第二设备进行信息协商处理，生成密钥上下文信息以及向量上下文信息；Perform information negotiation processing with the second device to generate key context information and vector context information;

保存所述密钥上下文信息以及所述向量上下文信息；所述密钥上下文信息与所述向量上下文信息不同。The key context information and the vector context information are saved; the key context information is different from the vector context information.

可选的，所述向量生成模块12，具体用于：Optionally, the vector generation module 12 is specifically used for:

采用目标函数方式对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。The environmental information and the reference initial parameters are processed by the objective function method, and the initialization vector after the function processing is obtained.

采用异或函数方式对所述环境信息以及所述参考初始参数进行异或处理，得到异或处理后的初始化向量；或，XOR processing is performed on the environmental information and the reference initial parameter by means of an XOR function to obtain an initialization vector after the XOR processing; or,

采用哈希函数方式对所述环境信息以及所述参考初始参数进行哈希处理，得到哈希处理后的初始化向量。Hash processing is performed on the environmental information and the reference initial parameters by means of a hash function to obtain a hashed initialization vector.

可选的，所述传输模块11，具体用于：Optionally, the transmission module 11 is specifically used for:

获取当前的环境信息，将所述环境信息对应的环境信息类型传输至所述第二设备，所述环境信息类型用于指示第二设备获取所述信息类型对应的参考环境信息，所述参考环境信息与所述环境信息相同。Acquire the current environment information, and transmit the environment information type corresponding to the environment information to the second device, where the environment information type is used to instruct the second device to obtain the reference environment information corresponding to the information type, the reference environment The information is the same as the environment information.

从至少一个参考信息类型中确定环境信息类型，获取所述环境信息类型指示的环境信息。The environmental information type is determined from at least one reference information type, and the environmental information indicated by the environmental information type is acquired.

基于所述至少一个参考信息类型与参考函数方式的函数映射关系，确定所述环境信息类型对应的目标函数方式；Based on the function mapping relationship between the at least one reference information type and the reference function mode, determine the target function mode corresponding to the environmental information type;

采用所述目标函数方式对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。The environment information and the reference initial parameters are processed by the objective function method, and the initialization vector after the function processing is obtained.

需要说明的是，上述实施例提供的数据传输装置在执行数据传输方法时，仅以上述各功能模块的划分进行举例说明，实际应用中，可以根据需要而将上述功能分配由不同的功能模块完成，即将设备的内部结构划分成不同的功能模块，以完成以上描述的全部或者部分功能。另外，上述实施例提供的数据传输装置与数据传输方法实施例属于同一构思，其体现实现过程详见方法实施例，这里不再赘述。It should be noted that, when the data transmission apparatus provided in the above-mentioned embodiments executes the data transmission method, only the division of the above-mentioned functional modules is used for illustration. , that is, dividing the internal structure of the device into different functional modules to complete all or part of the functions described above. In addition, the data transmission apparatus and the data transmission method embodiments provided by the above embodiments belong to the same concept, and the implementation process of the data transmission apparatus is described in the method embodiments, which will not be repeated here.

上述本申请实施例序号仅仅为了描述，不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present application are only for description, and do not represent the advantages or disadvantages of the embodiments.

请参见图12，其示出本申请实施例的数据传输装置的结构示意图。该数据传输装置2可以通过软件、硬件或者两者的结合实现成为用户终端的全部或一部分。根据一些实施例，该数据传输装置2包括信息获取模块21、向量生成模块22和数据解密模块23，具体用于：Please refer to FIG. 12 , which shows a schematic structural diagram of a data transmission apparatus according to an embodiment of the present application. The data transmission device 2 can be implemented as all or a part of the user terminal through software, hardware or a combination of the two. According to some embodiments, the data transmission device 2 includes an information acquisition module 21, a vector generation module 22 and a data decryption module 23, which are specifically used for:

信息获取模块21，用于获取第一设备传输的环境信息，接收所述第一设备发送的第二数据；an information acquisition module 21, configured to acquire the environmental information transmitted by the first device, and receive the second data sent by the first device;

向量生成模块22，用于获取针对所述第一设备的对称密钥以及参考初始参数，基于所述环境信息和所述参考初始参数生成初始化向量；a vector generation module 22, configured to obtain a symmetric key for the first device and a reference initial parameter, and generate an initialization vector based on the environment information and the reference initial parameter;

数据解密模块23，用于基于所述参考初始参数、所述对称密钥以及所述环境信息对第二数据进行解密，得到第三数据。The data decryption module 23 is configured to decrypt the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

可选的，所述向量生成模块22，具体用于：Optionally, the vector generation module 22 is specifically used for:

获取针对所述第一设备的共享密钥串以及第一共享信息，所述第一共享信息为所述第一设备向所述第二设备传输的共享信息；acquiring a shared key string and first shared information for the first device, where the first shared information is shared information transmitted by the first device to the second device;

基于密钥上下文信息、所述共享密钥串、第二共享信息以及第一共享信息进行第二派生处理，生成对称密钥，所述第二共享信息为所述第二设备向所述第一设备传输的共享信息；A symmetric key is generated by performing a second derivation process based on the key context information, the shared key string, the second shared information, and the first shared information, where the second shared information is the request from the second device to the first shared information. shared information transmitted by the device;

基于向量上下文信息、所述共享密钥串、所述第二共享信息以及第一共享信息进行第一派生处理，生成参考初始参数。A first derivation process is performed based on the vector context information, the shared key string, the second shared information, and the first shared information to generate reference initial parameters.

