[go: up one dir, main page]

CN118316613A - Lightweight channel encryption method, device, equipment and storage medium - Google Patents

Lightweight channel encryption method, device, equipment and storage medium Download PDF

Info

Publication number
CN118316613A
CN118316613A CN202310020724.1A CN202310020724A CN118316613A CN 118316613 A CN118316613 A CN 118316613A CN 202310020724 A CN202310020724 A CN 202310020724A CN 118316613 A CN118316613 A CN 118316613A
Authority
CN
China
Prior art keywords
target counter
determining
node
encryption key
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310020724.1A
Other languages
Chinese (zh)
Inventor
张高山
杜雪涛
常嘉岳
刘仲思
詹义
洪东
张晨
朱艳云
倪宁宁
王雪
朱华
巴特尔
方明星
尹子轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Design Institute Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Design Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Design Institute Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202310020724.1A priority Critical patent/CN118316613A/en
Publication of CN118316613A publication Critical patent/CN118316613A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a lightweight channel encryption method, a lightweight channel encryption device, lightweight channel encryption equipment and a lightweight channel encryption storage medium, wherein the lightweight channel encryption method comprises the following steps: generating a basic vector based on a secure two-party computing protocol, and determining an encryption key based on the basic vector; determining a target counter according to the basic vector, and determining a verification value of the target counter according to the channel number, the time stamp and the target counter of the sender node; and encrypting the channel number, the time stamp and the verification value according to the encryption key to generate a data synchronization signaling, and transmitting the data synchronization signaling to a receiver node. The invention improves the safety of data transmission.

Description

轻量级信道加密方法、装置、设备和存储介质Lightweight channel encryption method, device, equipment and storage medium

技术领域Technical Field

本发明涉及计算机技术领域,尤其涉及一种轻量级信道加密方法、装置、设备和存储介质。The present invention relates to the field of computer technology, and in particular to a lightweight channel encryption method, device, equipment and storage medium.

背景技术Background technique

大数据在智能调度机制的指挥下,以最高效、最低成本找到匹配的算力节点,完成算力对数据的加工,获取结果。在此过程中,分布于算力网络的大量算力节点之间,以不可预见的形式即时传输大量数据,数据存在被第三方获取的风险,导致数据传输的安全性低。Under the command of the intelligent scheduling mechanism, big data finds matching computing nodes with the highest efficiency and lowest cost, completes the processing of data by computing power, and obtains results. In this process, a large amount of data is transmitted instantly in an unpredictable form between a large number of computing nodes distributed in the computing power network, and there is a risk that the data will be obtained by a third party, resulting in low security of data transmission.

发明内容Summary of the invention

本发明的主要目的在于提供一种轻量级信道加密方法、装置、设备和存储介质,旨在解决如何提高数据传输的安全性的问题。The main purpose of the present invention is to provide a lightweight channel encryption method, device, equipment and storage medium, aiming to solve the problem of how to improve the security of data transmission.

为实现上述目的,本发明提供的一种轻量级信道加密方法,所述轻量级信道加密方法包括以下步骤:To achieve the above object, the present invention provides a lightweight channel encryption method, which comprises the following steps:

基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;generating a basis vector based on a secure two-party computation protocol, and determining an encryption key based on the basis vector;

根据所述基础向量确定目标计数器,并根据所述发送方节点的通道号、时间戳和所述目标计数器确定所述目标计数器的验证值;Determine a target counter according to the base vector, and determine a verification value of the target counter according to the channel number of the sender node, the timestamp and the target counter;

根据所述加密密钥对所述通道号、所述时间戳和所述验证值进行加密生成数据同步信令,并将所述数据同步信令发送至接收方节点。The channel number, the timestamp and the verification value are encrypted according to the encryption key to generate data synchronization signaling, and the data synchronization signaling is sent to a receiving node.

可选地,所述基于安全两方计算协议生成基础向量的步骤包括:Optionally, the step of generating a basis vector based on a secure two-party computing protocol includes:

生成第一随机数;generating a first random number;

根据安全两方计算协议和所述第一随机数,确定所述接收方节点对应的第二随机数;Determine a second random number corresponding to the receiving node according to a secure two-party computing protocol and the first random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,所述基于所述基础向量确定加密密钥的步骤包括:Optionally, the step of determining an encryption key based on the basis vector comprises:

确定所述基础向量的两项的异或值;determining an exclusive-or value of two terms of the basis vector;

确定所述异或值的哈希值,根据所述哈希值确定所述加密密钥。A hash value of the XOR value is determined, and the encryption key is determined according to the hash value.

可选地,所述将所述数据同步信令发送至接收方节点的步骤之后,还包括:Optionally, after the step of sending the data synchronization signaling to the receiving node, the method further includes:

根据所述加密密钥和所述目标计数器生成流密码;generating a stream cipher based on the encryption key and the target counter;

根据所述流密码对待发送的数据进行加密;encrypting the data to be sent according to the stream cipher;

将加密后的所述数据发送至所述接收方节点。The encrypted data is sent to the receiving node.

为实现上述目的,本发明还提供一种轻量级信道加密装置,所述装置包括:To achieve the above object, the present invention further provides a lightweight channel encryption device, the device comprising:

生成模块,用于基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;A generation module, configured to generate a basis vector based on a secure two-party computing protocol, and determine an encryption key based on the basis vector;

确定模块,用于根据所述基础向量确定目标计数器,并根据所述发送方节点的通道号、时间戳和所述目标计数器确定所述目标计数器的验证值;a determination module, configured to determine a target counter according to the basic vector, and determine a verification value of the target counter according to a channel number of the sender node, a timestamp and the target counter;

发送模块,用于根据所述加密密钥对所述通道号、所述时间戳和所述验证值进行加密生成数据同步信令,并将所述数据同步信令发送至接收方节点。The sending module is used to encrypt the channel number, the timestamp and the verification value according to the encryption key to generate data synchronization signaling, and send the data synchronization signaling to a receiving node.

为实现上述目的,本发明还提供一种轻量级信道加密方法,应用于接收方节点,所述方法包括:To achieve the above object, the present invention also provides a lightweight channel encryption method, which is applied to a receiving node, and the method comprises:

第一计算模块,用于基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;A first computing module, configured to generate a basis vector based on a secure two-party computing protocol, and determine an encryption key based on the basis vector;

接收模块,用于接收数据同步信令,并根据所述加密密钥对所述数据同步信令进行解密,得到解密后的发送方节点的通道号、时间戳和目标计数器的验证值;A receiving module, used to receive data synchronization signaling, and decrypt the data synchronization signaling according to the encryption key to obtain the channel number, timestamp and verification value of the target counter of the decrypted sender node;

第二计算模块,用于根据所述基础向量确定待确定的计数器,并根据所述发送方节点的通道号、时间戳和所述待确定的计数器确定每一所述待确定的计数器的参考验证值;A second calculation module, used to determine the counter to be determined according to the basic vector, and determine a reference verification value of each counter to be determined according to the channel number of the sender node, the timestamp and the counter to be determined;

比对模块,用于根据所述目标计数器的验证值和所述参考验证值进行比对,根据比对结果在所述待确定的计数器中确定发送方节点选择的目标计数器。A comparison module is used to compare the verification value of the target counter with the reference verification value, and determine the target counter selected by the sending node from the counters to be determined according to the comparison result.

可选地,所述基于安全两方计算协议生成基础向量的步骤之前,还包括:Optionally, before the step of generating a basis vector based on the secure two-party computing protocol, the step further includes:

生成第二随机数;generating a second random number;

根据安全两方计算协议和所述第二随机数,确定发送方节点的第一随机数;Determine a first random number of a sending node according to a secure two-party computing protocol and the second random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,所述根据所述目标计数器的验证值和所述参考验证值进行比对,得到发送方节点选择的目标计数器的步骤之后,还包括:Optionally, after the step of comparing the verification value of the target counter with the reference verification value to obtain the target counter selected by the sending node, the step further includes:

接收加密后的数据;Receive encrypted data;

根据所述加密密钥和发送方节点选择的目标计数器确定流密码;determining a stream cipher based on the encryption key and a target counter selected by the sending node;

根据所述流密码对所述数据进行解密。The data is decrypted according to the stream cipher.

