CN-122001686-A - Block key fusion encryption method and system

Abstract

The application is applicable to the technical field of data transmission, and particularly relates to a block key fusion encryption method and system, wherein the method comprises the steps of performing partitioning processing on a plurality of groups of data units in a transmission stream to obtain a plurality of independent data blocks; the method comprises the steps of carrying out sensitive data element identification on each independent data block, constructing a corresponding first temporary encryption key, realizing accurate binding of a key and data content, determining a second temporary encryption key between every two adjacent independent data blocks according to the first temporary encryption keys to obtain key interaction points, evaluating the compatibility degree between the key interaction points, fusing the key interaction points meeting the conditions to generate a main encryption key, reducing the vulnerability and global risk of a single key, ensuring the internal consistency and robustness of a key system, and fundamentally avoiding key conflict.

Inventors

• XIANG BANGMENG
• ZOU JIALI
• TANG WEIYE

Assignees

• 浙江安防职业技术学院

Dates

Publication Date

20260508

Application Date

20260409

Claims (10)

1. 1. A block key fusion encryption method, comprising: partitioning a plurality of groups of data units in a transport stream to obtain a plurality of independent data blocks; For each independent data block, identifying sensitive data elements in the independent data block, and constructing a corresponding first temporary encryption key for each independent data block; Determining a second temporary encryption key between every two independent data blocks according to the first temporary encryption keys of every two adjacent independent data blocks to obtain a plurality of key interaction points; And evaluating the compatibility degree between each key interaction point in every two adjacent independent data blocks, and fusing the second temporary encryption keys corresponding to the two key interaction points meeting the conditions to generate a main encryption key.
2. 2. The block key fusion encryption method of claim 1, wherein the performing the partitioning of the plurality of sets of data units in the transport stream to obtain a plurality of independent data blocks comprises: Carrying out data characteristic dynamic analysis on a plurality of groups of data units in a transmission stream, and determining a dynamic partition threshold value in the transmission stream; And performing partition processing on each group of data units in the transport stream based on the dynamic partition threshold value to obtain a plurality of independent data blocks.
3. 3. The block key fusion encryption method of claim 1, wherein for each independent data block, identifying sensitive data elements in the independent data block and constructing a corresponding first temporary encryption key for each independent data block comprises: for each independent data block, identifying sensitive data elements in the independent data block; Determining the distribution density of the sensitive data corresponding to each independent data block according to the identified sensitive data elements; Clustering the sensitive data elements based on the sensitive data distribution density corresponding to each independent data block to obtain a key generation data set corresponding to each independent data block; And carrying out preliminary encryption according to the key generation data set corresponding to each independent data block, and constructing a corresponding first temporary encryption key for each independent data block.
4. 4. The block key fusion encryption method of claim 3, wherein for each individual data block, identifying sensitive data elements in the individual data block comprises: identifying basic data from data corresponding to each independent data block for each independent data block; and judging the sensitivity level of each data element in the basic data in each independent data block, and determining the basic data with the sensitivity level larger than a preset sensitivity level as sensitive data.
5. 5. The block key fusion encryption method of claim 3, wherein the determining the distribution density of the sensitive data corresponding to each of the independent data blocks according to the identified sensitive data elements comprises: Calculating the distribution divergence of the sensitive data elements in each independent data block according to the identified sensitive data elements, wherein the distribution divergence is used for reflecting the discrete degree of the sensitive data elements in the independent data blocks; and constructing a density distribution function according to the distribution divergence, and determining the distribution density of the sensitive data corresponding to each independent data block.
6. 6. The block key fusion encryption method according to claim 5, wherein the constructing a density distribution function according to the distribution divergence, determining the distribution density of the sensitive data corresponding to each of the independent data blocks, comprises: Calculating distribution entropy of the sensitive data elements in the independent data block based on the distribution divergence, wherein the distribution entropy is used for representing unordered distribution degree of the sensitive data elements in the independent data block, and the distribution entropy is increased along with the increase of the discreteness of the distribution of the sensitive data elements; and determining the distribution density of the sensitive data corresponding to each independent data block based on the numerical value of the distribution entropy.
7. 7. The block key fusion encryption method according to claim 1, wherein the determining the second temporary encryption key between each two independent data blocks according to the first temporary encryption keys of each two adjacent independent data blocks to obtain a plurality of key interaction points comprises: Screening the first temporary encryption keys of every two adjacent independent data blocks, and determining a second temporary encryption key intersected with the shared boundary of the two adjacent independent data blocks; And determining an interaction point between the second temporary encryption key and the corresponding shared boundary as a key exchange point based on the second temporary encryption keys intersected by the shared boundary of each two adjacent independent data blocks, so as to obtain a plurality of key interaction points.
8. 8. The block key fusion encryption method according to claim 1, wherein the evaluating the compatibility degree between each key interaction point in each two adjacent independent data blocks, and fusing the second temporary encryption keys corresponding to the two key interaction points meeting the condition to generate the master encryption key, includes: Calculating the compatibility degree between each key interaction point in every two adjacent independent data blocks, and comparing the compatibility degree with a preset threshold; And when the compatibility degree is greater than or equal to the preset threshold value, generating a main encryption key based on two second temporary encryption keys corresponding to the key interaction point.
9. 9. The block key fusion encryption method according to claim 8, wherein generating the master encryption key based on the two second temporary encryption keys corresponding to the key interaction point when the degree of compatibility is greater than or equal to the preset threshold value comprises: When the compatibility degree is greater than or equal to the preset threshold, taking the key interaction point as a center, acquiring all key generation data sets in a specific range of the key interaction point, and obtaining a key negotiation space; determining the junction points of the two second temporary encryption keys corresponding to the key interaction points and the key negotiation area based on the key negotiation space, and taking the junction points as secondary key interaction points; and executing key fusion calculation based on all the secondary key interaction points to generate a main encryption key.
10. 10. A block key fusion encryption system, comprising: the partition unit is used for executing partition processing on a plurality of groups of data units in the transmission stream to obtain a plurality of independent data blocks; A construction unit, configured to identify, for each independent data block, a sensitive data element in the independent data block, and construct, for each independent data block, a corresponding first temporary encryption key; the interaction unit is used for determining a second temporary encryption key between every two adjacent independent data blocks according to the first temporary encryption keys of every two adjacent independent data blocks to obtain a plurality of key interaction points; and the fusion unit is used for evaluating the compatibility degree between each key interaction point in each two adjacent independent data blocks, and fusing the temporary encryption keys corresponding to the two key interaction points meeting the conditions to generate a main encryption key.

Description

Block key fusion encryption method and system Technical Field The application belongs to the technical field of data transmission, and particularly relates to a block key fusion encryption method and system. Background With the advanced development of digital economy, cloud computing technology has become a core carrier for data storage, processing and interaction in various industries, and cross-domain transmission of data among cloud nodes is used as a key link of cloud computing application, and the security of the cloud computing technology is directly related to user privacy, business confidentiality and system stability. Currently, encryption protection of data transmission in a cloud computing environment has become an important point of technical research, and technicians construct a basic encryption transmission frame by deploying means such as a symmetric encryption algorithm (e.g., AES), an asymmetric encryption mechanism (e.g., RSA), a transport layer security protocol (e.g., TLS/SSL) and the like, so as to realize encryption protection of structured data, unstructured data and real-time streaming data. In the existing data transmission method in the cloud computing environment, when facing the cooperative transmission scene of multi-node and multi-type data under the distributed cloud architecture, encryption strategies of different nodes are required to be respectively configured, key life cycles of all data blocks are independently managed, obvious fragmentation characteristics exist in the key generation, distribution and verification processes, so that key matching efficiency is low when data is transmitted across nodes, and encryption/decryption flows are redundant. Especially in a high-frequency real-time interaction scene or a sudden flow peak scene, the existing method has insufficient adaptability to a dynamic transmission environment, key updating is delayed from a data transmission rhythm, encryption delay or key conflict is easy to cause, real-time requirements in a high concurrency scene cannot be met, and the risk of data leakage is increased possibly due to rigidness of an encryption strategy. Disclosure of Invention The embodiment of the application provides a block key fusion encryption method and a system, which can solve the problems that the existing block key fusion encryption method has insufficient adaptability to dynamic transmission environment, key update is delayed from data transmission rhythm, and encryption delay or key conflict is easy to cause. In a first aspect, an embodiment of the present application provides a block key fusion encryption method, including: partitioning a plurality of groups of data units in a transport stream to obtain a plurality of independent data blocks; For each independent data block, identifying sensitive data elements in the independent data block, and constructing a corresponding first temporary encryption key for each independent data block; Determining a second temporary encryption key between every two independent data blocks according to the first temporary encryption keys of every two adjacent independent data blocks to obtain a plurality of key interaction points; And evaluating the compatibility degree between each key interaction point in every two adjacent independent data blocks, and fusing the second temporary encryption keys corresponding to the two key interaction points meeting the conditions to generate a main encryption key. The technical scheme provided by the embodiment of the application at least has the following technical effects: According to the block key fusion encryption method provided by the embodiment of the application, the plurality of groups of data units in the transmission stream are subjected to partition processing to obtain the plurality of independent data blocks, the independence and the safety boundary of each data block are accurately controlled, and a structural foundation is laid for fine encryption. And carrying out sensitive data element identification on each independent data block, constructing a corresponding first temporary encryption key, realizing accurate binding of the key and data content, and effectively quantifying and distinguishing the security level and encryption requirement of different blocks. And determining a second temporary encryption key between every two adjacent independent data blocks according to the first temporary encryption keys of the two adjacent independent data blocks to obtain a key interaction point, and providing a logic support for analyzing the relevance and the synergy between the keys. And evaluating the compatibility degree among the key interaction points, fusing the key interaction points meeting the conditions to generate a main encryption key, reducing the vulnerability and global risk of a single key, realizing the dynamic aggregation and reinforcement of an encryption core, improving the robustness and safety of a key system, ensuring the inter