[go: up one dir, main page]

CN118337541B - Service flow data asymmetric encryption method based on industrial Internet identification - Google Patents

Service flow data asymmetric encryption method based on industrial Internet identification Download PDF

Info

Publication number
CN118337541B
CN118337541B CN202410774646.9A CN202410774646A CN118337541B CN 118337541 B CN118337541 B CN 118337541B CN 202410774646 A CN202410774646 A CN 202410774646A CN 118337541 B CN118337541 B CN 118337541B
Authority
CN
China
Prior art keywords
data
service
identification code
service flow
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410774646.9A
Other languages
Chinese (zh)
Other versions
CN118337541A (en
Inventor
李晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Longxinyuan Intelligent Technology Co ltd
Original Assignee
Nanjing Longxinyuan Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Longxinyuan Intelligent Technology Co ltd filed Critical Nanjing Longxinyuan Intelligent Technology Co ltd
Priority to CN202410774646.9A priority Critical patent/CN118337541B/en
Publication of CN118337541A publication Critical patent/CN118337541A/en
Application granted granted Critical
Publication of CN118337541B publication Critical patent/CN118337541B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data encryption, in particular to a service flow data asymmetric encryption method based on industrial Internet identification. The method comprises the following steps: acquiring service flow data and corresponding equipment identification codes, product identification codes, service identification codes and user identification codes; determining a reference large number according to the equipment identification code, the product identification code, the service identification code and the user identification code; carrying out prime number decomposition on the reference large number to obtain a prime number sequence; if the length of the prime number sequence is a preset length, determining a public key and a private key based on the prime number sequence and the reference big number; if the length of the prime number sequence is not the preset length, determining a public key and a private key according to the size relation between the data in the service flow data and the data range, the processing time length of the service flow data, the elements in the prime number sequence and the reference big number, and then adopting an asymmetric encryption algorithm to carry out encryption processing. The invention improves the security of the service flow data.