与第一设备进行信息协商处理，生成密钥上下文信息以及向量上下文信息；Perform information negotiation processing with the first device to generate key context information and vector context information;

采用目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。The environmental information and the reference initial parameters are processed by the objective function to obtain the initialization vector after the function processing.

可选的，所述信息获取模块21，具体用于：Optionally, the information acquisition module 21 is specifically used for:

接收第一设备传输的环境信息类型，所述环境信息类型为第一设备获取的环境信息所对应的类型；receiving the environmental information type transmitted by the first device, where the environmental information type is the type corresponding to the environmental information acquired by the first device;

获取所述环境信息类型对应的参考环境信息，将所述参考环境信息作为所述环境信息。Obtain reference environment information corresponding to the environment information type, and use the reference environment information as the environment information.

基于所述至少一个参考信息类型与参考函数的函数映射关系，确定所述环境信息类型对应的目标函数；Based on the function mapping relationship between the at least one reference information type and the reference function, determine the target function corresponding to the environmental information type;

采用所述目标函数对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量。The environmental information and the reference initial parameters are processed by using the objective function to obtain the initialization vector after the function processing.

本申请实施例还提供了一种计算机存储介质，所述计算机存储介质可以存储有多条指令，所述指令适于由处理器加载并执行如上述图1～图9所示实施例的所述数据传输方法，具体执行过程可以参见图1～图9所示实施例的具体说明，在此不进行赘述。An embodiment of the present application further provides a computer storage medium, where the computer storage medium can store a plurality of instructions, and the instructions are suitable for being loaded and executed by a processor as described in the above-mentioned embodiments shown in FIG. 1 to FIG. 9 . For the data transmission method and the specific execution process, reference may be made to the specific descriptions of the embodiments shown in FIG. 1 to FIG. 9 , which will not be repeated here.

本申请还提供了一种计算机程序产品，该计算机程序产品存储有至少一条指令，所述至少一条指令由所述处理器加载并执行如上述图1～图9所示实施例的所述数据传输方法，具体执行过程可以参见图1～图9所示实施例的具体说明，在此不进行赘述。The present application also provides a computer program product, where the computer program product stores at least one instruction, and the at least one instruction is loaded by the processor and executes the data transmission in the embodiments shown in FIG. 1 to FIG. 9 above. For the specific implementation process of the method, reference may be made to the specific descriptions of the embodiments shown in FIG. 1 to FIG. 9 , which will not be repeated here.

请参考图13，其示出了本申请一个示例性实施例提供的电子设备的结构方框图。本申请中的电子设备可以包括一个或多个如下部件：处理器110、存储器120、输入装置130、输出装置140和总线150。处理器110、存储器120、输入装置130和输出装置140之间可以通过总线150连接。Please refer to FIG. 13 , which shows a structural block diagram of an electronic device provided by an exemplary embodiment of the present application. An electronic device in this application may include one or more of the following components: a processor 110 , a memory 120 , an input device 130 , an output device 140 and a bus 150 . The processor 110 , the memory 120 , the input device 130 and the output device 140 may be connected through a bus 150 .

处理器110可以包括一个或者多个处理核心。处理器110利用各种接口和线路连接整个电子设备内的各个部分，通过运行或执行存储在存储器120内的指令、程序、代码集或指令集，以及调用存储在存储器120内的数据，执行电子设备100的各种功能和处理数据。可选地，处理器110可以采用数字信号处理(digital signal processing，DSP)、现场可编程门阵列(field－programmable gate array，FPGA)、可编程逻辑阵列(programmable logicArray，PLA)中的至少一种硬件形式来实现。处理器110可集成中央处理器(centralprocessing unit，CPU)、图像处理器(graphics processing unit，GPU)和调制解调器等中的一种或几种的组合。其中，CPU主要处理操作系统、用户界面和应用程序等；GPU用于负责显示内容的渲染和绘制；调制解调器用于处理无线通信。可以理解的是，上述调制解调器也可以不集成到处理器110中，单独通过一块通信芯片进行实现。The processor 110 may include one or more processing cores. The processor 110 uses various interfaces and lines to connect various parts in the entire electronic device, and executes the electronic device by running or executing the instructions, programs, code sets or instruction sets stored in the memory 120, and calling the data stored in the memory 120. Various functions of the device 100 and processing data. Optionally, the processor 110 may employ at least one of digital signal processing (digital signal processing, DSP), field-programmable gate array (field-programmable gate array, FPGA), and programmable logic array (programmable logic array, PLA). implemented in hardware. The processor 110 may integrate one or a combination of a central processing unit (CPU), a graphics processing unit (GPU), a modem, and the like. Among them, the CPU mainly handles the operating system, user interface and application programs, etc.; the GPU is used for rendering and drawing of the display content; the modem is used to handle wireless communication. It can be understood that, the above-mentioned modem may also not be integrated into the processor 110, and is implemented by a communication chip alone.