为实现上述目的,本发明还提供一种轻量级信道加密设备,所述轻量级信道加密设备包括存储器、处理器以及存储在所述存储器并可在所述处理器上执行的轻量级信道加密程序,所述轻量级信道加密程序被所述处理器执行时实现如上所述的轻量级信道加密方法的各个步骤。To achieve the above-mentioned purpose, the present invention also provides a lightweight channel encryption device, which includes a memory, a processor, and a lightweight channel encryption program stored in the memory and executable on the processor. When the lightweight channel encryption program is executed by the processor, the various steps of the lightweight channel encryption method described above are implemented.

为实现上述目的,本发明还提供一种计算机可读存储介质,所述计算机可读存储介质存储有轻量级信道加密程序,所述轻量级信道加密程序被处理器执行时实现如上所述的轻量级信道加密方法的各个步骤。To achieve the above objectives, the present invention also provides a computer-readable storage medium, which stores a lightweight channel encryption program. When the lightweight channel encryption program is executed by a processor, it implements the various steps of the lightweight channel encryption method described above.

本发明提供的一种轻量级信道加密方法、装置、设备和存储介质,发送方节点基于安全两方计算协议生成基础向量,并基于基础向量确定加密密钥;根据基础向量确定目标计数器,并根据发送方节点的通道号、时间戳和目标计数器确定目标计数器的验证值;根据加密密钥对通道号、时间戳和验证值进行加密生成数据同步信令,并将数据同步信令发送至接收方节点。通过生成数据同步信令,使得发送方节点和接收方节点实现加密密钥和计数器的同步,以使发送方节点将加密后数据发送至接收方节点,通过加密密钥和计数器生成的流密码对数据进行加密,提高数据传输的安全性。The present invention provides a lightweight channel encryption method, device, equipment and storage medium. The sending node generates a basic vector based on a secure two-party computing protocol, and determines an encryption key based on the basic vector; determines a target counter based on the basic vector, and determines a verification value of the target counter based on the channel number, timestamp and target counter of the sending node; encrypts the channel number, timestamp and verification value according to the encryption key to generate data synchronization signaling, and sends the data synchronization signaling to the receiving node. By generating data synchronization signaling, the sending node and the receiving node synchronize the encryption key and the counter, so that the sending node sends the encrypted data to the receiving node, and encrypts the data through the stream cipher generated by the encryption key and the counter, thereby improving the security of data transmission.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例涉及的轻量级信道加密设备的硬件结构示意图;FIG1 is a schematic diagram of the hardware structure of a lightweight channel encryption device according to an embodiment of the present invention;

图2为本发明轻量级信道加密方法的一实施例的流程示意图;FIG2 is a schematic diagram of a flow chart of an embodiment of a lightweight channel encryption method of the present invention;

图3为本发明轻量级信道加密方法的网络结构的节点的示意图;FIG3 is a schematic diagram of nodes of a network structure of a lightweight channel encryption method of the present invention;

图4为本发明轻量级信道加密方法的发送方节点和接收方节点交互流程示意图;FIG4 is a schematic diagram of the interaction process between the sender node and the receiver node of the lightweight channel encryption method of the present invention;

图5为本发明轻量级信道加密方法的数据同步信令的示意图;FIG5 is a schematic diagram of data synchronization signaling of the lightweight channel encryption method of the present invention;

图6为本发明轻量级信道加密方法的发送方节点和接收方节点交互流程示意图;FIG6 is a schematic diagram of the interaction process between the sender node and the receiver node of the lightweight channel encryption method of the present invention;

图7为本发明轻量级信道加密方法的数据加密示意图;FIG7 is a schematic diagram of data encryption of a lightweight channel encryption method of the present invention;

图8为本发明轻量级信道加密方法的另一实施例的流程示意图;FIG8 is a schematic flow chart of another embodiment of a lightweight channel encryption method according to the present invention;

图9为本发明轻量级信道加密方法的数据解密的流程示意图;FIG9 is a schematic diagram of a data decryption process of a lightweight channel encryption method according to the present invention;

图10为本发明轻量级信道加密方法的再一实施例的流程示意图;FIG10 is a flow chart of another embodiment of a lightweight channel encryption method of the present invention;

图11为本发明实施例涉及的轻量级信道加密装置的逻辑结构示意图;FIG11 is a schematic diagram of the logical structure of a lightweight channel encryption device according to an embodiment of the present invention;

图12为本发明实施例涉及的轻量级信道加密装置的逻辑结构示意图。FIG12 is a schematic diagram of the logical structure of a lightweight channel encryption device according to an embodiment of the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, functional features and advantages of the present invention will be further explained in conjunction with embodiments and with reference to the accompanying drawings.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described herein are only used to explain the present invention, and are not used to limit the present invention.

本发明实施例的主要解决方案是:发送方节点基于安全两方计算协议生成基础向量,并基于基础向量确定加密密钥;根据基础向量确定目标计数器,并根据发送方节点的通道号、时间戳和目标计数器确定目标计数器的验证值;根据加密密钥对通道号、时间戳和验证值进行加密生成数据同步信令,并将数据同步信令发送至接收方节点。通过生成数据同步信令,使得发送方节点和接收方节点实现加密密钥和计数器的同步,以使发送方节点将加密后数据发送至接收方节点,通过加密密钥和计数器生成的流密码对数据进行加密,提高数据加密效率和数据传输的安全性。The main solution of the embodiment of the present invention is: the sending node generates a basic vector based on a secure two-party computing protocol, and determines an encryption key based on the basic vector; determines a target counter according to the basic vector, and determines a verification value of the target counter according to the channel number, timestamp and target counter of the sending node; encrypts the channel number, timestamp and verification value according to the encryption key to generate data synchronization signaling, and sends the data synchronization signaling to the receiving node. By generating data synchronization signaling, the sending node and the receiving node synchronize the encryption key and the counter, so that the sending node sends the encrypted data to the receiving node, and encrypts the data through the stream cipher generated by the encryption key and the counter, thereby improving the data encryption efficiency and the security of data transmission.

作为一种实现方案,轻量级信道加密设备可以如图1所示。As an implementation scheme, a lightweight channel encryption device may be as shown in FIG1 .

本发明实施例方案涉及的是轻量级信道加密设备,轻量级信道加密设备包括:处理器101,例如CPU,存储器102,通信总线103。其中,通信总线103用于实现这些组件之间的连接通信。The embodiment of the present invention relates to a lightweight channel encryption device, which includes: a processor 101, such as a CPU, a memory 102, and a communication bus 103. The communication bus 103 is used to realize connection and communication between these components.

存储器102可以是高速RAM存储器,也可以是稳定的存储器(non-volatilememory),例如磁盘存储器。如图1所示,作为一种计算机可读存储介质的存储器102中可以包括轻量级信道加密程序;而处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:The memory 102 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. As shown in FIG1 , the memory 102 as a computer-readable storage medium may include a lightweight channel encryption program; and the processor 101 may be used to call the lightweight channel encryption program stored in the memory 102 and perform the following operations:

基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;generating a basis vector based on a secure two-party computation protocol, and determining an encryption key based on the basis vector;

根据所述基础向量确定目标计数器,并根据所述发送方节点的通道号、时间戳和所述目标计数器确定所述目标计数器的验证值;Determine a target counter according to the base vector, and determine a verification value of the target counter according to the channel number of the sender node, the timestamp and the target counter;

根据所述加密密钥对所述通道号、所述时间戳和所述验证值进行加密生成数据同步信令,并将所述数据同步信令发送至接收方节点。The channel number, the timestamp and the verification value are encrypted according to the encryption key to generate data synchronization signaling, and the data synchronization signaling is sent to a receiving node.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:Optionally, the processor 101 may be configured to call a lightweight channel encryption program stored in the memory 102, and perform the following operations:

生成第一随机数;generating a first random number;

根据安全两方计算协议和所述第一随机数,确定所述接收方节点对应的第二随机数;Determine a second random number corresponding to the receiving node according to a secure two-party computing protocol and the first random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:Optionally, the processor 101 may be configured to call a lightweight channel encryption program stored in the memory 102, and perform the following operations:

确定所述基础向量的两项的异或值;determining an exclusive-or value of two terms of the basis vector;

确定所述异或值的哈希值,根据所述哈希值确定所述加密密钥。A hash value of the XOR value is determined, and the encryption key is determined according to the hash value.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:Optionally, the processor 101 may be configured to call a lightweight channel encryption program stored in the memory 102, and perform the following operations:

根据所述加密密钥和所述目标计数器生成流密码;generating a stream cipher based on the encryption key and the target counter;

根据所述流密码对待发送的数据进行加密;encrypting the data to be sent according to the stream cipher;

将加密后的所述数据发送至所述接收方节点。The encrypted data is sent to the receiving node.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:Optionally, the processor 101 may be configured to call a lightweight channel encryption program stored in the memory 102, and perform the following operations:

基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;generating a basis vector based on a secure two-party computation protocol, and determining an encryption key based on the basis vector;

接收数据同步信令,并根据所述加密密钥对所述数据同步信令进行解密,得到解密后的发送方节点的通道号、时间戳和目标计数器的验证值;Receive data synchronization signaling, and decrypt the data synchronization signaling according to the encryption key to obtain the channel number, timestamp and verification value of the target counter of the decrypted sender node;

根据所述基础向量确定待确定的计数器,并根据所述发送方节点的通道号、时间戳和所述待确定的计数器确定每一所述待确定的计数器的参考验证值;Determine the counter to be determined according to the basic vector, and determine a reference verification value of each counter to be determined according to the channel number of the sender node, the timestamp and the counter to be determined;

根据所述目标计数器的验证值和所述参考验证值进行比对,根据比对结果在所述待确定的计数器中确定发送方节点选择的目标计数器。A comparison is performed between the verification value of the target counter and the reference verification value, and the target counter selected by the sending node is determined from among the counters to be determined according to the comparison result.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密5程序,并执行以下操作:Optionally, the processor 101 may be used to call a lightweight channel encryption 5 program stored in the memory 102, and perform the following operations:

生成第二随机数;generating a second random number;

根据安全两方计算协议和所述第二随机数,确定发送方节点的第一随机数;Determine a first random number of a sending node according to a secure two-party computing protocol and the second random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,处理器101可以用于调用存储器102中存储的轻量级信道加密程序,并执行以下操作:Optionally, the processor 101 may be configured to call a lightweight channel encryption program stored in the memory 102, and perform the following operations:

接收加密后的数据;Receive encrypted data;

根据所述加密密钥和发送方节点选择的目标计数器确定流密码;determining a stream cipher based on the encryption key and a target counter selected by the sending node;

根据所述流密码对所述数据进行解密。The data is decrypted according to the stream cipher.

基于上述轻量级信道加密设备的硬件构架,提出本发明轻量级信道加密方法的实施例。Based on the hardware architecture of the above-mentioned lightweight channel encryption device, an embodiment of the lightweight channel encryption method of the present invention is proposed.

参照图2,图2为本发明轻量级信道加密方法的第一实施例,所述轻量级信道加密方法包括以下步骤:0步骤S10,基于安全两方计算协议生成基础向量,并基于所述基础向量确2, FIG2 is a first embodiment of the lightweight channel encryption method of the present invention, the lightweight channel encryption method comprises the following steps: 0 step S10, based on the secure two-party computing protocol to generate a basis vector, and based on the basis vector to determine

定加密密钥。Specify the encryption key.

可选地,本方法适用于任意的网络结构,实现网络结构中两个节点之间高效加密数据传输。示例性的,在网络结构中包括节点A和节点B,如图3所示,其中节点A是发送方节点,节点B是接收方节点。例如,网络结构为5VPN(Virtual Private Network,虚拟专用网),VPN用于在公用网络上建立专Optionally, the method is applicable to any network structure to achieve efficient encrypted data transmission between two nodes in the network structure. Exemplarily, the network structure includes node A and node B, as shown in FIG3 , where node A is the sender node and node B is the receiver node. For example, the network structure is 5VPN (Virtual Private Network), which is used to establish a private network on a public network.

用网络。它之所以称之为虚拟网,主要是因为VPN的两个节点之间并没有像传统专用网那样使用端到端的物理链路,而是架构在公用网络之上的逻辑网络,用户数据通过逻辑链路传输。It is called a virtual network mainly because the two nodes of VPN do not use end-to-end physical links like traditional private networks, but are logical networks built on the public network, and user data is transmitted through logical links.

数据在网络传输和使用过程中,因为不提供加密服务,在网络上是以明0文的方式传输的,可以轻松地被网络攻击者截获,数据中的文本格式、非文本格式的二进制数据都可被轻松地还原。因此,建立一个安全便捷的网络运行环境,对信息提供足够的保护,对信道进行加密处理是十分重要的。其中,信道为传送数据的通道,如TCP(Transmission ControlProtocol,传输控制协议)或者IP(Internet Protocol,网际互连协议)网络。信道可以从逻辑上理解为抽象信道,可以是具有物理意义的实际传送通道。信道加密方法注重解决信息在线路传输过程中的安全问题,并且可很好地控制非法用户的侵入。During the transmission and use of the network, data is transmitted in plain text on the network because no encryption service is provided. It can be easily intercepted by network attackers, and the text format and non-text binary data in the data can be easily restored. Therefore, it is very important to establish a safe and convenient network operating environment, provide sufficient protection for information, and encrypt the channel. Among them, the channel is a channel for transmitting data, such as TCP (Transmission Control Protocol) or IP (Internet Protocol) network. The channel can be understood logically as an abstract channel, or it can be an actual transmission channel with physical meaning. The channel encryption method focuses on solving the security problem of information during line transmission, and can well control the intrusion of illegal users.

信道加密是采用链路和网络加密技术为各通信节点间传输的群路信息进行加密,例如IP网络加密机等。信道加密需要节点传输加密的同步信息,占用信道一定的信息资源,对于资源有限、信息传输不连贯的节点来说,必须充分利用节点信道资源。Channel encryption uses link and network encryption technology to encrypt group information transmitted between communication nodes, such as IP network encryption machines. Channel encryption requires nodes to transmit encrypted synchronization information, occupying certain information resources of the channel. For nodes with limited resources and discontinuous information transmission, node channel resources must be fully utilized.

可选地,基础向量由发送方节点基于安全两方计算协议生成,基础向量用于生成加密密钥Key和计数器CTR。Optionally, the basis vector is generated by the sending node based on a secure two-party computation protocol, and the basis vector is used to generate an encryption key Key and a counter CTR.

可选地,发送方节点A生成第一随机数Ra;根据安全两方计算协议和所述第一随机数Ra,确定所述接收方节点B对应的第二随机数Rb;根据所述第一随机数Ra和所述第二随机数Rb生成基础向量。Optionally, the sending node A generates a first random number Ra; determines a second random number Rb corresponding to the receiving node B according to a secure two-party computing protocol and the first random number Ra; and generates a basic vector according to the first random number Ra and the second random number Rb.

其中,安全两方计算协议可以是两方混淆电路协议,计算函数是Ra和Rb的异或,即Rab=Ra⊕Rb。发送方节点A和接收方节点B均可以获取Rab值即Ra⊕Rb。在交互过程中,发送方节点A和接收方节点B不会直接获取对方生成的随机数,第三方节点也不会获取到发送方节点A的第一随机数Ra和接收方节点B的第二随机数Rb。Among them, the secure two-party computing protocol can be a two-party garbled circuit protocol, and the computing function is the exclusive OR of Ra and Rb, that is, Rab = Ra⊕Rb. Both the sender node A and the receiver node B can obtain the Rab value, that is, Ra⊕Rb. During the interaction process, the sender node A and the receiver node B will not directly obtain the random number generated by the other party, and the third-party node will not obtain the first random number Ra of the sender node A and the second random number Rb of the receiver node B.

