CN-122027139-A - Information data safety transmission method and system

Abstract

The invention relates to the technical field of data transmission, and particularly discloses an information data safety transmission method and system, wherein a terminal is bidirectionally initialized and is bound with a software and hardware user three-dimensional identity; the method comprises the steps of dynamically generating and negotiating a session key based on binding information and updating the session key periodically, splitting a data block and distributing a unique identifier, encrypting through multi-layer combination to obtain secondary encrypted data, transmitting and monitoring a link after two-way authentication passes, receiving decrypted check integrity and reconstructing the data, monitoring risks and carrying out emergency treatment in the whole process, and keeping an encrypted log by a plurality of nodes for tracing. The invention solves the problems of weak single authentication, easy cracking of a fixed key and the like through multidimensional identity verification, a dynamic key mechanism, a multi-layer encryption system and overall process risk management and control, and considers the requirements of transmission safety, efficiency and compliance traceability.

Inventors

• CHENG HAILONG

Assignees

• 北京亚鸿世纪科技发展有限公司

Dates

Publication Date

20260512

Application Date

20260228

Claims (8)

1. 1. The information data safety transmission method is characterized by comprising the following steps: Step S1, a sending end and a receiving end respectively finish terminal initialization and construct a proprietary security transmission module, and after the initialization is finished, the sending end and the receiving end perform bidirectional multidimensional identity binding; Step S2, the sending end and the receiving end generate a dynamic session key based on the binding identity information, and the key fragment interaction, the interference encryption and the dynamic update are completed in the generation process; Step S3, splitting the data to be transmitted into a plurality of data blocks according to the data type by a transmitting end, distributing unique identity marks for each data block, and carrying out multi-layer encryption by adopting a combined encryption mode of symmetric encryption, hash encryption and quantum random code encryption to obtain secondary encryption data; Step S4, the transmitting end transmits a transmission request to the receiving end and uploads identity information, after the secondary verification of the third party trusted authentication node is passed through the comparison of the receiving end, the second-level encrypted data is transmitted through the encrypted transmission link, and the link state is monitored in real time in the transmission process; Step S5, the receiving end decrypts the second-level encrypted data layer by layer, extracts the data block and verifies the integrity, the data block is recombined into complete data after verification is passed, and the damaged data block is requested to be retransmitted if verification fails; Step S6, monitoring a preset risk item in real time in the whole data transmission process, immediately stopping transmission, destroying a key, sending early warning and recording information when the risk is monitored, and restarting transmission after the risk is eliminated; and S7, after the data transmission is completed, the sending end, the receiving end and the third party trusted authentication node respectively store encrypted transmission logs.
2. 2. The method for securely transmitting information data according to claim 1, wherein in step S1, the bidirectional multidimensional identity binding specifically comprises: S11, binding hardware dimensions, collecting CPU serial numbers, a main board unique identifier and a hard disk physical address of a transmitting end and a receiving end, generating a hardware identity abstract through a hash algorithm, and bidirectionally uploading the hardware identity abstract to a third party trusted authentication node adopting a distributed storage architecture; S12, binding environment dimensions, collecting operating system versions, network IP sections, memory occupancy rates and process lists of a sending end and a receiving end, generating environment feature codes, and storing the environment feature codes and the hardware identity abstracts in an associated mode; and S13, binding user dimensions, collecting at least two biological characteristic information of a user at a transmitting end and a user at a receiving end, and encrypting and storing to form a multi-factor user identity library, wherein the biological characteristic information comprises fingerprints, voiceprints and irises.
3. 3. The method for securely transmitting information data according to claim 2, wherein in step S2, the dynamic generation of the session key comprises the following steps: s21, the transmitting end generates an initial key factor based on fingerprint information, an environment feature code and a current timestamp, and a first key fragment is obtained through iterative operation of a chaotic algorithm; S22, the sending end and the receiving end interact the respective key fragments through a third-party trusted authentication node, the key fragments are split into 10-20 sub-fragments during interaction, and random interference codes are added to each sub-fragment; And S23, the sending end and the receiving end remove the interference codes and recombine the received key fragments, the unique session key is generated by combining the key fragments generated by the sending end and the receiving end through a key negotiation algorithm, meanwhile, the key validity period of 1-5 minutes is dynamically set according to the data transmission quantity, and the steps S21-S23 are repeated to update the key after the expiration of the validity period.
4. 4. The method for securely transmitting information data according to claim 3, wherein in step S3, the splitting and combining encryption process of the data comprises: s31, splitting data, namely splitting original data according to the data types of texts, images, audios and videos to obtain a plurality of data blocks, dynamically adjusting the sizes of the data blocks according to network bandwidths, and distributing unique identity identifiers comprising serial numbers, generation time and check codes for each data block; S32, multi-layer encryption, namely symmetrically encrypting each data block through the session key generated in the step S2 to obtain primary encrypted data, carrying out hash operation on the primary encrypted data to generate a hash value, generating a random code through a quantum random number generator, and carrying out fusion encryption on the hash value and the primary encrypted data to obtain secondary encrypted data.
5. 5. The method for securely transmitting information data according to claim 4, wherein said step S4 is specifically: S41, a transmitting end transmits a transmission request and simultaneously uploads a hardware identity abstract, a real-time environment feature code and user biological feature information acquired in real time; s42, the receiving end compares the request information with the information stored by the local and third party trusted authentication nodes, and verifies the characteristic code of the transmitting end environment, and allows a fluctuation range of +/-5%; s43, the third party trusted authentication node secondarily verifies identity information of both parties, if authentication is passed, an instruction is sent, and if authentication is failed, transmission is blocked, early warning is sent and the reason is recorded; And S44, after the authentication is passed, the sending end transmits the secondary encrypted data, and the fluctuation of the transmission rate, the loss rate of the data packet and the stability of the link node are monitored in real time.
6. 6. The method for securely transmitting information data according to claim 5, wherein the data receiving, decrypting and integrity checking of step S5 comprises: s51, the second-level encrypted data is decoded through a session key, and the first-level encrypted data and the hash value are separated; s52, the primary encryption data are decoded to obtain data blocks, and identity identification is extracted; S53, comparing the hash values, verifying the continuity and the uniqueness of the data block identity marks, and completing the integrity check; S54, reorganizing the data block if the verification is passed, and positioning the damaged data block by the identity mark if the verification is failed, and requesting to independently retransmit the data block.
7. 7. The method of claim 6, wherein in step S6, the preset risk items include identity information tampering, key disclosure, link hijacking, data block tampering, strange process intrusion, and IP address anomaly jump.
8. 8. A secure transmission system for information data, comprising: The transmitting end is used for finishing the initialization of the terminal, carrying out bidirectional multidimensional identity binding with the receiving end, generating a key fragment based on the binding identity information and participating in dynamic session key negotiation, splitting the original data according to types, distributing unique identity identifiers, then executing multi-layer combined encryption processing, transmitting a transmission request and the identity information, transmitting secondary encrypted data through an encryption transmission link module after passing authentication, reserving an encryption transmission log, and responding to a damaged data block retransmission request of the receiving end; The receiving end is used for finishing terminal initialization, participating in bidirectional multidimensional identity binding and dynamic session key negotiation, carrying out primary comparison on identity information uploaded by the transmitting end, receiving secondary encrypted data and decrypting the secondary encrypted data layer by layer, carrying out integrity check and recombination on the data blocks, storing an encrypted transmission log, and requesting independent retransmission to the transmitting end aiming at the data blocks with failed check; The third party trusted authentication node module adopts a distributed storage architecture, is used for storing hardware identity abstracts, environment feature codes and multi-factor user identity libraries of a sending end and a receiving end, transferring key fragments of the two interaction parties, carrying out secondary verification on identity information of the sending end and the receiving end, generating an authentication instruction, blocking abnormal transmission and recording reasons, and simultaneously, preserving an encrypted transmission log to provide support for full-flow identity authentication and tracing; the encryption transmission link module is used for constructing a dedicated encryption transmission channel, carrying secondary encryption data transmission, feeding back link state information of transmission rate fluctuation, data packet loss rate and link node stability in real time, and guaranteeing link safety in the data transmission process; The risk monitoring and emergency module is used for monitoring preset risk items of identity information tampering, key leakage, link hijacking, data block tampering, strange process invasion and IP address abnormal jump in the whole data transmission process in real time, triggering transmission termination, key destruction, early warning sending and information recording operation immediately when the risk is monitored, and controlling a system to restart a transmission flow after the risk is eliminated so as to realize full-flow risk closed loop control.

Description

Information data safety transmission method and system Technical Field The invention relates to the technical field of data transmission, in particular to a method and a system for safely transmitting information data. Background The prior data transmission technology adopts a fixed key encryption and single identity authentication mode to realize safety protection, and has the technical defects that on one hand, the fixed key is easy to crack and the whole flow data leakage risk can be caused by untimely updating of the key, on the other hand, the identity authentication dimension is single, the attacks such as identity forging and link hijacking are difficult to resist only by depending on hardware or user passwords, meanwhile, the whole flow risk monitoring mechanism is lacking in the data transmission process, the emergency response is delayed in the face of abnormal conditions such as data tampering and strange process invasion, and the transmission log is incomplete, so that the definition of data tracing and responsibility can not be realized. In addition, the existing encryption mode mostly adopts a single encryption algorithm, the encryption strength is insufficient, and if partial data blocks are damaged in the data transmission process, the whole data blocks need to be retransmitted, so that the transmission efficiency is low. In view of the above, a secure transmission scheme for information data with multi-dimensional protection, dynamic key management and overall process risk closed loop is needed to achieve the transmission security, stability and efficiency. Disclosure of Invention The technical problem to be solved by the invention is to provide a safe information data transmission method and system, which realize high security, high stability and high efficiency of data transmission through bidirectional multidimensional identity binding, dynamic key generation and updating, multi-layer combined encryption, full-flow risk monitoring and trace tracing. In order to solve the technical problems, the technical scheme provided by the invention is that the information data safety transmission method comprises the following steps: Step S1, bidirectional initialization and multidimensional identity binding of a transmission terminal The transmitting end and the receiving end respectively complete terminal initialization and construct a dedicated safety transmission module; Step S2, dynamic key generation and negotiation The sending end and the receiving end generate a dynamic session key based on the binding identity information, and complete key fragment interaction, interference encryption and dynamic updating in the generation process; Step S3, data splitting and encryption processing The method comprises the steps that a sending end splits data to be transmitted into a plurality of data blocks according to data types, unique identity marks are allocated to each data block, and then multi-layer encryption is carried out in a combined encryption mode of symmetric encryption, hash encryption and quantum random code encryption to obtain secondary encryption data; Step S4, dynamic identity authentication and data transmission The transmitting end transmits a transmission request to the receiving end and uploads identity information, after the secondary verification of the third-party trusted authentication node is passed through the comparison of the receiving end, secondary encrypted data is transmitted through an encrypted transmission link, and the link state is monitored in real time in the transmission process; Step S5, data receiving, decrypting and integrity checking The receiving end decrypts the second-level encrypted data layer by layer, extracts the data block and verifies the integrity, the data block is recombined into complete data after verification is passed, and the damaged data block is requested to be retransmitted if verification fails; step S6, risk monitoring and emergency treatment in the whole transmission process Monitoring a preset risk item in real time in the whole data transmission process, immediately stopping transmission, destroying a key, sending early warning and recording information when the risk is monitored, and restarting transmission after the risk is eliminated; step S7, transmission log preserving and tracing After the data transmission is completed, the sending end, the receiving end and the third party trusted authentication node respectively store encrypted transmission logs. Further, in step S1, the bidirectional multidimensional identity binding specifically includes: S11, binding hardware dimensions, collecting CPU serial numbers, a main board unique identifier and a hard disk physical address of a transmitting end and a receiving end, generating a hardware identity abstract through a hash algorithm, and bidirectionally uploading the hardware identity abstract to a third party trusted authentication node adopting a distributed storage architecture; S1