存储器120可以包括随机存储器(random Access Memory，RAM)，也可以包括只读存储器(read-only memory，ROM)。可选地，该存储器120包括非瞬时性计算机可读介质(non-transitory computer-readable storage medium)。存储器120可用于存储指令、程序、代码、代码集或指令集。存储器120可包括存储程序区和存储数据区，其中，存储程序区可存储用于实现操作系统的指令、用于实现至少一个功能的指令(比如触控功能、声音播放功能、图像播放功能等)、用于实现下述各个方法实施例的指令等，该操作系统可以是安卓(Android)系统，包括基于Android系统深度开发的系统、苹果公司开发的IOS系统，包括基于IOS系统深度开发的系统或其它系统。存储数据区还可以存储电子设备在使用中所创建的数据比如电话本、音视频数据、聊天记录数据，等。The memory 120 may include random access memory (RAM), or may include read-only memory (ROM). Optionally, the memory 120 includes a non-transitory computer-readable storage medium. Memory 120 may be used to store instructions, programs, codes, sets of codes, or sets of instructions. The memory 120 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playback function, an image playback function, etc.) , instructions for implementing the following method embodiments, etc., the operating system can be an Android (Android) system, including a system based on the deep development of the Android system, an IOS system developed by Apple, including a system based on the deep development of the IOS system or other systems. The storage data area can also store data created by the electronic device in use, such as a phone book, audio and video data, chat record data, and the like.

参见图14所示，存储器120可分为操作系统空间和用户空间，操作系统即运行于操作系统空间，原生及第三方应用程序即运行于用户空间。为了保证不同第三方应用程序均能够达到较好的运行效果，操作系统针对不同第三方应用程序为其分配相应的系统资源。然而，同一第三方应用程序中不同应用场景对系统资源的需求也存在差异，比如，在本地资源加载场景下，第三方应用程序对磁盘读取速度的要求较高；在动画渲染场景下，第三方应用程序则对GPU性能的要求较高。而操作系统与第三方应用程序之间相互独立，操作系统往往不能及时感知第三方应用程序当前的应用场景，导致操作系统无法根据第三方应用程序的具体应用场景进行针对性的系统资源适配。Referring to FIG. 14 , the memory 120 can be divided into an operating system space and a user space, the operating system runs in the operating system space, and the native and third-party applications run in the user space. In order to ensure that different third-party applications can achieve better running effects, the operating system allocates corresponding system resources to different third-party applications. However, different application scenarios in the same third-party application also have different requirements for system resources. For example, in the local resource loading scenario, the third-party application has higher requirements on the disk read speed; in the animation rendering scenario, the first Third-party applications have higher requirements on GPU performance. The operating system and the third-party application are independent of each other, and the operating system often cannot perceive the current application scenario of the third-party application in time, so that the operating system cannot perform targeted system resource adaptation according to the specific application scenario of the third-party application.

为了使操作系统能够区分第三方应用程序的具体应用场景，需要打通第三方应用程序与操作系统之间的数据通信，使得操作系统能够随时获取第三方应用程序当前的场景信息，进而基于当前场景进行针对性的系统资源适配。In order to enable the operating system to distinguish the specific application scenarios of third-party applications, it is necessary to open up the data communication between the third-party application and the operating system, so that the operating system can obtain the current scene information of the third-party application at any time, and then perform the operation based on the current scene. Targeted system resource adaptation.

以操作系统为Android系统为例，存储器120中存储的程序和数据如图15所示，存储器120中可存储有Linux内核层320、系统运行时库层340、应用框架层360和应用层380，其中，Linux内核层320、系统运行库层340和应用框架层360属于操作系统空间，应用层380属于用户空间。Linux内核层320为电子设备的各种硬件提供了底层的驱动，如显示驱动、音频驱动、摄像头驱动、蓝牙驱动、Wi-Fi驱动、电源管理等。系统运行库层340通过一些C/C++库来为Android系统提供了主要的特性支持。如SQLite库提供了数据库的支持，OpenGL/ES库提供了3D绘图的支持，Webkit库提供了浏览器内核的支持等。在系统运行时库层340中还提供有安卓运行时库(Android runtime)，它主要提供了一些核心库，能够允许开发者使用Java语言来编写Android应用。应用框架层360提供了构建应用程序时可能用到的各种API，开发者也可以通过使用这些API来构建自己的应用程序，比如活动管理、窗口管理、视图管理、通知管理、内容提供者、包管理、通话管理、资源管理、定位管理。应用层380中运行有至少一个应用程序，这些应用程序可以是操作系统自带的原生应用程序，比如联系人程序、短信程序、时钟程序、相机应用等；也可以是第三方开发者所开发的第三方应用程序，比如游戏类应用程序、即时通信程序、相片美化程序等。Taking the Android system as the operating system as an example, the programs and data stored in the memory 120 are shown in FIG. 15 . The memory 120 may store the Linux kernel layer 320, the system runtime library layer 340, the application framework layer 360 and the application layer 380, Among them, the Linux kernel layer 320, the system runtime layer 340 and the application framework layer 360 belong to the operating system space, and the application layer 380 belongs to the user space. The Linux kernel layer 320 provides underlying drivers for various hardwares of electronic devices, such as display drivers, audio drivers, camera drivers, Bluetooth drivers, Wi-Fi drivers, power management and the like. The system runtime layer 340 provides main feature support for the Android system through some C/C++ libraries. For example, the SQLite library provides database support, the OpenGL/ES library provides 3D drawing support, and the Webkit library provides browser kernel support. An Android runtime library (Android runtime) is also provided in the system runtime library layer 340, which mainly provides some core libraries, which can allow developers to use Java language to write Android applications. The application framework layer 360 provides various APIs that may be used when building applications. Developers can also build their own applications by using these APIs, such as activity management, window management, view management, notification management, content provider, Package management, call management, resource management, location management. There is at least one application running in the application layer 380, and these applications may be native applications that come with the operating system, such as contact programs, SMS programs, clock programs, camera applications, etc.; they may also be developed by third-party developers Third-party applications, such as game applications, instant messaging programs, photo enhancement programs, etc.

以操作系统为IOS系统为例，存储器120中存储的程序和数据如图16所示，IOS系统包括：核心操作系统层420(Core OS layer)、核心服务层440(Core Services layer)、媒体层460(Media layer)、可触摸层480(Cocoa Touch Layer)。核心操作系统层420包括了操作系统内核、驱动程序以及底层程序框架，这些底层程序框架提供更接近硬件的功能，以供位于核心服务层440的程序框架所使用。核心服务层440提供给应用程序所需要的系统服务和/或程序框架，比如基础(Foundation)框架、账户框架、广告框架、数据存储框架、网络连接框架、地理位置框架、运动框架等等。媒体层460为应用程序提供有关视听方面的接口，如图形图像相关的接口、音频技术相关的接口、视频技术相关的接口、音视频传输技术的无线播放(AirPlay)接口等。可触摸层480为应用程序开发提供了各种常用的界面相关的框架，可触摸层480负责用户在电子设备上的触摸交互操作。比如本地通知服务、远程推送服务、广告框架、游戏工具框架、消息用户界面接口(User Interface，UI)框架、用户界面UIKit框架、地图框架等等。Taking the operating system as the IOS system as an example, the programs and data stored in the memory 120 are shown in FIG. 16 . The IOS system includes: a core operating system layer 420 (Core OS layer), a core service layer 440 (Core Services layer), a media layer 460 (Media layer), touchable layer 480 (Cocoa Touch Layer). The core operating system layer 420 includes the operating system kernel, drivers, and low-level program frameworks, which provide functions closer to hardware for use by the program frameworks located in the core service layer 440 . The core service layer 440 provides system services and/or program frameworks required by application programs, such as a foundation framework, an account framework, an advertisement framework, a data storage framework, a network connection framework, a geographic location framework, a motion framework, and the like. The media layer 460 provides audiovisual interfaces for applications, such as graphics and image related interfaces, audio technology related interfaces, video technology related interfaces, and audio and video transmission technology wireless playback (AirPlay) interfaces. The touchable layer 480 provides various common interface-related frameworks for application development, and the touchable layer 480 is responsible for the user's touch interaction operation on the electronic device. Such as local notification service, remote push service, advertising framework, game tool framework, message user interface interface (User Interface, UI) framework, user interface UIKit framework, map framework and so on.

在图16所示出的框架中，与大部分应用程序有关的框架包括但不限于：核心服务层440中的基础框架和可触摸层480中的UIKit框架。基础框架提供许多基本的对象类和数据类型，为所有应用程序提供最基本的系统服务，和UI无关。而UIKit框架提供的类是基础的UI类库，用于创建基于触摸的用户界面，iOS应用程序可以基于UIKit框架来提供UI，所以它提供了应用程序的基础架构，用于构建用户界面，绘图、处理和用户交互事件，响应手势等等。Among the frameworks shown in FIG. 16 , the frameworks related to most applications include but are not limited to: the basic framework in the core service layer 440 and the UIKit framework in the touchable layer 480 . The basic framework provides many basic object classes and data types, and provides the most basic system services for all applications, regardless of UI. The classes provided by the UIKit framework are the basic UI class libraries for creating touch-based user interfaces. iOS applications can provide UI based on the UIKit framework, so it provides the application's infrastructure for building user interfaces, drawing , handling and user interaction events, responding to gestures, and more.

其中，在IOS系统中实现第三方应用程序与操作系统数据通信的方式以及原理可参考Android系统，本申请在此不再赘述。The method and principle of implementing data communication between a third-party application and an operating system in the IOS system may refer to the Android system, which will not be repeated in this application.

其中，输入装置130用于接收输入的指令或数据，输入装置130包括但不限于键盘、鼠标、摄像头、麦克风或触控设备。输出装置140用于输出指令或数据，输出装置140包括但不限于显示设备和扬声器等。在一个示例中，输入装置130和输出装置140可以合设，输入装置130和输出装置140为触摸显示屏，该触摸显示屏用于接收用户使用手指、触摸笔等任何适合的物体在其上或附近的触摸操作，以及显示各个应用程序的用户界面。触摸显示屏通常设置在电子设备的前面板。触摸显示屏可被设计成为全面屏、曲面屏或异型屏。触摸显示屏还可被设计成为全面屏与曲面屏的结合，异型屏与曲面屏的结合，本申请实施例对此不加以限定。The input device 130 is used for receiving input instructions or data, and the input device 130 includes but is not limited to a keyboard, a mouse, a camera, a microphone or a touch device. The output device 140 is used for outputting instructions or data, and the output device 140 includes, but is not limited to, a display device, a speaker, and the like. In one example, the input device 130 and the output device 140 may be co-located, and the input device 130 and the output device 140 are a touch display screen, the touch display screen is used to receive any suitable objects such as a user's finger, a touch pen, etc. Nearby touch actions, as well as displaying the user interface of each application. The touch display is usually provided on the front panel of the electronic device. The touch screen can be designed as a full screen, a curved screen or a special-shaped screen. The touch display screen can also be designed to be a combination of a full screen and a curved screen, or a combination of a special-shaped screen and a curved screen, which is not limited in the embodiments of the present application.

除此之外，本领域技术人员可以理解，上述附图所示出的电子设备的结构并不构成对电子设备的限定，电子设备可以包括比图示更多或更少的部件，或者组合某些部件，或者不同的部件布置。比如，电子设备中还包括射频电路、输入单元、传感器、音频电路、无线保真(wireless fidelity，WiFi)模块、电源、蓝牙模块等部件，在此不再赘述。In addition, those skilled in the art can understand that the structure of the electronic device shown in the above drawings does not constitute a limitation to the electronic device, and the electronic device may include more or less components than those shown in the drawings, or a combination of certain components may be included. some components, or a different arrangement of components. For example, the electronic device further includes components such as a radio frequency circuit, an input unit, a sensor, an audio circuit, a wireless fidelity (WiFi) module, a power supply, and a Bluetooth module, which will not be repeated here.

在本申请实施例中，各步骤的执行主体可以是上文介绍的电子设备。可选地，各步骤的执行主体为电子设备的操作系统。操作系统可以是安卓系统，也可以是IOS系统，或者其它操作系统，本申请实施例对此不作限定。In this embodiment of the present application, the execution body of each step may be the electronic device described above. Optionally, the execution subject of each step is an operating system of the electronic device. The operating system may be an Android system, an IOS system, or other operating systems, which are not limited in this embodiment of the present application.

本申请实施例的电子设备，其上还可以安装有显示设备，显示设备可以是各种能实现显示功能的设备，例如：阴极射线管显示器(cathode ray tubedisplay，简称CR)、发光二极管显示器(light-emitting diode display，简称LED)、电子墨水屏、液晶显示屏(liquid crystal display，简称LCD)、等离子显示面板(plasma display panel，简称PDP)等。用户可以利用电子设备101上的显示设备，来查看显示的文字、图像、视频等信息。所述电子设备可以是智能手机、平板电脑、游戏设备、AR(Augmented Reality，增强现实)设备、汽车、数据存储装置、音频播放装置、视频播放装置、笔记本、桌面计算设备、可穿戴设备诸如电子手表、电子眼镜、电子头盔、电子手链、电子项链、电子衣物等设备。The electronic device according to the embodiment of the present application may also have a display device installed thereon, and the display device may be various devices that can realize a display function, such as a cathode ray tube display (CR for short), a light emitting diode display (light emitting diode display). -emitting diode display, referred to as LED), electronic ink screen, liquid crystal display (liquid crystal display, referred to as LCD), plasma display panel (plasma display panel, referred to as PDP) and so on. The user can use the display device on the electronic device 101 to view the displayed text, image, video and other information. The electronic device may be a smart phone, a tablet computer, a gaming device, an AR (Augmented Reality) device, a car, a data storage device, an audio playback device, a video playback device, a notebook, a desktop computing device, a wearable device such as an electronic device. Watches, electronic glasses, electronic helmets, electronic bracelets, electronic necklaces, electronic clothing and other equipment.

在图13所示的电子设备中，其中电子设备可以是一种终端，处理器110可以用于调用存储器120中存储的应用程序，并具体执行以下操作：In the electronic device shown in FIG. 13 , the electronic device may be a terminal, and the processor 110 may be used to invoke the application program stored in the memory 120, and specifically perform the following operations:

在一个实施例中，所述处理器1001在执行所述获取针对所述第二设备的对称密钥以及参考初始参数时，具体执行以下操作：In one embodiment, when the processor 1001 executes the obtaining of the symmetric key for the second device and the reference to the initial parameter, the processor 1001 specifically executes the following operations:

获取针对所述第二设备的共享密钥串以及第二共享信息，所述第二共享信息为所述第二设备向所述第一设备传输的共享信息；acquiring a shared key string for the second device and second shared information, where the second shared information is shared information transmitted by the second device to the first device;

基于密钥上下文信息、所述共享密钥串、第一共享信息以及第二共享信息进行第一派生处理，生成对称密钥，所述第一共享信息为所述第一设备向所述第二设备传输的共享信息；A first derivation process is performed based on the key context information, the shared key string, the first shared information, and the second shared information, and a symmetric key is generated, and the first shared information is the information from the first device to the second shared information. shared information transmitted by the device;

基于向量上下文信息、所述共享密钥串、所述第一共享信息以及第二共享信息进行第二派生处理，生成参考初始参数。A second derivation process is performed based on the vector context information, the shared key string, the first shared information and the second shared information to generate reference initial parameters.

在一个实施例中，所述处理器110在执行所述获取当前的环境信息之前，还包括：In one embodiment, before the processor 110 executes the obtaining of the current environment information, the processor 110 further includes:

在一个实施例中，所述处理器110在执行所述基于所述环境信息和所述参考初始参数生成初始化向量时，具体执行以下操作：In one embodiment, when the processor 110 performs the generating of the initialization vector based on the environment information and the reference initial parameter, the processor 110 specifically performs the following operations:

在一个实施例中，所述处理器110在执行所述采用目标函数方式对所述环境信息以及所述参考初始参数进行函数处理，得到函数处理后的初始化向量时，具体执行以下操作：In one embodiment, the processor 110 specifically performs the following operations when performing the function processing on the environment information and the reference initial parameters in an objective function manner to obtain a function-processed initialization vector:

在一个实施例中，所述处理器110在执行所述获取当前的环境信息，将所述环境信息传输至第二设备时，具体执行以下操作：In one embodiment, when the processor 110 executes the obtaining of the current environment information and transmits the environment information to the second device, the processor 110 specifically performs the following operations:

在一个实施例中，所述处理器110在执行所述获取当前的环境信息时，具体执行以下操作：从至少一个参考信息类型中确定环境信息类型，获取所述环境信息类型指示的环境信息。In one embodiment, the processor 110 specifically performs the following operations when executing the obtaining of the current environment information: determining the environment information type from at least one reference information type, and obtaining the environment information indicated by the environment information type.

请参见图17，为本申请实施例提供了一种电子设备的结构示意图。如图17所示，所述电子设备1000可以包括：至少一个处理器1001，至少一个网络接口1004，用户接口1003，存储器1005，至少一个通信总线1002。Referring to FIG. 17 , a schematic structural diagram of an electronic device is provided in an embodiment of the present application. As shown in FIG. 17 , the electronic device 1000 may include: at least one processor 1001 , at least one network interface 1004 , user interface 1003 , memory 1005 , and at least one communication bus 1002 .

其中，通信总线1002用于实现这些组件之间的连接通信。Among them, the communication bus 1002 is used to realize the connection and communication between these components.

其中，用户接口1003可以包括显示屏(Display)、摄像头(Camera)，可选用户接口1003还可以包括标准的有线接口、无线接口。The user interface 1003 may include a display screen (Display) and a camera (Camera), and the optional user interface 1003 may also include a standard wired interface and a wireless interface.

其中，网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。Wherein, the network interface 1004 may optionally include a standard wired interface and a wireless interface (eg, a WI-FI interface).

其中，处理器1001可以包括一个或者多个处理核心。处理器1001利用各种借口和线路连接整个服务器1000内的各个部分，通过运行或执行存储在存储器1005内的指令、程序、代码集或指令集，以及调用存储在存储器1005内的数据，执行服务器1000的各种功能和处理数据。可选的，处理器1001可以采用数字信号处理(Digital Signal Processing，DSP)、现场可编程门阵列(Field-Programmable Gate Array，FPGA)、可编程逻辑阵列(Programmable Logic Array，PLA)中的至少一种硬件形式来实现。处理器1001可集成中央处理器(Central Processing Unit，CPU)、图像处理器(Graphics Processing Unit，GPU)和调制解调器等中的一种或几种的组合。其中，CPU主要处理操作系统、用户界面和应用程序等；GPU用于负责显示屏所需要显示的内容的渲染和绘制；调制解调器用于处理无线通信。可以理解的是，上述调制解调器也可以不集成到处理器1001中，单独通过一块芯片进行实现。The processor 1001 may include one or more processing cores. The processor 1001 uses various excuses and lines to connect various parts of the entire server 1000, and executes the server by running or executing the instructions, programs, code sets or instruction sets stored in the memory 1005, and calling the data stored in the memory 1005. 1000s of various functions and processing data. Optionally, the processor 1001 may employ at least one of a digital signal processing (Digital Signal Processing, DSP), a Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA), and a Programmable Logic Array (Programmable Logic Array, PLA). A hardware form is implemented. The processor 1001 may integrate one or a combination of a central processing unit (Central Processing Unit, CPU), a graphics processing unit (Graphics Processing Unit, GPU), a modem, and the like. Among them, the CPU mainly handles the operating system, user interface, and application programs; the GPU is used to render and draw the content that needs to be displayed on the display screen; the modem is used to handle wireless communication. It can be understood that, the above-mentioned modem may not be integrated into the processor 1001, but is implemented by a single chip.

其中，存储器1005可以包括随机存储器(Random Access Memory，RAM)，也可以包括只读存储器(Read-Only Memory)。可选的，该存储器1005包括非瞬时性计算机可读介质(non-transitory computer-readable storage medium)。存储器1005可用于存储指令、程序、代码、代码集或指令集。存储器1005可包括存储程序区和存储数据区，其中，存储程序区可存储用于实现操作系统的指令、用于至少一个功能的指令(比如触控功能、声音播放功能、图像播放功能等)、用于实现上述各个方法实施例的指令等；存储数据区可存储上面各个方法实施例中涉及到的数据等。存储器1005可选的还可以是至少一个位于远离前述处理器1001的存储装置。如图17所示，作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及应用程序。The memory 1005 may include random access memory (Random Access Memory, RAM), or may include read-only memory (Read-Only Memory). Optionally, the memory 1005 includes a non-transitory computer-readable storage medium. Memory 1005 may be used to store instructions, programs, codes, sets of codes, or sets of instructions. The memory 1005 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playback function, an image playback function, etc.), Instructions and the like used to implement the above method embodiments; the storage data area may store the data and the like involved in the above method embodiments. Optionally, the memory 1005 may also be at least one storage device located away from the aforementioned processor 1001 . As shown in FIG. 17 , the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module and an application program.

在图17所示的电子设备1000中，用户接口1003主要用于为用户提供输入的接口，获取用户输入的数据；而处理器1001可以用于调用存储器1005中存储的数据传输应用程序，并具体执行以下操作：In the electronic device 1000 shown in FIG. 17 , the user interface 1003 is mainly used to provide an input interface for the user and obtain the data input by the user; and the processor 1001 can be used to call the data transmission application program stored in the memory 1005, and specifically Do the following:

在一个实施例中，所述处理器1001在执行所述获取针对所述第一设备的对称密钥以及参考初始参数时，具体执行以下步骤：In one embodiment, when the processor 1001 executes the obtaining of the symmetric key for the first device and the reference initial parameter, the processor 1001 specifically executes the following steps:

在一个实施例中，所述处理器1001在执行所述获取第一设备传输的环境信息之前，还包括：In one embodiment, before the processor 1001 executes the obtaining of the environment information transmitted by the first device, the method further includes:

在一个实施例中，所述处理器1001在执行所述基于所述环境信息和所述参考初始参数生成初始化向量时，具体执行以下步骤：In one embodiment, when the processor 1001 performs the generating an initialization vector based on the environment information and the reference initial parameter, the processor 1001 specifically performs the following steps:

在一个实施例中，所述处理器1001在执行所述获取第一设备传输的环境信息时，具体执行以下步骤：In one embodiment, when the processor 1001 executes the obtaining of the environment information transmitted by the first device, the processor 1001 specifically executes the following steps:

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程，是可以通过计算机程序来指令相关的硬件来完成，所述的程序可存储于一计算机可读取存储介质中，该程序在执行时，可包括如上述各方法的实施例的流程。其中，所述的存储介质可为磁碟、光盘、只读存储记忆体或随机存储记忆体等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. During execution, the processes of the embodiments of the above-mentioned methods may be included. Wherein, the storage medium can be a magnetic disk, an optical disk, a read-only storage memory, or a random storage memory, and the like.

以上所揭露的仅为本申请较佳实施例而已，当然不能以此来限定本申请之权利范围，因此依本申请权利要求所作的等同变化，仍属本申请所涵盖的范围。The above disclosures are only the preferred embodiments of the present application, and of course, the scope of the rights of the present application cannot be limited by this. Therefore, equivalent changes made according to the claims of the present application are still within the scope of the present application.

Claims

1. A data transmission method, applied to a first device, the method comprising:

acquiring the environment information and transmitting the environment information to second equipment;

acquiring a symmetric key and a reference initial parameter for the second device, and generating an initialization vector based on the environment information and the reference initial parameter;

and encrypting the first data based on the symmetric key and the initialization vector to obtain second data, and sending the second data to the second equipment, wherein the second data is used for instructing the second equipment to decrypt the second data based on the reference initial parameter, the symmetric key and the environment information.

2. The method of claim 1, wherein the obtaining a symmetric key for the second device and reference initial parameters comprises:

acquiring a shared key string and second shared information aiming at the second device, wherein the second shared information is the shared information transmitted from the second device to the first device;

performing first derivation processing based on key context information, the shared key string, first shared information and second shared information to generate a symmetric key, wherein the first shared information is shared information transmitted from the first device to the second device;

and performing second derivation processing based on the vector context information, the shared key string, the first shared information and the second shared information to generate a reference initial parameter.

3. The method of claim 2, wherein prior to obtaining the current environmental information, further comprising:

performing information negotiation with a second device to generate key context information and vector context information;

saving the key context information and the vector context information; the key context information is different from the vector context information.

4. The method of claim 1, wherein generating an initialization vector based on the environmental information and the reference initial parameters comprises:

and performing function processing on the environment information and the reference initial parameter by adopting a target function mode to obtain an initialization vector after the function processing.

5. The method according to claim 4, wherein the performing a function process on the environment information and the reference initial parameter in an objective function manner to obtain a function-processed initialization vector comprises:

performing XOR processing on the environment information and the reference initial parameter by adopting an XOR function mode to obtain an initialized vector after XOR processing; or the like, or, alternatively,

and carrying out hash processing on the environment information and the reference initial parameter by adopting a hash function mode to obtain an initialization vector after the hash processing.

6. The method of claim 1, wherein obtaining the current environment information and transmitting the environment information to the second device comprises:

acquiring current environment information, and transmitting an environment information type corresponding to the environment information to the second device, wherein the environment information type is used for indicating the second device to acquire reference environment information corresponding to the information type, and the reference environment information is the same as the environment information.

7. The method according to claim 1 or 6, wherein the obtaining current environment information comprises:

determining an environment information type from at least one reference information type, and acquiring the environment information indicated by the environment information type.

8. The method of claim 7, wherein generating an initialization vector based on the environmental information and the reference initial parameters comprises:

determining a target function mode corresponding to the environment information type based on a function mapping relation between the at least one reference information type and a reference function mode;

and performing function processing on the environment information and the reference initial parameter by adopting the target function mode to obtain an initialization vector after the function processing.

9. A data transmission method, applied to a second device, the method comprising:

acquiring environmental information transmitted by first equipment, and receiving second data sent by the first equipment; the second data is generated by encrypting the first data based on the initialization vector and the symmetric key;

acquiring a symmetric key and a reference initial parameter for the first device, and generating an initialization vector based on the environment information and the reference initial parameter;

and decrypting the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

10. The method of claim 9, wherein obtaining the symmetric key for the first device and the reference initial parameters comprises:

acquiring a shared key string and first shared information aiming at the first device, wherein the first shared information is shared information transmitted from the first device to the second device;

performing second derivation processing based on key context information, the shared key string, second shared information and first shared information to generate a symmetric key, where the second shared information is shared information transmitted from the second device to the first device;

and performing first derivation processing based on the vector context information, the shared key string, the second shared information and the first shared information to generate a reference initial parameter.

11. The method of claim 10, wherein before obtaining the environment information transmitted by the first device, further comprising:

performing information negotiation with a first device to generate key context information and vector context information;

12. The method of claim 9, wherein generating an initialization vector based on the environmental information and the reference initial parameters comprises:

and performing function processing on the environment information and the reference initial parameter by adopting a target function to obtain an initialization vector after the function processing.

13. The method of claim 9, wherein obtaining the environment information transmitted by the first device comprises:

receiving an environment information type transmitted by first equipment, wherein the environment information type is a type corresponding to environment information acquired by the first equipment;

and acquiring reference environment information corresponding to the environment information type, and taking the reference environment information as the environment information.

14. The method of claim 13, wherein generating an initialization vector based on the environmental information and the reference initial parameters comprises:

determining a target function corresponding to the environment information type based on a function mapping relation between the at least one reference information type and a reference function;

and performing function processing on the environment information and the reference initial parameter by adopting the target function to obtain an initialization vector after the function processing.

15. A data transmission apparatus, characterized in that the apparatus comprises:

the transmission module is used for acquiring current environment information and transmitting the environment information to the second equipment;

a vector generation module, configured to obtain a symmetric key and a reference initial parameter for the second device, and generate an initialization vector based on the environment information and the reference initial parameter;

and the data encryption module is used for encrypting the first data based on the symmetric key and the initialization vector to obtain second data and sending the second data to the second equipment, wherein the second data is used for indicating the second equipment to decrypt the second data based on the reference initial parameter, the symmetric key and the environment information.

16. A data transmission apparatus, characterized in that the apparatus comprises:

the information acquisition module is used for acquiring environmental information transmitted by first equipment and receiving second data sent by the first equipment;

a vector generation module, configured to obtain a symmetric key and a reference initial parameter for the first device, and generate an initialization vector based on the environment information and the reference initial parameter;

and the data decryption module is used for decrypting the second data based on the reference initial parameter, the symmetric key and the environment information to obtain third data.

17. A computer storage medium, characterized in that it stores a plurality of instructions adapted to be loaded by a processor and to perform the method steps according to any of claims 1 to 8 or 9 to 14.

18. An electronic device, comprising: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method steps of any of claims 1-8 or 9-14.