可选地,如图4所示,发送方节点A通过第一随机数Ra和Rab异或,得到接收方节点B产生的第二随机数Rb;接收方节点B通过第二随机数Rb和Rab异或,得到发送方节点A产生的第一随机数Ra。发送方节点A独立计算出Hash(Ra||Rb)和Hash(Rb||Ra),基础向量BaseVector={Hash(Ra||Rb)、Hash(Rb||Ra)}。接收方节点B独立计算出Hash(Ra||Rb)和Hash(Rb||Ra),基础向量BaseVector={Hash(Ra||Rb)、Hash(Rb||Ra)}。其中,Hash()为哈希算法SM3,SM3杂凑算法适用于数字签名和验证消息认证码的生成与验证以及随机数的生成,可满足多种密码应用的安全需求。Optionally, as shown in FIG4 , the sending node A obtains the second random number Rb generated by the receiving node B by XORing the first random number Ra and Rab; the receiving node B obtains the first random number Ra generated by the sending node A by XORing the second random number Rb and Rab. The sending node A independently calculates Hash(Ra||Rb) and Hash(Rb||Ra), and the basic vector BaseVector={Hash(Ra||Rb), Hash(Rb||Ra)}. The receiving node B independently calculates Hash(Ra||Rb) and Hash(Rb||Ra), and the basic vector BaseVector={Hash(Ra||Rb), Hash(Rb||Ra)}. Among them, Hash() is the hash algorithm SM3, and the SM3 hash algorithm is suitable for the generation and verification of digital signatures and message authentication codes and the generation of random numbers, which can meet the security requirements of various cryptographic applications.

可选地,基于所述基础向量确定加密密钥,确定所述基础向量的两项的异或值;确定所述异或值的哈希值,根据所述哈希值确定所述加密密钥Key,如下公式所示:Optionally, an encryption key is determined based on the basic vector, an XOR value of two items of the basic vector is determined; a hash value of the XOR value is determined, and the encryption key Key is determined according to the hash value, as shown in the following formula:

Key=Hash(Hash(Ra||Rb)⊕Hash(Rb||Ra))。Key = Hash(Hash(Ra||Rb)⊕Hash(Rb||Ra)).

此时,发送方节点A利用安全多方计算协议,例如两方混淆电路协议,完成加密密钥初始化。At this time, the sending node A uses a secure multi-party computing protocol, such as a two-party confusion circuit protocol, to complete the encryption key initialization.

步骤S20,根据所述基础向量确定目标计数器,并根据所述发送方节点的通道号、时间戳和所述目标计数器确定所述目标计数器的验证值。Step S20: determining a target counter according to the basic vector, and determining a verification value of the target counter according to the channel number of the sender node, the timestamp and the target counter.

可选地,发送方节点A随机选择基础向量两项中的一项作为目标计数器CTR。而接收方节点B并不能知道发送方节点A选择的目标计数器。Optionally, the sending node A randomly selects one of the two terms of the basic vector as the target counter CTR, while the receiving node B cannot know the target counter selected by the sending node A.

可选地,基础向量BaseVector={Hash(Ra||Rb)、Hash(Rb||Ra)};根据基础向量可以确定计数器CTR=Hash(Ra||Rb),或者计数器CTR=Hash(Rb||Ra),目标计数器为两个计数器中的一个。Optionally, the base vector BaseVector = {Hash(Ra||Rb), Hash(Rb||Ra)}; according to the base vector, the counter CTR = Hash(Ra||Rb), or the counter CTR = Hash(Rb||Ra) can be determined, and the target counter is one of the two counters.

可选地,发送方节点A根据发送方节点A关联的通道号、时间戳和目标计数器确定目标计数器的验证值。其中,通道号CID代表数据传输时所关联的逻辑通道,每个发送节点具有多个逻辑通道;时间戳Ts是发送方节点A当前的标准时间,精确到秒。每次传输数据前,发送方利用通道号CID和时间戳Ts参与生成计数器CTR的验证值。Optionally, the sender node A determines the verification value of the target counter according to the channel number, timestamp and target counter associated with the sender node A. The channel number CID represents the logical channel associated with the data transmission, and each sending node has multiple logical channels; the timestamp Ts is the current standard time of the sender node A, accurate to seconds. Before each data transmission, the sender uses the channel number CID and timestamp Ts to participate in generating the verification value of the counter CTR.

其中,当目标计数器CTR为计数器Hash(Ra||Rb)时,目标计数器CTR的验证值为Hash(Hash(Ra||Rb)||CID||Ts);当目标计数器CTR为计数器Hash(Rb||Ra)时,目标计数器CTR的验证值为Hash(Hash(Rb||Ra)||CID||Ts);其中,CID为通道号,Ts为时间戳。Among them, when the target counter CTR is the counter Hash(Ra||Rb), the verification value of the target counter CTR is Hash(Hash(Ra||Rb)||CID||Ts); when the target counter CTR is the counter Hash(Rb||Ra), the verification value of the target counter CTR is Hash(Hash(Rb||Ra)||CID||Ts); among them, CID is the channel number and Ts is the timestamp.

步骤S30,根据所述加密密钥对所述通道号、所述时间戳和所述验证值进行加密生成数据同步信令,并将所述数据同步信令发送至接收方节点。Step S30: encrypt the channel number, the timestamp and the verification value according to the encryption key to generate data synchronization signaling, and send the data synchronization signaling to a receiving node.

可选地,如图6所示,根据加密密钥对通道号、时间戳和验证值进行加密生成数据同步信令,如图5所示,其中,数据同步信令中包括通道号、时间戳和目标计数器的验证值。发送方节点A将数据同步信令发送至接收方节点B。其中,数据同步信令的作用为向接收方节点传递必要内容以便对方恢复计数器CTR;以及提醒接收方节点做好数据接收准备。Optionally, as shown in FIG6 , the channel number, timestamp and verification value are encrypted according to the encryption key to generate data synchronization signaling, as shown in FIG5 , wherein the data synchronization signaling includes the channel number, timestamp and verification value of the target counter. The sending node A sends the data synchronization signaling to the receiving node B. The data synchronization signaling is used to deliver necessary content to the receiving node so that the other party can restore the counter CTR; and to remind the receiving node to prepare for data reception.

可选地,根据加密密钥和目标计数器生成流密码,可选地,根据加密密钥Key、目标计数器CTR构建SM4对称加密算法CTR加密模式,即每次数据加密前需要两个参数:加密密钥Key、目标计数器CTR。其中,不同数据块共用同一个加密密钥Key,每个数据块对应的目标计数器CTR在上一个数据块对应目标计数器CTR的基础上加1。以四组待加密的明文分组为例,加密密钥和目标计数器CTR生成流密码,对明文分组1进行加密;加密密钥和目标计数器CTR+1生成流密码,对明文分组2进行加密;加密密钥和目标计数器CTR+2生成流密码,对明文分组3进行加密。其中,数据加密后,不需要符合特定格式,仅以加密比特流传输即可。Optionally, a stream cipher is generated according to the encryption key and the target counter. Optionally, a CTR encryption mode of the SM4 symmetric encryption algorithm is constructed according to the encryption key Key and the target counter CTR, that is, two parameters are required before each data encryption: the encryption key Key and the target counter CTR. Among them, different data blocks share the same encryption key Key, and the target counter CTR corresponding to each data block is increased by 1 based on the target counter CTR corresponding to the previous data block. Taking four groups of plaintext packets to be encrypted as an example, the encryption key and the target counter CTR generate a stream cipher to encrypt plaintext packet 1; the encryption key and the target counter CTR+1 generate a stream cipher to encrypt plaintext packet 2; the encryption key and the target counter CTR+2 generate a stream cipher to encrypt plaintext packet 3. Among them, after the data is encrypted, it does not need to conform to a specific format, and it can be transmitted only as an encrypted bit stream.