Description

Service flow data asymmetric encryption method based on industrial Internet identification
Technical Field
The invention relates to the technical field of data encryption, in particular to a service flow data asymmetric encryption method based on industrial Internet identification.
Background
With the advancement of industry 4.0 and the development of intelligent manufacturing, the industrial internet has become an important component of modern industrial systems. In the industrial internet, various types of traffic data are frequently communicated between devices, systems, and services. These data often contain the core competitiveness of the enterprise and trade secrets, so ensuring their secure transmission is critical. Currently, the data security challenges faced by the industrial internet are increasingly severe.
The traditional encryption technology has the problems of complex key management, low encryption efficiency and the like when encrypting large-scale and high-concurrency industrial Internet-identified business flow data. The asymmetric encryption algorithm uses a public key and a private key to encrypt and decrypt the service stream data, wherein the public key is used for encrypting the data, and the private key is used for decrypting the data. Because the public key can be disclosed, and the private key is only owned by a legal receiver, the asymmetric encryption algorithm is safer in the transmission process, and the risk of key distribution is reduced, but the public key and the private key of the algorithm are generally generated by using the existing key generation algorithm, so that the relevance between the key and the service flow data is lower, the possibility of stealing the key exists, and the risk of leakage of the service flow data is further caused.
Disclosure of Invention
In order to solve the problem that the service flow data is at risk of being leaked in the existing method, the invention aims to provide the service flow data asymmetric encryption method based on the industrial Internet identification, and the adopted technical scheme is as follows:
The invention provides a service flow data asymmetric encryption method based on industrial Internet identification, which comprises the following steps:
acquiring service flow data to be encrypted and corresponding equipment identification codes, product identification codes, service identification codes and user identification codes;
determining a reference large number according to the equipment identification code, the product identification code, the service identification code and the user identification code; carrying out prime number decomposition on the reference large number to obtain a prime number sequence;
if the length of the prime number sequence is a preset length, determining a public key and a private key based on the prime number sequence and the reference big number; if the length of the prime number sequence is not the preset length, obtaining a service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data; determining a public key and a private key according to elements in a prime number sequence, the reference big number and the service flow influence parameter pairs;
And encrypting the service flow data by adopting an asymmetric encryption algorithm based on the public key and the private key to obtain encrypted data.
Preferably, the determining the reference big number according to the equipment identification code, the product identification code, the service identification code and the user identification code includes:
Obtaining a reference information number according to the service identification code, the equipment identification code, the ASCII code corresponding to the product identification code, the number of characters in the service identification code and the number of characters in the equipment identification code;
and obtaining a reference large number according to the service identification code, the equipment identification code, the ASCII code corresponding to the user identification code and the reference information number.
Preferably, the reference information number is calculated using the following formula:
Wherein, The number of reference information is represented by the number of reference information,Representing the service identification code(s),Representing the device identification code(s) and,Representing the exclusive or symbol,Representing the ith character in the product identification code,Indicating the number of characters in the product identification code,Indicating the number of characters in the service identification code,Representing the number of characters in the device identification code,Indicating a right shift of the position of the lens,Representing taking ASCII codes, mod () represents a remainder function.
Preferably, the reference large number is calculated using the following formula:
wherein J represents a reference large number, Representing the service identification code(s),Representing the device identification code(s) and,The number of reference information is represented by the number of reference information,Representing the sign of converting a binary number into a decimal number,Representing the number of characters in the user identification code,The representation and the symbol are provided with a plurality of symbols,Representing the kth character in the user identification code.
Preferably, the preset length is 2.
Preferably, said determining a public key and a private key based on the prime number sequence and the reference big number includes:
Taking a binary group consisting of one element in the prime number sequence and the reference big number as a public key; and taking a binary group consisting of another element in the prime number sequence and the reference big number as a private key.
Preferably, the obtaining the service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data includes:
obtaining the maximum value and the minimum value in the service flow data;
And obtaining a service flow influence parameter pair according to the difference between each data and the maximum value and the difference between each data and the minimum value in the service flow data.
Preferably, the obtaining the service flow influence parameter pair according to the difference between each data and the maximum value and the difference between each data and the minimum value in the service flow data includes:
Respectively marking the difference between each data in the service flow data and the maximum value as a first difference corresponding to each data in the service flow data; acquiring a first service parameter based on the first difference and the processing time of the service flow data; the first difference and the first service parameter are in a negative correlation, and the processing time length of the service flow data and the first service parameter are in a positive correlation;
respectively marking the difference between each data in the service flow data and the minimum value as a second difference corresponding to each data in the service flow data; acquiring a second service parameter based on the second difference and the processing time of the service flow data; the second difference and the second service parameter are in a negative correlation, and the processing time length of the service flow data and the second service parameter are in a positive correlation;
the first service parameter and the second service parameter form a service flow influence parameter pair.
Preferably, the determining the public key and the private key according to the element in the prime number sequence, the reference big number and the service flow influence parameter pair includes:
removing the repeated number in the prime number sequence to obtain a data sequence to be analyzed;
Marking the result of upward rounding of the remainder of dividing the first service parameter by the number of elements in the data sequence to be analyzed as a first sequence number value; recording the element of the first serial number value in the data sequence to be analyzed as a first characteristic value;
Marking the result of upward rounding of the remainder of dividing the second service parameter by the number of elements in the data sequence to be analyzed as a second sequence number value; recording the element of the second serial number value in the data sequence to be analyzed as a second characteristic value;
And obtaining a public key and a private key based on the first characteristic value, the second characteristic value, the reference big number and elements in the prime number sequence.
Preferably, the obtaining the public key and the private key based on the first eigenvalue, the second eigenvalue, the reference big number and elements in the prime number sequence includes:
taking a binary group formed by the first characteristic value and the reference big number as a public key;
and taking the binary group formed by the second characteristic value and the reference big number as a private key.
The invention has at least the following beneficial effects:
1. the invention takes into consideration that the existing key generation algorithm is utilized to generate a basic key, then the encryption processing is carried out on the business flow data to be encrypted, the relevance between the key and the business flow data is lower, so that the key is easy to obtain, and the risk of leakage of the business flow data is caused.
2. In the process of determining the public key and the private key, the invention firstly combines the equipment identification code, the product identification code, the service identification code and the user identification code to determine the reference big number, carries out prime number decomposition on the reference big number to obtain the prime number sequence, then adaptively determines the public key and the private key based on the length of the prime number sequence and the data distribution characteristics of the service stream data, so that the secret key has the indecipherability and the stronger pseudo-randomness, the strong relevance between the public key and the private key and the service stream data is improved, the follow-up secret key is not easy to crack, and the storage safety of the service stream data is ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for asymmetric encryption of service flow data based on industrial Internet identification according to an embodiment of the present invention;
fig. 2 is a flow chart of a method of obtaining a public key and a private key.
Detailed Description
In order to further describe the technical means and effects adopted by the invention to achieve the preset aim, the following detailed description is given to the service flow data asymmetric encryption method based on the industrial internet identification according to the invention by combining the attached drawings and the preferred embodiment.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following specifically describes a specific scheme of the service flow data asymmetric encryption method based on the industrial internet identification provided by the invention with reference to the accompanying drawings.
An embodiment of a service flow data asymmetric encryption method based on industrial Internet identification:
The specific scene aimed at by this embodiment is: in the embodiment, the advantages of the star-fire-link network are combined with the security requirement of the business flow data of the industrial Internet identification, the corresponding public key and the secret key are obtained, the business flow data of the industrial Internet identification is encrypted, and the security of the business flow data of the industrial Internet identification is improved.
The embodiment provides an asymmetric encryption method for service flow data based on industrial internet identification, as shown in fig. 1, the asymmetric encryption method for service flow data based on industrial internet identification of the embodiment comprises the following steps:
step S1, obtaining service flow data to be encrypted and corresponding equipment identification codes, product identification codes, service identification codes and user identification codes.
In this embodiment, the service flow data is mainly encrypted asymmetrically based on an industrial internet identifier, so that the service flow data to be encrypted and the industrial identifier related to the service are firstly obtained, the industrial identifier in this embodiment includes a device identifier code, a product identifier code, a service identifier code and a user identifier code corresponding to the service link, and the obtained service flow data to be encrypted is subjected to related data screening to ensure the authenticity of the data, and it is required to be noted that the service flow data mentioned later are all screened data.
Thus, the embodiment obtains the service flow data to be encrypted and the corresponding equipment identification code, product identification code, service identification code and user identification code.
Step S2, determining a reference large number according to the equipment identification code, the product identification code, the service identification code and the user identification code; and carrying out prime number decomposition on the reference large number to obtain a prime number sequence.
The embodiment adopts an asymmetric encryption algorithm to encrypt the traffic data to be encrypted, and the asymmetric encryption algorithm needs to have a key pair, namely a public key and a private key, so that encryption and decryption operations on the traffic data can be completed according to the two keys, therefore, the encryption key with pseudo-randomness is generated by not using a key random generation algorithm, the data can be strongly correlated with related information while being safer, the key can have a certain traceability, the embodiment adopts an asymmetric encryption (RSA) algorithm to determine the key based on a big prime problem, and the related user information of the uploaded data is combined by using the industrial Internet identification of a user to generate a reference big number.
Specifically, obtaining a reference information number according to the service identification code, the equipment identification code, the ASCII code corresponding to the product identification code, the number of characters in the service identification code and the number of characters in the equipment identification code; and obtaining a reference large number according to the service identification code, the equipment identification code, the ASCII code corresponding to the user identification code and the reference information number. The calculation formulas of the reference information number and the reference big number are respectively as follows:
Wherein, The number of reference information is represented by the number of reference information,Representing the service identification code(s),Representing the device identification code(s) and,Representing the exclusive or symbol,Representing the ith character in the product identification code,Indicating the number of characters in the product identification code,Indicating the number of characters in the service identification code,Representing the number of characters in the device identification code,Indicating a right shift of the position of the lens,Representing taking ASCII codes, mod () representing a remainder function, J representing a base large number,Representing the sign of converting a binary number into a decimal number,Representing the number of characters in the user identification code,The representation and the symbol are provided with a plurality of symbols,Representing the kth character in the user identification code.
The RSA encrypted key has specificity, which is composed of two prime numbers and products thereof, for large prime numbers, the larger the prime number is, the larger the difficulty of finding is, the lower the analyzability is, the lower the risk of key leakage is, and the safer is, while the traditional large number generation algorithm is obtained based on a random form, once the key is lost, the access of data can be influenced, the data is lost even more seriously, so the embodiment uses the related data of the service flow to generate the required reference large number, and the industrial internet identification is firstly utilized to generate the base number, and simultaneously, the two sections are divided into front and back sections and respectively processed by different processing methods,Processing based on traditional character string addition; in order to ensure the resolvability of the obtained reference large number, the number is required to be a number of combinations, and therefore the obtained combination number is finally combined by the user identification code, and the reference large number is finally obtained.
After the reference large number is obtained, the present embodiment performs prime number decomposition on the reference large number. Specifically, a GNFS factorization algorithm is adopted to decompose the basic large number to obtain a prime number sequence. The GNFS factorization algorithm is prior art and will not be described in detail here.
Step S3, if the length of the prime number sequence is a preset length, determining a public key and a private key based on the prime number sequence and the reference big number; if the length of the prime number sequence is not the preset length, obtaining a service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data; and determining a public key and a private key according to the elements in the prime number sequence, the reference big number and the service flow influence parameter pairs.
The present embodiment obtains a prime number sequence in step S2, and then determines a public key and a private key based on the length of the prime number sequence.
Step S31, if the length of the prime number sequence is a preset length, determining a public key and a private key based on the prime number sequence and the reference big number; if the length of the prime number sequence is not the preset length, the service flow influence parameter pair is obtained according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data.
If the length of the prime number sequence is a preset length, taking a binary group consisting of one element in the prime number sequence and the reference big number as a public key; and taking a binary group consisting of another element in the prime number sequence and the reference big number as a private key. The preset length in this embodiment is 2, and in a specific application, the practitioner can set according to the specific situation.
If the length of the prime number sequence is not the preset length, obtaining a service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data; determining a public key and a private key according to elements in a prime number sequence, the reference big number and the service flow influence parameter pairs; specifically, obtaining the maximum value and the minimum value in service flow data; respectively marking the difference between each data in the service flow data and the maximum value as a first difference corresponding to each data in the service flow data; acquiring a first service parameter based on the first difference and the processing time of the service flow data; the first difference and the first service parameter are in a negative correlation, and the processing time length of the service flow data and the first service parameter are in a positive correlation; respectively marking the difference between each data in the service flow data and the minimum value as a second difference corresponding to each data in the service flow data; acquiring a second service parameter based on the second difference and the processing time of the service flow data; the second difference and the second service parameter are in a negative correlation, and the processing time length of the service flow data and the second service parameter are in a positive correlation. The positive correlation relationship indicates that the dependent variable increases along with the increase of the independent variable, the dependent variable decreases along with the decrease of the independent variable, and the specific relationship can be multiplication relationship, addition relationship, idempotent of an exponential function and is determined by practical application; the negative correlation indicates that the dependent variable decreases with increasing independent variable, and the dependent variable increases with decreasing independent variable, which may be a subtraction relationship, a division relationship, or the like, and is determined by the actual application. As a specific embodiment, a specific calculation formula of a first service parameter and a second service parameter is given, where the first service parameter and the second service parameter are specifically expressed as:
Wherein, A first service parameter is indicated and a first service parameter,Representing a second traffic parameter, t representing the processing duration of the traffic stream data, M representing the amount of data in the traffic stream data,Representing the maximum value in the traffic stream data,Representing the minimum value in the traffic stream data,Represents the mth data in the traffic stream data,Representing a downward rounding symbol and e represents a natural constant.
Representing a first difference corresponding to the mth data in the service flow data, wherein the first difference is used for reflecting the difference condition between the mth data and the maximum value in the service flow data; And the second difference corresponding to the mth data in the service flow data is expressed and is used for reflecting the difference condition between the mth data and the minimum value in the service flow data. And analyzing the relevant data distribution characteristics of the service flow data to be encrypted and the time characteristics of the service flow by utilizing the size relation between the data in the service flow data and the data range thereof and the processing time of the service flow data, so as to finish the acquisition of the first service parameter and the second service parameter.
The embodiment obtains a first service parameter and a second service parameter, and the first service parameter and the second service parameter form a service flow influence parameter pair.
And step S32, determining a public key and a private key according to the elements in the prime number sequence, the reference big number and the service flow influence parameter pairs.
Removing the repeated number in the prime number sequence to obtain a data sequence to be analyzed; for example, prime sequence {2,5,2,7,3,3,5}, then 1 at the 3 rd position in the prime sequence is culled, 3 at the 6 th position is culled, and thus the data sequence to be analyzed is {2,5,7,3}.
In the conventional RSA key generation process, only two prime numbers are generated, so that the key generation is directly performed on the RSA key, but in the embodiment, more than one factor is possible when prime number decomposition is performed based on the basic number generated under the industrial Internet identification, if two of the prime numbers are directly selected as key pairs, the problem that key data are leaked is likely to exist, so that the safety of the whole system is influenced, and therefore, prime number pairs in different positions can be selected based on different service flow data based on the characteristics of service flow data, so that the prime number pairs are also pseudo-random, and the safety of the key is further ensured.
Specifically, the result of upward rounding of the remainder of dividing the first service parameter by the number of elements in the data sequence to be analyzed is recorded as a first sequence number value; and recording the element of the first sequence number value in the data sequence to be analyzed as a first characteristic value. For example, the data sequence to be analyzed is {2,5,7,3}, the remainder of the first traffic parameter divided by the number of elements in the data sequence to be analyzed is 2.3, the result of the upward rounding of the remainder is 3, the first sequence number is 3, the 3 rd element in the data sequence to be analyzed is 7, and thus the first eigenvalue is 7. It should be noted that: if the first sequence number value is greater than the number of elements in the data sequence to be analyzed, the number of elements in the data sequence to be analyzed is R, the (R+1) th element in the data sequence to be analyzed is the (1) th element in the data sequence to be analyzed, the (R+2) th element in the data sequence to be analyzed is the (2) nd element in the data sequence to be analyzed, the (R+3) th element in the data sequence to be analyzed is the (3) th element in the data sequence to be analyzed, and so on, the (2 R+1) th element in the data sequence to be analyzed is the (1) th element in the data sequence to be analyzed, the (2) th element in the data sequence to be analyzed is the (2) th element in the data sequence to be analyzed, and so on. For example, the data sequence to be analyzed is {2,5,7,3}, the first sequence number is 6, and the first characteristic value is 5. Marking the result of upward rounding of the remainder of dividing the second service parameter by the number of elements in the data sequence to be analyzed as a second sequence number value; recording the element of the second serial number value in the data sequence to be analyzed as a second characteristic value; it should be noted that: if the second sequence number is greater than the number of elements in the data sequence to be analyzed, the number of elements in the data sequence to be analyzed is R, the (R+1) th element in the data sequence to be analyzed is the (1) th element in the data sequence to be analyzed, the (R+2) th element in the data sequence to be analyzed is the (2) nd element in the data sequence to be analyzed, the (R+3) th element in the data sequence to be analyzed is the (3) th element in the data sequence to be analyzed, and so on, the (2 R+1) th element in the data sequence to be analyzed is the (1) th element in the data sequence to be analyzed, the (2) th element in the data sequence to be analyzed is the (2) th element in the data sequence to be analyzed, and so on. For example, the data sequence to be analyzed is {2,5,7,3}, the second sequence number value is 9, and the second feature value is 2.
By adopting the method, the first characteristic value and the second characteristic value are obtained, and the binary group formed by the first characteristic value and the reference big number is used as the public key in the embodiment; and taking the binary group formed by the second characteristic value and the reference large number as a private key, namely obtaining an asymmetrically encrypted key pair, as shown in fig. 2, which is a flow chart of a method for obtaining the public key and the private key.
And S4, encrypting the service flow data by adopting an asymmetric encryption algorithm based on the public key and the private key to obtain encrypted data.
In the embodiment, in step S3, the public key and the private key are adaptively determined based on the length of the prime number sequence, that is, the key pair of the asymmetric encryption algorithm is obtained, and then the embodiment encrypts the traffic data to be encrypted, thereby improving the security of the traffic data.
Specifically, after the public key and the private key are obtained, the service flow data to be encrypted is encrypted by adopting an asymmetric encryption algorithm based on the public key and the private key, so as to obtain encrypted data. The asymmetric encryption algorithm is the prior art and will not be described in detail here.
The encrypted data is transmitted and stored through an interface provided by the star-fire-link network, and meanwhile, the obtained private key is transmitted to a receiver user based on a third-party trusted mechanism, so that the encrypted data can be decrypted conveniently.
In the embodiment, the existing key generation algorithm is used for generating the basic key, encryption processing is further carried out on the business flow data to be encrypted, the relevance between the key and the business flow data is low, so that the key is easy to obtain, the risk of leakage of the business flow data is caused, the public key and the private key which are strongly related to the business flow data are generated by combining the industrial Internet identification with the business flow data characteristics, the asymmetric encryption algorithm is further used for encryption processing on the business flow data to be encrypted, in the simplified key management process, the key has the non-analyzability and the strong pseudo-randomness, and the safety, the non-falsifiability and the traceability of the business flow data are guaranteed. In the process of determining the public key and the private key, the method first combines the equipment identification code, the product identification code, the service identification code and the user identification code to determine the reference big number, carries out prime number decomposition on the reference big number to obtain the prime number sequence, then adaptively determines the public key and the private key based on the length of the prime number sequence and the data distribution characteristics of the service stream data, so that the secret key has the indecipherability and the stronger pseudo-randomness, the strong relevance between the public key and the private key and the service stream data is improved, further the follow-up secret key is not easy to crack, and the storage safety of the service stream data is ensured.
It should be noted that: the foregoing description of the preferred embodiments of the present invention is not intended to be limiting, but rather, any modifications, equivalents, improvements, etc. that fall within the principles of the present invention are intended to be included within the scope of the present invention.

Claims (2)

1. The asymmetrical encryption method for the service flow data based on the industrial Internet identification is characterized by comprising the following steps:
acquiring service flow data to be encrypted and corresponding equipment identification codes, product identification codes, service identification codes and user identification codes;
determining a reference large number according to the equipment identification code, the product identification code, the service identification code and the user identification code; carrying out prime number decomposition on the reference large number to obtain a prime number sequence;
if the length of the prime number sequence is a preset length, determining a public key and a private key based on the prime number sequence and the reference big number; if the length of the prime number sequence is not the preset length, obtaining a service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data; determining a public key and a private key according to elements in a prime number sequence, the reference big number and the service flow influence parameter pairs;
Encrypting the service flow data by adopting an asymmetric encryption algorithm based on the public key and the private key to obtain encrypted data;
The determining the reference big number according to the equipment identification code, the product identification code, the service identification code and the user identification code comprises the following steps:
Obtaining a reference information number according to the service identification code, the equipment identification code, the ASCII code corresponding to the product identification code, the number of characters in the service identification code and the number of characters in the equipment identification code;
obtaining a reference large number according to the service identification code, the equipment identification code, the ASCII code corresponding to the user identification code and the reference information number;
the reference information number is calculated using the following formula:
wherein, The number of reference information is represented by the number of reference information,Representing the service identification code(s),Representing the device identification code(s) and,Representing the exclusive or symbol,Representing the ith character in the product identification code,Indicating the number of characters in the product identification code,Indicating the number of characters in the service identification code,Representing the number of characters in the device identification code,Indicating a right shift of the position of the lens,Representing taking ASCII codes, mod () represents a remainder function;
The reference big number is calculated using the following formula:
Wherein J represents a reference large number, Representing the service identification code(s),Representing the device identification code(s) and,The number of reference information is represented by the number of reference information,Representing the sign of converting a binary number into a decimal number,Representing the number of characters in the user identification code,The representation and the symbol are provided with a plurality of symbols,Representing the kth character in the user identification code;
The determining public and private keys based on the prime number sequence and the reference big number includes:
Taking a binary group consisting of one element in the prime number sequence and the reference big number as a public key; taking a binary group consisting of another element in the prime number sequence and the reference big number as a private key;
the obtaining the service flow influence parameter pair according to the size relation between the data in the service flow data and the data range and the processing time of the service flow data comprises the following steps:
obtaining the maximum value and the minimum value in the service flow data;
Obtaining a service flow influence parameter pair according to the difference between each data and the maximum value and the difference between each data and the minimum value in the service flow data;
The obtaining a service flow influence parameter pair according to the difference between each data and the maximum value and the difference between each data and the minimum value in the service flow data comprises the following steps:
Respectively marking the difference between each data in the service flow data and the maximum value as a first difference corresponding to each data in the service flow data; acquiring a first service parameter based on the first difference and the processing time of the service flow data; the first difference and the first service parameter are in a negative correlation, and the processing time length of the service flow data and the first service parameter are in a positive correlation;
respectively marking the difference between each data in the service flow data and the minimum value as a second difference corresponding to each data in the service flow data; acquiring a second service parameter based on the second difference and the processing time of the service flow data; the second difference and the second service parameter are in a negative correlation, and the processing time length of the service flow data and the second service parameter are in a positive correlation;
The first service parameter and the second service parameter form a service flow influence parameter pair;
The determining the public key and the private key according to the element in the prime number sequence, the reference big number and the service flow influence parameter pair comprises the following steps:
removing the repeated number in the prime number sequence to obtain a data sequence to be analyzed;
Marking the result of upward rounding of the remainder of dividing the first service parameter by the number of elements in the data sequence to be analyzed as a first sequence number value; recording the element of the first serial number value in the data sequence to be analyzed as a first characteristic value;
Marking the result of upward rounding of the remainder of dividing the second service parameter by the number of elements in the data sequence to be analyzed as a second sequence number value; recording the element of the second serial number value in the data sequence to be analyzed as a second characteristic value;
obtaining a public key and a private key based on the first characteristic value, the second characteristic value, the reference big number and elements in the prime number sequence;
The obtaining a public key and a private key based on the first eigenvalue, the second eigenvalue, the reference big number and elements in the prime number sequence includes:
taking a binary group formed by the first characteristic value and the reference big number as a public key;
and taking the binary group formed by the second characteristic value and the reference big number as a private key.
2. The asymmetric encryption method for traffic data based on industrial internet identification according to claim 1, wherein the preset length is 2.
CN202410774646.9A 2024-06-17 2024-06-17 Service flow data asymmetric encryption method based on industrial Internet identification Active CN118337541B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410774646.9A CN118337541B (en) 2024-06-17 2024-06-17 Service flow data asymmetric encryption method based on industrial Internet identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410774646.9A CN118337541B (en) 2024-06-17 2024-06-17 Service flow data asymmetric encryption method based on industrial Internet identification

Publications (2)

Publication Number Publication Date
CN118337541A CN118337541A (en) 2024-07-12
CN118337541B true CN118337541B (en) 2024-08-16

Family

ID=91780664

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410774646.9A Active CN118337541B (en) 2024-06-17 2024-06-17 Service flow data asymmetric encryption method based on industrial Internet identification

Country Status (1)

Country Link
CN (1) CN118337541B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055157A (en) * 2019-12-27 2021-06-29 京东数字科技控股有限公司 Biological characteristic verification method and device, storage medium and electronic equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8666065B2 (en) * 2003-02-07 2014-03-04 Britesmart Llc Real-time data encryption
JP4876616B2 (en) * 2006-02-17 2012-02-15 富士ゼロックス株式会社 Data protection device
US20100020975A1 (en) * 2008-07-24 2010-01-28 Electronic Data Systems Corporation System and method for electronic data security
CN114764716A (en) * 2022-03-17 2022-07-19 上海德启信息科技有限公司 Service identification code generation and verification method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055157A (en) * 2019-12-27 2021-06-29 京东数字科技控股有限公司 Biological characteristic verification method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN118337541A (en) 2024-07-12

Similar Documents

Publication Publication Date Title
Sim et al. Single-trace attacks on message encoding in lattice-based KEMs
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
CN110312054B (en) Image encryption and decryption method, related device and storage medium
CN115065555B (en) Information security processing method and system
US7984305B2 (en) Encryption processing apparatus and encryption processing method for setting a mixed encryption processing sequence
Bahrami et al. Image encryption using a lightweight stream encryption algorithm
Cao A new hybrid chaotic map and its application on image encryption and hiding
Khedr A new efficient and configurable image encryption structure for secure transmission
CN115643003B (en) Method and apparatus for side channel analysis
Suryanto et al. A Secure and Robust Image Encryption Based on Chaotic Permutation Multiple Circular Shrinking and Expanding.
Zheng et al. An image encryption algorithm based on multichaotic system and DNA coding
CN115632765B (en) Encryption method, decryption method, device, electronic device and storage medium
KR101506499B1 (en) Method for encrypting with SEED applying mask
Oravec et al. Asymmetric image encryption approach with plaintext-related diffusion
CN119483894A (en) A dynamic transmission method and device based on quantum noise stream coding
CN118337541B (en) Service flow data asymmetric encryption method based on industrial Internet identification
Gupta et al. An Enhanced Security in Medical Image Encryption Based on Multi-level Chaotic DNA Diffusion
Chen et al. An Efficient Diffusion Scheme for Chaos‐Based Digital Image Encryption
Farooq et al. Towards the design of new cryptographic algorithm and performance evaluation measures
Li et al. A novel colour image encryption based on fractional order Lorenz system
CN112380404A (en) Data filtering method, device and system
Feng et al. A novel image encryption algorithm based on new one-dimensional chaos and DNA coding
Mostafa et al. A new chaos based medical image encryption scheme
Wu et al. Binary data encryption using the Sudoku block cipher
Rahouma Reviewing and applying security services with non-english letter coding to secure software applications in light of software trade-offs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant