Search

CN-122027145-A - Cross-terminal collaborative layered encryption and differential data secure transmission method and system

CN122027145ACN 122027145 ACN122027145 ACN 122027145ACN-122027145-A

Abstract

The invention provides a cross-end collaborative hierarchical encryption and differential data secure transmission method and system, which are characterized by comprising the steps of obtaining editing operation data generated by at least two collaborative terminals aiming at the same design object and generating a composite differential unit, determining a security level identifier of the composite differential unit, splitting the composite differential unit into a core segment, an associated segment and a verification segment, generating a dynamic layer key for the core segment, the associated segment and the verification segment of the composite differential unit, realizing that the composite differential unit instead of the whole object is taken as a protection granularity, ensuring that the security hierarchy is dynamic and can change along with the dependence relation of the design object and the state change of the terminal, splitting the same design change into multiple pieces and transmitting the pieces in a staggered manner, improving the replay resistance and the association resistance analysis capability, ensuring that data seen by an intermediate link is further distorted by a reversible disturbance mechanism, ensuring that an authorized receiving end can still be recovered accurately, ensuring that a shadow and a state mechanism of consistency avoids 'error recombination results from directly falling down', and improving the collaborative design reliability.

Inventors

  • HUANG YONG

Assignees

  • 深圳市博思云创科技有限公司

Dates

Publication Date
20260512
Application Date
20260324

Claims (10)

  1. 1. The cross-end collaborative hierarchical encryption and differential data secure transmission method is characterized by comprising the following steps of: Step one, editing operation data generated by at least two cooperative terminals aiming at the same design object is obtained and a composite differential unit is generated; Step two, determining a security level identification of the composite differential unit; Dividing the composite differential unit into a core segment, an associated segment and a verification segment; Step four, generating a dynamic layer key for the core segment and the associated segment and the check segment of the composite differential unit; Step five, performing hierarchical heterogeneous encryption processing and reversible disturbance processing, performing time window dislocation scheduling, and transmitting a transmission packet through a multi-logic transmission channel; step six, segment convergence, disturbance compensation and decryption and recombination and consistency verification are executed at the cooperative terminal; And step seven, updating the local design state of the collaborative terminal or generating a shadow design state according to the consistency verification result and preventing formal submission.
  2. 2. The method of claim 1, wherein the determining the security level identification of the composite differential unit is preceded by calculating a security score for the composite differential unit; and determining a corresponding security level identifier according to the security score of the composite differential unit.
  3. 3. The method of claim 2, wherein the calculating the security score for the composite differencing unit is performed according to equation 1; Equation 1: Wherein, the method comprises the steps of, Represent the first The security score of each of the composite differential units, The degree of criticality of the semantics is represented, The depth of dependence is indicated as such, Indicating the degree of exposure across the ends, Representing a risk of reconstruction; a normalized upper bound representing the semantic criticality of the composite differential unit, Representing a depth-dependent normalized upper bound of the composite differential cell, A normalized upper bound representing the cross-end exposure of the composite differential cell, A normalized upper bound representing a risk of reconstruction of the composite differential unit; , And And All are weight coefficients and the addition is equal to 1; The corresponding security level identification is determined according to the security score of the composite differential unit according to a formula 2; Equation 2: Wherein, the method comprises the steps of, Represent the first A security level identification of each of the composite differential units, Representing a preset maximum security level.
  4. 4. The method of claim 1, wherein the core segments carry key differential content capable of reconstructing a true design structure, the associated segments carry dependency mapping information, and the check segments carry integrity verification information and state tracking information; and the core segment duty ratio is improved for the composite differential units with higher security level identifiers, and the associated segment duty ratio is improved for the composite differential units with lower security level identifiers.
  5. 5. The method of claim 3, wherein the dynamic layer key is calculated according to equation 3; equation 3: Wherein, the method comprises the steps of, Representing the dynamic layer key in question, Representing a key-derived hash function, Representing the root session key and, Representing the identity of the terminal role, The representation is dependent on the path fingerprint, The time window identity is indicated and the time window, Representing a summary of the trust status of the terminal, Representing a hierarchical mask vector; The terminal trust status abstract is generated at least by a device proof result, an operating environment integrity result, a session continuity status and an abnormal behavior score.
  6. 6. The method of claim 5, wherein the reversible perturbation process satisfies equation 4; Equation 4: Wherein, the method comprises the steps of, Representing the post-disturbance differential vector(s), The original differential vector is represented as such, Representation and the first The security level of each of the composite differential units identifies an associated disturbance amplitude coefficient, Representing the disturbance of the seed by the seed, Representing a pseudo-random perturbation sequence co-generated by the time window identification and the perturbation seed, Representing the coefficient of the compensation weight and, Representing a compensation anchor generated by the local base line snapshot; When the collaborative terminal recovers the differential vector after disturbance, a recovered differential vector is obtained according to a formula 5; Equation 5: Wherein, the method comprises the steps of, Representing a recovered differential vector.
  7. 7. The method of claim 5, wherein the logic transmission channels comprise at least a control channel, a load channel and a check channel and respectively adopt different sequence number spaces; Distributing core fragments, associated fragments and check fragments of the same composite differential unit to different transmission time slots, and enabling the transmission sequence of any one of the core fragments, the associated fragments and the check fragments of the composite differential unit to be inconsistent with the original editing sequence; The multi-logic channel transmission packet carries a unidirectional chain random number, a version anchor point and a rollback anchor point.
  8. 8. The method of claim 7, wherein the segment convergence comprises cluster mapping the core segments and the associated segments and the check segments from different ones of the logical transport channels according to object identification, the dependent path fingerprint and the version anchor and a time window tag.
  9. 9. The method of claim 1, wherein the consistency verification satisfies equation 6; equation 6: Wherein, the method comprises the steps of, A consistency verification value is represented as such, Represents the structural similarity of the recombined transmitting end and the receiving end, Representing the fidelity of the dependency relationship, Indicating the degree of consistency of the sequence of operations, Representing a conflict penalty term; , And And Are all weight coefficients; The method further includes that when the consistency verification value is smaller than a submission threshold and larger than an observation threshold, the collaborative terminal only generates a shadow design state and marks the shadow design state as a state to be manually confirmed.
  10. 10. A cross-terminal collaborative hierarchical encryption and differential data security transmission system, the system comprising: the differential extraction unit is used for acquiring editing operation data generated by at least two cooperative terminals aiming at the same design object and generating a composite differential unit; the security layering unit is used for determining a security level identification of the composite differential unit; The fragmentation arrangement unit is used for splitting the composite differential unit into a core fragment, an associated fragment and a verification fragment; the dynamic key unit is used for generating a dynamic layer key for the core segment, the associated segment and the verification segment of the composite differential unit; the encryption perturbation unit is used for executing hierarchical heterogeneous encryption processing and reversible perturbation processing; the scheduling and transmitting unit is used for executing time window staggered scheduling and transmitting transmission packets through the multi-logic transmission channel; The reorganization verification unit is used for executing fragment convergence, disturbance compensation and decryption and reorganization and consistency verification on the cooperative terminal; And the state control unit is used for updating the local design state of the collaborative terminal or generating a shadow design state according to the consistency verification result and preventing formal submission.

Description

Cross-terminal collaborative layered encryption and differential data secure transmission method and system Technical Field The invention belongs to the technical field of cross-end collaborative encryption and secure transmission, and particularly relates to a cross-end collaborative layered encryption and differential data secure transmission method and system. Background With the development of business forms such as industrial design, three-dimensional modeling, electronic design automation, product structure design, interface prototype design, structured document design and the like towards the cooperation direction of multiple terminals, the same design object is edited by multiple terminals simultaneously to become a normal state. The existing collaborative design system generally realizes cross-end collaboration through whole object synchronization, version log synchronization or common differential synchronization, and is assisted by static permission control and session encryption mechanisms to ensure basic communication security. However, the prior art still has the following defects that firstly, most schemes still take a complete design object or an integral differential log as transmission granularity, so that sensitive design intention is caused, key structural parameters and core dependency relations are larger in an exposed surface in a transmission process, secondly, the existing authority control mainly takes a user or a terminal as granularity, dynamic layering processing capacity aiming at a single design change risk level is lacking, thirdly, even if a conventional encryption mode is adopted, an attacker can deduce a real design structure by depending on a context, a transmission time sequence and a rollback link through a differential field sequence, fourthly, a receiving end can finish data decryption under the condition of multi-terminal concurrent editing, but a recombination result does not necessarily meet the requirement of design object dependency consistency and operation cause and effect consistency, a receivable but unreliable submitted state is easy to form, and fifthly, when the trust state of the terminal fluctuates, the prior scheme generally lacks the capability of timely invalidating unfinished differential fragments and controlling visible according to layers. Therefore, a new data security transmission scheme in a cross-terminal collaborative design scene is needed, a composite differential unit is used as a basic processing object, and a complete closed loop is formed in the links of differential extraction, hierarchical grading, slice transmission, reversible disturbance recovery, consistency verification and the like, so that the security and reliability in the cross-terminal collaborative design are improved. Disclosure of Invention In view of the shortcomings of the prior art, the invention aims to provide a cross-terminal collaborative hierarchical encryption and differential data security transmission method and system, which are used for solving the problems of coarse design differential exposure granularity, unsmooth risk control, easy deduction of a transmission process, insufficient consistency of recombination of a receiving terminal, lack of dynamic failure control when a terminal state is abnormal and the like in the prior art. In one aspect, the invention provides a cross-end collaborative hierarchical encryption and differential data secure transmission method, which comprises the following steps: Step one, editing operation data generated by at least two cooperative terminals aiming at the same design object is obtained and a composite differential unit is generated; Step two, determining a security level identification of the composite differential unit; Dividing the composite differential unit into a core segment, an associated segment and a verification segment; Step four, generating a dynamic layer key for the core segment and the associated segment and the check segment of the composite differential unit; Step five, performing hierarchical heterogeneous encryption processing and reversible disturbance processing, performing time window dislocation scheduling, and transmitting a transmission packet through a multi-logic transmission channel; step six, segment convergence, disturbance compensation and decryption and recombination and consistency verification are executed at the cooperative terminal; And step seven, updating the local design state of the collaborative terminal or generating a shadow design state according to the consistency verification result and preventing formal submission. The method comprises the steps of calculating the security score of the composite differential unit before determining the security level identification of the composite differential unit; and determining a corresponding security level identifier according to the security score of the composite differential unit. The method of the invention, wherein the calcu