其中,SM4对称加密算法是分组对称密码算法,用于实现数据的加密/解密运算,以保证数据和信息的机密性。要保证一个对称密码算法的安全性的基本条件是其具备足够的密钥长度,SM4算法与AES(Advanced Encryption Standard,高级加密标准)算法具有相同的密钥长度分组长度128比特,因此在安全性上高于3DES加密算法。Among them, the SM4 symmetric encryption algorithm is a block symmetric encryption algorithm used to implement data encryption/decryption operations to ensure the confidentiality of data and information. The basic condition for ensuring the security of a symmetric encryption algorithm is that it has a sufficient key length. The SM4 algorithm has the same key length block length of 128 bits as the AES (Advanced Encryption Standard) algorithm, so it is more secure than the 3DES encryption algorithm.

根据流密码对待发送的数据进行加密;将加密后的数据发送至接收方节点。如图7所示,以四组待加密的明文分组为例,根据加密密钥和计数器CTR对明文分组1进行加密,得到密文分组1;根据加密密钥和计数器CTR+1对明文分组2进行加密,得到密文分组2;根据加密密钥和计数器CTR+2对明文分组3进行加密,得到密文分组3;根据加密密钥和计数器CTR+3对明文分组3进行加密,得到密文分组4。The data to be sent is encrypted according to the stream cipher; the encrypted data is sent to the receiving node. As shown in Figure 7, taking four groups of plaintext packets to be encrypted as an example, plaintext packet 1 is encrypted according to the encryption key and the counter CTR to obtain ciphertext packet 1; plaintext packet 2 is encrypted according to the encryption key and the counter CTR+1 to obtain ciphertext packet 2; plaintext packet 3 is encrypted according to the encryption key and the counter CTR+2 to obtain ciphertext packet 3; plaintext packet 3 is encrypted according to the encryption key and the counter CTR+3 to obtain ciphertext packet 4.

本方法不采用公钥密码机制,仅采用对称密码机制,不需要大数运算、模幂运算复杂计算组件。采用纯软件实现本方案更简单、高效;在资源受限的环境下,例如,网卡固件、光模块固件、嵌入式设备等环境,本方案实现难度低。本方法采用基于混淆电路的安全多方计算(两方混淆电路)协议,通过两方计算生成对称密码CTR模式中密钥流初始同步参数。这种方式具备密钥协商的便利性、灵活性,同时避免采用大数运算、模幂运算等复杂计算组件。本方案仅依赖对称密码机制,所需的密码运算组件和SSL、IPsec相比更轻量级,结合对称加密算法CTR的模式,构建一种高效的流密码算法,实现相邻传输节点之间密钥流自动同步;采用参数采用混淆技术,减小信道监听的风险;采用时间戳检验机制,识别重放攻击。This method does not use a public key cryptographic mechanism, but only a symmetric cryptographic mechanism, and does not require complex computing components such as large number operations and modular exponentiation operations. It is simpler and more efficient to implement this solution using pure software; in resource-constrained environments, such as network card firmware, optical module firmware, and embedded devices, this solution is easy to implement. This method uses a secure multi-party computing (two-party obfuscated circuit) protocol based on an obfuscated circuit to generate the initial synchronization parameters of the key stream in the symmetric cryptographic CTR mode through two-party calculations. This method has the convenience and flexibility of key negotiation, while avoiding the use of complex computing components such as large number operations and modular exponentiation operations. This solution only relies on a symmetric cryptographic mechanism, and the required cryptographic computing components are lighter than those of SSL and IPsec. Combined with the mode of the symmetric encryption algorithm CTR, an efficient stream cipher algorithm is constructed to achieve automatic synchronization of key streams between adjacent transmission nodes; parameter obfuscation technology is used to reduce the risk of channel monitoring; and a timestamp verification mechanism is used to identify replay attacks.

在本实施例的技术方案中,发送方节点基于安全两方计算协议生成基础向量,并基于基础向量确定加密密钥;根据基础向量确定目标计数器,并根据发送方节点的通道号、时间戳和目标计数器确定目标计数器的验证值;根据加密密钥对通道号、时间戳和验证值进行加密生成数据同步信令,并将数据同步信令发送至接收方节点。通过生成数据同步信令,使得发送方节点和接收方节点实现加密密钥和计数器的同步,实现数据传输节点之间密钥流自动同步以使发送方节点将加密后数据发送至接收方节点,通过加密密钥和计数器生成的流密码对数据进行加密,提高数据加密效率和数据传输的安全性。In the technical solution of this embodiment, the sending node generates a basic vector based on a secure two-party computing protocol, and determines an encryption key based on the basic vector; determines a target counter based on the basic vector, and determines a verification value of the target counter based on the channel number, timestamp and target counter of the sending node; encrypts the channel number, timestamp and verification value according to the encryption key to generate data synchronization signaling, and sends the data synchronization signaling to the receiving node. By generating data synchronization signaling, the sending node and the receiving node synchronize the encryption key and the counter, and realizes automatic synchronization of the key stream between the data transmission nodes so that the sending node sends the encrypted data to the receiving node, and encrypts the data through the stream cipher generated by the encryption key and the counter, thereby improving the data encryption efficiency and the security of data transmission.

参照图8,图8为本发明轻量级信道加密方法的第二实施例,所述轻量级信道加密方法包括以下步骤:8, FIG8 is a second embodiment of the lightweight channel encryption method of the present invention, the lightweight channel encryption method comprises the following steps:

步骤S40,基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;Step S40, generating a basis vector based on a secure two-party computation protocol, and determining an encryption key based on the basis vector;

步骤S50,接收数据同步信令,并根据所述加密密钥对所述数据同步信令进行解密,得到解密后的发送方节点的通道号、时间戳和目标计数器的验证值;Step S50, receiving data synchronization signaling, and decrypting the data synchronization signaling according to the encryption key to obtain the channel number, timestamp and verification value of the target counter of the decrypted sender node;

步骤S60,根据所述基础向量确定待确定的计数器,并根据所述发送方节点的通道号、时间戳和所述待确定的计数器确定每一所述待确定的计数器的参考验证值;Step S60, determining the counter to be determined according to the basic vector, and determining a reference verification value of each counter to be determined according to the channel number of the sender node, the timestamp and the counter to be determined;

步骤S70,根据所述目标计数器的验证值和所述参考验证值进行比对,根据比对结果在所述待确定的计数器中确定发送方节点选择的目标计数器。Step S70: compare the verification value of the target counter with the reference verification value, and determine the target counter selected by the sending node from the counters to be determined according to the comparison result.

可选地,本方法适用于任意的网络结构,实现网络结构中两个节点之间高效加密数据传输。示例性的,在网络结构中包括节点A和节点B,如图3所示,其中节点A是发送方节点,节点B是接收方节点。Optionally, the method is applicable to any network structure to achieve efficient encrypted data transmission between two nodes in the network structure. Exemplarily, the network structure includes node A and node B, as shown in FIG3 , where node A is a sender node and node B is a receiver node.

可选地,基础向量由接收方节点基于安全两方计算协议生成,基础向量用于生成加密密钥Key和计数器CTR。Optionally, the basis vector is generated by the receiving node based on a secure two-party computation protocol, and the basis vector is used to generate an encryption key Key and a counter CTR.

可选地,接收方节点B生成第二随机数Rb;根据安全两方计算协议和第二随机数Rb,确定发送方节点的第一随机数Ra;根据第一随机数Ra和第二随机数Rb生成基础向量。Optionally, the receiving node B generates a second random number Rb; determines the first random number Ra of the sending node according to the secure two-party computing protocol and the second random number Rb; and generates a basic vector according to the first random number Ra and the second random number Rb.

其中,安全两方计算协议可以是两方混淆电路协议,计算函数是Ra和Rb的异或,即Rab=Ra⊕Rb。发送方节点A和接收方节点B均可以获取Rab值即Ra⊕Rb。在交互过程中,发送方节点A和接收方节点B不会直接获取对方生成的随机数,第三方节点也不会获取到发送方节点A的第一随机数Ra和接收方节点B的第二随机数Rb。Among them, the secure two-party computing protocol can be a two-party garbled circuit protocol, and the computing function is the exclusive OR of Ra and Rb, that is, Rab = Ra⊕Rb. Both the sender node A and the receiver node B can obtain the Rab value, that is, Ra⊕Rb. During the interaction process, the sender node A and the receiver node B will not directly obtain the random number generated by the other party, and the third-party node will not obtain the first random number Ra of the sender node A and the second random number Rb of the receiver node B.

可选地,如图4所示,接收方节点B通过第二随机数Rb和Rab异或,得到发送方节点A产生的第一随机数Ra。接收方节点B独立计算出Hash(Ra||Rb)和Hash(Rb||Ra),基础向量BaseVector={Hash(Ra||Rb)、Hash(Rb||Ra)}。其中,Hash()为哈希算法SM3,SM3杂凑算法适用于数字签名和验证消息认证码的生成与验证以及随机数的生成,可满足多种密码应用的安全需求。Optionally, as shown in FIG4 , the receiving node B obtains the first random number Ra generated by the sending node A by XORing the second random number Rb and Rab. The receiving node B independently calculates Hash(Ra||Rb) and Hash(Rb||Ra), and the basic vector BaseVector={Hash(Ra||Rb), Hash(Rb||Ra)}. Among them, Hash() is the hash algorithm SM3, and the SM3 hash algorithm is suitable for the generation and verification of digital signatures and message authentication codes and the generation of random numbers, which can meet the security requirements of various cryptographic applications.

可选地,基于所述基础向量确定加密密钥,确定所述基础向量的两项的异或值;确定所述异或值的哈希值,根据所述哈希值确定所述加密密钥Key,如下公式所示:Optionally, an encryption key is determined based on the basic vector, an XOR value of two items of the basic vector is determined; a hash value of the XOR value is determined, and the encryption key Key is determined according to the hash value, as shown in the following formula:

Key=Hash(Hash(Ra||Rb)⊕Hash(Rb||Ra))。Key = Hash(Hash(Ra||Rb)⊕Hash(Rb||Ra)).

此时,接收方节点B利用安全多方计算协议,例如两方混淆电路协议,完成加密密钥初始化。At this time, the receiving node B uses a secure multi-party computing protocol, such as a two-party confusion circuit protocol, to complete the encryption key initialization.

可选地,发送方节点A根据发送方节点A关联的通道号、时间戳和目标计数器确定目标计数器的验证值。其中,通道号CID代表数据传输时所关联的逻辑通道,每个发送节点具有多个逻辑通道;时间戳Ts是发送方节点A当前的标准时间,精确到秒。每次传输数据前,发送方利用通道号CID和时间戳Ts参与生成计数器CTR的验证值。Optionally, the sender node A determines the verification value of the target counter according to the channel number, timestamp and target counter associated with the sender node A. The channel number CID represents the logical channel associated with the data transmission, and each sending node has multiple logical channels; the timestamp Ts is the current standard time of the sender node A, accurate to seconds. Before each data transmission, the sender uses the channel number CID and timestamp Ts to participate in generating the verification value of the counter CTR.

其中,当目标计数器CTR为计数器Hash(Ra||Rb)时,目标计数器CTR的验证值为Hash(Hash(Ra||Rb)||CID||Ts);当目标计数器CTR为计数器Hash(Rb||Ra)时,目标计数器CTR的验证值为Hash(Hash(Rb||Ra)||CID||Ts);其中,CID为通道号,Ts为时间戳。Among them, when the target counter CTR is the counter Hash(Ra||Rb), the verification value of the target counter CTR is Hash(Hash(Ra||Rb)||CID||Ts); when the target counter CTR is the counter Hash(Rb||Ra), the verification value of the target counter CTR is Hash(Hash(Rb||Ra)||CID||Ts); among them, CID is the channel number and Ts is the timestamp.

可选地,如图6所示,接收方节点B根据所述基础向量确定待确定的计数器,并根据所述发送方节点的通道号、时间戳和所述待确定的计数器确定每一所述待确定的计数器的参考验证值。可选地,基础向量BaseVector={Hash(Ra||Rb)、Hash(Rb||Ra)};根据基础向量可以确定待确定的计数器CTR=Hash(Ra||Rb),或者待确定的计数器CTR=Hash(Rb||Ra)。Optionally, as shown in Figure 6, the receiving node B determines the counter to be determined according to the base vector, and determines the reference verification value of each counter to be determined according to the channel number, timestamp and the counter to be determined of the sending node. Optionally, the base vector BaseVector = {Hash(Ra||Rb), Hash(Rb||Ra)}; according to the base vector, the counter to be determined CTR = Hash(Ra||Rb) or the counter to be determined CTR = Hash(Rb||Ra).

可选地,接收方节点B根据所述目标计数器的验证值和所述参考验证值进行比对,根据比对结果在所述待确定的计数器中确定发送方节点选择的目标计数器。即待确定的计数器CTR1=Hash(Ra||Rb),或者待确定的计数器CTR2=Hash(Rb||Ra),当目标计数器的验证值为Hash(Ra||Rb),则目标计数器为计数器CTR1;当目标计数器的验证值为Hash(Rb||Ra),则目标计数器为CTR2。Optionally, the receiving node B compares the verification value of the target counter with the reference verification value, and determines the target counter selected by the sending node in the counter to be determined according to the comparison result. That is, the counter to be determined CTR1 = Hash (Ra||Rb), or the counter to be determined CTR2 = Hash (Rb||Ra), when the verification value of the target counter is Hash (Ra||Rb), the target counter is counter CTR1; when the verification value of the target counter is Hash (Rb||Ra), the target counter is CTR2.

可选地,步骤S70之后,还包括:接收加密后的数据;根据所述加密密钥和发送方节点选择的目标计数器确定流密码;根据所述流密码对所述数据进行解密。Optionally, after step S70, the method further includes: receiving encrypted data; determining a stream cipher according to the encryption key and a target counter selected by the sending node; and decrypting the data according to the stream cipher.

可选地,数据同步信令中包括通道号、时间戳和目标计数器的验证值如图4所示。接收方节点B接收发送方节点A的数据同步信令。Optionally, the data synchronization signaling includes a channel number, a timestamp and a verification value of a target counter as shown in FIG4 . The receiving node B receives the data synchronization signaling of the sending node A.

可选地,如图6所示,接收方节点B根据加密密钥和目标计数器生成流密码,可选地,根据加密密钥Key、目标计数器CTR构建SM4对称加密算法CTR加密模式,即每次数据解密前需要两个参数:加密密钥Key、目标计数器CTR。其中,不同数据块共用同一个加密密钥Key,每个数据块对应的目标计数器CTR在上一个数据块对应目标计数器CTR的基础上加1。以四组待解密的密文分组为例,加密密钥和目标计数器CTR生成流密码,对密文分组1进行加密;加密密钥和目标计数器CTR+1生成流密码,对密文分组2进行加密;加密密钥和目标计数器CTR+2生成流密码,对密文分组3进行加密。Optionally, as shown in FIG6 , the receiving node B generates a stream cipher according to the encryption key and the target counter. Optionally, the SM4 symmetric encryption algorithm CTR encryption mode is constructed according to the encryption key Key and the target counter CTR, that is, two parameters are required before each data decryption: the encryption key Key and the target counter CTR. Among them, different data blocks share the same encryption key Key, and the target counter CTR corresponding to each data block is added by 1 based on the target counter CTR corresponding to the previous data block. Taking four groups of ciphertext groups to be decrypted as an example, the encryption key and the target counter CTR generate a stream cipher to encrypt ciphertext group 1; the encryption key and the target counter CTR+1 generate a stream cipher to encrypt ciphertext group 2; the encryption key and the target counter CTR+2 generate a stream cipher to encrypt ciphertext group 3.

根据流密码对加密数据进行解密。如图9所示,以四组待解密的密文分组为例,根据加密密钥和计数器CTR对密文分组1进行解密,得到明文分组1;根据加密密钥和计数器CTR+1对密文分组2进行解密,得到明文分组2;根据加密密钥和计数器CTR+2对密文分组3进行解密,得到明文分组3;根据加密密钥和计数器CTR+3对密文分组3进行解密,得到明文分组4。Decrypt the encrypted data according to the stream cipher. As shown in Figure 9, taking four groups of ciphertext groups to be decrypted as an example, ciphertext group 1 is decrypted according to the encryption key and counter CTR to obtain plaintext group 1; ciphertext group 2 is decrypted according to the encryption key and counter CTR+1 to obtain plaintext group 2; ciphertext group 3 is decrypted according to the encryption key and counter CTR+2 to obtain plaintext group 3; ciphertext group 3 is decrypted according to the encryption key and counter CTR+3 to obtain plaintext group 4.

在本实施例的技术方案中,通过数据同步信令使得发送方节点和接收方节点实现加密密钥和计数器的同步,发送方节点将加密后数据发送至接收方节点,接收方节点能够对加密的数据进行解密,通过加密密钥和计数器生成的流密码对数据进行解密,提高数据传输的安全性。In the technical solution of this embodiment, the sending node and the receiving node synchronize the encryption key and the counter through data synchronization signaling. The sending node sends the encrypted data to the receiving node. The receiving node can decrypt the encrypted data by using the stream cipher generated by the encryption key and the counter, thereby improving the security of data transmission.

在一实施例中,参照图10,发送方节点A基于安全两方计算协议生成基础向量,并基于基础向量确定加密密钥;根据基础向量确定目标计数器,并根据发送方节点的通道号、时间戳和目标计数器确定目标计数器的验证值;根据加密密钥对通道号、时间戳和验证值进行加密生成数据同步信令,并将数据同步信令发送至接收方节点。同时,接收方节点B基于安全两方计算协议生成基础向量,并基于基础向量确定加密密钥。In one embodiment, referring to FIG10, the sender node A generates a basis vector based on the secure two-party computing protocol, and determines an encryption key based on the basis vector; determines a target counter based on the basis vector, and determines a verification value of the target counter based on the channel number, timestamp and target counter of the sender node; encrypts the channel number, timestamp and verification value according to the encryption key to generate data synchronization signaling, and sends the data synchronization signaling to the receiver node. At the same time, the receiver node B generates a basis vector based on the secure two-party computing protocol, and determines an encryption key based on the basis vector.

接收方节点B接收数据同步信令,并根据加密密钥对数据同步信令进行解密,得到解密后的发送方节点的通道号、时间戳和目标计数器的验证值;5根据基础向量确定待确定的计数器,并根据发送方节点的通道号、时间戳和待确定的计数器确定每一待确定的计数器的参考验证值;根据目标计数器的验证值和参考验证值进行比对,根据比对结果在待确定的计数器中确定发送方节点选择的目标计数器。The receiving node B receives the data synchronization signaling, and decrypts the data synchronization signaling according to the encryption key to obtain the channel number, timestamp and verification value of the target counter of the decrypted sending node; 5 determines the counter to be determined according to the basic vector, and determines the reference verification value of each counter to be determined according to the channel number, timestamp and counter to be determined of the sending node; compares the verification value of the target counter with the reference verification value, and determines the target counter selected by the sending node in the counter to be determined according to the comparison result.

0参照图11,本发明还提供一种轻量级信道加密装置,所述装置包括:0 Referring to FIG. 11 , the present invention further provides a lightweight channel encryption device, the device comprising:

生成模块100,用于基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;A generating module 100, configured to generate a basis vector based on a secure two-party computing protocol, and determine an encryption key based on the basis vector;

确定模块200,用于根据所述基础向量确定目标计数器,并根据所述发送方节点的通道号、时间戳和所述目标计数器确定所述目标计数器的验证值;5发送模块300,用于根据所述加密密钥对所述通道号、所述时间戳和所述验证值进行加密生成数据同步信令,并将所述数据同步信令发送至接收方节点。A determination module 200 is used to determine a target counter according to the basic vector, and to determine a verification value of the target counter according to the channel number, the timestamp and the target counter of the sending node; a sending module 300 is used to encrypt the channel number, the timestamp and the verification value according to the encryption key to generate data synchronization signaling, and to send the data synchronization signaling to the receiving node.

可选地,所述基于安全两方计算协议生成基础向量的步骤包括:Optionally, the step of generating a basis vector based on a secure two-party computing protocol includes:

生成第一随机数;generating a first random number;

0根据安全两方计算协议和所述第一随机数,确定所述接收方节点对应的第二随机数;0. Determine a second random number corresponding to the receiving node according to a secure two-party computing protocol and the first random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,所述基于所述基础向量确定加密密钥的步骤包括:Optionally, the step of determining an encryption key based on the basis vector comprises:

确定所述基础向量的两项的异或值;determining an exclusive-or value of two terms of the basis vector;

5确定所述异或值的哈希值,根据所述哈希值确定所述加密密钥。5. Determine a hash value of the XOR value, and determine the encryption key according to the hash value.

可选地,所述将所述数据同步信令发送至接收方节点的步骤之后,还包括:Optionally, after the step of sending the data synchronization signaling to the receiving node, the method further includes:

根据所述加密密钥和所述目标计数器生成流密码;generating a stream cipher based on the encryption key and the target counter;

根据所述流密码对待发送的数据进行加密;encrypting the data to be sent according to the stream cipher;

0将加密后的所述数据发送至所述接收方节点。0 sends the encrypted data to the receiving node.

参照图12,本发明还提供一种轻量级信道加密装置,所述装置包括:12, the present invention also provides a lightweight channel encryption device, the device comprising:

第一计算模块400,用于基于安全两方计算协议生成基础向量,并基于所述基础向量确定加密密钥;A first computing module 400, configured to generate a basis vector based on a secure two-party computing protocol, and determine an encryption key based on the basis vector;

接收模块500,用于接收数据同步信令,并根据所述加密密钥对所述数据同步信令进行解密,得到解密后的发送方节点的通道号、时间戳和目标计数器的验证值;The receiving module 500 is used to receive the data synchronization signaling, and decrypt the data synchronization signaling according to the encryption key to obtain the channel number, timestamp and verification value of the target counter of the decrypted sending node;

第二计算模块600,用于根据所述基础向量确定待确定的计数器,并根据所述发送方节点的通道号、时间戳和所述待确定的计数器确定每一所述待确定的计数器的参考验证值;A second calculation module 600, configured to determine a counter to be determined according to the basic vector, and determine a reference verification value of each counter to be determined according to the channel number of the sender node, the timestamp and the counter to be determined;

比对模块700,用于根据所述目标计数器的验证值和所述参考验证值进行比对,根据比对结果在所述待确定的计数器中确定发送方节点选择的目标计数器。The comparison module 700 is used to compare the verification value of the target counter with the reference verification value, and determine the target counter selected by the sending node from the counters to be determined according to the comparison result.

可选地,所述基于安全两方计算协议生成基础向量的步骤之前,还包括:Optionally, before the step of generating a basis vector based on the secure two-party computing protocol, the step further includes:

生成第二随机数;generating a second random number;

根据安全两方计算协议和所述第二随机数,确定发送方节点的第一随机数;Determine a first random number of a sending node according to a secure two-party computing protocol and the second random number;

根据所述第一随机数和所述第二随机数生成基础向量。A basis vector is generated according to the first random number and the second random number.

可选地,所述根据所述目标计数器的验证值和所述参考验证值进行比对,得到发送方节点选择的目标计数器的步骤之后,还包括:Optionally, after the step of comparing the verification value of the target counter with the reference verification value to obtain the target counter selected by the sending node, the step further includes:

接收加密后的数据;Receive encrypted data;

根据所述加密密钥和发送方节点选择的目标计数器确定流密码;determining a stream cipher based on the encryption key and a target counter selected by the sending node;

根据所述流密码对所述数据进行解密。The data is decrypted according to the stream cipher.

本发明还提供一种轻量级信道加密设备,所述轻量级信道加密设备包括存储器、处理器以及存储在所述存储器并可在所述处理器上执行的轻量级信道加密程序,所述轻量级信道加密程序被所述处理器执行时实现如上实施例所述的轻量级信道加密方法的各个步骤。The present invention also provides a lightweight channel encryption device, which includes a memory, a processor, and a lightweight channel encryption program stored in the memory and executable on the processor. When the lightweight channel encryption program is executed by the processor, the various steps of the lightweight channel encryption method described in the above embodiment are implemented.

本发明还提供一种计算机可读存储介质,所述计算机可读存储介质存储有轻量级信道加密程序,所述轻量级信道加密程序被处理器执行时实现如上实施例所述的轻量级信道加密方法的各个步骤。The present invention also provides a computer-readable storage medium, which stores a lightweight channel encryption program. When the lightweight channel encryption program is executed by a processor, it implements the various steps of the lightweight channel encryption method described in the above embodiment.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present invention are only for description and do not represent the advantages or disadvantages of the embodiments.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、系统、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、系统、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、系统、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, system, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, system, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, system, article or device including the element.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例系统可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个计算机可读存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,停车管理设备,空调器,或者网络设备等)执行本发明各个实施例所述的系统。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment system can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention is essentially or the part that contributes to the prior art can be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes a number of instructions for enabling a terminal device (which can be a mobile phone, a computer, a parking management device, an air conditioner, or a network device, etc.) to execute the system described in each embodiment of the present invention.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention. Any equivalent structure or equivalent process transformation made using the contents of the present invention specification and drawings, or directly or indirectly applied in other related technical fields, are also included in the patent protection scope of the present invention.

Claims (10)

1. A lightweight channel encryption method, for use with a sender node, the method comprising:
Generating a basic vector based on a secure two-party computing protocol, and determining an encryption key based on the basic vector;
determining a target counter according to the basic vector, and determining a verification value of the target counter according to the channel number, the time stamp and the target counter of the sender node;
And encrypting the channel number, the time stamp and the verification value according to the encryption key to generate a data synchronization signaling, and transmitting the data synchronization signaling to a receiver node.
2. The lightweight channel encryption method as set forth in claim 1, wherein the step of generating the basis vector based on the secure two-party computing protocol includes:
generating a first random number;
Determining a second random number corresponding to the receiver node according to the secure two-party computing protocol and the first random number;
and generating a basic vector according to the first random number and the second random number.
3. The lightweight channel encryption method as set forth in claim 1, wherein the step of determining an encryption key based on the basis vector includes:
Determining an exclusive or value of two terms of the base vector;
and determining the hash value of the exclusive or value, and determining the encryption key according to the hash value.
4. The lightweight channel encryption method as set forth in claim 1, further comprising, after the step of transmitting the data synchronization signaling to the receiver node:
generating a stream cipher according to the encryption key and the target counter;
encrypting the data to be transmitted according to the stream cipher;
And sending the encrypted data to the receiver node.
5. A lightweight channel encryption method for use with a receiver node, the method comprising:
Generating a basic vector based on a secure two-party computing protocol, and determining an encryption key based on the basic vector;
Receiving a data synchronization signaling, decrypting the data synchronization signaling according to the encryption key, and obtaining a channel number, a time stamp and a verification value of a target counter of a decrypted sender node;
determining a counter to be determined according to the basis vector, and determining a reference verification value of each counter to be determined according to the channel number, the time stamp and the counter to be determined of the sender node;
And comparing the verification value of the target counter with the reference verification value, and determining a target counter selected by the sender node from the counters to be determined according to the comparison result.
6. The lightweight channel encryption method as set forth in claim 5, further comprising, prior to the step of generating the basis vector based on the secure two-party computing protocol:
generating a second random number;
determining a first random number of a sender node according to a secure two-party calculation protocol and the second random number;
and generating a basic vector according to the first random number and the second random number.
7. The lightweight channel encryption method as set forth in claim 5, wherein after the step of comparing the verification value of the target counter with the reference verification value to obtain the target counter selected by the sender node, further comprising:
Receiving the encrypted data;
Determining a stream cipher according to the encryption key and a target counter selected by the sender node;
Decrypting the data according to the stream cipher.
8. A lightweight channel encryption device, said device comprising:
the generation module is used for generating a basic vector based on a secure two-party computing protocol and determining an encryption key based on the basic vector;
A determining module, configured to determine a target counter according to the base vector, and determine a verification value of the target counter according to the channel number of the sender node, the timestamp, and the target counter;
and the sending module is used for encrypting the channel number, the time stamp and the verification value according to the encryption key to generate a data synchronous signaling, and sending the data synchronous signaling to a receiver node.
9. A lightweight channel encryption device, characterized in that the lightweight channel encryption device 5 comprises a memory, a processor and a lightweight channel encryption routine stored in the memory and executable on the processor, the lightweight channel encryption routine, when executed by the processor, implementing the steps of the lightweight channel encryption method according to any of claims 1-4 or 5-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium 0 stores a lightweight channel encryption routine, which when executed by a processor, implements the respective steps of the lightweight channel encryption method according to any one of claims 1-4 or 5-7.
CN202310020724.1A 2023-01-06 2023-01-06 Lightweight channel encryption method, device, equipment and storage medium Pending CN118316613A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310020724.1A CN118316613A (en) 2023-01-06 2023-01-06 Lightweight channel encryption method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310020724.1A CN118316613A (en) 2023-01-06 2023-01-06 Lightweight channel encryption method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118316613A true CN118316613A (en) 2024-07-09

Family

ID=91731918

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310020724.1A Pending CN118316613A (en) 2023-01-06 2023-01-06 Lightweight channel encryption method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118316613A (en)

Similar Documents

Publication Publication Date Title
Malina et al. A secure publish/subscribe protocol for internet of things
Juang Efficient multi-server password authenticated key agreement using smart cards
US9008312B2 (en) System and method of creating and sending broadcast and multicast data
JP7008725B2 (en) Methods and systems for improved authenticated encryption in counter-based cryptosystems
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
Saxena et al. Dynamic secrets and secret keys based scheme for securing last mile smart grid wireless communication
Bali et al. Lightweight authentication for MQTT to improve the security of IoT communication
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
JP2017085559A (en) System and method for efficient and confidential symmetric encryption in channels with limited bandwidth
Kapur et al. Secure data transfer in MANET using symmetric and asymmetric cryptography
CN117201000A (en) Mass data secure communication method, equipment and medium based on temporary key agreement
CN115834175B (en) Group chat encryption method, message sending and receiving device and system based on quantum key
CN112532384B (en) Method for quickly encrypting and decrypting transmission key based on packet key mode
CN114070549B (en) Key generation method, device, equipment and storage medium
Luring et al. Analysis of security features in DLMS/COSEM: Vulnerabilities and countermeasures
CN114070550B (en) Information processing method, device, equipment and storage medium
CN114095151B (en) Encryption and decryption method, authentication method, device, equipment and storage medium
CN118316613A (en) Lightweight channel encryption method, device, equipment and storage medium
Gagneja et al. IoT Devices with Non-interactive Key Management Protocol
Saberi et al. Enhanced AES-CCMP key structure in IEEE 802.11 i
Junaid et al. Per packet authentication for ieee 802.11 wireless lan
CN212115338U (en) IPSEC cipher machine with quantum computation resistant function
Huang et al. A secure wireless communication system by integrating RSA and Diffie-Hellman PKDS in 4G environments and an intelligent protection-key chain with a data connection core
Vehkaoja End-to-end encryption protocol for internet of things devices
Yoon et al. An optimized two factor authenticated key exchange protocol in PWLANs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination